Critical vulnerabilities, curated daily for security professionals
🎯 SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
📊
Today's Security Brief
Wednesday's disclosures center on PostgreSQL, Linux/Kubernetes, and Nginx infrastructure vulnerabilities, with a maximum-severity flaw affecting WWBN AVideo. Critical CVE volume doubled from yesterday to 28 (up 100%), while high-priority vulnerabilities rose to 100 (up 54%). Notable issues include CVE-2026-40906 (CVSS 9.9) in PostgreSQL, CVE-2026-33519 (CVSS 9.8) affecting Linux and Kubernetes, and CVE-2026-40911 (CVSS 10) in WWBN AVideo. Remote code execution and uninitialized memory flaws dominate the attack patterns, with Oracle, Cisco, and Microsoft products also heavily represented. No patches are currently available for the disclosed vulnerabilities, requiring defensive mitigations and compensating controls.
PostgreSQL, Linux/Kubernetes, and Nginx infrastructure vulnerabilities lead Wednesday's disclosures, including a perfect 10.0 CVSS flaw in WWBN AVideo
Critical CVEs doubled to 28, a 100% increase from yesterday's 14
High-priority CVEs rose to 100, up 54% from the prior day's 65
Remote code execution and uninitialized memory vulnerabilities dominate, affecting database platforms, container orchestration, and web servers
Zero percent patch availability across disclosed vulnerabilities, requiring mitigations and workarounds
17 actively exploited CVEs tracked, spanning Cisco Catalyst SD-WAN Manager, Microsoft SharePoint, and Apache ActiveMQ
Immediate action: Prioritize review of PostgreSQL, Linux/Kubernetes, Nginx, and Oracle deployments, alongside Cisco Catalyst SD-WAN Manager instances with confirmed active exploitation. With no patches currently available, apply vendor-recommended mitigations, restrict network exposure, and monitor for exploitation indicators on affected systems.
💡 Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove
Section Navigation
⚠️
CISA Known Exploited Vulnerabilities
⚠️ CISA KEVURGENT
CVE-2026-20122
9.5
CiscoCatalyst SD-WAN Manger
⏰ Federal Deadline:April 22, 2026(1 days remaining)
Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2026-20133
9.5
CiscoCatalyst SD-WAN Manager
⏰ Federal Deadline:April 22, 2026(1 days remaining)
Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2025-48700
9.5
SynacorZimbra Collaboration Suite (ZCS)
⏰ Federal Deadline:April 22, 2026(1 days remaining)
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2026-20128
9.5
CiscoCatalyst SD-WAN Manager
⏰ Federal Deadline:April 22, 2026(1 days remaining)
Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2012-1854
9.5📜 Late Disclosure
MicrosoftVisual Basic for Applications (VBA)
⏰ Federal Deadline:April 26, 2026(5 days remaining)
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2025-60710
9.5
MicrosoftWindows
⏰ Federal Deadline:April 26, 2026(5 days remaining)
Microsoft Windows Link Following Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2023-21529
9.5📜 Late Disclosure
MicrosoftExchange Server
⏰ Federal Deadline:April 26, 2026(5 days remaining)
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2023-36424
9.5📜 Late Disclosure
MicrosoftWindows
⏰ Federal Deadline:April 26, 2026(5 days remaining)
Microsoft Windows Out-of-Bounds Read Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2020-9715
9.5📜 Late Disclosure
AdobeAcrobat
⏰ Federal Deadline:April 26, 2026(5 days remaining)
Adobe Acrobat Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2026-34621
9.5📝
AdobeAcrobat and Reader
⏰ Federal Deadline:April 26, 2026(5 days remaining)
Adobe Acrobat Reader is vulnerable to prototype pollution, which can result in arbitrary code execution when a victim opens a malicious file.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2009-0238
9.5📜 Late Disclosure
MicrosoftOffice
⏰ Federal Deadline:April 27, 2026(6 days remaining)
Microsoft Office Remote Code Execution - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2026-32201
9.5
MicrosoftSharePoint Server
⏰ Federal Deadline:April 27, 2026(6 days remaining)
Microsoft SharePoint Server Improper Input Validation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2026-34197
9.5
ApacheActiveMQ
⏰ Federal Deadline:April 29, 2026(8 days remaining)
Apache ActiveMQ Improper Input Validation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-2749
9.5
KenticoKentico Xperience
⏰ Federal Deadline:May 3, 2026(12 days remaining)
Kentico Xperience Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2023-27351
9.5📜 Late Disclosure
PaperCutNG/MF
⏰ Federal Deadline:May 3, 2026(12 days remaining)
PaperCut NG/MF Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-32975
9.5
QuestKACE Systems Management Appliance (SMA)
⏰ Federal Deadline:May 3, 2026(12 days remaining)
Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2024-27199
9.5📜 Late Disclosure
JetBrainsTeamCity
⏰ Federal Deadline:May 3, 2026(12 days remaining)
JetBrains TeamCity Relative Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
🚨
Critical Vulnerabilities
CVE-2026-40906
9.9📝
PostgreSQLdatabase through
ElectricSQL is vulnerable to error-based SQL injection via the /v1/shape API, allowing authenticated users to read, modify, or destroy database contents.
CVSS Base9.9
→
CRSSelect profile
CVE-2026-40887
9.1📝
PostgreSQLVendure
An unauthenticated SQL injection vulnerability in the Vendure Shop API allows remote attackers to execute arbitrary SQL commands against the backend database.
CVSS Base9.1
→
CRSSelect profile
CVE-2026-33519
9.8
Linuxand Kubernetes
An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-33518
9.8
Linuxthat allows
An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-40575
9.1
Nginxand not
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied `X-Forwarded-Uri` header when `--reverse-proxy` is enabled and `--skip-auth-regex` or `--skip-auth-route` is configured. An attacker can spoof this header so OAuth2 Proxy evaluates authentication and skip-auth rules against a different path than the one actually sent to the upstream application. This can result in an unauthenticated remote attacker bypassing authentication and accessing protected routes without a valid session. Impacted users are deployments that run oauth2-proxy with `--reverse-proxy` enabled and configure at least one `--skip-auth-regex` or `--skip-auth-route` rule. This issue is patched in `v7.15.2`. Some workarounds are available for those who cannot upgrade immediately. Strip any client-provided `X-Forwarded-Uri` header at the reverse proxy or load balancer level; explicitly overwrite `X-Forwarded-Uri` with the actual request URI before forwarding requests to OAuth2 Proxy; restrict direct client access to OAuth2 Proxy so it can only be reached through a trusted reverse proxy; and/or remove or narrow `--skip-auth-regex` / `--skip-auth-route` rules where possible. For nginx-based deployments, ensure `X-Forwarded-Uri` is set by nginx and not passed through from the client.
CVSS Base9.1
→
CRSSelect profile
CVE-2026-40911
10📝
WWBNAVideo
A WebSocket-based cross-site scripting (XSS) vulnerability in the AVideo YPTSocket plugin allows unauthenticated attackers to achieve universal account takeover.
CVSS Base10
→
CRSSelect profile
CVE-2026-6748
9.8
UninitializedMultiple Products
Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-6768
9.8
MitigationMultiple Products
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-6771
9.8
MitigationMultiple Products
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-34275
9.8📝
OracleAdvanced Inbound
An unauthenticated, easily exploitable vulnerability in the Oracle Advanced Inbound Telephony component allows a remote attacker to achieve a full system takeover.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-41064
9.3
HPMultiple Products
WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's `test.php` adds `escapeshellarg` for wget but leaves the `file_get_contents` and `curl` code paths unsanitized, and the URL validation regex `/^http/` accepts strings like `httpevil[.]com`. Commit 78bccae74634ead68aa6528d631c9ec4fd7aa536 contains an updated fix.
CVSS Base9.3
→
CRSSelect profile
CVE-2026-40372
9.1
ImproperMultiple Products
Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
CVSS Base9.1
→
CRSSelect profile
CVE-2026-34279
9.1📝
OracleEnterprise Manager
A high-privileged vulnerability in the Oracle Enterprise Manager Event Management component allows for a full system takeover and cross-product impact.
CVSS Base9.1
→
CRSSelect profile
CVE-2026-34285
9.1📝
OracleIdentity Manager
An unauthenticated vulnerability in the Oracle Identity Manager Connector allows remote attackers to gain unauthorized access to critical identity data.
CVSS Base9.1
→
CRSSelect profile
CVE-2026-34286
9.1📝
OracleIdentity Manager
An unauthenticated vulnerability in the Oracle Identity Manager Connector permits remote attackers to perform unauthorized operations on critical identity data.
CVSS Base9.1
→
CRSSelect profile
CVE-2026-34287
9.1📝
OracleIdentity Manager
An unauthenticated vulnerability in the Oracle Identity Manager Connector enables remote attackers to compromise sensitive identity data through unauthorized access.
CVSS Base9.1
→
CRSSelect profile
CVE-2026-40569
9
HPMultiple Products
FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout (`connectionIncomingSave()` at `app/Http/Controllers/MailboxesController.php:468` and `connectionOutgoingSave()` at line 398). Both methods pass `$request->all()` directly to `$mailbox->fill()` without any field allowlisting, allowing an authenticated admin to overwrite any of the 32 fields in the Mailbox model's `$fillable` array -- including security-critical fields that do not belong to the connection settings form, such as `auto_bcc`, `out_server`, `out_password`, `signature`, `auto_reply_enabled`, and `auto_reply_message`. Validation in `connectionIncomingSave()` is entirely commented out, and the validator in `connectionOutgoingSave()` only checks value formats for SMTP fields without stripping extra parameters. An authenticated admin user can exploit this by appending hidden parameters (e.g., `auto_bcc=attacker@evil.com`) to a legitimate connection settings save request. Because the `auto_bcc` field is not displayed on the connection settings form (it only appears on the general mailbox settings page), the injection is invisible to other administrators reviewing connection settings. Once set, every outgoing email from the affected mailbox is silently BCC'd to the attacker via the `SendReplyToCustomer` job. The same mechanism allows redirecting outgoing SMTP through an attacker-controlled server, injecting tracking pixels or phishing links into email signatures, and enabling attacker-crafted auto-replies -- all from a single HTTP request. This is particularly dangerous in multi-admin environments where one admin can silently surveil mailboxes managed by others, and when an admin session is compromised via a separate vulnerability (e.g., XSS), the attacker gains persistent email exfiltration that survives session expiry. Version 1.8.213 fixes the issue.
CVSS Base9
→
CRSSelect profile
CVE-2026-40576
9.4📝
AWSexcel-mcp-server
A path traversal vulnerability in excel-mcp-server allows unauthenticated remote attackers to read, write, and overwrite arbitrary files on the host filesystem.
CVSS Base9.4
→
CRSSelect profile
CVE-2026-40050
9.8📝
CrowdStrikeLogScale
A critical unauthenticated path traversal vulnerability in CrowdStrike LogScale allows remote attackers to read arbitrary files from the server filesystem.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-5652
9
the UsersMultiple Products
An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation.
CVSS Base9
→
CRSSelect profile
CVE-2026-41329
9.9
OpenClawMultiple Products
OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter manipulation. Attackers can exploit improper context validation to bypass sandbox restrictions and achieve unauthorized privilege escalation.
CVSS Base9.9
→
CRSSelect profile
CVE-2026-40884
9.8📝
goshsgoshs
An SFTP authentication bypass in goshs allows unauthenticated network attackers to access files without a password when specific configurations are used.
CVSS Base9.8
→
CRSSelect profile
CVE-2017-20230
10📜 Late Disclosure
Storable versionsMultiple Products
Storable versions before 3.05 for Perl has a stack overflow.
The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow.
CVSS Base10
→
CRSSelect profile
CVE-2025-15638
10📝
PerlNet::Dropbear
Net::Dropbear versions before 0.14 contain outdated libtomcrypt dependencies, exposing the application to multiple known cryptographic vulnerabilities.
CVSS Base10
→
CRSSelect profile
CVE-2026-40933
9.9📝
FlowiseFlowise
Flowise prior to 3.1.0 is vulnerable to OS command injection due to unsafe serialization of stdio commands in the MCP adapter, allowing authenticated attackers to execute arbitrary commands.
CVSS Base9.9
→
CRSSelect profile
CVE-2026-5965
9.8📝
NewSoftNewSoftOA
NewSoftOA is susceptible to an unauthenticated OS command injection vulnerability, permitting remote attackers to execute arbitrary commands on the server.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-41193
9.1
ArchMultiple Products
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a specially crafted ZIP. Version 1.8.215 fixes the vulnerability.
CVSS Base9.1
→
CRSSelect profile
CVE-2026-40903
9.1📝
GitHubgoshs
The goshs SimpleHTTPServer is affected by an ArtiPACKED vulnerability that can lead to the unauthorized leakage of GITHUB_TOKEN credentials via workflow artifacts.
CVSS Base9.1
→
CRSSelect profile
⚠️
High Priority Updates
CVE-2026-34305
7.5
OracleWebLogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services)
CVSS Base7.5
→
CRSSelect profile
CVE-2026-34291
8.7
OracleHTTP Server
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core)
CVSS Base8.7
→
CRSSelect profile
CVE-2026-21997
8.5
OracleLife Sciences
Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Applications (component: Common Core)
CVSS Base8.5
→
CRSSelect profile
CVE-2026-34309
8.1
OraclePeopleSoft
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security)
CVSS Base8.1
→
CRSSelect profile
CVE-2026-35243
7.8
OracleApplication Development
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces)
CVSS Base7.8
→
CRSSelect profile
CVE-2026-22011
7.6
OracleApplications DBA
Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: ADPatch)
CVSS Base7.6
→
CRSSelect profile
CVE-2026-22010
7.5
OracleFinancial Services
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform)
CVSS Base7.5
→
CRSSelect profile
CVE-2026-34290
7.5
OracleIdentity Manager
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core)
CVSS Base7.5
→
CRSSelect profile
CVE-2026-34297
7.5
OracleHCM Common
Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Knowledge Integration)
CVSS Base7.5
→
CRSSelect profile
CVE-2026-34310
7.5
OracleFinancial Services
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform)
CVSS Base7.5
→
CRSSelect profile
CVE-2026-34320
7.5
OracleFinancial Services
Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface)
CVSS Base7.5
→
CRSSelect profile
CVE-2026-35229
7.5
OracleDatabase Server
Vulnerability in the Java VM component of Oracle Database Server
CVSS Base7.5
→
CRSSelect profile
CVE-2026-35230
7.5
OracleVM VirtualBox
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
CVSS Base7.5
→
CRSSelect profile
CVE-2026-6248
8.1
WordPressis vulnerable
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3
CVSS Base8.1
→
CRSSelect profile
CVE-2026-5478
8.1
WordPressis vulnerable
The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3
CVSS Base8.1
→
CRSSelect profile
CVE-2026-40868
8.1
TeamsMultiple Products
Kyverno is a policy engine designed for cloud native platform engineering teams
CVSS Base8.1
→
CRSSelect profile
CVE-2026-26944
8.8
DellPowerProtect Data
Dell PowerProtect Data Domain, versions 7
CVSS Base8.8
→
CRSSelect profile
CVE-2026-6249
8.8
HPwebshell with
Vvveb CMS 1
CVSS Base8.8
→
CRSSelect profile
CVE-2026-39386
8.8
Dockerand uses
Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3
CVSS Base8.8
→
CRSSelect profile
CVE-2026-31018
8.8
HPcode detection
In Dolibarr ERP & CRM <= 22
CVSS Base8.8
→
CRSSelect profile
CVE-2026-31019
8.8
HPfunctions related
In the Website module of Dolibarr ERP & CRM 22
CVSS Base8.8
→
CRSSelect profile
CVE-2026-6746
7.5
UnknownMultiple Products
Use-after-free in the DOM: Core & HTML component
CVSS Base7.5
→
CRSSelect profile
CVE-2026-6754
7.5
JavaScriptMultiple Products
Use-after-free in the JavaScript Engine component
CVSS Base7.5
→
CRSSelect profile
CVE-2026-6758
7.5
UnknownMultiple Products
Use-after-free in the JavaScript: WebAssembly component
CVSS Base7.5
→
CRSSelect profile
CVE-2026-6784
7.5
andMultiple Products
Memory safety bugs present in Firefox 149 and Thunderbird 149
CVSS Base7.5
→
CRSSelect profile
CVE-2026-22016
7.5
AppleMultiple Products
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP)
CVSS Base7.5
→
CRSSelect profile
CVE-2026-34282
7.5
AppleMultiple Products
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking)
CVSS Base7.5
→
CRSSelect profile
CVE-2026-39110
8.2
HPMultiple Products
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1
CVSS Base8.2
→
CRSSelect profile
CVE-2026-3517
8.4
API in Progress ADCADC Products
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command
CVSS Base8.4
→
CRSSelect profile
CVE-2026-3518
8.4
API in Progress ADCADC Products
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command
CVSS Base8.4
→
CRSSelect profile
CVE-2026-3519
8.4
API in Progress ADCADC Products
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command
CVSS Base8.4
→
CRSSelect profile
CVE-2026-4048
8.4
UI in Progress ADCADC Products
OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process
CVSS Base8.4
→
CRSSelect profile
CVE-2026-39111
7.5
HPMultiple Products
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1
CVSS Base7.5
→
CRSSelect profile
CVE-2026-40909
8.7
HPMultiple Products
WWBN AVideo is an open source video platform
CVSS Base8.7
→
CRSSelect profile
CVE-2026-40568
8.5
HPMultiple Products
FreeScout is a free self-hosted help desk and shared mailbox
CVSS Base8.5
→
CRSSelect profile
CVE-2026-35570
8.4
HPMultiple Products
OpenClaude is an open-source coding-agent command line interface for cloud and local model providers
CVSS Base8.4
→
CRSSelect profile
CVE-2026-40925
8.3
F5Multiple Products
WWBN AVideo is an open source video platform
CVSS Base8.3
→
CRSSelect profile
CVE-2026-40497
8.1
F5Multiple Products
FreeScout is a free self-hosted help desk and shared mailbox
CVSS Base8.1
→
CRSSelect profile
CVE-2026-41056
8.1
HPMultiple Products
WWBN AVideo is an open source video platform
CVSS Base8.1
→
CRSSelect profile
CVE-2026-41060
7.7
HPMultiple Products
WWBN AVideo is an open source video platform
CVSS Base7.7
→
CRSSelect profile
CVE-2026-24177
7.7
NVIDIAKAI Scheduler
NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without authorization
CVSS Base7.7
→
CRSSelect profile
CVE-2026-41133
8.8
downloadMultiple Products
pyLoad is a free and open-source download manager written in Python
CVSS Base8.8
→
CRSSelect profile
CVE-2026-6630
8.8
TendaF451
A vulnerability was found in Tenda F451 1
CVSS Base8.8
→
CRSSelect profile
CVE-2026-6631
8.8
TendaF451
A vulnerability was determined in Tenda F451 1
CVSS Base8.8
→
CRSSelect profile
CVE-2026-6632
8.8
TendaF451
A vulnerability was identified in Tenda F451 1
CVSS Base8.8
→
CRSSelect profile
CVE-2026-41303
8.8
Discordtext approval
OpenClaw before 2026
CVSS Base8.8
→
CRSSelect profile
CVE-2026-6819
8.8
HKUDSMultiple Products
HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default
CVSS Base8.8
→
CRSSelect profile
CVE-2026-24189
8.2
NVIDIACUDA
NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause an out-of-bounds read by sending a maliciously crafted request
CVSS Base8.2
→
CRSSelect profile
CVE-2026-25524
8.1
MagentoLong Term
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility
CVSS Base8.1
→
CRSSelect profile
CVE-2026-6823
8.2
HKUDSMultiple Products
HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permitting arbitrary remote senders to pass admission checks
CVSS Base8.2
→
CRSSelect profile
CVE-2026-41059
8.2
UnknownMultiple Products
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers
CVSS Base8.2
→
CRSSelect profile
CVE-2026-40161
7.7
GitLabtoken
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines
CVSS Base7.7
→
CRSSelect profile
CVE-2026-6832
8.1
theMultiple Products
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the session_id parameter
CVSS Base8.1
→
CRSSelect profile
CVE-2026-5967
8.8
UnknownMultiple Products
ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability
CVSS Base8.8
→
CRSSelect profile
CVE-2026-6750
8.8
PrivilegeMultiple Products
Privilege escalation in the Graphics: WebRender component
CVSS Base8.8
→
CRSSelect profile
CVE-2026-6761
8.8
PrivilegeMultiple Products
Privilege escalation in the Networking component
CVSS Base8.8
→
CRSSelect profile
CVE-2026-6769
8.8
PrivilegeMultiple Products
Privilege escalation in the Debugger component
CVSS Base8.8
→
CRSSelect profile
CVE-2026-25058
7.5
UnknownMultiple Products
Vexa is an open-source, self-hostable meeting bot API and meeting transcription API
CVSS Base7.5
→
CRSSelect profile
CVE-2026-34427
8.8
priorMultiple Products
Vvveb prior to 1
CVSS Base8.8
→
CRSSelect profile
CVE-2026-41445
8.8
beforeMultiple Products
KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr
CVSS Base8.8
→
CRSSelect profile
CVE-2026-29648
8.8
UnknownMultiple Products
In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0
CVSS Base8.8
→
CRSSelect profile
CVE-2026-40611
8.8
EncryptMultiple Products
Let's Encrypt client and ACME library written in Go (Lego)
CVSS Base8.8
→
CRSSelect profile
CVE-2026-41294
8.6
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base8.6
→
CRSSelect profile
CVE-2026-41055
8.6
UnknownMultiple Products
WWBN AVideo is an open source video platform
CVSS Base8.6
→
CRSSelect profile
CVE-2026-40706
8.4
UnknownMultiple Products
In NTFS-3G 2022
CVSS Base8.4
→
CRSSelect profile
CVE-2026-40931
8.4
UnknownMultiple Products
Compressing is a compressing and uncompressing lib for node
CVSS Base8.4
→
CRSSelect profile
CVE-2026-41296
8.2
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base8.2
→
CRSSelect profile
CVE-2026-40588
8.1
UnrealMultiple Products
blueprintUE is a tool to help Unreal Engine developers
CVSS Base8.1
→
CRSSelect profile
CVE-2026-40905
8.1
ArchMultiple Products
LinkAce is a self-hosted archive to collect website links
CVSS Base8.1
→
CRSSelect profile
CVE-2026-41058
8.1
UnknownMultiple Products
WWBN AVideo is an open source video platform
CVSS Base8.1
→
CRSSelect profile
CVE-2026-6023
8.1
AJAXMultiple Products
In Progress® Telerik® UI for AJAX versions 2024
CVSS Base8.1
→
CRSSelect profile
CVE-2026-39454
7.8
SKYSEAMultiple Products
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co
CVSS Base7.8
→
CRSSelect profile
CVE-2026-30266
7.8
DeepCool DeepCreativeMultiple Products
Insecure Permissions vulnerability in DeepCool DeepCreative v
CVSS Base7.8
→
CRSSelect profile
CVE-2026-29642
7.8
UnknownMultiple Products
A local attacker who can execute privileged CSR operations (or can induce firmware to do so) performs carefully crafted reads/writes to menvcfg (e
CVSS Base7.8
→
CRSSelect profile
CVE-2026-41295
7.8
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base7.8
→
CRSSelect profile
CVE-2026-31368
7.8
UnknownMultiple Products
AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability
CVSS Base7.8
→
CRSSelect profile
CVE-2026-6776
7.8
IncorrectMultiple Products
Incorrect boundary conditions in the WebRTC: Networking component
CVSS Base7.8
→
CRSSelect profile
CVE-2026-34428
7.7
priorMultiple Products
Vvveb prior to 1
CVSS Base7.7
→
CRSSelect profile
CVE-2026-41297
7.6
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base7.6
→
CRSSelect profile
CVE-2026-41302
7.6
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base7.6
→
CRSSelect profile
CVE-2026-40589
7.6
UnknownMultiple Products
FreeScout is a free self-hosted help desk and shared mailbox
CVSS Base7.6
→
CRSSelect profile
CVE-2026-29645
7.5
ArchMultiple Products
NEMU (OpenXiangShan/NEMU) before v2025
CVSS Base7.5
→
CRSSelect profile
CVE-2026-33626
7.5
LMDeployMultiple Products
LMDeploy is a toolkit for compressing, deploying, and serving large language models
CVSS Base7.5
→
CRSSelect profile
CVE-2026-5928
7.5
LibraryMultiple Products
Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2
CVSS Base7.5
→
CRSSelect profile
CVE-2026-39320
7.5
SignalMultiple Products
Signal K Server is a server application that runs on a central hub in a boat
CVSS Base7.5
→
CRSSelect profile
CVE-2026-6747
7.5
UnknownMultiple Products
Use-after-free in the WebRTC component
CVSS Base7.5
→
CRSSelect profile
CVE-2026-6749
7.5
InforMultiple Products
Information disclosure due to uninitialized memory in the Graphics: Canvas2D component
CVSS Base7.5
→
CRSSelect profile
CVE-2026-6759
7.5
UnknownMultiple Products
Use-after-free in the Widget: Cocoa component
CVSS Base7.5
→
CRSSelect profile
CVE-2026-6766
7.5
IncorrectMultiple Products
Incorrect boundary conditions in the Libraries component in NSS
CVSS Base7.5
→
CRSSelect profile
CVE-2026-6772
7.5
IncorrectMultiple Products
Incorrect boundary conditions in the Libraries component in NSS
CVSS Base7.5
→
CRSSelect profile
CVE-2026-6773
7.5
UnknownMultiple Products
Denial-of-service due to integer overflow in the Graphics: WebGPU component
CVSS Base7.5
→
CRSSelect profile
CVE-2026-6780
7.5
UnknownMultiple Products
Denial-of-service in the Audio/Video: Playback component
CVSS Base7.5
→
CRSSelect profile
CVE-2026-6781
7.5
UnknownMultiple Products
Denial-of-service in the Audio/Video: Playback component
CVSS Base7.5
→
CRSSelect profile
CVE-2026-6782
7.5
InforMultiple Products
Information disclosure in the IP Protection component
CVSS Base7.5
→
CRSSelect profile
CVE-2026-40586
7.5
UnrealMultiple Products
blueprintUE is a tool to help Unreal Engine developers
CVSS Base7.5
→
CRSSelect profile
CVE-2026-40613
7.5
STUNMultiple Products
Coturn is a free open source implementation of TURN and STUN Server