Skip to main content
CVE-2026-47151 HIGH PATCH This Week

Out-of-bounds memory writes in Silicon Labs EmberZNet (Zigbee stack) v9.0.2 and earlier allow an already-joined network device to corrupt Door Lock schedule state by sending malformed ClearWeekdaySchedule messages. Only devices implementing the Door Lock cluster are affected, and the corruption is bounded in size and location, primarily threatening availability/integrity rather than data disclosure. No public exploit identified at time of analysis; a vendor patch is available.

Memory Corruption Buffer Overflow Emberznet
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-47150 HIGH PATCH This Week

Denial of service in Silicon Labs EmberZNet (Zigbee stack) versions 9.0.2 and earlier allows an already-joined network device to crash the host process by sending malformed IAS Zone enrollment messages, which trigger an out-of-bounds write to the state table. Only nodes that support the IAS Zone (security sensor) cluster are affected, and the attacker must already hold a valid place on the Zigbee network (PR:L). No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Memory Corruption Buffer Overflow Emberznet
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-47149 HIGH PATCH This Week

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) lets an already-joined network device crash the target by sending Door Lock cluster messages containing malformed or out-of-range user identifiers, which trigger an out-of-bounds table read (CWE-125) that terminates the process. Only devices that implement the Door Lock cluster are affected, and no data is leaked back to the sender. There is no public exploit identified at time of analysis, and the issue is not in CISA KEV.

Buffer Overflow Information Disclosure Emberznet
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-47148 HIGH PATCH This Week

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) allows an already-joined network device to crash a target by sending malformed GetGroupMembership commands, which cause repeated out-of-bounds reads past the message payload and terminate the process. Only devices implementing the Groups cluster are affected, and no information leakage to the sender was observed despite the read primitive. There is no public exploit identified at time of analysis, no CISA KEV listing, and the impact is availability-only (process termination), not code execution or data disclosure.

Buffer Overflow Information Disclosure Emberznet
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-47147 HIGH PATCH This Week

Out-of-bounds read in the Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) lets an already-joined network device send malformed Over-The-Air (OTA) update requests that drive the OTA Server cluster parser past buffer boundaries, leaking a small, size- and location-limited amount of RAM back to the requester and potentially disrupting the OTA service. Only nodes that implement the OTA Server cluster are affected, and exploitation requires prior network membership (PR:L authenticated). No public exploit is identified and the CVE is not in CISA KEV; the CVSS 4.0 base score of 7.1 is driven mainly by high availability impact (VA:H) rather than data theft.

Buffer Overflow Information Disclosure Emberznet
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-47146 HIGH PATCH This Week

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) lets an already-joined network device crash a target by sending malformed Color Control cluster messages that trip a reachable assertion and terminate the process. Only devices implementing the Color Control cluster (typically color-capable lighting) are affected, and the attacker must already be a member of the Zigbee network. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Information Disclosure Emberznet
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-47145 HIGH PATCH This Week

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) allows an already-joined network device to crash the target by sending malformed Color Control cluster messages, which trigger a reachable assertion that terminates the process. Only devices implementing the Color Control cluster (typically Zigbee lighting/color-capable nodes and coordinators) are affected. Vendor-rated CVSS 4.0 7.1 with availability-only impact; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Information Disclosure Emberznet
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-4526 HIGH PATCH This Week

Denial of service in Silicon Labs EmberZNet (Zigbee stack) v9.0.2 and earlier allows an already-joined Zigbee device to crash the process by sending malformed global ZCL (Zigbee Cluster Library) messages that trigger out-of-bounds reads in the framework parsing logic. The flaw affects availability only - no information leakage back to the sender was observed despite the dataset's 'Information Disclosure' tag. A vendor patch is available, and there is no public exploit identified at time of analysis.

Buffer Overflow Information Disclosure Emberznet
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-56071 HIGH This Week

Cross-site scripting in the Forminator WordPress plugin (versions 1.53.1 and earlier, by WPMU DEV) lets unauthenticated remote attackers inject malicious script that executes in a victim's browser when they interact with crafted content. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C, score 7.1) confirms no authentication is required but that user interaction triggers the payload, and the changed scope means the injected script runs in a security context beyond the vulnerable component. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

XSS Forminator
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-56042 HIGH This Week

Stored/reflected Cross-Site Scripting in the Advanced Order Export For WooCommerce WordPress plugin (by AlgolPlus) affects all versions up to and including 4.0.9, letting a remote attacker inject script that executes in the browser of a victim who views attacker-controlled order/export data. The flaw carries a CVSS 7.1 rating driven by a scope change (attacker script runs outside the vulnerable component's security context) and requires victim interaction; there is no public exploit identified at time of analysis and it is not on the CISA KEV list.

WordPress XSS Advanced Order Export For Woocommerce
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-56014 HIGH This Week

Stored or reflected cross-site scripting in the Averta Master Slider WordPress plugin (versions 3.11.2 and earlier) lets unauthenticated remote attackers inject script that executes in a victim's browser, but only after the victim interacts with attacker-supplied content (UI:R). The CVSS:3.1 vector's scope change (S:C) reflects that injected code runs in the browser's trust context rather than the plugin's, enabling session theft or actions on behalf of the victim. There is no public exploit identified at time of analysis and the issue is not on CISA KEV.

XSS Master Slider
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-56006 HIGH This Week

Reflected cross-site scripting in the H5P WordPress plugin (versions 1.17.6 and earlier) lets an unauthenticated attacker inject script that executes in a victim's browser when they follow a crafted link, per the CVSS PR:N/UI:R vector. Because the scope is changed (S:C), successful execution can reach beyond the vulnerable component into the authenticated WordPress session context, enabling session/cookie theft or admin-context actions. There is no public exploit identified and the issue is not listed in CISA KEV, so risk is moderate (CVSS 7.1) and contingent on social-engineering a logged-in user.

XSS H5P
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-56005 HIGH This Week

Stored/reflected Cross-Site Scripting in Melapress's WP Activity Log WordPress plugin (versions <= 5.6.3.1, reported by Patchstack) lets a low-privileged Subscriber-level user inject script that executes in another user's browser, with a CVSS-rated scope change (S:C) meaning the payload can affect resources beyond the plugin's own security context. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; direct impact is limited (C:L/I:L/A:L) but the cross-context scope and low attack complexity make it relevant for sites that allow open registration.

XSS Wp Activity Log
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-55092 HIGH PATCH This Week

Arbitrary file write in Aqua Security's Trivy scanner (prior to 0.71.1) allows an attacker who can make Trivy fetch an attacker-controlled OCI artifact to write layer content anywhere on the host filesystem. Trivy trusts the org.opencontainers.image.title manifest annotation as the output filename without sanitization, so a crafted value containing path-traversal sequences escapes the intended download directory (CWE-22). No public exploit has been identified at time of analysis; the CVSS 4.0 score is 7.0 (high), driven by high integrity and availability impact requiring user interaction.

Path Traversal Trivy Suse
NVD GitHub VulDB
CVSS 4.0
7.0
EPSS
0.3%
CVE-2026-46732 HIGH This Week

Local privilege escalation in Dell Display and Peripheral Manager (DDPM) for Mac, versions prior to 2.3, lets a low-privileged local user win a race condition (CWE-362) to gain elevated privileges. The flaw stems from improper synchronization around a shared resource, and successful exploitation yields full compromise of confidentiality, integrity, and availability on the host. No public exploit identified at time of analysis, and EPSS is negligible (0.07%); CISA SSVC marks exploitation as none but technical impact as total.

Dell Race Condition Information Disclosure Display And Peripheral Manager
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-46498 HIGH PATCH GHSA This Week

OAuth2/OIDC token forgery in OpenIdentity Platform's OpenAM Community Edition (through 16.0.6) lets an attacker mint OAuth2 bearer tokens and OIDC ID tokens with arbitrary subject (userName), clientID, realm, and scope by abusing the stateful token-read path's failure to namespace and type-check Core Token Store (CTS) rows. The flaw is an Authorization Bypass Through User-Controlled Key (CWE-639): any CTS row whose BLOB merely claims to be an OAuth token is trusted on read with no integrity check, so an attacker who can write attacker-controlled JSON to CTS under a known identifier can impersonate any user or client. No public exploit has been identified at time of analysis, and the issue is fixed in version 16.1.1; it does not by itself grant an OpenAM SSO session or admin-console access.

Authentication Bypass
NVD GitHub
CVE-2026-45794 HIGH PATCH GHSA This Week

Unsafe Java deserialization (CWE-502) in OpenAM Community Edition through 16.0.6 lets attackers abuse the anonymous Push Notification SNS callback REST route to force the server to load an attacker-named class and construct it from attacker-controlled JSON via Jackson. A low-privileged user who starts Push Registration can plant a malicious CTS predicate blob, then drive anonymous callbacks that yield a reliable class-loading and Jackson-construction primitive with classpath-dependent impacts ranging from token-record corruption and DoS to potential process execution and file writes. No public exploit is identified at time of analysis and confirmed arbitrary command execution was not demonstrated on stock classpaths; the issue is fixed in 16.1.1.

Deserialization Java RCE
NVD GitHub
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy