Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Today's Security Brief
Wednesday's vulnerability disclosures include 25 critical-severity CVEs, a fivefold increase from the prior day's 5, alongside 100 high-priority issues across enterprise infrastructure and application platforms. Notable critical flaws include CVE-2025-48611 (CVSS 10.0) in DeviceId.java, two CVSS 9.9 vulnerabilities in OneUptime Synthetic Monitors (CVE-2026-30887, CVE-2026-30957), and CVE-2026-0953 (CVSS 9.8) affecting WordPress. Linux kernel, HP configuration management, Appsmith, and Atlassian products also carry critical-rated vulnerabilities requiring prompt evaluation. Thirteen CVEs have confirmed active exploitation, spanning SolarWinds Web Help Desk, Roundcube Webmail, Ivanti Endpoint Manager, Broadcom VMware Aria Operations, and several Apple products. No patches have been confirmed available at this time, making compensating controls and network-level mitigations essential while vendors release fixes.
CVE-2025-48611 rated CVSS 10.0 in DeviceId.java and two CVSS 9.9 flaws in OneUptime Synthetic Monitors represent the highest-severity disclosures
Critical CVEs jumped to 25, up 400% from the prior day's 5, spanning Linux, HP, WordPress, Atlassian, and Appsmith
High-priority CVEs rose to 100, a 33% increase over the previous day's 75
Remote code execution and authentication bypass patterns affect WordPress, Linux kernel, and enterprise monitoring platforms including OneUptime and Appsmith
Patch availability stands at 0% across all disclosed CVEs â compensating controls and segmentation are recommended immediately
13 actively exploited vulnerabilities affect SolarWinds, Roundcube, Ivanti, VMware Aria Operations, Qualcomm chipsets, and Apple products
Immediate action: Prioritize review of internet-facing deployments of OneUptime, WordPress, Roundcube Webmail, Ivanti EPM, and SolarWinds Web Help Desk, as these carry critical ratings or confirmed exploitation. With 0% patch availability reported, implement network segmentation, restrict administrative access, and deploy available WAF or IDS signatures as interim mitigations until vendor patches are released.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2025-26399
9.5đ
SolarWindsWeb Help Desk
â° Federal Deadline:March 11, 2026(1 days remaining)
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-49113
9.5
RoundcubeWebmail
â° Federal Deadline:March 12, 2026(2 days remaining)
RoundCube Webmail Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-68461
9.5
RoundcubeWebmail
â° Federal Deadline:March 12, 2026(2 days remaining)
RoundCube Webmail Cross-site Scripting Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2026-25108
9.5đ
Soliton Systems K.KFileZen
â° Federal Deadline:March 16, 2026(6 days remaining)
FileZen is affected by a high-severity OS command injection vulnerability that allows a threat actor to execute arbitrary commands on the underlying operating system.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-22054
9.5đ Late Disclosure
OmnissaWorkspace One UEM
â° Federal Deadline:March 22, 2026(12 days remaining)
Omnissa Workspace ONE Server-Side Request Forgery - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-1603
9.5
Ivanti Endpoint Manager (EPM)
â° Federal Deadline:March 22, 2026(12 days remaining)
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-22719
9.5đ
BroadcomVMware Aria Operations
â° Federal Deadline:March 23, 2026(13 days remaining)
VMware Aria Operations contains a command injection vulnerability that could allow an attacker to execute arbitrary commands on the affected system.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-21385
9.5đ
QualcommMultiple Chipsets
â° Federal Deadline:March 23, 2026(13 days remaining)
A memory corruption vulnerability exists in memory allocation processes when handling specific alignments, potentially leading to arbitrary code execution or system instability.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2017-7921
9.5đ Late Disclosure
HikvisionMultiple Products
â° Federal Deadline:March 25, 2026(15 days remaining)
Hikvision Multiple Products Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-22681
9.5đ Late Disclosure
RockwellMultiple Products
â° Federal Deadline:March 25, 2026(15 days remaining)
Rockwell Multiple Products Insufficient Protected Credentials Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2023-43000
9.5đ Late Disclosure
AppleMultiple Products
â° Federal Deadline:March 25, 2026(15 days remaining)
Apple Multiple products Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-30952
9.5đ Late Disclosure
AppleMultiple Products
â° Federal Deadline:March 25, 2026(15 days remaining)
Apple Multiple Products Integer Overflow or Wraparound Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2023-41974
9.5đ Late Disclosure
AppleiOS and iPadOS
â° Federal Deadline:March 25, 2026(15 days remaining)
Apple iOS and iPadOS Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2026-3843
9.8
Linuxcontains
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php endpoint via the sql parameter in application/x-www-form-urlencoded data (e.g., action=do&sql=<query_here>&reload_driver=0) to execute arbitrary SQL commands and potentially achieve remote code execution.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-28495
9.6
HPconfiguration file
GetSimple CMS is a content management system. The massiveAdmin plugin (v6.0.3) bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration file with arbitrary PHP code via the gsconfig editor module. The form lacks CSRF protection, enabling a remote unauthenticated attacker to exploit this via Cross-Site Request Forgery against a logged-in admin, achieving Remote Code Execution (RCE) on the web server.
CVSS Base9.6
â
CRSSelect profile
CVE-2026-30869
9.3
theMultiple Products
SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting doubleâencoded traversal sequences, an attacker can access sensitive files such as conf/conf.json, which contains secrets including the API token, cookie signing key, and workspace access authentication code. Leaking these secrets may enable administrative access to the SiYuan kernel API, and in certain deployment scenarios could potentially be chained into remote code execution (RCE). This vulnerability is fixed in 3.5.10.
CVSS Base9.3
â
CRSSelect profile
CVE-2026-30862
9đ
AppsmithAppsmith Table Widget (TableWidgetV2)
A stored XSS vulnerability in Appsmith's Table Widget allows authenticated users to execute malicious scripts via unsanitized HTML attributes, leading to full administrative account takeover.
CVSS Base9
â
CRSSelect profile
CVE-2026-0953
9.8đ
WordPressis vulnerable
An authentication bypass in the Tutor LMS Pro plugin for WordPress allows unauthenticated attackers to log in as any user, including administrators, via the Social Login addon.
CVSS Base9.8
â
CRSSelect profile
CVE-2023-27573
9đđ Late Disclosure
Dockerbefore
NetBox-docker versions before 2.5.0 contain a superuser account with default credentials and a static API token, potentially allowing unauthorized administrative access.
CVSS Base9
â
CRSSelect profile
CVE-2025-48611
10đ
the affected softwareDeviceId.java
A desync in persistence within DeviceId.java, caused by a missing bounds check, allows for local escalation of privilege without requiring user interaction.
CVSS Base10
â
CRSSelect profile
CVE-2026-30887
9.9đ
OneUptimeOneUptime Synthetic Monitors
OneUptime Synthetic Monitors are vulnerable to a sandbox escape via the Node.js vm module, allowing authenticated users to achieve remote code execution and full cluster compromise.
CVSS Base9.9
â
CRSSelect profile
CVE-2026-27825
9đ
Atlassianis
A directory traversal vulnerability in the MCP Atlassian server allows attackers to write arbitrary files to the server, potentially leading to remote code execution.
CVSS Base9
â
CRSSelect profile
CVE-2026-30957
9.9đ
OneUptimeOneUptime Synthetic Monitors
A server-side RCE vulnerability in OneUptime Synthetic Monitors allows low-privileged users to execute arbitrary commands by abusing exposed Playwright browser objects.
CVSS Base9.9
â
CRSSelect profile
CVE-2025-56422
9.8
LimeSurvey beforeMultiple Products
A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-28292
9.8đ
simple-gitsimple-git
The `simple-git` library is vulnerable to a remote code execution bypass that allows attackers to circumvent previous security fixes and achieve full host compromise.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-27685
9.1đ
SAPNetWeaver Enterprise
SAP NetWeaver Enterprise Portal is vulnerable to a critical deserialization flaw that allows privileged users to compromise the confidentiality, integrity, and availability of the host system.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-30966
10
ParseMultiple Products
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.7 and 8.6.20, Parse Server's internal tables, which store Relation field mappings such as role memberships, can be directly accessed via the REST API or GraphQL API by any client using only the application key. No master key is required. An attacker can create, read, update, or delete records in any internal relationship table. Exploiting this allows the attacker to inject themselves into any Parse Role, gaining all permissions associated with that role, including full read, write, and delete access to classes protected by role-based Class-Level Permissions (CLP). Similarly, writing to any such table that backs a Relation field used in a pointerFields CLP bypasses that access control. This vulnerability is fixed in 9.5.2-alpha.7 and 8.6.20.
CVSS Base10
â
CRSSelect profile
CVE-2026-23813
9.8đ
HPE (Aruba)AOS-CX switches
An unauthenticated remote attacker can bypass authentication controls on AOS-CX switches, potentially allowing them to reset the administrative password and gain full control.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-3826
9.8đ
WellChooseIFTOP
A Local File Inclusion (LFI) vulnerability in WellChoose IFTOP allows unauthenticated remote attackers to execute arbitrary code on the server.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-27842
9.8
AuthenticationMultiple Products
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-30921
9.9đ
OneUptimeOneUptime Synthetic Monitors
Low-privileged users in OneUptime can achieve server-side RCE by abusing injected Playwright browser objects within Synthetic Monitors to spawn arbitrary executables.
CVSS Base9.9
â
CRSSelect profile
CVE-2026-30956
9.9đ
OneUptimeOneUptime
A critical authorization bypass in OneUptime allows low-privileged users to forge headers, escape tenant isolation, and achieve full account takeover of other users.
CVSS Base9.9
â
CRSSelect profile
CVE-2025-41709
9.8đ
UnknownMultiple Products
A critical vulnerability exists in a specific component of various products, allowing an attacker to cause a major impact via an unspecified vector. Technical details remain limited.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-24448
9.8đ
Mitsubishi ElectricMR-GM Series Routers (MR-GM5L-S1, MR-GM5A-L1)
The use of hard-coded credentials in Mitsubishi Electric MR-GM series routers allows attackers to gain unauthorized administrative access to the device.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-40943
9.6
AffectedMultiple Products
Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering a legitimate user to import a specially crafted trace file
CVSS Base9.6
â
CRSSelect profile
CVE-2025-69614
9.4
Incorrect AccessMultiple Products
Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-27, fixed 2025-10-31.
CVSS Base9.4
â
CRSSelect profile
CVE-2025-11158
9.1
Hitachi VantaraMultiple Products
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE.
CVSS Base9.1
â
CRSSelect profile
CVE-2025-69615
9.1
Incorrect AccessMultiple Products
Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-24, fixed 2025-11-03.
CVSS Base9.1
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2026-26114
8.8
MicrosoftOffice SharePoint
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2026-23665
7.8
LinuxVirtual Machines
Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26107
7.8
MicrosoftOffice Excel
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26108
7.8
MicrosoftOffice Excel
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26117
7.8
AzureWindows Virtual
Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26106
8.8
MicrosoftOffice SharePoint
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2026-26118
8.8
AzureMCP Server
Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-13067
8.8
WordPressis vulnerable
The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-21290
8.7
AdobeCommerce versions
Adobe Commerce versions 2
CVSS Base8.7
â
CRSSelect profile
CVE-2026-26109
8.4
MicrosoftOffice Excel
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally
CVSS Base8.4
â
CRSSelect profile
CVE-2026-26110
8.4
MicrosoftOffice allows
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally
CVSS Base8.4
â
CRSSelect profile
CVE-2026-26113
8.4
MicrosoftOffice allows
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally
CVSS Base8.4
â
CRSSelect profile
CVE-2026-25172
8.8
IntegerMultiple Products
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2026-26111
8.8
IntegerMultiple Products
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2026-26105
8.1
MicrosoftOffice SharePoint
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network
CVSS Base8.1
â
CRSSelect profile
CVE-2026-26148
8.1
AzureEntra ID
External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally
CVSS Base8.1
â
CRSSelect profile
CVE-2026-21284
8.1
AdobeCommerce versions
Adobe Commerce versions 2
CVSS Base8.1
â
CRSSelect profile
CVE-2026-21361
8.1
AdobeCommerce versions
Adobe Commerce versions 2
CVSS Base8.1
â
CRSSelect profile
CVE-2026-21311
8
AdobeCommerce versions
Adobe Commerce versions 2
CVSS Base8
â
CRSSelect profile
CVE-2026-23660
7.8
AzurePortal Windows
Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-25190
7.8
Archpath in
Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26112
7.8
MicrosoftOffice Excel
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26134
7.8
MicrosoftOffice allows
Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26141
7.8
AzureArc allows
Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-25173
8
IntegerMultiple Products
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network
CVSS Base8
â
CRSSelect profile
CVE-2026-23669
8.8
UnknownMultiple Products
Use after free in Windows Print Spooler Components allows an authorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2026-24283
8.8
FileMultiple Products
Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally
CVSS Base8.8
â
CRSSelect profile
CVE-2026-25188
8.8
UnknownMultiple Products
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3845
8.8
HeapMultiple Products
Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android
CVSS Base8.8
â
CRSSelect profile
CVE-2026-22627
8.8
FortinetFortiSwitchAXFixed
A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiSwitchAXFixed 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-24289
7.8
UnknownMultiple Products
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-25166
7.8
ImageMultiple Products
Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-25189
7.8
UnknownMultiple Products
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26132
7.8
UnknownMultiple Products
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-69219
8.8đ
ApacheAirflow
A vulnerability in Apache Airflow allows a user with database access to execute arbitrary code on the Triggerer component by crafting a malicious database entry.
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3847
8.8
MemoryMultiple Products
Memory safety bugs present in Firefox 148
CVSS Base8.8
â
CRSSelect profile
CVE-2025-54820
8.1
FortinetFortiManager
A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7
CVSS Base8.1
â
CRSSelect profile
CVE-2026-3453
8.1
WordPressis vulnerable
The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4
CVSS Base8.1
â
CRSSelect profile
CVE-2026-3288
8.8
Nginxwhere the
A security issue was discovered in ingress-nginx where the `nginx
CVSS Base8.8
â
CRSSelect profile
CVE-2026-23672
7.8
WindowsMultiple Products
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2026-23673
7.8
UnknownMultiple Products
Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-24287
7.8
ExternalMultiple Products
External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-24290
7.8
UnknownMultiple Products
Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-24291
7.8
IncorrectMultiple Products
Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker
CVSS Base7.8
â
CRSSelect profile
CVE-2026-24293
7.8
NullMultiple Products
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-24294
7.8
SMBMultiple Products
Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-25165
7.8
NullMultiple Products
Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-25174
7.8
UnknownMultiple Products
Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-25175
7.8
UnknownMultiple Products
Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-25176
7.8
UnknownMultiple Products
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26128
7.8
SMBMultiple Products
Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-27826
8.2
Atlassianis
MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira)
CVSS Base8.2
â
CRSSelect profile
CVE-2026-24017
8.1
FortinetFortiWeb
An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8
CVSS Base8.1
â
CRSSelect profile
CVE-2026-24018
7.8
FortinetFortiClientLinux
A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7
CVSS Base7.8
â
CRSSelect profile
CVE-2025-41766
8.8đ
Unknown (Web-Enabled Controller)wwwubr Service
A stack-based buffer overflow in the ubr-network method of the wwwubr service allows low-privileged remote attackers to achieve full device compromise via a crafted POST request.
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3811
8.8
TendaFH1202
A vulnerability was found in Tenda FH1202 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-23654
8.8
GitHubRepo
Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2026-30920
8.6
GitHubApp callback
OneUptime is a solution for monitoring and managing online services
CVSS Base8.6
â
CRSSelect profile
CVE-2026-21333
8.6
IllustratorPath vulnerability
Illustrator versions 29
CVSS Base8.6
â
CRSSelect profile
CVE-2025-41757
8.8
ArchMultiple Products
A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system
CVSS Base8.8
â
CRSSelect profile
CVE-2025-41758
8.8
wwuploadMultiple Products
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload
CVSS Base8.8
â
CRSSelect profile
CVE-2026-23814
8.8
commandMultiple Products
A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior
CVSS Base8.8
â
CRSSelect profile
CVE-2026-25866
7.8
priorpath element
MobaXterm versions prior to 26
CVSS Base7.8
â
CRSSelect profile
CVE-2026-3483
7.8
beforeDSM before
An exposed dangerous method in Ivanti DSM before version 2026
CVSS Base7.8
â
CRSSelect profile
CVE-2025-41756
8.1đ
Unknown (Web-Enabled Controller)wwwubr Service
A vulnerability in the ubr-editfile method of the wwwubr service allows low-privileged remote attackers to perform unauthorized file manipulations.
CVSS Base8.1
â
CRSSelect profile
CVE-2026-26116
8.8
SQLMultiple Products
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2026-31844
8.8
InforMultiple Products
An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion
CVSS Base8.8
â
CRSSelect profile
CVE-2026-24292
7.8
UnknownMultiple Products
Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26738
7.8
Uderzo SoftwareMultiple Products
Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v
CVSS Base7.8
â
CRSSelect profile
CVE-2026-25737
8.9đ
BudibaseBudibase Platform
A high-severity vulnerability exists in the Budibase low-code platform, potentially allowing unauthorized access or manipulation of internal tools and workflows.
CVSS Base8.9
â
CRSSelect profile
CVE-2026-30934
8.9
fileMultiple Products
FileBrowser Quantum is a free, self-hosted, web-based file manager
CVSS Base8.9
â
CRSSelect profile
CVE-2026-3814
8.8
UTTMultiple Products
A security flaw has been discovered in UTT HiPER 810G up to 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3815
8.8
UTTMultiple Products
A weakness has been identified in UTT HiPER 810G up to 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15547
8.8
UnknownMultiple Products
By default, jailed processes cannot mount filesystems, including nullfs(4)
CVSS Base8.8
â
CRSSelect profile
CVE-2026-20967
8.8
OperationsMultiple Products
Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2026-21262
8.8
SQLMultiple Products
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2026-25177
8.8
ImproperMultiple Products
Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2026-26115
8.8
SQLMultiple Products
Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2026-30944
8.8
UnknownMultiple Products
StudioCMS is a server-side-rendered, Astro native, headless content management system
CVSS Base8.8
â
CRSSelect profile
CVE-2026-0846
8.6
theMultiple Products
A vulnerability in the `filestring()` function of the `nltk
CVSS Base8.6
â
CRSSelect profile
CVE-2026-28513
8.5
PocketMultiple Products
Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services
CVSS Base8.5
â
CRSSelect profile
CVE-2026-31817
8.5
UnknownMultiple Products
OliveTin gives access to predefined shell commands from a web interface
CVSS Base8.5
â
CRSSelect profile
CVE-2026-0122
8.4
UnknownMultiple Products
In multiple places, there is a possible out of bounds write due to memory corruption
CVSS Base8.4
â
CRSSelect profile
CVE-2026-0123
8.4
UnknownMultiple Products
In EfwApTransport::ProcessRxRing of efw_ap_transport
CVSS Base8.4
â
CRSSelect profile
CVE-2026-31824
8.2
UnknownMultiple Products
Sylius is an Open Source eCommerce Framework on Symfony
CVSS Base8.2
â
CRSSelect profile
CVE-2026-28693
8.1đ
ImageMagick Studio LLCImageMagick
A high-severity vulnerability in ImageMagick's image processing logic could allow attackers to compromise systems that utilize the software for digital image manipulation.
CVSS Base8.1
â
CRSSelect profile
CVE-2025-41761
7.8đ
MicrosoftWindows (UBR Service)
A local attacker with low privileges can exploit the UBR service account to potentially escalate privileges or access sensitive system data within the Windows environment.
CVSS Base7.8
â
CRSSelect profile
CVE-2026-25187
7.8
ImproperMultiple Products
Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2026-26131
7.8
IncorrectMultiple Products
Incorrect default permissions in
CVSS Base7.8
â
CRSSelect profile
CVE-2026-30978
7.8
UnknownMultiple Products
iccDEV provides a set of libraries and tools for working with ICC color management profiles
CVSS Base7.8
â
CRSSelect profile
CVE-2026-30979
7.8
UnknownMultiple Products
iccDEV provides a set of libraries and tools for working with ICC color management profiles
CVSS Base7.8
â
CRSSelect profile
CVE-2026-30983
7.8
UnknownMultiple Products
iccDEV provides a set of libraries and tools for working with ICC color management profiles
CVSS Base7.8
â
CRSSelect profile
CVE-2026-30985
7.8
UnknownMultiple Products
iccDEV provides a set of libraries and tools for working with ICC color management profiles
CVSS Base7.8
â
CRSSelect profile
CVE-2026-30987
7.8
UnknownMultiple Products
iccDEV provides a set of libraries and tools for working with ICC color management profiles
CVSS Base7.8
â
CRSSelect profile
CVE-2026-31792
7.8
UnknownMultiple Products
iccDEV provides a set of libraries and tools for working with ICC color management profiles
CVSS Base7.8
â
CRSSelect profile
CVE-2026-31795
7.8
UnknownMultiple Products
iccDEV provides a set of libraries and tools for working with ICC color management profiles
CVSS Base7.8
â
CRSSelect profile
CVE-2026-31796
7.8
UnknownMultiple Products
iccDEV provides a set of libraries and tools for working with ICC color management profiles