Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Today's Security Brief
Yesterday's disclosures include a CVSS 10.0 vulnerability in the Sonos Era 300 (CVE-2026-4149) alongside two critical AWS flaws affecting AWS CLI and aws-mcp-server (CVE-2026-5059, CVE-2026-5058), both scoring 9.8. Critical CVEs dropped to 9, down 55% from the prior day's 20, while high-priority disclosures fell 26% to 74. Five separate critical vulnerabilities (CVE-2026-6112 through CVE-2026-6116) target the Totolink A7100RU router, all rated CVSS 9.8, indicating a broad attack surface in that device. Two vulnerabilities are under active exploitationβGoogle Dawn (CVE-2026-5281) and TrueConf Client (CVE-2026-3502)βboth rated 9.5. No patches are currently available for any of the 83 disclosed CVEs, requiring defenders to rely on compensating controls and network-level mitigations.
Sonos Era 300 carries the day's only CVSS 10.0 rating (CVE-2026-4149), representing the highest-severity disclosure
Critical CVEs at 9, down 55% from 20 the prior day; high-priority CVEs at 74, down 26% from 100
Two AWS services affected at CVSS 9.8: AWS CLI Command (CVE-2026-5059) and aws-mcp-server (CVE-2026-5058)
Five distinct command injection or RCE vulnerabilities target the Totolink A7100RU router (CVE-2026-6112 through CVE-2026-6116)
Patch availability stands at 0% across all 83 disclosed CVEsβcompensating controls are the only current option
Two CVEs under confirmed active exploitation: Google Dawn and TrueConf Client, both at CVSS 9.5
Immediate action: Prioritize network segmentation and access restrictions for Sonos Era 300 devices, Totolink A7100RU routers, and any systems using AWS CLI or aws-mcp-server. With zero patches available across all disclosures, apply compensating controls such as WAF rules, network isolation, and enhanced monitoring for exploitation indicators on Google Dawn and TrueConf Client.
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEVURGENT
CVE-2026-5281
9.5π
GoogleDawn
β° Federal Deadline:April 14, 2026(3 days remaining)
A use-after-free vulnerability exists in the Dawn component of Google Chrome. This flaw allows attackers to potentially execute arbitrary code or cause a denial-of-service via a crafted HTML page.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-3502
9.5
TrueConfClient
β° Federal Deadline:April 15, 2026(4 days remaining)
TrueConf Client Download of Code Without Integrity Check Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
π¨
Critical Vulnerabilities
CVE-2026-31845
9.3π
HPCRM
A reflected XSS vulnerability in the Rukovoditel CRM Zadarma telephony API allows unauthenticated attackers to execute malicious scripts.
CVSS Base9.3
β
CRSSelect profile
CVE-2026-5059
9.8π
AWSCLI Command
The aws-mcp-server is vulnerable to remote code execution via AWS CLI command injection, allowing attackers to execute arbitrary system commands without authentication.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-4149
10π
Sonos EraEra 300
The Sonos Era 300 is vulnerable to remote code execution due to an out-of-bounds memory access issue within SMB response handling.
CVSS Base10
β
CRSSelect profile
CVE-2026-5058
9.8π
AWSaws-mcp-server
The aws-mcp-server is vulnerable to remote code execution via command injection due to improper validation of user-supplied input in the allowed commands list.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-6112
9.8π
TotolinkA7100RU
A remote OS command injection vulnerability exists in the Totolink A7100RU CGI handler via the maxRtrAdvInterval argument.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-6113
9.8π
TotolinkA7100RU
A remote OS command injection vulnerability exists in the Totolink A7100RU CGI handler via the ttyEnable argument.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-6114
9.8π
TotolinkA7100RU
A remote OS command injection vulnerability exists in the Totolink A7100RU CGI handler via the proto argument.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-6115
9.8π
TotolinkA7100RU
A remote OS command injection vulnerability exists in the Totolink A7100RU CGI handler via the enable argument.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-6116
9.8π
TotolinkA7100RU
A remote OS command injection vulnerability exists in the Totolink A7100RU CGI handler via the ip argument.
CVSS Base9.8
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2025-58913
8.1
HPProgram
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CactusThemes VideoPro allows PHP Local File Inclusion
CVSS Base8.1
β
CRSSelect profile
CVE-2025-5804
7.5
HPProgram
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User allows PHP Local File Inclusion
CVSS Base7.5
β
CRSSelect profile
CVE-2026-40158
8.6
Teamssystem
PraisonAI is a multi-agent teams system
CVSS Base8.6
β
CRSSelect profile
CVE-2026-4162
7.1
WordPressis vulnerable
The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2
CVSS Base7.1
β
CRSSelect profile
CVE-2026-40156
7.8
Teamssystem
PraisonAI is a multi-agent teams system
CVSS Base7.8
β
CRSSelect profile
CVE-2026-5144
8.8
WordPressis vulnerable
The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1
CVSS Base8.8
β
CRSSelect profile
CVE-2026-32252
7.7π
ChartbrewChartbrew
A vulnerability exists in Chartbrew, an open-source web application for database and API data visualization.
CVSS Base7.7
β
CRSSelect profile
CVE-2026-34621
8.6π
ReaderAcrobat Reader
Adobe Acrobat Reader is vulnerable to prototype pollution, which can result in arbitrary code execution when a victim opens a malicious file.
CVSS Base8.6
β
CRSSelect profile
CVE-2026-40163
8.2π
SaltcornSaltcorn
A vulnerability exists in Saltcorn, an extensible, open-source, no-code database application builder.
CVSS Base8.2
β
CRSSelect profile
CVE-2026-33618
8.8
HPcode into
Chamilo LMS is a learning management system
CVSS Base8.8
β
CRSSelect profile
CVE-2021-47961
8.1π Late Disclosure
VPNSSL VPN
A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1
CVSS Base8.1
β
CRSSelect profile
CVE-2026-31939
8.3
HPleading to
Chamilo LMS is a learning management system
CVSS Base8.3
β
CRSSelect profile
CVE-2026-5217
7.2
WordPressis vulnerable
The Optimole β Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4
CVSS Base7.2
β
CRSSelect profile
CVE-2026-5809
7.1
WordPressis vulnerable
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3
CVSS Base7.1
β
CRSSelect profile
CVE-2026-39304
7.5
ActiveMQActiveMQ Client
Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ
CVSS Base7.5
β
CRSSelect profile
CVE-2026-31940
7.5
HPsession ID
Chamilo LMS is a learning management system
CVSS Base7.5
β
CRSSelect profile
CVE-2026-32931
7.5
HPwebshell by
Chamilo LMS is a learning management system
CVSS Base7.5
β
CRSSelect profile
CVE-2026-40242
7.2
Dockercontainers
Arcane is an interface for managing Docker containers, images, networks, and volumes
CVSS Base7.2
β
CRSSelect profile
CVE-2026-33702
7.1
HPaccepts
Chamilo LMS is a learning management system
CVSS Base7.1
β
CRSSelect profile
CVE-2026-33704
7.1
Apacheconfigurations where
Chamilo LMS is a learning management system
CVSS Base7.1
β
CRSSelect profile
CVE-2026-4158
7.3
ArchPath Element
KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
CVSS Base7.3
β
CRSSelect profile
CVE-2026-4157
7.5π
ChargePointHome Flex
A remote code execution (RCE) vulnerability exists in the ChargePoint Home Flex revssh service via command injection.
CVSS Base7.5
β
CRSSelect profile
CVE-2026-6036
7.3
HPMultiple Products
A vulnerability was found in code-projects Vehicle Showroom Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-6037
7.3
HPMultiple Products
A vulnerability was determined in code-projects Vehicle Showroom Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-6038
7.3
HPMultiple Products
A vulnerability was identified in code-projects Vehicle Showroom Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-33092
7.8
AcronisTrue Image
Local privilege escalation due to improper handling of environment variables
CVSS Base7.8
β
CRSSelect profile
CVE-2026-5055
7.8
ArchPath Element
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
A flaw was found in odh-dashboard in Red Hat Openshift AI
CVSS Base8.5
β
CRSSelect profile
CVE-2026-4156
7.5π
ChargePointHome Flex
A stack-based buffer overflow vulnerability exists in the ChargePoint Home Flex OCPP getpreq function, leading to RCE.
CVSS Base7.5
β
CRSSelect profile
CVE-2026-40217
8.8
LiteLLMMultiple Products
LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI
CVSS Base8.8
β
CRSSelect profile
CVE-2026-5054
7.8π
NoMachineNoMachine
A local privilege escalation vulnerability in NoMachine allows attackers to perform external control of file paths.
CVSS Base7.8
β
CRSSelect profile
CVE-2026-6067
7.5π
Netwide AssemblerNASM
A heap buffer overflow in the Netwide Assembler (NASM) obj_directive() function arises from insufficient bounds checking.
CVSS Base7.5
β
CRSSelect profile
CVE-2026-6069
7.5π
Netwide AssemblerNASM
A stack-based buffer overflow in the NASM disasm() function allows out-of-bounds writes via malicious input.
CVSS Base7.5
β
CRSSelect profile
CVE-2026-3690
7.4π
OpenClawCanvas
An authentication bypass vulnerability in OpenClaw Canvas allows unauthorized access to the application.
CVSS Base7.4
β
CRSSelect profile
CVE-2026-35643
8.8
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base8.8
β
CRSSelect profile
CVE-2026-35663
8.8
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base8.8
β
CRSSelect profile
CVE-2026-35666
8.8
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base8.8
β
CRSSelect profile
CVE-2026-35669
8.8
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base8.8
β
CRSSelect profile
CVE-2026-29002
7.2π
CouchCMSCouchCMS
A privilege escalation vulnerability in CouchCMS allows authenticated Admin-level users to create SuperAdmin accounts.
CVSS Base7.2
β
CRSSelect profile
CVE-2026-35595
8.3
ArchMultiple Products
Vikunja is an open-source self-hosted task management platform
CVSS Base8.3
β
CRSSelect profile
CVE-2026-40168
8.2
UnknownMultiple Products
Postiz is an AI social media scheduling tool
CVSS Base8.2
β
CRSSelect profile
CVE-2026-1116
8.2
UnknownMultiple Products
A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2
CVSS Base8.2
β
CRSSelect profile
CVE-2026-35653
8.1
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base8.1
β
CRSSelect profile
CVE-2026-35660
8.1
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base8.1
β
CRSSelect profile
CVE-2026-40200
8.1
muslMultiple Products
An issue was discovered in musl libc 0
CVSS Base8.1
β
CRSSelect profile
CVE-2026-35641
7.8
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base7.8
β
CRSSelect profile
CVE-2026-35668
7.7
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base7.7
β
CRSSelect profile
CVE-2026-31941
7.7
SocialMultiple Products
Chamilo LMS is a learning management system
CVSS Base7.7
β
CRSSelect profile
CVE-2026-40188
7.7
UnknownMultiple Products
goshs is a SimpleHTTPServer written in Go
CVSS Base7.7
β
CRSSelect profile
CVE-2026-35650
7.5
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base7.5
β
CRSSelect profile
CVE-2026-33710
7.5
ChamiloMultiple Products
Chamilo LMS is a learning management system
CVSS Base7.5
β
CRSSelect profile
CVE-2026-4155
7.5
InforMultiple Products
ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability
CVSS Base7.5
β
CRSSelect profile
CVE-2026-34727
7.4
UnknownMultiple Products
Vikunja is an open-source self-hosted task management platform
CVSS Base7.4
β
CRSSelect profile
CVE-2026-6105
7.3
UnknownMultiple Products
A security vulnerability has been detected in perfree go-fastdfs-web up to 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-6110
7.3
InforMultiple Products
A vulnerability was identified in FoundationAgents MetaGPT up to 0
CVSS Base7.3
β
CRSSelect profile
CVE-2025-58920
7.1
Zootemplate CeratoMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zootemplate Cerato allows Reflected XSS
CVSS Base7.1
β
CRSSelect profile
CVE-2026-32894
7.1
gradebookMultiple Products
Chamilo LMS is a learning management system
CVSS Base7.1
β
CRSSelect profile
CVE-2026-32930
7.1
gradebookMultiple Products
Chamilo LMS is a learning management system
CVSS Base7.1
β
CRSSelect profile
CVE-2026-40162
7.1
UnknownMultiple Products
Bugsink is a self-hosted error tracking tool
CVSS Base7.1
β
CRSSelect profile
CVE-2026-33706
7.1
ChamiloMultiple Products
Chamilo LMS is a learning management system
CVSS Base7.1
β
CRSSelect profile
CVE-2026-40185
7.1
UnknownMultiple Products
TREK is a collaborative travel planner
CVSS Base7.1
β
CRSSelect profile
CVE-2026-5053
7.1
UnknownMultiple Products
NoMachine External Control of File Path Arbitrary File Deletion Vulnerability