Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Today's Security Brief
Thursday's disclosures center on free5GC's open-source 5G core, with three CVSS 10 vulnerabilities affecting the SMF and core components, alongside critical flaws in IBM Aspera, IBM Langflow, and Synology BeeStation OS. Critical CVEs rose to 19 (up 19% from 16), while high-priority disclosures dropped sharply to 30 (down 68% from 95). Notable issues include CVE-2026-44329 (free5GC SMF, CVSS 10), CVE-2026-45087 (Dalfox, CVSS 10), and CVE-2026-46425 (Budibase, CVSS 9.9). Network function virtualization, low-code platforms, and file transfer infrastructure dominate today's attack surface, with authentication bypass and remote code execution as recurring patterns. Patch availability sits at 0% across yesterday's disclosures, warranting compensating controls and exposure reduction until vendor fixes ship.
free5GC 5G core infrastructure carries three CVSS 10 vulnerabilities (CVE-2026-44327, CVE-2026-44329, CVE-2026-44330) affecting SMF and core components
Critical CVEs increased 19% to 19 disclosures, with IBM Aspera and IBM Langflow joining the critical tier
High-priority CVEs declined 68% to 30, reflecting a narrower but more severe disclosure set
Authentication bypass and RCE patterns dominate, hitting Pi.Alert (CVE-2026-44887/44888), Budibase, and Synology BeeStation OS
Patch availability stands at 0%, requiring network segmentation and access restriction as primary mitigations
Seven actively exploited CVEs include Drupal Core, Trend Micro Apex One, and Nx tooling with confirmed in-the-wild activity
Immediate action: Prioritize isolation of free5GC deployments, IBM Aspera transfer nodes, and Synology BeeStation devices until vendor patches are released, and audit Pi.Alert and Budibase instances exposed to untrusted networks. With 0% patch availability across yesterday's critical disclosures, defenders should apply network-layer restrictions, monitor for exploitation indicators on the seven KEV-listed products, and track vendor advisories for incoming fixes.
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEVURGENT
CVE-2026-9082
9.5
DrupalCore
β° Federal Deadline:May 26, 2026(EXPIRED)
Drupal Core SQL Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-48172
9.5
LiteSpeedcPanel Plugin
β° Federal Deadline:May 28, 2026(1 days remaining)
LiteSpeed cPanel Plugin Privilege Escalation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-8398
9.5π
AVB Disc SoftDAEMON Tools Lite
β° Federal Deadline:May 29, 2026(2 days remaining)
A supply chain compromise of DAEMON Tools Lite resulted in the distribution of trojanized binaries signed with a legitimate certificate.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-34291
9.5
LangflowLangflow
β° Federal Deadline:June 3, 2026(7 days remaining)
Langflow Origin Validation Error Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-34926
9.5
Trend MicroApex One
β° Federal Deadline:June 3, 2026(7 days remaining)
Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-45321
9.5π
GitHubActions OIDC
β° Federal Deadline:June 9, 2026(13 days remaining)
GitHub Actions OIDC was exploited to publish malicious npm packages by chaining multiple vulnerabilities, including cache poisoning and token extraction.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-48027
9.8
NxMultiple Products
β° Federal Deadline:June 9, 2026(13 days remaining)
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.
CVSS Base9.8
β
CRSSelect profile
π¨
Critical Vulnerabilities
CVE-2026-44329
10π
free5GCSMF (Session Management Function)
The free5GC SMF component improperly manages UPI route groups, allowing unauthenticated attackers to perform unauthorized read, write, and delete operations.
CVSS Base10
β
CRSSelect profile
CVE-2026-46425
9.9π
BudibaseBudibase
Budibase contains an authorization bypass vulnerability in the SCIM API, allowing authenticated users to perform unauthorized CRUD operations on all users and groups.
CVSS Base9.9
β
CRSSelect profile
CVE-2026-44327
10π
free5GCfree5GC
The free5GC NEF component fails to enforce authentication on the OAM route group, allowing unauthenticated network attackers to access OAM-related functions.
CVSS Base10
β
CRSSelect profile
CVE-2026-44330
10π
free5GCfree5GC
The free5GC NEF component suffers from an authentication bypass on the PFD management route group, allowing unauthenticated attackers to manipulate application data and subscriptions.
CVSS Base10
β
CRSSelect profile
CVE-2026-44887
9.8π
Pi.AlertPi.Alert
Pi.Alert is vulnerable to unauthenticated remote code execution due to improper validation of configuration files, allowing arbitrary Python code execution.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-12686
9.8π
SynologyBeeStation OS
A classic buffer overflow in Synology BeeStation OS AdminCenter allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-7524
9.8π
IBMLangflow OSS
IBM Langflow OSS is vulnerable to remote code execution during archive extraction due to improper validation of symbolic links.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-8175
9.8π
IBMAspera High-Speed Transfer
A buffer overflow in the IBM Aspera High-Speed Transfer component could lead to denial of service, authentication bypass, or remote code execution.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-45087
10π
DalfoxDalfox
Dalfox contains an unauthenticated remote code execution vulnerability in its REST API server mode due to insecure deserialization of scan options.
CVSS Base10
β
CRSSelect profile
CVE-2026-44888
9.8π
Pi.AlertPi.Alert
Pi.Alert is vulnerable to unauthenticated remote code execution through the configuration save endpoint, allowing arbitrary Python code injection.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-42748
9.9π
WPifyWoo Czech
An unrestricted file upload vulnerability in the WPify Woo Czech plugin allows unauthenticated attackers to upload and execute a web shell on the server.
CVSS Base9.9
β
CRSSelect profile
CVE-2026-45102
9.9π
OneUptimeOneUptime
OneUptime is vulnerable to a sandbox escape in its Node.js environment due to the improper use of the vm module.
CVSS Base9.9
β
CRSSelect profile
CVE-2026-8364
9.8π
GladinetTriofox Cloud Server Agent
The Gladinet Triofox Cloud Server Agent exposes multiple sensitive endpoints on TCP port 7878, potentially facilitating remote exploitation.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-42731
9.8
miniOrange miniorangeMultiple Products
Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through <= 5.4.9.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-42758
9.8
Saleswonder TeamMultiple Products
Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through < 4.08.253.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-8362
9.8π
UnknownWOSDefaultHttpModule
A stack-based buffer overflow in WOSDefaultHttpModule.dll allows for potential arbitrary code execution when processing long URL paths.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-8363
9.8π
GladinetWOSDeviceDropFolder
A stack-based buffer overflow exists in WOSDeviceDropFolder.dll when processing long URL paths, potentially allowing remote code execution.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-42756
9.9
Ludwig YouMultiple Products
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly quickwebp allows Path Traversal.This issue affects QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly: from n/a through <= 3.2.7.
CVSS Base9.9
β
CRSSelect profile
CVE-2026-42757
9.9
Saleswonder TeamMultiple Products
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This issue affects WebinarIgnition: from n/a through < 4.08.253.
CVSS Base9.9
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2026-6303
8.8
GoogleChrome prior
Use after free in Codecs in Google Chrome prior to 147
CVSS Base8.8
β
CRSSelect profile
CVE-2026-6305
8.8
GoogleChrome prior
Heap buffer overflow in PDFium in Google Chrome prior to 147
CVSS Base8.8
β
CRSSelect profile
CVE-2026-6316
8.8
GoogleChrome prior
Use after free in Forms in Google Chrome prior to 147
CVSS Base8.8
β
CRSSelect profile
CVE-2026-6318
8.8
GoogleChrome prior
Use after free in Codecs in Google Chrome prior to 147
CVSS Base8.8
β
CRSSelect profile
CVE-2026-6358
8.8
GoogleChrome on
Use after free in XR in Google Chrome on Android prior to 147
CVSS Base8.8
β
CRSSelect profile
CVE-2026-9009
8.8
WordPressis vulnerable
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2
CVSS Base8.8
β
CRSSelect profile
CVE-2026-44345
8.8
Dockerbuild which
BentoML is a Python library for building online serving systems optimized for AI apps and model inference
CVSS Base8.8
β
CRSSelect profile
CVE-2026-44346
8.8
Dockerbuild
BentoML is a Python library for building online serving systems optimized for AI apps and model inference
CVSS Base8.8
β
CRSSelect profile
CVE-2026-44521
8.8
filevolume driver
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI
CVSS Base8.8
β
CRSSelect profile
CVE-2026-46414
8.8
MicrosoftUFO open
Microsoft UFO open-source framework for intelligent automation across devices and platforms
CVSS Base8.8
β
CRSSelect profile
CVE-2009-0901
8.8π Late Disclosure
MicrosoftVisual Studio
The Active Template Library (ATL) in Microsoft Visual Studio
CVSS Base8.8
β
CRSSelect profile
CVE-2009-2493
8.8π Late Disclosure
MicrosoftVisual Studio
The Active Template Library (ATL) in Microsoft Visual Studio
CVSS Base8.8
β
CRSSelect profile
CVE-2026-6363
8.8
GoogleChrome prior
Type Confusion in V8 in Google Chrome prior to 147
CVSS Base8.8
β
CRSSelect profile
CVE-2026-7802
8.8
WordPressis vulnerable
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3
CVSS Base8.8
β
CRSSelect profile
CVE-2026-9227
8.8
WordPressis vulnerable
The GutenBee β Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2
CVSS Base8.8
β
CRSSelect profile
CVE-2026-8973
8.8
MemoryMultiple Products
Memory safety bugs present in Firefox 150
CVSS Base8.8
β
CRSSelect profile
CVE-2026-8974
8.8
FirefoxMultiple Products
Memory safety bugs present in Firefox ESR 140
CVSS Base8.8
β
CRSSelect profile
CVE-2026-8975
8.8
FirefoxMultiple Products
Memory safety bugs present in Firefox ESR 115
CVSS Base8.8
β
CRSSelect profile
CVE-2026-48920
8.8
JenkinsEmail Extension
Jenkins Email Extension Plugin 1933
CVSS Base8.8
β
CRSSelect profile
CVE-2026-45717
8.8
MongoDBdatasource to
Budibase is an open-source low-code platform
CVSS Base8.8
β
CRSSelect profile
CVE-2026-5065
8.8
IBMController
IBM Controller 11
CVSS Base8.8
β
CRSSelect profile
CVE-2026-8179
8.8
IBMAspera High
IBM Aspera High-Speed Transfer Endpoint 3
CVSS Base8.8
β
CRSSelect profile
CVE-2026-44713
8.8
Linuxusing ordinary
pam_usb provides hardware authentication for Linux using ordinary removable media
CVSS Base8.8
β
CRSSelect profile
CVE-2026-28806
8.8
nervesMultiple Products
Improper Authorization vulnerability in nerves-hub nerves_hub_web allows cross-organization device control via device bulk actions and device update API
CVSS Base8.8
β
CRSSelect profile
CVE-2026-42843
8.8
GravMultiple Products
Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management
CVSS Base8.8
β
CRSSelect profile
CVE-2026-36044
8.8
UnknownMultiple Products
@pensar/apex <= 0
CVSS Base8.8
β
CRSSelect profile
CVE-2026-44988
8.8
VNCMultiple Products
LibVNCClient is a library for easy implementation of a VNC client
CVSS Base8.8
β
CRSSelect profile
CVE-2026-45716
8.8
UnknownMultiple Products
Budibase is an open-source low-code platform
CVSS Base8.8
β
CRSSelect profile
CVE-2026-9208
8.8
ConnectMultiple Products
Tanium addressed an unauthorized code execution vulnerability in Connect
CVSS Base8.8
β
CRSSelect profile
CVE-2026-8915
8.8
Samsung Open SourceMultiple Products
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers