Skip to main content
CVE-2016-20092 HIGH POC This Week

NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2_Service_Netdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Netdrive
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2016-20088 HIGH POC This Week

Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path vulnerability in the ChromodoUpdater service that runs with SYSTEM privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Chromodo Browser
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2016-20087 HIGH POC This Week

Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Fortitude Http
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2020-37251 HIGH POC This Week

RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Realtimes Desktop Service
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2020-37250 HIGH POC This Week

TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows local attackers to execute arbitrary code with system privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Tftp Broadband
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2016-20095 HIGH POC This Week

Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastViewerRemoteService and FastViewerRemoteProxy services that allows local users to execute arbitrary. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Matrix42 Remote Control Host
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2022-50971 HIGH POC This Week

Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Malwarebytes
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2021-47985 HIGH POC This Week

Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sapsprint
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2016-20086 HIGH POC This Week

Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBackup_webServer services that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Vembu Storegrid
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2016-20085 HIGH POC This Week

Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Realtek High Definition Audio Driver
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2016-20091 HIGH POC This Week

Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Windows Firewall Control
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2020-37253 HIGH POC This Week

Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Winstep
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-54297 HIGH POC PATCH GHSA This Week

Denial of service in the Faraday Ruby HTTP client library (versions up to and including 2.14.2) allows remote attackers to crash worker threads by submitting query strings with deeply nested bracket-notation parameters. The Faraday::NestedParamsEncoder recursively walks attacker-controlled nested Hash structures without a depth ceiling, raising an uncaught SystemStackError at roughly 3,000+ levels of nesting (~9.4 KB payload). Publicly available exploit code exists in the GHSA-98m9-hrrm-r99r advisory itself; no public exploit identified at time of analysis in the active-exploitation sense, and impact is limited to availability - no RCE, auth bypass, or data disclosure, despite the input tags listing those categories.

Denial Of Service Authentication Bypass Information Disclosure RCE
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-55692 HIGH POC PATCH GHSA This Week

Stored cross-site scripting in the StarCitizenWiki EmbedVideo MediaWiki extension (versions <= 4.0.0) allows any user with page-edit rights to inject arbitrary JavaScript into the data-mw-iframeconfig attribute by supplying a malformed URL or ID containing single quotes for the archiveorg, wistia, or sharepoint services. The flaw is present under the default $wgEmbedVideoRequireConsent=true configuration and executes in the wiki origin for every visitor that loads the affected page, with publicly available exploit code exists in the GHSA advisory.

Microsoft XSS PHP
NVD GitHub
CVSS 3.1
7.5
CVE-2017-20265 HIGH POC This Week

Joomla!. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Flip Wall
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2017-20264 HIGH POC This Week

Joomla!. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Sponsor Wall
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2019-25761 HIGH POC This Week

Joomla!. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Joomcrm
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2019-25759 HIGH POC This Week

Joomla!. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Vbizz
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2019-25757 HIGH POC This Week

Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and userid. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Vwishlist
NVD Exploit-DB VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2019-25749 HIGH POC This Week

Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the guest_adult parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cruiseportal
NVD Exploit-DB VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-8806 HIGH CISA Act Now

Denial-of-service in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Modules (all versions) allows unauthenticated remote attackers to halt the module's communication function by flooding its Ethernet port with packets. The high packet rate overwhelms internal anomaly-detection processing and stops communications - a critical impact for the industrial control environments these PLCs operate in. No public exploit identified at time of analysis, but the CVSS 4.0 score of 8.7 reflects high availability impact in operational technology contexts.

Information Disclosure Mitsubishi Electric Melsec Iq F Series Fx5 Enet Ip Ethernet Module Fx5 Enet Ip
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2026-8805 HIGH CISA Act Now

Denial-of-service in Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module (versions 1.000 and prior) allows a remote unauthenticated attacker to crash the device by rapidly opening many TCP connections, which trips an integer overflow in the EtherNet/IP connection-management logic and triggers improper memory access. No public exploit identified at time of analysis, but the CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) and high availability impact make this a meaningful operational-technology (OT) concern for plants relying on the affected PLC module. Reported by the vendor and tracked in vendor PSIRT advisory 2026-002, JVN VU#97140216, and CISA ICS advisory ICSA-26-169-05.

Integer Overflow Buffer Overflow Mitsubishi Electric Melsec Iq F Series Fx5 Eip Ethernet Ip Module Fx5 Eip
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2026-48584 HIGH PATCH NO ACTION HOSTED Monitor

Privilege escalation in Microsoft Azure Synapse (the cloud analytics service) allows an already-authorized, low-privileged attacker to elevate their privileges over the network, gaining high confidentiality, integrity, and availability impact (CVSS 8.8). The root cause is a component executing with unnecessary privileges (CWE-250), letting a tenant or workspace user with limited rights break out to a higher trust level. No public exploit identified at time of analysis, and EPSS exploitation probability is low (0.50%), with CISA SSVC marking exploitation status as 'none.'

Privilege Escalation Microsoft Azure Synapse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-47645 HIGH PATCH NO ACTION HOSTED Monitor

Privilege elevation in Microsoft 365 Copilot's Business Chat is possible when an attacker abuses an open redirect (CWE-601) to coerce a victim into following a crafted link that lands on an attacker-controlled site. With a CVSS 3.1 base score of 8.8 and high impact across confidentiality, integrity, and availability, successful exploitation lets an unauthorized remote attacker elevate privileges over the network after user interaction. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Open Redirect 365 Copilot
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-56142 HIGH PATCH This Week

Privilege escalation in JetBrains Hub (versions prior to 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, and 2024.2.148429) allows an authenticated attacker to attach additional authentication details to existing accounts, enabling unauthorized access and elevation of privileges. The flaw, self-reported by JetBrains and patched, carries a CVSS 8.8 with high impact to confidentiality, integrity, and availability; no public exploit is identified at time of analysis and EPSS exploitation probability is low (0.41%).

Privilege Escalation Hub
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-49357 HIGH PATCH GHSA This Week

Missing authentication in line-desktop-mcp prior to 1.1.2 lets any network-reachable client invoke MCP tools that read LINE chat history and send messages through the logged-in LINE Desktop application. When started with --http-mode, the server binds 0.0.0.0 and exposes /mcp without an MCP-layer auth check, enabling unauthenticated remote abuse. No public exploit identified at time of analysis, but the fix (1.1.2) and commit are public, making reconstruction trivial.

Authentication Bypass Microsoft Line Desktop Mcp
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.3%
CVE-2026-55773 HIGH PATCH GHSA This Week

Cedar policy injection in CedarJava (com.cedarpolicy:cedar-java) versions below 2.3.6, 3.4.1, and 4.9.0 allows attackers to alter authorization outcomes by smuggling Cedar expressions through unescaped string values. The flaw is in toCedarExpr() on Cedar Value types, which fails to escape quote and backslash characters when serializing user-controlled values into policy text. No public exploit identified at time of analysis, but the integrity impact is severe because injected fragments like '|| true' can neutralize permit/forbid logic in fine-grained authorization decisions.

Code Injection Java RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-53915 HIGH PATCH This Week

Remote code execution in JetBrains GoLand before 2026.1.3 lets an attacker run arbitrary code on a developer's machine when the victim opens a maliciously crafted project whose configuration is untrusted. The flaw, reported by JetBrains itself and assigned CVSS 8.8 with high confidentiality, integrity, and availability impact, requires the user to open the booby-trapped project (UI:R) but no prior authentication on the IDE. There is no public exploit identified at time of analysis, and the EPSS probability is low at 0.21% (11th percentile).

RCE Goland
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-55772 HIGH PATCH GHSA This Week

Type confusion in CedarJava versions prior to 2.3.6, 3.4.1, and 4.9 allows authenticated remote attackers to manipulate authorization decisions by injecting reserved JSON keys (`__entity` or `__extn`) into CedarMap objects built from attacker-controlled input. When an integrating service constructs a CedarMap from caller-supplied data such as headers, metadata, or resource tags, the Rust cedar-policy evaluator can be tricked into interpreting a record as an entity reference, undermining fine-grained authorization. No public exploit identified at time of analysis, but the CVSS 8.8 rating reflects high impact on confidentiality, integrity, and availability of authorization outcomes.

Memory Corruption Java Information Disclosure
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-48139 HIGH This Week

Denial of service in NI grpc-device 2.17.0 and prior allows remote unauthenticated attackers to crash the data moniker service by submitting an unknown value that triggers a NULL pointer dereference. The flaw also impacts deployments embedding the server via NI InstrumentStudio. No public exploit is identified at time of analysis, though the CVSS 4.0 base score of 8.7 reflects high availability impact reachable over the network without privileges.

Denial Of Service Null Pointer Dereference Grpc Device Instrumentstudio
NVD GitHub
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-48138 HIGH This Week

Remote denial of service in NI grpc-device 2.17.0 and earlier allows unauthenticated network attackers to crash the streaming API by sending a specially crafted write request that triggers an out-of-bounds read (CWE-125). The flaw was reported by NI itself and is documented in both an NI security bulletin and a GitHub security advisory (GHSA-8rjh-429j-f6gw); no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Information Disclosure Buffer Overflow Grpc Device Instrumentstudio
NVD GitHub
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-55206 HIGH PATCH GHSA This Week

Denial of service in py7zr (a pure-Python 7-Zip library) versions 1.1.2 and earlier lets a remote, unauthenticated attacker exhaust CPU with a tiny crafted .7z archive. The flaw is in header parsing (PackInfo._read), so merely opening the archive with SevenZipFile() - no extraction - triggers the cost; a ~50 KB file consumes roughly 7 seconds of CPU. Publicly available exploit code exists (PoC published in the GHSA advisory), but there is no active exploitation identified and it is not listed in CISA KEV.

Python Denial Of Service
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-55195 HIGH PATCH GHSA This Week

Denial-of-service via decompression bomb in py7zr, the pure-Python 7-Zip library, affects all versions up to and including 1.1.2. The library's Worker.decompress() writes extracted data to disk or memory without tracking cumulative decompressed size, so a tiny crafted .7z (demonstrated at a 6,556:1 ratio - 15.6 KB expanding to 100 MB) can exhaust disk or RAM on any application that extracts untrusted archives. Publicly available exploit code exists (a working PoC is published in the GHSA advisory), but the issue is not listed in CISA KEV; CVSS 4.0 rates it 8.7 (High) with pure availability impact.

Python Ubuntu Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-56082 HIGH PATCH This Week

Cross-tenant billing log tampering in Capgo (Cap-go/capgo) before 12.128.2 allows unauthenticated attackers holding only the public Supabase publishable anon key to insert or overwrite build_logs rows for arbitrary organizations via the SECURITY DEFINER PostgREST RPC public.record_build_time. Because the function is granted to the anon role and uses ON CONFLICT (build_id, org_id) DO UPDATE, attackers can inflate or alter another tenant's billable build time, producing financial-impact denial of service. No public exploit identified at time of analysis, though the vendor advisory (GHSA-42xj-3h9w-26h5) and a VulnCheck write-up describe the attack path in detail.

Authentication Bypass Denial Of Service Capgo
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-4026 HIGH This Week

Privilege escalation in Flexera FlexNet Manager Suite 2025 R1 allows an authenticated user holding only read-only access to account settings to elevate themselves to full Administrator. The flaw is a server-side access-control failure (CWE-284) reachable over the network with low privileges and no user interaction, scoring CVSS 4.0 8.7. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Flexnet Manager Suite
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-55691 HIGH POC PATCH GHSA This Week

Stored cross-site scripting in the StarCitizenWiki EmbedVideo MediaWiki extension (versions <= 4.0.0) allows any wiki user to inject arbitrary HTML and JavaScript into rendered pages by abusing the unsanitized class attribute on embed tags such as <youtube>. Because the user-supplied class is concatenated into an HTML template via sprintf without escaping, an attacker can break out of the class attribute and execute script in the context of every visitor that views the page. No public exploit identified at time of analysis beyond the advisory's own PoC, and the issue is not listed in CISA KEV.

PHP XSS
NVD GitHub
CVSS 3.1
8.6
CVE-2026-12104 HIGH This Week

Authenticated OS command injection in SIMA GmbH Bondix Server through 1.25.7.5 on Linux allows an attacker with configuration write privileges to execute arbitrary operating-system commands by supplying crafted values in the environment and tunnel configuration that are passed unsanitized to server-side scripts. The flaw was reported by NCSC.ch and carries a CVSS 4.0 base score of 8.6 (High); no public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Command Injection Bondix Server
NVD VulDB
CVSS 4.0
8.6
EPSS
1.1%
CVE-2025-7737 HIGH This Week

Remote denial-of-service in Hitachi Virtual Storage Platform (VSP) enterprise storage arrays allows unauthenticated network attackers to disrupt availability through the 10G iSCSI interface across a wide swath of VSP families including E-series, G/F-series, 5000-series, and legacy G1000/G1500/F1500 platforms. The flaw maps to CWE-770 (uncontrolled resource consumption) and carries a CVSS 3.1 base score of 8.6 with a scope-change indicator, meaning impact extends beyond the iSCSI front-end channel to dependent storage services. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service Hitachi Virtual Storage Platform E990 E1090 E1090H Hitachi Virtual Storage Platform E390 E590 E790 E390H E590H E790H Hitachi Virtual Storage Platform G130 G150 G350 G370 G700 G900 F350 F370 F700 F900 Hitachi Virtual Storage Platform G100 G200 G400 G600 G800 F400 F600 F800 +2
NVD VulDB
CVSS 3.1
8.6
EPSS
0.3%
CVE-2026-55849 HIGH PATCH GHSA This Week

Command injection in the @cyclonedx/cyclonedx-npm SBOM generator (versions >= 2.1.0, < 5.0.0) lets an attacker who controls the value passed to the --workspace CLI option execute arbitrary OS commands when the npm_execpath environment variable is unset or empty. In that fallback path the tool spawns a subshell and interpolates the workspace value into a command string without escaping, so shell metacharacters break out of the intended context and run with the invoking user's privileges. No public exploit identified at time of analysis, though the vendor fix PR ships a proof-of-concept-style regression test; the issue is not listed in CISA KEV and no EPSS score was provided.

Privilege Escalation Command Injection Node.js
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.2%
CVE-2026-53492 HIGH PATCH GHSA This Week

Kubernetes device-plugin and resource-allocation enforcement can be bypassed in containerd by a namespace user holding pod-creation rights, who restores a container from a maliciously crafted checkpoint image. The CRI restore path trusts Container Device Interface (CDI) annotations embedded in untrusted checkpoint metadata instead of the pod's create-time spec, letting the attacker smuggle arbitrary CDI edits (host device nodes and mounts) into the restored container. It affects containerd v2.1.0-2.1.8, v2.2.0-2.2.4 and v2.3.0-2.3.1; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Kubernetes Checkpoint Information Disclosure Containerd
NVD VulDB GitHub
CVSS 4.0
8.4
EPSS
0.5%
CVE-2026-55882 HIGH PATCH GHSA This Week

Sensitive information disclosure in the Tilt HUD server (Go package github.com/tilt-dev/tilt, versions >= 0.19.5 through <= 0.37.3) lets an unauthenticated network caller read live process memory via unprotected net/http/pprof endpoints mounted under /debug, harvesting the session token (Tilt-Token cookie) and the apiserver loopback bearer token, and hold the process under CPU profiling or tracing to degrade performance. Exploitation requires the HUD or apiserver listener to be bound to a non-loopback address (tilt up --host 0.0.0.0 or TILT_HOST set); the default loopback-only bind is not remotely reachable. No public exploit identified at time of analysis, and this is not in CISA KEV; a vendor patch (v0.37.4) is available.

Information Disclosure
NVD GitHub
CVSS 4.0
8.3
EPSS
0.4%
CVE-2026-55883 HIGH PATCH GHSA This Week

Cross-site WebSocket hijacking in Tilt (the tilt-dev Kubernetes development tool) versions 0.24.0 through 0.37.3 lets a network-adjacent attacker read the developer's entire HUD view stream when the HUD is bound to a non-loopback address. The intended anti-CSWSH protection fails because the gating CSRF token is served by an unauthenticated endpoint and the WebSocket upgrader also accepts any client that omits an Origin header. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV; exposure is limited to non-default deployments that bind the listener beyond localhost.

CSRF
NVD GitHub
CVSS 4.0
8.3
EPSS
0.2%
CVE-2026-54904 HIGH PATCH GHSA This Week

Denial of service in the concurrent-ruby gem (versions through 1.3.6) allows attackers to cause CPU exhaustion and permanent thread hangs by forcing an externally-derived numeric value stored in a Concurrent::AtomicReference to become Float::NAN. Because Ruby evaluates Float::NAN == Float::NAN as false, any subsequent call to AtomicReference#update livelocks - endlessly re-running the caller's block and pinning a CPU core, as the included reporter PoC demonstrates (over 1.9 million spin iterations in 250 ms). Publicly available exploit code exists; there is no public exploit identified as being used in active attacks, and the issue is not listed in CISA KEV.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.3%
CVE-2026-53489 HIGH PATCH GHSA This Week

Arbitrary host file disclosure in containerd's CRI plugin lets an attacker read any file on the Kubernetes node via `kubectl logs` because the plugin restores `container.log` from a checkpoint image while blindly following a symlinked path. All containerd 2.x branches before 2.1.9, 2.2.5, and 2.3.2 are affected wherever container checkpoint/restore (CRIU-based) is used. There is no public exploit identified at time of analysis and it is not on CISA KEV, but the flaw was independently reported by numerous researchers and a vendor patch is available.

Checkpoint Information Disclosure Containerd
NVD VulDB GitHub
CVSS 4.0
8.2
EPSS
0.2%
CVE-2026-49260 HIGH POC PATCH GHSA This Week

Shell command injection in pontedilana/php-weasyprint prior to 2.5.1 allows code execution as the PHP process when the WeasyPrint binary path is sourced from configuration, environment variables, or per-tenant settings. The library's buildCommand() inverted the order of escapeshellarg() and is_executable(), turning the 'safe' branch into dead code and passing the raw binary string into Symfony Process::fromShellCommandline(). No public exploit identified at time of analysis, but a PoC for the identical KnpLabs/snappy precursor flaw (GHSA-vpr4-p6fq-85jc) is published and directly applicable.

Command Injection PHP
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2026-55689 HIGH PATCH GHSA This Week

Authentication bypass in OpenFGA versions 1.17.1 and earlier allows a validly-signed JWT issued for an unrelated service to authenticate to OpenFGA, because the OIDC authenticator silently skipped JWT audience (aud) validation whenever authn.oidc.audience was left unset. Any deployment using authn.method=oidc with a configured issuer but no configured audience trusts every token minted by that issuer, so an attacker holding a legitimate token for a different service behind the same identity provider gains full access to OpenFGA's authorization data. There is no public exploit identified at time of analysis and EPSS is low (0.30%, 22nd percentile), but the CVSS 8.1 rating reflects the high confidentiality and integrity impact on a system that governs fine-grained authorization decisions.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-49340 HIGH POC PATCH GHSA This Week

Arbitrary file write in gonic music streaming server prior to v0.21.0 allows any authenticated Subsonic user - including non-admin accounts - to write attacker-controlled M3U playlist content to any absolute filesystem path on the host, while also creating intermediate directories with world-writable 0o777 permissions. The flaw stems from an unreachable guard clause in ServeCreateOrUpdatePlaylist combined with missing path containment in Store.Write. No public exploit identified at time of analysis, but the GitHub Security Advisory GHSA-4gxv-p5g5-j7w7 documents the issue and a fix is available.

Path Traversal Gonic
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-49291 HIGH POC PATCH GHSA This Week

Authorization bypass in doobidoo mcp-memory-service prior to 10.65.3 lets OAuth clients with only the read scope invoke mutating MCP tools such as store_memory and delete_memory via the /mcp JSON-RPC endpoint, despite the equivalent REST endpoints correctly enforcing the write scope. Authenticated read-only clients can therefore tamper with or destroy memory entries used by downstream AI applications. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Mcp Memory Service
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-49286 HIGH PATCH GHSA This Week

PHAR deserialization in PhpWeasyPrint versions prior to 2.6.0 allows remote code execution by bypassing the case-sensitive phar:// blacklist introduced for CVE-2023-28115 - because PHP stream wrappers are case-insensitive, schemes like PHAR:// or PhAr:// pass the check and reach file_exists() in prepareOutput(). When the library runs on PHP 7.4+ and an attacker can influence the output filename argument passed to generation methods, a crafted PHAR archive's metadata is unserialized via a gadget chain, yielding code execution. No CISA KEV listing and no public exploit identified at time of analysis for this specific CVE, although the equivalent upstream KnpLabs/snappy advisory (GHSA-92rv-4j2h-8mjj) ships a working phpggc-based PoC that is directly portable.

PHP Deserialization RCE Php Weasyprint
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2026-23879 HIGH PATCH GHSA This Week

Arbitrary file write in py7zr versions 1.1.0 through 1.1.2 allows attackers to escape the destination directory during archive extraction by chaining malicious symbolic links that resolve outside the target path. A victim who calls extractall() on a crafted 7z archive can have files written to arbitrary host filesystem locations, potentially escalating to remote code execution, privilege escalation, or data corruption. Publicly available exploit code exists (PoC published in the GHSA advisory), but there is no public exploit identified for active campaigns at time of analysis.

Python Privilege Escalation RCE Denial Of Service Red Hat +1
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy