Skip to main content
CVE-2026-13768 CRITICAL PATCH CISA Act Now

Cloud takeover of Gardyn smart indoor garden devices is possible because a privileged Azure IoT Hub 'iothubowner' shared-access key is embedded in the product, letting a malicious actor query the IoT Hub Registry Manager to enumerate connection details for every Gardyn Home Kit and Studio device and then push arbitrary commands to a targeted unit. Because the key is service-level rather than per-device, one extracted credential compromises the entire fleet, and the attacker may pivot from a controlled device onto the victim's home or corporate LAN. This flaw was reported through CISA ICS-CERT (ICSA-26-183-03) and carries a CVSS 4.0 base score of 9.5, but no public exploit identified at time of analysis.

Authentication Bypass
NVD GitHub
CVSS 4.0
9.5
EPSS
0.6%
CVE-2026-57983 CRITICAL PATCH Act Now

Security-feature bypass in Microsoft Edge (Chromium-based) versions prior to 150.0.4078.48 lets a remote, unauthenticated attacker circumvent a browser security control over the network via improper authorization (CWE-285). Microsoft rates it CVSS 10.0 with a changed scope, meaning a successful bypass can affect resources beyond the browser's original security boundary. There is no public exploit identified at time of analysis, and CISA's SSVC framework records exploitation as 'none', so this is a high-severity but not currently-exploited issue with a vendor patch already available.

Authentication Bypass Microsoft Google Microsoft Edge Chromium Based
NVD VulDB
CVSS 3.1
10.0
EPSS
0.5%
CVE-2026-20896 CRITICAL PATCH NEWS Act Now

Reverse-proxy authentication bypass in the official Gitea Docker image (versions up to and including 1.26.2) allows any source IP to impersonate arbitrary users because the image ships with REVERSE_PROXY_TRUSTED_PROXIES=* by default. When an operator enables reverse-proxy header authentication (e.g. X-WEBAUTH-USER), the wildcard trust list means Gitea accepts those identity headers from any client rather than only from a trusted front-end proxy, granting full account takeover including administrator access. No public exploit has been identified at time of analysis, and the issue is patched in Gitea 1.26.3.

Authentication Bypass Gitea Docker Gitea Open Source Git Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2026-14544 CRITICAL Act Now

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter across Red Hat Enterprise Linux 6 through 10, where an integer overflow triggered by specially crafted print data can corrupt memory. This is an incomplete-fix follow-up to CVE-2026-8631, meaning the original patch did not fully close the flaw, and no public exploit has been identified at time of analysis. The Red Hat CVSS of 9.8 reflects a network-reachable, unauthenticated attack path, though realistic exploitation depends on how the CUPS print pipeline is exposed.

Integer Overflow HP RCE Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +3
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-12481 CRITICAL Act Now

Arbitrary code execution in keras-team/keras 3.14.0 lets remote attackers run OS-level commands by supplying a malicious serialized `Lambda` layer that is deserialized without an active `SafeModeScope`. The root cause is `_raise_for_lambda_deserialization()` treating a `None` `safe_mode` (the default when `from_config()` runs outside a `SafeModeScope`) as if it were an explicit `False`, so the safe-mode guard is skipped and attacker-controlled `marshal` bytecode executes. SSVC rates technical impact as total with a proof-of-concept available; EPSS is modest at 0.40% (32nd percentile), and the flaw is not in CISA KEV.

Deserialization RCE Keras Team Keras Red Hat
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-4321 CRITICAL Act Now

SQL injection in Raera's Destekz support/help-desk application (all versions through 02062026) allows remote attackers to inject arbitrary SQL via unsanitized input, per the CVSS:3.1/AV:N/AC:L/PR:N/UI:N vector indicating unauthenticated network exploitation. TR-CERT rates this critical (9.8) with full confidentiality, integrity, and availability impact, meaning an attacker can read, modify, or destroy backend database contents. No public exploit identified at time of analysis, but the vendor has confirmed the product is no longer supported, so no fix will be issued.

SQLi Destekz
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-27780 CRITICAL PATCH Act Now

Branch-protection bypass in Gitea's self-hosted Git server (all versions before 1.26.0) allows a user with push access to circumvent pre-receive hook enforcement by supplying oversized hook input that trips a bufio.Scanner error the code fails to handle safely. Because Gitea does not fail closed on the scanner error, the protection check is silently skipped and the push is accepted. No public exploit identified at time of analysis; EPSS is low (0.17%, 7th percentile) and this is not in CISA KEV, but a vendor patch (v1.26.0) is available.

Authentication Bypass Gitea Gitea Open Source Git Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-26292 CRITICAL PATCH Act Now

Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests.

Authentication Bypass Gitea Gitea Open Source Git Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-58422 CRITICAL PATCH Act Now

Authorization bypass in Gitea Open Source Git Server (versions up to and including 1.26.1) allows a user whose account was deliberately disabled by an administrator to silently regain access simply by signing in through a linked OAuth provider. The OAuth sign-in callback fails to honor the administrator's 'disabled' flag, effectively reversing an intended access-revocation action. EPSS is low (0.16%, 6th percentile) and there is no public exploit identified at time of analysis, but the flaw undermines a core account-lifecycle control on a widely self-hosted platform.

Authentication Bypass Gitea Open Source Git Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-22874 CRITICAL PATCH Act Now

Server-side request forgery in Gitea versions up to and including 1.26.2 lets authenticated users abuse incomplete allow-list filtering in the webhook and repository-migration features to coerce the server into making requests to internal or otherwise restricted network destinations. Because the existing SSRF protection is incomplete rather than absent, attackers can craft addresses that bypass the allow-list checks to reach services that should be unreachable from outside. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; a vendor patch is available in Gitea 1.26.3.

SSRF Gitea Gitea Open Source Git Server
NVD GitHub
CVSS 3.1
9.6
EPSS
0.5%
CVE-2026-58426 CRITICAL PATCH Act Now

Cross-repository information disclosure and cross-task tampering in Gitea's self-hosted Git server (fixed in v1.26.2) arises from an HMAC signature ambiguity in the Actions Artifacts V4 signed-URL scheme, letting an authenticated low-privilege user reuse a validly signed URL outside its intended repository or task context. An attacker with access to a single Actions task can read private artifacts belonging to other repositories and write upload-state for tasks they do not own, crossing the repository trust boundary (CVSS 9.6, scope-changed). There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Jwt Attack Gitea Information Disclosure Gitea Open Source Git Server
NVD GitHub
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-9725 CRITICAL Act Now

Arbitrary file deletion in the Printcart Web to Print Product Designer for WooCommerce WordPress plugin (versions up to and including 2.5.2) lets unauthenticated attackers delete any file on the server, potentially escalating to remote code execution. The store_design_data() function builds a filesystem path from the attacker-controlled 'nbd_item_key' POST value and the nonce guarding the AJAX action can be freely retrieved by anonymous users, so exploitation needs no login. No public exploit has been identified at time of analysis, but the network-reachable, no-privilege profile makes this a high-priority patch.

WordPress Path Traversal RCE Printcart Web To Print Product Designer For Woocommerce
NVD VulDB
CVSS 3.1
9.1
EPSS
0.7%
CVE-2026-56015 CRITICAL Act Now

Out-of-bounds heap read in the Net::IP::LPM Perl module (all versions through 1.10) is triggered when an application passes an oversized CIDR prefix length (e.g. add("1.2.3.4/255") or a /255 IPv6 prefix) to the trie builder, which walks the packed address buffer by the attacker-supplied bit count without validating it against the 32-bit/128-bit address width. The read runs at most ~32 bytes past a 4- or 16-byte buffer and its contents are never returned through the module's API, so real-world impact is limited to a possible process abort under AddressSanitizer, valgrind, or a hardened allocator. No public exploit identified at time of analysis; EPSS is low (0.23%, 13th percentile) and SSVC lists exploitation status as none.

Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-25718 CRITICAL PATCH Act Now

Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths.

Gitea Information Disclosure Gitea Open Source Git Server
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-22547 CRITICAL PATCH Act Now

Gitea versions before 1.25.5 lack validation constraints for repository creation fields, including length-limited template fields and trust model or object format values.

Gitea Information Disclosure Gitea Open Source Git Server
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-26232 CRITICAL PATCH Act Now

Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange.

Information Disclosure Microsoft Gitea Gitea Open Source Git Server
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-26247 CRITICAL PATCH Act Now

Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check.

Authentication Bypass Microsoft Gitea Gitea Open Source Git Server
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy