Skip to main content
CVE-2026-0152 HIGH This Week

In OSMMapPMRGeneric of pmr_os.c, there is a possible way to leverage a system call to system call to maliciously expand the VMA out of bounds due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24228 HIGH This Week

Local code execution in NVIDIA NeMo Framework on Linux allows an authenticated low-privileged attacker to abuse unsafe deserialization of untrusted data (CWE-502) to run arbitrary code, escalate privileges, tamper with data, or disclose information. The CVSS 7.8 (AV:L/PR:L) profile and the typical ML-training use case mean exploitation requires existing access to the host running NeMo. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Nvidia Deserialization Information Disclosure RCE Nemo Framework
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-24155 HIGH This Week

Code injection in NVIDIA NeMo Framework across all supported platforms allows a local attacker with low privileges to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. The flaw carries a CVSS 3.1 score of 7.8 with high impact across confidentiality, integrity, and availability, though no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Nvidia Code Injection Information Disclosure RCE Nemo Framework
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-54322 HIGH PATCH GHSA This Week

Cross-tenant privilege escalation in Daytona (versions ≤0.184.0) allows any authenticated user who owns an organization to modify or delete roles belonging to other organizations on the same instance, including the managed Daytona platform. The role update and delete endpoints only validated owner-level access to the path-named organization while resolving the target role by its global identifier, enabling tenant-boundary bypass. No public exploit identified at time of analysis, and exploitation requires knowing the victim role's non-enumerable identifier.

Authentication Bypass Information Disclosure
NVD GitHub
CVSS 3.1
7.7
EPSS
0.2%
CVE-2026-12398 HIGH GHSA This Week

Remote code execution in galaxy_ng's legacy role import API (v1) allows an authenticated user controlling a git repository to execute arbitrary commands on the pulp worker by crafting a branch or tag name containing shell metacharacters. The flaw stems from unsanitized git ref interpolation into a subprocess.run() call with shell=True inside do_git_checkout(), and only affects deployments where GALAXY_ENABLE_LEGACY_ROLES is explicitly enabled (non-default). No public exploit identified at time of analysis.

Command Injection RCE Red Hat Ansible Automation Platform 2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2026-53853 HIGH POC PATCH GHSA This Week

Allowlist bypass in OpenClaw before 2026.5.12 lets authenticated attackers invoke approved executables with arbitrary arguments on Linux and macOS, defeating the argPattern restrictions intended to constrain each binary's permitted invocations. The flaw enables disallowed file access, network access, or command execution under the privileges of the OpenClaw exec subsystem, with no public exploit identified at time of analysis.

Authentication Bypass Apple Openclaw
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.3%
CVE-2026-52712 HIGH This Week

SQL injection in the Attendance Manager WordPress plugin version 0.6.2 and earlier allows authenticated users with subscriber-level privileges to inject malicious SQL through plugin functionality, leading to disclosure of sensitive database contents. The flaw was reported by Patchstack and impacts WordPress sites that have installed the tnomi Attendance Manager plugin. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

SQLi Attendance Manager
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2026-35327 HIGH This Week

Cross-tenant data exposure in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged authenticated attacker to compromise the Content Server component via HTTPS when a victim is tricked into interacting with attacker-supplied content. The flaw produces a scope change, meaning successful exploitation can reach beyond WebCenter Content itself, yielding high confidentiality loss and limited integrity modifications. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Oracle Oracle Webcenter Content
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2026-53866 HIGH PATCH GHSA This Week

Allowlist bypass in OpenClaw versions prior to 2026.5.12 allows authenticated operators to execute unapproved shell commands by routing requests through inline-command parser cases that skip the expected allowlist enforcement. The flaw, reported by VulnCheck and tracked under GHSA-f397-5vjw-v2c2, effectively neutralizes the operator-approval boundary in OpenClaw's shell command path. No public exploit identified at time of analysis, and the CVSS 4.0 score of 7.6 reflects high confidentiality and integrity impact with a present attack requirement.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.3%
CVE-2026-53855 HIGH PATCH GHSA This Week

Allowlist bypass in OpenClaw before 2026.4.2 lets authenticated operators smuggle inline-eval content through shell positional parameters, defeating the strict allowlist that is meant to constrain which tools and content the shell carrier executes. Successful abuse yields execution of unapproved shell-provided content with high confidentiality and integrity impact, and no public exploit has been identified at time of analysis.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.3%
CVE-2026-53864 HIGH PATCH GHSA This Week

Environment variable sanitization weakness in OpenClaw prior to 2026.5.26 lets attackers smuggle Node.js control variables (such as NODE_OPTIONS) past the host environment sanitizer, enabling them to influence child-process behavior and coverage output paths. Affected attackers must have write access to workspace .env files, tool environment overrides, or skill environment blocks, and no public exploit is identified at time of analysis. The flaw was reported by VulnCheck and is tracked under CWE-184 (Incomplete List of Disallowed Inputs).

Authentication Bypass Node.js Openclaw
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.3%
CVE-2026-9261 HIGH This Week

Weak SSH cryptographic algorithms in Canon EOS Network Setting Tool version 1.5.0 and earlier allow network-adjacent attackers to undermine the confidentiality and integrity of SSH sessions used by the tool, per Canon PSIRT advisory CP2026-005. The CVSS 4.0 vector (AV:N/AC:H/UI:P/VC:H/VI:H) reflects high attack complexity and required user interaction, and there is no public exploit identified at time of analysis.

Information Disclosure Eos Network Setting Tool
NVD
CVSS 4.0
7.6
EPSS
0.2%
CVE-2026-48929 HIGH This Week

Unauthenticated file deletion in Rocket.Chat allows remote attackers to permanently delete arbitrary uploaded files from a target server via the deleteFileMessage Meteor method over a DDP WebSocket connection. The flaw stems from an authorization check that is silently skipped when Meteor.userId() returns null on unauthenticated DDP sessions, letting any internet-accessible attacker destroy attachments whose IDs are discoverable from public channel messages and download URLs. No public exploit identified at time of analysis, though a vendor patch and HackerOne disclosure (report 3611837) confirm the issue.

Authentication Bypass Rocket Chat
NVD GitHub
CVSS 3.0
7.5
EPSS
0.6%
CVE-2026-8176 HIGH This Week

Privilege escalation in the LatePoint Calendar Booking plugin for WordPress (versions up to and including 5.5.1) allows an authenticated user with Agent-level access or higher to chain three independent flaws and overwrite a WordPress Administrator's password without invoking any Administrator-only API. Wordfence-reported flaw with no public exploit identified at time of analysis, though source code locations of all three vulnerable code paths are referenced in the disclosure.

Privilege Escalation WordPress Latepoint Calendar Booking Plugin For Appointments And Events
NVD VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2026-46863 HIGH PATCH This Week

Remote unauthenticated denial-of-service in Oracle MySQL Server and MySQL Cluster (8.0.x, 8.4.x, and 9.0.0-9.7.0) allows network attackers to trigger a hang or repeatable crash of the database via the Server Connection Handling component. Oracle rates the issue as easily exploitable over multiple protocols with no authentication or user interaction, producing a complete availability loss (CVSS 7.5, A:H only). No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Oracle Mysql Server Mysql Cluster
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-46862 HIGH PATCH This Week

Denial of service in Oracle MySQL Router 8.4.0-8.4.9 and 9.0.0-9.7.0 allows unauthenticated remote attackers to hang or repeatedly crash the routing service over TLS-enabled network connections, producing a complete DOS of the affected component. CVSS 3.1 scores this 7.5 with availability-only impact, and no public exploit identified at time of analysis. Because MySQL Router brokers application traffic to InnoDB Cluster/ReplicaSet backends, an outage cascades into downstream application unavailability even when the database servers themselves remain healthy.

Denial Of Service Oracle Mysql Router
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-48294 HIGH This Week

Universal cross-site scripting (UXSS) in Adobe Acrobat PDF Extension for Chrome (versions 26.5.2.2 and earlier) allows remote attackers to disclose cross-origin session data when a victim visits a malicious URL or interacts with a compromised page. The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N indicates high confidentiality impact across security boundaries, and no public exploit identified at time of analysis. The flaw is browser-extension scoped, so impact is limited to users who have installed this Chrome extension.

Google XSS Adobe Adobe Acrobat Pdf Extension Chrome
NVD VulDB
CVSS 3.1
7.4
EPSS
1.0%
CVE-2026-54293 HIGH PATCH GHSA This Week

Arbitrary local file read in the Natural Language Toolkit (NLTK) Python library affects versions up to and including 3.9.4 via a decode-after-check flaw in nltk.data.load() when handling the nltk: URL scheme. Attackers who can influence resource identifiers passed to this function can bypass the _UNSAFE_NO_PROTOCOL_RE regex using URL-encoded separators (%2f) or traversal segments (%2e%2e), allowing reads of files such as /etc/passwd, /proc/self/environ, SSH keys, and application secrets. Publicly available exploit code exists via the GHSA-p4gq-832x-fm9v advisory, though no public exploit identified in CISA KEV at time of analysis.

Path Traversal
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-46791 HIGH This Week

Unauthorized data disclosure in Oracle WebCenter Content 14.1.2.0.0 (Content Server component) allows unauthenticated remote attackers to access all data accessible to the application via HTTP. The flaw carries a CVSS 3.1 base score of 7.5 with high confidentiality impact and no integrity or availability impact, and currently has no public exploit identified at time of analysis.

Authentication Bypass Oracle Oracle Webcenter Content
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-12305 HIGH PATCH This Week

Denial of service in Mozilla Firefox prior to version 152 and Firefox ESR prior to 140.12 stems from a memory safety bug (CWE-119) that remote attackers can trigger via crafted web content. The CVSS 7.5 score reflects high availability impact with no confidentiality or integrity loss, consistent with a browser crash rather than reliable code execution. No public exploit identified at time of analysis, and Mozilla has shipped fixes across multiple advisories (MFSA2026-57, -58, -60, -61).

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-52844 HIGH PATCH GHSA This Week

Authorization bypass in Caddy web server on Windows allows unauthenticated remote attackers to access files in path-protected directories by substituting forward slashes with URL-encoded backslashes (%5C). The flaw stems from an inconsistency between Caddy's `path` matcher and `file_server` handler, where the matcher treats `\` as a literal character while Windows-native filesystem code treats it as a separator. A detailed proof-of-concept is published in the vendor advisory, though no public exploit identified at time of analysis in exploitation databases.

Path Traversal Microsoft
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-52711 HIGH This Week

Unauthorized information disclosure in the WooCommerce POS WordPress plugin (versions 1.8.14 and earlier) allows remote unauthenticated attackers to access protected resources due to missing authorization checks. The CVSS 3.1 score of 7.5 reflects high confidentiality impact with no integrity or availability effect, and no public exploit identified at time of analysis. The flaw was disclosed by Patchstack and aligns with CWE-862 (Missing Authorization), a common pattern in WordPress plugin endpoints that omit capability checks.

Authentication Bypass WordPress Woocommerce Pos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-39490 HIGH This Week

Unauthorized information disclosure in the Artbees JupiterX Core WordPress plugin (versions 4.14.1 and earlier) allows remote unauthenticated attackers to bypass access controls and read data that should require authentication. The flaw is classified as CWE-862 (Missing Authorization) and was disclosed via Patchstack; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Jupiterx Core
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-68045 HIGH This Week

Broken access control in the Arraytics WP Event Solution WordPress plugin through version 4.1.12 allows remote unauthenticated attackers to access protected functionality or data without authorization. The flaw stems from missing authorization checks (CWE-862) on plugin endpoints, exposing sensitive event-management capabilities or data to anyone who can reach the WordPress site. No public exploit identified at time of analysis, and the issue is not currently listed in the CISA KEV catalog.

Authentication Bypass Wp Event Solution
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-41523 HIGH PATCH GHSA This Week

Arbitrary code execution in vLLM versions prior to 0.22.0 allows remote unauthenticated attackers to run code on the inference server by publishing a malicious HuggingFace model, when vLLM is launched in Python optimized mode (python -O or PYTHONOPTIMIZE=1). The sole guardrail restricting which activation function classes can be loaded from a model's config.json is implemented with a Python assert, which is stripped at compile time under -O, leaving an unrestricted import gadget directly fed by attacker-controlled data. No public exploit identified at time of analysis, but the vendor advisory (GHSA-q8gq-377p-jq3r) and a coordinated huntr.com submission document the issue in detail.

Python Authentication Bypass Code Injection RCE
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-35295 HIGH This Week

Takeover of Oracle WebCenter Sites 12.2.1.4.0 and 14.1.2.0.0 is possible when a low-privileged attacker with HTTP network access successfully chains a high-complexity exploit path in the WebCenter Sites component, resulting in full confidentiality, integrity, and availability compromise. Oracle's June 2026 Critical Patch Update disclosure rates this CVSS 7.5 with AC:H/PR:L, meaning a valid (even low-tier) account plus non-trivial conditions are required. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Oracle Oracle Webcenter Sites
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-35269 HIGH This Week

Unauthorized data modification in Oracle Identity Manager (Fusion Middleware) versions 12.2.1.4.0 and 14.1.2.1.0 allows a remote unauthenticated attacker to create, delete, or modify critical identity data via the REST WebServices component over HTTP. Oracle rates the issue as easily exploitable with a CVSS 3.1 base score of 7.5 (integrity-only impact), and no public exploit has been identified at time of analysis.

Authentication Bypass Oracle Identity Manager
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-46971 HIGH This Week

Full compromise of Oracle HR Intelligence (a module of Oracle E-Business Suite) is possible for an authenticated low-privileged attacker who can reach the Internal Operations component over HTTP, per Oracle's June 2026 Critical Patch Update. The flaw affects EBS versions 12.2.3 through 12.2.15 and yields high impact across confidentiality, integrity, and availability, though Oracle rates exploitation as difficult (AC:H). No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Information Disclosure Oracle Oracle Hr Intelligence
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-46966 HIGH This Week

Takeover of Oracle Universal Work Queue is possible in Oracle E-Business Suite versions 12.2.3 through 12.2.15 via the Work Provider Site Level Administration component, where a low-privileged attacker with HTTP network access can fully compromise confidentiality, integrity, and availability of the module. Oracle classifies the issue as difficult to exploit (AC:H), and no public exploit identified at time of analysis. The flaw was disclosed in the Oracle Critical Patch Update of June 2026.

Oracle Oracle Universal Work Queue Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-46959 HIGH This Week

Takeover of Oracle Subledger Accounting (component: Internal Operations) in Oracle E-Business Suite versions 12.2.3 through 12.2.15 allows an authenticated low-privileged attacker with HTTP network access to fully compromise confidentiality, integrity, and availability of the module. Although the CVSS 3.1 base score is 7.5 with high impact across all three pillars, the AC:H rating signals non-trivial exploitation requirements, and there is no public exploit identified at time of analysis.

Oracle Oracle Subledger Accounting Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-46958 HIGH This Week

Takeover of Oracle Subledger Accounting (component: Internal Operations) in Oracle E-Business Suite versions 12.2.3 through 12.2.15 is possible by a low-privileged remote attacker leveraging HTTP. The flaw yields full confidentiality, integrity, and availability impact (CVSS 7.5) but is rated high attack complexity, so reliable exploitation is non-trivial. No public exploit identified at time of analysis, and the issue is not listed on CISA KEV.

Oracle Oracle Subledger Accounting Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-46957 HIGH This Week

Takeover of Oracle iSupplier Portal (E-Business Suite versions 12.2.3 through 12.2.15) is achievable by a low-privileged remote attacker over HTTP, per Oracle's June 2026 Critical Patch Update. The flaw is rated CVSS 7.5 with high confidentiality, integrity, and availability impact, but carries high attack complexity, suggesting non-trivial preconditions. There is no public exploit identified at time of analysis and the CVE is not on CISA KEV.

Oracle Oracle Isupplier Portal Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-46935 HIGH This Week

Full takeover of Oracle Complex Maintenance, Repair and Overhaul (CMRO) versions 12.2.3 through 12.2.15 is possible by an authenticated low-privileged attacker over HTTP against the Internal Operations component. Successful exploitation yields high impact to confidentiality, integrity, and availability of the CMRO module, though Oracle rates the attack complexity as high. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Oracle Oracle Complex Maintenance Repair And Overhaul Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-46934 HIGH This Week

Takeover of Oracle Complex Maintenance, Repair and Overhaul (CMRO) in Oracle E-Business Suite versions 12.2.3 through 12.2.15 allows a low-privileged authenticated attacker with HTTP network access to fully compromise the Internal Operations component. Oracle's June 2026 Critical Patch Update advisory documents the issue with a CVSS 3.1 base score of 7.5 and high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the vulnerability is rated difficult to exploit due to high attack complexity.

Oracle Oracle Complex Maintenance Repair And Overhaul Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-10638 HIGH PATCH This Week

Use-after-free in Zephyr RTOS's ICMPv6 stack (v4.2.0-v4.4.0) allows an unauthenticated remote attacker to crash the networking stack and potentially corrupt memory by sending a standard ICMPv6 Echo Request or any IPv6 packet that elicits an ICMPv6 error response. Both `icmpv6_handle_echo_request()` and `net_icmpv6_send_error()` call `net_pkt_iface()` on a packet after transferring it to `net_try_send_data()`, which may synchronously or asynchronously free the packet's memory slab before the statistics update executes. When `CONFIG_NET_STATISTICS_PER_INTERFACE` is enabled, the stale interface pointer is written through (`iface->stats.icmp.sent++`), escalating the read UAF into an attacker-influenced memory write; no public exploit has been identified at time of analysis, but the trigger is a universally available IPv6 primitive.

Denial Of Service Use After Free Memory Corruption Buffer Overflow Zephyr
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-46955 HIGH This Week

Takeover of Oracle Human Resources in Oracle E-Business Suite versions 12.2.3 through 12.2.15 is possible when a remote unauthenticated attacker tricks a separate user into interacting with a crafted HTTP request targeting the Person component. Despite high attack complexity, successful exploitation yields full confidentiality, integrity, and availability impact on the HR module. No public exploit identified at time of analysis.

Oracle Oracle Human Resources XSS
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-12317 HIGH PATCH This Week

Memory corruption in Mozilla Firefox versions prior to 152 allows remote unauthenticated attackers to crash the browser by serving crafted web content, resulting in denial of service. The CVSS 3.1 base score of 7.5 reflects high availability impact without confidentiality or integrity loss, and no public exploit identified at time of analysis. Mozilla disclosed the issue via advisories MFSA2026-57 and MFSA2026-60 with a fix shipped in Firefox 152.

Mozilla Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-53755 HIGH PATCH GHSA This Week

Unauthenticated server-side request forgery in Crawl4AI's Docker API server (versions < 0.8.9) lets remote attackers reach internal services and cloud-metadata endpoints by supplying a proxy address that bypasses the crawl-URL validation. Because the Docker API is unauthenticated by default and the SSRF check was only applied to the crawl target - not to the proxy destination - an attacker can route Chromium's egress through an internal IP (e.g. AWS IMDSv1 at 169.254.169.254) and read the response verbatim from the crawl result. No public exploit is identified at time of analysis, but the reporter supplied a working PoC and EPSS risk is low (0.29%, 20th percentile).

Google SSRF Docker
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-12314 HIGH PATCH This Week

Memory corruption in Mozilla Firefox prior to version 152 and Firefox ESR prior to 140.12 allows remote attackers to compromise browser memory integrity through crafted web content, with confidentiality impact rated High per the CVSS vector. The flaw stems from a buffer-handling defect (CWE-119) reported by Mozilla itself and addressed across multiple security advisories (MFSA2026-57, -58, -60, -61). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-12312 HIGH PATCH This Week

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-12310 HIGH PATCH This Week

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-53754 HIGH PATCH GHSA This Week

Server-Side Request Forgery in Crawl4AI's Docker API server (versions <= 0.8.7) allows unauthenticated remote attackers to bypass the IPv4/IPv6 CIDR blocklist in validate_webhook_url/validate_url_destination by using IPv6 transition forms (NAT64, 6to4, IPv4-mapped, IPv4-compatible) or the unspecified address. Since the Docker API ships with jwt_enabled:false by default, attackers can pivot the server into fetching cloud metadata endpoints like 169.254.169.254, potentially exposing IAM credentials. No public exploit identified at time of analysis, but the upstream advisory (GHSA-4qqr-vv2q-cmr5) details the exact bypass payloads.

Docker SSRF Oracle
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-10303 HIGH This Week

Remote command injection in ServerCo getssl 2.49 and prior allows an attacker who controls or tampers with ACME challenge responses (a malicious/compromised CA endpoint or on-path adversary) to write attacker-chosen file paths via tokens that violate RFC 8555 base64url constraints, typically yielding code execution as the privileged user that renews certificates. The issue was reported by runZero, fixed upstream in v2.50, and at the time of analysis there is no public exploit identified and the CVE is not listed in CISA KEV.

Path Traversal Command Injection Getssl
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.8%
CVE-2026-54299 HIGH PATCH GHSA This Week

Server-side request forgery in Astro SSR deployments (npm package astro < 6.4.6) allows remote unauthenticated attackers to coerce the runtime into fetching attacker-controlled URLs by spoofing the HTTP Host header when a prerendered /404 or /500 page is configured. The attacker-controlled response body is reflected back to the victim, enabling information disclosure from internal services reachable by the application. No public exploit identified at time of analysis; the issue was responsibly disclosed by Tarmo Technologies via GitHub Security Advisory GHSA-2pvr-wf23-7pc7.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-0156 HIGH This Week

Remote denial of service in Android (Pixel) RTP stack arises from a missing null check in checkSsrcCollisionOnRcv within RtpSession.cpp, allowing unauthenticated attackers to crash the affected media component over the network. The flaw carries CVSS 7.5 with availability-only impact, and at the time of analysis there is no public exploit identified and the EPSS exploitation probability is very low (0.14%, 4th percentile).

Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-46974 HIGH This Week

Privileged local compromise of Oracle VM VirtualBox 7.2.8 allows an attacker already authenticated to the host with high privileges to take over the VirtualBox installation and cross the hypervisor boundary into additional products (scope-changed). Oracle's CPU advisory rates this CVSS 3.1 7.5 with high attack complexity; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Oracle Oracle Vm Virtualbox Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-46873 HIGH This Week

Privilege escalation and host takeover in Oracle VM VirtualBox 7.2.8 via the VMSVGA virtual graphics device allows a high-privileged local attacker to break out of the virtualization boundary and impact additional products beyond VirtualBox itself (scope change). The flaw carries a CVSS 3.1 base score of 7.5 with full confidentiality, integrity, and availability impact, but exploitation is rated high complexity. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Oracle Oracle Vm Virtualbox Privilege Escalation
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-35275 HIGH This Week

Confidentiality and integrity compromise in Oracle VM VirtualBox 7.2.8 (Shared Folders component) allows a low-privileged local attacker on the host to escape the guest/host boundary and access or modify critical data across the scope, including resources outside VirtualBox itself. The flaw is rated CVSS 3.1 7.5 with a scope change, but exploitation is rated High complexity by Oracle and there is no public exploit identified at time of analysis. Patch is available per Oracle's June 2026 Critical Patch Update advisory.

Authentication Bypass Oracle Oracle Vm Virtualbox
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-49057 HIGH This Week

Unauthenticated information disclosure in the eyecix JobSearch (wp-jobsearch) WordPress plugin versions up to and including 3.2.7 allows remote attackers to bypass access controls and read sensitive data without authentication. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) indicates trivial remote exploitation with no preconditions, though no public exploit identified at time of analysis and no CISA KEV listing is present. Patchstack categorized the issue as a Broken Access Control / Authentication Bypass affecting confidentiality only.

Authentication Bypass Jobsearch
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-69131 HIGH This Week

Unauthenticated arbitrary file download affects the 'WordPress & WooCommerce Scraper Plugin, Import Data from Any Site' plugin by Extendons in versions up to and including 1.0.7. Remote attackers can exploit a path traversal weakness (CWE-22) to retrieve arbitrary files from the underlying web server without any authentication, exposing sensitive data such as wp-config.php credentials. No public exploit identified at time of analysis, but the network-reachable, no-privilege CVSS profile (7.5) makes opportunistic mass-scanning by WordPress vulnerability scanners likely once disclosed.

Path Traversal WordPress Wordpress Woocommerce Scraper Plugin Import Data From Any Site
NVD
CVSS 3.1
7.5
EPSS
0.5%
Prev Page 8 of 13 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy