Skip to main content
CVE-2026-53475 HIGH This Week

Credential interception in kubev2v assisted-migration-agent allows network-positioned attackers to harvest vCenter administrator credentials because the agent's vCenter client establishes TLS connections with certificate verification effectively disabled by default. The flaw, reported by Red Hat and tracked as EUVD-2026-36032, has no public exploit identified at time of analysis and an EPSS score of 0.01% (percentile 1%), but successful MITM exploitation yields full administrative access to the targeted vCenter.

Authentication Bypass VMware Assisted Migration Agent
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-53694 HIGH PATCH This Week

Argument injection in NoMachine remote desktop software before versions 9.5.7 and 8.23.2 allows a local authenticated user to inject command-line arguments and achieve high-impact compromise of confidentiality, integrity, and availability on the host. The flaw is tracked as CWE-88 (Improper Neutralization of Argument Delimiters), reported by CIRCL, and at the time of analysis there is no public exploit identified.

Code Injection Nomachine
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-11837 HIGH This Week

Local privilege escalation in the ansible.posix collection's authorized_key module allows an unprivileged local user to redirect root-owned file ownership changes to arbitrary system paths via symlink attacks in ~/.ssh. The module's keyfile() function calls os.chown() instead of os.lchown() and omits O_NOFOLLOW when opening files, so a pre-staged symlink is followed during privileged execution. No public exploit identified at time of analysis, but the technique is a well-understood TOCTOU/symlink class with a moderate-to-high CVSS (7.3).

Privilege Escalation
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-47253 HIGH PATCH GHSA This Week

Arbitrary directory deletion in julien040/anyquery 0.4.4 and earlier allows an authenticated low-privileged bearer-token holder to delete any directory accessible to the server process by submitting a SQL query that invokes clear_plugin_cache with a path-traversal payload. The flaw stems from path.Join silently resolving '..' segments before os.RemoveAll, and publicly available exploit code exists in the GitHub Security Advisory GHSA-j9rx-rppg-6hh4. Verified impact includes irreversible deletion of files outside the intended $XDG_CACHE_HOME/anyquery/plugins/ cache root, producing data loss and denial of service.

Python Docker Denial Of Service Path Traversal
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-6090 HIGH PATCH This Week

Privilege escalation in Lenovo Smart Connect for Windows allows a local authenticated user to bypass authentication checks and execute arbitrary code with elevated privileges. The flaw stems from an authentication bypass weakness (CWE-290) in the Windows client and carries a CVSS 4.0 score of 7.3. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

RCE Microsoft Authentication Bypass Lenovo
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-9758 HIGH PATCH This Week

Improper certificate trust validation in Systerel S2OPC allows remote attackers to have well-formed but untrusted X.509 certificates accepted as trusted, undermining the OPC UA secure channel authentication model. CVSS 7.3 reflects network-reachable, unauthenticated exploitation with low impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. The flaw is reported by GitLab and tracked in Systerel's public issue tracker, with no CISA KEV listing.

Information Disclosure S2Opc
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-53738 HIGH This Week

Broken authorization in the Copy & Delete Posts WordPress plugin through 1.5.4 lets any authenticated user assigned a plugin-enabled (non-admin) role invoke every operation exposed by the cdp_action_handling AJAX endpoint, enabling post deletion and plugin-setting tampering. The flaw stems from a missing per-function capability check that the dispatcher should enforce based on the f parameter. No public exploit identified at time of analysis and the CVE is not on CISA KEV.

Authentication Bypass Copy Delete Posts
NVD
CVSS 4.0
7.2
EPSS
0.0%
CVE-2026-25700 HIGH This Week

Privilege persistence in Apache Answer through version 2.0.0 allows suspended, deleted, or deactivated administrator accounts to retain access to administrative APIs because previously issued tokens are not invalidated upon account state change. The flaw requires high-privilege access to obtain a token initially and carries a CVSS 7.2 with full confidentiality, integrity, and availability impact; no public exploit identified at time of analysis and SSVC marks exploitation as none.

Information Disclosure Apache Apache Answer
NVD VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-40993 HIGH PATCH This Week

Insecure deserialization in Spring Security 7.0.0 through 7.0.5 allows an attacker with write access to the saml2_asserting_party_metadata database table to store malicious serialized Java payloads in the verification_credentials or encryption_credentials columns, leading to code execution when the JdbcAssertingPartyMetadataRepository deserializes them. The flaw affects deployments using the JDBC-backed SAML 2.0 asserting-party metadata repository introduced in the Spring Security 7.x line. No public exploit identified at time of analysis and EPSS is very low (0.01%), but CVSS rates impact as High due to full confidentiality, integrity, and availability loss on the application.

Deserialization Java Spring Security
NVD VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2022-26758 HIGH PATCH This Week

A malicious application may cause unexpected changes in memory shared between processes. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Buffer Overflow Apple Race Condition
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-53689 HIGH PATCH This Week

Heap memory corruption in libnfs through 6.0.2 allows a malicious NFS server to trigger an integer overflow in the client's XDR string deserializer when a victim connects to it. The flaw resides in libnfs_zdr_string in lib/libnfs-zdr.c, which failed to validate that an attacker-controlled string size fit within the remaining buffer. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Buffer Overflow Libnfs Suse
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-48856 HIGH PATCH This Week

Credential leakage in Erlang/OTP's inets httpc client (versions 17.0 through 29.0.2, 28.5.0.2, and 27.3.4.13) allows attacker-controlled servers to harvest Authorization and Proxy-Authorization headers by issuing cross-origin 3xx redirects. Because httpc_response:redirect/2 only updates the host field and copies all other headers verbatim - and autoredirect defaults to true - any httpc caller using HTTP Basic auth or URL userinfo silently forwards credentials to the redirect target. No public exploit identified at time of analysis, but the fix has been published upstream and tagged in vendor-released OTP patch versions.

Information Disclosure Open Redirect Otp Suse
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-53674 HIGH This Week

Regex injection in BuddyPress 14.4.0's activity mention resolver allows authenticated WordPress users to manipulate a REGEXP clause against the users table when username compatibility mode is enabled, enabling boolean-based username inference and denial of service via catastrophic backtracking. CVSS 4.0 scores this 7.1 with low confidentiality impact and high availability impact, reflecting the dual data-leakage and DoS outcomes. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service Nosql Injection
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-45542 HIGH This Week

Heap buffer overflow in Espressif ESP-IDF's protocomm component allows adjacent-network attackers to corrupt heap memory during the SRP6a (Security Scheme 2) session-setup handshake on affected IoT devices running ESP-IDF 5.2.6, 5.3.5, 5.4.4, 5.5.4, or 6.0. The flaw stems from a type-width mismatch in handle_session_command0() that trusts the client-supplied protobuf username length, enabling denial of service and potential integrity impact on provisioning interfaces. No public exploit identified at time of analysis; patches are available in 5.2.7, 5.3.6, 5.4.5, 5.5.5, and 6.0.1.

Heap Overflow Buffer Overflow Esp Idf
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-49396 HIGH PATCH GHSA This Week

Cross-site request forgery in the Nezha monitoring dashboard (versions >= 1.0.0, < 2.0.14) allows remote attackers to force a logged-in user's browser to trigger any of the victim's existing cron tasks via a GET navigation to /api/v1/cron/:id/manual, causing the stored command to be dispatched to the victim's online agents. The flaw stems from a state-changing GET endpoint protected only by a SameSite=Lax JWT cookie with no CSRF token, Origin/Referer check, or Fetch Metadata guard. No public exploit identified at time of analysis beyond the reporter's safe Go-test proof; the issue is not in CISA KEV.

CSRF Google
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-8335 HIGH This Week

Unauthenticated SQL data exfiltration in Aix-DB versions up to and including 1.2.4 allows attackers on adjacent networks to issue arbitrary SELECT queries against the application's database through the /llm/process_llm_out endpoint, which omits the token validation enforced on every other application route. The flaw was disclosed by CERT-PL and currently has no public exploit identified at time of analysis, but the CVSS 4.0 vector (AV:A/AC:L/PR:N/UI:N/VC:H) reflects trivial exploitation once an attacker reaches the deployment network. No vendor-released patch identified at time of analysis.

Authentication Bypass Aix Db
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-49069 HIGH POC This Week

Reflected cross-site scripting in the WPZOOM Portfolio WordPress plugin (versions up to and including 1.4.21) allows remote attackers to execute arbitrary JavaScript in a victim's browser when the user clicks a crafted link. Because the CVSS scope is Changed (S:C), successful exploitation can affect resources beyond the vulnerable component, typically enabling session hijacking or actions against the WordPress admin context. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.

XSS Wpzoom Portfolio
NVD Exploit-DB VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-66281 MEDIUM PATCH This Month

NULL pointer dereference in QNAP QTS and QuTS hero NAS operating systems allows remote unauthenticated attackers to crash a network-facing service and cause a denial-of-service condition without any authentication or user interaction. Multiple active OS branches are affected - QTS 5.2.x and QuTS hero h5.2.x through h6.0.x - across a device population that is historically internet-exposed and frequently targeted. No public exploit has been identified and this vulnerability is not listed in CISA KEV, but the zero-authentication, network-accessible attack surface makes DoS attempts trivially repeatable against unpatched devices.

Denial Of Service Null Pointer Dereference Qnap Qts Quts Hero
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2026-29115 MEDIUM This Month

Denial of service in Dahua IPC and SD (Speed Dome) camera devices allows an authenticated remote attacker to trigger an unexpected system reboot by sending a specially crafted network packet. The vulnerability is vendor-reported under advisory DHCC-SA-202606-001 and affects specific IPC and SD models with firmware built before March 26, 2026. No public exploit code has been identified at time of analysis, and the attack requires high-privilege authentication (PR:H), materially limiting the realistic attacker population.

Denial Of Service Dahua
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-62851 MEDIUM PATCH This Month

Path traversal in QNAP License Center (versions 1.9.0 through 1.9.55) permits a high-privileged attacker with an administrator account to read arbitrary files or system data outside the intended directory scope. The CVSS 4.0 vector (AV:N/PR:H) indicates network-reachable exploitation contingent on first obtaining administrative credentials. No public exploit code or active exploitation has been identified at time of analysis; a vendor-released patch is available in version 1.9.56.

Path Traversal License Center
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-10740 MEDIUM PATCH This Month

Unbounded memory allocation in the CRYPTO frame reassembler of AWS s2n-quic (all versions before v1.82.0) enables unauthenticated remote actors to degrade service availability by sending crafted QUIC Initial packets. Because QUIC Initial packets are processed prior to handshake completion, no session establishment or authentication is required to trigger the condition. No public exploit code or active exploitation has been identified at time of analysis, but the low-complexity, zero-authentication attack path makes this straightforwardly reachable on any exposed s2n-quic endpoint.

Denial Of Service S2N Quic
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-49760 MEDIUM PATCH This Month

Stack-based buffer overflow in Erlang OTP's erl_interface C library (`ei_s_print_term`) crashes processes when decoding Erlang terms containing very large integers, causing Denial of Service. Affected OTP releases span from 17.0 through unfixed branches of 27.x, 28.x, and 29.x, making this a wide-ranging availability risk for C-language nodes that interface with the Erlang runtime. Because overflow bytes are constrained exclusively to ASCII hex digits (0-9, A-F), arbitrary code execution is not feasible - confirmed impact is process crash only. No public exploit has been identified and this CVE is not listed in the CISA KEV catalog.

Denial Of Service Buffer Overflow Stack Overflow Otp Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-49496 MEDIUM PATCH This Month

Heap-use-after-free in Ghidra's SLEIGH disassembler engine allows an attacker to cause memory corruption or application crash by supplying a crafted binary for decompilation. All Ghidra releases prior to 12.1 are affected, as is any downstream application consuming the SLEIGH library via the public Sleigh::oneInstruction C++ API. The CVSS v4.0 score of 6.9 reflects a high availability impact (VA:H) with low integrity impact (VI:L) and no confidentiality impact; no public exploit has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Use After Free Buffer Overflow Memory Corruption Ghidra
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-53693 MEDIUM PATCH This Month

Stored cross-site scripting in MISP BSimVis through v0.2.0 allows network-accessible attackers who can create or influence tag names, collection names, entity identifiers, cluster names, or tag metadata to inject malicious payloads that execute in victims' browsers. The vulnerability spans multiple client-side rendering paths in tags.js, where user-controlled values were interpolated raw into innerHTML, HTML attributes, inline JavaScript event handlers, and CSS style values - covering tag badges, tooltips, context menus, cluster cards, autocomplete suggestions, and dynamically inserted tag cards. No public exploit has been identified at time of analysis; the issue was reported and patched by CIRCL, the primary MISP development organization.

XSS Bsimvis
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-52753 MEDIUM PATCH This Month

Uncontrolled memory allocation in Ghidra's rust_demangle function (versions before 12.0.3) allows a denial-of-service condition when a user analyzes a specially crafted binary containing malicious Rust symbol names. The affected function allocates output buffers without enforcing size limits, enabling exponential memory growth that crashes the Ghidra process. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; however, the practical attack surface is real for teams that routinely analyze untrusted Rust binaries.

Denial Of Service Ghidra
NVD GitHub
CVSS 4.0
6.7
EPSS
0.0%
CVE-2026-49495 MEDIUM PATCH This Month

Uncontrolled resource consumption in Ghidra's Mach-O binary parser (versions 10.2 through pre-12.1) allows a crafted binary to crash the entire JVM and destroy all unsaved analyst work. The ExportTrie.parseTrie() method lacks cycle detection when walking export trie structures, so a malicious Mach-O binary embedding circular trie references triggers unbounded queue growth and exponential string concatenation until an OutOfMemoryError terminates the JVM process. No public exploit has been identified at time of analysis and no CISA KEV listing exists, but the risk is materially elevated in adversarial research contexts where analysts routinely open untrusted binaries - exactly the workflow Ghidra is designed for.

Denial Of Service Ghidra
NVD GitHub
CVSS 4.0
6.7
EPSS
0.0%
CVE-2026-52759 MEDIUM PATCH This Month

Uncontrolled heap memory allocation in Ghidra's Mach-O binary parser (versions before 12.1.1) allows denial of service by crashing the Ghidra JVM. The parser reads the `ncmds` load command count field directly from a Mach-O file header and uses it to drive heap allocation without cross-validating it against the actual file size, enabling a crafted binary to exhaust JVM memory. No public exploit has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog, though the attack primitive is straightforward to reproduce from the description.

Denial Of Service Ghidra
NVD GitHub
CVSS 4.0
6.7
EPSS
0.0%
CVE-2026-48107 MEDIUM PATCH GHSA This Month

Denial of service in Russh (versions 0.37.0-0.60.x), a Rust SSH client and server library, allows a malicious SSH server to crash connecting clients by exploiting improper input validation in the keyboard-interactive authentication path. The server supplies an attacker-controlled prompt count in a USERAUTH_INFO_REQUEST message, which the client passes directly to Vec::with_capacity() before verifying the packet contains the claimed number of prompts - resulting in a panic or out-of-memory condition that terminates the client process. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Russh
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-41727 MEDIUM PATCH This Month

Improper input validation in Spring for Apache Kafka's non-blocking retry topic infrastructure allows an authenticated network producer to disrupt message processing availability across multiple major version lines. By injecting a crafted `retry_topic-attempts` header with an out-of-range integer value, an attacker causes the retry topic router to misidentify the message's position in the retry sequence, producing high availability impact (A:H per CVSS). Affected deployments span Spring for Apache Kafka 2.8.x through 4.0.x. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis.

Information Disclosure Apache Java Spring For Apache Kafka
NVD HeroDevs VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-41726 MEDIUM PATCH This Month

Unbounded heap growth in Spring for Apache Kafka's DelegatingDeserializer allows an authenticated network producer to trigger a Denial of Service against any consumer application that opts into this deserializer. By flooding the consumer with Kafka records carrying unique, randomized spring.kafka.serialization.selector header values, an attacker forces unbounded cache growth on the consumer's JVM heap, ultimately inducing GC thrash and OutOfMemoryError. No public exploit identified at time of analysis, and this is not listed in the CISA KEV catalog, but the low-complexity, network-accessible attack surface warrants prompt remediation for affected deployments.

Denial Of Service Apache Java
NVD HeroDevs VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-50639 MEDIUM PATCH This Month

Metric injection via unsanitized newline characters affects Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl, allowing unauthenticated remote attackers to forge or corrupt statsd telemetry streams. The root cause is the _labels function's failure to strip or reject newlines and statsd control characters from tag label values before they are encoded into statsd UDP packets. Because statsd and dogstatsd protocols use newlines as metric delimiters, an attacker who can influence any label value flowing into the adapter can cause the server to parse additional attacker-controlled metrics. No public exploit has been identified at time of analysis, but SSVC rates the flaw as automatable with partial technical impact.

Code Injection Metrics
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11884 MEDIUM This Month

Heap buffer overflow in Red Hat 389 Directory Server allows an authenticated Directory Manager or a compromised replication supplier to crash the server or corrupt heap memory by creating objectclass definitions with excessively long SUP (oc_superior) values. The flaw exists in schema serialization functions where the SUP field length is excluded from buffer size calculations yet still written via strcat(), producing an off-by-N heap overwrite. This is explicitly an incomplete fix variant of CVE-2025-14905, meaning organizations that patched that prior CVE may remain exposed if the SUP field code path was not remediated; no public exploit has been identified at time of analysis.

Heap Overflow Buffer Overflow Red Hat Directory Server 11 Red Hat Directory Server 12 Red Hat Directory Server 13 +5
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-46540 MEDIUM This Month

Incomplete macro-block state synchronization in Nimiq core-rs-albatross LightBlockchain allows a network-accessible attacker to permanently stall a light client's chain progression by triggering a rebranch to a fork whose tip is a macro (checkpoint or election) block. Affected are all deployments of the Rust Albatross light client prior to v1.4.0. When exploitation targets an election block specifically, the stale current_validators pointer causes every subsequent push() call to fail verify_validators(), rendering the light client unable to advance its chain. No public exploit identified at time of analysis, though the exact fix is visible in merged PR #3706 and the triggering conditions are fully described in the advisory.

Information Disclosure Checkpoint
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-53474 MEDIUM This Month

SQL injection in Red Hat's kubev2v migration-planner allows a remote authenticated attacker to upload a crafted RVTools .xlsx file whose cluster-name cells are interpolated unsanitized into DuckDB queries, enabling arbitrary file reads on the host. Because the tool runs as a SaaS migration assessment service, leaked Kubernetes service account tokens or other credentials can pivot to full environment compromise. No public exploit identified at time of analysis, but an upstream fix is available via PR #1231.

SQLi Kubernetes Migration Assessment
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-45329 MEDIUM This Month

Information disclosure in Espressif ESP-IDF 5.5.4 and 6.0 allows local code in the Rich Execution Environment (REE) to leak TEE-protected memory by passing crafted pointer arguments to ESP-TEE secure-service wrappers. Because TEE hardware peripherals (ECC, SHA, SPI) run in RISC-V M-mode with full address-space access, attackers can coerce them to read from TEE-exclusive memory and return raw bytes, computed functions, or single-bit oracles enabling incremental disclosure of sensitive material. No public exploit identified at time of analysis; vendor-released patches exist in 5.5.5 and 6.0.1.

Information Disclosure Oracle
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11853 MEDIUM PATCH This Month

Arbitrary symlink creation in Debusine's mergeuploads task allows remote unauthenticated attackers to overwrite files accessible to the worker process. Affected versions 0.12.0 through 0.14.8 fail to sanitize fully user-controlled paths embedded in Debian manifest files (.dsc and .changes), enabling path traversal via CWE-59 link-following. Despite a CVSS network-accessible, no-auth vector, real-world risk is bounded by deployment context - exploitation requires the ability to submit packages to a Debusine instance. No public exploit identified at time of analysis and EPSS sits at 0.02% (4th percentile).

Information Disclosure Debian
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-45160 MEDIUM This Month

Out-of-bounds read in ESP-IDF's embedded DHCP server crashes or exposes heap memory on ESP32 devices operating in SoftAP or DHCP server mode. The `parse_options()` function in the bundled lwIP DHCP server component walks BOOTP/DHCP option TLV fields without validating that each option's declared length stays within the received packet buffer, allowing an adjacent-network unauthenticated attacker to trigger a device crash by sending a single crafted DHCP request. Five active release branches are affected (5.2.x through 6.0.x); vendor-released patches are available across all branches. No public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure Buffer Overflow Esp Idf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-47155 MEDIUM PATCH GHSA This Month

Artifact pin decay in vLLM (< 0.22.0) allows pinned model deployments to silently load secondary artifacts - dynamic code modules, GGUF files, image processors, retrieval side weights, and same-repository subfolder configs - from unpinned or default HuggingFace Hub revisions, undermining supply-chain integrity guarantees. Operators who supply `--revision` or `--code-revision` to audit and lock a specific model version can unknowingly serve behavior-affecting components that fall outside the reviewed artifact set. No public exploit code has been identified at time of analysis, but seven discrete affected code paths across vllm's model loader and registry subsystems have been confirmed at commit 3795d7acf431980e62e738493f437ae2a51549da, with a fix released in vLLM 0.22.0 via PR #42616.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11852 MEDIUM PATCH This Month

Missing authorization controls on Debusine's artifact relationship endpoints allow remote actors to create and delete artifact relationships without holding the necessary write permissions, affecting all versions from 0.2.0 through 0.14.5. The only implicit gatekeeping was visibility of the referenced artifacts - not modification rights - a CWE-862 (Missing Authorization) flaw that exposes both data integrity and limited confidentiality of build artifact metadata. No public exploit code exists and EPSS places exploitation probability at 0.01% (3rd percentile), reflecting the tool's niche deployment scope within Debian build infrastructure; the vulnerability is not confirmed actively exploited (CISA KEV).

Authentication Bypass Debian
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-45561 MEDIUM This Month

{version,uptime,status,checks}/<server_ip>` route family passes the Flask URL path parameter directly into a Python `requests.get()` call without any allowlist or blocklist validation, making IPv4 literals such as 169.254.169.254, RFC1918 ranges, and 127.0.0.1 all valid targets. No publicly available patches exist at time of analysis, and no public exploit code or CISA KEV listing has been identified.

Python Nginx SSRF Apache
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-53698 MEDIUM This Month

Absolute path traversal (CWE-36) in Silverpeas through 6.4.6 allows authenticated remote users to read arbitrary files from the server filesystem by exploiting the 'Personal space' fallback path in the FileServer servlet, activated when no componentId parameter is supplied. The CVSS vector confirms network-reachable, low-complexity exploitation requiring only low-privilege credentials, with high confidentiality impact and no integrity or availability loss. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Silverpeas
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-41719 MEDIUM PATCH This Month

SpEL (Spring Expression Language) injection in Spring Data KeyValue and Spring Data Redis allows a network-accessible, low-privileged attacker to execute arbitrary SpEL expressions when applications pass unsanitized user-controlled Sort parameters directly to repository query methods delegating to SpelPropertyComparator. Affected versions span eight major release lines from 2.7.x through 4.0.x, making the exposure surface broad across Spring-based Java ecosystems. No public exploit identified at time of analysis and no CISA KEV listing, but the high confidentiality impact rating and network attack vector warrant prompt patching for any application that surfaces Sort query parameters to end users.

Code Injection Java Redis
NVD HeroDevs
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-8613 MEDIUM This Month

Stored Cross-Site Scripting in the aThemes Addons for Elementor WordPress plugin (versions up to and including 1.1.8) allows authenticated attackers with contributor-level access to inject persistent malicious scripts via the 'title_tag' widget setting in the Posts Timeline and Posts Carousel widgets. The injected payload executes in the browsers of any user who subsequently visits the compromised page, enabling session hijacking, credential theft, or malicious redirects. No public exploit or CISA KEV listing has been identified at time of analysis, though the contributor-level authentication barrier is low in multi-author WordPress deployments.

XSS WordPress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-9019 MEDIUM This Month

Stored Cross-Site Scripting in the Easy Image Collage WordPress plugin (all versions through 1.13.6) allows authenticated attackers with author-level access to permanently inject arbitrary JavaScript into pages via the `grid[properties][borderColor]` and `grid[images][N][attachment_url]` parameters, which executes in victims' browsers upon page load. The critical aggravating factor is that payloads are persisted via WordPress's `update_post_meta()` API rather than through post content, which deliberately sidesteps the `unfiltered_html` capability check that normally prevents lower-privilege users from injecting raw HTML - meaning site administrators cannot block this attack path through standard WordPress role controls alone. No public exploit code or CISA KEV listing has been identified at time of analysis; however, the low privilege requirement and well-documented bypass of WordPress hardening make this a credible threat on multi-author sites.

XSS WordPress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8444 MEDIUM This Month

DOM-Based Stored Cross-Site Scripting in the Animation Addons for Elementor WordPress plugin (all versions up to and including 2.6.7) allows authenticated attackers holding Contributor-level access or higher to inject persistent malicious scripts through multiple unsanitized plugin parameters. The injected payload executes in the browsers of any user who subsequently loads an affected page, enabling session hijacking, credential theft, or malicious redirects. No public exploit identified at time of analysis and the plugin is not listed in the CISA KEV catalog, but the Changed scope (S:C) in the CVSS vector elevates real-world impact beyond the 6.4 score suggests for multi-author WordPress deployments.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-48859 MEDIUM PATCH This Month

Username enumeration via timing side-channel in Erlang/OTP SSH daemon (OTP 29.0-29.0.1) allows unauthenticated remote attackers to distinguish valid from invalid usernames in a single probe. When the daemon is configured with the `user_passwords` or `password` options, valid usernames trigger a 600,000-iteration PBKDF2-SHA256 computation (~300ms) while invalid usernames return near-instantly (~0ms) through an early-exit path - a gap detectable without repeated attempts. No public exploit has been identified at time of analysis, and exploitation is constrained to non-default, test-oriented configurations.

Information Disclosure Otp
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.3%
CVE-2026-52756 MEDIUM PATCH This Month

Path traversal in Ghidra's IsfServer component (all versions before 12.2) allows remote unauthenticated attackers to enumerate filesystem paths and probe arbitrary files by connecting to TCP port 54321 and sending crafted protobuf messages. The root cause is unsanitized client-supplied namespace strings passed directly to filesystem operations, a CWE-22 defect. Given Ghidra's deployment context - security research, malware analysis, and reverse engineering of sensitive artifacts, often in high-value government and defense environments - successful exploitation could expose directory structures and sensitive file metadata on the analyst's workstation. No public exploit code has been identified and this vulnerability is not in CISA KEV at time of analysis.

Path Traversal Ghidra
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-48858 MEDIUM PATCH This Month

SSRF and FTP bounce attacks are enabled in Erlang/OTP's ftp_internal module because the PASV handler blindly trusts the IP address returned in a server's 227 response, connecting the data channel to an attacker-controlled internal target without validating it against the control connection's actual peer address. All Erlang applications using the ftp client in its default passive IPv4 mode (ipfamily=inet, ftp_extension=false) across OTP 17.4 through pre-29.0.2 are affected, spanning both the legacy inets-bundled module and the standalone ftp application. No active exploitation has been confirmed (not in CISA KEV), but a functional proof-of-concept demonstrating the redirect attack is publicly embedded in the upstream fix commit, significantly lowering the exploitation barrier.

SSRF Otp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-24719 MEDIUM PATCH This Month

Authenticated command injection in QNAP QTS and QuTS hero NAS operating systems allows an attacker who already holds an administrator account to execute arbitrary OS commands on the appliance. The flaw carries a CVSS 4.0 score of 8.6, but the PR:H requirement substantially narrows the attacker population; no public exploit identified at time of analysis and the issue is not listed in CISA KEV. QNAP has shipped fixed builds (QTS 5.2.9.3492 build 20260507 and QuTS hero h5.2.9.3499 build 20260514).

Qnap Command Injection Qts Quts Hero
NVD VulDB
CVSS 4.0
6.1
EPSS
0.5%
CVE-2026-53465 MEDIUM PATCH GHSA This Month

Heap-based buffer over-write in ImageMagick's SF3 encoder prior to version 7.1.2-25 allows an attacker who can supply a crafted multi-frame image to corrupt heap memory, yielding high availability impact and potential integrity exposure. All ImageMagick installations before 7.1.2-25 are affected regardless of platform. No public exploit has been identified at time of analysis and the vulnerability is absent from CISA KEV; however, CWE-122 write primitives carry inherent escalation risk beyond the scored DoS impact depending on heap layout at time of trigger.

Heap Overflow Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
Prev Page 3 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy