Skip to main content
CVE-2026-53608 HIGH This Week

Stored cross-site scripting in the @apostrophecms/seo plugin (versions ≤1.4.2) allows any user holding the default editor role to inject arbitrary JavaScript that executes in every visitor's browser. The seoGoogleTrackingId and seoGoogleTagManager fields are interpolated directly into inline <script> tag bodies via template literals with no sanitization, turning legitimate analytics configuration into a persistent payload delivery channel. No public exploit identified at time of analysis, and no vendor-released patch identified at time of analysis.

Google XSS Node.js Apostrophecms Seo
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-54090 HIGH PATCH GHSA This Week

Authenticated command injection in File Browser (github.com/filebrowser/filebrowser/v2 before 2.33.8) lets any user holding Execute permission bypass the command allowlist when a shell interpreter such as /bin/sh -c is configured. Because the allowlist validates only the first token while the full raw string is passed to the shell, an attacker chains arbitrary OS commands after a permitted one using metacharacters (;, |, backticks, $()), executing them at the server process privilege - root in the default Docker image. A detailed working PoC is published in the GHSA advisory; EPSS is very low (0.02%, 7th percentile) and the vulnerable Command Execution feature is disabled by default from 2.33.8 onward, including for upgraded existing installations.

Command Injection Docker
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-6211 HIGH PATCH This Week

Unrestricted file upload in Global IT Informatics Services WEOLL versions 2.0.9 through 3.2.45.32 allows authenticated low-privilege users to upload files of dangerous types and bypass ACL-protected functionality. With CVSS 8.7 (scope-changed, confidentiality and integrity high) and TR-CERT advisory publication, the flaw enables impact beyond the vulnerable component, though no public exploit identified at time of analysis and KEV/EPSS signals are not provided.

File Upload Weoll
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-11845 HIGH PATCH This Week

OS command injection in IEI Integration Corp's iVEC-IEI Virtualization Edge Computer (iVEC TANK-XM811) allows privileged remote attackers to inject and execute arbitrary operating system commands on the affected device. The flaw was disclosed via Taiwan's TWCERT and carries a CVSS 4.0 base score of 8.6, with no public exploit identified at time of analysis. Because exploitation requires high privileges, the issue represents a post-authentication path to full device compromise rather than an unauthenticated remote takeover.

Command Injection Ivec Tank Xm811
NVD VulDB
CVSS 4.0
8.6
EPSS
0.3%
CVE-2026-47368 HIGH PATCH This Week

Information disclosure in Ubiquiti UniFi OS devices allows unauthenticated network-adjacent attackers to read sensitive data via a path traversal flaw (CWE-22). The high CVSS 8.6 score reflects a scope change with high confidentiality impact, indicating that disclosed data can affect resources beyond the vulnerable component itself. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Path Traversal Ubiquiti Unifi Os Server Express Udm +29
NVD VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-53823 HIGH PATCH This Week

Privilege escalation in OpenClaw before 2026.5.3 allows attackers with access to a Slack account to spoof identity by changing their mutable Slack display name to match an allowFrom policy entry, gaining agent access intended for another user. The root cause is authentication binding to a mutable identifier (CWE-290) rather than a stable Slack user ID. No public exploit identified at time of analysis, though an upstream advisory (GHSA-c29c-2q9c-pc86) and VulnCheck writeup describe the flaw in detail.

Privilege Escalation Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-53829 HIGH PATCH This Week

Command approval bypass in OpenClaw versions prior to 2026.5.18 allows authenticated users to smuggle malicious instructions past human approvers by exploiting how the approval UI truncates oversized exec commands. The flaw (CWE-451, UI misrepresentation) lets an attacker craft a request with a benign-looking prefix while a malicious suffix is hidden from the reviewer's display, resulting in unauthorized execution once the request is approved. No public exploit identified at time of analysis and the CVE is not currently listed in CISA KEV.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-11967 HIGH PATCH This Week

Arbitrary code execution in MobaXterm Personal Edition (Portable) version 26.3 Build 5154 occurs because the application loads winspool.drv from its working directory at startup, enabling classic DLL search-order hijacking. A local attacker who can write to the directory containing the portable executable can drop a malicious winspool.drv that executes in the victim's user context the next time MobaXterm is launched. No public exploit identified at time of analysis, and EPSS data was not provided, but the trivial nature of DLL planting makes weaponization straightforward.

RCE Mobaxterm Personal Edition Portable
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-11879 HIGH PATCH This Week

Arbitrary code execution in MobaXterm Personal Edition (Portable) 26.3 Build 5154 occurs because the application loads DLLs from a predictable, user-writable temporary directory before falling back to secure system paths. A local attacker who can drop a crafted DLL into that path achieves code execution under the victim's account when MobaXterm is next launched. No public exploit identified at time of analysis, and the issue is not on CISA KEV.

RCE Mobaxterm Personal Edition Portable
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-54360 HIGH PATCH This Week

Mass assignment in MISP's sharing group creation endpoint allows authenticated users with add-sharing-group permission to hijack arbitrary existing sharing groups by submitting the target group's primary key in the add() request. The CakePHP create()+save() pattern treats a supplied id as an update, bypassing the normal edit ACL on app/Controller/SharingGroupsController.php and exposing confidentiality and integrity of shared threat intelligence. No public exploit identified at time of analysis, though a fix commit is publicly visible on GitHub.

Authentication Bypass PHP
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-54096 HIGH PATCH GHSA This Week

Improper access control in File Browser (filebrowser/filebrowser, Go) versions <= 2.63.6 lets a user with share/download permissions create a public share for a path that does not yet exist; because the share record stores only a path string and is never bound to a concrete object, the link silently begins exposing whatever file later appears at that path via GET /api/public/dl/<hash>. The flaw mirrors the Android MediaProvider issue CVE-2026-0035 — the create handler omits an existence check before persisting the share. EPSS is very low (0.02%, 6th percentile) and there is no public exploit identified at time of analysis, but a step-by-step PoC is included in the GitHub Security Advisory.

Google Java Information Disclosure
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-47196 HIGH PATCH This Week

Improper input validation in Quest Bot (an open-source Discord bot) prior to version 1.1.6 lets a guild moderator weaponize the automod feature to delete every non-bot message in a server. By submitting whitespace-only input to the automod add command, the trimmed empty string is stored as a rule and the message listener's content.includes("") check evaluates true for all messages. No public exploit identified at time of analysis, though the trigger is trivial to reproduce by anyone with permission to configure automod rules.

Information Disclosure Questbot
NVD GitHub
CVSS 4.0
8.4
EPSS
0.1%
CVE-2025-58175 HIGH PATCH GHSA This Week

Server-Side Request Forgery in GeoServer 2.26.x prior to 2.26.4 and 2.27.x prior to 2.27.3 allows unauthenticated remote attackers to coerce the server into issuing HTTP requests to attacker-chosen destinations by abusing weak prefix matching of the proxy base URL inside the XML entity resolver. No public exploit identified at time of analysis, and EPSS exploitation probability sits at 0.06% (19th percentile), but the trivial network-only attack vector and default-enabled ENTITY_RESOLUTION_ALLOWLIST since 2.25.0 raise the realistic exposure for internet-facing instances.

Atlassian SSRF
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-53834 HIGH PATCH This Week

Authorization bypass in OpenClaw's QQBot component before version 2026.4.27 allows authenticated senders to invoke slash commands before allowFrom policy checks execute, effectively skipping operator-configured access controls. The flaw stems from pre-dispatch command handling that runs prior to policy enforcement, enabling blocked senders to trigger command handlers depending on deployment configuration. No public exploit identified at time of analysis, and CVSS 4.0 scoring of 8.2 reflects high integrity impact with an attack requirement (AT:P) suggesting non-trivial conditions.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-48610 HIGH PATCH This Week

Improper access control in Ubiquiti UniFi OS allows network-adjacent attackers to make unauthorized configuration changes to UniFi Dream Machine, Cloud Gateway, and Express gateway devices under certain network configurations. The flaw, scored CVSS 8.1 with full CIA impact, requires no authentication (PR:N) but has high attack complexity (AC:H), and no public exploit identified at time of analysis. Disclosed via HackerOne and addressed in Ubiquiti Security Advisory Bulletin 065.

Authentication Bypass Ubiquiti Udm Udm Pro Udm Se +12
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-53408 HIGH PATCH This Week

Privilege escalation in Zoom Workplace mobile clients (Android before 7.0.4, iOS before 7.0.3) stems from improper authorization in the handler for a custom URL scheme, allowing a remote attacker to elevate privileges over network access. The CVSS 8.1 rating reflects high confidentiality and integrity impact with low-complexity exploitation, though no public exploit identified at time of analysis and the issue is not on the CISA KEV list.

Google Privilege Escalation Apple Zoom Workplace
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-48612 HIGH This Week

Account takeover in phpBB via OAuth state-verification flaw enables remote attackers to link a victim's forum account to an attacker-controlled identity provider account. Successful exploitation requires the victim to click an attacker-crafted link while authenticated, after which the attacker can authenticate as the victim through the linked external provider. No public exploit identified at time of analysis, but a vendor community advisory has been published.

CSRF Phpbb
NVD
CVSS 3.0
8.0
EPSS
0.0%
CVE-2026-11848 HIGH PATCH This Week

Information disclosure in IEI Integration Corp's iRM-IEI Remote Management (iRM-TSI410X) allows unauthenticated remote attackers to retrieve partial system configuration data by invoking a specific function that lacks authentication enforcement. The flaw is reported by TWCERT and carries a CVSS 4.0 base of 7.9, but no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Authentication Bypass Irm Tsi410X
NVD VulDB
CVSS 4.0
7.9
EPSS
0.0%
CVE-2026-47965 HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) occurs through an out-of-bounds write triggered when a victim opens a malicious PDF file. Successful exploitation runs attacker code in the context of the current user, making this a classic client-side attack suitable for phishing campaigns. No public exploit identified at time of analysis, but Adobe Reader memory corruption flaws have a long history of being weaponized in targeted attacks.

RCE Memory Corruption Adobe Buffer Overflow Acrobat Reader
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-42851 HIGH PATCH This Week

Remote code execution in Kitty terminal emulator versions prior to 0.47.0 allows any process or remote peer that can write bytes to the terminal - including SSH sessions, file viewers like cat or less, log tailers, and TUI applications - to execute attacker-supplied Python code inside the running kitty process with full user privileges. Exploitation requires no approval prompt, no shell integration, no clipboard interaction, and no editor involvement, making any rendered untrusted content a viable injection vector. No public exploit identified at time of analysis, but the trivial trigger conditions and broad attack surface make this a high-priority patch.

Python Code Injection RCE Kitty Suse
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-41158 HIGH This Week

Local privilege escalation in Imagination Technologies Graphics DDK (GPU kernel driver) allows non-privileged users to issue crafted GPU system calls that perform read/write operations on arbitrary freed physical memory pages, enabling kernel memory corruption. The flaw stems from missing deferred-free handling, meaning the GPU can still access pages after the kernel module has released them. No public exploit identified at time of analysis and EPSS is very low (0.02%), but CVSS 7.8 reflects high local impact on confidentiality, integrity, and availability.

Use After Free Memory Corruption Information Disclosure Graphics Ddk
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-6676 HIGH PATCH This Week

Local code execution in Avira Antivirus engine builds prior to 8.3.27.12 on Windows, macOS, and Linux occurs when the scanner parses a malformed POSIX tar archive, triggering a heap out-of-bounds write that can either crash the AV process (DoS) or execute attacker code in the scanner's context. No public exploit identified at time of analysis, but the on-access scanning model means a victim only has to write the malicious tar to disk for the engine to touch it. Reported by GEN (Gen Digital, Avira's parent).

Microsoft Memory Corruption Buffer Overflow Apple Avira Antivirus
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-14098 HIGH PATCH This Week

Local code execution in Avira Antivirus engine builds before 8.3.70.104 on Windows, macOS, and Linux allows attackers to trigger a heap buffer out-of-bounds write by having the engine scan a malformed MS-DOS executable. The flaw stems from an integer overflow during parsing and can also crash the antivirus engine process, with no public exploit identified at time of analysis.

Microsoft Memory Corruption Buffer Overflow Apple Avira Antivirus
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-9033 HIGH PATCH This Week

Local code execution in Avira Antivirus engine builds before 8.3.70.76 on Windows, macOS, and Linux is triggered when the scanner processes a malformed PDF file, leading to a heap out-of-bounds read that can corrupt the antivirus engine process. CVSS 7.8 reflects the high impact on confidentiality, integrity, and availability, but exploitation requires the victim to expose the engine to the attacker's file. No public exploit identified at time of analysis.

Microsoft Apple Information Disclosure Buffer Overflow Avira Antivirus
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-9032 HIGH PATCH This Week

Heap out-of-bounds read in the Avira Antivirus scanning engine on Windows, macOS, and Linux (engine builds before 8.3.70.98) allows a malformed Windows PE file to trigger local code execution or crash the antivirus engine process. Because AV engines typically auto-scan files on access, simply writing or dropping a crafted PE onto disk can reach the vulnerable parser, and no public exploit identified at time of analysis. Exploitation requires the victim's AV to scan the file (UI:R), so realistic delivery is via downloads, email attachments, or removable media rather than fully remote unauthenticated execution.

Microsoft Apple Information Disclosure Buffer Overflow Avira Antivirus
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7017 HIGH PATCH This Week

Local code execution or denial-of-service in Avira Antivirus engine builds prior to 8.3.70.56 occurs when the scanner parses a malformed Windows MSI installer file, triggering a heap out-of-bounds read. The flaw affects deployments on Windows, macOS, and Linux and requires user interaction to place a crafted MSI where the engine will scan it. No public exploit identified at time of analysis and CVSS scores it 7.8 High.

Microsoft Apple Information Disclosure Buffer Overflow Avira Antivirus
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7011 HIGH PATCH This Week

Local code execution and denial-of-service in Gen Digital antivirus engines (Avast, AVG, Norton, Avast One, Avast Business Antivirus) on Windows, macOS, and Linux stems from a heap out-of-bounds read in the malformed-ZIP/XML scanner across virus definition builds 25020100 through 25021207. An attacker who lures a user into letting the on-access scanner process a crafted archive can crash the antivirus process or potentially execute code in its context. No public exploit identified at time of analysis and the EPSS signal was not provided.

Microsoft Apple Information Disclosure Buffer Overflow Avast Antivirus +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7009 HIGH PATCH This Week

Local code execution or antivirus-process denial-of-service in Gen Digital's shared scanning engine (Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux) is triggered when the engine parses a malformed Windows PE file and performs a heap out-of-bounds read. Mitigation ships via the VPS 25021310 virus definition update rather than a product installer, so any consumer of the Gen Digital definition stream at or above that build is no longer exposed. No public exploit identified at time of analysis, but the bug sits inside a high-privilege scanner that auto-processes attacker-controlled files.

Microsoft Apple Information Disclosure Buffer Overflow Avast Antivirus +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7008 HIGH PATCH This Week

Out-of-bounds heap read in the Gen Digital antivirus scanning engine (Avast, AVG, Norton, Avast One, Avast Business) allows a malformed Windows PE file with crafted .NET metadata to crash the AV process or potentially execute code locally on Windows, macOS, and Linux endpoints running virus definitions prior to VPS 25021310. No public exploit identified at time of analysis and the issue is not on the CISA KEV list, but the bug is reachable via on-access scanning, meaning any user who receives a malicious file may trigger it without explicit action. UI:R in the CVSS vector and the local attack vector temper the urgency relative to the 7.8 base score.

Microsoft Apple Information Disclosure Buffer Overflow Avast Antivirus +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7004 HIGH PATCH This Week

Heap out-of-bounds write in Gen Digital's shared antivirus scanning engine allows local code execution or denial of service when the engine parses a malformed Windows PE file, affecting Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus across Windows, macOS, and Linux on virus definition builds prior to VPS 25040308. Because the flaw lives in the scanner that typically runs with elevated privileges, successful exploitation can escalate to code execution in a high-privilege security context. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Memory Corruption Buffer Overflow Apple Avast Antivirus +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7003 HIGH PATCH This Week

Out-of-bounds heap read in the Avira Antivirus scanning engine triggers when the engine parses a malformed PDF, allowing local code execution or denial-of-service of the antivirus process on Windows, macOS, and Linux engine builds prior to 8.3.70.56. The CVSS 7.8 (High) rating reflects local attack vector with required user interaction (the engine must scan the attacker-supplied file), and no public exploit identified at time of analysis. Because the AV engine typically runs with elevated privileges, successful code execution would inherit those privileges.

Microsoft Apple Information Disclosure Buffer Overflow Avira Antivirus
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7002 HIGH PATCH This Week

Local code execution and denial-of-service in Avira Antivirus engine builds before 8.3.70.68 allow an attacker to compromise the scanning engine by placing a malformed PDF where the engine will scan it on Windows, macOS, or Linux. The flaw is a heap out-of-bounds read (CWE-125) triggered during PDF parsing, and no public exploit identified at time of analysis. CVSS is 7.8 (high) driven by full C/I/A impact on the local host, but exploitation requires user/scanner interaction with the malicious file.

Microsoft Apple Information Disclosure Buffer Overflow Avira Antivirus
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-53406 HIGH PATCH This Week

Local privilege escalation in Remote Control for Zoom Contact Center for Windows prior to version 7.0.0 allows an authenticated user with local access to elevate privileges due to insufficient verification of data authenticity. The flaw, reported by Zoom and tracked in bulletin ZSB-26009, carries a CVSS 3.1 base score of 7.8 (High) with no public exploit identified at time of analysis. Exploitation requires existing local authenticated access, which limits opportunistic abuse but makes this a strong post-compromise pivot on workstations running the Zoom Contact Center remote control component.

Privilege Escalation Microsoft Remote Control For Zoom Contact Center
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-53828 HIGH PATCH This Week

Authorization bypass in OpenClaw before 2026.5.6 allows authenticated senders to invoke owner-only native commands without satisfying the configured owner-command policy. Any user with valid credentials can therefore execute privileged operations reserved for the resource owner, undermining the access control model. No public exploit identified at time of analysis, but a GitHub Security Advisory (GHSA-p73f-w79w-jqr5) and a VulnCheck advisory document the flaw.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-53999 HIGH PATCH GHSA This Week

Cross-tenant container deletion in the Radius Kubernetes controller (versions <= v0.57.1) allows a tenant with Deployment annotation-edit rights to coerce the high-privilege controller into deleting another tenant's container resource by injecting a forged radapp.io/status JSON blob. The flaw is a classic Confused Deputy (CWE-441/CWE-20) that yields an availability-only impact, is most severe in multi-tenant installs, and currently has publicly available exploit code via the GHSA advisory but no public exploit identified at time of analysis in CISA KEV.

Privilege Escalation Nginx Kubernetes
NVD GitHub
CVSS 3.1
7.7
EPSS
0.1%
CVE-2026-40677 HIGH This Week

Man-in-the-middle attacks against AMD's optional desktop tools - AMD Management Console (AMC), AMD Ryzen Master, and AMD μProf - can lead to arbitrary code execution because the affected utilities transport data over plaintext HTTP rather than TLS. An attacker positioned on the network path between a victim workstation and the AMD endpoint can tamper with traffic (most plausibly update or telemetry channels) to substitute malicious content that is then executed by the tool. No public exploit identified at time of analysis and the issue is not in CISA KEV; EPSS data was not provided.

RCE Amd Amd Management Console Amc Amd Ryzen Master Amd Prof
NVD VulDB
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-6961 HIGH This Week

Arbitrary file write in Mattermost via path traversal affects versions 11.6.x ≤ 11.6.1, 11.5.x ≤ 11.5.4, and 10.11.x ≤ 10.11.15/10.11.16 when shared channels with federated peers are in use. An attacker who controls a federated Mattermost server can supply crafted FileInfo.Name values during file sync to write files to arbitrary locations in the target server's filestore. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Path Traversal Mattermost
NVD VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-53831 HIGH PATCH This Week

Information disclosure in OpenClaw before 2026.5.18 lets authenticated operators abuse shell metacharacter expansion within the system.run safe-bin allowlist to read unintended node-local files on POSIX nodes and exfiltrate sensitive configuration data. The flaw bypasses command-policy enforcement because the allowlist validates a literal command string while the underlying shell re-interprets it at execution time. No public exploit identified at time of analysis.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.0%
CVE-2026-54094 HIGH PATCH GHSA This Week

Symlink-following scope escape in File Browser (filebrowser/filebrowser v2 ≤ 2.63.13) lets a restricted, scoped user-and in the public-share case an unauthenticated recipient-read, overwrite, and share files outside their assigned directory whenever a symlink lexically inside their scope resolves to a target elsewhere on the server. The per-user BasePathFs root blocks lexical ../ traversal but the HTTP handlers dereference symlinks before serving, writing, or sharing, so any file the server process can reach is exposed. Publicly available proof-of-concept exploit code exists in the GHSA advisory; the issue is not in CISA KEV and EPSS is low (0.07%, 23rd percentile).

Path Traversal Docker
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-54091 HIGH PATCH GHSA This Week

Unauthenticated information disclosure in File Browser (filebrowser/filebrowser) versions <= 2.63.5 allows public share recipients to bypass owner-defined deny rules and read or list files explicitly blocked beneath a shared directory. The flaw stems from the public share handler rebasing the filesystem root but evaluating access rules against the rebased relative path rather than the owner's original scope. No public exploit identified at time of analysis, but a detailed PoC accompanies the GHSA advisory and EPSS sits at 0.04% (13th percentile).

Authentication Bypass Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-44786 HIGH PATCH This Week

Information disclosure in Discourse discussion platform allows any MessageBus subscriber to receive real-time chat message payloads from public category channels without proper permission scoping, even when chat is not enabled for that user. The flaw affects versions 2026.1.0 through 2026.1.3, 2026.3.0 through 2026.3.0, and 2026.4.0 through 2026.4.0, and is fixed in 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1. No public exploit identified at time of analysis, but the unauthenticated network attack vector makes this a meaningful confidentiality concern for forums leveraging chat.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-50010 HIGH PATCH GHSA This Week

TLS hostname verification is silently disabled in Netty's netty-handler module for any client built with SslContextBuilder.forClient().trustManager(somePlainX509TrustManager), allowing network attackers in a man-in-the-middle position to present a valid certificate for any host and intercept supposedly encrypted traffic. Affects all Netty versions prior to 4.1.135.Final and 4.2.15.Final; no public exploit identified at time of analysis and EPSS is very low (0.04%), but the defect bypasses a core TLS protection that Netty 4.2 explicitly advertises as enabled by default.

Jwt Attack Information Disclosure Netty
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-4870 HIGH PATCH This Week

Denial of service in IBM Qiskit SDK versions 0.43.0 through 2.5.0 allows remote attackers to crash the parser via uncontrolled recursion, triggering a segmentation fault. The CVSS 7.5 score (AV:N/AC:L/PR:N/UI:N) reflects unauthenticated network-reachable exploitation with high availability impact, though no public exploit identified at time of analysis. Affects quantum-computing workloads that ingest untrusted Qiskit/OpenQASM input.

Denial Of Service IBM Qiskit Sdk
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-54358 HIGH PATCH This Week

Privilege escalation in MISP (Malware Information Sharing Platform) allows an authenticated organization administrator to target site administrator accounts within their own organization via the administrative email functionality, enabling privileged actions such as triggering a password-reset workflow against a higher-privileged user. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV. Successful exploitation results in full takeover of the targeted site admin account and complete compromise of the MISP instance.

Privilege Escalation Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
7.5
EPSS
0.0%
CVE-2026-9269 LOW POC PATCH Monitor

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

XSS WordPress Secure Copy Content Protection And Content Locking
NVD WPScan VulDB
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-45170 HIGH PATCH This Week

Improper TLS certificate validation in CyberArk (Palo Alto Networks) Privilege Cloud Connector (PAM SH Connector, branded 'Idira') versions prior to 1.1.100504 allows adjacent-network attackers to intercept or tamper with privileged-access traffic under specific configuration scenarios. The flaw is rated CVSS 4.0 7.5 with no public exploit identified at time of analysis, but the Connector's role as a broker for secrets and privileged sessions makes successful exploitation highly impactful. Reported by Palo Alto with disclosure tracked under CyberArk Security Bulletin CA26-17.

Information Disclosure Pam Sh Connector
NVD VulDB
CVSS 4.0
7.5
EPSS
0.0%
CVE-2026-9638 HIGH PATCH This Week

Predictable salt generation in the Perl Crypt::PBKDF2 module before version 0.261630 weakens the cryptographic strength of derived password hashes. The module uses Perl's built-in rand() function - a non-cryptographic PRNG - to generate salt values, making salts guessable and enabling precomputation attacks against stored password hashes. No public exploit identified at time of analysis, but a vendor patch is available and the issue was responsibly disclosed by CPANSec.

Information Disclosure Crypt Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42850 HIGH PATCH This Week

Command injection in Kitty cross-platform GPU terminal emulator versions prior to 0.47.0 allows remote attackers to execute arbitrary shell commands on a victim's host by sending a crafted escape sequence over an attacker-controlled network connection. The terminal echoes its own error message - including attacker-controlled bytes - back to the shell with CRLF, causing the shell to execute the injected command. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Command Injection Kitty Suse
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-12068 HIGH This Week

Cross-origin credential disclosure in Avira Password Manager's Firefox extension allows a malicious site embedding the targeted page in an iframe to harvest credentials that the extension autofills into the parent context. The flaw stems from incorrect autofill field selection and affects Windows, macOS, and Linux installations; no public exploit identified at time of analysis but the CVSS 7.4 (S:C/C:H) score reflects the cross-origin trust boundary violation.

Mozilla Microsoft Apple Information Disclosure Avira Password Manager
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-50091 HIGH PATCH This Week

Hard-coded cryptographic keys in the Aqara Home Android app (com.lumiunited.aqarahome) 6.0.0 and white-label clients embedding the same liblumidevsdk.so let attackers who extract the static keys from the shipped binary decrypt protected data and forge or tamper with device/cloud communications. Because every install ships the identical embedded keys, a single extraction compromises confidentiality and integrity across the entire installed base. Reported by runZero (CVE-2026-50091 / EUVD-2026-36481); publicly available exploit code exists (GitHub PoC 'theres-no-place-like-home'), but it is not on CISA KEV and EPSS is very low at 0.03%.

Google Information Disclosure Com Lumiunited Aqarahome
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy