Critical vulnerabilities, curated daily for security professionals
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Saturday's disclosures center on HP endpoint products and Microsoft Teams infrastructure, which together account for the majority of the highest-scoring vulnerabilities. The brief covers 28 critical CVEs (up 40% from 20) and 100 high-priority CVEs (unchanged from the prior day). Notable entries include CVE-2026-37431 (CVSS 9.8) in HP endpoint software, CVE-2026-42454 (CVSS 9.9) in Docker container management, and CVE-2026-41497 (CVSS 9.8) affecting Microsoft Teams. Remote code execution and container escape patterns dominate, with NVIDIA garak (CVE-2026-41512) and Arch Nornicdb (CVE-2026-42072) adding exposure across AI tooling and database stacks. Patch availability sits at 0% for the disclosed set, so defenders should prioritize compensating controls and vendor advisories until fixes ship.
Immediate action: Prioritize HP endpoint software, Microsoft Teams, Docker, and NVIDIA garak deployments for immediate review, and isolate Ivanti EPMM and ConnectWise ScreenConnect instances pending vendor guidance given confirmed exploitation. With 0% patch availability for the new disclosures, apply network segmentation, restrict administrative access, and monitor vendor advisories for fixes before exposing affected systems.
Unauthenticated RCE in Palo Alto PAN-OS firewalls
A buffer overflow in the User-ID Authentication Portal lets an unauthenticated network attacker execute arbitrary code as root on PA-Series and VM-Series firewalls. Palo Alto Networks confirms limited exploitation in the wild against portals reachable from untrusted IP space.
Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability - Active in CISA KEV catalog.
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route (for example POST /chat/completions) and reach this query through the proxy's error-handling path. An attacker could read data from the proxy's database and may be able to modify it, leading to unauthorised access to the proxy and the credentials it manages. This issue has been patched in version 1.83.7.
ConnectWise ScreenConnect Path Traversal Vulnerability - Active in CISA KEV catalog.
Microsoft Windows Protection Mechanism Failure Vulnerability - Active in CISA KEV catalog.
Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability - Active in CISA KEV catalog.
Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement.
Termix is vulnerable to OS command injection in its Docker management endpoints, leading to remote code execution.
PraisonAI fails to validate commands in parse_mcp_command(), allowing unauthenticated attackers to execute arbitrary system commands via subprocesses.
PraisonAI's MCP server fails to sanitize file paths in tool arguments, allowing unauthenticated attackers to perform arbitrary file writes and achieve code execution.
Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code.
ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in `BrowserAutomation::PlaywrightService`. This issue has been patched in version 1.4.1.
Nornicdb fails to bind the Bolt server to the configured host, defaulting to all interfaces and exposing the database with default credentials to the network.
Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execute PHP code.
LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's initRrdDirectory().
PraisonAI contains a logical flaw in its URL checking mechanism that allows unauthenticated attackers to perform Server-Side Request Forgery (SSRF) attacks.
Insufficient error handling in Zcash node Zebra's sighash computation allows for consensus splits between nodes.
The Proxmox extension for Apache CloudStack allows unauthorized cross-tenant access to virtual machines due to improper validation of the proxmox_vmid setting.
An unauthenticated RCE vulnerability in FastGPT's agent-sandbox component stems from insecure default configurations in the startup script.
A command injection vulnerability in Electerm allows attackers to execute arbitrary code by supplying a malicious release name.
A command injection vulnerability exists in electerm prior to version 3.3.8, where remote version strings are unsafely passed to system commands.
A vulnerability in Electerm's terminal hyperlink handler allows arbitrary code execution or local file access when a user clicks a malicious link.
A "Pwn Request" vulnerability in Postiz allows unauthenticated users to execute arbitrary code via malicious pull requests, leading to credential exfiltration.
Apache::Session for Perl fails to properly handle session deletion, allowing for the potential revival of deleted session data.
The electerm client is vulnerable to local code execution via maliciously crafted deep links or command-line options.
openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on (SSO) auth flows. From version 1.26.3 to before version 1.27.3, when openvpn-auth-oauth2 is deployed in the experimental plugin mode (shared library loaded by OpenVPN via the plugin directive), clients that do not support WebAuth/SSO (e.g., the openvpn CLI on Linux) are incorrectly admitted to the VPN despite being denied by the authentication logic. The default management-interface mode is not affected because it does not use the OpenVPN plugin return-code mechanism. This issue has been patched in version 1.27.3.
Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, aseHttpRequestHandler.get_temp_root(), BaseHttpRequestHandler._post() components
Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting in administrative control of the device) via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S GL-MT2500 GL-AXT1800 GL-X3000 and GL-SFT1200.
Universal Robots PolyScope contains an OS command injection vulnerability in the Dashboard Server interface.
The math-codegen library is vulnerable to RCE because it injects unsanitized string literals into a new Function body.
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network upgrade. Zebra nodes could thus accept and eventually mine a block that would be considered invalid by zcashd nodes, creating a consensus split between Zebra and zcashd nodes. In a similar vein, for V4 transactions, Zebra mistakenly used the "canonical" hash type when computing the sighash while zcashd (correctly per the spec) uses the raw value, which could also crate a consensus split. This issue has been patched in zebrad version 4.3.1 and zebra-script version 5.0.2.
The Plunk email platform fails to verify SNS signatures, allowing unauthenticated attackers to forge webhook requests.
Sentry's SAML SSO implementation is vulnerable to an account takeover flaw when using a malicious SAML Identity Provider.
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery (SSRF) vulnerability in the fetchTitleAndHeaders function allows authenticated users to make arbitrary HTTP requests to internal services due to insufficient URL validation that only checks for "http://" or "https://" prefixes. This issue has been patched in version 2.13.0.
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network
Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network
PraisonAI is a multi-agent teams system
PraisonAI is a multi-agent teams system
Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network
Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network
PraisonAI is a multi-agent teams system
PHPUnit is a testing framework for PHP
ipl/web is a set of common web components for php projects
Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Deserialization of Untrusted Data in versions up to, and including, 4
A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation
The OttoKit: All-in-One Automation Platform WordPress plugin before 1
Memory safety bugs present in Thunderbird ESR 140
Memory safety bugs present in Thunderbird 150
The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2
NAVER MYBOX Explorer for Windows before 3
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0)
PraisonAI is a multi-agent teams system
Lack of user input validation in the file upload functionality of Open Notebook v1
Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned
pygeoapi is a Python server implementation of the OGC API suite of standards
pyp2spec generates working Fedora RPM spec file for Python projects
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes
Mikrotik RouterOS (x86) 6
GitPython is a python library used to interact with Git repositories
Avo is a framework to create admin panels for Ruby on Rails apps
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client
Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28
GitPython is a python library used to interact with Git repositories
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities
An Improper Certificate Validation in Ivanti EPMM before versions 12
An Improper Access Control vulnerability in Ivanti EPMM before versions 12
A vulnerability was found in Tenda CX12L 16
GitPython is a python library used to interact with Git repositories
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations
Russh is a Rust SSH client & server library
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format
zrok is software for sharing web services, files, and network resources
Daptin is a GraphQL/JSON-API headless CMS
In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb
SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authenticated users to read arbitrary
A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMart Team Member allows Blind SQL Injection
Postiz is an AI social media scheduling tool
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Gosoft Software Industry and Trade Ltd
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in DivvyDrive Information Technologies Inc
The Optoma CinemaX P2 projector (firmware TVOS-04
NPM package node-ts-ocr 1
OpenLearnX is an open-source, decentralized learning and assessment platform
A vulnerability has been found in Totolink X5000R 9
Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories
RELATE is a web-based courseware package
Brave CMS is an open-source CMS
Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration
i18next-http-middleware is a middleware to be used with Node
18next-http-middleware is a middleware to be used with Node
Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations
Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc
Dagster is an orchestration platform for the development, production, and observation of data assets
nanoMODBUS through v1
i18next-fs-backend is a backend layer for i18next using in Node
i18next-http-middleware is a middleware to be used with Node
Budibase is an open-source low-code platform
DrayTek Vigor 2960 firmware versions prior to 1
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge
OmniFaces is a utility library for Faces
An issue exists in Amazon Redshift JDBC Driver versions prior to 2
MailEnable Enterprise Premium 10
The SCRAM code in PgBouncer before 1
Cilium is a networking, observability, and security solution with an eBPF-based dataplane
An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1
Notepad Next is a cross-platform, reimplementation of Notepad++
The socket connection handler in aswArPot
Wallos is an open-source, self-hostable personal subscription tracker
FastGPT is an AI Agent building platform
manage
Regex Denial of Service in youtube-regex npm package through version 1
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0
Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322
Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network
Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network
yeti-platform yeti before 2
An issue in fohrloop dash-uploader v
ZEBRA is a Zcash node written entirely in Rust
ZEBRA is a Zcash node written entirely in Rust
An issue was discovered in kosma minmea 0
lwjson 1
locize is a localization platform that connects code and i18n setup
Crypt::PasswdMD5 versions through 1