Skip to main content
CVE-2026-10520 CRITICAL POC KEV THREAT NEWS Emergency

Remote code execution in Ivanti Sentry before R10.5.2, R10.6.2, and R10.7.1 allows unauthenticated remote attackers to achieve root-level command execution via OS command injection. With a maximum CVSS score of 10.0 and a network-accessible, no-interaction attack vector, this represents a critical exposure for any internet-facing Sentry appliance, though no public exploit has been identified at time of analysis.

RCE Ivanti Command Injection Sentry
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.2%
Threat
6.0
CVE-2026-10523 CRITICAL POC NEWS Emergency

Authentication bypass in Ivanti Sentry before R10.5.2, R10.6.2, and R10.7.1 allows remote unauthenticated attackers to create arbitrary administrative accounts and gain full administrative control of the appliance. Publicly available exploit code exists (watchTowr Labs PoC chained with CVE-2026-10520 for RCE), though it is not yet listed in CISA KEV; EPSS sits at a modest 0.31% (54th percentile) despite the critical CVSS 9.8 rating.

Authentication Bypass Ivanti Sentry
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
Threat
4.2
CVE-2026-42904 CRITICAL PATCH Act Now

Privilege elevation in the Windows TCP/IP networking stack allows an unauthenticated attacker on an adjacent network to gain elevated privileges by triggering a heap-based buffer overflow (CWE-122). The CVSS 9.6 score with scope change (S:C) indicates the compromise crosses security boundaries beyond the vulnerable component itself. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2017-20251 CRITICAL POC PATCH Monitor

WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP WordPress Code Injection
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-10263 CRITICAL POC NEWS Exploit Unlikely Act Now

Cross-exception-level write access in multiple Arm CPU cores including Cortex-A76 through Cortex-X925, Neoverse N1/N2/V1/V2/V3/V3AE, and C1-Ultra/Premium designs allows a lower-privileged context to modify resources owned by a higher exception level due to a race condition (CWE-362). Tracked also as Xen XSA-493 and EUVD-2025-210084, the issue carries a CVSS of 9.1 reflecting high confidentiality and integrity impact, though there is no public exploit identified at time of analysis and the EPSS score of 0.02% (4th percentile) indicates very low predicted exploitation probability.

Information Disclosure Race Condition C1 Ultra C1 Premium Neoverse V3 +17
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-47643 CRITICAL PATCH Act Now

Remote code execution in Microsoft Azure Stack Edge allows unauthenticated attackers to execute arbitrary code over the network by exploiting external control of file name or path (CWE-73). The CVSS 9.8 score reflects network-reachable, unauthenticated exploitation with high impact to confidentiality, integrity, and availability, and no public exploit identified at time of analysis. The vulnerability was reported by Microsoft Security Response Center (secure@microsoft.com) and is tagged as an authentication bypass affecting Azure Stack Edge appliances.

Authentication Bypass Microsoft Azure Stack Edge
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-47281 CRITICAL PATCH Act Now

Privilege escalation in Microsoft Visual Studio Code allows remote unauthenticated attackers to elevate privileges over a network when a victim performs a required interaction, due to improper input validation classified as missing authentication (CWE-306). The flaw carries a critical CVSS 9.6 score with scope change, meaning a successful attack impacts resources beyond the vulnerable component. No public exploit identified at time of analysis, but the user-interaction trigger combined with VS Code's massive developer install base makes this a notable supply-chain-adjacent risk.

Authentication Bypass Visual Studio Code
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-25089 CRITICAL POC NEWS Act Now

Unauthenticated OS command injection in Fortinet FortiSandbox (on-premise, Cloud, and PaaS variants) allows remote attackers to execute arbitrary operating system commands by sending specifically crafted HTTP requests to the management interface. The flaw carries a CVSS 9.8 rating with network-reachable, no-authentication, no-user-interaction characteristics, and no public exploit identified at time of analysis. Because FortiSandbox is a security-analysis appliance handling untrusted samples, compromise undermines the integrity of malware verdicts and downstream detections.

Fortinet Command Injection
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2026-48303 CRITICAL Act Now

Remote code execution in Adobe Campaign Classic (ACC) version 7.4.3 build 9394 and earlier allows unauthenticated network attackers to execute arbitrary code in the context of the current user with no user interaction required. The flaw stems from an Incorrect Authorization weakness (CWE-863) and carries the maximum CVSS 3.1 base score of 10.0 with changed scope, indicating impact beyond the vulnerable component. No public exploit identified at time of analysis, though the perfect CVSS score and authentication-bypass characteristics make this a high-priority patch for any organization running ACC for marketing automation.

Authentication Bypass Adobe RCE Campaign
NVD
CVSS 3.1
10.0
EPSS
0.5%
CVE-2026-47938 CRITICAL Act Now

Server-side request forgery in Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier escalates to arbitrary code execution in the context of the current user, with a maximum CVSS 10.0 reflecting unauthenticated network exploitation and scope change. No public exploit identified at time of analysis, but the vendor advisory APSB26-66 confirms the flaw and the trivial attack complexity (AC:L) combined with PR:N and UI:N makes ACC instances reachable from untrusted networks an urgent patch target. The scope change (S:C) indicates the SSRF pivots beyond the originating component, enabling reach into adjacent backend services typically isolated from external callers.

Adobe SSRF RCE
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-47928 CRITICAL Act Now

Remote code execution in Adobe ColdFusion 2023 (Update 17 and earlier) and ColdFusion 2025 (Update 8 and earlier) allows unauthenticated network attackers to execute arbitrary code in the context of the current user without any user interaction, with a scope change extending impact beyond the vulnerable component. The flaw stems from improper input validation (CWE-20) and carries a maximum CVSS 3.1 score of 10.0, though EPSS exploitation probability is currently only 0.04% (11th percentile) and SSVC reports no observed exploitation. No public exploit identified at time of analysis.

RCE Coldfusion
NVD VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-48030 CRITICAL PATCH GHSA Act Now

Authenticated remote code execution in Pheditor 2.0.1-2.0.3 lets any logged-in user with the default terminal permission bypass the TERMINAL_COMMANDS whitelist by injecting shell metacharacters into the unsanitized 'dir' POST parameter of pheditor.php, achieving full command execution as the web server user. Publicly available exploit code exists in the GitHub Security Advisory PoC, and the upstream commit confirms the root cause is missing escapeshellarg() on $dir before concatenation into shell_exec().

PHP RCE CSRF Command Injection
NVD GitHub
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-44748 CRITICAL NEWS Act Now

Signed XML message tampering in SAP NetWeaver Application Server ABAP and ABAP Platform allows authenticated low-privileged attackers to forge identity information by capturing a valid signed message and submitting modified signed XML documents that the verifier accepts. The scope-changing flaw (CVSS 9.9) enables unauthorized access to sensitive user data and disruption of normal operations across trust boundaries. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

SAP Authentication Bypass Jwt Attack
NVD VulDB
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-26142 CRITICAL PATCH NEWS Exploit Unlikely Act Now

Remote code execution in Nuance PowerScribe allows unauthenticated network attackers to run arbitrary code by submitting maliciously crafted serialized objects to the application. The flaw is a CWE-502 untrusted-data deserialization issue carrying a critical CVSS 9.8 score, reported through Microsoft Security Response Center; no public exploit identified at time of analysis. Because PowerScribe is a clinical radiology reporting platform widely deployed in hospital environments, successful exploitation could compromise systems handling protected health information.

Deserialization Nuance Powerscribe 360 Nuance Powerscribe One
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-47291 CRITICAL POC PATCH NEWS Exploit Likely Act Now

Remote code execution in Microsoft Windows HTTP.sys allows unauthenticated network attackers to execute arbitrary code by triggering an integer overflow that leads to heap-based memory corruption. The flaw carries a CVSS 9.8 rating reflecting network reachability, no privileges, and no user interaction, and impacts the kernel-mode HTTP listener used by IIS and any Windows service relying on the HTTP Server API. No public exploit has been identified at the time of analysis and CISA KEV does not list it, but the wormable profile of HTTP.sys flaws warrants urgent patching.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-5067 CRITICAL Act Now

Remote code execution and denial of service in Zephyr RTOS HTTP server (versions 3.7.0 through 4.3.0) allow unauthenticated network attackers to corrupt stack memory by sending a crafted Sec-WebSocket-Key header during WebSocket upgrade. The flaw is a CWE-170 improper NUL-termination issue where a bounded copy fails to terminate the header buffer, causing strlen() and subsequent concatenation to read and write past stack bounds. No public exploit identified at time of analysis, but the CVSS 9.8 rating and trivially reachable attack surface make this a high-priority issue for any Zephyr deployment with CONFIG_HTTP_SERVER_WEBSOCKET enabled.

Denial Of Service Buffer Overflow RCE Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-30141 CRITICAL Act Now

Remote code execution and denial-of-service in bitbank2 AnimatedGIF v2.2.0 arises from a buffer overflow in the DecodeLZW function when processing a crafted GIF file. SSVC data indicates a proof-of-concept exists and exploitation is automatable, though it is not listed in CISA KEV; with CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) the vulnerability is network-reachable wherever this library decodes attacker-supplied GIFs.

Denial Of Service Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-45657 CRITICAL PATCH NEWS Exploit Unlikely Act Now

Remote code execution in the Windows Kernel allows unauthenticated network attackers to execute arbitrary code by triggering a use-after-free condition (CWE-122 heap-related memory corruption). The flaw was reported by Microsoft (secure@microsoft.com) and carries a critical CVSS 9.8 with no public exploit identified at time of analysis. Tag metadata indicates the bug can also be leveraged for heap overflow and denial-of-service outcomes.

Denial Of Service Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-44815 CRITICAL PATCH NEWS Exploit Unlikely Act Now

Remote code execution in the Windows DHCP Client is possible when a stack-based buffer overflow (CWE-121) is triggered by a crafted DHCP server response, allowing an unauthorized network attacker to run arbitrary code with no user interaction. The flaw carries a CVSS 9.8 critical rating reflecting network reachability, low complexity, and full impact on confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Because the DHCP client runs early in the network stack on virtually every Windows host, successful exploitation grants attacker-controlled code execution in a highly privileged context.

Microsoft Stack Overflow Buffer Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-49841 CRITICAL PATCH Act Now

Heap buffer overflow in FreeSWITCH mod_verto prior to version 1.11.1 allows remote unauthenticated attackers to corrupt up to ~8 MiB of heap memory by sending a crafted HTTP POST request with an oversized Content-Length header. The flaw is triggered before HTTP basic-auth validation runs, enabling pre-authentication exploitation against any exposed mod_verto HTTP endpoint, with CVSS 9.8 reflecting potential for remote code execution; no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Freeswitch
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-41855 CRITICAL PATCH Act Now

Unsafe JSON deserialization in Spring Framework's JMS message converters (MappingJackson2MessageConverter and JacksonJsonMessageConverter) lets an attacker who controls JMS message content instantiate arbitrary classes, enabling gadget-chain attacks that can escalate to unauthorized actions or remote code execution. It affects Spring Framework 5.3.0-5.3.48, 6.1.0-6.1.27, 6.2.0-6.2.18, and 7.0.0-7.0.7 when applications consume messages from an untrusted JMS source. There is no public exploit identified at time of analysis, and despite a 9.8 CVSS the EPSS probability is only 0.04% and CISA SSVC rates exploitation as 'none'.

Deserialization Java Spring Framework
NVD HeroDevs VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-36721 CRITICAL Act Now

A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.

Authentication Bypass Jwt Attack
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-38615 CRITICAL Act Now

DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php.

PHP Command Injection
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-46325 CRITICAL PATCH Act Now

Memory corruption in the Linux kernel's RDMA Soft-RoCE (rxe) driver allows incorrect iova-to-virtual-address translation when Memory Region (MR) page sizes differ from the system PAGE_SIZE, leading to access of wrong memory pages during RDMA operations. The flaw affects kernels from 6.3 through pre-6.18.14 / pre-6.19.4 / pre-7.0 patched releases, and a related kernel panic was previously reported by Yi Zhang. EPSS is 0.02% (4th percentile) and no public exploit identified at time of analysis, but a patch is available from upstream.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-9698 CRITICAL PATCH Act Now

Stack-based buffer overflow in Perl DBI module versions prior to 1.648 allows attackers who can influence database error message content to corrupt memory via a fixed 200-byte stack buffer used during error formatting. The flaw is triggered when applications enable RaiseError, PrintError, or HandleError handlers - a near-universal configuration in production Perl database code. No public exploit identified at time of analysis, and EPSS rates exploitation probability at just 0.02% despite the CVSS 9.8 rating.

Memory Corruption Buffer Overflow Dbi
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-10045 CRITICAL Act Now

Hardcoded credentials and default-enabled telnet on the Shenzhen Kangda Xin DR300 router (firmware 2.1.2.121) allow remote unauthenticated attackers to gain full administrative access over both WAN and LAN interfaces. With CVSS 9.8 and SSVC indicating proof-of-concept exploit code with total technical impact, attackers can read/write device memory, modify flash-resident firmware, and enumerate connected devices and active connections. No CISA KEV listing exists, but publicly available exploit code exists and the issue is automatable.

Information Disclosure Dr300
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-8025 CRITICAL Act Now

Remote SQL injection in MOSK Information Technologies CBS Platform (versions through 09062026) allows unauthenticated attackers to inject arbitrary SQL commands over the network without user interaction, yielding full confidentiality, integrity, and availability impact (CVSS 9.8). The vendor confirmed to TR-CERT that the product is no longer supported, so no official fix will be issued. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

SQLi Cbs Platform
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-7486 CRITICAL PATCH Act Now

SQL injection in Netcad Software's E-İmar urban planning/permit management platform (versions 2.10.1.0 through 3.0.2) allows remote unauthenticated attackers to manipulate backend database queries via crafted input. The CVSS 9.8 rating reflects network-reachable exploitation with no authentication or user interaction required, leading to full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis, but the disclosure by Turkey's national CERT (TR-CERT) indicates coordinated vendor notification.

SQLi E I Mar
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-27671 CRITICAL NEWS Act Now

Unauthenticated remote memory corruption in the SAP Kernel of SAP NetWeaver Application Server ABAP and ABAP Platform allows attackers to compromise confidentiality, integrity, and availability by sending crafted RFC requests that trigger logical errors in memory management. The CVSS 9.8 score reflects network-reachable, no-privileges, no-interaction exploitation against a foundational SAP component, though no public exploit identified at time of analysis and exploitation status beyond the vendor disclosure is not confirmed in CISA KEV.

SAP Stack Overflow Buffer Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-11651 CRITICAL PATCH Act Now

Remote code execution in Google Chrome's Network component before version 149.0.7827.103 allows a remote attacker to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free (CWE-416) classified High severity by Chromium with a CVSS 9.6 due to scope change and user-interaction prerequisite. No public exploit identified at time of analysis, but a vendor patch is already shipped via the Stable channel update.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11671 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome before 149.0.7827.103 allows a remote attacker to break out of the renderer sandbox through a use-after-free in the Navigation component when a victim visits a crafted HTML page. The CVSS 9.6 score reflects a scope-changing impact on confidentiality, integrity, and availability with only user interaction (visiting a page) required, and no public exploit was identified at time of analysis.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11654 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome for Mac (versions prior to 149.0.7827.103) stems from a use-after-free condition in the CameraCapture component, enabling a remote attacker to break out of the renderer sandbox via a crafted HTML page. With a CVSS of 9.6 (scope-changed, high impact across CIA) and an upstream fix released by Google, the bug carries high severity but requires user interaction to load the malicious page; no public exploit identified at time of analysis.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11638 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 enables remote attackers to break out of the browser's renderer sandbox via a crafted HTML page that triggers a use-after-free in the Printing component. Chromium rated this issue Critical severity, and the CVSS scope change (S:C) confirms the sandbox boundary is crossed; no public exploit identified at time of analysis, but the attack only requires the victim to load attacker-controlled content.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11634 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.103 allows remote attackers to exploit a use-after-free flaw in the Gamepad component via a crafted HTML page, requiring only that a victim visit a malicious site. Chromium rates this Critical severity and the CVSS score of 9.6 reflects scope change (sandbox escape) with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, but the bug class and Critical Chromium rating make it a high-priority browser patch.

Google Memory Corruption Use After Free Microsoft Denial Of Service +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11697 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome prior to 149.0.7827.103 allows a remote attacker to break out of the browser's renderer sandbox via a crafted HTML page that exploits insufficient input validation in the UI layer. The scope-changing CVSS 9.6 reflects that successful exploitation crosses the sandbox security boundary, though user interaction (visiting a malicious page) is required. No public exploit identified at time of analysis and the issue is not currently listed in CISA KEV, but Google rates the underlying Chromium severity as High.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11659 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Linux prior to 149.0.7827.103 can be triggered by an integer overflow in the browser's UI component when a victim visits a crafted HTML page. Rated CVSS 9.6 with scope change, this issue allows a remote attacker to break out of the Chrome renderer sandbox after one click or navigation, though no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Google Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-47932 CRITICAL Act Now

Security feature bypass in Adobe ColdFusion 2023 (through Update 19) and ColdFusion 2025 (through Update 8) allows remote attackers to read files outside intended directories via a path traversal flaw, with a scope change that extends impact beyond the vulnerable component. Exploitation requires the victim to open a malicious file, and no public exploit identified at time of analysis; EPSS is low (0.02%) but CVSS is 9.6 due to the scope change and high CIA impact.

Path Traversal Coldfusion
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-44963 CRITICAL PATCH Act Now

Remote code execution in Veeam Backup & Replication enables an authenticated domain user to execute arbitrary code on the Backup Server, with CVSS 4.0 score of 9.4 reflecting high impact across confidentiality, integrity, and availability of both the vulnerable component and downstream systems. The vulnerability is tagged as a deserialization flaw (CWE-502), and while no public exploit is identified at time of analysis, the low attack complexity and only-low-privilege requirement make this a high-priority patching event for any environment running Veeam in a domain-joined configuration.

Deserialization RCE Backup And Replication
NVD VulDB
CVSS 4.0
9.4
EPSS
0.6%
CVE-2026-41031 CRITICAL PATCH Act Now

Stored cross-site scripting in Vinna Process Monitor 4.0 Service Pack 1 (Build 63255) allows authenticated low-privilege users to inject persistent JavaScript that executes in other users' browsers, enabling theft of administrative session tokens and credentials. The CVSS 4.0 score of 9.3 reflects the cross-scope impact whereby a low-privileged attacker can escalate to administrative control. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

XSS Vinna Process Monitor
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-46316 CRITICAL PATCH Act Now

Use-after-free in the KVM arm64 vGIC-ITS translation cache allows a malicious guest to corrupt host kernel memory by triggering concurrent cache invalidations that double-drop a single reference. The flaw affects Linux 6.10 and later until the stable backports, has no public exploit identified at time of analysis, and EPSS rates real-world exploitation probability as very low (0.02%, 5th percentile) despite the CVSS 9.3 rating.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-10731 CRITICAL PATCH Act Now

Unauthenticated SQL injection in Nemon Trade Energy and Nemon Trade Energy CRM allows remote attackers to execute arbitrary SQL queries through the 'two_steps_auth_code' parameter on the '/user-login' endpoint. The 2FA verification flow is reachable without prior authentication, enabling full database compromise; no public exploit identified at time of analysis, but a vendor patch is available per the INCIBE advisory.

SQLi Nemon Trade Energy Nemon Trade Energy Crm
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-45602 CRITICAL PATCH Exploit Unlikely Act Now

Remote tampering in Microsoft Windows DHCP Server allows unauthenticated network attackers to manipulate critical data with high confidentiality and integrity impact, as reflected by the 9.1 CVSS score. The vulnerability is reachable over the network without privileges or user interaction, and no public exploit identified at time of analysis. The combination of authentication bypass tagging and DHCP's role as a core network infrastructure service makes this a high-priority issue for any Windows environment running the DHCP Server role.

Authentication Bypass Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-49840 CRITICAL PATCH Act Now

Heap corruption in FreeSWITCH libesl prior to version 1.11.1 allows a malicious or man-in-the-middle Event Socket Library (ESL) peer to crash or corrupt the memory of any process linked against libesl by sending a frame containing a negative Content-Length header. The flaw is pre-authentication and reachable before the client completes authentication to the peer, and no public exploit identified at time of analysis despite a CVSS of 9.1.

Denial Of Service Freeswitch
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-47931 CRITICAL Act Now

Arbitrary code execution in Adobe ColdFusion 2023 (through update 19) and 2025 (through update 8) lets an attacker who already holds high-privilege access run code in the context of the current user without any user interaction. The flaw stems from improper input validation (CWE-20) and carries a scope-changed CVSS 9.1, meaning impact can extend beyond the vulnerable component. There is no public exploit identified at time of analysis, EPSS is low (0.04%), and CISA SSVC currently rates exploitation as none, so this is a high-severity but not-yet-exploited issue requiring proactive patching.

RCE Coldfusion
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-36727 CRITICAL Act Now

Authentication bypass in bookcars v8.3 lets remote unauthenticated attackers forge JWT tokens against the /api/social-sign-in endpoint to impersonate arbitrary users. The flaw carries a CVSS 9.1 rating with no public exploit identified at time of analysis, though a third-party vulnerability writeup is referenced on GitHub. EPSS is very low (0.02%, 7th percentile), suggesting limited mass-scanning interest despite the high severity.

Authentication Bypass N A
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-47929 CRITICAL Act Now

Privilege escalation and arbitrary code execution in Adobe ColdFusion 2023 (Update 17 and earlier) and 2025 (Update 8 and earlier) allows a high-privileged remote attacker to bypass authorization controls and execute code in the context of the current user. The flaw is a CWE-863 incorrect-authorization issue with a scope change, raising CVSS to 9.1, but no public exploit identified at time of analysis and EPSS is low (0.02%, 6th percentile). Adobe disclosed the issue via APSB26-64 and a vendor patch is available.

Authentication Bypass RCE Coldfusion
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-34182 CRITICAL PATCH NEWS Act Now

Pre-NVD disclosure via GitHub release 'OpenSSL 4.0.1' (openssl/openssl). OpenSSL 4.0.1 is a security patch release. The most severe CVE fixed in this release is High. This release incorporates the following bug fixes and mitigations: * Fixed heap use-after-free in `PKCS7_verify()`. ([CVE-2026-45447]) * Fixed CMS `AuthEnvelopedData` processing may accept forged messages. ([CVE-2026-34182]) * Fixed unbounded memory growth in the QUIC `PATH_CHALLENGE` handler. ([CVE-2026-34183]) * Fixed double-free when checking OCSP stapled respo

OpenSSL Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-40128 CRITICAL NEWS Act Now

Path traversal in SAP NetWeaver Application Server Java's Web Container allows unauthenticated remote attackers to manipulate file inclusion parameters within crafted HTTP logon requests, leading to inclusion and processing of arbitrary local files. Successful exploitation can expose or modify sensitive data and render portions of the server unavailable, with no public exploit identified at time of analysis but a CVSS of 9.0 reflecting full CIA impact with scope change.

Path Traversal SAP Java
NVD VulDB
CVSS 3.1
9.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy