Skip to main content
CVE-2026-48321 CRITICAL Act Now

Privilege escalation in Adobe ColdFusion 2023 (through Update 21) and ColdFusion 2025 (through Update 10) allows a remote, unauthenticated attacker to bypass authorization checks and gain unauthorized read and write access. Because the CVSS vector marks scope as changed (S:C) with PR:N and no user interaction, the attacker can act beyond the ColdFusion application boundary, yielding the maximum CVSS base score of 10.0. No public exploit is identified at time of analysis, and EPSS is low at 0.24% (15th percentile), indicating no observed weaponization yet despite the critical rating.

Authentication Bypass Privilege Escalation Coldfusion
NVD
CVSS 3.1
10.0
EPSS
0.2%
CVE-2026-48324 CRITICAL Act Now

SQL injection in Adobe ColdFusion 2023 (through Update 21) and ColdFusion 2025 (through Update 10) allows an authenticated attacker to inject crafted SQL and achieve arbitrary code execution in the context of the current user without any user interaction. The flaw carries a critical 9.9 CVSS with a changed scope, meaning impact extends beyond the vulnerable component. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the total technical impact and low attack complexity make it a high-priority patch for internet-facing ColdFusion servers.

SQLi RCE Coldfusion
NVD VulDB
CVSS 3.1
9.9
EPSS
0.7%
CVE-2026-48358 CRITICAL Act Now

Remote code execution in Adobe Commerce (Magento) allows attackers to run arbitrary code in the context of the current user through an improper output encoding/escaping flaw (CWE-116), scored CVSS 10.0 with a changed scope. It affects Adobe Commerce, Adobe Commerce B2B, Magento Open Source, and the Adobe Commerce Webhooks Plugin across a wide range of versions up to 2.4.9 (and B2B up to 1.5.3). Exploitation requires no user interaction; per CVSS PR:N it is unauthenticated, though SSVC rates it as not automatable and there is no public exploit identified at time of analysis.

RCE Adobe Adobe Commerce Adobe Commerce B2B Magento Open Source +1
NVD
CVSS 3.1
10.0
EPSS
0.9%
CVE-2026-10577 CRITICAL CISA Act Now

Unauthenticated remote command execution on Rockwell Automation's 1715-AENTR EtherNet/IP Adapter arises from a network-accessible debug port that enforces no privilege controls, exposing intrusive CLI commands to any attacker who can reach the device. An unauthenticated remote actor can read and delete files, halt tasks, modify memory, and manipulate physical I/O states, giving full control over device confidentiality, integrity, and availability. Rated CVSS 4.0 10.0 (Critical) with subsequent-system impact; no public exploit has been identified at time of analysis.

Authentication Bypass
NVD VulDB
CVSS 4.0
10.0
EPSS
0.3%
CVE-2026-62422 CRITICAL PATCH Act Now

Authentication bypass in JetBrains YouTrack allows attackers to obtain full administrative access by leveraging a direct-database-access code path, per CWE-306 (missing authentication for a critical function). All self-hosted YouTrack builds prior to the 2026.1.13757 / 2025.3.148033 / 2025.2.148048 / 2025.1.148120 / 2024.3.148430 / 2024.2.148429 fix trains are affected, and JetBrains rates it CVSS 10.0. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the maximal severity score and administrative impact make prompt patching essential.

Authentication Bypass Youtrack
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2026-56451 CRITICAL Act Now

Authentication bypass in Siemens Opcenter X (all versions before V2604) lets an unauthenticated remote attacker forge JSON Web Tokens by exploiting improper validation of the algorithm field in the JWT header. Because the application trusts the attacker-controlled 'alg' value, an attacker can craft tokens that impersonate any user - including administrators - yielding full unauthorized access to the manufacturing operations platform. Rated CVSS 10.0 with a scope-changing critical impact; no public exploit identified at time of analysis and it is not currently in CISA KEV.

Authentication Bypass Jwt Attack Opcenter X
NVD
CVSS 4.0
10.0
EPSS
0.4%
CVE-2026-56196 HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Windows Admin Center allows an authenticated attacker to run arbitrary code over the network by exploiting a relative path traversal (CWE-23) flaw. Any user holding valid low-privilege credentials to the WAC gateway can leverage the traversal to break out of the intended file path and achieve full compromise (confidentiality, integrity, and availability impact all High). Microsoft has published a patch via MSRC; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Path Traversal Windows Admin Center
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2026-44747 CRITICAL NEWS Act Now

Memory corruption in SAP NetWeaver Application Server ABAP lets an authenticated attacker exploit logical flaws in memory management (an out-of-bounds write) to read or alter data and crash the system, with high impact on confidentiality, integrity, and availability. SAP rates it CVSS 9.9 with a changed scope, meaning a low-privileged user can affect components beyond their own authorization boundary. There is no public exploit identified at time of analysis, but the low attack complexity and network reachability make it a high-priority patch for any exposed ABAP stack.

Buffer Overflow SAP Memory Corruption Sap Netweaver Application Server Abap
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-48322 CRITICAL Act Now

Code injection (CWE-94) in Adobe ColdFusion 2023 (Update 21 and earlier) and ColdFusion 2025 (Update 10 and earlier) allows a low-privileged, network-adjacent attacker to execute arbitrary code in the context of the current user without any user interaction. Because the CVSS scope is changed, successful exploitation can extend impact beyond the vulnerable component to the underlying host. There is no public exploit identified at time of analysis and the EPSS probability is low (0.43%, 35th percentile), but the near-maximum CVSS of 9.9 and Adobe's own PSIRT reporting make this a high-priority patch.

RCE Code Injection Coldfusion
NVD VulDB
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-47295 HIGH PATCH Exploit Unlikely This Week

Privilege elevation in Microsoft SQL Server (2016 SP3 through 2025) allows an authenticated attacker to inject crafted SQL commands over the network and gain higher database privileges (CVSS 8.8). The flaw is a classic improper neutralization of special elements (CWE-89) reachable by any principal already holding low-level database access. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV, though a vendor patch is available.

SQLi Microsoft Sql Server 2016 Service Pack 3 Gdr Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack Microsoft Sql Server 2017 Cu 31 Microsoft Sql Server 2017 Gdr +6
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2026-56197 HIGH PATCH Exploit Unlikely This Week

Authenticated remote code execution in Microsoft Windows Admin Center (CWE-77) lets an attacker with low-privilege access inject and run arbitrary commands over the network, yielding full confidentiality, integrity, and availability compromise (CVSS 8.8). Microsoft has released a patch; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Microsoft Command Injection Windows Admin Center
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2026-56642 HIGH PATCH This Week

Remote code execution in Microsoft Fabric Data Warehouse allows an authenticated attacker to run arbitrary code over the network by triggering a stack-based buffer overflow (CWE-121). The flaw carries a CVSS 8.8 rating with high impact to confidentiality, integrity, and availability, and requires only low-privilege access with no user interaction. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but a vendor patch is available via MSRC.

Buffer Overflow Stack Overflow Microsoft Service Fabric
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2026-57102 HIGH PATCH This Week

Security-feature bypass in Microsoft Visual Studio Code lets a remote attacker deliver functionality from an untrusted control sphere (CWE-829) that circumvents a built-in protection, yielding high confidentiality, integrity, and availability impact once a victim opens or interacts with attacker-supplied content. Rated CVSS 8.8 (AV:N/AC:L/PR:N/UI:R), it requires user interaction but no authentication, and Microsoft has released a fix via MSRC. There is no public exploit identified at time of analysis and it is not on the CISA KEV list.

Authentication Bypass Visual Studio Code
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2026-58277 HIGH PATCH Exploit Unlikely This Week

Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016 and Server 2019) allows an authenticated network attacker to abuse an improper authorization check to gain higher privileges within the SharePoint environment. The flaw is tagged as an authentication bypass and carries a CVSS 8.8, reflecting high impact to confidentiality, integrity, and availability from a low-privileged starting point. Microsoft has released a patch; there is no public exploit identified at time of analysis and no CISA KEV listing.

Authentication Bypass Microsoft Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2026-55005 HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) lets an authenticated attacker corrupt heap memory to run arbitrary code across the network. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N) shows low-privilege network exploitation with full confidentiality, integrity, and availability impact, and Microsoft has released a patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 14 +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2026-50444 HIGH PATCH NEWS Exploit Unlikely This Week

Privilege elevation in Microsoft's Windows Server Update Services (WSUS) role allows a network-based, low-privileged attacker to gain higher privileges due to a missing authentication check on a critical function (CWE-306). The flaw affects WSUS as shipped on Windows Server 2012 through 2025 (and client builds Windows 10 1607/1809), with a CVSS 3.1 base score of 8.8; Microsoft has released a patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-reachable, low-complexity nature makes this a high-priority patch for update-management infrastructure.

Authentication Bypass Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows Server 2012 +10
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2026-47303 HIGH PATCH Exploit Unlikely This Week

Privilege elevation in ASP.NET Core (bundled with .NET 8.0, 9.0, and 10.0) lets an already-authenticated, low-privileged network attacker bypass authentication controls by tampering with data the framework wrongly assumes to be immutable (CWE-302). Microsoft reported and patched the flaw; there is no public exploit identified at time of analysis and it is not on CISA KEV. At CVSS 8.8 with PR:L, an authorized user can escalate to higher privileges over the network.

Authentication Bypass Net 10 0 Net 8 0 Net 9 0 Microsoft Visual Studio 2022 Version 17 12 +2
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2026-47300 HIGH PATCH Exploit Unlikely This Week

Privilege elevation in ASP.NET Core (bundled with .NET 8.0, 9.0, and 10.0) lets an already-authenticated, low-privileged network attacker gain higher privileges by abusing a flawed authentication algorithm implementation (CWE-303). Microsoft reported the flaw and has released a patch; there is no public exploit identified at time of analysis and it is not on the CISA KEV. The 8.8 CVSS reflects high confidentiality, integrity, and availability impact reachable over the network with only low prior privileges.

Information Disclosure Net 10 0 Net 8 0 Net 9 0 Microsoft Visual Studio 2022 Version 17 12 +2
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-55052 HIGH PATCH This Week

Privilege escalation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets an already-authenticated network user gain higher privileges by exploiting a missing authorization check (CWE-862). Any low-privileged account with access to the SharePoint web application can abuse the flaw to perform actions reserved for higher-privileged roles, with full confidentiality, integrity, and availability impact per the CVSS 8.8 rating. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Microsoft Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019 Microsoft Sharepoint Server Subscription Edition
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-57969 HIGH PATCH This Week

Privilege escalation in Microsoft Azure CycleCloud 8.9.1 allows an authorized (low-privileged) attacker to gain elevated privileges over the network by reaching a critical function that lacks an authentication check (CWE-306). Reported by Microsoft with a patch available and rated CVSS 8.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The flaw enables full compromise of the CycleCloud instance's confidentiality, integrity, and availability, making it a high-priority patch for HPC-orchestration environments.

Authentication Bypass Microsoft Azure Cyclecloud 8 9 1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-54052 CRITICAL PATCH GHSA Act Now

Cross-tenant data exposure in n8n-mcp (npm package, <= 2.56.0) lets an authenticated tenant on a shared multi-tenant HTTP instance read, delete, and destroy the automatic workflow version backups belonging to other tenants. Because each snapshot embeds full node definitions, the leaked data can include credential references and authorization headers, making this both a confidentiality and an integrity/availability failure. Rated CVSS 9.9 due to the scope change across tenant trust boundaries; no public exploit is identified at time of analysis, and it is not listed in CISA KEV.

Docker Authentication Bypass
NVD GitHub
CVSS 3.1
9.9
CVE-2026-45262 CRITICAL GHSA Act Now

Cross-resource SQL injection in the FacturaScripts REST API (all versions through 2026.1) lets a low-privileged, scoped ApiKey read or modify arbitrary database tables via the `filter` query parameter, enabling full admin account takeover. A single GET request with a parenthesized filter key leaks the admin's bcrypt password hash and `logkey` session token, which are then replayed as the `fsLogkey` cookie to reach admin-only endpoints like `/AdminPlugins`. A live end-to-end PoC was verified on 2026-04-30, so publicly available exploit code exists, though there is no public exploit identified as being used in active attacks (not in CISA KEV).

Oracle SQLi PHP CSRF RCE
NVD GitHub
CVSS 3.1
9.9
CVE-2026-11567 MEDIUM POC PATCH This Month

SureForms WordPress plugin before 2.11.1 permits unauthenticated attackers to submit manipulated payment amounts below the configured price on any form using a dynamically-sourced or hidden variable payment field, enabling financial fraud against site operators. The integrity bypass is confined to forms with variable pricing; fixed-price forms are explicitly unaffected. A publicly available proof-of-concept exists via WPScan, and a vendor patch is available in version 2.11.1 - though no CISA KEV listing confirms active mass exploitation at time of analysis.

WordPress Information Disclosure Sureforms
NVD WPScan
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-47632 HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Microsoft's Azure Monitor Agent (specifically the Metrics Extension) lets an unauthenticated attacker on an adjacent network gain elevated privileges by exploiting improper TLS certificate validation (CWE-295). Because the agent fails to properly verify the certificate of the endpoint it communicates with, an attacker positioned on the same broadcast/logical network segment can impersonate a trusted server and hijack the agent's privileged context, yielding high confidentiality, integrity, and availability impact. Microsoft rates it CVSS 8.8; there is currently no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Microsoft Azure Monitor Agent Metrics Extension
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-51808 CRITICAL Act Now

Heap out-of-bounds read/write in OpenHTJ2K (High-Throughput JPEG 2000 reference codec) v0.18.4 and earlier lets an attacker corrupt heap memory by supplying a crafted J2K/JP2 codestream, with a confirmed heap information-leak primitive and vendor-claimed arbitrary code execution. The flaw is reached through every decoder entry point (invoke, invoke_line_based, invoke_line_based_stream, invoke_line_based_predecoded) and, notably, through a JPIP server's startup codestream load, making it network-reachable without user interaction. There is no public exploit identified at time of analysis, though the vendor changelog references non-public PoC files, and the issue is not listed in CISA KEV.

Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-51807 CRITICAL Act Now

Buffer Overflow vulnerability in OpenHTJ2K v.0.18.4 and before allows an attacker to execute arbitrary code via the j2k_precinct_subband::parse_packet_header() in source/core/coding/coding_units.cpp

Buffer Overflow RCE Stack Overflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-55034 HIGH PATCH Exploit Unlikely This Week

Cross-site scripting (CWE-79) in on-premises Microsoft SharePoint Server allows an authenticated, low-privileged attacker to inject script that executes in another user's browser session, enabling spoofing across a network. The scope-changed CVSS 3.1 rating of 8.7 (vector AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N) reflects the ability to break out of the vulnerable component's security context and impact victim data. Microsoft has released patches; there is no public exploit identified at time of analysis and CISA SSVC currently records exploitation as none.

Microsoft XSS Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019 Microsoft Sharepoint Server Subscription Edition
NVD
CVSS 3.1
8.7
EPSS
0.6%
CVE-2026-5270 CRITICAL Act Now

Authentication bypass in Ciena Navigator Network Control Suite (NCS 8.1), Manage Control Plane (MCP ≤ 8.0), and Blue Planet components (Inventory, Orchestration, Route Optimization & Analysis, Unified Assurance & Analytics, Planner Plus) allows an unauthenticated network attacker to manipulate HTTP request paths and headers to reach protected functionality while also evading audit logging. Rated CVSS 9.8 with a fully remote, low-complexity, no-interaction vector, this flaw hands attackers administrative-level access to carrier-grade network control and orchestration platforms. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the trivial exploitation profile makes it a high-priority patch for affected operators.

Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-5269 CRITICAL Act Now

Predictable default credentials in Ciena's Navigator Network Control Suite (NCS), Manage Control Plane (MCP), and Planner Plus OnPrem expose hidden system accounts used for internal software operations to remote attackers. These accounts carry limited permissions in isolation, but their known default passwords give an attacker a foothold that can be chained with other weaknesses to escalate privilege on the management system. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV, so exploitation remains theoretical rather than demonstrated.

Privilege Escalation
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-38450 CRITICAL Act Now

Remote code execution in Aetopia Digital Asset Management (DAM) v1.0.0 is achievable through a server-side template injection flaw: attacker-controlled input in the 'name' and 'description' parameters of the Add/Update Project function is evaluated by the server-side template engine, letting an attacker run arbitrary code on the host. NVD scores this CVSS 9.8 (network, low complexity, no privileges required), and a public researcher writeup detailing the SSTI exists on the eslam3kl GitBook; however, there is no public exploit identified as weaponized code and it is not listed in CISA KEV, so it is not confirmed as actively exploited. Note the CVSS PR:N rating conflicts with the fact that Add/Update Project is normally an authenticated application feature.

RCE Code Injection
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-13001 CRITICAL Act Now

Arbitrary file upload in the Podlove Podcast Publisher WordPress plugin (all versions through 4.5.1) allows remote attackers to place attacker-controlled files on the server via the image caching path, potentially escalating to remote code execution. The root cause is incomplete file-type validation in the plugin's image cache handling, where a cached file's extension was trusted rather than re-derived from the actual validated image type. Reported by Wordfence and fixed upstream; no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

RCE WordPress Podlove Podcast Publisher
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2026-55944 CRITICAL PATCH NEWS Exploit Likely Act Now

Remote code execution in Microsoft Dynamics NAV 2018 allows an unauthorized, network-based attacker to run arbitrary code by submitting maliciously crafted serialized data that the application deserializes without validation (CWE-502). With a CVSS 9.8 vector requiring no authentication and no user interaction, successful exploitation grants full compromise of the ERP host. Microsoft has released a patch via MSRC; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Deserialization Microsoft Dynamics Nav 2018
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2026-42990 CRITICAL PATCH Act Now

Remote code execution in the Microsoft ODBC Driver for SQL Server (shipped across Windows 10, Windows 11, and Windows Server 2012 through 2025) stems from a heap-based buffer overflow that lets an attacker run arbitrary code over the network. The supplied CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) scores it 9.8 and marks it unauthenticated, though as a database driver flaw the realistic trigger is a client connecting to a malicious or compromised SQL Server endpoint. There is no public exploit identified at time of analysis and no CISA KEV listing, so this is a high-severity but not yet actively-exploited issue.

Heap Overflow Buffer Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +16
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-15043 CRITICAL PATCH Act Now

Incorrect WHERE-clause evaluation in Perl's DBI::SQL::Nano (versions 1.42 up to 1.651) causes text-based '<=' and '>=' comparisons to be silently inverted, so range-filtered queries return the wrong set of rows. The flaw affects DBI's built-in fallback mini-SQL engine used by file-backed drivers (DBD::File, DBD::DBM, CSV-style) when SQL::Statement is absent, and applications that rely on such predicates for policy or authorization filtering may leak or mishandle records without any error. There is no public exploit identified at time of analysis and the issue is not in CISA KEV; the fix is available upstream in DBI 1.651.

Information Disclosure Dbi
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-62392 CRITICAL Act Now

OS command injection in Apache Kylin (versions 4 through 5.0.3) allows attackers to execute arbitrary operating-system commands by supplying malicious job configuration parameters that a backend API passes unsanitized to the OS command line. Because Kylin runs as a distributed analytics engine, successful exploitation yields full host compromise with the privileges of the Kylin service account. Per the vendor CVSS (AV:N/PR:N), the flaw is scored as network-reachable and unauthenticated with high impact across confidentiality, integrity, and availability; no public exploit is identified at time of analysis, and it is not listed in CISA KEV.

Command Injection Apache Kylin
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2026-62390 CRITICAL Act Now

SQL injection in Apache Kylin (versions 4 through 5.0.3) allows attackers to inject arbitrary SQL through a backend API used to refresh the table catalog, where untrusted input is concatenated into a dynamically generated SQL statement. The upstream CVSS 3.1 vector rates this as unauthenticated (PR:N) with full confidentiality, integrity, and availability impact (9.8), enabling database read/write and potentially further compromise. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

SQLi Apache Kylin
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-55021 HIGH PATCH This Week

Spoofing via stored cross-site scripting in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription Edition) allows an authenticated attacker to inject script that executes in another user's browser session across a network. CVSS is 8.7 with a scope change, reflecting that injected content escapes into the victim's authenticated context; there is no public exploit identified at time of analysis and CISA SSVC rates exploitation status as none. A vendor patch is available via Microsoft MSRC.

Microsoft XSS Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019 Microsoft Sharepoint Server Subscription Edition
NVD
CVSS 3.1
8.7
EPSS
0.5%
CVE-2026-15773 CRITICAL PATCH Act Now

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Use After Free Denial Of Service Google Microsoft Memory Corruption
NVD VulDB
CVSS 3.1
9.6
EPSS
0.3%
CVE-2026-48356 CRITICAL Act Now

Arbitrary code execution in Adobe Commerce, Adobe Commerce B2B, and Magento Open Source stems from an unrestricted file upload (CWE-434) that runs in the context of the current user, letting an attacker inject malicious scripts and hijack a victim's account or session. Exploitation is network-reachable and marked unauthenticated by the CVSS vector but requires the victim to visit a crafted URL or interact with a compromised page, and the scope is changed (impact extends beyond the vulnerable component). No public exploit is identified at time of analysis and the issue is not listed in CISA KEV; Adobe rates it CVSS 9.6 critical.

File Upload RCE Adobe Adobe Commerce Adobe Commerce B2B +2
NVD
CVSS 3.1
9.6
EPSS
28.3%
CVE-2026-48259 CRITICAL Act Now

Server-Side Request Forgery in Adobe Experience Manager (AEM as a Cloud Service, 6.5 LTS, and 6.5) lets a low-privileged, authenticated attacker coerce the server into issuing crafted requests that can escalate to arbitrary code execution in the current user's context and hijack the victim's account or session. The scope-changed CVSS 9.6 rating reflects that the SSRF pivots beyond the vulnerable component itself. No public exploit identified at time of analysis, and no CISA KEV listing; risk is driven by CVSS severity and Adobe's confirmation via advisory APSB26-74 rather than observed exploitation.

SSRF RCE Adobe Adobe Experience Manager As A Cloud Service Adobe Experience Manager 6 5 Lts +1
NVD
CVSS 3.1
9.6
EPSS
0.4%
CVE-2026-48359 CRITICAL Act Now

Sensitive file disclosure and potential account takeover in Adobe Experience Manager (AEM as a Cloud Service, 6.5, and 6.5 LTS) arises from unsafe XML External Entity (XXE) processing that Adobe classifies as leading to arbitrary code execution in the current user's context. A low-privileged, authenticated attacker (PR:L) can trigger the flaw remotely over the network with no user interaction, reading protected files and pivoting to elevated access or session control. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the 9.6 CVSS score and scope-change make it a high-priority patch.

RCE XXE Adobe Adobe Experience Manager As A Cloud Service Adobe Experience Manager 6 5 Lts +1
NVD
CVSS 3.1
9.6
EPSS
0.5%
CVE-2026-48561 CRITICAL PATCH NEWS Exploit Unlikely Act Now

Remote code execution in the Microsoft 365 Copilot mobile apps for Android and iOS lets an unauthenticated attacker run code across a security boundary by getting a user to interact with crafted content (CWE-77 command injection). The CVSS 9.6 rating reflects network reach, low complexity, no privileges, and a changed scope with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, but a vendor patch is available and the flaw was self-reported by Microsoft.

Microsoft Command Injection Microsoft 365 Copilot For Android Microsoft 365 Copilot For Ios
NVD
CVSS 3.1
9.6
EPSS
0.8%
CVE-2026-59891 CRITICAL PATCH Act Now

Credential leakage in sigstore-js (specifically the @sigstore/oci package) before 0.7.1 allows Docker registry credentials to be transmitted to the wrong registry because getRegistryCredentials() matched configured auth keys against the target registry using a substring check instead of an exact host match. An attacker who can induce a victim to push or pull signatures/attestations against an attacker-named registry whose hostname has a substring relationship with a legitimately configured registry (e.g. 'cr.io' vs 'ghcr.io', or 'victim.127.0.0.1:5000' vs '127.0.0.1:5000') can capture the victim's stored registry credentials. There is no public exploit identified at time of analysis, and this is not listed in CISA KEV; the underlying weakness (CWE-522) is confirmed and fixed by the vendor in @sigstore/oci 0.7.1.

Docker Information Disclosure Sigstore Js
NVD GitHub
CVSS 3.1
9.6
EPSS
0.3%
CVE-2026-50520 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Visual Studio Code stems from a command injection flaw (CWE-77) that lets an attacker run arbitrary commands on the host with the privileges of the editor. Reported by Microsoft with a vendor patch available, the CVSS 3.1 score of 8.4 reflects full compromise of confidentiality, integrity, and availability via a local attack vector requiring no privileges or user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Command Injection Visual Studio Code
NVD
CVSS 3.1
8.4
EPSS
0.6%
CVE-2026-15703 MEDIUM POC This Month

A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unknown code of the file /admin/userproductdeletequery.php. Performing a manipulation of the argument user_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

SQLi PHP Simple And Nice Shopping Cart Script
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-15677 MEDIUM POC This Month

Unrestricted file upload in code-projects Online Job Portal 1.0 exposes unauthenticated remote attackers to arbitrary file upload via the txtFile parameter in /JobSeekerInsert.php, enabling likely webshell deployment and subsequent server-side code execution. A public proof-of-concept exploit exists (no KEV listing), substantially lowering the exploitation barrier for any internet-exposed instance. The CVSS 4.0 impact metrics are conservatively rated Low across C/I/A, which understates the realistic post-exploitation potential of an unrestricted PHP file upload - successful webshell placement typically yields full OS command execution in the web server process context.

PHP File Upload Online Job Portal
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-15676 MEDIUM POC This Month

SQL injection in code-projects Online Job Portal 1.0 exposes the /Admin/DeleteUser.php endpoint to unauthenticated remote database manipulation. An attacker can craft HTTP requests that inject arbitrary SQL, enabling data extraction, modification, or deletion from the underlying database. A public proof-of-concept exploit exists (GitHub: shihuizhang-dazhi/MY-CVE/issues/4), lowering the bar for exploitation; this vulnerability is not currently listed in CISA KEV.

SQLi PHP Online Job Portal
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-15675 MEDIUM POC This Month

SQL injection in code-projects Online Job Portal 1.0 exposes the /Admin/EditUser.php endpoint to remote database manipulation via the unsanitized UserId parameter. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) classifies this as remotely exploitable with no authentication or interaction required, though the Admin path location raises questions about actual auth gating in practice. A public exploit exists (E:P confirmed in CVSS 4.0 and via GitHub issue), lowering the skill bar for exploitation considerably; this CVE is not currently listed in CISA KEV.

SQLi PHP Online Job Portal
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-15622 MEDIUM POC PATCH This Month

Unauthenticated authorization bypass in poco-ai/poco-claw's Workspace API allows remote attackers to access arbitrary users' workspace files by manipulating the user_id parameter in the get_workspace_file function. All versions through 0.5.4 are affected, with the executor manager's control-plane routes completely lacking token-based authentication before the fix. Publicly available exploit code exists (POC confirmed via GitHub issue #133 and PR #135); no CISA KEV listing at time of analysis.

Authentication Bypass Poco Claw
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.4%
CVE-2026-15265 CRITICAL Act Now

Arbitrary file write via path traversal in Tenable Agent 11.2.0 and 11.1.3 and earlier lets a privileged attacker escape the intended plugin directory and drop files at attacker-chosen paths, potentially escalating to remote code execution. The flaw is vendor-reported (Tenable TNS-2026-18) and affects the endpoint scanning agent that typically runs with elevated/service privileges. No public exploit identified at time of analysis and it is not listed in CISA KEV.

Path Traversal RCE Tenable Agent
NVD
CVSS 4.0
9.4
EPSS
0.4%
Prev Page 2 of 20 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy