Skip to main content
CVE-2026-41732 HIGH PATCH This Week

Insecure deserialization in Spring for Apache Pulsar's JsonPulsarHeaderMapper allows remote attackers to bypass trusted-package controls and potentially trigger arbitrary Java object instantiation through Pulsar message headers. The flaw stems from a prefix-based package match plus an unsafe empty-allow-list default, affecting versions 1.1.0-1.1.17, 1.2.0-1.2.17, and 2.0.0-2.0.5. No public exploit identified at time of analysis, but the CVSS 8.1 rating and CWE-502 classification place this firmly in the high-impact Java deserialization category that has historically yielded remote code execution.

Deserialization Apache Java Spring For Apache Pulsar
NVD HeroDevs VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-41731 HIGH PATCH GHSA This Week

Unsafe deserialization in Spring for Apache Kafka (versions 2.8.0-4.0.5 across multiple branches) allows a malicious Kafka producer to send crafted message headers that cause downstream consumers to instantiate arbitrary JDK types via Jackson. The flaw stems from a prefix-based trusted-packages check in JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper, which silently extends trust to every subpackage. No public exploit identified at time of analysis, but the bug class (CWE-502 with Jackson default typing) has a long history of leading to remote code execution in Spring/Java ecosystems.

Deserialization Apache Java Spring For Apache Kafka
NVD HeroDevs VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-45569 HIGH This Week

Path traversal in Roxy-WI versions 8.2.6.4 and prior allows authenticated remote attackers to read arbitrary configuration files via the config_file_name and configver parameters. The vendor's attempted fix in commit d4d10006 is ineffective due to a logic error - it uses Python tuple-membership instead of substring containment - leaving all realistic '../' payloads unblocked, with no public exploit identified at time of analysis.

Path Traversal Nginx Apache
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-0274 HIGH PATCH This Week

Improper credential validation in the CommvaultSecurityIQ integration for Palo Alto Networks Cortex XSOAR and Cortex XSIAM allows remote attackers to read and modify protected resources without authentication. The CVSS 4.0 base score of 8.1 reflects high impact to confidentiality, integrity, and availability across a network-reachable attack surface, though no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Information Disclosure Cortex Xsiam Commvaultsecurityiq Marketplace Cortex Xsoar Commvaultsecurityiq Marketplace
NVD VulDB
CVSS 4.0
8.1
EPSS
0.0%
CVE-2026-41729 HIGH PATCH This Week

Server-Side Expression Language (SpEL) injection in Spring Data REST allows authenticated remote attackers to execute arbitrary expressions by sending JSON Patch requests targeting Map-typed entity properties. Affected versions span 3.7.0 through 5.0.5, and successful exploitation yields high confidentiality and integrity impact (CVSS 8.1). No public exploit identified at time of analysis, but the low attack complexity and network reachability make this a credible threat to any exposed REST repository accepting application/json-patch+json.

Code Injection Java Spring Data Rest
NVD HeroDevs
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-47838 HIGH PATCH This Week

Authentication bypass via X.509 certificate impersonation in Spring Security affects versions 5.7.0-5.7.24, 5.8.0-5.8.26, 6.3.0-6.3.17, 6.4.0-6.4.17, and 6.5.0-6.5.10, where the SubjectDnX509PrincipalExtractor mishandles malformed Common Name (CN) values and resolves the principal to the wrong identity. An attacker holding a carefully crafted client certificate can authenticate as a different legitimate user, gaining their privileges. No public exploit identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects no observed exploitation activity.

Authentication Bypass Java Spring Security
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-48060 HIGH PATCH GHSA This Week

Cross-Site Scripting in Litestar Python web framework versions prior to 2.22.0 allows remote attackers to execute arbitrary JavaScript in victim browsers by poisoning the csrftoken cookie, whose contents are rendered into HTML templates without escaping when the documented csrf_input helper is used. Publicly available exploit code exists via the GitHub Security Advisory GHSA-542p-wvx7-72m4, which includes two working proof-of-concept applications. The flaw only manifests in applications that combine a template engine (Jinja, Mako, MiniJinja) with CSRF protection and the recommended hidden CSRF input field pattern.

XSS Python CSRF
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-45565 HIGH This Week

Path traversal bypass in Roxy-WI versions 8.2.6.4 and earlier allows authenticated remote attackers to escape input sanitization in the EscapedString Pydantic validator and inject shell metacharacters alongside '..' sequences. The flaw stems from a flawed if/elif/elif/else control flow that strips metacharacters without re-enforcing the '..' block, and the result is never shlex-quoted before reaching downstream command contexts. No public exploit identified at time of analysis, and no vendor-released patch identified at time of analysis.

Information Disclosure Nginx Apache
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-2049 HIGH PATCH This Week

Arbitrary code execution in GIMP via malicious HDR (High Dynamic Range) image files allows attackers to run code in the context of the user opening the file. The flaw is a heap-based buffer overflow (CWE-122) in the HDR parser, requiring the victim to open a crafted file or visit a malicious page that delivers one. No public exploit identified at time of analysis, but the vulnerability was reported through ZDI (ZDI-CAN-28618) indicating verified researcher analysis.

RCE Heap Overflow Buffer Overflow Gimp
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-45257 HIGH This Week

Page-cache corruption in FreeBSD's kTLS-RX subsystem (CVE-2026-45257 / FreeBSD-SA-26:26.kTLS) enables an unprivileged local user to overwrite arbitrary bytes in the backing physical page of any world-readable file, including SUID-root binaries, by exploiting in-place AES-GCM decryption running directly over sendfile(2)-produced EXTPG mbufs via the kernel direct map (DMAP). The write bypasses the VFS layer entirely, defeating file permissions, mount options, and chflags schg immutable flags - making this the FreeBSD functional equivalent of Linux CVE-2022-0847 (Dirty Pipe). A public exploit (bumsrakete.c) is included in the oss-security disclosure and achieves reliable root LPE in approximately 1.5 seconds on default FreeBSD 13.0 through 15.0 on amd64, arm64, and riscv; no public KEV listing has been identified at time of analysis.

Authentication Bypass Freebsd
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50567 HIGH PATCH This Week

Path traversal in Fission Kubernetes serverless framework prior to version 1.25.0 allows authenticated tenants to write files outside the intended extraction directory by submitting a crafted package archive. The fetcher sidecar (fission-fetcher) processes attacker-controlled Package.Spec.Source.URL or Deployment.URL archives via Unarchive in pkg/utils/zip.go, where filepath.Join was used without verifying the resolved path stayed under the destination, enabling cross-tenant file overwrite, tampering with mounted secret/config volumes, or overwriting the fetcher binary itself. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Path Traversal Kubernetes
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-47701 HIGH PATCH GHSA This Week

Service account token disclosure in OpenTelemetry Operator's TargetAllocator (versions prior to 0.152.0) allows a tenant with ServiceMonitor write permissions in a watched namespace to exfiltrate the OpenTelemetry Collector pod's mounted Kubernetes service account JWT or any other file on the Collector's filesystem. By setting the bearerTokenFile field on a ServiceMonitor to an arbitrary path (such as /var/run/secrets/kubernetes.io/serviceaccount/token) and pointing the scrape target to an attacker-controlled endpoint, the Collector reads the file and ships its contents as an Authorization: Bearer header on every scrape interval. No public exploit is identified at the time of analysis, though the technique mirrors a well-known Prometheus Operator primitive (ArbitraryFSAccessThroughSMs).

Information Disclosure Kubernetes
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-49823 HIGH PATCH GHSA This Week

Cross-namespace access control bypass in Fission prior to 1.24.0 allows an authenticated tenant to reference Package objects belonging to other Kubernetes namespaces because the admission webhook validated namespaces for Secret and ConfigMap references but omitted the equivalent check for PackageRef.Namespace. A low-privileged user with rights to create Function objects in their own namespace can therefore reach Package contents in arbitrary namespaces, producing a scope-changing confidentiality breach (CVSS 7.7, S:C, C:H). No public exploit identified at time of analysis; not listed in CISA KEV.

Authentication Bypass Kubernetes
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-49822 HIGH PATCH GHSA This Week

Cross-namespace information disclosure in Fission prior to 1.24.0 allows a low-privilege developer with namespace-scoped permissions to create a KubernetesWatchTrigger (KWT) that establishes a persistent watch channel against Kubernetes resources in any other namespace, breaking the platform's tenancy boundary. The flaw stems from missing namespace-equality enforcement in the kubewatcher controller, which honored an attacker-supplied Spec.Namespace value and even treated an empty value as cluster-wide visibility. No public exploit identified at time of analysis, but the upstream fix (PR #3379, merged into v1.24.0) and detailed advisory GHSA-gc3j-79f2-7vvw confirm the defect class.

Authentication Bypass Kubernetes
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-49821 HIGH PATCH GHSA This Week

Cross-namespace package reference flaw in Fission prior to version 1.24.0 allows an authenticated tenant to point a Package CRD at an Environment in another namespace, because the buildermgr controller never verified that Package.spec.environment.namespace matched Package.metadata.namespace. With CVSS 7.7 and a scope-changed confidentiality impact, a low-privileged user in one namespace can cause the controller to read and build against environment resources belonging to other tenants. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Information Disclosure Kubernetes
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-20252 HIGH PATCH This Week

Server-side request forgery in Splunk Enterprise (below 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform lets a low-privileged authenticated user coerce the Dashboard Studio PDF export feature into issuing HTTP requests to arbitrary internal destinations. The flaw stems from a flawed prefix-match on trusted domains plus uncritical redirect-following by the PDF export service. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

SSRF Splunk Splunk Enterprise Splunk Cloud Platform
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-42558 HIGH This Week

Stored cross-site scripting in Xibo CMS prior to 4.4.2 allows authenticated users with elevated DataSet privileges to chain a Stored XSS with an iframe sandbox escape via the Data Connector functionality, executing script in another user's browser context. Scope-changed impact (S:C) with high confidentiality loss means a low-privileged-but-trusted operator can compromise an admin session viewing the affected dataset content. No public exploit identified at time of analysis and the issue is not on the CISA KEV list.

Microsoft XSS
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-6893 HIGH This Week

Root command injection in dracut's legacy DHCP path allows adjacent-network attackers to execute arbitrary commands inside the initramfs by sending crafted DHCP options (e.g., malicious hostname) that are written unescaped into temporary shell scripts. The flaw affects Red Hat Enterprise Linux 6 through 10, Red Hat Hardened Images, and OpenShift Container Platform 4, granting full system compromise during early boot. No public exploit identified at time of analysis, and EPSS is low (0.16%, 36th percentile), but SSVC rates technical impact as total.

Command Injection RCE Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +4
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-45541 HIGH This Week

Remote denial-of-service in Espressif ESP-IDF's esp_http_server WebSocket handshake allows unauthenticated attackers to crash IoT devices by sending a malformed Sec-WebSocket-Protocol header. The flaw (CWE-476 NULL-pointer dereference) is triggered pre-authentication during subprotocol negotiation and affects ESP-IDF 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0; no public exploit identified at time of analysis, though upstream commits disclose the exact vulnerable code path.

Denial Of Service Null Pointer Dereference Esp Idf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-52726 HIGH POC PATCH GHSA This Week

Arbitrary code execution in Dulwich (pure-Python Git implementation) versions 0.23.2 through 1.2.4 allows a malicious upstream repository to drop executable files into a victim's .git/hooks/ directory during a recursive clone or submodule update. When the victim subsequently runs any git or dulwich command that invokes the planted hook, the attacker's code executes with the victim's privileges. No public exploit identified at time of analysis, though the technique mirrors the well-documented upstream Git flaws CVE-2024-32002 and CVE-2024-32004.

Path Traversal Python RCE Suse Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42542 HIGH PATCH This Week

Remote unauthenticated denial-of-service in TDengine versions 3.4.0.0 through 3.4.1.5 allows attackers to crash the taosd server process by sending a single crafted RPC packet, with no credentials or prior session state required. The flaw is a CWE-191 integer underflow (vendor tags also reference Integer Overflow) in RPC packet handling, fixed in version 3.4.1.6. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Integer Overflow Denial Of Service Tdengine
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-48110 HIGH PATCH GHSA This Week

Denial of service in Russh (Rust SSH client/server library) versions 0.34.0 through 0.60.x allows remote SSH peers to trigger excessive memory allocation by sending oversized, high-fanout, or malformed length-prefixed SSH strings, name-lists, and byte fields before field-specific bounds checks are applied. The flaw affects both client and server message handlers and impacts availability only (CVSS 7.5, C:N/I:N/A:H). No public exploit identified at time of analysis.

Information Disclosure Russh
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-53114 HIGH PATCH GHSA This Week

Denial of service in CometD Java server (versions 5.0.0-5.0.22, 6.0.0-6.0.18, 7.0.0-7.0.18, 8.0.0-8.0.8) allows a single remote unauthenticated client to exhaust server memory by repeatedly sending /meta/connect messages with a fixed ack value while the acknowledgement extension is enabled, causing the unacknowledged message queue to grow without bound and triggering an OutOfMemoryError. The CVSS 7.5 score reflects high availability impact with no confidentiality or integrity impact, and no public exploit identified at time of analysis, though the GitHub Security Advisory GHSA-cqgj-h8vf-4w59 provides clear protocol-level reproduction details.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-53461 HIGH PATCH GHSA This Week

Out-of-bounds heap write in ImageMagick's ICON decoder allows remote attackers to crash the application by supplying a maliciously crafted ICON file processed by versions prior to 6.9.13-50 and 7.1.2-25. The flaw stems from an incorrect loop condition during ICON parsing, leading to memory corruption and denial of service. No public exploit identified at time of analysis, but ImageMagick's broad deployment as an image-processing backend in web applications makes drive-by exposure plausible.

Memory Corruption Buffer Overflow Imagemagick
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-53460 HIGH PATCH GHSA This Week

Denial of service in ImageMagick prior to 6.9.13-50 and 7.1.2-25 allows remote attackers to trigger an out-of-memory condition by submitting crafted images that bypass memory request validation in the AcquireAlignedMemory routine. The CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) vector reflects unauthenticated network exploitability with high availability impact but no confidentiality or integrity loss. No public exploit identified at time of analysis, and the issue is not present on the CISA KEV list.

Denial Of Service Imagemagick
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-41716 HIGH PATCH This Week

Denial-of-service in Spring Data Commons (versions 2.7.0-4.0.5) allows remote unauthenticated attackers to exhaust JVM heap memory by repeatedly submitting unique property-name strings that are permanently retained in an internal property-lookup cache. The flaw maps to CWE-770 (Allocation of Resources Without Limits or Throttling) and carries a CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) reflecting purely availability impact. No public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Denial Of Service Java Spring Data Commons
NVD HeroDevs
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-41695 HIGH This Week

Denial of service in Spring Data Commons 3.4.x, 3.5.x, and 4.0.x allows remote unauthenticated attackers to exhaust server resources by supplying crafted property path strings that the MappingContext resolves inefficiently. The flaw is reachable wherever applications expose property path parsing to untrusted input, and with CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) it is trivially triggerable, though no public exploit identified at time of analysis and the issue is not on the CISA KEV list.

Denial Of Service Java Spring Data Commons
NVD VulDB HeroDevs
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-40988 HIGH PATCH This Week

Denial of service in Spring Security's SAML 2.0 service provider module allows remote unauthenticated attackers to exhaust application memory by submitting a maliciously compressed SAML payload over the REDIRECT binding. The flaw stems from an unbounded inflater that decompresses attacker-controlled data without size limits, enabling a classic decompression-bomb attack against any Spring application using SAML Login or Logout. No public exploit identified at time of analysis, but the network-reachable, no-authentication CVSS profile (7.5 High) makes this a near-term patching priority for SAML-enabled deployments.

Denial Of Service Java Spring Security
NVD VulDB HeroDevs
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46541 HIGH This Week

Denial-of-service in Nimiq core-rs-albatross (Rust implementation of the Albatross Proof-of-Stake consensus) prior to version 1.4.0 allows a malicious DHT node to suppress all valid DHT GET responses for a query by being the first to reply with an unverifiable record. Because the DhtResults accumulator is only created after the first record passes verification, a single bad first response causes subsequent valid records to be discarded as 'DHT inconsistent state', breaking peer/validator discovery. No public exploit identified at time of analysis, but the patch and full root cause are public in PR #3707.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-41728 HIGH PATCH This Week

Authorization bypass in Spring Data REST's JSON Patch handler allows remote unauthenticated attackers to modify protected entity fields by routing writes through intermediate path segments of a multi-segment JSON Pointer. The flaw affects Spring Data REST 3.7.x through 5.0.5 and carries a CVSS 7.5 (high) integrity-only impact; no public exploit has been identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Java Spring Data Rest
NVD HeroDevs
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-48860 HIGH PATCH This Week

Authentication bypass in Erlang/OTP's TLS distribution module (inet_tls_dist) lets any attacker holding a TLS certificate signed by a CA in the node's trust store gain full Erlang distribution access, including remote code execution via rpc:call/4 and code:load_binary/3. The flaw stems from check_ip/1 inspecting the local socket address (inet:sockname/1) instead of the peer's address (inet:peername/1), so the LAN-allowlist subnet comparison always matches. No public exploit identified at time of analysis, but the one-line root cause is fully disclosed in the upstream fix commit.

Authentication Bypass Otp Suse Red Hat
NVD GitHub VulDB
CVSS 4.0
7.5
EPSS
0.0%
CVE-2026-53475 HIGH This Week

Credential interception in kubev2v assisted-migration-agent allows network-positioned attackers to harvest vCenter administrator credentials because the agent's vCenter client establishes TLS connections with certificate verification effectively disabled by default. The flaw, reported by Red Hat and tracked as EUVD-2026-36032, has no public exploit identified at time of analysis and an EPSS score of 0.01% (percentile 1%), but successful MITM exploitation yields full administrative access to the targeted vCenter.

Authentication Bypass VMware Assisted Migration Agent
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-53694 HIGH PATCH This Week

Argument injection in NoMachine remote desktop software before versions 9.5.7 and 8.23.2 allows a local authenticated user to inject command-line arguments and achieve high-impact compromise of confidentiality, integrity, and availability on the host. The flaw is tracked as CWE-88 (Improper Neutralization of Argument Delimiters), reported by CIRCL, and at the time of analysis there is no public exploit identified.

Code Injection Nomachine
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-11837 HIGH This Week

Local privilege escalation in the ansible.posix collection's authorized_key module allows an unprivileged local user to redirect root-owned file ownership changes to arbitrary system paths via symlink attacks in ~/.ssh. The module's keyfile() function calls os.chown() instead of os.lchown() and omits O_NOFOLLOW when opening files, so a pre-staged symlink is followed during privileged execution. No public exploit identified at time of analysis, but the technique is a well-understood TOCTOU/symlink class with a moderate-to-high CVSS (7.3).

Privilege Escalation
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-47253 HIGH PATCH GHSA This Week

Arbitrary directory deletion in julien040/anyquery 0.4.4 and earlier allows an authenticated low-privileged bearer-token holder to delete any directory accessible to the server process by submitting a SQL query that invokes clear_plugin_cache with a path-traversal payload. The flaw stems from path.Join silently resolving '..' segments before os.RemoveAll, and publicly available exploit code exists in the GitHub Security Advisory GHSA-j9rx-rppg-6hh4. Verified impact includes irreversible deletion of files outside the intended $XDG_CACHE_HOME/anyquery/plugins/ cache root, producing data loss and denial of service.

Python Docker Denial Of Service Path Traversal
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-6090 HIGH PATCH This Week

Privilege escalation in Lenovo Smart Connect for Windows allows a local authenticated user to bypass authentication checks and execute arbitrary code with elevated privileges. The flaw stems from an authentication bypass weakness (CWE-290) in the Windows client and carries a CVSS 4.0 score of 7.3. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

RCE Microsoft Authentication Bypass Lenovo
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-9758 HIGH PATCH This Week

Improper certificate trust validation in Systerel S2OPC allows remote attackers to have well-formed but untrusted X.509 certificates accepted as trusted, undermining the OPC UA secure channel authentication model. CVSS 7.3 reflects network-reachable, unauthenticated exploitation with low impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. The flaw is reported by GitLab and tracked in Systerel's public issue tracker, with no CISA KEV listing.

Information Disclosure S2Opc
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-53738 HIGH This Week

Broken authorization in the Copy & Delete Posts WordPress plugin through 1.5.4 lets any authenticated user assigned a plugin-enabled (non-admin) role invoke every operation exposed by the cdp_action_handling AJAX endpoint, enabling post deletion and plugin-setting tampering. The flaw stems from a missing per-function capability check that the dispatcher should enforce based on the f parameter. No public exploit identified at time of analysis and the CVE is not on CISA KEV.

Authentication Bypass Copy Delete Posts
NVD
CVSS 4.0
7.2
EPSS
0.0%
CVE-2026-25700 HIGH This Week

Privilege persistence in Apache Answer through version 2.0.0 allows suspended, deleted, or deactivated administrator accounts to retain access to administrative APIs because previously issued tokens are not invalidated upon account state change. The flaw requires high-privilege access to obtain a token initially and carries a CVSS 7.2 with full confidentiality, integrity, and availability impact; no public exploit identified at time of analysis and SSVC marks exploitation as none.

Information Disclosure Apache Apache Answer
NVD VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-40993 HIGH PATCH This Week

Insecure deserialization in Spring Security 7.0.0 through 7.0.5 allows an attacker with write access to the saml2_asserting_party_metadata database table to store malicious serialized Java payloads in the verification_credentials or encryption_credentials columns, leading to code execution when the JdbcAssertingPartyMetadataRepository deserializes them. The flaw affects deployments using the JDBC-backed SAML 2.0 asserting-party metadata repository introduced in the Spring Security 7.x line. No public exploit identified at time of analysis and EPSS is very low (0.01%), but CVSS rates impact as High due to full confidentiality, integrity, and availability loss on the application.

Deserialization Java Spring Security
NVD VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2022-26758 HIGH PATCH This Week

A malicious application may cause unexpected changes in memory shared between processes. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Buffer Overflow Apple Race Condition
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-53689 HIGH PATCH This Week

Heap memory corruption in libnfs through 6.0.2 allows a malicious NFS server to trigger an integer overflow in the client's XDR string deserializer when a victim connects to it. The flaw resides in libnfs_zdr_string in lib/libnfs-zdr.c, which failed to validate that an attacker-controlled string size fit within the remaining buffer. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Buffer Overflow Libnfs Suse
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-48856 HIGH PATCH This Week

Credential leakage in Erlang/OTP's inets httpc client (versions 17.0 through 29.0.2, 28.5.0.2, and 27.3.4.13) allows attacker-controlled servers to harvest Authorization and Proxy-Authorization headers by issuing cross-origin 3xx redirects. Because httpc_response:redirect/2 only updates the host field and copies all other headers verbatim - and autoredirect defaults to true - any httpc caller using HTTP Basic auth or URL userinfo silently forwards credentials to the redirect target. No public exploit identified at time of analysis, but the fix has been published upstream and tagged in vendor-released OTP patch versions.

Information Disclosure Open Redirect Otp Suse
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-53674 HIGH This Week

Regex injection in BuddyPress 14.4.0's activity mention resolver allows authenticated WordPress users to manipulate a REGEXP clause against the users table when username compatibility mode is enabled, enabling boolean-based username inference and denial of service via catastrophic backtracking. CVSS 4.0 scores this 7.1 with low confidentiality impact and high availability impact, reflecting the dual data-leakage and DoS outcomes. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service Nosql Injection
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-45542 HIGH This Week

Heap buffer overflow in Espressif ESP-IDF's protocomm component allows adjacent-network attackers to corrupt heap memory during the SRP6a (Security Scheme 2) session-setup handshake on affected IoT devices running ESP-IDF 5.2.6, 5.3.5, 5.4.4, 5.5.4, or 6.0. The flaw stems from a type-width mismatch in handle_session_command0() that trusts the client-supplied protobuf username length, enabling denial of service and potential integrity impact on provisioning interfaces. No public exploit identified at time of analysis; patches are available in 5.2.7, 5.3.6, 5.4.5, 5.5.5, and 6.0.1.

Heap Overflow Buffer Overflow Esp Idf
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-49396 HIGH PATCH GHSA This Week

Cross-site request forgery in the Nezha monitoring dashboard (versions >= 1.0.0, < 2.0.14) allows remote attackers to force a logged-in user's browser to trigger any of the victim's existing cron tasks via a GET navigation to /api/v1/cron/:id/manual, causing the stored command to be dispatched to the victim's online agents. The flaw stems from a state-changing GET endpoint protected only by a SameSite=Lax JWT cookie with no CSRF token, Origin/Referer check, or Fetch Metadata guard. No public exploit identified at time of analysis beyond the reporter's safe Go-test proof; the issue is not in CISA KEV.

CSRF Google
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-8335 HIGH This Week

Unauthenticated SQL data exfiltration in Aix-DB versions up to and including 1.2.4 allows attackers on adjacent networks to issue arbitrary SELECT queries against the application's database through the /llm/process_llm_out endpoint, which omits the token validation enforced on every other application route. The flaw was disclosed by CERT-PL and currently has no public exploit identified at time of analysis, but the CVSS 4.0 vector (AV:A/AC:L/PR:N/UI:N/VC:H) reflects trivial exploitation once an attacker reaches the deployment network. No vendor-released patch identified at time of analysis.

Authentication Bypass Aix Db
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-49069 HIGH POC This Week

Reflected cross-site scripting in the WPZOOM Portfolio WordPress plugin (versions up to and including 1.4.21) allows remote attackers to execute arbitrary JavaScript in a victim's browser when the user clicks a crafted link. Because the CVSS scope is Changed (S:C), successful exploitation can affect resources beyond the vulnerable component, typically enabling session hijacking or actions against the WordPress admin context. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.

XSS Wpzoom Portfolio
NVD Exploit-DB VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-47764 HIGH PATCH GHSA This Week

Arbitrary file write via path traversal in PDM (Python Development Master) package manager allows malicious wheels to write files outside the intended installation directory during package installation. The flaw exists in InstallDestination.write_to_fs() which overrode the safe base class path validation with an unvalidated os.path.join() call, affecting PDM versions up to and including 2.22.4. No public exploit identified at time of analysis, though the issue mirrors the previously disclosed Poetry CVE-2026-34591 of the same class.

Path Traversal Suse
NVD GitHub
EPSS
0.0%
CVE-2026-48036 HIGH PATCH GHSA This Week

Drift-detection logic flaw in the @hulumi/drift npm package (versions < 1.4.0) causes the verdict classifier to conflate adapter failure with a clean result, producing cached false-negative 'None / none' verdicts for up to six hours and false-positive incident-severity 'Mixed / high' or 'ConsoleBreakGlass / high' verdicts based on probe liveness rather than CloudTrail evidence. Consumers running drift detection in CI or cron pipelines could silently miss real console-break-glass mutations or be paged on routine provider-version churn. No public exploit identified at time of analysis; the issue is a CWE-755 improper-exception-handling defect rather than a remote attack primitive.

Privilege Escalation
NVD GitHub
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy