CVE-2026-48558
SimpleHelp contains an authentication bypass in the OIDC flow, allowing unauthenticated attackers to forge tokens and gain full technician access without multi-factor authentication.
Critical vulnerabilities, curated daily for security professionals
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Microsoft cloud services and the WordPress plugin ecosystem anchor Friday's disclosures, with near-maximum-severity flaws in Azure OpenAI and Entra Provisioning Service alongside a wave of critical WooCommerce and WordPress add-on vulnerabilities. The set includes 22 critical CVEs, down 21% from the prior day's 28, and 71 high-priority CVEs, down 9% from 78. Notable entries include CVE-2026-45499 (CVSS 9.9) in Microsoft Azure OpenAI, CVE-2026-57100 (CVSS 9.9) in Microsoft Entra Provisioning Service, and CVE-2026-57624 (CVSS 10) in Creative Themes Blocksy Companion Pro. Web application and content-management components dominate the disclosures, with several unauthenticated flaws affecting payment and form-handling plugins, and CVE-2026-14544 (CVSS 9.8) extending exposure to Red Hat Enterprise Linux 10. No vendor patches are currently reflected for these disclosures, and two vulnerabilities in SimpleHelp and Microsoft SharePoint have confirmed active exploitation, warranting prioritized review of internet-facing systems.
Immediate action: Prioritize review of Microsoft Azure OpenAI and Entra deployments, Red Hat Enterprise Linux 10 systems, and internet-facing WordPress/WooCommerce sites running affected plugins such as Blocksy Companion Pro and Novalnet Payment Gateway. With no vendor patches yet reflected for these critical disclosures, apply available mitigations and monitor the actively exploited SimpleHelp and SharePoint issues closely, updating as fixes are published.
SimpleHelp contains an authentication bypass in the OIDC flow, allowing unauthenticated attackers to forge tokens and gain full technician access without multi-factor authentication.
An insecure deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to execute arbitrary code over a network.
The Divi Form Builder plugin for WordPress contains an arbitrary file upload vulnerability allowing unauthenticated remote code execution via insufficient file extension validation.
Auto_Bangumi contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to gain administrative access.
Dockwatch is vulnerable to unauthenticated OS command injection via improper session handling and unsanitized input in the composePath parameter.
An unauthenticated PHP object injection vulnerability exists in the Novalnet Payment Gateway for WooCommerce plugin, allowing potential remote code execution.
A Server-Side Request Forgery (SSRF) vulnerability in Azure OpenAI allows an authorized attacker to escalate privileges over a network.
A Server-Side Request Forgery (SSRF) vulnerability in the Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.
An unauthenticated PHP object injection vulnerability in the Booktics plugin allows remote attackers to execute arbitrary code on affected systems.
An integer overflow in the HPLIP hpcups processing path allows a remote attacker to escalate privileges or execute arbitrary code via specially crafted print data.
An unauthenticated remote code execution vulnerability in Blocksy Companion Pro allows attackers to execute arbitrary commands on the server.
Yonyou KSOA 9.0 is vulnerable to unauthenticated arbitrary file uploads via the ImageUpload servlet, allowing remote attackers to execute arbitrary code by uploading malicious JSP files.
Guangzhou Red Sea Cloud eHR contains an arbitrary file upload vulnerability in the PtFjk.mob servlet, allowing unauthenticated attackers to achieve remote code execution via malicious file uploads.
Authenticated SQL injection vulnerabilities in the UniFi Talk Application allow low-privileged network attackers to escalate privileges on the host device.
Gardyn Home Firmware exposes a privileged iothubowner key, allowing attackers to access device connection info, execute arbitrary commands, and potentially pivot to other network devices.
An improper access control vulnerability in the UniFi Connect Application allows unauthenticated network attackers to execute arbitrary commands on the host device.
A missing validation vulnerability in the SUSE Rancher Fleet Helm Deployer allows authenticated tenants to access the fleet credentials of other tenants.
Improper input validation in the UniFi Access Application allows low-privileged network attackers to perform command injection and execute arbitrary code on the host device.
An improper input validation vulnerability in the Ubiquiti UniFi OS Server allows authenticated low-privilege network users to execute arbitrary commands on the host device via command injection.
A Server-Side Request Forgery (SSRF) vulnerability in the Ubiquiti UniFi Protect Application allows authenticated low-privilege network users to escalate privileges on the host device.
An arbitrary file upload vulnerability in Zozothemes Zegen allows authenticated attackers to execute malicious code.
A critical authentication bypass in TR7 Cyber Defense WAF-ASP enables unauthenticated attackers to perform unauthorized administrative actions.
An unauthenticated Cross-Site Scripting (XSS) vulnerability in ASE Pro allows attackers to inject malicious scripts into the web interface.
A shellcode injection vulnerability in the obs tar_scm source service allows attackers to execute arbitrary code via a malicious _service file.
A heap buffer overflow vulnerability in the ANGLE graphics engine of Google Chrome for Mac allows for potential memory corruption and arbitrary code execution.
A use-after-free vulnerability in the V8 JavaScript engine of Google Chrome allows attackers to execute arbitrary code via a crafted web page.
A heap buffer overflow vulnerability exists in the Skia graphics library within Google Chrome, potentially allowing for arbitrary code execution.
A use-after-free vulnerability in Microsoft Edge (Chromium-based) allows an authorized attacker to execute arbitrary code over a network.
An incorrect authorization vulnerability in Microsoft Exchange Online permits an authorized attacker to elevate privileges over a network.
A PHP Object Injection vulnerability in ARMember Premium allows authenticated contributors to execute arbitrary code.
A PHP Object Injection vulnerability in the Werkstatt theme allows authenticated contributors to execute arbitrary code.
An inappropriate implementation vulnerability exists within the V8 JavaScript engine of Google Chrome prior to version 150.
An out-of-bounds read and write vulnerability exists in the Tint component of Google Chrome prior to version 150.
An integer overflow vulnerability exists in the Skia graphics library within Google Chrome prior to version 150.
An out-of-bounds write vulnerability exists in the ANGLE graphics engine component of Google Chrome, potentially allowing for memory corruption or arbitrary code execution.
Insufficient validation of untrusted input in the ANGLE component of Google Chrome for Android may lead to security bypasses or system compromise.
A vulnerability involving insufficient validation of untrusted input in the ANGLE component of Google Chrome could allow an attacker to trigger unintended behavior.
An uninitialized memory use vulnerability exists within the ANGLE graphics engine in Google Chrome, potentially leading to arbitrary code execution.
Insufficient validation of untrusted input in the Dawn component of Google Chrome for Android may allow for remote code execution.
Insufficient validation of untrusted input in the Skia graphics library within Google Chrome may lead to memory corruption and arbitrary code execution.
A TOCTOU race condition in the Erlang/OTP ssl module allows unauthenticated remote attackers to crash DTLS sessions.
The TinyPNG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient input validation within the delete_converted_image_size function.
The Image Optimizer plugin for WordPress contains a vulnerability allowing for arbitrary file deletion due to inadequate path validation.
A path traversal vulnerability in Apache Lucene allows unauthorized access to restricted directories, potentially exposing sensitive system files.
A path traversal vulnerability in Apache Lucene allows unauthorized access to restricted directories, potentially exposing sensitive system files.
The PIA OIDC issuer allowlist for Jenkins tokens is vulnerable to improper validation, using a bare string-prefix check that may allow unauthorized token issuance.
Poly Voice IP devices are susceptible to a denial-of-service condition when processing malformed data from a malicious SIP server.
A log injection vulnerability in Elastic Kibana allows attackers to manipulate log entries, potentially deceiving administrators and compromising forensic integrity.
The Erlang/OTP SSL application fails to properly validate PSK identity and binder lists during TLS 1.3 handshakes.
A null pointer dereference in WatchGuard Fireware OS allows unauthenticated remote attackers to trigger a denial-of-service via crafted IKEv2 messages.
An improper access control vulnerability in the UniFi Protect Application allows network-adjacent attackers to bypass authentication on specific API endpoints.
Authenticated SQL injection vulnerabilities in the Ubiquiti UniFi OS Server allow low-privileged users to escalate their privileges within the device or instance.
An authenticated SQL injection vulnerability in the UniFi Protect Application allows low-privileged users to escalate their privileges on the host device.
A deserialization of untrusted data vulnerability in the Themify Popup plugin allows for remote object injection, potentially leading to arbitrary code execution.
Improper input validation in the ASUS AI Suite 3 driver allows a local authenticated user to access unintended memory regions via crafted IOCTL requests, leading to privilege escalation.
A SQL injection vulnerability in the Unicamp theme allows authenticated subscribers to execute arbitrary database queries, potentially leading to data theft or unauthorized access.
A SQL injection vulnerability in the Custom Field Template plugin allows authenticated contributors to execute arbitrary database commands.
A SQL injection vulnerability in iNET Webkit allows authenticated contributors to execute arbitrary database commands.
A SQL injection vulnerability in the nicen-localize-image plugin allows authenticated contributors to execute arbitrary database commands.
A SQL injection vulnerability exists in the WP EasyCart plugin, allowing authenticated contributors to execute arbitrary SQL commands via insufficient input validation.
A critical security vulnerability in Weaviate versions prior to 1 allows for potential unauthorized system interaction.
An improper access control vulnerability in the Ubiquiti UniFi Network Application allows authenticated users with low privileges to escalate their access within the application.
An unauthenticated Cross-Site Request Forgery (CSRF) vulnerability exists in the ProfileGrid plugin, allowing attackers to perform actions on behalf of users without their consent.
An unauthenticated Cross-Site Request Forgery (CSRF) vulnerability exists in the WPIDE File Manager & Code Editor plugin, potentially allowing unauthorized actions.
A path traversal vulnerability in self-hosted Ubiquiti UniFi Network Application instances allows high-privileged authenticated attackers to escalate write permissions on the underlying host device.
A critical vulnerability exists in Progress Flowmon versions prior to 12, potentially exposing the system to unauthorized access or compromise.
Progress Flowmon ADS versions prior to 12 are affected by a high-severity vulnerability requiring immediate attention to prevent unauthorized system exploitation.
An Out-of-bounds Write vulnerability in the WatchGuard Fireware OS networkd process allows authenticated privileged users to execute arbitrary code via crafted Management Web UI requests.
An Out-of-bounds Write vulnerability in the WatchGuard Fireware OS CLI allows authenticated privileged users to execute arbitrary code via specially crafted CLI commands.
A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows authenticated attackers to write arbitrary files to the Firebox filesystem.
An Out-of-bounds Write vulnerability in the WatchGuard Fireware OS ikestubd process allows authenticated privileged users to execute arbitrary code via crafted Management Web UI requests.
An Out-of-bounds Write vulnerability in the WatchGuard Fireware OS wgagent process enables authenticated privileged users to execute arbitrary code via the Management Web UI.
WatchGuard Fireware OS is susceptible to a firmware validation bypass, potentially allowing unauthorized code execution through the backup and restore functionality.
A path traversal vulnerability in Ubiquiti UniFi OS Server allows network-adjacent attackers to bypass authentication mechanisms and gain unauthorized access to device instances.
Ubiquiti UniFi Protect Application contains an improper access control vulnerability, enabling unauthenticated attackers to bypass authentication for data streaming.
A path traversal vulnerability in the Ubiquiti UniFi Access Application allows an attacker with network access to read arbitrary files from the host device.
An External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered Inter-Process Communication (IPC) message.
A relative path traversal vulnerability exists within the "keyhint" option of the `repomd` functionality in the SUSE libzypp library.
An improper access control vulnerability in the Ubiquiti UniFi Network Application allows authenticated users with low privileges to escalate their permissions under certain conditions.
A high-severity vulnerability exists in the GeoWebPlayer addon for GeoVision software, potentially allowing unauthorized system impact.
A high-severity vulnerability has been identified in the GeoWebPlayer addon used across multiple GeoVision software platforms.
A high-severity security vulnerability has been reported in the GeoWebPlayer addon, impacting various GeoVision software deployments.
GeoVision GeoWebPlayer, an add-on for GV-VMS and GV-Cloud, contains a high-severity vulnerability that requires immediate attention.
GeoVision GeoWebPlayer contains a high-severity security vulnerability affecting its integration with GV-VMS and GV-Cloud products.
The Ladybird browser contains a memory-safety vulnerability in its WebAssembly ESM-integration module loader.
An unauthenticated broken access control vulnerability exists in Gurmehub POS Entegratör versions 3 and below, potentially allowing unauthorized system access.
A vulnerability exists in the containerd container runtime, which may pose a security risk to containerized environments.
An improper access control vulnerability in the Ubiquiti UniFi Talk Application allows authenticated users with low privileges to perform unauthorized actions through privilege escalation.
An unauthenticated local file inclusion (LFI) vulnerability exists in AncoraThemes Lighthouse versions 1 and below, allowing for potential sensitive file disclosure.
A Local File Inclusion (LFI) vulnerability exists in the Pearl - Corporate Business theme, allowing unauthenticated attackers to read sensitive files on the server.
An unauthenticated Local File Inclusion (LFI) vulnerability in the Audrey theme allows remote attackers to read arbitrary files from the server's filesystem.
An unauthenticated Cross-Site Request Forgery (CSRF) vulnerability in the Heateor Social Login plugin allows attackers to perform unauthorized actions on behalf of users.
MLflow versions prior to 3 are vulnerable to a security flaw, necessitating an immediate review of vendor-provided security updates to mitigate potential risks.
BIOVIA Workbook releases 2021 through 2026 contain a race condition that may allow an authenticated user to access unauthorized data belonging to other users.
A vulnerability in the Minifilter communication port for the GameFirst Anti-Cheat driver, GFAC_Sys_x64, may expose the system to unauthorized interactions.