Skip to main content
CVE-2026-12806 HIGH POC This Week

Stack/heap buffer overflow in the Edimax BR-6478AC V2 wireless router (firmware 1.23) lets an authenticated attacker corrupt memory by sending an oversized selSSID parameter to the formWlSiteSurvey handler under /goform/, enabling denial of service and potentially arbitrary code execution on the device. Publicly available exploit code exists, but no public exploit identified at time of analysis as actively used in attacks (not in CISA KEV); the vendor was notified and did not respond, leaving devices unpatched. CVSS 4.0 base score is 7.4 reflecting network reachability of the management interface combined with required low-privilege authentication.

Buffer Overflow Br 6478Ac V2
NVD VulDB
CVSS 4.0
7.4
EPSS
0.5%
CVE-2026-12786 HIGH POC This Week

Local privilege escalation in EZB Systems UltraISO Premium Edition up to 9.76 stems from improper access controls in the bundled bootpt64.sys kernel driver, allowing an authenticated local user to abuse the driver and achieve high-integrity kernel-level impact on confidentiality, integrity, and availability. Publicly available exploit code exists, and the vendor was contacted but did not respond, leaving all currently shipped versions unpatched.

Authentication Bypass Ultraiso Premium Edition
NVD VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-12784 HIGH POC This Week

Local privilege escalation in IM-Magic Partition Resizer up to 7.9.0 stems from improper access controls in the MDA_NTDRV.sys kernel driver, allowing a low-privileged local user to gain elevated kernel-level capabilities. Publicly available exploit code exists and the vendor did not respond to coordinated disclosure, leaving all currently shipped versions (7.0 through 7.9.0) without a fix. No public exploit identified as being used in attacks (not in CISA KEV), but POC weaponization risk is elevated given the unpatched status.

Authentication Bypass Partition Resizer
NVD VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-12782 HIGH POC PATCH This Week

Local privilege escalation in EaseUS Partition Master versions 14.0 through 14.5 allows low-privileged users to abuse the EUEDKEPM.sys kernel driver due to improper access controls (CWE-284). Publicly available exploit code exists and the vendor has released a patched version, though the issue is not listed in CISA KEV. The flaw maps to authentication-bypass behavior at the kernel-driver interface, giving attackers a path from a standard user account to SYSTEM-level capabilities.

Authentication Bypass Partition Master
NVD VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-12781 HIGH POC PATCH This Week

Local privilege escalation in EaseUS Partition Master through version 14.5 stems from improper access controls in the epmntdrv.sys kernel driver, allowing a low-privileged local user to gain SYSTEM-level control over the host. Publicly available exploit code exists and the vendor has confirmed the issue was resolved in newer releases, though no specific patched version is named in the advisory.

Authentication Bypass Partition Master
NVD VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-12780 HIGH POC This Week

Local privilege escalation in AOMEI Backupper through 8.3.0 stems from improper access controls in the bundled kernel driver amwrtdrv.sys, allowing an authenticated local user to abuse driver IOCTLs and escalate privileges. Publicly available exploit code exists for this issue, and the vendor was contacted but has not responded, leaving customers without an official fix. The CVSS 4.0 base score is 7.1 with local attack vector and low privileges required, reflecting realistic post-foothold risk rather than remote compromise.

Authentication Bypass Backupper
NVD VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-12779 HIGH POC This Week

Local privilege escalation in AOMEI Dynamic Disk Manager up to version 10.10.1 stems from improper access controls in the ddmdrv.sys kernel driver, allowing a low-privileged local user to interact with privileged driver IOCTLs and gain SYSTEM-level control. Publicly available exploit code exists, and the vendor did not respond to coordinated disclosure, leaving installations unpatched. No CISA KEV listing or active exploitation has been confirmed at time of analysis.

Authentication Bypass Dynamic Disk Manager
NVD VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-12778 HIGH POC This Week

Local privilege escalation in AOMEI Partition Assistant through version 10.10.1 allows authenticated low-privileged users to abuse improper access controls in the ampa10.sys kernel driver to gain SYSTEM-level code execution. Publicly available exploit code exists per VulDB, and the vendor did not respond to coordinated disclosure attempts, leaving installations exposed; no public exploit identified at time of analysis as actively used in the wild (not in CISA KEV).

Authentication Bypass Partition Assistant
NVD VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-52911 HIGH PATCH This Week

Improper session authorization in the Linux kernel's in-kernel SMB3 server (ksmbd) lets an authenticated SMB client reach sessions it never bound to. Because the connection-wide conn->binding flag stays set after a binding SESSION_SETUP, the global lookup in ksmbd_session_lookup_all() would resolve any session by ID, allowing a low-privileged remote user to access another user's session (Information Disclosure tagged). No public exploit identified at time of analysis; EPSS is low (0.18%, 7th percentile) and it is not in CISA KEV.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-56396 HIGH PATCH This Week

Privilege escalation in phpMyFAQ before 4.1.4 allows authenticated non-SuperAdmin users holding the edit_user permission to promote themselves to SuperAdmin via missing authorization checks in the editUser() and updateUserRights() endpoints. The flaw lets a low-tier administrator set the is_superadmin flag or grant arbitrary rights, fully compromising the FAQ application; publicly available exploit code exists is not asserted, and at time of analysis no public exploit identified at time of analysis.

Authentication Bypass Phpmyfaq
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-56253 HIGH PATCH This Week

Unauthenticated organization member enumeration in Capgo before 12.128.2 allows remote attackers to harvest email addresses, user IDs, roles, and pending invitations by invoking the public.get_org_members RPC with only a publishable Supabase key and a target organization UUID. The flaw, reported by VulnCheck and tracked as EUVD-2026-38169, carries a CVSS 4.0 score of 8.7 and reflects a broken access control check on a public Postgres RPC. No public exploit identified at time of analysis, but the trivial invocation makes mass scraping straightforward once an org UUID is known.

Authentication Bypass Capgo
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-56242 HIGH PATCH This Week

Information disclosure in Capgo before 12.128.2 lets remote unauthenticated attackers abuse the security-definer RPC function get_identity_apikey_only to validate arbitrary API keys and map them to owning user_ids. The endpoint functions as an oracle, and results can be chained into other exposed RPCs such as get_orgs_v6 to enumerate organization membership and harvest management email PII. No public exploit identified at time of analysis, though VulnCheck has publicly documented the technique and a vendor patch is available.

Information Disclosure Oracle Capgo
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-56382 HIGH POC PATCH This Week

Authenticated remote code execution in Craft CMS versions 5.5.0 through 5.9.13 allows admin users to execute arbitrary PHP by injecting Yii2 event handlers via the fieldLayoutConfig POST parameter to FieldsController::actionRenderCardPreview(). The flaw stems from missing Component::cleanseConfig() sanitization, enabling disclosure of environment variables including database credentials and CRAFT_SECURITY_KEY. No public exploit identified at time of analysis, though VulnCheck has published a detailed advisory describing the attack technique.

Code Injection RCE PHP Cms
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.5%
CVE-2025-71348 HIGH PATCH This Week

Detection bypass in picklescan before 0.0.28 allows attackers to smuggle arbitrary code through pickle files by abusing torch.utils._config_module.load_config inside __reduce__ methods, defeating the library's malicious-pickle scanning and enabling remote code execution when the file is later loaded. Publicly available exploit code exists (GHSA-vv6j-3g6g-2pvj includes a working PoC), and the flaw is significant for any ML pipeline that trusts picklescan to vet third-party PyTorch model files. No CISA KEV listing at time of analysis, so exploitation status is limited to public POC rather than confirmed in-the-wild use.

Deserialization RCE Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.4%
CVE-2025-71378 HIGH PATCH This Week

Detection bypass in picklescan versions before 0.0.30 allows malicious pickle files to evade security scanning by using cProfile.runctx in __reduce__ methods, leading to arbitrary code execution when the file is loaded via pickle.load(). The flaw undermines the core purpose of picklescan as a defensive tool for ML model security and was reported by VulnCheck with a published proof-of-concept in the GitHub Security Advisory. No public exploit identified at time of analysis as a weaponized in-the-wild attack, but PoC code is published in the GHSA.

Deserialization RCE Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.3%
CVE-2025-71357 HIGH PATCH This Week

Detection bypass in picklescan before 0.0.30 allows attackers to smuggle arbitrary code execution payloads through pickle files by abusing idlelib.pyshell.ModifiedInterpreter.runcommand inside a __reduce__ method, which the scanner fails to flag as dangerous. Any victim who relies on picklescan to vet PyTorch models or other pickle artifacts and then calls pickle.load() will execute attacker-supplied commands. Publicly available exploit code exists (PoC published in the GHSA advisory), no CISA KEV listing, and the issue is fixed in version 0.0.30.

Deserialization Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.2%
CVE-2025-71351 HIGH PATCH This Week

Detection bypass in picklescan versions before 0.0.25 allows attackers to embed remote code execution payloads in pickle files by abusing the built-in timeit.timeit() function inside a __reduce__ method, which is not on the unsafe-globals blacklist. Any organization using picklescan to vet PyTorch or other pickle-based model files is affected, and a working PoC is publicly documented in the GHSA advisory (no public exploit identified at time of analysis as a weaponized tool, but POC code is published).

RCE Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.4%
CVE-2026-56239 HIGH PATCH This Week

Privilege escalation in Capgo before 12.128.2 allows authenticated Supabase users to manipulate billing data for arbitrary organizations by invoking the public.apply_usage_overage SECURITY DEFINER function via RPC. The function executes with owner privileges and skips auth.uid(), org membership, and check_min_rights validation, bypassing Row Level Security and enabling fraudulent overage insertion or credit depletion across tenants. No public exploit identified at time of analysis, but vendor and VulnCheck have published advisories and a patched release.

Privilege Escalation Capgo
NVD GitHub VulDB
CVSS 4.0
7.2
EPSS
0.2%
CVE-2026-56394 HIGH PATCH This Week

Authenticated path traversal in Craft CMS (4.0.0-RC1 through 4.17.6 and 5.0.0-RC1 through 5.9.12) allows low-privileged users to read arbitrary SVG files on the server via the assets/icon endpoint's extension parameter, which was passed to file existence checks without validation. No public exploit identified at time of analysis, though VulnCheck published an advisory and the upstream fix is visible in commit 30f5f1a. Confidentiality impact is high but no integrity or availability impact, and exploitation requires valid authenticated session.

Path Traversal Cms
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-56229 HIGH PATCH This Week

Cross-tenant authorization bypass in Capgo before 12.128.2 lets authenticated API clients read build status and logs belonging to other applications by combining an authorized app_id with a job_id from a different, unauthorized app. The /build/status and /build/logs endpoints validate the app_id but fail to verify that the supplied job_id actually belongs to that application, exposing logs, metadata, and potentially embedded credentials across tenant boundaries. No public exploit identified at time of analysis, though VulnCheck has published an advisory with technical details.

Authentication Bypass Capgo
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-56251 HIGH PATCH This Week

Privilege escalation in Capgo before 12.128.2 allows authenticated users holding the admin role to elevate themselves to super_admin by abusing a broken row-level security (RLS) policy on the org_users table. No public exploit identified at time of analysis, but a vendor patch is available and the flaw was disclosed by VulnCheck through a GitHub Security Advisory.

Authentication Bypass Capgo
NVD GitHub VulDB
CVSS 4.0
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy