Skip to main content
CVE-2026-58049 HIGH POC PATCH This Week

Out-of-bounds heap write in FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) allows attackers to corrupt memory when libavcodec decodes a crafted stream using the RASC FourCC. The decoder performs 32-bit reads/writes at the row cursor before the NEXT_LINE boundary check and validates DLTA regions in pixel rather than byte units, letting a DLTA run on a PAL8 frame write and read several bytes past the row allocation. Publicly available exploit code exists (reported by VulnCheck); no public active exploitation has been identified at time of analysis.

Memory Corruption Buffer Overflow Ffmpeg
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.3%
CVE-2026-58054 HIGH POC This Week

Privilege escalation in MyBB 1.8.40 lets a limited Admin Control Panel (ACP) user who holds only the delegated user-management permission promote any account into the Administrators usergroup (gid 4), gaining the full Administrator permission set. The flaw stems from the user module exposing the Administrators group as an assignable option while the datahandler's verify_usergroup() unconditionally returns true, performing no authorization check on the target group. Publicly available exploit code exists (VulnCheck), though the issue is not listed in CISA KEV and has no public evidence of active exploitation.

Privilege Escalation Mybb
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.3%
CVE-2026-58050 HIGH POC PATCH This Week

Heap buffer overflow in the libssh2 SSH client library (all versions through 1.11.1) lets a malicious or compromised SSH server corrupt memory in any connecting client on 32-bit platforms. The publickey subsystem reads an attacker-supplied 32-bit attribute count and multiplies it by the attribute structure size without bounds checking, so the allocation integer-overflows to an undersized buffer that the parsing loop then writes past. Publicly available exploit code exists; this is a CWE-190 integer overflow with no public exploit identified in CISA KEV, so it is not confirmed actively exploited.

Integer Overflow Buffer Overflow Libssh2
NVD GitHub VulDB
CVSS 4.0
8.3
EPSS
0.3%
CVE-2026-58051 HIGH POC PATCH This Week

Free of an uninitialized, attacker-influenceable pointer in libssh2 through 1.11.1 allows a malicious SSH server to corrupt memory in any connecting client that uses the publickey subsystem. The publickey list is grown via SSH2_REALLOC without zero-initializing new entries, so a server-induced parse failure that reaches the cleanup path causes libssh2_publickey_list_free to operate on an uninitialized attrs pointer. Publicly available exploit code exists (reported by VulnCheck); no public evidence of active exploitation, and it is not listed in CISA KEV.

Information Disclosure Libssh2
NVD GitHub VulDB
CVSS 4.0
8.3
EPSS
0.3%
CVE-2026-58056 HIGH POC This Week

Authorization scope bypass in RustDesk lets a peer holding only a FileTransfer authorization inject keyboard and mouse input and invoke the screenshot and display-capture handlers, escalating a limited file-transfer session into full interactive remote control and screen surveillance. The defect arises because RustDesk gates incoming control messages on per-capability flags that a file-transfer session never clears, rather than on the session's authorized connection type. Publicly available exploit code exists (reported by VulnCheck); no public active exploitation has been identified at time of analysis.

Authentication Bypass Rustdesk
NVD GitHub VulDB
CVSS 4.0
7.2
EPSS
0.2%
CVE-2026-49048 HIGH This Week

SQL injection in the JoomCCK content-construction-kit extension for Joomla (versions 1.0 through 6.4.0) lets remote attackers read arbitrary database contents by injecting into a front-end controller task that concatenates an unescaped request parameter into two SQL statements. The flaw is reachable over the network without authentication or user interaction, and SSVC rates it automatable with total technical impact; however, there is no public exploit identified at time of analysis and EPSS is low at 0.28% (20th percentile).

SQLi Joomcck Extension For Joomla
NVD VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-8095 HIGH This Week

Authenticated arbitrary file deletion in the Frontend File Manager Plugin (nmedia-user-file-uploader) for WordPress versions through 23.6 lets Subscriber-level users delete any file on the server, including wp-config.php, which can cascade into full site takeover. The flaw stems from a case-sensitivity gap in input sanitization within the wpfm_file_meta_update AJAX handler that allows attacker-controlled paths to reach unlink() unchecked. Reported by Wordfence with a CVSS of 8.1; no public exploit identified at time of analysis and the issue is not on CISA KEV.

WordPress Information Disclosure PHP
NVD VulDB
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-10646 HIGH PATCH This Week

Memory corruption and denial of service in Zephyr RTOS (v4.0.0 through v4.4.0) arises in the BSD-sockets getaddrinfo() implementation, where a timed-out DNS query is retried without cancelling the prior query, leaving a callback holding a pointer into a stack frame that goes out of scope after getaddrinfo() returns. A network-delivered DNS response matched by its spoofable 16-bit transaction id, or the resolver's own delayed timeout work, then writes through that stale pointer, enabling crashes or reused-stack corruption. There is no public exploit identified at time of analysis and the issue is not in CISA KEV; exploitation is gated by a timing/race window reflected in CVSS AC:H.

Memory Corruption Buffer Overflow Denial Of Service Use After Free Zephyr
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy