Skip to main content
CVE-2026-55229 HIGH POC PATCH GHSA This Week

Server-side request forgery in Gotenberg v8.33.0 and earlier allows remote unauthenticated attackers to coerce the server into making arbitrary outbound HTTP(S) requests and to disclose local image files by uploading a crafted DOCX to the /forms/libreoffice/convert endpoint. The flaw stems from LibreOffice automatically resolving external and local resources referenced in <img> tags during conversion, exposing internal networks and on-disk image files. Publicly available exploit code exists via the vendor's GHSA-2mrg-35hw-x3x9 advisory, though no CISA KEV listing or EPSS data is available at time of analysis.

Debian OpenSSL SSRF
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-12390 HIGH CISA Act Now

Code execution in AzeoTech DAQFactory versions 21.1 and prior is achievable when a user opens a maliciously crafted .ctl project file, triggering a CWE-843 type confusion that corrupts memory. The flaw was reported through CISA ICS-CERT, which is significant because DAQFactory is HMI/SCADA software where engineering project files are routinely shared between integrators and operators. There is no public exploit identified at time of analysis, but the file-borne delivery pattern is well-suited to phishing or supply-chain handoffs targeting OT engineers.

Memory Corruption RCE Daqfactory
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2026-50034 HIGH CISA Act Now

Cleartext Bluetooth Low Energy transmission in the Apollo Pharmacy Blood Glucose Monitoring System (Model APG-01 BT) allows an attacker within BLE radio range to passively sniff wireless traffic and recover patient glucose readings and related health data. The flaw is a CWE-319 cleartext-transmission issue affecting a consumer medical device, disclosed via CISA ICS-CERT advisory ICSMA-26-169-01. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Blood Glucose Monitoring System Model No Apg 01 Bt
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-52866 HIGH CISA Act Now

Denial-of-service in the Apollo Pharmacy Blood Glucose Monitoring System (model APG-01 BT) allows an attacker within Bluetooth Low Energy radio range to seize the device's single BLE connection slot, blocking the legitimate patient app or clinician from pairing and reading glucose measurements. The flaw is rooted in missing authorization (CWE-862) on connection acceptance and was disclosed through CISA's ICS Medical advisory ICSMA-26-169-01. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Blood Glucose Monitoring System Model No Apg 01 Bt
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-9860 HIGH This Week

Remote code execution in the Offload, AI & Optimize with Cloudflare Images WordPress plugin (versions ≤1.10.2) allows authenticated Author-level users to inject PHP into wp-config.php via the 'account-id' or 'api-key' parameters of the cf_images_do_setup AJAX handler. The handler enforces only the upload_files capability instead of manage_options, and a single-quote escape flaw lets attackers break out of a PHP string literal during the define() write. No public exploit is identified at time of analysis, but the vulnerability is reported by Wordfence with detailed root-cause analysis.

File Upload PHP WordPress RCE Offload Ai Optimize With Cloudflare Images +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2026-12407 HIGH This Week

Privilege escalation in the E2Pdf - Export Pdf Tool for WordPress plugin (versions ≤ 1.32.26) allows authenticated low-privilege users with the e2pdf_templates capability to overwrite arbitrary WordPress options and elevate themselves to administrator. The flaw stems from the screen_action() function lacking a capability check and nonce verification, letting attackers pass attacker-controlled option names and values directly to update_option(). No public exploit identified at time of analysis, but the issue was disclosed by Wordfence with detailed source-line references making weaponization straightforward.

Authentication Bypass WordPress E2Pdf Export Pdf Tool For Wordpress
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-32174 HIGH PATCH NO ACTION Monitor

Privilege elevation in Microsoft's Azure (AI) Bot Service lets an authenticated, network-based attacker bypass improper authentication checks (CWE-287) to gain higher privileges than originally granted. Tracked as CVE-2026-32174 (CVSS 8.8) and reported by Microsoft, it affects the cloud-hosted Azure Bot Service and carries high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, EPSS exploitation probability is low (0.37%, 29th percentile), and CISA SSVC currently scores exploitation as 'none.'

Authentication Bypass Microsoft Azure Ai Bot Service
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-8461 HIGH PATCH This Week

Out-of-bounds write in FFmpeg's libavcodec MagicYUV decoder (libavcodec/magicyuv.c) affects all FFmpeg versions before 8.1.2, allowing remote attackers to cause denial-of-service and potentially achieve remote code execution when a victim processes a crafted MagicYUV-encoded media file. No public exploit identified at time of analysis, but the broad deployment of FFmpeg across media players, transcoding pipelines, browsers, and server-side processing makes this a high-priority patch. EPSS and CISA KEV data were not provided in the input.

RCE Memory Corruption Buffer Overflow Ffmpeg
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-12044 HIGH PATCH This Week

SQL injection in pgAdmin 4 versions 1.0 through 9.15 allows an authenticated user with object-modification rights to inject SQL via the description field of Domain, Domain Constraint, Foreign Table, Language, Event Trigger, and View dialogs, where Jinja templates wrapped the value in single quotes instead of passing it through the qtLiteral escape filter. Sixteen template sites plus ten related pgstattuple/pgstatindex identifier sinks share the defect; injected SQL executes as the connected PostgreSQL role, and if that role can use COPY ... TO/FROM PROGRAM it pivots to OS command execution on the database host. No public exploit identified at time of analysis, and the vendor notes the bug does not cross a privilege boundary since the same user already has direct SQL access via the Query Tool.

PostgreSQL Command Injection SQLi Pgadmin 4
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.5%
CVE-2026-55237 HIGH PATCH This Week

DOM-based cross-site scripting in AutoGPT versions prior to 0.6.62 allows remote attackers to execute arbitrary JavaScript in an authenticated victim's browser by tricking them into clicking a crafted signup-page link whose `next` URL parameter is passed unsanitized into `router.push`. No public exploit identified at time of analysis, but the GitHub Security Advisory (GHSA-j2cp-jg5q-38wj) confirms the issue and ships a fix in 0.6.62.

XSS Autogpt
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-40456 HIGH PATCH This Week

OS command injection in LMS (LAN Management System) before commit 9fcb4de allows authenticated adjacent attackers to execute arbitrary operating system commands by supplying a malicious IP address parameter that is passed unsanitized to exec(). The flaw was reported by CERT-PL and an upstream fix is available; no public exploit identified at time of analysis, and the CVSS 4.0 score of 8.6 reflects high impact on the vulnerable system with limited subsequent-system effect.

Command Injection Lms
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.9%
CVE-2026-55204 HIGH PATCH This Week

Denial of service in HAProxy through 3.4.0 allows remote unauthenticated attackers to crash worker processes by triggering HPACK dynamic table insertions under memory pressure. The flaw lives in hpack_dht_insert() in src/hpack-tbl.c, where the return value of hpack_dht_defrag() is not validated; when the memory pool is exhausted defrag returns NULL and the subsequent dereference crashes the worker. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service Null Pointer Dereference Haproxy
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.4%
CVE-2026-48716 HIGH This Week

Arbitrary file write in HKUDS Nanobot's WhatsApp bridge (versions 0.1.5.post3 and prior) allows remote unauthenticated attackers to write attacker-controlled content to arbitrary filesystem locations by sending a WhatsApp document message with a path-traversal sequence in its fileName field. Because both the destination path and the file content are attacker-controlled, exploitation yields a write-anywhere primitive that can be escalated to remote code execution (e.g., by overwriting authorized_keys or shell startup files). No public exploit identified at time of analysis; a fix is planned for version 0.1.5.post4.

Path Traversal Node.js Nanobot
NVD GitHub
CVSS 3.1
8.7
EPSS
0.3%
CVE-2026-55741 HIGH This Week

Cross-site request forgery in Cotonti 1.0.0 (commit f43f1fc3) administration configuration handler allows a remote attacker to coerce an authenticated administrator's browser into silently modifying arbitrary core, module, or plugin configuration options. The flaw in system/admin/admin.config.php stems from the 'a=update' action invoking cot_config_update_options() without the cot_check_xg() anti-CSRF token check used elsewhere in the admin panel. No public exploit identified at time of analysis, though the root cause is well-documented at the source line level by the reporter (TuranSec).

CSRF PHP Cotonti
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-56078 HIGH PATCH This Week

Path traversal in PraisonAI's MultiAgentMonitor component (versions <= 1.5.114) lets remote attackers who can supply agent identifiers read, write, or overwrite arbitrary files on the host by embedding '../' sequences in agent IDs. The flaw, disclosed by VulnCheck and tracked as GHSA-766v-q9x3-g744, enables information disclosure, denial of service, and potential code execution in multi-agent AI deployments; no public exploit identified at time of analysis but a detailed PoC is included in the advisory.

Path Traversal Denial Of Service RCE Praisonai
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2026-56075 HIGH PATCH This Week

Arbitrary shell command execution in PraisonAI before 4.5.128 allows authenticated UI users to bypass the human-in-the-loop approval gate because the Chainlit chat and code UI modules hardcode approval_mode='auto' after loading administrator config from PRAISON_APPROVAL_MODE. Once auto-approved, prompts to the LLM agent reach subprocess.run with shell=True, and the existing blocklists only filter command chaining operators - leaving single destructive commands (rm -rf, curl, dd, chmod) executable. No public exploit identified at time of analysis beyond the vendor PoC; not currently listed in CISA KEV.

Authentication Bypass Praisonai
NVD GitHub
CVSS 4.0
8.7
EPSS
0.5%
CVE-2025-32437 HIGH PATCH This Week

Denial of service in Significant-Gravitas AutoGPT prior to 0.6.63 allows remote attackers to exhaust host disk space by chaining the unbounded StepThroughItemsBlock loop with MediaDurationBlock, which downloads videos to a temporary directory and never cleans them up. No public exploit identified at time of analysis, but the flaw is trivially triggerable through the normal agent-building UI in any AutoGPT instance reachable by an untrusted user.

Denial Of Service Autogpt
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-32424 HIGH PATCH This Week

Denial of service in AutoGPT prior to 0.6.63 allows remote unauthenticated users to exhaust host disk space by chaining the StepThroughItemsBlock with the ScreenshotWebPageBlock to capture an unbounded number of screenshots into a temporary directory. No public exploit identified at time of analysis, but the attack requires no authentication and CVSS 4.0 rates availability impact as High (8.7).

Denial Of Service Autogpt
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-54104 HIGH PATCH HOSTED Monitor

Privilege escalation in the U.S. GAO Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals Electronic Docketing System (EDS) allows authenticated remote attackers to elevate their privileges by tampering with the client-supplied 'epds_role_id' parameter, which the server accepts without verification. Reported by CISA-CG and tracked as EUVD-2026-37911 with a CVSS 4.0 score of 8.7, no public exploit identified at time of analysis. Both web applications have been patched by their respective government operators.

Privilege Escalation Microsoft Electronic Protest Docketing System Epds Electronic Docketing System Eds
NVD VulDB
CVSS 4.0
8.7
EPSS
0.4%
CVE-2025-32422 HIGH PATCH This Week

Denial of service in AutoGPT versions prior to 0.6.63 allows remote unauthenticated attackers to exhaust disk space on the host running the workflow automation platform by abusing the StepThroughItemsBlock to repeatedly drive FileStoreBlock downloads. The platform's `StepThroughItemsBlock` has no loop cap and `FileStoreBlock` enforces no working-directory disk quota, so an attacker can iteratively download moderately sized files (e.g., 100MB) until storage is exhausted. No public exploit identified at time of analysis, but the GitHub Security Advisory GHSA-9fr4-9jj9-mhh6 confirms the issue and the fix in 0.6.63.

Denial Of Service Autogpt
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-32392 HIGH PATCH This Week

Resource exhaustion denial-of-service in Significant Gravitas AutoGPT versions prior to 0.6.63 allows remote unauthenticated users to fill disk space by abusing the LoopVideoBlock's unbounded loop count parameter. The platform writes the resulting oversized video to disk, exhausting available storage and crashing the host. No public exploit identified at time of analysis, but CVSS 4.0 rates this 8.7 (High) due to network reachability and unauthenticated trigger path.

Denial Of Service Autogpt
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-40455 HIGH PATCH This Week

Error-based SQL injection in LMS (LAN Management System) before commit 4cb30a7 allows authenticated attackers to extract sensitive database contents via the tarifflist.php module. The flaw stems from unsanitized concatenation of the POST tg[] array into a SQL query through implode(), and a CERT-PL-coordinated fix is upstream. No public exploit identified at time of analysis.

PHP SQLi Lms
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.2%
CVE-2026-55744 HIGH GHSA This Week

Cross-Site Request Forgery in the Personal File Storage (PFS) module of Cotonti 1.0.0 (commit f43f1fc3) allows remote attackers to upload arbitrary files into an authenticated victim's storage by luring them to a malicious page. The 'a=upload' action in modules/pfs/inc/pfs.main.php omits the cot_check_xg() anti-CSRF token check that sibling actions like 'delete' enforce. No public exploit identified at time of analysis, though the root cause is documented in the public source code reference.

File Upload CSRF PHP Cotonti
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.2%
CVE-2026-11719 HIGH PATCH GHSA This Week

Authorization bypass in Google's MCP Toolbox for Databases (googleapis/mcp-toolbox) allows authenticated low-privilege clients to invoke high-privilege tools by selecting a legacy MCP protocol version. The flaw stems from missing scopesRequired enforcement in the 2025-06-18, 2025-03-26, and 2024-11-05 protocol handlers, and is reachable simply by omitting the MCP-Protocol-Version header so the server falls back to the vulnerable 2024-11-05 default. No public exploit identified at time of analysis, but the upstream fix (PR #3335) confirms the issue and its trivial triggering condition.

Authentication Bypass Mcp Toolbox For Databases Googleapis Mcp Toolbox
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.1%
CVE-2026-56076 HIGH PATCH This Week

Cross-origin agent execution in PraisonAI's AGUI endpoint allows any attacker-controlled website to silently invoke locally-running agents and exfiltrate their streaming responses, including tool execution results and sensitive environment data. The flaw stems from a triad of issues - no authentication on POST /agui, a hardcoded wildcard CORS header, and Starlette's Content-Type-agnostic JSON parsing - that together let a simple cross-origin request bypass the browser's preflight check. No public exploit identified at time of analysis, but the GHSA advisory publishes a complete attack flow making weaponization trivial.

Cors Misconfiguration RCE Praisonai
NVD GitHub
CVSS 4.0
8.6
EPSS
0.5%
CVE-2026-8100 HIGH PATCH This Week

Authorization bypass in Progress Chef 360 prior to version 1.7.1 allows authenticated users to access higher-privileged API endpoints by exploiting improper URL-encoded path handling during request processing. The flaw is a path traversal/normalization weakness (CWE-23) that lets standard access controls be circumvented before authorization checks run. No public exploit identified at time of analysis, but the vendor advisory confirms the issue and a fixed release is available.

Authentication Bypass Chef360
NVD VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2026-54223 HIGH This Week

Remote code execution in UBB.threads forum software (version 7.7.5 confirmed) is achievable by authenticated users holding template-edit privileges, who can abuse a path traversal weakness to read and write arbitrary files within the web application's privilege scope. CERT-PL reported the issue after vendor contact attempts failed, and there is no public exploit identified at time of analysis. The flaw escalates a routine administrative capability into full server compromise without requiring user interaction.

Path Traversal RCE Ubb Threads
NVD
CVSS 4.0
8.6
EPSS
0.6%
CVE-2026-54222 HIGH This Week

Authenticated blind SQL injection in UBB.threads forum software version 7.7.5 (and likely other versions) allows administrators with access to the Members section of the Control Panel to extract arbitrary database contents, including user credentials, via time-based or boolean-based SQLi techniques. Reported by CERT-PL after unsuccessful vendor contact, with no public exploit identified at time of analysis and no vendor-released patch.

SQLi Ubb Threads
NVD
CVSS 4.0
8.6
EPSS
0.3%
CVE-2026-54220 HIGH This Week

Cross-site request forgery in UBB.threads forum software version 7.7.5 (and potentially earlier versions) allows remote attackers to coerce authenticated forum users - including administrators - into executing unintended state-changing actions by visiting an attacker-controlled page. The flaw was reported by CERT-PL after unsuccessful vendor contact, so no public exploit identified at time of analysis and no vendor-released patch identified at time of analysis. The CVSS 4.0 score of 8.6 reflects high impact when an authenticated administrator is targeted, though exploitation requires active user interaction.

CSRF Ubb Threads
NVD
CVSS 4.0
8.6
EPSS
0.2%
CVE-2026-54002 HIGH PATCH GHSA This Week

Stored cross-site scripting in Kirby CMS (getkirby/cms) lets an authenticated Panel editor inject markup that survives Dom::sanitize() and executes as JavaScript when content is rendered in the Panel or on the site frontend. The flaw affects the writer and list fields plus the Sane HTML/SVG/XML sanitization API, and versions ≤ 4.9.3 and 5.0.0-alpha.1 through 5.4.3 are vulnerable. No public exploit identified at time of analysis, and this is not in CISA KEV, but the vendor rates it high severity because a low-privileged editor can escalate to an admin session.

File Upload XSS
NVD GitHub
CVSS 4.0
8.5
EPSS
0.4%
CVE-2026-25865 HIGH This Week

Local privilege escalation and arbitrary code execution affects Yandex Punto Switcher through version 4.5.0.583 due to an unquoted search path passed to WinExec when launching RunDll32.exe to invoke shell32.dll's Control_RunDLL with input.dll. An authenticated local attacker who can drop an executable into an earlier directory in the Windows search order can hijack execution and run code in the context of the affected user. No public exploit identified at time of analysis, but the technique (CWE-428) is well-understood and trivially weaponized.

RCE Punto Switcher
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-56012 HIGH This Week

Blind SQL injection in the David Lingren Media Library Assistant WordPress plugin (versions up to and including 3.35) allows authenticated low-privilege users to inject SQL via unsanitized input into a database query, with scope-changed impact reaching the underlying WordPress database. No public exploit identified at time of analysis, but the plugin's wide WordPress deployment footprint and the low privilege bar make this a meaningful risk for multi-author sites. Patchstack published the advisory; no fixed version is listed in the available data.

SQLi
NVD VulDB
CVSS 3.1
8.5
EPSS
0.2%
CVE-2026-44691 HIGH PATCH GHSA This Week

Arbitrary command execution in Eclipse Theia versions prior to 1.69.0 allows a malicious repository to run host commands with the user's privileges when its workspace is opened, because custom task definitions in .theia/tasks.json or .vscode/tasks.json bypass the workspace trust gate. When the victim has also enabled AI chat with tool confirmation disabled via a workspace .theia/settings.json, the chain triggers automatically on the first chat message. No public exploit identified at time of analysis, but the attack pattern mirrors well-known VS Code workspace-trust bypass classes.

RCE Eclipse Theia
NVD VulDB
CVSS 4.0
8.4
EPSS
0.2%
CVE-2026-46580 HIGH PATCH GHSA This Week

Indirect prompt injection in Eclipse Theia before 1.71.0 allows a malicious repository to automatically override the AI agent's system prompts when a victim opens the workspace, by placing files under .prompts/*.prompttemplate that Theia auto-loads. Combined with built-in AI chat features, the hijacked prompt can chain to data exfiltration via Markdown image rendering or arbitrary command execution via task definitions. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Code Injection Eclipse Theia
NVD VulDB
CVSS 4.0
8.4
EPSS
0.3%
CVE-2026-44688 HIGH PATCH GHSA This Week

Indirect prompt injection in Eclipse Theia versions prior to 1.71.0 allows attackers who control a workspace's filesystem layout to coerce the built-in AI chat agent into executing attacker-supplied instructions, enabling data exfiltration through Markdown image rendering or arbitrary command execution through task definitions. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 8.4 reflects high impact across confidentiality, integrity and availability once a developer opens an untrusted repository. The flaw is reported by the Eclipse Foundation and fixed in version 1.71.0.

Code Injection Eclipse Theia
NVD VulDB
CVSS 4.0
8.4
EPSS
0.3%
CVE-2026-49248 HIGH PATCH This Week

Arbitrary file write in OneDev 15.0.6 and earlier allows any authenticated user with CI Job write access to overwrite files anywhere on the server filesystem by uploading a crafted TAR archive whose symbolic link entries point to absolute paths outside the extraction directory. The flaw is an incomplete-fix bypass of CVE-2021-21251, which only blocked `..` path traversal in TAR entry names but never validated symlink targets. No public exploit has been identified at time of analysis, but the official patch commit and GitHub Security Advisory GHSA-55g8-94r5-cj37 publicly describe the bypass mechanism.

Authentication Bypass Onedev
NVD GitHub
CVSS 4.0
8.3
EPSS
0.4%
CVE-2026-45696 HIGH PATCH This Week

Heap-buffer-overflow READ in OpenEXR 3.4.0 through 3.4.11 occurs in the HTJ2K decoder's ht_undo_impl() function when processing a crafted EXR file with mismatched codestream and channel widths, producing a deterministic crash and potential adjacent-heap memory disclosure. Any application that opens untrusted EXR files - including thumbnailers, asset pipelines, and the exrcheck utility - is reachable via the standard scanline-decode entry point. No public exploit identified at time of analysis, but the upstream fix is shipped in v3.4.12.

Heap Overflow Buffer Overflow Openexr
NVD GitHub VulDB
CVSS 4.0
8.3
EPSS
0.3%
CVE-2025-15661 HIGH PATCH This Week

Out-of-bounds heap read in libssh2 through 1.11.1 enables a malicious SFTP server or man-in-the-middle attacker to leak heap memory or crash client applications by sending a crafted SSH_FXP_NAME response with an inflated link_len during READLINK or REALPATH operations. The library is embedded in many SSH/SFTP clients (curl, Git tooling, language bindings), so impact extends to anywhere libssh2 is used as a client. No public exploit identified at time of analysis, but a vendor patch (commit 2dae302) is available and the issue was reported by VulnCheck.

Information Disclosure Buffer Overflow Libssh2
NVD GitHub VulDB
CVSS 4.0
8.3
EPSS
0.3%
CVE-2026-55388 HIGH PATCH GHSA This Week

{signal} for abort support), the polluted prototype value flows into worker_threads.Worker and the attacker's exported function is invoked with every legitimate caller's task data. Publicly available exploit code exists (full PoC in the GHSA advisory), but no public exploit identified at time of analysis as in-the-wild abuse and the CVE is not in CISA KEV.

Code Injection RCE Red Hat
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-55225 HIGH PATCH GHSA This Week

Cross-namespace privilege escalation in Strimzi Kafka Operator versions up to 1.0.0 allows tenants with namespace-scoped Kafka custom resource creation rights to read and write Secrets in any namespace where the Cluster Operator has been granted permissions. By abusing the documented `watchedNamespace` field within `Kafka.spec.entityOperator`, an attacker mints a token for the entity operator ServiceAccount in their own namespace and gains full CRUD on Secrets in the target namespace. No public exploit identified at time of analysis, but the attack is mechanically straightforward in any multi-tenant Strimzi deployment.

Privilege Escalation Red Hat
NVD GitHub
CVSS 3.1
8.0
CVE-2026-12505 HIGH This Week

Local privilege escalation in the cifs-utils cifs.upcall helper allows low-privileged Linux users to gain root by abusing the kernel request_key interface to load a malicious NSS module inside an attacker-controlled mount namespace. The root-owned helper fails to drop privileges before performing user-name resolution, so the attacker's NSS module executes with full root capabilities. No public exploit identified at time of analysis, but the bug affects every supported Red Hat Enterprise Linux release (6 through 10) and OpenShift Container Platform 4, making it a high-priority hardening fix for any host with CIFS/SMB client functionality.

Privilege Escalation Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-46699 HIGH PATCH This Week

Unintended write access to conda-forge feedstock repositories in conda-smithy prior to 3.61.0 allows attackers who register an abandoned or relinquished GitHub username (a username takeover) to be auto-invited as a maintainer when the conda-forge webservices route repository invitations based on mutable usernames rather than immutable user IDs. The flaw maps to CWE-284 (Improper Access Control) and impacts the conda-forge package supply chain; no public exploit identified at time of analysis, but the GitHub security advisory GHSA-g95q-3cmj-fvh8 and a fix commit are public.

Authentication Bypass Conda Smithy
NVD GitHub
CVSS 3.1
7.6
EPSS
0.2%
CVE-2026-47633 HIGH PATCH NO ACTION Monitor

Information disclosure in Microsoft Cost Management Interactive Experiences allows unauthenticated remote attackers to retrieve sensitive data over a network. The flaw carries a CVSS 3.1 base score of 7.5 with high confidentiality impact and no integrity or availability effects, and Microsoft has published an advisory with a fix. At time of analysis there is no public exploit identified and the vulnerability is not listed in CISA KEV.

Information Disclosure Microsoft Cost Management
NVD VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2026-48933 HIGH PATCH This Week

Denial of service in Node.js 26.x (fixed in 26.3.1) arises from an unguarded integer overflow when computing WebCrypto cipher output buffer lengths, allowing remote attackers to crash a process that performs SubtleCrypto encrypt/decrypt operations on attacker-influenced data. Rated High by the Node.js project (CVSS 7.5, availability-only impact). No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Integer Overflow Information Disclosure Node Js
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2026-48619 HIGH PATCH This Week

Denial of service in Node.js HTTP/2 lets a remote peer exhaust process memory by driving unbounded growth of the connection's originSet, the structure that tracks origins advertised via HTTP/2 ORIGIN frames. It affects the 22.x, 24.x and 26.x release lines up to and including Node 22.22.3, 24.16.0 and 26.3.0, and is fixed in the June 2026 security release (26.3.1). There is no public exploit identified at time of analysis and EPSS exploitation probability is low (0.51%), but availability impact is rated High.

Denial Of Service Node Js Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-54130 HIGH PATCH NO ACTION Monitor

Information disclosure in Microsoft 365 Copilot lets a remote, unauthenticated attacker reach a security-critical function that lacks an authentication check, exposing confidential data over the network. Classified CWE-306 (Missing Authentication for Critical Function) and rated CVSS 7.5, the flaw was reported by Microsoft and a vendor patch is available; there is no public exploit identified at time of analysis, though CISA's SSVC framework flags the issue as automatable with total technical impact. EPSS probability is low (0.50%, 39th percentile), indicating no current evidence of widespread exploitation.

Authentication Bypass Microsoft 365 Copilot
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-48615 HIGH PATCH This Week

Sensitive information disclosure in Node.js (versions 26.3.0, 24.16.0, and 22.22.3) leaks embedded proxy credentials when a CONNECT tunnel connection fails, because the full proxy URL - including username and password - is included verbatim in the resulting tunnel error message rather than being redacted. Anyone able to read those error strings (application logs, error responses, monitoring/telemetry pipelines) can recover the proxy authentication secret. This is a Medium-rated, post-disclosure security-release fix (fixed in v26.3.1); there is no public exploit identified at time of analysis and EPSS is low at 0.38% (30th percentile).

Information Disclosure Node Js Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-55603 HIGH PATCH GHSA This Week

Multipart form-data field injection in the npm package http-proxy-middleware (versions 3.0.4-3.0.6 and 4.0.0-4.1.0) lets remote attackers smuggle additional form parts past gateway-side validation by embedding CRLF sequences in body values, causing the proxy and backend to parse different field sets. The flaw lives in fixRequestBody's handlerFormDataBodyData helper, which concatenates user-controlled keys and values directly into the multipart wire format without neutralizing \r\n. Publicly available exploit code exists in the GHSA advisory, but no public exploit identified as actively used in the wild and no CISA KEV listing.

Authentication Bypass Node.js
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-38718 HIGH This Week

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a buffer overflow vulnerability in the device registration function. This vulnerability could allow an attacker to cause a denial of service attack on the remote target device.

Denial Of Service Buffer Overflow N A
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-49276 HIGH PATCH GHSA This Week

Cross-site scripting in Kirby CMS's Panel writer field (versions <= 4.9.3 and 5.0.0-alpha.1 through 5.4.3) lets an authenticated user inject a JavaScript-scheme URL into the link or email marks that executes in their own browser session when clicked before the content is saved. In Kirby's default configuration this is limited to self-XSS requiring social engineering, but Panel plugins that embed the <k-writer> component without sanitizing HTML before storage can be escalated to stored XSS affecting other users. There is no public exploit and it is not in CISA KEV; the vendor rates it high severity for affected sites.

XSS
NVD GitHub
CVSS 4.0
7.4
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy