Skip to main content
CVE-2025-7011 HIGH PATCH This Week

Local code execution and denial-of-service in Gen Digital antivirus engines (Avast, AVG, Norton, Avast One, Avast Business Antivirus) on Windows, macOS, and Linux stems from a heap out-of-bounds read in the malformed-ZIP/XML scanner across virus definition builds 25020100 through 25021207. An attacker who lures a user into letting the on-access scanner process a crafted archive can crash the antivirus process or potentially execute code in its context. No public exploit identified at time of analysis and the EPSS signal was not provided.

Microsoft Apple Information Disclosure Buffer Overflow Avast Antivirus +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7009 HIGH PATCH This Week

Local code execution or antivirus-process denial-of-service in Gen Digital's shared scanning engine (Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux) is triggered when the engine parses a malformed Windows PE file and performs a heap out-of-bounds read. Mitigation ships via the VPS 25021310 virus definition update rather than a product installer, so any consumer of the Gen Digital definition stream at or above that build is no longer exposed. No public exploit identified at time of analysis, but the bug sits inside a high-privilege scanner that auto-processes attacker-controlled files.

Microsoft Apple Information Disclosure Buffer Overflow Avast Antivirus +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7008 HIGH PATCH This Week

Out-of-bounds heap read in the Gen Digital antivirus scanning engine (Avast, AVG, Norton, Avast One, Avast Business) allows a malformed Windows PE file with crafted .NET metadata to crash the AV process or potentially execute code locally on Windows, macOS, and Linux endpoints running virus definitions prior to VPS 25021310. No public exploit identified at time of analysis and the issue is not on the CISA KEV list, but the bug is reachable via on-access scanning, meaning any user who receives a malicious file may trigger it without explicit action. UI:R in the CVSS vector and the local attack vector temper the urgency relative to the 7.8 base score.

Microsoft Apple Information Disclosure Buffer Overflow Avast Antivirus +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7004 HIGH PATCH This Week

Heap out-of-bounds write in Gen Digital's shared antivirus scanning engine allows local code execution or denial of service when the engine parses a malformed Windows PE file, affecting Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus across Windows, macOS, and Linux on virus definition builds prior to VPS 25040308. Because the flaw lives in the scanner that typically runs with elevated privileges, successful exploitation can escalate to code execution in a high-privilege security context. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Memory Corruption Buffer Overflow Apple Avast Antivirus +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7003 HIGH PATCH This Week

Out-of-bounds heap read in the Avira Antivirus scanning engine triggers when the engine parses a malformed PDF, allowing local code execution or denial-of-service of the antivirus process on Windows, macOS, and Linux engine builds prior to 8.3.70.56. The CVSS 7.8 (High) rating reflects local attack vector with required user interaction (the engine must scan the attacker-supplied file), and no public exploit identified at time of analysis. Because the AV engine typically runs with elevated privileges, successful code execution would inherit those privileges.

Microsoft Apple Information Disclosure Buffer Overflow Avira Antivirus
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7002 HIGH PATCH This Week

Local code execution and denial-of-service in Avira Antivirus engine builds before 8.3.70.68 allow an attacker to compromise the scanning engine by placing a malformed PDF where the engine will scan it on Windows, macOS, or Linux. The flaw is a heap out-of-bounds read (CWE-125) triggered during PDF parsing, and no public exploit identified at time of analysis. CVSS is 7.8 (high) driven by full C/I/A impact on the local host, but exploitation requires user/scanner interaction with the malicious file.

Microsoft Apple Information Disclosure Buffer Overflow Avira Antivirus
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-53406 HIGH PATCH This Week

Local privilege escalation in Remote Control for Zoom Contact Center for Windows prior to version 7.0.0 allows an authenticated user with local access to elevate privileges due to insufficient verification of data authenticity. The flaw, reported by Zoom and tracked in bulletin ZSB-26009, carries a CVSS 3.1 base score of 7.8 (High) with no public exploit identified at time of analysis. Exploitation requires existing local authenticated access, which limits opportunistic abuse but makes this a strong post-compromise pivot on workstations running the Zoom Contact Center remote control component.

Privilege Escalation Microsoft Remote Control For Zoom Contact Center
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-53828 HIGH PATCH This Week

Authorization bypass in OpenClaw before 2026.5.6 allows authenticated senders to invoke owner-only native commands without satisfying the configured owner-command policy. Any user with valid credentials can therefore execute privileged operations reserved for the resource owner, undermining the access control model. No public exploit identified at time of analysis, but a GitHub Security Advisory (GHSA-p73f-w79w-jqr5) and a VulnCheck advisory document the flaw.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-53999 HIGH PATCH GHSA This Week

Cross-tenant container deletion in the Radius Kubernetes controller (versions <= v0.57.1) allows a tenant with Deployment annotation-edit rights to coerce the high-privilege controller into deleting another tenant's container resource by injecting a forged radapp.io/status JSON blob. The flaw is a classic Confused Deputy (CWE-441/CWE-20) that yields an availability-only impact, is most severe in multi-tenant installs, and currently has publicly available exploit code via the GHSA advisory but no public exploit identified at time of analysis in CISA KEV.

Privilege Escalation Nginx Kubernetes
NVD GitHub
CVSS 3.1
7.7
EPSS
0.1%
CVE-2026-40677 HIGH This Week

Man-in-the-middle attacks against AMD's optional desktop tools - AMD Management Console (AMC), AMD Ryzen Master, and AMD μProf - can lead to arbitrary code execution because the affected utilities transport data over plaintext HTTP rather than TLS. An attacker positioned on the network path between a victim workstation and the AMD endpoint can tamper with traffic (most plausibly update or telemetry channels) to substitute malicious content that is then executed by the tool. No public exploit identified at time of analysis and the issue is not in CISA KEV; EPSS data was not provided.

RCE Amd Amd Management Console Amc Amd Ryzen Master Amd Prof
NVD VulDB
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-6961 HIGH This Week

Arbitrary file write in Mattermost via path traversal affects versions 11.6.x ≤ 11.6.1, 11.5.x ≤ 11.5.4, and 10.11.x ≤ 10.11.15/10.11.16 when shared channels with federated peers are in use. An attacker who controls a federated Mattermost server can supply crafted FileInfo.Name values during file sync to write files to arbitrary locations in the target server's filestore. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Path Traversal Mattermost
NVD VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-53831 HIGH PATCH This Week

Information disclosure in OpenClaw before 2026.5.18 lets authenticated operators abuse shell metacharacter expansion within the system.run safe-bin allowlist to read unintended node-local files on POSIX nodes and exfiltrate sensitive configuration data. The flaw bypasses command-policy enforcement because the allowlist validates a literal command string while the underlying shell re-interprets it at execution time. No public exploit identified at time of analysis.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.0%
CVE-2026-54094 HIGH PATCH GHSA This Week

Symlink-following scope escape in File Browser (filebrowser/filebrowser v2 ≤ 2.63.13) lets a restricted, scoped user-and in the public-share case an unauthenticated recipient-read, overwrite, and share files outside their assigned directory whenever a symlink lexically inside their scope resolves to a target elsewhere on the server. The per-user BasePathFs root blocks lexical ../ traversal but the HTTP handlers dereference symlinks before serving, writing, or sharing, so any file the server process can reach is exposed. Publicly available proof-of-concept exploit code exists in the GHSA advisory; the issue is not in CISA KEV and EPSS is low (0.07%, 23rd percentile).

Path Traversal Docker
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-54091 HIGH PATCH GHSA This Week

Unauthenticated information disclosure in File Browser (filebrowser/filebrowser) versions <= 2.63.5 allows public share recipients to bypass owner-defined deny rules and read or list files explicitly blocked beneath a shared directory. The flaw stems from the public share handler rebasing the filesystem root but evaluating access rules against the rebased relative path rather than the owner's original scope. No public exploit identified at time of analysis, but a detailed PoC accompanies the GHSA advisory and EPSS sits at 0.04% (13th percentile).

Authentication Bypass Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-44786 HIGH PATCH This Week

Information disclosure in Discourse discussion platform allows any MessageBus subscriber to receive real-time chat message payloads from public category channels without proper permission scoping, even when chat is not enabled for that user. The flaw affects versions 2026.1.0 through 2026.1.3, 2026.3.0 through 2026.3.0, and 2026.4.0 through 2026.4.0, and is fixed in 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1. No public exploit identified at time of analysis, but the unauthenticated network attack vector makes this a meaningful confidentiality concern for forums leveraging chat.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-50010 HIGH PATCH GHSA This Week

TLS hostname verification is silently disabled in Netty's netty-handler module for any client built with SslContextBuilder.forClient().trustManager(somePlainX509TrustManager), allowing network attackers in a man-in-the-middle position to present a valid certificate for any host and intercept supposedly encrypted traffic. Affects all Netty versions prior to 4.1.135.Final and 4.2.15.Final; no public exploit identified at time of analysis and EPSS is very low (0.04%), but the defect bypasses a core TLS protection that Netty 4.2 explicitly advertises as enabled by default.

Jwt Attack Information Disclosure Netty
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-4870 HIGH PATCH This Week

Denial of service in IBM Qiskit SDK versions 0.43.0 through 2.5.0 allows remote attackers to crash the parser via uncontrolled recursion, triggering a segmentation fault. The CVSS 7.5 score (AV:N/AC:L/PR:N/UI:N) reflects unauthenticated network-reachable exploitation with high availability impact, though no public exploit identified at time of analysis. Affects quantum-computing workloads that ingest untrusted Qiskit/OpenQASM input.

Denial Of Service IBM Qiskit Sdk
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-54358 HIGH PATCH This Week

Privilege escalation in MISP (Malware Information Sharing Platform) allows an authenticated organization administrator to target site administrator accounts within their own organization via the administrative email functionality, enabling privileged actions such as triggering a password-reset workflow against a higher-privileged user. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV. Successful exploitation results in full takeover of the targeted site admin account and complete compromise of the MISP instance.

Privilege Escalation Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
7.5
EPSS
0.0%
CVE-2026-45170 HIGH PATCH This Week

Improper TLS certificate validation in CyberArk (Palo Alto Networks) Privilege Cloud Connector (PAM SH Connector, branded 'Idira') versions prior to 1.1.100504 allows adjacent-network attackers to intercept or tamper with privileged-access traffic under specific configuration scenarios. The flaw is rated CVSS 4.0 7.5 with no public exploit identified at time of analysis, but the Connector's role as a broker for secrets and privileged sessions makes successful exploitation highly impactful. Reported by Palo Alto with disclosure tracked under CyberArk Security Bulletin CA26-17.

Information Disclosure Pam Sh Connector
NVD VulDB
CVSS 4.0
7.5
EPSS
0.0%
CVE-2026-9638 HIGH PATCH This Week

Predictable salt generation in the Perl Crypt::PBKDF2 module before version 0.261630 weakens the cryptographic strength of derived password hashes. The module uses Perl's built-in rand() function - a non-cryptographic PRNG - to generate salt values, making salts guessable and enabling precomputation attacks against stored password hashes. No public exploit identified at time of analysis, but a vendor patch is available and the issue was responsibly disclosed by CPANSec.

Information Disclosure Crypt Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42850 HIGH PATCH This Week

Command injection in Kitty cross-platform GPU terminal emulator versions prior to 0.47.0 allows remote attackers to execute arbitrary shell commands on a victim's host by sending a crafted escape sequence over an attacker-controlled network connection. The terminal echoes its own error message - including attacker-controlled bytes - back to the shell with CRLF, causing the shell to execute the injected command. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Command Injection Kitty Suse
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-12068 HIGH This Week

Cross-origin credential disclosure in Avira Password Manager's Firefox extension allows a malicious site embedding the targeted page in an iframe to harvest credentials that the extension autofills into the parent context. The flaw stems from incorrect autofill field selection and affects Windows, macOS, and Linux installations; no public exploit identified at time of analysis but the CVSS 7.4 (S:C/C:H) score reflects the cross-origin trust boundary violation.

Mozilla Microsoft Apple Information Disclosure Avira Password Manager
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-50091 HIGH PATCH This Week

Hard-coded cryptographic keys in the Aqara Home Android app (com.lumiunited.aqarahome) 6.0.0 and white-label clients embedding the same liblumidevsdk.so let attackers who extract the static keys from the shipped binary decrypt protected data and forge or tamper with device/cloud communications. Because every install ships the identical embedded keys, a single extraction compromises confidentiality and integrity across the entire installed base. Reported by runZero (CVE-2026-50091 / EUVD-2026-36481); publicly available exploit code exists (GitHub PoC 'theres-no-place-like-home'), but it is not on CISA KEV and EPSS is very low at 0.03%.

Google Information Disclosure Com Lumiunited Aqarahome
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-53833 HIGH PATCH This Week

Authorization bypass in OpenClaw versions prior to 2026.4.29 allows authenticated QQBot senders to modify streaming configuration without satisfying the intended allowFrom allowlist policy, when those entries lack non-wildcard restrictions. The flaw stems from missing identity verification on the QQBot streaming command path (CWE-290) and was reported by VulnCheck; no public exploit identified at time of analysis.

Authentication Bypass Qqbot
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-53832 HIGH PATCH This Week

Identity header forgery in OpenClaw before 2026.5.18 allows local same-host callers with access to the proxy-facing Gateway port to spoof trusted-proxy identity headers and assume operator identity. The flaw stems from missing validation of headers normally set by an upstream trusted proxy, enabling privilege escalation when the Gateway port is reachable locally. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-54057 HIGH PATCH This Week

Code injection in Kitty terminal emulator versions prior to 0.47.3 allows attacker-controlled bytes - including newline characters - to be reflected back into the user's shell input via the OSC 21 (color-control) escape sequence query reply. An attacker who can cause arbitrary bytes to be written to the terminal (malicious file contents, SSH banner, log entry, web page) can inject and execute shell commands at the victim's privilege level. No public exploit identified at time of analysis, but the underlying class of terminal-escape-injection bugs is well documented and exploitation is straightforward once the unsanitized reply path is known.

Code Injection RCE Kitty Suse
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-11846 HIGH PATCH This Week

Arbitrary file deletion in IEI Integration Corp's iVEC-IEI Virtualization Edge Computer (Tank-XM811 platform) allows authenticated remote attackers to delete arbitrary system files or directories via path traversal, leading to data destruction and service disruption. The flaw was reported through Taiwan's TWCERT coordination process and carries a CVSS 4.0 base score of 7.2 (High) driven by integrity and availability impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Path Traversal Ivec Tank Xm811
NVD VulDB
CVSS 4.0
7.2
EPSS
0.3%
CVE-2025-52465 HIGH PATCH GHSA This Week

Arbitrary file write in GeoServer's Master Password Dump web page allows an authenticated administrator to write attacker-controlled content to any absolute filesystem path the GeoServer process can write to, including JSP files in a Tomcat webapps directory. Because GeoServer enforces no maximum master password length, an admin can embed malicious JSP code into the master password and dump it to an executable location, escalating to remote code execution on the host. No public exploit identified at time of analysis and the issue is not in CISA KEV.

Microsoft Atlassian RCE Denial Of Service Tomcat +1
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-53981 HIGH PATCH This Week

Account takeover in Cap-go (Capgo) versions prior to 12.128.2 allows an attacker holding a temporary authenticated session to change the account's registered email address without re-authentication (no password or MFA prompt), then trigger a password reset to attacker-controlled inbox and seize the account. The flaw, reported by VulnCheck and tracked as a missing-authentication weakness (CWE-306), has a vendor patch but no public exploit identified at time of analysis.

Authentication Bypass Cap Go
NVD GitHub VulDB
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-47366 HIGH This Week

Privilege escalation in phpBB allows an authenticated administrator with limited rights to grant themselves permissions beyond their authorized scope through the Administration Control Panel (ACP), enabling elevation to full administrative control over the forum. The flaw stems from improper verification of access permissions when permissions are modified via the ACP, and no public exploit identified at time of analysis. With CVSS 7.2 (PR:H) and no KEV listing, this is a meaningful but not panic-level risk that primarily threatens multi-admin phpBB deployments where administrative duties are intentionally segmented.

Authentication Bypass Privilege Escalation Phpbb
NVD
CVSS 3.0
7.2
EPSS
0.0%
CVE-2026-6739 HIGH This Week

Privilege escalation in Mattermost collaboration platform allows authenticated users holding delegated user-management permissions to modify built-in system role permissions via the role patch API, bypassing a required system-level permission check. Affects Mattermost 10.11.x through 10.11.16, 11.5.x through 11.5.4, and 11.6.x through 11.6.1. No public exploit identified at time of analysis; EPSS is very low (0.03%) and the SSVC framework reports no observed exploitation.

Authentication Bypass Mattermost
NVD VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-54097 HIGH PATCH GHSA This Week

Cross-user share-link deletion in File Browser (filebrowser/filebrowser v2 ≤ 2.63.5) lets a low-privileged authenticated user with create+delete permissions in their own isolated scope irrevocably wipe share-link records owned by any other account, including the administrator. Deleting a file whose logical path is a byte-prefix of another user's stored share.Link.Path triggers an unbounded prefix match that bypasses the per-user ownership check enforced everywhere else. There is no public exploit identified at time of analysis, and EPSS exploitation probability is negligible (0.02%, 5th percentile), but a vendor patch (v2.63.6) is available.

Authentication Bypass
NVD GitHub
CVSS 4.0
7.2
EPSS
0.0%
CVE-2026-47197 HIGH PATCH This Week

Discord role hierarchy bypass in Quest Bot (open-source Discord moderation bot) prior to version 1.1.6 allows moderators to perform privileged actions against users ranked above them in the server role hierarchy. Any moderator holding the relevant Discord permission bit can ban, kick, timeout, untimeout, warn, or rename higher-ranked members so long as the bot itself outranks the target. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Questbot
NVD GitHub VulDB
CVSS 4.0
7.2
EPSS
0.0%
CVE-2026-53982 HIGH PATCH This Week

Denial of service in Capgo Console versions prior to 12.28.2 allows an authenticated attacker to lock legitimate users out of authentication and onboarding flows by triggering account deletion while a device identifier is bound to the active session. The platform incorrectly persists the deletion state against the device identifier rather than the account, causing the affected browser or device to be redirected to an account-disabled page for roughly 30 days. No public exploit identified at time of analysis, but a vendor patch and GHSA advisory (GHSA-qmrm-qgwr-55jf) have been published following disclosure by VulnCheck.

Authentication Bypass Console Capgo App
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-54359 HIGH PATCH This Week

Cross-site request forgery in MISP (Malware Information Sharing Platform) stems from the Security.check_sec_fetch_site_header control shipping disabled by default, leaving state-changing automation endpoints unprotected against browser-issued cross-origin requests. A remote attacker hosting a malicious page can coerce an authenticated MISP user's browser into submitting forged POST/PUT/AJAX requests that execute with the victim's privileges, enabling unauthorized data or configuration changes. No public exploit identified at time of analysis, and the issue is not in CISA KEV.

CSRF
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-53825 HIGH PATCH This Week

Arbitrary local file read in OpenClaw before 2026.4.7 lets authenticated Gateway operators holding the operator.write scope coerce the memory-wiki ingest feature into importing the contents of arbitrary local files. The flaw, reported by VulnCheck and tracked as GHSA-p2fh-f5fc-44hr, enables disclosure of sensitive host files (credentials, config, secrets) into wiki memory, but no public exploit identified at time of analysis and it is not listed in CISA KEV.

Path Traversal Openclaw
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-54056 HIGH PATCH This Week

Arbitrary file write in Kitty terminal versions 0.47.0 and 0.47.1 allows a remote drag-and-drop source to overwrite files writable by the local kitty user via a TOCTOU symlink race in kitten dnd staging. The flaw stems from openat() calls lacking O_NOFOLLOW when handling duplicate remote basenames on case-sensitive filesystems, letting an attacker-staged symlink redirect writes outside the staging directory. No public exploit identified at time of analysis, and EPSS is very low (0.03%), though user interaction via drag-and-drop is the gating factor.

RCE Kitty Suse
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-3840 HIGH This Week

Path traversal in Kedro 1.2.0 allows authenticated local users to read or overwrite files outside of versioned dataset directories by supplying a crafted version string. The flaw resides in `_get_versioned_path()` (kedro/io/core.py) and is also reachable via the `--load-versions` CLI parameter, with downstream risk of data poisoning and cross-tenant data exposure in orchestrated pipelines. No public exploit identified at time of analysis, and the issue is not on CISA KEV.

Path Traversal Kedro Org Kedro
NVD VulDB
CVSS 3.0
7.1
EPSS
0.0%
CVE-2026-47195 HIGH PATCH This Week

Authorization bypass in Quest Bot Discord bot prior to version 1.1.6 lets low-privilege guild members invoke the purge and slowmode commands in channels where their channel-level permissions explicitly deny moderation. The bot only validates guild-wide permissions on the invoking member and ignores Discord's per-channel permission overrides, so a user excluded from moderating a specific channel can still delete messages and alter slowmode there. No public exploit identified at time of analysis, and the issue is patched in v1.1.6.

Authentication Bypass Questbot
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-9266 HIGH This Week

Disk encryption bypass in Moxa UC-1200A series industrial computers allows an attacker with invasive physical access to recover the LUKS disk encryption key by sniffing the SPI bus between the CPU and TPM2 chip. The flaw is an incomplete fix for CVE-2026-0714 - Moxa added TPM2 parameter encryption but misconfigured the authorization session so the encryption provides no real protection. No public exploit identified at time of analysis, and the CVSS 4.0 vector (AV:P) reflects that exploitation is bounded to attackers who can physically open the device.

Information Disclosure Uc 1200A Series
NVD VulDB
CVSS 4.0
7.0
EPSS
0.0%
CVE-2026-48113 HIGH PATCH GHSA This Week

Authorization bypass in jpillora/chisel through version 1.11.4 allows any authenticated client to tunnel TCP traffic to arbitrary host:port destinations reachable from the chisel server, completely defeating the --authfile ACL. The server enforces remote-address restrictions only during the initial config handshake but never re-validates the destination encoded in SSH channel ExtraData, so a client that authenticates with a permitted remote can immediately open channels to any address. Publicly available exploit code exists (full PoC published in the GHSA advisory), though EPSS is low at 0.02% and the issue is not in CISA KEV.

Authentication Bypass
NVD GitHub
EPSS
0.0%
CVE-2026-28980 HIGH GHSA This Week

Denial of service in Apple's SwiftNIO NIOHTTP1 module (versions <= 2.99.0) allows unauthenticated remote attackers to exhaust server memory or crash processes by submitting HTTP/1 requests containing an unbounded number of small, valid header fields. The HTTPDecoder previously enforced only an 80 KB per-field limit with no cap on cumulative header block size or field count, letting hundreds of thousands of headers accumulate before application code runs. No public exploit identified at time of analysis, but the attack is trivial and impacts any HTTP/1 server or client built on NIOHTTP1, including downstream frameworks like Hummingbird 2 (crashes) and Vapor 4 (memory inflation).

Microsoft Denial Of Service
NVD GitHub
EPSS
0.0%
CVE-2026-43671 HIGH GHSA This Week

Out-of-bounds write in Apple's SwiftNIO ByteBuffer affects all releases from 1.0.0 through 2.99.0 and is fixed in 2.100.0. The flaw stems from UInt32 truncation in internal index/capacity converters, so when an attacker can influence an index, offset, or length passed to specific ByteBuffer write methods with a value above UInt32.max (~4 GiB), safety preconditions silently pass and subsequent writes can corrupt heap memory outside the buffer. No public exploit identified at time of analysis, and the high data-size threshold makes practical exploitation narrow but severe where applicable.

Memory Corruption Buffer Overflow
NVD GitHub
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy