Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Today's Security Brief
Thursday's vulnerability disclosures are dominated by Cisco and WordPress, with Cisco Identity Services Engine and Webex carrying three CVSS 9.9 flaws that could enable full administrative compromise of enterprise network infrastructure. The day's 17 critical vulnerabilities represent a 26% decrease from Wednesday's 23, while 100 high-priority CVEs held steady. CVE-2026-20147 and CVE-2026-20180 target Cisco ISE, CVE-2026-20184 affects Cisco Webex, and CVE-2026-6296 impacts Google Chrome at CVSS 9.6, alongside three WordPress plugin vulnerabilities scoring 9.8. Eight actively exploited vulnerabilities span Microsoft and Adobe products, including legacy flaws in Exchange Server, SharePoint, and Acrobat Reader still being weaponized in the wild. Patch availability stands at 0%, leaving defenders reliant on compensating controls and network segmentation until vendor fixes are released.
Cisco ISE and Webex account for three CVSS 9.9 vulnerabilities enabling potential full control of identity and collaboration infrastructure
17 critical CVEs disclosed, down 26% from Wednesday's 23, with Google Chrome, Cisco, and WordPress as primary targets
100 high-priority CVEs unchanged from the prior day, sustaining elevated remediation workload
Remote code execution and authentication bypass patterns dominate across Cisco ISE, WordPress plugins, and Chrome
Patch availability at 0% across all disclosed CVEs β no vendor fixes currently available
8 actively exploited vulnerabilities affect Microsoft Office, Exchange, SharePoint, Windows, and Adobe Acrobat
Immediate action: Prioritize network segmentation and access restrictions for Cisco ISE, Webex, and any internet-facing WordPress deployments until patches are released. Review exposure to the eight actively exploited Microsoft and Adobe vulnerabilities, applying any existing patches for the older KEV entries and monitoring vendor channels for updates on newly disclosed flaws.
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEV
CVE-2012-1854
9.5π Late Disclosure
MicrosoftVisual Basic for Applications (VBA)
β° Federal Deadline:April 26, 2026(11 days remaining)
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-60710
9.5
MicrosoftWindows
β° Federal Deadline:April 26, 2026(11 days remaining)
Microsoft Windows Link Following Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2023-21529
9.5π Late Disclosure
MicrosoftExchange Server
β° Federal Deadline:April 26, 2026(11 days remaining)
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2023-36424
9.5π Late Disclosure
MicrosoftWindows
β° Federal Deadline:April 26, 2026(11 days remaining)
Microsoft Windows Out-of-Bounds Read Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2020-9715
9.5π Late Disclosure
AdobeAcrobat
β° Federal Deadline:April 26, 2026(11 days remaining)
Adobe Acrobat Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-34621
9.5π
AdobeAcrobat and Reader
β° Federal Deadline:April 26, 2026(11 days remaining)
Adobe Acrobat Reader is vulnerable to prototype pollution, which can result in arbitrary code execution when a victim opens a malicious file.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2009-0238
9.5π Late Disclosure
MicrosoftOffice
β° Federal Deadline:April 27, 2026(12 days remaining)
Microsoft Office Remote Code Execution - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-32201
9.5
MicrosoftSharePoint Server
β° Federal Deadline:April 27, 2026(12 days remaining)
Microsoft SharePoint Server Improper Input Validation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
π¨
Critical Vulnerabilities
CVE-2026-6296
9.6
GoogleChrome prior
Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVSS Base9.6
β
CRSSelect profile
CVE-2026-39842
9.9
UnknownMultiple Products
OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval() without sandboxing, class filtering, or access restrictions, and the authorization check in RulesResourceImpl only restricts Groovy rules to superusers while leaving JavaScript rules unrestricted for any user with the write:rules role. Additionally, the Groovy rules engine has a GroovyDenyAllFilter security filter that is defined but never registered, as the registration code is commented out, rendering the SandboxTransformer ineffective for superuser-created Groovy rules. A non-superuser attacker with the write:rules role can create JavaScript rulesets that execute with full JVM access, enabling remote code execution as root, arbitrary file read, environment variable theft including database credentials, and complete multi-tenant isolation bypass to access data across all realms. This issue has been fixed in version 1.22.0.
CVSS Base9.9
β
CRSSelect profile
CVE-2026-1555
9.8
WordPressis vulnerable
The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the io_img_upload() function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.
CVSS Base9.9
β
CRSSelect profile
CVE-2026-20180
9.9
CiscoIdentity Services
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.
CVSS Base9.9
β
CRSSelect profile
CVE-2026-20186
9.9
CiscoIdentity Services
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.
CVSS Base9.9
β
CRSSelect profile
CVE-2026-3461
9.8
WordPressis vulnerable
The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the `express_pay_product_page_pay_for_order()` function logging users in based solely on a user-supplied billing email address during guest checkout for subscription products, without verifying email ownership, requiring a password, or validating a one-time token. This makes it possible for unauthenticated attackers to log in as any existing user, including administrators, by providing the target user's email address in the billing_details parameter, resulting in complete account takeover and site compromise.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-20184
9.8
CiscoWebex Services
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service.
This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-4880
9.8
WordPressis vulnerable
The Barcode Scanner (+Mobile App) β Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0. This is due to the plugin trusting a user-supplied Base64-encoded user ID in the token parameter to identify users, leaking valid authentication tokens through the 'barcodeScannerConfigs' action, and lacking meta-key restrictions on the 'setUserMeta' action. This makes it possible for unauthenticated attackers to escalate their privileges to that of an administrator by first spoofing the admin user ID to leak their authentication token, then using that token to update any user's 'wp_capabilities' meta to gain full administrative access.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-3596
9.8
WordPressis vulnerable
The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin registers an unauthenticated AJAX action ('wp_ajax_nopriv_install-imprint') that maps to the ink_pd_add_option() function. This function reads 'option' and 'opt_value' from $_POST, then calls delete_option() followed by add_option() using these attacker-controlled values without any nonce verification, capability checks, or option name allowlist. This makes it possible for unauthenticated attackers to update arbitrary WordPress options, which can be leveraged for privilege escalation by enabling user registration and setting the default user role to administrator.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-40173
9.4
UnknownMultiple Products
Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full process command line including the admin token configured via the --security "token=..." startup flag. An attacker can retrieve the leaked token and reuse it in the X-Dgraph-AuthToken header to gain unauthorized access to admin-only endpoints such as /admin/config/cache_mb, bypassing the adminAuthHandler token validation. This enables unauthorized privileged administrative access including configuration changes and operational control actions in any deployment where the Alpha HTTP port is reachable by untrusted parties. This issue has been fixed in version 25.3.2.
CVSS Base9.4
β
CRSSelect profile
CVE-2026-6350
9.8
LGMultiple Products
MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-40504
9.8
Creolabs GravityMultiple Products
Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravity_fiber_reassign() to corrupt heap metadata and achieve arbitrary code execution in applications that evaluate untrusted scripts.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-6388
9.1
UnknownMultiple Products
A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates on applications managed by other tenants. This leads to cross-namespace privilege escalation, impacting application integrity through unauthorized application updates.
CVSS Base9.1
β
CRSSelect profile
CVE-2026-40959
9.3
LuantiMultiple Products
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.
CVSS Base9.3
β
CRSSelect profile
CVE-2026-33807
9.1
UnknownMultiple Products
@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time, causing it to never match incoming requests. This results in complete bypass of Express middleware security controls, including authentication, authorization, and rate limiting, for all routes defined within affected child plugin scopes. No special configuration or request crafting is required.
Upgrade to @fastify/express v4.0.5 or later.
CVSS Base9.1
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2026-6297
8.3
GoogleChrome prior
Use after free in Proxy in Google Chrome prior to 147
CVSS Base8.3
β
CRSSelect profile
CVE-2026-6299
8.8
GoogleChrome prior
Use after free in Prerender in Google Chrome prior to 147
CVSS Base8.8
β
CRSSelect profile
CVE-2026-6300
8.8
GoogleChrome prior
Use after free in CSS in Google Chrome prior to 147
CVSS Base8.8
β
CRSSelect profile
CVE-2026-6302
8.8
GoogleChrome prior
Use after free in Video in Google Chrome prior to 147
CVSS Base8.8
β
CRSSelect profile
CVE-2026-6305
8.8
GoogleChrome prior
Heap buffer overflow in PDFium in Google Chrome prior to 147
CVSS Base8.8
β
CRSSelect profile
CVE-2026-6315
8.8
GoogleChrome on
Use after free in Permissions in Google Chrome on Android prior to 147
CVSS Base8.8
β
CRSSelect profile
CVE-2026-6316
8.8
GoogleChrome prior
Use after free in Forms in Google Chrome prior to 147
CVSS Base8.8
β
CRSSelect profile
CVE-2026-6317
8.8
GoogleChrome prior
Use after free in Cast in Google Chrome prior to 147
CVSS Base8.8
β
CRSSelect profile
CVE-2026-6358
8.8
GoogleChrome on
Use after free in XR in Google Chrome on Android prior to 147
CVSS Base8.8
β
CRSSelect profile
CVE-2026-6359
8.8
GoogleChrome on
Use after free in Video in Google Chrome on Windows prior to 147
CVSS Base8.8
β
CRSSelect profile
CVE-2026-6360
8.8
GoogleChrome prior
Use after free in FileSystem in Google Chrome prior to 147
CVSS Base8.8
β
CRSSelect profile
CVE-2026-32190
8.4
MicrosoftOffice allows
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally
CVSS Base8.4
β
CRSSelect profile
CVE-2026-32221
8.4
MicrosoftGraphics Component
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally
CVSS Base8.4
β
CRSSelect profile
CVE-2026-33115
8.4
MicrosoftOffice Word
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally
CVSS Base8.4
β
CRSSelect profile
CVE-2026-6304
8.3
GoogleChrome prior
Use after free in Graphite in Google Chrome prior to 147
CVSS Base8.3
β
CRSSelect profile
CVE-2026-6309
8.3
GoogleChrome prior
Use after free in Viz in Google Chrome prior to 147
CVSS Base8.3
β
CRSSelect profile
CVE-2026-6310
8.3
GoogleChrome prior
Use after free in Dawn in Google Chrome prior to 147
CVSS Base8.3
β
CRSSelect profile
CVE-2026-23657
7.8
MicrosoftOffice Word
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally
CVSS Base7.8
β
CRSSelect profile
CVE-2026-32171
8.8
AzureLogic Apps
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network
CVSS Base8.8
β
CRSSelect profile
CVE-2026-6301
8.8
GoogleChrome prior
Type Confusion in Turbofan in Google Chrome prior to 147
CVSS Base8.8
β
CRSSelect profile
CVE-2026-6307
8.8
GoogleChrome prior
Type Confusion in Turbofan in Google Chrome prior to 147
CVSS Base8.8
β
CRSSelect profile
CVE-2026-6363
8.8
GoogleChrome prior
Type Confusion in V8 in Google Chrome prior to 147
CVSS Base8.8
β
CRSSelect profile
CVE-2026-1620
8.8
WordPressis vulnerable
The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9
CVSS Base8.8
β
CRSSelect profile
CVE-2026-34617
8.7
AdobeConnect versions
Adobe Connect versions 2025
CVSS Base8.7
β
CRSSelect profile
CVE-2026-27290
8.6
AdobeFramemaker versions
Adobe Framemaker versions 2022
CVSS Base8.6
β
CRSSelect profile
CVE-2026-32091
8.4
MicrosoftBrokering File
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally
CVSS Base8.4
β
CRSSelect profile
CVE-2026-33114
8.4
MicrosoftOffice Word
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally
CVSS Base8.4
β
CRSSelect profile
CVE-2026-6311
8.3
GoogleChrome on
Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147
CVSS Base8.3
β
CRSSelect profile
CVE-2026-6314
8.3
GoogleChrome prior
Out of bounds write in GPU in Google Chrome prior to 147
CVSS Base8.3
β
CRSSelect profile
CVE-2026-34632
8.2
AdobePhotoshop Installer
Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user
CVSS Base8.2
β
CRSSelect profile
CVE-2026-40193
8.2
Oracleor via
maddy is a composable, all-in-one mail server
CVSS Base8.2
β
CRSSelect profile
CVE-2026-26143
7.8
MicrosoftPowerShell allows
Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally
CVSS Base7.8
β
CRSSelect profile
CVE-2026-26170
7.8
MicrosoftPowerShell allows
Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally
CVSS Base7.8
β
CRSSelect profile
CVE-2026-5617
8.8
WordPressis vulnerable
The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1
CVSS Base8.8
β
CRSSelect profile
CVE-2026-3614
8.8
WordPressis vulnerable
The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9
CVSS Base8.8
β
CRSSelect profile
CVE-2026-26159
7.8
UnknownMultiple Products
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally
CVSS Base7.8
β
CRSSelect profile
CVE-2026-26160
7.8
UnknownMultiple Products
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally
CVSS Base7.8
β
CRSSelect profile
CVE-2026-39815
8.8
FortinetFortiDDoS
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F 7
CVSS Base8.8
β
CRSSelect profile
CVE-2026-26156
7.8
UnknownMultiple Products
Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally
CVSS Base7.8
β
CRSSelect profile
CVE-2026-26176
7.8
WindowsMultiple Products
Heap-based buffer overflow in Windows Client Side Caching driver (csc
CVSS Base7.8
β
CRSSelect profile
CVE-2026-26180
7.8
UnknownMultiple Products
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally
CVSS Base7.8
β
CRSSelect profile
CVE-2026-26167
8.8
ConcurrentMultiple Products
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally
CVSS Base8.8
β
CRSSelect profile
CVE-2026-26178
8.8
IntegerMultiple Products
Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally
CVSS Base8.8
β
CRSSelect profile
CVE-2026-32225
8.8
ProtectionMultiple Products
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network
CVSS Base8.8
β
CRSSelect profile
CVE-2026-40261
8.8
HPMultiple Products
Composer is a dependency manager for PHP
CVSS Base8.8
β
CRSSelect profile
CVE-2025-14868
8.8
WordPressis vulnerable
The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path Traversal and Arbitrary File Deletion in all versions up to, and including, 1
CVSS Base8.8
β
CRSSelect profile
CVE-2026-27928
8.7
UnknownMultiple Products
Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network
CVSS Base8.7
β
CRSSelect profile
CVE-2026-34622
8.6
ReaderMultiple Products
Acrobat Reader versions 26
CVSS Base8.6
β
CRSSelect profile
CVE-2026-22828
8.1
FortinetFortiAnalyzer Cloud
A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7
CVSS Base8.1
β
CRSSelect profile
CVE-2026-32162
8.4
UnknownMultiple Products
Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally
CVSS Base8.4
β
CRSSelect profile
CVE-2026-33827
8.1
ConcurrentMultiple Products
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network
CVSS Base8.1
β
CRSSelect profile
CVE-2026-27912
8
UnknownMultiple Products
Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network
CVSS Base8
β
CRSSelect profile
CVE-2026-33826
8
UnknownMultiple Products
Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network
CVSS Base8
β
CRSSelect profile
CVE-2026-38529
8.8
HPendpoint of
A Broken Object-Level Authorization (BOLA) in the /Settings/UserController
CVSS Base8.8
β
CRSSelect profile
CVE-2026-35196
8.8
HPendpoint within
Chamilo LMS is an open-source learning management system
CVSS Base8.8
β
CRSSelect profile
CVE-2026-20930
7.8
ConcurrentMultiple Products
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally
CVSS Base7.8
β
CRSSelect profile
CVE-2026-26153
7.8
UnknownMultiple Products
Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally
CVSS Base7.8
β
CRSSelect profile
CVE-2026-26161
7.8
UntrustedMultiple Products
Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally
CVSS Base7.8
β
CRSSelect profile
CVE-2026-26162
7.8
UnknownMultiple Products
Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally
CVSS Base7.8
β
CRSSelect profile
CVE-2026-26163
7.8
DoubleMultiple Products
Double free in Windows Kernel allows an authorized attacker to elevate privileges locally
CVSS Base7.8
β
CRSSelect profile
CVE-2026-26168
7.8
ConcurrentMultiple Products
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally
CVSS Base7.8
β
CRSSelect profile
CVE-2026-26172
7.8
ConcurrentMultiple Products
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally
CVSS Base7.8
β
CRSSelect profile
CVE-2026-26179
7.8
DoubleMultiple Products
Double free in Windows Kernel allows an authorized attacker to elevate privileges locally
CVSS Base7.8
β
CRSSelect profile
CVE-2026-34160
8.6
HPis accessible
Chamilo LMS is an open-source learning management system
CVSS Base8.6
β
CRSSelect profile
CVE-2026-30995
8.6
HPendpoint
Slah CMS v1
CVSS Base8.6
β
CRSSelect profile
CVE-2026-39884
8.3
Kubernetesis
mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management
CVSS Base8.3
β
CRSSelect profile
CVE-2026-38530
8.1
HPendpoint of
A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController
CVSS Base8.1
β
CRSSelect profile
CVE-2026-38532
8.1
HPendpoint of
A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController
CVSS Base8.1
β
CRSSelect profile
CVE-2026-32157
8.8
DesktopMultiple Products
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network
CVSS Base8.8
β
CRSSelect profile
CVE-2026-40502
8.8
remoteMultiple Products
OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler
CVSS Base8.8
β
CRSSelect profile
CVE-2023-3634
8.8π Late Disclosure
UnknownMultiple Products
In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability
CVSS Base8.8
β
CRSSelect profile
CVE-2025-40899
8.9
InforMultiple Products
A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter
CVSS Base8.9
β
CRSSelect profile
CVE-2026-25654
8.8
UnknownMultiple Products
A vulnerability has been identified in SINEC NMS (All versions < V4
CVSS Base8.8
β
CRSSelect profile
CVE-2026-27668
8.8
AccessMultiple Products
A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5
CVSS Base8.8
β
CRSSelect profile
CVE-2026-33120
8.8
SQLMultiple Products
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network
CVSS Base8.8
β
CRSSelect profile
CVE-2026-24893
8.8
monitoringMultiple Products
openITCOCKPIT is an open source monitoring tool built for different monitoring engines
CVSS Base8.8
β
CRSSelect profile
CVE-2026-40291
8.8
PUTMultiple Products
Chamilo LMS is an open-source learning management system
CVSS Base8.8
β
CRSSelect profile
CVE-2026-34393
8.8
UnknownMultiple Products
Weblate is a web based localization tool
CVSS Base8.8
β
CRSSelect profile
CVE-2026-40316
8.8
GitHubMultiple Products
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more
CVSS Base8.8
β
CRSSelect profile
CVE-2026-6348
8.8
UnknownMultiple Products
WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment where the agent is installed
CVSS Base8.8
β
CRSSelect profile
CVE-2026-35569
8.7
SEOMultiple Products
ApostropheCMS is an open-source Node
CVSS Base8.7
β
CRSSelect profile
CVE-2026-27305
8.6
ColdFusionMultiple Products
ColdFusion versions 2023
CVSS Base8.6
β
CRSSelect profile
CVE-2026-30617
8.6
itsMultiple Products
LangChain-ChatChat 0
CVSS Base8.6
β
CRSSelect profile
CVE-2026-30624
8.6
AgentMultiple Products
Agent Zero 0
CVSS Base8.6
β
CRSSelect profile
CVE-2026-38527
8.5
UnknownMultiple Products
A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2
CVSS Base8.5
β
CRSSelect profile
CVE-2026-27306
8.4
ColdFusionMultiple Products
ColdFusion versions 2023
CVSS Base8.4
β
CRSSelect profile
CVE-2024-53412
8.4π Late Disclosure
NietThijmenMultiple Products
Command injection in the connect function in NietThijmen ShoppingCart 0
CVSS Base8.4
β
CRSSelect profile
CVE-2026-4857
8.4
IdentityIQMultiple Products
IdentityIQ 8
CVSS Base8.4
β
CRSSelect profile
CVE-2025-40897
8.1
IntelMultiple Products
An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges
CVSS Base8.1
β
CRSSelect profile
CVE-2026-40764
8.1
Syed Balkhi ContactMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery
CVSS Base8.1
β
CRSSelect profile
CVE-2026-40784
8.1
Mahmudul Hasan ArifMultiple Products
Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels