Skip to main content
CVE-2026-58658 HIGH POC PATCH This Week

Unauthenticated information disclosure in GPUStack through version 2.2.1 lets remote attackers reach the worker port's unprotected /serveLogs and /debug endpoints to stream live inference logs - including user prompts and model completions - and to alter worker runtime configuration such as log levels and memory profiling output. Because the flaw is missing authentication (CWE-306) on network-exposed endpoints, exploitation requires no credentials and no user interaction; publicly available exploit code exists, though the issue is not listed in CISA KEV. VulnCheck reported it and the vendor fixed it in commit 4e20551.

Authentication Bypass Information Disclosure Gpustack
NVD GitHub
CVSS 4.0
8.8
EPSS
0.4%
CVE-2026-12512 HIGH POC PATCH This Week

UNION-based SQL injection in the Quotes Llama WordPress plugin (all versions before 3.1.6) lets unauthenticated remote attackers inject arbitrary SQL through an unsanitized request parameter and read any data from the WordPress database, including user password hashes. Publicly available exploit code exists and a vendor patch has been released; the flaw carries a high EPSS-relevant profile because it is remotely reachable with no authentication or user interaction. This is no public exploit identified as actively exploited (not in CISA KEV), but working PoC availability makes opportunistic mass-scanning likely.

SQLi WordPress Quotes Llama
NVD WPScan VulDB
CVSS 3.1
8.6
EPSS
0.2%
CVE-2026-40501 HIGH POC PATCH This Week

Remote code execution in Cherry Studio 1.2.2 through 1.9.12 lets attackers who control search-provider content run arbitrary Node.js code because the SearchService loads that content into an Electron BrowserWindow with nodeIntegration enabled and contextIsolation disabled. An attacker controlling a search engine provider, search result page, or provider settings page can execute JavaScript with full Node.js privileges under the OS account running the app. Publicly available exploit code exists (VulnCheck/Mundi-Xu gist) and a vendor patch (commit 1518530) is available; the flaw is not currently listed in CISA KEV.

Node.js RCE Cherry Studio
NVD GitHub
CVSS 4.0
8.6
EPSS
0.4%
CVE-2026-58659 HIGH POC PATCH This Week

Remote code execution in PyTorch Lightning through 2.6.5 allows an attacker who can get a victim to load a malicious checkpoint file to execute arbitrary code. The flaw lives in the _load_state routine, which imports and calls the module path named in a checkpoint's _instantiator hyperparameter, letting a crafted .ckpt bypass torch's weights_only=True safeguard when LightningModule.load_from_checkpoint is invoked. Reported by VulnCheck, it is fixed in commit d710d68 (PR #21832) via an instantiator allowlist, and publicly available exploit code exists though it is not listed in CISA KEV.

Checkpoint RCE Pytorch Lightning
NVD GitHub
CVSS 4.0
8.4
EPSS
0.2%
CVE-2026-12281 HIGH POC PATCH This Week

Authentication bypass in the Shibboleth WordPress plugin before 2.5.4 lets remote unauthenticated attackers forge identity headers and log in when the HTTP header identity mode is enabled without an anti-spoofing key. Because the plugin fails open rather than closed, any request carrying identity headers is trusted as an authenticated session, and with automatic account creation plus the default administrator role mapping an attacker can provision and sign in as a brand-new administrator. Rated CVSS 8.1 (CWE-287); publicly available exploit code exists (WPScan), but it is not listed in CISA KEV.

Authentication Bypass WordPress Shibboleth
NVD WPScan VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-59258 HIGH POC PATCH This Week

Album ownership takeover in immich before 3.0.3 allows a user with shared-album editor access to escalate to full owner by abusing the PUT /albums/:id/user/:userId endpoint (CWE-863, Incorrect Authorization). Because the endpoint fails to enforce owner-only restrictions on role changes, an editor can demote the legitimate owner and promote themselves across two sequential requests, gaining deletion and member-eviction control over the album and its assets. Publicly available exploit code exists and a vendor patch (v3.0.3) has shipped, though it is not currently listed in CISA KEV.

Authentication Bypass Immich
NVD GitHub
CVSS 4.0
7.2
EPSS
0.3%
CVE-2026-58660 HIGH POC PATCH This Week

Broken object-level authorization in Kanboard through 1.2.52 lets any authenticated user who belongs to at least one project move, corrupt, or hide tasks in any other project on the same instance, including private projects they have no role on. The BoardAjaxController save() drag-and-drop endpoint checks the caller's role against the attacker-supplied project_id but never confirms the supplied task_id belongs to that project, and because task IDs are sequential integers shared instance-wide they are trivially enumerable. Publicly available exploit code exists and a vendor patch (commit 564cc30) is available, but this is not listed in CISA KEV and there is no public exploit identified as actively exploited in the wild.

Authentication Bypass Kanboard
NVD GitHub
CVSS 4.0
7.2
EPSS
0.4%
CVE-2026-59255 HIGH POC PATCH This Week

Improper authorization in SpecterOps BloodHound through 9.4.0 lets any authenticated user tamper with the global custom-node graph schema by calling POST, PUT, and DELETE operations on the /api/v2/custom-nodes endpoints, which enforced only that a caller was logged in rather than that they held write permissions. Because custom node kinds are a shared, tenant-wide schema construct, a single low-privileged account can create, alter, or delete node types that affect every user and tenant on the instance. Publicly available exploit code exists and a vendor patch (commit 8f79035) is available; there is no CISA KEV listing, so exploitation is not confirmed as active.

Authentication Bypass Bloodhound
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-52887 CRITICAL PATCH Act Now

SQL injection in NocoBase's @nocobase/plugin-notification-in-app-message (before 2.0.61) lets any signed-up authenticated user reach GET /api/myInAppChannels:list and inject into the filter[latestMsgReceiveTimestamp][$lt] parameter, which is concatenated into a Sequelize.literal() template with no escaping or parameter binding. Because PostgreSQL permits stacked statements through this sink, an attacker can run arbitrary SQL and escalate to operating-system command execution via COPY ... TO PROGRAM. No public exploit identified at time of analysis and the flaw is not in CISA KEV, but the code fix and regression tests are public in the vendor commit, and the vendor rates it CVSS 10.0.

SQLi PostgreSQL Nocobase
NVD GitHub
CVSS 3.1
10.0
EPSS
0.6%
CVE-2026-50148 CRITICAL PATCH Act Now

Remote code execution in Metabase (open-source business intelligence platform) versions 1.54.0 through the fixed releases lets a user holding database-connection management rights run arbitrary code on the Metabase server. By pointing a Snowflake connection at an attacker-controlled server, a flaw in the bundled Snowflake JDBC driver writes attacker files anywhere on the host, overwriting one of Metabase's own driver files that later executes inside the Metabase process. There is no public exploit identified at time of analysis, but the vendor rates it CVSS 10.0 and a vendor security advisory (GHSA-r6x2-rchx-q9g9) confirms both the flaw and fixed versions.

RCE Metabase
NVD GitHub
CVSS 3.1
10.0
EPSS
0.4%
CVE-2026-56699 CRITICAL PATCH Act Now

NDJSON injection in Wazuh Manager before 5.0.0-beta3 lets any enrolled agent smuggle arbitrary OpenSearch bulk operations because the DataValue.index field is not escaped when the manager builds inventory-sync bulk requests. Because those requests execute under the manager's OpenSearch admin credentials, a single low-trust agent can delete documents, tamper with alerts, and manipulate SIEM state across all other agents. Rated CVSS 10.0 by the reporter (VulnCheck); no public exploit identified at time of analysis and it is not listed in CISA KEV.

Code Injection Wazuh
NVD GitHub
CVSS 4.0
10.0
EPSS
0.4%
CVE-2026-30618 CRITICAL Act Now

Remote code execution in xszyou Fay 4.3.1 lets an unauthenticated remote attacker reach the publicly exposed MCP (Model Context Protocol) management interface and register an MCP STDIO server with attacker-chosen commands, which the service then executes on the host. The CVSS 3.1 base score is 9.8 (AV:N/AC:L/PR:N/UI:N) reflecting network-reachable, no-authentication, low-complexity exploitation. There is no public exploit identified at time of analysis; EPSS is modest at 0.61% (45th percentile), and this CVE is part of a broader MCP-ecosystem supply-chain advisory published by ox.security.

RCE Code Injection N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-52891 CRITICAL Act Now

OS command injection in Wekan (the open-source Meteor-based kanban board) before version 9.07 lets an authenticated user execute arbitrary commands on the server by uploading an avatar with shell metacharacters in its filename. The user-supplied filename is embedded into a shell string passed to child_process.exec() for MIME-type detection in models/avatars.js and models/fileValidation.js, so backticks or $() in the name run as server-side commands. No public exploit is identified at time of analysis, but the vendor commit and advisory confirm the flaw; it is fixed in v9.07.

Command Injection Wekan
NVD GitHub
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-44986 CRITICAL PATCH Act Now

Account takeover in Penpot before 2.14.5 allows an authenticated registered user to hijack any non-blocked profile without knowing its password. The flaw chains three defects: create-team-invitations leaks invitation tokens, prepare-register-profile embeds an existing profile's id into the prepared-register JWE, and register-profile then mints a session on an invitation email match while skipping password verification (CWE-287). No public exploit has been identified, but the fix commit and PR diff are public and the CVSS base score is 9.9.

Authentication Bypass Penpot
NVD GitHub
CVSS 3.1
9.9
EPSS
0.3%
CVE-2026-30623 CRITICAL Act Now

Command injection in LiteLLM 1.18.10 lets attackers who can configure MCP (Model Context Protocol) servers supply arbitrary `command` and `args` values in the server-creation JSON, which LiteLLM passes to the host OS without validation, yielding remote code execution as the LiteLLM process. The flaw is part of the broader MCP-stdio supply-chain advisory disclosed by ox.security across the AI ecosystem and is documented in LiteLLM's own April 2026 advisory. No public exploit is identified in the provided data, and EPSS is low (0.32%, 24th percentile), so widespread automated exploitation is not currently indicated despite the CVSS 9.8 rating.

RCE Command Injection N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-65720 CRITICAL Act Now

Remote command execution in Open Source GPT Researcher v3.3.7 lets attackers run arbitrary OS commands on a victim's machine when the user interacts with a crafted HTML page, exploiting a command injection (CWE-77) weakness. The flaw was reported by MITRE and detailed in ox.security research covering RCE across the AI/MCP ecosystem; no public exploit is identified in CISA KEV, and EPSS probability is low (0.21%). Because GPT Researcher autonomously fetches and processes web content, a malicious page encountered during a research run can drive execution on the host.

Command Injection N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-14960 CRITICAL Act Now

Local privilege escalation in Pegatron's Tdelo64.sys kernel driver allows any unprivileged user to perform arbitrary hardware I/O port reads and writes through the \\.\TdeIo device. The driver's TDE_IOCTL_INDEXIO_READ and TDE_IOCTL_INDEXIO_WRITE handlers lack authorization checks, letting a local attacker manipulate hardware registers to gain kernel-level control, tamper with firmware interfaces, or establish persistent low-level compromise. Reported by CERT/CC; no public exploit identified at time of analysis, and EPSS is low at 0.20% (10th percentile).

Privilege Escalation Tdelo64 Sys
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-51380 CRITICAL Act Now

Remote code execution or permanent denial of service in the Tenda AC10 v3 SOHO router (firmware V03.03.16.09) stems from a classic buffer overflow reachable through the /cgi-bin/UploadCfg web endpoint. Attackers who can reach the router's management interface can send oversized crafted input to crash the device permanently or potentially run arbitrary code on it. Proof-of-concept material appears to be published on GitHub, though this is not listed in CISA KEV and carries a low EPSS score of 0.17% (7th percentile), indicating no confirmed widespread exploitation yet.

Buffer Overflow Tenda Denial Of Service N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-55652 CRITICAL Act Now

Authentication bypass in Wekan (open-source Meteor kanban) before version 9.46 lets an unauthenticated attacker impersonate any account, including admin. The header-login feature's getRequestIp() in server/lib/headerLoginAuth.js trusts the client-supplied X-Forwarded-For header instead of the real TCP socket peer, so an attacker who can reach the HTTP port can spoof a trusted source IP and submit HEADER_LOGIN_ID for any username to receive a valid meteor_login_token session. Tracked by the vendor as 'ProxyBleed' (GHSA-jggc-qvfc-jr6x); CVSS 9.8. No public exploit identified at time of analysis and not listed in CISA KEV.

Authentication Bypass Wekan
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-54458 CRITICAL Act Now

Stored DOM cross-site scripting in WWBN AVideo's YPTSocket plugin (all versions prior to 29.0) lets any unauthenticated remote attacker run arbitrary JavaScript in the browser session of any administrator viewing the YPTSocket online-users debug panel. Because the malicious WebSocket metadata is broadcast to every connected client and rendered without escaping, a single anonymous WebSocket connection can be escalated into full administrative account takeover via the admin's own session and CSRF token. No public exploit identified at time of analysis; the flaw carries a CVSS 9.6 (Critical) rating driven by the scope change into the privileged admin origin.

PHP CSRF XSS Avideo
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.3%
CVE-2026-62948 CRITICAL PATCH Act Now

Stored cross-site scripting in OpenWrt's default odhcpd server (all releases prior to 25.12.5) lets a network-adjacent DHCP client inject forged lease records that execute as HTML/JavaScript in a router administrator's browser. The client-supplied DHCPv6 FQDN option 39 (and DHCPv4 option 12) hostname is written unescaped into /tmp/odhcpd.leases, enabling newline injection of attacker-controlled fields that LuCI's Active DHCPv6 Leases page renders via unsafe dom.append. No public exploit is identified at time of analysis, and the flaw is not in CISA KEV; it is fixed in 25.12.5.

XSS Openwrt
NVD GitHub
CVSS 3.1
9.6
EPSS
0.3%
CVE-2026-15907 MEDIUM POC This Month

SQL injection in H3C SecPath F1000-C8300 (firmware up to 20260522) allows unauthenticated remote attackers to manipulate database queries via the `subject` parameter in the `/webui/?g=log_fw_nbc_mail_jsondata` web management endpoint. The vendor has confirmed the vulnerability and acknowledged a planned fix, but no patch is released as of the disclosure date. A publicly available exploit exists (hosted on Feishu), lowering the bar for exploitation significantly despite the moderate CVSS 4.0 score of 5.5.

SQLi Secpath F1000 C8300
NVD VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-11580 MEDIUM POC PATCH This Month

Kali Forms - Contact Form & Drag-and-Drop Builder WordPress plugin before version 2.4.17 allows any authenticated Contributor-level (or higher) user to duplicate arbitrary posts they do not own by exploiting a missing per-object authorization check in the plugin's AJAX post-duplication action. The attacker gains a published copy of the target post under their own ownership and can extract private post metadata, including secrets stored by other Kali Forms instances on the same site. A publicly available proof-of-concept exists per WPScan; the vulnerability is not currently listed in the CISA KEV catalog, though the low privilege bar and default-enabled feature make it an actionable risk on any multi-user WordPress installation running the affected plugin.

Authentication Bypass WordPress Kali Forms Contact Form Drag And Drop Builder
NVD WPScan VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-13385 CRITICAL Act Now

Remote command execution in certain ASUS router firmware allows a network man-in-the-middle attacker to force the router to download and run arbitrary commands from a spoofed update/download server. The root cause is a failure to validate both the integrity check value (CWE-354) and the TLS server certificate, so an attacker positioned in the network path can impersonate a legitimate ASUS server. No public exploit identified at time of analysis and the flaw is not in CISA KEV; ASUS self-reported it and rates it critical (CVSS 4.0 9.5), though exploitation requires the attacker to first achieve a MITM position (AT:P).

Information Disclosure Router
NVD
CVSS 4.0
9.5
EPSS
0.1%
CVE-2026-46684 CRITICAL PATCH Act Now

Authentication bypass via forged JWTs in DataEase, an open-source data visualization and BI tool, allows remote unauthenticated attackers to impersonate any user (including administrators) in enterprise deployments before version 2.10.23. The enterprise TokenFilter passes attacker-supplied X-DE-TOKEN values to a validator that checks only token presence and length, then decodes the JWT without verifying its signature, so tokens with a chosen uid and oid are accepted whenever the enterprise license is valid (licenseValid=true). CVSS 4.0 rates this 9.5 (Critical); there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Jwt Attack Information Disclosure Dataease
NVD GitHub VulDB
CVSS 4.0
9.5
EPSS
0.2%
CVE-2026-61451 CRITICAL PATCH Act Now

Password reset token poisoning in the Grav API plugin (grav-plugin-api) before 1.0.4 lets an unauthenticated attacker hijack the account recovery flow by supplying an attacker-controlled host in the admin_base_url field (or Referer/Origin headers) of the POST /api/v1/auth/forgot-password request. Because the reset email's link is built from this unvalidated host, a victim who clicks it leaks a valid, unexpired reset token to the attacker, yielding full account takeover. No public exploit is identified at time of analysis, and it is not in CISA KEV, but VulnCheck's advisory and vendor GHSA-5xc4-j99p-cp4m confirm the flaw and a 1.0.4 fix.

Open Redirect Grav
NVD GitHub
CVSS 4.0
9.4
EPSS
0.2%
CVE-2026-55445 CRITICAL Act Now

Authentication bypass in Qinglong (whyour/qinglong) task-management platform before 2.20.1 lets an unauthenticated remote attacker reset administrator credentials on an already-initialized instance by sending PUT /open/user/init. The flaw stems from a path-rewrite ordering mistake: the init-guard middleware whitelists /open/* through JWT auth, then rewrites it to /api/user/init after the guard's initialization check has already been bypassed. No public exploit identified at time of analysis, but the fixing PR diff publicly discloses the exact bypass, making weaponization trivial; CVSS 4.0 base score is 9.3 (Critical).

Authentication Bypass Qinglong
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-11579 MEDIUM POC PATCH This Month

Unauthenticated file upload to the WordPress Media Library is possible in Kali Forms - Contact Form & Drag-and-Drop Builder versions before 2.4.17, because the plugin's upload handler accepts file submissions without verifying that a corresponding form with a file-upload field actually exists on the site. Any unauthenticated remote attacker can directly invoke the upload endpoint and deposit files into the Media Library. Impact is bounded by WordPress's core MIME type allowlist, which prevents upload of executable files and thereby rules out code execution; a publicly available proof-of-concept is confirmed by WPScan, and no CISA KEV listing is present at time of analysis.

File Upload RCE WordPress Kali Forms Contact Form Drag And Drop Builder
NVD WPScan VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-50562 CRITICAL Act Now

GitHub Actions artifact-poisoning (pwn request) in labring/FastGPT allows an external attacker who opens a pull request to smuggle attacker-controlled Docker images into privileged CI/CD pipelines. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted PR code in the preview-docs-build and preview-fastgpt-build workflows are consumed by privileged workflow_run jobs, letting a malicious image be pushed to GHCR and, for documentation previews, deployed to a Kubernetes cluster using the secrets.KUBE_CONFIG_CN credential. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the flaw is trivially reachable by any contributor.

Docker Information Disclosure Fastgpt
NVD GitHub
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-52842 CRITICAL PATCH Act Now

Same-Origin Policy bypass in Lightpanda headless browser before 0.3.1 allows an attacker-controlled site to impersonate an arbitrary victim origin. Because origin computation searched for the '@' userinfo delimiter across the entire URL string rather than only the authority component, a URL like http://attacker.com/@victim.com/ was fetched from attacker.com yet treated as origin http://victim.com, breaking the fundamental web isolation boundary. No public exploit identified at time of analysis and not listed in CISA KEV, but the CVSS 9.3 rating and the trivial, deterministic nature of the parsing flaw make it a high-priority fix for any automation pipeline using Lightpanda.

Authentication Bypass Browser
NVD GitHub
CVSS 3.1
9.3
EPSS
0.2%
CVE-2026-52843 CRITICAL PATCH Act Now

Cross-origin credential leakage in Lightpanda, a headless browser built for AI and automation workloads, occurs because fetch() and XMLHttpRequest attach session cookies to every outbound HTTP request regardless of the caller's requested credentials mode. In versions prior to 0.2.9, the credentials: omit, credentials: same-origin, credentials: include, and XMLHttpRequest.withCredentials controls are all ignored, so attacker-controlled content running inside a Lightpanda session can silently issue authenticated cross-origin requests against any victim origin whose cookies are present in the session's shared cookie jar. There is no public exploit identified at time of analysis and no CISA KEV listing, but the root-cause code fix is public in PR #2155, and the CVSS base score is 9.3.

Information Disclosure Browser
NVD GitHub
CVSS 3.1
9.3
EPSS
0.2%
CVE-2026-61740 CRITICAL PATCH Act Now

Authentication bypass in HKUDS LightRAG before 1.5.4 lets a remote unauthenticated attacker defeat X-API-Key protection when the server runs in the API-key-only profile (LIGHTRAG_API_KEY set, AUTH_ACCOUNTS unset). Because auth.py falls back to a public hardcoded DEFAULT_TOKEN_SECRET and /auth-status and /login freely mint guest JWTs, combined_dependency honored a guest token before ever checking the API key, exposing document read/upload/delete, graph mutation, and query endpoints. No public exploit is identified at time of analysis, but the underlying fix (PR #3319) ships a regression test showing that forging a valid guest token with the default secret is trivial; fixed in 1.5.4.

Authentication Bypass Lightrag
NVD GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-61736 CRITICAL PATCH Act Now

Cross-origin data theft in LightRAG server versions prior to 1.5.4 allows any malicious website to make authenticated, credentialed API calls on behalf of a logged-in victim because the server ships with CORS_ORIGINS=* paired with allow_credentials=True. When an authenticated LightRAG user browses to an attacker-controlled page, that page can silently read documents and knowledge-graph data or issue destructive requests such as deleting the entire document store. No public exploit has been identified at time of analysis and the flaw is not in CISA KEV, but the fix is confirmed released in version 1.5.4.

Cors Misconfiguration Information Disclosure Lightrag
NVD GitHub
CVSS 3.1
9.3
EPSS
0.3%
CVE-2026-52893 CRITICAL Act Now

Account takeover in Wekan (open-source Meteor kanban) before 9.32 allows an attacker who controls an OIDC provider account asserting a victim's email or username to hijack the victim's existing Wekan account. The vulnerable Accounts.onCreateUser hook in server/models/users.js merged incoming OIDC identities into any local account whose email OR username matched, without verifying ownership or checking email_verified, letting the attacker inherit the victim's boards, attachments, API tokens, and admin status. No public exploit identified at time of analysis, but the fix is confirmed in version 9.32 and the flaw carries a CVSS 4.0 base score of 9.2 (critical).

Authentication Bypass Wekan
NVD GitHub
CVSS 4.0
9.2
EPSS
0.3%
CVE-2026-42533 CRITICAL PATCH Act Now

Heap buffer overflow in NGINX Plus and NGINX Open Source lets unauthenticated remote attackers crash worker processes (DoS) and, on hosts with ASLR disabled or bypassed, potentially execute arbitrary code by sending crafted HTTP requests. The flaw is a data-plane-only issue triggered when a regex-based map directive references the map's regex capture variables before the map output variable in a string expression, or via a non-cacheable variable under certain conditions. F5 has released a patched version; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Nginx Heap Overflow Buffer Overflow RCE Nginx Plus +1
NVD VulDB
CVSS 4.0
9.2
EPSS
0.8%
CVE-2026-26718 CRITICAL Act Now

Cross-Site Request Forgery in the xxl-job-admin console of XXL-JOB v3.0.0 lets remote attackers silently modify Glue IDE shell scripts by tricking an authenticated administrator into triggering a forged request. Because Glue scripts are executed by the scheduler's worker nodes, unauthorized script modification can escalate into arbitrary command execution across the job-execution fabric. Publicly available exploit/PoC code appears to exist via a CVE-specific GitHub repository; there is no CISA KEV listing and EPSS is low (0.27%, 18th percentile).

CSRF N A
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2026-45534 CRITICAL PATCH Act Now

Reflection-based remote code execution in DataEase before 2.10.23 lets an authenticated operator who can configure a Redshift datasource achieve arbitrary code execution on the server. The Redshift JDBC driver loads an attacker-controlled rsjdbc.ini from the system temp directory and honors a malicious socketFactory pointing at Spring's FileSystemXmlApplicationContext, turning a normal JDBC connection into a code-execution chain. No public exploit is identified at time of analysis and it is not in CISA KEV, but the vendor has confirmed and patched the flaw in 2.10.23.

RCE Code Injection Dataease
NVD GitHub
CVSS 4.0
9.0
EPSS
0.4%
CVE-2026-62378 CRITICAL PATCH Act Now

Stored cross-site scripting in RustFS Console (0.1.7 through 0.1.9) lets an attacker upload an HTML payload disguised as a .pdf file that executes when an administrator previews it, exfiltrating the console's AccessKeyId, SecretAccessKey, and SessionToken. The flaw is a regression of the previously patched CVE-2026-27822 and stems from the PDF preview path trusting the .pdf filename extension rather than the actual content type. No public exploit identified at time of analysis, but a fix and the vulnerable code are public in 0.1.10.

XSS Console
NVD GitHub
CVSS 3.1
9.0
EPSS
0.3%
CVE-2026-56400 CRITICAL PATCH Act Now

Remote code execution in Open WebUI (self-hosted LLM interface) before the fixed 0.3.33 release allows attackers to hijack an authenticated admin session through a CORS misconfiguration. When an instance is deployed with allow_origins=* and an authenticated admin visits an attacker-controlled website, the malicious page can issue authenticated cross-origin requests to the /api/v1/functions endpoint and register attacker-supplied Python code, achieving code execution - and because the container runs as root by default, full container compromise. There is no public exploit identified at time of analysis and it is not on CISA KEV, but the flaw is documented in a GitHub Security Lab advisory (GHSL-2024-174/175) and reported by VulnCheck.

RCE Open Webui
NVD GitHub
CVSS 4.0
9.0
EPSS
0.3%
CVE-2026-62312 HIGH PATCH This Week

Authenticated remote code execution in 9Router before 0.5.2 lets a logged-in attacker run arbitrary OS commands on the host by chaining a Host-header spoof (to reach routes that are supposed to be localhost-only) with unsanitized MCP plugin arguments that flow into child_process.spawn() via the /api/mcp//sse endpoint. Rated CVSS 8.8 (CWE-78, OS command injection), it is fixed in 0.5.2; no public exploit or CISA KEV listing exists at time of analysis, though a vendor advisory and fix commit are published.

RCE Command Injection 9Router
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2026-35152 HIGH This Week

SQL injection in Apache Fineract's Report Execution API (the runreports endpoint) in all versions up to and including 1.14.0 lets an authenticated user holding report-run permission inject arbitrary SQL through crafted report parameter values, because those values are concatenated into the generated query without sufficient validation. This yields unauthorized read access to data well beyond what the report was scoped to expose, and by extension other database contents. There is no public exploit identified at time of analysis and the flaw is not in CISA KEV; the upstream fix landed in PR #5980, which introduces a configurable InputValidator/validation-profile framework.

SQLi Apache Authentication Bypass Fineract
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-55576 HIGH This Week

GitHub Actions expression injection in MaaAssistantArknights' dev-v2 CI (release-preparation.yml) lets an external attacker execute arbitrary shell commands on the ubuntu-latest runner by opening a non-draft fork pull request whose title begins with 'Release v'. The attacker-controlled pull_request.title was inlined directly into a run: block during opened, reopened, and ready_for_review events, so a crafted title breaks out of the sed command in the generate-changelog job. No public exploit has been identified at time of analysis and it is not in CISA KEV, but the class is trivially weaponizable and the fix commit (cafc3946) is public. EPSS was not provided.

Ubuntu Command Injection Maaassistantarknights
NVD GitHub
CVSS 4.0
8.8
EPSS
0.3%
CVE-2026-54504 HIGH POC PATCH GHSA This Week

Missing authentication in @andrea9293/mcp-documentation-server v1.13.0 exposes its document-management Web UI/API on all network interfaces (0.0.0.0:3080) instead of localhost, letting any adjacent-network client read, add, search, and delete documents in the MCP knowledge base without credentials. Rated CVSS 8.8 (CWE-306), the flaw is exploitable by unauthenticated attackers reachable over the same LAN, VM network, Docker bridge, or VPN. A detailed proof-of-concept exists in the reporter's advisory, though there is no public exploit identified as being used in active attacks and it is not listed in CISA KEV; the vendor fixed it in v1.13.1.

Docker Authentication Bypass Node.js RCE
NVD GitHub
CVSS 3.1
8.8
CVE-2026-54449 HIGH POC GHSA This Week

Authenticated remote code execution in LangBot (pip package 'langbot', versions <= 4.10.5) allows any logged-in user to run arbitrary OS commands on the host by registering a malicious 'STDIO' MCP server through the Extensions > MCP configuration UI. Because LangBot passes the user-supplied command straight to the MCP SDK's StdioServerParameters, which spawns it as a subprocess, an attacker who signs up or uses stolen credentials gains full host takeover. A step-by-step and video proof-of-concept is public (publicly available exploit code exists), though there is no confirmed active exploitation.

RCE Command Injection
NVD GitHub
CVSS 3.1
8.8
CVE-2026-20150 HIGH This Week

Privilege escalation via improper access control in Cisco RoomOS software allows an authenticated attacker with low-level privileges to gain full control over affected collaboration endpoints, with high impact to confidentiality, integrity, and availability. The issue was discovered internally by Cisco's RoomOS engineering team during a proactive security review and is one of several access-control weaknesses grouped under CVE-2026-20150 and resolved in a single hardening release. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Authentication Bypass Cisco Cisco Roomos Software
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-55242 HIGH PATCH This Week

Server-side template injection in Frappe ERPNext (versions before 15.111.0 and 16.22.0) lets an authenticated user holding only a standard operational role inject a malicious template payload into a configuration field, causing the server to render it and disclose data the user is not authorized to see. Because the flaw is rooted in an authorization failure (CWE-863), it effectively bypasses ERPNext's role/permission boundaries. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a fixed release is available from the vendor.

Authentication Bypass Erpnext
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-60005 HIGH PATCH This Week

Limited memory disclosure and worker-process restart in NGINX Plus and NGINX Open Source arise when the optional ngx_http_slice_module is compiled in and configured alongside unnamed regex captures, or when a background cache update occurs, letting remote attackers trigger uninitialized memory access (CWE-908) in the data plane. The CVSS:4.0 vector (AV:N/AC:L/PR:N/UI:N) indicates unauthenticated network exploitation with no user interaction, scored 8.8. There is no public exploit identified at time of analysis and no CISA KEV listing; F5 has released a patch and the issue does not affect the control plane.

Nginx Information Disclosure Nginx Plus Nginx Open Source
NVD
CVSS 4.0
8.8
EPSS
0.6%
CVE-2026-61684 HIGH This Week

Authentication bypass in FastGPT 4.15.0-beta4 lets unauthenticated remote attackers forge JWTs and access internal plugin reverse-call endpoints, because /api/invoke/* trusts tokens signed with INVOKE_TOKEN_SECRET whose default value is the literal string 'token' and which official deployment templates never set. By self-signing an HS256 JWT, an attacker can call /api/invoke/userInfo to read cross-tenant user PII via arbitrary tmbId values, or /api/invoke/fileUpload to write attacker-controlled content into chat files. No public exploit identified at time of analysis and not listed in CISA KEV, but the trivial exploitation and hardcoded-secret root cause make this high priority for self-hosted deployments.

Authentication Bypass Fastgpt
NVD GitHub
CVSS 4.0
8.8
EPSS
0.3%
CVE-2026-43637 HIGH PATCH This Week

Arbitrary file write in Cornac's dataset-download utility (all versions before 2.6.0) lets an attacker who controls a downloaded TAR archive place files anywhere the Python process can write, because the _extract_archive() helper in cornac/utils/download.py calls archive.extractall() without validating member paths. Since Cornac's built-in dataset loaders automatically fetch and unpack archives, a poisoned or MITM'd dataset archive containing ../ traversal, absolute paths, or symlink/hardlink entries can overwrite sensitive files and potentially achieve code execution. VulnCheck reported the issue; no public exploit identified at time of analysis and it is not in CISA KEV.

Path Traversal Cornac
NVD GitHub
CVSS 4.0
8.8
EPSS
0.4%
CVE-2026-61436 HIGH PATCH This Week

Webhook signature-verification bypass in PraisonAI before 4.6.78 lets unauthenticated attackers forge Svix 'message.received' events when the framework runs in AgentMail webhook mode. Because incoming payloads are trusted without validating the Svix signature (CWE-287), an attacker can POST crafted JSON to the webhook endpoint and cause configured agents to process attacker-chosen sender addresses and message bodies. A vendor patch exists (4.6.78); there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Praisonai
NVD GitHub
CVSS 4.0
8.8
EPSS
0.3%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy