Skip to main content
CVE-2026-14427 HIGH PATCH This Week

Sandbox escape in Google Chrome desktop before 150.0.7871.46 is possible through a heap buffer overflow in the Skia graphics library, letting an attacker who has already compromised the renderer process break out of the sandbox via a crafted HTML page. Rated Critical by Chromium and CVSS 8.3, it is a second-stage bug: it presumes prior renderer code execution rather than granting initial access on its own. No public exploit identified at time of analysis, and CISA SSVC records exploitation status as none.

Heap Overflow Buffer Overflow Google Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-14389 HIGH PATCH This Week

Sandbox escape in Google Chrome's Skia graphics library (versions before 150.0.7871.46) lets a remote attacker who has already compromised the renderer process break out of the sandbox via a crafted HTML page. Rated Medium by Chromium but scored CVSS 8.3 due to scope change and total impact; there is no public exploit identified at time of analysis and SSVC reports no observed exploitation. Realistically it is a second-stage bug that must be chained with a prior renderer compromise, which raises the practical difficulty.

Buffer Overflow Google Suse
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-14429 HIGH PATCH This Week

Sandbox escape in Google Chrome (Skia graphics library) prior to 150.0.7871.46 allows a remote attacker who has already compromised the renderer process to escape the browser sandbox via a crafted HTML page, elevating a contained renderer compromise into a full-privilege breakout on the host. Rated High severity by Chromium, it carries a CVSS 3.1 score of 8.3 (scope-changed) with no public exploit identified at time of analysis and CISA SSVC recording exploitation status as none. It is a second-stage vulnerability that must be chained with a prior renderer exploit, so it is not directly exploitable against a fresh browser.

Information Disclosure Google Suse
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-14412 HIGH PATCH This Week

Sandbox escape in Google Chrome's ANGLE graphics layer (versions prior to 150.0.7871.46) lets a remote attacker who has already compromised the renderer process break out of the browser sandbox by luring a victim to a crafted HTML page. This is a second-stage bug that chains with a prior renderer-level exploit rather than a standalone entry point; Chromium rates it High severity. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, with SSVC recording exploitation status as none.

Information Disclosure Google Suse
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-14401 HIGH PATCH This Week

Sandbox escape in Google Chrome's ANGLE graphics component on Android (versions prior to 150.0.7871.46) allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. Rated High by Chromium and CVSS 8.3, the flaw stems from improper validation of untrusted input in ANGLE and requires renderer compromise plus user interaction as prerequisites. There is no public exploit identified at time of analysis, and CISA SSVC lists exploitation status as none.

Information Disclosure Google Suse
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-14400 HIGH PATCH This Week

Sandbox escape in Google Chrome's ANGLE graphics layer (versions prior to 150.0.7871.46) lets an attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page. This is an out-of-bounds write (CWE-787) rated High by Chromium and scored CVSS 8.3. There is no public exploit identified at time of analysis and CISA SSVC lists exploitation as 'none', though the technical impact is rated 'total'.

Memory Corruption Buffer Overflow Google Suse
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-14413 HIGH PATCH This Week

Sandbox escape in Google Chrome's ANGLE graphics layer (versions prior to 150.0.7871.46) lets a remote attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page. The flaw is an uninitialized-memory use (CWE-457) in ANGLE, reported by Google's own Chrome team and fixed in the June 2026 Stable channel update. No public exploit is identified at time of analysis, and CISA's SSVC framework records exploitation status as none, but the total technical impact and sandbox-escape nature make it a high-priority browser patch.

Information Disclosure Google Suse
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-44937 HIGH PATCH GHSA This Week

Unauthenticated webhook request forgery in Rancher Fleet (GitOps controller for Kubernetes) lets remote attackers manipulate GitRepo processing when the webhook endpoint is configured without a shared secret. Because the repository URL and path received from webhooks are used unsanitized as a regex replacement (CWE-345), an attacker who does not know the configured repository can force continuous re-cloning to exhaust management-cluster resources (DoS), and - if they have read access to the target Git repo and know its path - can downgrade running workloads to any historical revision. No public exploit is identified at time of analysis and it is not listed in CISA KEV; SUSE/Rancher has released fixed versions.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
8.3
EPSS
0.2%
CVE-2026-11562 MEDIUM POC PATCH This Month

Missing capability check in WS Form LITE WordPress plugin before 1.11.8 allows any authenticated subscriber-level WordPress user to modify the plugin's settings, an action that should be restricted to administrators. The CVSS vector (PR:L) confirms low-privilege authentication is sufficient, and a publicly available proof-of-concept has been documented by WPScan. No active exploitation has been confirmed by CISA KEV, but the low barrier to exploitation and available POC make this a credible risk on multi-user WordPress installations where untrusted subscribers exist.

WordPress Information Disclosure Ws Form Lite
NVD WPScan VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-11887 MEDIUM POC PATCH This Month

Missing authorization on an AJAX endpoint in the Salon Booking System WordPress plugin (all versions before 10.30.20) allows any authenticated subscriber-level user to modify plugin settings and disable the manual approval workflow for new bookings. A publicly available proof-of-concept exists per WPScan's disclosure, making exploitation straightforward for any registered user on affected sites. No public exploitation (CISA KEV) has been confirmed, and SSVC assessment classifies technical impact as partial with exploitation not yet automated.

WordPress Authentication Bypass Salon Booking System
NVD WPScan VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-2891 HIGH PATCH This Week

Denial of service in HP Poly Voice IP endpoints (CCX, Trio C60, and Edge E series) allows an attacker operating or impersonating a SIP server to render affected devices inoperable by returning malformed data during SIP signaling. The flaw is an uncontrolled-resource-consumption / improper-input-handling issue (CWE-400) that crashes or hangs the phone, disrupting voice service. HP has published advisory hpsbpy04096 and is releasing firmware updates; no public exploit is identified at time of analysis and the issue is not listed in CISA KEV.

HP Denial Of Service Ccx Trio C60 Edge E
NVD VulDB
CVSS 4.0
8.2
EPSS
0.3%
CVE-2026-11570 MEDIUM POC PATCH This Month

Stored Cross-Site Scripting in the User Submitted Posts WordPress plugin before version 20260608 enables unauthenticated attackers to inject persistent malicious scripts into admin-configured display templates. The vulnerability is only reachable when a site administrator has enabled a non-default display option in the plugin settings, limiting its real-world exposure. A publicly available proof-of-concept exploit exists per WPScan, though no active exploitation has been confirmed by CISA KEV at time of analysis.

WordPress XSS User Submitted Posts
NVD WPScan VulDB
CVSS 3.1
4.2
EPSS
0.2%
CVE-2026-49998 HIGH PATCH GHSA This Week

Cross-tenant JWT authentication bypass in Centrifugo (v3 through v6) lets an attacker holding a valid token for one allowed issuer/tenant authenticate as a different issuer/tenant when the server uses dynamic JWKS endpoint templates. The flaw stems from the JWKS cache and singleflight lookup being keyed only by the JWT header 'kid', so a key fetched for tenant A is reused to verify a token claiming tenant B whenever both JWKS documents share the same 'kid' and tenant A's key is cached first. Publicly available exploit code exists in the form of a reporter-supplied Go unit-test PoC; there is no evidence of active exploitation, and the CVSS base score is 8.2 (AC:H, PR:L, scope-changed).

Authentication Bypass Jwt Attack Canonical
NVD GitHub
CVSS 3.1
8.2
CVE-2026-5120 HIGH This Week

Unauthorized cross-user data access in Dassault Systèmes BIOVIA Workbook (Release 2021 through Release 2026) stems from a race condition that lets one authenticated low-privilege user read data belonging to another user. Vendor 3DS tags the flaw as an authentication bypass, and its CVSS 3.1 score of 8.1 (AV:N/AC:L/PR:L) reflects network-reachable exploitation by any authenticated account with high confidentiality and integrity impact. There is no public exploit identified at time of analysis and no EPSS or KEV signal supplied.

Authentication Bypass Race Condition Biovia Workbook
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-50143 HIGH POC PATCH GHSA This Week

Apify API token exfiltration in @apify/actors-mcp-server 0.10.7 lets a remote attacker steal a victim's bearer credential via URL authority injection (CWE-918/SSRF). Because getActorMCPServerURL() naively concatenates a trusted standby base URL with an attacker-controlled webServerMcpPath from an Actor definition, an Actor published with a value like '@attacker.example/mcp' causes the WHATWG URL parser to resolve the outbound connection to the attacker's host, and connectMCPClient() unconditionally forwards the victim's 'Authorization: Bearer <APIFY_TOKEN>' header there. Publicly available exploit code exists (a Docker-based PoC that captures the token on an attacker HTTPS server); no active exploitation is confirmed.

Python SSRF OpenSSL Node.js Docker +1
NVD GitHub
CVSS 3.1
8.1
CVE-2026-50138 HIGH PATCH GHSA This Week

Access-control bypass in the goshs WebDAV listener (Go package goshs.de/goshs/v2, all releases through v2.0.9) lets an authenticated WebDAV client write, delete, and create files even when the operator started the server with --read-only, --upload-only, or --no-delete. The mode-restriction flags are enforced only on the primary HTTP port, while the WebDAV port (-w/-wp) wires requests straight into golang.org/x/net/webdav.Handler with no guard, so PUT/DELETE/MKCOL/MOVE/COPY succeed regardless of operator intent. A working proof of concept is published in the GitHub Security Advisory (GHSA-3whc-qvhv-xqjp); publicly available exploit code exists, but there is no public exploit identified as being used in active attacks.

Authentication Bypass Microsoft
NVD GitHub
CVSS 3.1
8.1
CVE-2026-49091 HIGH This Week

Log injection in Elastic Kibana (fixed in 7.17.15 and 8.11.1) allows an attacker with low-privilege access to embed unneutralized control characters in input that Kibana writes verbatim to its log files; when an operator later views those logs in a terminal that interprets ANSI/control sequences, the injected payload can forge, hide, or rewrite displayed log content. The issue is tracked as CWE-117 (Improper Output Neutralization for Logs) and carries a vendor CVSS of 8.0. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Code Injection Elastic Kibana
NVD VulDB
CVSS 3.1
8.0
EPSS
0.2%
CVE-2022-46280 HIGH PATCH GHSA This Week

### Summary A memory-safety vulnerability in Open Babel's PQS parser caused an uninitialized pointer dereference when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Python Cisco Information Disclosure Memory Corruption Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-43467 HIGH PATCH GHSA This Week

### Summary A memory-safety vulnerability in Open Babel's PQS parser allowed an out-of-bounds write when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46295 HIGH PATCH GHSA This Week

### Summary A memory-safety vulnerability in Open Babel's MSI parser allowed an out-of-bounds write into the `translationVectors[]` array when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46294 HIGH PATCH GHSA This Week

### Summary A memory-safety vulnerability in Open Babel's MOPAC input parser allowed an out-of-bounds write into the `translationVectors[]` array when reading Tv (translation-vector) atoms from a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46293 HIGH PATCH GHSA This Week

### Summary A memory-safety vulnerability in Open Babel's MOPAC output parser allowed an out-of-bounds write into the `translationVectors[]` array when reading the "FINAL POINT" block of a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Python Buffer Overflow Cisco
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46291 HIGH PATCH GHSA This Week

### Summary A memory-safety vulnerability in Open Babel's Gaussian output parser allowed an out-of-bounds write into the `translationVectors[]` array when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46290 HIGH PATCH GHSA This Week

### Summary A memory-safety vulnerability in Open Babel's ORCA parser allowed an out-of-bounds write when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46289 HIGH PATCH GHSA This Week

### Summary A memory-safety vulnerability in Open Babel's ORCA parser allowed an out-of-bounds write when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-44451 HIGH PATCH GHSA This Week

### Summary A memory-safety vulnerability in Open Babel's MSI parser caused an uninitialized pointer dereference when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Python Cisco Information Disclosure Memory Corruption Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-42885 HIGH PATCH GHSA This Week

### Summary A memory-safety vulnerability in Open Babel's GRO parser caused an uninitialized pointer dereference when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Python Cisco Information Disclosure Memory Corruption Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-41793 HIGH PATCH GHSA This Week

### Summary A memory-safety vulnerability in Open Babel's CSR parser allowed an out-of-bounds write when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-43607 HIGH PATCH GHSA This Week

### Summary A memory-safety vulnerability in Open Babel's MOL2 parser allowed an out-of-bounds write when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-37331 HIGH PATCH GHSA This Week

### Summary A memory-safety vulnerability in Open Babel's Gaussian output parser allowed an out-of-bounds write when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2026-14191 HIGH PATCH This Week

Out-of-bounds heap write in the RAR5 recovery-volume (.rev) parser of WinRAR, RAR, UnRAR, and unrar.dll (versions before 7.23) lets an attacker corrupt heap memory when a victim runs a recovery, test, or repair operation on a crafted multi-file .rev set. Because subsequent .rev files supply a RecNum value validated only against their own TotalCount and never against the actual RecItems allocation, an attacker-controlled 32-bit value can be written far past the buffer, enabling memory corruption and potential code execution. There is no public exploit identified at time of analysis, but this is the RAR5-path sibling of the previously exploited CVE-2023-40477, and CWE-787 flaws in WinRAR have historically led to reliable RCE.

Memory Corruption Buffer Overflow Winrar Rar Unrar +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-24248 HIGH This Week

Arbitrary code execution in NVIDIA Megatron Bridge for Linux stems from improper control of code generation (CWE-94), allowing an attacker who convinces a user to process a malicious artifact to run code in the context of the training/inference workload. Successful exploitation can escalate privileges, tamper with data, and disclose information. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; the CVSS 3.1 vector (AV:L/UI:R) indicates local access with user interaction is required.

Code Injection Nvidia Information Disclosure RCE Megatron Bridge
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-24243 HIGH This Week

Arbitrary code execution in NVIDIA Megatron Bridge (all versions per the NVIDIA advisory) arises from unsafe deserialization of untrusted data (CWE-502), where an attacker supplies a crafted serialized object — typically a malicious model checkpoint or configuration artifact — that a user loads locally, yielding code execution, privilege escalation, data tampering, and information disclosure. The CVSS 3.1 base score is 7.8 (High) with a local vector requiring user interaction (AV:L/UI:R) and no attacker privileges. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; no EPSS score was provided.

Nvidia Deserialization Information Disclosure RCE Megatron Bridge
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-24247 HIGH This Week

Insecure deserialization in NVIDIA Megatron Bridge for Linux (CWE-502) lets an attacker who supplies a crafted serialized object achieve code execution, privilege escalation, data tampering, and information disclosure when a local user loads that data. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows the attack is local and hinges on the victim opening attacker-controlled content, with no public exploit identified at time of analysis. Megatron Bridge is a specialized NVIDIA library for bridging large-language-model training frameworks, so exposure is concentrated in ML/AI training and research environments rather than general enterprise fleets.

Nvidia Deserialization Information Disclosure RCE Megatron Bridge
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-24246 HIGH This Week

Arbitrary code execution in NVIDIA Megatron Bridge on Linux arises from unsafe reflection (CWE-470), where externally-controlled input selects which classes or code resources are dynamically loaded. A local attacker who convinces a user to load a crafted artifact (e.g., a malicious model, checkpoint, or configuration) can trigger code execution, privilege escalation, data tampering, and information disclosure. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Nvidia Information Disclosure RCE Megatron Bridge
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-24240 HIGH This Week

Deserialization of untrusted data in NVIDIA Megatron Bridge for Linux (CWE-502) can lead to arbitrary code execution, privilege escalation, data tampering, and information disclosure when a user loads attacker-controlled data. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) indicates a local attack requiring the victim to open or process a malicious artifact — consistent with unsafe deserialization of a model checkpoint, config, or serialized object. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV; EPSS was not provided.

Nvidia Deserialization Information Disclosure RCE Megatron Bridge
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-24249 HIGH This Week

Deserialization of untrusted data in NVIDIA Megatron Bridge for Linux allows a low-privileged local attacker to achieve code execution, privilege escalation, data tampering, and information disclosure. Megatron Bridge is NVIDIA's model-interoperability tooling used to convert and load large-language-model checkpoints in the Megatron/PyTorch training stack, where unsafe object deserialization (CWE-94) lets attacker-controlled serialized data run arbitrary code in the process context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS 7.8 (High) rating with full C/I/A impact makes it a meaningful risk on shared or multi-tenant ML infrastructure.

Deserialization Code Injection Nvidia RCE Information Disclosure +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-24251 HIGH This Week

Local code execution and privilege escalation in NVIDIA Megatron Bridge (Linux) stems from unsafe handling of dynamically managed code resources, rooted in an insecure deserialization flaw (CWE-502). A low-privileged local user who can influence the data or model artifacts Megatron Bridge loads can achieve arbitrary code execution, escalate privileges, tamper with data, and disclose information. NVIDIA self-reported the issue with a CVSS 3.1 base score of 7.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Nvidia Deserialization Information Disclosure RCE Megatron Bridge
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24250 HIGH This Week

Local privilege escalation and code execution in NVIDIA Megatron Bridge for Linux stems from unsafe deserialization of attacker-controlled input (CWE-502), allowing a low-privileged local user to achieve arbitrary code execution, tamper with data, and disclose information. NVIDIA reported the flaw with no public exploit identified at time of analysis, and it is not listed in CISA KEV; no EPSS score was provided. Megatron Bridge is an ML/LLM training framework, so impact centers on shared GPU/training hosts rather than internet-facing services.

Nvidia Deserialization Information Disclosure RCE Megatron Bridge
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24245 HIGH This Week

Arbitrary code execution in NVIDIA Megatron Bridge for Linux arises from unsafe deserialization of untrusted data (CWE-502), allowing an attacker who tricks a user into loading a crafted serialized object to execute code, escalate privileges, tamper with data, and disclose information. The flaw affects the Megatron Bridge model-conversion/training tooling and is locally exploitable but hinges on victim interaction (UI:R). No public exploit code has been identified and the issue is not in CISA KEV, so there is currently no evidence of active exploitation.

Nvidia Deserialization Information Disclosure RCE Megatron Bridge
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24244 HIGH This Week

Arbitrary code execution and privilege escalation in NVIDIA Megatron Bridge on Linux arises from unsafe deserialization of untrusted data, allowing a local attacker who convinces a user to load a malicious serialized object to run code, tamper with data, and disclose information. NVIDIA (the reporting vendor) rates it 7.8 (High); the CVSS vector requires local access and user interaction, so exploitation is not remote-unauthenticated. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Nvidia Deserialization Information Disclosure RCE Megatron Bridge
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24242 HIGH This Week

Server-side request forgery in NVIDIA Megatron Bridge for Linux allows an attacker to coerce the software into issuing attacker-controlled requests, potentially leading to disclosure of sensitive information. The flaw (CWE-918) was reported by NVIDIA itself and carries a vendor CVSS 3.1 score of 7.8; notably the vector is scored as local with required user interaction (AV:L/UI:R) rather than a classic remote SSRF, which security teams should reconcile against the SSRF classification. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Nvidia SSRF Information Disclosure Megatron Bridge
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-41121 HIGH PATCH This Week

Local privilege escalation in Dell Device Management Agent (DDMA) versions prior to 26.05 allows an already-authenticated, low-privileged user on the host to elevate to full system-level control by abusing insecure symbolic/hard link resolution (CWE-59) during file operations. Dell has released a fix in DDMA 26.05. There is no public exploit identified at time of analysis and EPSS estimates exploitation probability at only 0.12% (3rd percentile), but the SSVC technical impact is rated 'total', reflecting the complete compromise achievable once a foothold exists.

Dell Information Disclosure Device Management Agent
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-14265 HIGH PATCH This Week

Arbitrary code execution in Amazon's AWS Advanced JDBC Wrapper (versions 3.3.0 through 4.0.0) arises from the RemoteQueryCachePlugin deserializing cached query results from Redis or Valkey via a raw ObjectInputStream with no class filtering. An actor able to write to the shared cache can poison entries with a crafted serialized Java object, triggering gadget-chain execution on every application server that later reads that cache entry. No public exploit identified at time of analysis; risk is elevated because a single poisoned cache key fans out to all consuming app servers.

Deserialization Java Redis RCE Aws Advanced Jdbc Wrapper
NVD GitHub
CVSS 4.0
7.7
EPSS
0.4%
CVE-2026-13602 HIGH PATCH This Week

Privilege escalation to full account takeover in pretix (open-source event ticketing) and its payment integration plugins (Stripe, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect, pretix-sofort, pretix-saferpay) lets an authenticated backend operator become any user and read any data in the system. The flaw chains three weaknesses: a signed-session-parameter transport path with no scope validation, a signing-oracle reuse of the same key/salt in an unrelated Referer-obfuscation redirect, and the admin "act on behalf of" impersonation feature. No public exploit is identified at time of analysis (CVSS 4.0 carries E:U, exploit unproven), but the vendor fixed all affected components in releases published 2026-07-01.

RCE Pretix Pretix Mollie Pretix Oppwa Pretix Bitpay +4
NVD
CVSS 4.0
7.7
EPSS
0.2%
CVE-2026-7831 HIGH This Week

Denial of service in the UltraVNC viewer (vncviewer) through 1.8.2.2 arises from an off-by-one stack buffer overflow in the RFB ServerInit message handler, where a malicious VNC server advertising a desktop name of exactly 2024 bytes forces ReadString to write a NUL terminator at _dn[2024], one byte past a 2024-byte stack buffer. A rogue or compromised server can crash victims who connect to it (reliable process termination on /GS-hardened builds) and potentially corrupt adjacent stack data on canary-less release builds. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; exploitation requires the victim to initiate a connection to the attacker-controlled server.

Denial Of Service Buffer Overflow Ultravnc
NVD GitHub
CVSS 3.1
7.6
EPSS
0.4%
CVE-2026-6687 HIGH This Week

Stack-based buffer overflow in FatFs R0.16 and earlier allows an attacker who can present crafted exFAT media to corrupt the stack via f_getlabel(), because the exFAT volume-label length field (XDIR_NumLabel) is trusted without enforcing the specification maximum. FatFs is an embedded FAT/exFAT filesystem library used across microcontroller and IoT firmware, so any device that mounts and reads the label of attacker-supplied storage is exposed. Publicly available exploit code exists (runZero advisory and SSVC 'PoC'), but there is no public exploit identified in active use and it is not listed in CISA KEV.

Buffer Overflow Stack Overflow Fatfs
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.2%
CVE-2026-6688 HIGH This Week

Buffer overflow in FatFs R0.16 and earlier arises when long filenames (up to 255 characters, enabled via FF_USE_LFN) returned in fno.fname are copied by downstream callers into short fixed-size buffers without bounds checks, corrupting memory in the embedded application. Reported by runZero, this is a downstream-caller (CWE-120) pattern affecting integrations of the popular ChaN FatFs embedded filesystem library rather than a defect in FatFs core parsing itself. Publicly available exploit code exists (SSVC Exploitation: PoC, runZero GitHub repo) with total technical impact, though the physical attack vector (AV:P) meaningfully constrains real-world reach; no CISA KEV listing.

Buffer Overflow Fatfs
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.2%
CVE-2026-6682 HIGH This Week

Integer overflow in ELM-Chan FatFS R0.16 and earlier lets a crafted FAT32 volume corrupt file-size metadata during mount_volume(), where `fasize *= fs->n_fats` wraps and produces attacker-controlled, oversized read lengths in downstream callers. The affected code is a widely embedded FAT filesystem library used across microcontrollers and IoT firmware, and while primarily triggered by mounting malicious media, the vendor notes remote delivery is feasible via OTA/update pipelines. Publicly available exploit code exists (runZero research and proof-of-concept repository); no public exploit identified as actively used and it is not listed in CISA KEV.

Integer Overflow Buffer Overflow Fatfs
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.2%
CVE-2026-24264 HIGH This Week

Denial of service in NVIDIA Triton Inference Server for Linux allows remote unauthenticated attackers to exhaust server resources by submitting highly compressed (data-amplification / decompression-bomb) input that the server improperly handles during decompression. The flaw (CWE-409) affects the Linux distribution of Triton and carries a CVSS 7.5 (availability-only impact); there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Impact is limited to availability - no confidentiality or integrity loss.

Nvidia Denial Of Service Triton Inference Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
Prev Page 3 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy