Skip to main content
CVE-2025-69162 HIGH This Week

Unauthenticated local file inclusion in the ThemeRex Grecko WordPress theme versions 5.17 and earlier allows remote attackers to coerce the application into including arbitrary files from the server filesystem, potentially leading to sensitive file disclosure and PHP code execution where attacker-controlled content can be reached. The flaw is reachable without authentication over HTTP and was disclosed via Patchstack with no public exploit identified at time of analysis. CVSS is rated 8.1 with high attack complexity, indicating exploitation is feasible but not trivially automatable.

PHP Information Disclosure LFI Grecko
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-69160 HIGH This Week

Unauthenticated local file inclusion in the ThemeRex Gita WordPress theme versions 1.11 and earlier allows remote attackers to include arbitrary local files via a PHP file-inclusion weakness (CWE-98), potentially exposing wp-config.php credentials and enabling further compromise. No public exploit identified at time of analysis, but the vulnerability is network-reachable without authentication and has been disclosed by Patchstack with a CVSS 3.1 base score of 8.1.

PHP Information Disclosure LFI Gita
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-69159 HIGH This Week

Unauthenticated local file inclusion in the Printo WordPress theme (versions ≤ 1.11 by ThemeRex) allows remote attackers to include arbitrary local files via a PHP file-inclusion sink (CWE-98), enabling disclosure of sensitive server-side files and potential remote code execution if attacker-controlled content can be reached on disk. No public exploit identified at time of analysis, though Patchstack has cataloged the issue and the CVSS 3.1 base score of 8.1 reflects high impact across confidentiality, integrity, and availability.

PHP Information Disclosure LFI Printo
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-69150 HIGH This Week

Unauthenticated local file inclusion in the Medeus WordPress theme versions 1.14 and earlier allows remote attackers to coerce the PHP backend into including arbitrary files, exposing sensitive configuration data such as wp-config.php and potentially enabling code execution if log poisoning or uploaded content can be referenced. The vulnerability is classified under CWE-98 (Improper Control of Filename for Include/Require), affects a ThemeREX product tracked by Patchstack as a WordPress theme issue, and no public exploit identified at time of analysis. Despite the CVSS 8.1 high rating, AC:H signals non-trivial exploitation requirements beyond a simple parameter swap.

PHP Information Disclosure LFI Medeus
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-69149 HIGH This Week

Unauthenticated local file inclusion in the ThemeRex Top Dog WordPress theme (versions <=1.0.5) allows remote attackers to coerce the application into including arbitrary local PHP files, potentially leading to sensitive data disclosure or code execution if a writable/loggable file can be referenced. The flaw is reachable without authentication or user interaction over the network, though CVSS marks attack complexity as high; no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

PHP Information Disclosure LFI Top Dog
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-69147 HIGH This Week

Unauthenticated local file inclusion in the ThemeREX Putter WordPress theme versions 1.17 and earlier allows remote attackers to read arbitrary files from the underlying web server and, in PHP environments where include wrappers are abused, potentially achieve code execution. The flaw is reachable without authentication or user interaction, though CVSS reports high attack complexity. No public exploit identified at time of analysis, but Patchstack has published the advisory.

PHP Information Disclosure LFI Putter
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-69146 HIGH This Week

Unauthenticated local file inclusion in the ThemeREX 'Dom' WordPress theme through version 1.24 allows remote attackers to coerce the PHP application into including arbitrary local files, leading to sensitive information disclosure and potential code execution. No public exploit identified at time of analysis, but the CVSS 8.1 rating reflects high impact across confidentiality, integrity, and availability if a vulnerable include path is reached. The flaw is tracked by Patchstack and ENISA (EUVD-2025-210210) and affects all Dom theme versions up to and including 1.24.

PHP Information Disclosure LFI Dom
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-69143 HIGH This Week

Unauthenticated Local File Inclusion affects the ThemeREX Mission WordPress theme in all versions up to and including 1.22, enabling remote attackers to coerce the PHP application into including arbitrary local files. Exploitation can lead to sensitive file disclosure, source-code exposure, and - depending on what files are accessible on the server - remote code execution via log poisoning or PHP wrapper abuse. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

PHP Information Disclosure LFI Mission
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-69142 HIGH This Week

Unauthenticated local file inclusion in the Abelle WordPress theme versions 1.22 and earlier allows remote attackers to coerce the PHP runtime into including attacker-controlled file paths, leading to disclosure of sensitive server files and potential remote code execution if log poisoning or uploaded files can be reached. The flaw is reachable without credentials, but CVSS notes high attack complexity, and no public exploit identified at time of analysis. No EPSS or KEV signal is provided in the source data.

PHP Information Disclosure LFI Abelle
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-69141 HIGH This Week

Unauthenticated Local File Inclusion in the Kelly Young WordPress theme (versions ≤1.1.0) allows remote attackers to read arbitrary local files and potentially achieve code execution by including attacker-controlled file paths via a vulnerable PHP include sink. The flaw is reachable without authentication over the network, and no public exploit identified at time of analysis. Risk is elevated by the high CVSS impact triad (C:H/I:H/A:H), though AC:H indicates non-trivial exploitation prerequisites.

PHP Information Disclosure LFI Kelly Young
NVD VulDB
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-69136 HIGH This Week

Local File Inclusion in the Wanium WordPress theme (versions up to and including 1.9.8) allows remote unauthenticated attackers to coerce the application into including arbitrary local PHP files, leading to source disclosure and potential remote code execution on the server. The flaw was disclosed via Patchstack and tracked as EUVD-2025-210204; no public exploit identified at time of analysis, and the CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:N) indicates network-reachable exploitation that nevertheless requires some non-trivial conditions to succeed.

PHP Information Disclosure LFI Wanium
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-69125 HIGH This Week

Unauthenticated local file inclusion in the Food Drop WordPress theme versions 1.3 and earlier allows remote attackers to read arbitrary server files or potentially achieve PHP code execution by abusing an improperly controlled include/require path (CWE-98). The flaw was disclosed by Patchstack and tracked as EUVD-2025-210202; no public exploit code or active exploitation has been identified at time of analysis, but the network-reachable, no-auth attack surface makes it a meaningful risk for any site running this theme.

PHP Information Disclosure LFI Food Drop
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-69124 HIGH This Week

Unauthenticated Local File Inclusion in the ThemeRex Especio WordPress theme (versions ≤ 1.0) allows remote attackers to coerce the PHP application into including arbitrary files from the underlying server. Because the include path is attacker-controlled and no authentication is required, the flaw can lead to disclosure of sensitive files (wp-config.php, system files) and, depending on local file primitives available on the server, escalation to code execution. No public exploit identified at time of analysis and the vulnerability is not currently listed in CISA KEV.

PHP Information Disclosure LFI Especio
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-69121 HIGH This Week

Unauthenticated local file inclusion in the ThemeRex Deliciosa WordPress theme (versions up to and including 1.10.0) allows remote attackers to coerce the PHP application into including arbitrary local files, potentially leading to sensitive file disclosure and code execution. The flaw is reachable without authentication but carries high attack complexity per the CVSS vector, and no public exploit identified at time of analysis. Patchstack disclosed the issue and tracks it as EUVD-2025-210199.

PHP Information Disclosure LFI Deliciosa
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-69119 HIGH This Week

Unauthenticated local file inclusion in the Corbesier WordPress theme (versions ≤ 1.15.0) allows remote attackers to read arbitrary server files or potentially execute code by abusing improper validation of file paths passed to PHP include/require functions. The flaw is reachable without credentials and carries a CVSS 3.1 score of 8.1; no public exploit identified at time of analysis, and it is not listed in CISA KEV. The combination of network reachability and unauthenticated access makes any vulnerable WordPress site running this theme an immediate concern despite the high attack complexity rating.

PHP Information Disclosure LFI Corbesier
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-69118 HIGH This Week

Unauthenticated local file inclusion in the CopyPress WordPress theme (ThemeREX) through version 1.4.5 lets remote attackers coerce the PHP include/require chain into loading arbitrary server-side files without credentials. Patchstack catalogued the flaw as CWE-98 with CVSS 8.1, and no public exploit identified at time of analysis. Successful exploitation can expose sensitive files such as wp-config.php and, depending on the include sink, escalate to PHP code execution.

PHP Information Disclosure LFI Copypress
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-69116 HIGH This Week

Unauthenticated Local File Inclusion in the Iona WordPress theme versions 1.0.8 and earlier allows remote attackers to coerce the PHP application into including arbitrary local files, enabling source code disclosure and potentially full remote code execution. Reported by Patchstack and tracked as EUVD-2025-210196, the flaw is rated CVSS 8.1 (High) despite high attack complexity, with no public exploit identified at time of analysis.

PHP Information Disclosure LFI Iona
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-69114 HIGH This Week

Unauthenticated local file inclusion in the ThemeREX MaxiNet WordPress theme through version 1.2.10 allows remote attackers to coerce the PHP application into including arbitrary local files, exposing sensitive configuration data such as wp-config.php and potentially enabling code execution if log poisoning or uploaded content can be reached. The flaw was disclosed via Patchstack and tracked as EUVD-2025-210195; no public exploit identified at time of analysis, and no CISA KEV listing exists.

PHP Information Disclosure LFI Maxinet
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-69113 HIGH This Week

Unauthenticated local file inclusion in the ThemeREX Nexio WordPress theme (versions ≤ 1.10.0) allows remote attackers to coerce the PHP application into including arbitrary local files, enabling disclosure of sensitive server content and potentially remote code execution if attacker-controlled content can be staged on the host. The CWE-98 classification and PHP tag indicate a classic dynamic include/require sink reachable without authentication. At time of analysis there is no public exploit identified and no CISA KEV listing, but the unauthenticated network vector and high CVSS (8.1) warrant prompt action on any WordPress site running this theme.

PHP Information Disclosure LFI Nexio
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-69112 HIGH This Week

Unauthenticated local file inclusion in the Planty WordPress theme versions 1.14.0 and earlier allows remote attackers to coerce the PHP application into including arbitrary files from the server filesystem, leading to disclosure of sensitive configuration data and potential code execution. The flaw is reachable without credentials over the network but rated AC:H, indicating exploitation requires meeting specific conditions; no public exploit identified at time of analysis and the issue is tracked by Patchstack and ENISA EUVD-2025-210193.

PHP Information Disclosure LFI Planty
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-69109 HIGH This Week

Local File Inclusion in the ThemeREX Raider Spirit WordPress theme versions 1.1.2 and earlier allows unauthenticated remote attackers to include and disclose arbitrary local files via attacker-controlled file paths reaching a PHP include/require sink. The flaw maps to CWE-98 (Improper Control of Filename for Include/Require) and was disclosed through Patchstack with no public exploit identified at time of analysis, though the CVSS 8.1 rating reflects high confidentiality, integrity, and availability impact if the inclusion can be steered to executable PHP content.

PHP Information Disclosure LFI Raider Spirit
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-69107 HIGH This Week

Unauthenticated remote local file inclusion in the Rosaleen WordPress theme versions 2.8 and earlier allows attackers to coerce the PHP application into including arbitrary files via a CWE-98 remote file inclusion/path traversal flaw. The issue was reported by Patchstack and affects the ThemeREX-developed Rosaleen theme; no public exploit identified at time of analysis, though the unauthenticated network vector makes opportunistic targeting plausible.

PHP Information Disclosure LFI Rosaleen
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-69105 HIGH This Week

Unauthenticated Local File Inclusion in the ThemeREX Modernee WordPress theme (versions through 1.6.0) allows remote attackers to coerce the server into including arbitrary local PHP files, enabling information disclosure and potential code execution via log poisoning or session file abuse. Reported by Patchstack and tracked as EUVD-2025-210189, no public exploit identified at time of analysis and the vulnerability is not in CISA KEV. The CVSS 8.1 score reflects high impact across confidentiality, integrity, and availability but with high attack complexity.

PHP Information Disclosure LFI Modernee
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-60085 HIGH This Week

Unauthenticated Local File Inclusion in the Learnify WordPress theme (versions up to and including 1.15.0) allows remote attackers to read arbitrary files from the underlying server without credentials. Patchstack catalogued the issue as a PHP file inclusion flaw (CWE-98) and no public exploit was identified at time of analysis, though the WordPress theme ecosystem makes targeted scanning likely. The CVSS 3.1 score of 8.1 reflects high impact across confidentiality, integrity, and availability, tempered by high attack complexity.

PHP Information Disclosure LFI Learnify
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-58924 HIGH This Week

Unauthenticated local file inclusion in the ThemeRex Geya WordPress theme (versions up to and including 1.15) allows remote attackers to read or include arbitrary files on the server, leading to information disclosure and potential code execution via PHP file inclusion. Reported by Patchstack with no public exploit identified at time of analysis and no CISA KEV listing, though the high CVSS (8.1) reflects severe confidentiality, integrity and availability impact if the vulnerable path is reached.

PHP Information Disclosure LFI Geya
NVD VulDB
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-46894 HIGH This Week

Account takeover in Oracle iSupplier Portal (E-Business Suite versions 12.2.3-12.2.15) allows a low-privileged remote attacker to fully compromise the application by tricking a separate user into interacting with attacker-supplied content over HTTPS. The Home Page component is the entry point, and successful exploitation yields full confidentiality, integrity, and availability impact on the portal. No public exploit identified at time of analysis, but Oracle's critical patch advisory confirms the issue is real and patchable.

Oracle Oracle Isupplier Portal Open Redirect
NVD VulDB
CVSS 3.1
8.0
EPSS
0.4%
CVE-2026-46796 HIGH This Week

Account takeover in Oracle WebCenter Sites 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged authenticated attacker with HTTP network access to fully compromise the product when a victim user is tricked into interacting with attacker-supplied content. Oracle rates the flaw 8.0 (high) with confidentiality, integrity, and availability all marked High. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Information Disclosure Oracle Oracle Webcenter Sites
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2026-46787 HIGH This Week

Cross-component compromise of Oracle WebCenter Content 14.1.2.0.0 (Content Server) allows a remote unauthenticated attacker who can lure a privileged user into interacting with attacker-controlled content to read or modify all WebCenter Content data and pivot into additional Oracle Fusion Middleware products via a scope change. The CVSS 3.1 base score of 8.0 reflects high confidentiality and integrity impact tempered by high attack complexity and required user interaction, and no public exploit identified at time of analysis.

Authentication Bypass Oracle Oracle Webcenter Content CSRF
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-39598 HIGH PATCH This Week

Arbitrary file upload in Kodezen Academy LMS Pro (WordPress plugin) versions prior to 3.5.2 allows authenticated attackers with high privileges to upload web shells to the underlying web server, leading to full site compromise. The flaw was reported by Patchstack and a vendor patch is available, but no public exploit has been identified at time of analysis and the issue is not listed in CISA KEV.

File Upload Academy Lms Pro
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-46848 HIGH This Week

Privilege escalation and data tampering in Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 (Console component) allows a low-privileged local user to compromise confidentiality and integrity of all WebLogic-accessible data when a separate user is tricked into interacting with attacker-supplied content. The scope-changed nature means impact extends beyond WebLogic to additional products in the environment. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Authentication Bypass Oracle Weblogic Server
NVD VulDB
CVSS 3.1
7.9
EPSS
0.2%
CVE-2026-53622 HIGH PATCH GHSA This Week

mTLS bypass in Traefik v3.6.17 through v3.7.2 allows unauthenticated remote clients to reach backends protected by router-specific client-certificate policies by negotiating over HTTP/3 (QUIC). The QUIC TLS configuration selector performs only an exact, case-sensitive SNI map lookup, so wildcard host rules (e.g. `*.example.com`) and mixed-case SNI values fall back to the default TLS configuration, which typically does not require a client certificate, while the HTTP routing layer still dispatches the request to the protected backend. Publicly available exploit code exists in the GitHub Security Advisory GHSA-9cr8-q42q-g8m7, but there is no public exploit identified at time of analysis indicating active in-the-wild abuse.

OpenSSL Information Disclosure Docker
NVD GitHub VulDB
CVSS 4.0
7.8
EPSS
0.2%
CVE-2026-48491 HIGH PATCH GHSA This Week

Mutual-TLS bypass in Traefik v3.7.0 and v3.7.1 lets unauthenticated remote attackers reach backends protected by wildcard-router `TLSOptions` (for example `Host("*.example.com")` with `RequireAndVerifyClientCert`). The `SNICheck` domain-fronting middleware resolves TLS options for the HTTP `Host` header via exact map lookups only, so an attacker completing the TLS handshake under a permissive SNI on the same entrypoint can then send a `Host` header for the wildcard-protected backend and skip the client-certificate requirement. Publicly available exploit code exists in the GitHub Security Advisory PoC; this is independent of the prior HTTP/3 mTLS issue.

Kubernetes OpenSSL Information Disclosure Docker
NVD GitHub VulDB
CVSS 4.0
7.8
EPSS
0.2%
CVE-2026-47964 HIGH This Week

Heap-based buffer overflow in Adobe DNG SDK versions 1.7.1 (build 2536) and earlier enables arbitrary code execution in the context of the current user when a victim opens a maliciously crafted DNG file. The flaw affects any application or workflow that links the DNG SDK for parsing Digital Negative raw image files, and no public exploit identified at time of analysis. With a CVSS 7.8 (AV:L/UI:R) and user-interaction requirement, exploitation is realistic via social-engineered file delivery rather than remote network attack.

RCE Heap Overflow Buffer Overflow Dng Sdk
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-47749 HIGH This Week

Heap buffer overflow in stable-diffusion.cpp versions prior to master-584-0a7ae07 allows attackers to corrupt memory and potentially achieve code execution when a victim loads a malicious PyTorch .ckpt checkpoint file. The flaw resides in the SHORT_BINUNICODE opcode handler of the pickle parser in src/model.cpp, where a signed length field is mishandled and passed to memcpy. No public exploit identified at time of analysis, but the upstream fix is committed and the attack surface (untrusted model files from sharing sites) is realistic for AI/ML workloads.

Checkpoint RCE Memory Corruption Buffer Overflow Stable Diffusion Cpp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-46888 HIGH This Week

Local privilege escalation in Oracle Siebel CRM Deployment (Database Upgrade component) versions 17.0 through 26.5 allows a low-privileged user with logon access to the host running the deployment to fully compromise the Siebel CRM Deployment instance. The flaw carries a CVSS 3.1 base score of 7.8 with high impact across confidentiality, integrity, and availability, and was disclosed in the Oracle Critical Patch Update advisory (cspujun2026). No public exploit identified at time of analysis and no EPSS or KEV signal was provided.

Oracle Siebel Crm Deployment Authentication Bypass
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-47747 HIGH This Week

Heap-based buffer overflow in stable-diffusion.cpp's pickle .ckpt parser allows attackers to corrupt memory and likely achieve code execution when a victim loads a maliciously crafted checkpoint file. The flaw stems from sign confusion in the BINUNICODE opcode length field, causing memcpy to be called with an attacker-controlled, effectively gigantic size derived from a negative signed integer. No public exploit identified at time of analysis, and the issue is fixed in master-584-0a7ae07.

Checkpoint Heap Overflow Buffer Overflow Stable Diffusion Cpp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-47750 HIGH This Week

Heap buffer overflow in the leejet stable-diffusion.cpp pickle .ckpt parser allows arbitrary code execution when a user or host application loads a maliciously crafted checkpoint file. The flaw resides in the GLOBAL opcode handler within src/model.cpp, where missing newline validation lets a -1 length value drive a heap memory copy, corrupting the heap of the diffusion inference process. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the attack surface (community model-sharing sites) makes weaponization plausible.

Checkpoint Memory Corruption Buffer Overflow Stable Diffusion Cpp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-0153 HIGH This Week

In Write of msg_to_host_buffer.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Buffer Overflow
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-0152 HIGH This Week

In OSMMapPMRGeneric of pmr_os.c, there is a possible way to leverage a system call to system call to maliciously expand the VMA out of bounds due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24228 HIGH This Week

Local code execution in NVIDIA NeMo Framework on Linux allows an authenticated low-privileged attacker to abuse unsafe deserialization of untrusted data (CWE-502) to run arbitrary code, escalate privileges, tamper with data, or disclose information. The CVSS 7.8 (AV:L/PR:L) profile and the typical ML-training use case mean exploitation requires existing access to the host running NeMo. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Nvidia Deserialization Information Disclosure RCE Nemo Framework
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-24155 HIGH This Week

Code injection in NVIDIA NeMo Framework across all supported platforms allows a local attacker with low privileges to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. The flaw carries a CVSS 3.1 score of 7.8 with high impact across confidentiality, integrity, and availability, though no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Nvidia Code Injection Information Disclosure RCE Nemo Framework
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-54322 HIGH PATCH GHSA This Week

Cross-tenant privilege escalation in Daytona (versions ≤0.184.0) allows any authenticated user who owns an organization to modify or delete roles belonging to other organizations on the same instance, including the managed Daytona platform. The role update and delete endpoints only validated owner-level access to the path-named organization while resolving the target role by its global identifier, enabling tenant-boundary bypass. No public exploit identified at time of analysis, and exploitation requires knowing the victim role's non-enumerable identifier.

Authentication Bypass Information Disclosure
NVD GitHub
CVSS 3.1
7.7
EPSS
0.2%
CVE-2026-12398 HIGH GHSA This Week

Remote code execution in galaxy_ng's legacy role import API (v1) allows an authenticated user controlling a git repository to execute arbitrary commands on the pulp worker by crafting a branch or tag name containing shell metacharacters. The flaw stems from unsanitized git ref interpolation into a subprocess.run() call with shell=True inside do_git_checkout(), and only affects deployments where GALAXY_ENABLE_LEGACY_ROLES is explicitly enabled (non-default). No public exploit identified at time of analysis.

Command Injection RCE Red Hat Ansible Automation Platform 2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2026-53853 HIGH POC PATCH GHSA This Week

Allowlist bypass in OpenClaw before 2026.5.12 lets authenticated attackers invoke approved executables with arbitrary arguments on Linux and macOS, defeating the argPattern restrictions intended to constrain each binary's permitted invocations. The flaw enables disallowed file access, network access, or command execution under the privileges of the OpenClaw exec subsystem, with no public exploit identified at time of analysis.

Authentication Bypass Apple Openclaw
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.3%
CVE-2026-52712 HIGH This Week

SQL injection in the Attendance Manager WordPress plugin version 0.6.2 and earlier allows authenticated users with subscriber-level privileges to inject malicious SQL through plugin functionality, leading to disclosure of sensitive database contents. The flaw was reported by Patchstack and impacts WordPress sites that have installed the tnomi Attendance Manager plugin. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

SQLi Attendance Manager
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2026-35327 HIGH This Week

Cross-tenant data exposure in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged authenticated attacker to compromise the Content Server component via HTTPS when a victim is tricked into interacting with attacker-supplied content. The flaw produces a scope change, meaning successful exploitation can reach beyond WebCenter Content itself, yielding high confidentiality loss and limited integrity modifications. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Oracle Oracle Webcenter Content
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2026-53866 HIGH PATCH GHSA This Week

Allowlist bypass in OpenClaw versions prior to 2026.5.12 allows authenticated operators to execute unapproved shell commands by routing requests through inline-command parser cases that skip the expected allowlist enforcement. The flaw, reported by VulnCheck and tracked under GHSA-f397-5vjw-v2c2, effectively neutralizes the operator-approval boundary in OpenClaw's shell command path. No public exploit identified at time of analysis, and the CVSS 4.0 score of 7.6 reflects high confidentiality and integrity impact with a present attack requirement.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.3%
CVE-2026-53855 HIGH PATCH GHSA This Week

Allowlist bypass in OpenClaw before 2026.4.2 lets authenticated operators smuggle inline-eval content through shell positional parameters, defeating the strict allowlist that is meant to constrain which tools and content the shell carrier executes. Successful abuse yields execution of unapproved shell-provided content with high confidentiality and integrity impact, and no public exploit has been identified at time of analysis.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.3%
CVE-2026-53864 HIGH PATCH GHSA This Week

Environment variable sanitization weakness in OpenClaw prior to 2026.5.26 lets attackers smuggle Node.js control variables (such as NODE_OPTIONS) past the host environment sanitizer, enabling them to influence child-process behavior and coverage output paths. Affected attackers must have write access to workspace .env files, tool environment overrides, or skill environment blocks, and no public exploit is identified at time of analysis. The flaw was reported by VulnCheck and is tracked under CWE-184 (Incomplete List of Disallowed Inputs).

Authentication Bypass Node.js Openclaw
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.3%
CVE-2026-9261 HIGH This Week

Weak SSH cryptographic algorithms in Canon EOS Network Setting Tool version 1.5.0 and earlier allow network-adjacent attackers to undermine the confidentiality and integrity of SSH sessions used by the tool, per Canon PSIRT advisory CP2026-005. The CVSS 4.0 vector (AV:N/AC:H/UI:P/VC:H/VI:H) reflects high attack complexity and required user interaction, and there is no public exploit identified at time of analysis.

Information Disclosure Eos Network Setting Tool
NVD
CVSS 4.0
7.6
EPSS
0.2%
Prev Page 4 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy