Critical vulnerabilities, curated daily for security professionals
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Wednesday's disclosures center on widespread web platform and edge device exposure, with WordPress plugins, D-Link routers, and Eclipse developer tooling driving the critical caseload. Critical CVEs fell 57% to 15 while high-priority issues rose 42% to 92, indicating broader but less severe activity than the prior day. Notable entries include CVE-2026-7411 (CVSS 10) in Eclipse BaSyx Java Server SDK, CVE-2026-7853 and CVE-2026-7854 (CVSS 9.8) in D-Link DI series routers, and CVE-2026-27960 (CVSS 9.8) in Intel OpenCTI Platform. Remote code execution and unauthenticated access patterns dominate, affecting industrial automation, network edge equipment, and threat-intelligence infrastructure. Patch availability remains at 0% for the disclosed set, and eight CVEs carry confirmed active exploitation including issues in Samsung MagicINFO, SimpleHelp, and ConnectWise ScreenConnect.
Immediate action: Prioritize isolation and monitoring of Eclipse BaSyx, D-Link DI, WordPress, and Intel OpenCTI deployments while reviewing exposure on actively exploited Samsung MagicINFO, SimpleHelp, and ConnectWise ScreenConnect instances. With patch availability at 0% for the new disclosures, apply network segmentation, restrict administrative interfaces, and enable enhanced logging until vendor fixes are released.
Unauthenticated RCE in Palo Alto PAN-OS firewalls
A buffer overflow in the User-ID Authentication Portal lets an unauthenticated network attacker execute arbitrary code as root on PA-Series and VM-Series firewalls. Palo Alto Networks confirms limited exploitation in the wild against portals reachable from untrusted IP space.
Marimo Remote Code Execution Vulnerability - Active in CISA KEV catalog.
D-Link DIR-823X Command Injection Vulnerability - Active in CISA KEV catalog.
Samsung MagicINFO 9 Server Path Traversal Vulnerability - Active in CISA KEV catalog.
SimpleHelp Path Traversal Vulnerability - Active in CISA KEV catalog.
SimpleHelp Missing Authorization Vulnerability - Active in CISA KEV catalog.
ConnectWise ScreenConnect Path Traversal Vulnerability - Active in CISA KEV catalog.
Microsoft Windows Protection Mechanism Failure Vulnerability - Active in CISA KEV catalog.
Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability - Active in CISA KEV catalog.
The Eclipse BaSyx Java Server SDK is vulnerable to path traversal via the Submodel HTTP API, potentially leading to Remote Code Execution.
The Geeky Bot plugin for WordPress contains a missing authorization vulnerability that allows unauthenticated attackers to achieve remote code execution via arbitrary plugin installation.
Eclipse Equinox OSGi versions 3.8 through 3.18 are vulnerable to unauthenticated remote code execution via the console interface's fork command.
An authentication bypass vulnerability in MoreConvert Pro for WordPress allows unauthenticated attackers to hijack administrator accounts by manipulating email verification tokens.
The Mentoring plugin for WordPress contains a privilege escalation vulnerability that allows unauthenticated attackers to register as administrators.
D-Link DI-8100 is vulnerable to a remote buffer overflow in the `sprintf` function within the HTTP Handler's `/auto_reboot.asp` script.
A buffer overflow vulnerability in the D-Link DI-8100 POST parameter handler allows remote attackers to execute arbitrary code via the url_rule.asp function.
Eclipse Equinox OSGi version 3.7.2 and earlier contains a remote code execution vulnerability allowing unauthenticated attackers to execute commands via the console interface.
The EFM ipTIME NAS1dual device is vulnerable to a remote stack-based buffer overflow via the `get_csrf_whites` function in `misc_main.cgi`.
OpenCTI contains a privilege escalation vulnerability allowing unauthenticated attackers to query the API as any user, including the default administrator.
A remote OS command injection vulnerability in the Totolink A8000RU allows unauthenticated attackers to execute arbitrary commands via the `setAppFilterCfg` function.
The GoAhead web server on MeiG Smart FORGE_SLT711 devices allows unauthenticated remote attackers to perform OS command injection via the /action/SetRemoteAccessCfg endpoint.
Saleswonder LLC's WebinarIgnition plugin for WordPress is vulnerable to Blind SQL Injection, allowing unauthenticated attackers to extract database information.
OpenClaw contains a privilege escalation vulnerability where heartbeat owner downgrade logic incorrectly skips webhook wake events, allowing attackers to maintain elevated privileges.
OpenClaw contains an input validation vulnerability allowing external hook metadata to be enqueued as trusted system events, leading to privilege escalation.
OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 2
Prometheus, an open-source monitoring system, is affected by a security vulnerability that may impact its time-series database and monitoring operations.
A vulnerability exists in the Oracle MCP Server Helper Tool component of Oracle Open Source Projects.
Conditional Fields for Contact Form 7 WordPress plugin through version 2
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wpr_update_form_action_meta AJAX action in all versions up to, and including, 1
Nginx UI is a web user interface for the Nginx web server
Nginx UI is a web user interface for the Nginx web server
The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4
The GeekyBot â Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1
The Form Maker by 10Web â Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1
The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3
The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2
OpenClaw is affected by a security vulnerability requiring immediate attention to prevent potential exploitation of the software environment.
The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28
In Eclipse BaSyx Java Server SDK versions prior to 2
Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol
Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2
Easy PayPal Events & Tickets plugin for WordPress version 1
Easy PayPal Events & Tickets plugin for WordPress versions 1
A vulnerability has been identified in Prometheus, an open-source monitoring system and time series database.
The Forminator Forms â Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1
WordPress Plugin Backup Migration 1
The LatePoint â Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking_form_page_url' parameter in all versions up to, and including, 5
The LatePoint â Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'first_name' parameter in all versions up to, and including, 5
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings
A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift
Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md via OCSP response data
A vulnerability exists in the Realtek rtl819x Jungle SDK affecting the rtl8192cd Wi-Fi kernel driver, which may allow for unauthorized system impact.
BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc
OpenSTAManager version 2
A vulnerability in the adbd_tls_verify_cert function of the Android Debug Bridge Daemon (adbd) affects certificate verification.
A remote code execution vulnerability exists in the Notification Settings of GeoVision GV-ASWeb 6.
D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor
n8n is an open source workflow automation platform
A vulnerability was detected in D-Link DI-8100 16
Boundary Community Edition and Boundary Enterprise (âBoundaryâ) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes
A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2
Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level
OpenClaw versions 2026
A vulnerability was identified in D-Link DI-8100 16
A flaw has been found in D-Link DI-8100 16
A vulnerability has been found in D-Link DI-8100 16
NetBox versions 4
Frappe Framework ERPNext 13
ERPGo SaaS 3
OpenClaw versions 2026
OpenClaw versions from 2026
OpenClaw before 2026
OpenClaw before 2026
HCL BigFix RunBookAI is affected by a command smuggling vulnerability due to unvalidated command input.
A security vulnerability exists in PPTAgent, an agentic framework for reflective PowerPoint generation.
OpenClaw before 2026
OpenClaw before 2026
OpenClaw before 2026
Evolver is a GEP-powered self-evolving engine for AI agents
A vulnerability has been identified in OpenC3 COSMOS, a system used for command and control of embedded systems.
IKUS Rdiffweb before 2
In ProFTPD through 1
An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep functions in PostCompressionActions
Memory corruption when processing camera sensor input/output control codes with invalid output buffers
Memory corruption when another driver calls an IOCTL with invalid input/output buffer
Memory Corruption when copying data from a freed source while executing performance counter deselect operation
OpenClaw before 2026
OpenClaw versions 2026
OpenClaw before 2026
OpenClaw before 2026
An issue was discovered in idrac in OpenStack Ironic before 35
An out-of-bounds read vulnerability exists in the ParseIP6Extended function of the FRRouting (FRR) BGP component.
An integer underflow vulnerability exists in the FRRouting (FRR) stable/10 release.
A vulnerability in the fast-uri library causes improper normalization of percent-encoded path separators and dot segments.
The @fastify/accepts-serializer package fails to limit the size or evict cached serializer-selection results based on the request Accept header.
An issue was discovered in Nix before 2
The fast-uri library improperly handles percent-encoded authority delimiters during normalization, leading to potential injection or parsing errors during re-serialization.
OpenEMR 7
OpenClaw versions 2026
A vulnerability in Eclipse OpenJ9 may lead to undefined behavior or potential system instability.
A vulnerability in the IP Multimedia Subsystem (IMS) allows for potential system crashes due to improper input validation.
A vulnerability in the Modem IMS component allows for potential exploitation due to improper input validation.
In Modem IMS, there is a possible improper input validation
In Modem IMS, there is a possible improper input validation
In Modem IMS, there is a possible improper input validation
In nr modem, there is a possible improper input validation
A vulnerability has been found in RTGS2017 NagaAgent up to 5
A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89
A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0
A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8
A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8
OpenClaw before 2026
A weakness has been identified in EFM ipTIME C200 up to 1
Detect-It-Easy prior to 3
A security flaw has been discovered in IObit Advanced SystemCare 19