Skip to main content
CVE-2026-57655 HIGH This Week

Cross-Site Request Forgery in the Child Theme Wizard WordPress plugin (versions 1.4 and earlier) lets a remote, unauthenticated attacker trick a logged-in administrator into submitting forged state-changing requests, allowing unauthorized actions on the WordPress site without the victim's consent. The CVSS 3.1 score is 8.2 with a scope-change (S:C) and high integrity impact, reflecting that the forged action can affect resources beyond the vulnerable component. There is no public exploit identified at time of analysis, the flaw is not listed in CISA KEV, and no EPSS score was supplied.

CSRF
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-57645 HIGH This Week

Improper authorization (CWE-862) in the WordPress "Newsletters" plugin (newsletters-lite) versions 4.13 and earlier lets remote unauthenticated attackers tamper with the newsletters_subscribers functionality, yielding high integrity and availability impact (CVSS 8.1). The flaw, reported by Patchstack and tagged as an authentication bypass, requires victim interaction (UI:R) but no attacker privileges. No public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-56031 HIGH This Week

PHP Object Injection in the Uncanny Automator WordPress plugin (versions 7.3.1.2 and earlier) lets unauthenticated remote attackers submit crafted serialized PHP objects that the application deserializes, potentially leading to full WordPress site compromise. The flaw is rooted in unsafe deserialization of untrusted data (CWE-502) and carries high confidentiality, integrity, and availability impact (CVSS 8.1). No public exploit identified at time of analysis and it is not in CISA KEV; the high attack complexity reflects the need for a usable POP gadget chain in the target environment.

Deserialization PHP
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-40711 HIGH PATCH This Week

OS command injection in Dell Container Storage Modules (CSM) version 2.16.0 - spanning the csi-powerstore, csi-unity, csi-powerflex, and csi-powermax CSI drivers - lets a remote, high-privileged attacker inject and execute arbitrary operating-system commands (CWE-78). Successful exploitation yields full confidentiality, integrity, and availability impact with a scope change, meaning command execution can reach beyond the vulnerable component into the surrounding host or cluster. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the CVSS 3.1 base score is 8.0 (High).

Command Injection Dell Container Storage Modules
NVD
CVSS 3.1
8.0
EPSS
1.0%
CVE-2026-48800 HIGH PATCH This Week

Local OS command injection in Notepad++ before 8.9.6.1 lets an attacker who can write to a user's shortcuts.xml inject an arbitrary executable path into a <Command> entry under <UserDefinedCommands>, which feedUserCmds() loads into UserCommand._cmd with no validation and later passes straight to ShellExecute when the victim clicks the corresponding Run-menu item. Because the malicious entry renders as an ordinary Run-menu item, it doubles as a stealthy persistence mechanism that executes attacker-chosen binaries in the victim's user context. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but the fix is confirmed in release 8.9.6.1.

Command Injection Notepad Plus Plus
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-53294 HIGH PATCH This Week

Local privilege escalation potential in the Linux kernel's mailbox-test driver arises from a double-free when the RX channel is aliased to the TX channel (a valid configuration when they use different MMIO regions); the cleanup path frees the reused channel twice. Affecting the mailbox subsystem's test/debug driver across a wide range of stable branches (5.10 through 7.x), the flaw carries a 7.8 CVSS with an AV:L/PR:L vector and has an upstream fix, but EPSS is only 0.18% and there is no public exploit identified at time of analysis.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-53296 HIGH PATCH This Week

Use-after-free in the Linux kernel's mailbox-test debug driver (mailbox-test.c) allows a local privileged attacker to corrupt kernel memory when the driver's probe routine fails, because previously acquired mailbox channels are not released while the devm-allocated client structure is freed anyway. The flaw carries a CVSS of 7.8 with high confidentiality, integrity, and availability impact, but exploitation is local and requires the mailbox-test module to load and hit a probe error path. No public exploit is identified at time of analysis and EPSS estimates exploitation probability at only 0.18%.

Memory Corruption Linux Use After Free Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-53286 HIGH PATCH This Week

Memory corruption (double free and use-after-free, CWE-415) in the Linux kernel's Intel idpf network driver allows a local low-privileged actor to corrupt kernel heap memory when the auxiliary device probe error path executes. The idpf_plug_vport_aux_dev() and idpf_plug_core_aux_dev() routines free the iadev structure via a release callback during auxiliary_device_uninit(), then fall through and read adev->id from the freed object for ida_free() and kfree() it again. It is not in CISA KEV and no public exploit has been identified; EPSS exploitation probability is low at 0.17% (7th percentile).

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-53300 HIGH PATCH This Week

Local memory corruption in the Linux kernel's NXP ENETC (enetc) network driver stems from a DMA use-after-free in the NTMP command path: when netc_xmit_ntmp_cmd() times out, the pending hardware command is not aborted yet ntmp_free_data_mem() frees the associated DMA buffer, so the device later DMA-writes its response into the freed (possibly reallocated) physical address, producing silent kernel memory corruption. Only systems running NXP ENETC networking hardware on kernels from 6.16 through the fixed stable releases are affected. There is no public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.17%, 6th percentile).

Linux Buffer Overflow Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-53290 HIGH PATCH This Week

Use-after-free in the Linux kernel's Intel Xe GPU driver (drm/xe EU stall sampling) lets a local low-privileged user with access to the render/DRM device trigger memory corruption during stream close. In xe_eu_stall_stream_close() the driver calls drm_dev_put() before disabling the stream and freeing its resources, so if that call drops the last reference the device structures may be freed while subsequent cleanup still dereferences them. The defect is patched upstream, no public exploit is identified at time of analysis, and EPSS rates exploitation probability very low (0.17%, 6th percentile).

Linux Information Disclosure Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-52884 HIGH This Week

Trusted-directory validation bypass in Notepad++ 8.9.6.1 lets a crafted executable path defeat the isInTrustedDirectory() check added by the prior CVE-2026-48800 fix, allowing arbitrary code execution via the Run command. Because the check uses a prefix match (PathIsPrefix-style) without canonicalizing the path first, a string beginning with a trusted directory but containing ..\..\ traversal resolves to an untrusted location yet still passes validation, causing ShellExecute() to launch an attacker-controlled binary. There is no public exploit identified at time of analysis and the issue is not in CISA KEV; it requires local user interaction and is fixed in 8.9.6.2.

Path Traversal Notepad Plus Plus
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-45195 HIGH This Week

Improper privilege handling in Imagination Technologies' Graphics DDK GPU driver lets privileged kernel code inside a Host VM submit crafted commands to the GPU firmware, coercing the firmware into reading or writing host memory outside the range the host kernel is permitted to touch. Affecting Graphics DDK 1.18, 23.2, 24.2, 25.1-25.3 and 26.1 RTM, the flaw enables out-of-bounds host memory access (information disclosure and corruption) through the firmware's elevated memory privileges. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the local code-execution impact (CVSS 7.8) makes it a meaningful local privilege/boundary-bypass concern.

Information Disclosure Graphics Ddk
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23581 HIGH PATCH This Week

The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software or an unrecognized application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Traveler For Microsoft Outlook
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-45807 HIGH PATCH This Week

Arbitrary file read in Kestra orchestration platform (versions prior to 1.0.43 and 1.3.19) lets an authenticated user with execution privileges read any file accessible to the Kestra process via a URL-encoded path-traversal in kestra:// storage URIs. The parentTraversalGuard checks only the literal URI string, so %2E%2E bypasses it before URI.getPath() decodes it back to '..', exposing /etc/passwd, mounted secrets, and other tenants' execution outputs. No public exploit identified at time of analysis; rated CVSS 7.7 with a scope change reflecting cross-tenant and host-filesystem exposure.

Path Traversal Kestra
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.4%
CVE-2026-49984 HIGH PATCH This Week

Authenticated path traversal in Kestra's local internal-storage backend (versions prior to 1.0.45 and 1.3.23) lets any low-privilege user with execution-view access read arbitrary files on the host. The flaw stems from validation ordering: the guard checks for '..' sequences before backslashes are normalized to forward slashes, so a Windows-style '..\..\..\' payload bypasses the check and is rewritten to a real traversal only after validation. There is no public exploit identified at time of analysis, and EPSS/KEV signals are absent, but the confidentiality impact is severe because it breaks the multi-tenant storage isolation boundary.

Path Traversal Microsoft Kestra
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.4%
CVE-2026-57875 HIGH This Week

Denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license-plate capture devices (firmware V1.12 and earlier) lets a remote, unauthenticated attacker crash the device by sending a single malformed HTTP request to its CGI interface. The flaw is a NULL pointer dereference in HTTP request-parsing logic shared across multiple CGI components, triggered when required request metadata is missing or malformed. No public exploit identified at time of analysis, and the issue has no confidentiality or integrity impact - only availability.

Denial Of Service Null Pointer Dereference Gv Lpclpc2011 2211
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2026-57920 HIGH PATCH HOSTED Monitor

{orgId} REST endpoints they should not be able to access by appending a semicolon to the request path. With a scope-changing CVSS of 7.7 and confidentiality impact, a low-privileged tenant could read data belonging to other organizations managed by the same platform. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass Incontrol
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2026-55189 HIGH This Week

Authorization bypass in RustFS (1.0.0-alpha.1 through pre-beta.9 builds) lets any user able to authenticate to the optional FTP listener read and stat arbitrary objects in any bucket, even when their IAM policy explicitly Denies s3:GetObject. The FTP read/probe handlers (RETR, SIZE, MDTM, CWD) dispatch straight to the storage backend and skip the IAM authorization check enforced everywhere else, breaking tenant/object isolation. There is no public exploit identified at time of analysis, no CISA KEV listing, and no EPSS score was provided.

Authentication Bypass Rustfs
NVD GitHub
CVSS 3.1
7.7
EPSS
0.2%
CVE-2026-21734 HIGH This Week

Out-of-bounds write in Imagination Technologies' Graphics DDK GPU shader compiler lets a crafted web page containing unusual or edge-case shader code (e.g. WebGL/compute shaders using a very small value) corrupt memory and crash the GPU compiler process. On platforms where that compiler process runs with system privileges, the memory corruption could be chained toward privilege escalation or further device exploitation. No public exploit identified at time of analysis and the issue is not listed in CISA KEV; impact is integrity and availability (CVSS 7.7, CWE-823).

Memory Corruption Buffer Overflow Graphics Ddk
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2026-57872 HIGH This Week

Arbitrary file read in GeoVision GV-LPC2011 and GV-LPC2211 license plate recognition appliances (firmware V1.12 and earlier) lets a remote, unauthenticated attacker traverse the filesystem via the get_fcont.cgi endpoint and retrieve any file readable by the CGI process. Because the CGI fails to validate the user-supplied file path, a single crafted HTTP request can disclose configuration files, credentials, or other sensitive data. There is no public exploit identified at time of analysis, but the network-reachable, no-authentication nature (CVSS 7.5) makes it straightforward to weaponize.

Path Traversal Information Disclosure Gv Lpclpc2011 2211
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2026-54826 HIGH This Week

Insecure Direct Object Reference in the SupportCandy WordPress helpdesk plugin (versions 3.4.6 and earlier) lets an authenticated low-privilege user (Subscriber) access support tickets and data belonging to other users by manipulating object identifiers, effectively bypassing authorization controls. The flaw carries a CVSS 3.1 base score of 7.6 (PR:L) and was reported by Patchstack; no public exploit code or active exploitation has been identified at time of analysis. Because SupportCandy frequently runs on sites with open user registration, the Subscriber prerequisite is often trivially met.

Authentication Bypass
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2026-44160 HIGH PATCH GHSA This Week

Denial of service in Fluentd (rubygems package, versions <= 1.19.2) lets remote attackers crash the log collector by sending a gzip decompression bomb to the in_http (default port 9880) or in_forward (default port 24224) plugins. Although Fluentd enforces body_size_limit and chunk_size_limit on the compressed payload, it applies no ceiling on the decompressed output, so a tiny crafted payload expands in memory until the OS OOM-kills the process. No public exploit identified at time of analysis and it is not in CISA KEV, but EPSS-style risk is bounded by the requirement that an input port be reachable from an untrusted network.

Nginx Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2026-30041 HIGH This Week

Arbitrary code execution and denial of service in FastStone Image Viewer 8.3 occur when the application parses a maliciously crafted Photoshop (PSD) file, triggering an integer overflow in its PSD parsing component. Affected users are those who open attacker-supplied PSD files in this Windows freeware image viewer; successful exploitation can crash the application or, per the reporter and tags, lead to code execution in the user's context. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service RCE
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2026-48706 HIGH PATCH This Week

Heap buffer overflow in Envoy's TcpStatsdSink component (versions 1.34.0 through pre-fix releases) allows unauthenticated remote attackers to crash the Envoy process or potentially achieve remote code execution by submitting HTTP or gRPC requests with request paths exceeding 16KiB, provided a specific non-default dual-filter configuration is present. The root flaw is an incorrect buffer rotation in the thread-local metric flusher that allocates a new 16KiB slice but continues writing beyond its boundary via unchecked memcpy operations. No public exploit has been identified at time of analysis, though vendor-confirmed patches are available across all affected release branches (1.35.13, 1.36.9, 1.37.5, 1.38.3).

Buffer Overflow RCE Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2026-48042 HIGH PATCH This Week

Denial of service in Envoy proxy versions prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1 allows remote unauthenticated attackers to crash the proxy by submitting deeply nested JSON (on the order of 100,000 levels). When the resulting JSON Object is torn down, its recursive destructor exhausts the thread stack, causing a stack overflow and process termination. There is no public exploit identified at time of analysis and the issue impacts availability only; the CVSS 3.1 base score is 7.5.

Buffer Overflow Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-57631 HIGH This Week

SQL injection in the AYS Popup Box WordPress plugin (versions 6.0.1 and earlier) lets an authenticated administrator inject arbitrary SQL into the WordPress database through an unsanitized plugin parameter (CWE-89). Because exploitation requires existing high-privilege administrator access per the CVSS PR:H metric, this is primarily a data-exposure/privilege-abuse issue rather than a remote-takeover flaw, and no public exploit has been identified at time of analysis. It was reported by Patchstack rather than discovered in active attacks, and is not listed in CISA KEV.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2026-57628 HIGH This Week

SQL injection in the WP All Import WordPress plugin (versions 4.0.1 and earlier) allows an authenticated administrator to inject arbitrary SQL into backend database queries, enabling extraction of sensitive data beyond what the plugin UI exposes. The CVSS 3.1 vector (AV:N/AC:L/PR:H) confirms it is network-reachable but requires high privileges, and the original vector's S:C/C:H/A:L rates impact as elevated. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2026-44025 HIGH PATCH GHSA This Week

Sensitive information disclosure in Fluentd's Monitor Agent plugin (in_monitor_agent) at versions <= 1.19.2 allows anyone with HTTP access to the metrics API (default TCP port 24220) to read internal instance variables of loaded plugins via /api/plugins.json and related endpoints. Because plugins frequently hold database passwords, API keys, and cloud credentials in instance variables, those secrets can be returned in plain text to unauthenticated callers. No public exploit identified at time of analysis and the issue is not in CISA KEV, but the vendor fixed it in v1.19.3 by changing the default visibility of config, retry, and debug information.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-5757 HIGH This Week

Information disclosure in Ollama's model quantization engine (confirmed affected in v0.13.5) allows remote, unauthenticated attackers to read and exfiltrate the server's heap memory, exposing sensitive in-process data such as model contents, API keys, or other secrets resident in memory. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) indicates trivial network exploitation against an exposed Ollama instance with no authentication. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Information Disclosure Ollama Buffer Overflow
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-47220 HIGH PATCH This Week

Denial of service in Envoy proxy versions 1.37.0 through 1.37.4 and 1.38.x before 1.38.3 lets remote attackers crash the proxy by sending a request that omits the Host header when access logging is configured with the %REQUESTED_SERVER_NAME(X:Y)% operator using host-related options (e.g. HOST_FIRST, SNI_FIRST). The missing header triggers a null pointer dereference (CWE-476), taking down the data-plane proxy and any traffic flowing through it. No public exploit identified at time of analysis and the issue is not in CISA KEV.

Denial Of Service Null Pointer Dereference Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-48044 HIGH PATCH This Week

Denial of service in Envoy proxy (versions 1.23.0 through 1.35.10, 1.36.6, 1.37.2, and 1.38.0) allows remote unauthenticated attackers to crash the proxy by sending a specially crafted, highly compressed zstd payload that triggers massive memory allocation in the ZstdDecompressorImpl, leading to Out-Of-Memory kills. The flaw is a decompression-bomb (data amplification) issue that only manifests when zstd decompression is enabled. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; the high CVSS reflects availability impact only (A:H, no confidentiality or integrity loss).

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-47204 HIGH PATCH This Week

The envoy.filters.http.grpc_stats HTTP filter in Envoy versions 1.26.0 through the pre-fix releases crashes with a null pointer dereference when a Connect protocol request (Content-Type: application/connect+proto or application/connect+json) is routed to a direct_response route, terminating the Envoy process entirely. The vendor description states a single unauthenticated HTTP request is sufficient to trigger the crash, giving any network-reachable attacker a trivial one-packet denial of service against affected deployments. No confirmed active exploitation (absent from CISA KEV) and no public exploit code has been identified at time of analysis, but the trivial trigger condition makes this high practical risk for any deployment with both preconditions present.

Denial Of Service Null Pointer Dereference Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-47221 HIGH PATCH This Week

Null pointer dereference in Envoy's router filter crashes the entire proxy process, terminating all active connections, when body-less non-GET/HEAD requests (POST, PUT, DELETE, PATCH) encounter an upstream HTTP 303 response on a route configured with internal redirect policy. Affected versions span 1.18.0 through the fixes released in branches 1.35.13, 1.36.9, 1.37.5, and 1.38.3. An unauthenticated remote attacker who can influence upstream response codes or reach a vulnerable route configuration can cause complete denial of service; no public exploit identified at time of analysis and no CISA KEV listing.

Denial Of Service Null Pointer Dereference Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-48497 HIGH PATCH This Week

Remote denial of service in Envoy proxy allows attackers to crash the process by resolving a DNS name exactly 255 octets long through a configured UDP DNS filter. An off-by-one runtime precondition assumes query names are strictly less than 255 octets, contradicting RFC 1035 which permits names of up to 255 octets, so a maximally-long name that resolves successfully triggers abnormal process termination. There is no public exploit identified at time of analysis, EPSS is low (0.37%), and CISA SSVC rates exploitation as none with only partial technical impact.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-57874 HIGH This Week

Denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license-plate-capture devices (firmware V1.12 and earlier) allows remote unauthenticated attackers to crash the device by sending a multipart upload request with an overly long filename to IEEE8021x_upload.cgi. The flaw is a classic stack/heap buffer overflow (CWE-120) with availability-only impact and no confidentiality or integrity loss. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Buffer Overflow Gv Lpclpc2011 2211
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-57876 HIGH This Week

Denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license plate recognition cameras (firmware V1.12 and earlier) lets remote, unauthenticated attackers crash the device by sending a crafted HTTP request to onvif.cgi. The ONVIF CGI handler fails to bounds-check HTTP request body data, so oversized input triggers an out-of-bounds write and memory corruption. No public exploit identified at time of analysis, and the flaw yields availability impact only — no code execution or data disclosure is claimed by the vendor.

Memory Corruption Denial Of Service Buffer Overflow Gv Lpclpc2011 2211
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-48743 HIGH PATCH This Week

HTTP request smuggling in Envoy proxy (versions prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1) lets remote attackers desynchronize HTTP/1 upstream connections by sending an HTTP/3 downstream request that is transport-complete (HEADERS with FIN) yet declares a nonzero Content-Length, leaving the translated HTTP/1 request with unresolved body debt. When the HTTP/1 origin replies before reading the body and keeps the connection reusable, the start of Envoy's next upstream request is consumed as the prior request's body, and the remainder is parsed by the origin as a separate, attacker-controlled request. This was demonstrated as a route-bypass: a directly denied /pwn was served to a second downstream stream as a backend-parsed GET /pwn, with no public exploit identified at time of analysis and no CISA KEV listing.

Request Smuggling Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-57231 HIGH PATCH This Week

Information disclosure in Podman (1.8.1 through 5.8.3) lets a malicious OCI container image leak host environment variables into the container by embedding an image env entry with a key but no value; an asterisk (*) entry causes Podman to forward ALL host session variables. Because the launching session frequently holds secrets (registry credentials, API tokens, proxy auth), a crafted image run by a victim can harvest them. No public exploit is identified beyond the proof-of-concept test shipped with the fix, and it is not listed in CISA KEV.

Information Disclosure Podman
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-56061 HIGH This Week

Improper authorization in the Subscriptions for WooCommerce WordPress plugin (versions 1.9.5 and earlier) lets unauthenticated remote attackers reach functionality that should be access-restricted, enabling unauthorized modification of subscription data. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) confirms network-reachable, no-authentication, low-complexity abuse with a high integrity impact but no confidentiality or availability loss. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass WordPress
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-54835 HIGH This Week

Improper authorization in the Five Star Restaurant Menu WordPress plugin (versions <= 2.5.2) lets unauthenticated remote attackers invoke restricted functionality and modify data without any credentials. The CVSS 3.1 vector (AV:N/PR:N/UI:N) and CWE-862 indicate the plugin exposes one or more actions that lack capability/nonce checks, scored 7.5 with integrity-only impact (C:N/I:H/A:N). No public exploit identified at time of analysis and the issue is not listed in CISA KEV; it was reported by Patchstack's audit team and tagged as an Authentication Bypass.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-57873 HIGH This Week

Denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license plate cameras (firmware V1.12 and earlier) lets remote unauthenticated attackers crash the IEEE8021x_upload.cgi process by sending a malformed multipart upload request, triggering a NULL pointer dereference (CWE-476). The high availability impact (CVSS 7.5, A:H) means the device's 802.1x certificate-upload functionality - and potentially the management interface - becomes unavailable until the process or device restarts. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Null Pointer Dereference Gv Lpclpc2011 2211
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-36478 HIGH This Week

An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via the DnsServerApp.exe, DnsServerApp.dll, TechnitiumLibrary.Net/Dns/DnsClient.cs components

Denial Of Service N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-46604 HIGH PATCH This Week

Denial of service in the Go golang.org/x/image/tiff decoder allows remote attackers to crash any application that parses untrusted TIFF images. A maliciously crafted image with an out-of-bounds strip offset triggers a panic in the decoder, terminating the goroutine or process (CVSS 7.5, availability-only impact). There is no public exploit identified at time of analysis, and EPSS is low (0.17%, 7th percentile), indicating no observed mass exploitation, but the bug is trivially triggerable wherever the library decodes attacker-supplied images.

Buffer Overflow Golang Org X Image Tiff Memory Corruption
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-53284 HIGH PATCH This Week

Improper error handling in the btrfs filesystem's transaction commit path (btrfs_write_and_wait_transaction) lets a failed metadata writeout leave dirty extent buffers uncleaned, forcing the filesystem read-only and triggering kernel warnings at unmount. The flaw affects Linux kernels prior to 6.18.33, 7.0.10, and 7.1 and is an availability/data-integrity issue on btrfs volumes, with no confidentiality impact despite an 'Information Disclosure' tag in the source data. There is no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.17%, 6th percentile).

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-52885 HIGH PATCH This Week

Local code execution in Notepad++ before 8.9.6.4 stems from a time-of-check/time-of-use race in NppCommands.cpp: the integrity HMAC of shortcuts.xml is verified against the on-disk file when a command fires, but the command payload is read from the _userCommands vector loaded at startup and never re-synced with disk. An attacker with write access to shortcuts.xml can plant a malicious version before launch and restore the legitimate file afterward, so the runtime HMAC check passes on the clean file while the malicious in-memory command executes. There is no public exploit identified at time of analysis and the issue is not in CISA KEV; it is fixed in 8.9.6.4.

Information Disclosure Notepad Plus Plus
NVD GitHub VulDB
CVSS 4.0
7.5
EPSS
0.2%
CVE-2026-57921 HIGH PATCH This Week

Information disclosure in JetBrains YouTrack before 2026.2.16593 allows remote attackers to read other users' private data through a missing authorization check on the comment templates endpoint. The flaw is unauthenticated and network-reachable per the CVSS vector (PR:N), exposing confidential information without any user interaction. There is no public exploit identified at time of analysis, and the EPSS probability is low (0.16%, 6th percentile).

Authentication Bypass Youtrack
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-11625 HIGH PATCH This Week

Predictable secret generation in the Perl module Bytes::Random::Secure (versions through 0.29) occurs because the module fails to detect process forks, causing parent and child processes to share identical PRNG internal state. Applications that instantiate a generator object before fork()ing - or that use the module's functional (procedural) interface - will emit identical random streams across processes, making session tokens, keys, salts, and other secrets predictable across workers. No public exploit is identified at time of analysis, and EPSS is low (0.16%, 6th percentile); CPANSec reported it and an upstream fix is available.

Information Disclosure Bytes
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-11702 HIGH PATCH This Week

Predictable secret generation in the Perl module Bytes::Random::Secure::Tiny (versions through 1.011) occurs because a PRNG object initialized before a fork() shares its ISAAC engine state across all child processes, causing every child to emit identical 'random' streams. Multiprocess Perl applications (e.g., preforking web servers) that create one generator and reuse it after forking will produce duplicate session tokens, keys, salts, or nonces across workers. Reported by CPANSec with an upstream fix; EPSS is low (0.16%, 5th percentile) and there is no public exploit identified at time of analysis.

Information Disclosure Bytes
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-57923 HIGH PATCH This Week

Improper authorization in JetBrains YouTrack's app configurations endpoint lets remote attackers modify project settings they should not be permitted to change, affecting all versions before 2026.2.16593. The flaw (CWE-862, Missing Authorization) impacts integrity only - no data disclosure or service disruption - and was self-reported by JetBrains with a patch already available. No public exploit identified at time of analysis, and EPSS exploitation probability is low (0.16%, 5th percentile).

Authentication Bypass Youtrack
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-46710 HIGH PATCH This Week

Local privilege escalation in the Notepad++ Windows installer (versions 8.9.4 through 8.9.5) lets an unprivileged local attacker gain the elevated privileges of the installer by planting a malicious powershell.exe. Because the installer calls powershell.exe by name (not absolute path) after setting the working directory to the installation contextMenu folder, a privileged user who installs into an attacker-writable custom directory triggers execution of the attacker's binary. No public exploit has been identified at time of analysis; the issue is fixed in 8.9.6 and corresponds to CWE-426 (Untrusted Search Path).

Privilege Escalation Notepad Plus Plus
NVD GitHub
CVSS 4.0
7.5
EPSS
0.1%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy