Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
Self-hosted deployment and container management platforms dominated Saturday's disclosures, led by a cluster of Dokploy PaaS vulnerabilities and exposed Docker management interfaces. The day brought 18 critical CVEs (CVSS 9.0+), down 5% from the prior day's 19, alongside 63 high-priority CVEs, up 9% from 58. CVE-2026-45631 (CVSS 10) and several companion flaws in Dokploy PaaS headline the critical set, joined by CVE-2026-45625 (CVSS 9.9) in the Arcane Docker container management interface and CVE-2026-10042 (CVSS 9.8) in the manga-image-translator API server. The concentration in PaaS control planes, container orchestration, and exposed management APIs points to remote code execution and authentication bypass risk on internet-facing developer and operations infrastructure. No patches were available at disclosure for the critical issues, so affected operators should prioritize access restriction and network isolation while fixes are pending.
Dokploy PaaS accounts for several critical CVEs including CVE-2026-45631 at the maximum CVSS 10, affecting self-hosted deployment control planes
Critical CVEs totaled 18, a 5% decrease from the prior day's 19
High-priority CVEs rose to 63, a 9% increase from 58 the prior day
Container and platform management interfaces are central, with CVE-2026-45625 (CVSS 9.9, Arcane Docker) and CVE-2026-10042 (CVSS 9.8, manga-image-translator API) exposing RCE and auth-bypass paths
Patch availability stands at 0% for the disclosed critical issues, leaving exposed Dokploy, Docker, and Mautic (CVE-2026-9558, CVSS 9.9) deployments reliant on access controls
Five CVEs carry confirmed active exploitation, including Palo Alto Networks PAN-OS (CVE-2026-0257) and the LiteSpeed cPanel plugin (CVE-2026-48172)
Immediate action: Prioritize self-hosted Dokploy PaaS, Arcane Docker, and other exposed container management interfaces, restricting network access and enforcing authentication on management endpoints while vendor patches remain unavailable. Separately, expedite remediation of the actively exploited Palo Alto Networks PAN-OS and LiteSpeed cPanel plugin flaws where vendor fixes exist. With 0% patch availability for the critical set, treat isolation and monitoring as the primary near-term controls.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2026-48172
9.5
LiteSpeedcPanel Plugin
â° Federal Deadline:May 28, 2026(EXPIRED)
LiteSpeed cPanel Plugin Privilege Escalation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-8398
9.5đ
AVB Disc SoftDAEMON Tools Lite
â° Federal Deadline:May 29, 2026
A supply chain compromise of DAEMON Tools Lite resulted in the distribution of trojanized binaries signed with a legitimate certificate.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2026-0257
9.5
Palo Alto NetworksPAN-OS
â° Federal Deadline:May 31, 2026(2 days remaining)
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-48027
9.5
NxNx Console
â° Federal Deadline:June 9, 2026(11 days remaining)
Nx Console Embedded Malicious Code Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-45321
9.5đ
GitHubActions OIDC
â° Federal Deadline:June 9, 2026(11 days remaining)
GitHub Actions OIDC was exploited to publish malicious npm packages by chaining multiple vulnerabilities, including cache poisoning and token extraction.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2026-9559
9.9
HPfiles to
A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges (campaign:imports:create) can write arbitrary PHP files to sensitive system directories. An attacker can exploit this to overwrite critical internal configuration or cache components, resulting in Remote Code Execution (RCE) under the context of the web server user.
CVSS Base9.9
â
CRSSelect profile
CVE-2026-45625
9.9đ
ArcaneDocker Container Management Interface
Arcane's REST API fails to enforce admin-level authorization on Git repository management endpoints, allowing authenticated users to exfiltrate sensitive credentials.
CVSS Base9.9
â
CRSSelect profile
CVE-2026-10042
9.8đ
manga-image-translatorAPI Server
The manga-image-translator API server is vulnerable to remote code execution via unsafe deserialization of untrusted pickle data in the share.py module.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-45663
9.9đ
DokployPaaS
Dokploy contains a command injection vulnerability in its Docker file upload functionality that allows authenticated users to execute arbitrary OS commands.
CVSS Base9.9
â
CRSSelect profile
CVE-2026-45633
9.9đ
DokployPaaS
Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint that allows authenticated users to execute arbitrary commands with root privileges.
CVSS Base9.9
â
CRSSelect profile
CVE-2026-44962
9.9
Archfunctionality
Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the server, resulting in local privilege escalation.
CVSS Base9.9
â
CRSSelect profile
CVE-2026-45631
10đ
DokployPaaS
A hardcoded authentication secret in Dokploy allows unauthenticated attackers to forge JWTs, gain administrative access, and execute commands on the host system via SSH.
CVSS Base10
â
CRSSelect profile
CVE-2026-9558
9.9đ
MauticMautic
A Server-Side Template Injection (SSTI) vulnerability in the Mautic theme engine allows authenticated users with theme upload permissions to execute arbitrary code on the server.
CVSS Base9.9
â
CRSSelect profile
CVE-2026-45661
9.9đ
DokployPaaS
A path traversal vulnerability in Dokploy allows authenticated users to write arbitrary files to the host or remote servers during application deployment, leading to full system compromise.
CVSS Base9.9
â
CRSSelect profile
CVE-2026-45629
9.9đ
DokployPaaS
An OS command injection vulnerability in the Dokploy /listen-deployment WebSocket endpoint allows authenticated users to execute arbitrary commands on remote servers.
CVSS Base9.9
â
CRSSelect profile
CVE-2026-45632
9.9đ
DokployPaaS
A broken access control vulnerability in the Dokploy schedule router allows authenticated users to manage schedules belonging to other organizations, leading to RCE.
CVSS Base9.9
â
CRSSelect profile
CVE-2026-10071
9.8đ
InterinfoDreamMaker
Interinfo's DreamMaker contains an arbitrary file upload vulnerability that allows unauthenticated remote attackers to execute web shells and achieve code execution.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-44649
9.8đ
SillyTavernSillyTavern
SillyTavern versions prior to 1.18.0 have an authentication bypass vulnerability when SSO is configured, allowing unauthorized access as any user.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-45312
9.9đ
RAGFlowRAGFlow
A Jinja2 template injection vulnerability in RAGFlow's prompt generator allows authenticated users to execute arbitrary OS commands on the server.
CVSS Base9.9
â
CRSSelect profile
CVE-2026-47744
9.9đ
ShopperHeadless e-commerce Admin Panel
Shopper's admin panel contains authorization defects that allow low-privilege users to escalate their privileges to full administrator.
CVSS Base9.9
â
CRSSelect profile
CVE-2026-45372
9.9đ
yhirosecpp-httplib
cpp-httplib is vulnerable to header injection because it performs validity checks before percent-decoding, allowing attackers to inject CRLF sequences into HTTP headers.
CVSS Base9.9
â
CRSSelect profile
CVE-2026-7786
9.8
JinanMultiple Products
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-45697
9.8đ
FormieCraft CMS Plugin
The Formie plugin for Craft CMS is vulnerable to remote code execution due to improper evaluation of user-supplied Twig templates within hidden form fields.
CVSS Base9.8
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2026-9887
8.8
GoogleChrome prior
Use after free in Proxy in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-10002
8.8
GoogleChrome prior
Use after free in PDFium in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-10007
8.8
GoogleChrome prior
Use after free in SVG in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-10013
8.8
GoogleChrome prior
Use after free in WebCodecs in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-10016
8.8
GoogleChrome prior
Use after free in DOM in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9873
8.8
GoogleChrome prior
Use after free in Network in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9878
8.8
GoogleChrome prior
Use after free in ANGLE in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9883
8.8
GoogleChrome prior
Use after free in Base in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9884
8.8
GoogleChrome on
Use after free in Browser in Google Chrome on Mac prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9897
8.8
GoogleChrome prior
Use after free in DOM in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9923
8.8
GoogleChrome prior
Use after free in Skia in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9927
8.8
GoogleChrome prior
Use after free in ANGLE in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9939
8.8
GoogleChrome prior
Heap buffer overflow in WebCodecs in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9940
8.8
GoogleChrome prior
Heap buffer overflow in ANGLE in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9941
8.8
GoogleChrome prior
Use after free in ANGLE in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9945
8.8
GoogleChrome on
Use after free in Media in Google Chrome on Windows prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9947
8.8
GoogleChrome prior
Use after free in XML in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9952
8.8
GoogleChrome prior
Use after free in WebAudio in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9957
8.8
GoogleChrome prior
Use after free in PDF in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9958
8.8
GoogleChrome prior
Use after free in PDFium in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9961
8.8
GoogleChrome prior
Use after free in SurfaceCapture in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9962
8.8
GoogleChrome prior
Use after free in WebRTC in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9978
8.8
GoogleChrome prior
Use after free in Glic in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9984
8.8
GoogleChrome on
Use after free in UI in Google Chrome on Windows prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9992
8.8
GoogleChrome prior
Use after free in Network in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9995
8.8
GoogleChrome prior
Use after free in WebXR in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-10015
8.8
GoogleChrome prior
Integer overflow in WTF in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-10019
8.8
GoogleChrome prior
Integer overflow in ANGLE in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-10021
8.8
GoogleChrome prior
Insufficient validation of untrusted input in USB in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-10022
8.8
GoogleChrome prior
Type Confusion in V8 in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9879
8.8
GoogleChrome prior
Out of bounds write in ANGLE in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9896
8.8
GoogleChrome prior
Out of bounds write in V8 in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9910
8.8
GoogleChrome prior
Out of bounds memory access in ANGLE in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9928
8.8
GoogleChrome on
Out of bounds read in ANGLE in Google Chrome on Windows prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9938
8.8
GoogleChrome prior
Inappropriate implementation in V8 in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9965
8.8
GoogleChrome prior
Out of bounds write in ANGLE in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9968
8.8
GoogleChrome prior
Integer overflow in V8 in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9969
8.8
GoogleChrome prior
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9973
8.8
GoogleChrome prior
Out of bounds write in V8 in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9976
8.8
GoogleChrome prior
Inappropriate implementation in USB in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9983
8.8
GoogleChrome prior
Type Confusion in Skia in Google Chrome prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-9999
8.8
GoogleChrome on
Inappropriate implementation in ANGLE in Google Chrome on Mac prior to 148
CVSS Base8.8
â
CRSSelect profile
CVE-2026-48527
8.7
HPor NodeJs
HAX CMS helps manage microsite universe with PHP or NodeJs backends
CVSS Base8.7
â
CRSSelect profile
CVE-2026-6406
8.8
DockerCLI
The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop
CVSS Base8.8
â
CRSSelect profile
CVE-2026-45578
8.8
HPbuilds an
WWBN AVideo is an open source video platform
CVSS Base8.8
â
CRSSelect profile
CVE-2018-25388
8.8đ Late Disclosure
HPfiles through
HaPe PKH 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-45662
8.8
Dockerlogout
Dokploy is a free, self-hostable Platform as a Service (PaaS)
CVSS Base8.8
â
CRSSelect profile
CVE-2026-47125
8.8
Dockercontainers
Arcane is an interface for managing Docker containers, images, networks, and volumes
CVSS Base8.8
â
CRSSelect profile
CVE-2020-7564
8.8đ Late Disclosure
WebMultiple Products
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP
CVSS Base8.8
â
CRSSelect profile
CVE-2026-48557
8.8
beforeAddHandler configuration
Spatie Laravel Media Library before version 11
CVSS Base8.8
â
CRSSelect profile
CVE-2026-44420
8.8
UnknownMultiple Products
FreeRDP is a free implementation of the Remote Desktop Protocol
CVSS Base8.8
â
CRSSelect profile
CVE-2026-44421
8.8
UnknownMultiple Products
FreeRDP is a free implementation of the Remote Desktop Protocol
CVSS Base8.8
â
CRSSelect profile
CVE-2020-7563
8.8đ Late Disclosure
WebMultiple Products
A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP
CVSS Base8.8
â
CRSSelect profile
CVE-2026-10062
8.8
UnknownMultiple Products
A vulnerability was determined in TRENDnet TEW-432BRP 3
CVSS Base8.8
â
CRSSelect profile
CVE-2026-10063
8.8
UnknownMultiple Products
A vulnerability was identified in TRENDnet TEW-432BRP 3
CVSS Base8.8
â
CRSSelect profile
CVE-2026-10065
8.8
ShibbyMultiple Products
A weakness has been identified in Shibby Tomato 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-10066
8.8
UnknownMultiple Products
A security vulnerability has been detected in Shibby Tomato up to 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-10067
8.8
ShibbyMultiple Products
A vulnerability was detected in Shibby Tomato 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-35674
8.8
OpenClawMultiple Products
OpenClaw before 2026
CVSS Base8.8
â
CRSSelect profile
CVE-2026-5768
8.8
UnknownMultiple Products
The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization
CVSS Base8.8
â
CRSSelect profile
CVE-2026-7875
8.8
NanoClawMultiple Products
NanoClaw version 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-41900
8.8
UnknownMultiple Products
OpenLearnX is an open-source, decentralized learning and assessment platform