Skip to main content
CVE-2026-55672 HIGH PATCH GHSA This Week

Authentication bypass in Zitadel identity platform (versions 3.0.0-3.4.11 and 4.0.0-4.15.1) allows an attacker who has obtained a victim's authorization code, refresh token, or device authorization grant to redeem it under a different OAuth client registered on the same instance, because the server fails to validate the client_id binding required by RFC 6749 §4.1.3. No public exploit identified at time of analysis; CVSS 7.4 with high attack complexity reflects the requirement that the attacker first intercept the code or token through a separate weakness such as XSS, log exposure, or referrer leakage.

Authentication Bypass Microsoft XSS
NVD GitHub
CVSS 3.1
7.4
EPSS
0.3%
CVE-2026-11958 HIGH PATCH This Week

Local privilege escalation in ANSSI's DFIR-ORC versions 10.2.7 and prior allows a low-privileged local user to gain administrator rights by planting a malicious DLL in C:\Windows\Temp, which the tool loads automatically when extracted and executed from that shared directory. The flaw is a classic uncontrolled search path (CWE-427) issue and was reported by INCIBE; no public exploit identified at time of analysis and the CVE is not in CISA KEV. The vendor has shipped a fix in DFIR-ORC v10.3.0, which adds ACL hardening on extraction directories.

Privilege Escalation Microsoft Dfir Orc
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.1%
CVE-2026-11395 HIGH This Week

Server-Side Request Forgery in the CF7 to Webhook WordPress plugin (versions up to and including 5.0.0) allows unauthenticated attackers to coerce the WordPress server into issuing arbitrary outbound HTTP requests through the pull_the_trigger functionality. Exploitation is conditional on an administrator configuring the webhook URL with a Contact Form 7 field placeholder inside the host portion of the URL, with the form publicly reachable. No public exploit identified at time of analysis, and there is no CISA KEV listing for this vulnerability.

WordPress SSRF Cf7 To Webhook
NVD VulDB
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-8811 HIGH PATCH This Week

Path traversal in SEPPmail Secure Email Gateway versions before 15.0.5 allows authenticated remote attackers to write files outside the intended directory by manipulating attachment filenames processed during encrypted PDF generation. Files can be placed in web-accessible locations, enabling potential webshell deployment and integrity compromise. No public exploit identified at time of analysis; the issue was reported by NCSC.ch and is fixed in 15.0.5.

Path Traversal Secure Email Gateway
NVD
CVSS 4.0
7.1
EPSS
0.4%
CVE-2026-54005 HIGH PATCH GHSA This Week

Missing authorization in Kirby CMS lets authenticated users read the full content and metadata of pages they are not permitted to access via the /api/site/find REST route. It affects sites where a user role has the pages.access permission disabled (through user blueprints, model blueprint options, or a combination), on Kirby <= 4.9.3 and 5.0.0-alpha.1 through 5.4.3. No public exploit identified at time of analysis; the flaw is read-only and cannot be used for write access, and the CVSS 4.0 vector rates confidentiality impact High (score 7.1).

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-56077 HIGH PATCH This Week

Information disclosure in PraisonAI before 1.5.115 allows authenticated agents to read other agents' system prompts and conversation history by exploiting missing uniqueness enforcement on agent identifiers in the MultiAgentLedger component. An attacker who can register an agent with a colliding ID receives the same ledger instance as the victim, breaking tenant isolation in multi-agent deployments. No public exploit identified at time of analysis, though the upstream GHSA advisory (GHSA-766v-q9x3-g744) publishes a working proof-of-concept demonstrating the collision.

Information Disclosure Praisonai
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-50141 HIGH POC PATCH GHSA This Week

Agent impersonation in Woodpecker CI 3.0.0 through 3.14.0 allows any authenticated agent to assume the identity of any other agent on the same server by injecting a forged agent_id into outgoing gRPC metadata. The server validates the JWT correctly but then trusts the client-supplied agent_id over the cryptographically verified one, enabling cross-tenant job hijacking and integrity compromise of CI pipelines. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Suse
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-44663 HIGH PATCH This Week

Heap out-of-bounds write in OpenEXR 3.4.0 through 3.4.11 lets an attacker who supplies a crafted HTJ2K-compressed EXR file trigger memory corruption during decoding, via an integer overflow in the HTJ2K decoder ht_undo_impl(). Any application that decodes untrusted EXR images using the affected OpenEXRCore library is at risk, with potential for memory corruption and possible code execution. No public exploit has been identified at time of analysis; EPSS risk is low (0.17%, 7th percentile) and CISA SSVC rates exploitation as none.

Integer Overflow Buffer Overflow Openexr Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32436 HIGH PATCH This Week

Disk exhaustion denial-of-service in Significant Gravitas AutoGPT prior to version 0.6.63 allows authenticated platform users to crash the host by abusing the AddAudioToVideoBlock and StepThroughItemsBlock workflow components. By looping MediaDurationBlock through unbounded StepThroughItemsBlock iterations against URLs that trigger screenshots, attackers fill the working directory with undeleted temporary media files until disk space is exhausted. No public exploit identified at time of analysis, and EPSS data was not supplied.

Denial Of Service Autogpt
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-54224 HIGH This Week

Database-resource exhaustion in UBB.threads forum software (confirmed in version 7.7.5) allows an authenticated low-privileged user to deny service to the entire application by issuing concurrent profile-view requests. The flaw, reported by CERT-PL and tracked as CWE-405 (Asymmetric Resource Consumption), produces high availability impact (CVSS 4.0 VA:H, 7.1) with no confidentiality or integrity loss. There is no public exploit identified at time of analysis and the vulnerability is not on the CISA KEV list.

Denial Of Service Ubb Threads
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-55746 HIGH GHSA This Week

Stored cross-site scripting in Cotonti 1.0.0 (master branch, commit f43f1fc3) lets an authenticated user inject HTML/JavaScript into Personal File Storage (PFS) folder titles, which then execute in any viewer's browser when the folder listing is rendered. The flaw stems from the 'TXT' import filter not encoding HTML combined with unescaped template output, and no public exploit identified at time of analysis. Discovered by TuranSec; impact extends to other users browsing public folders, enabling session theft or account actions in their context.

PHP XSS Cotonti
NVD GitHub VulDB
CVSS 4.0
7.0
EPSS
0.2%
CVE-2026-55887 HIGH PATCH GHSA This Week

Arbitrary code execution as root on the host running Docker MCP Gateway via argument injection in the `docker run` command line. A malicious OCI image author can craft an `io.docker.server.metadata` label that YAML-unmarshals into runtime-shaping fields of the `catalog.Server` struct, causing the gateway to append attacker-chosen flags like `-v /:/host` and `-u root` when launching the MCP server container. No public exploit identified at time of analysis, but the upstream advisory describes a full exploitation path.

Privilege Escalation RCE Docker
NVD GitHub
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy