PraisonAI is a multi-agent teams system
Description
PraisonAI is a multi-agent teams system
AI Analyst Comment
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Search and filter 17426 vulnerabilities with AI analyst insights
PraisonAI is a multi-agent teams system
PraisonAI is a multi-agent teams system
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
PraisonAI is a multi-agent teams system
PraisonAI is a multi-agent teams system
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
PraisonAI is a multi-agent teams system
PraisonAI is a multi-agent teams system
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
PraisonAI's MCP server fails to sanitize file paths in tool arguments, allowing unauthenticated attackers to perform arbitrary file writes and achieve...
PraisonAI's MCP server fails to sanitize file paths in tool arguments, allowing unauthenticated attackers to perform arbitrary file writes and achieve code execution.
---METADATA---
VENDOR: PraisonAI
PRODUCT: PraisonAI
AFFECTED_VERSIONS: Prior to 4.6.34
---END_METADATA---
Description Summary:
PraisonAI's MCP server fails to sanitize file paths in tool arguments, allowing unauthenticated attackers to perform arbitrary file writes and achieve code execution.
Executive Summary:
An unauthenticated directory traversal vulnerability in PraisonAI permits attackers to overwrite critical system files, leading to full system compromise via arbitrary code execution.
Vulnerability Details
CVE-ID: CVE-2026-44336
Affected Software: PraisonAI PraisonAI
Affected Versions: Prior to 4.6.34
Vulnerability: The MCP server fails to validate input paths, allowing an attacker to use directory traversal sequences (e.g., ../../) to write files outside the intended directory. This permits the dropping of malicious Python .pth files into site-packages, resulting in arbitrary code execution in subsequent Python processes.
Business Impact
Successful exploitation allows an attacker to gain persistent, unauthorized access to the host server. This poses a significant risk of data theft, configuration tampering, and full system takeover. The 9.6 CVSS score underscores the severity of this vulnerability, necessitating urgent intervention to prevent exploitation.
Remediation Plan
Immediate Action: Update the PraisonAI installation to version 4.6.34 immediately to enforce strict path validation and containment checks.
Proactive Monitoring: Review file integrity logs for unauthorized modifications in Python site-packages or unexpected file creation within the application's base directory.
Compensating Controls: Restrict the service account running the PraisonAI process to the minimum necessary filesystem permissions to limit the scope of potential file overwrites.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 8, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability represents a severe risk of persistence and code execution. Security teams must treat this as a high-priority update. Ensure all instances are patched to version 4.6.34 and verify that the service is running with the least privilege required to perform its functions.
Update Teams system to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
PraisonAI contains a logical flaw in its URL checking mechanism that allows unauthenticated attackers to perform Server-Side Request Forgery (SSRF) at...
PraisonAI contains a logical flaw in its URL checking mechanism that allows unauthenticated attackers to perform Server-Side Request Forgery (SSRF) attacks.
---METADATA---
VENDOR: PraisonAI
PRODUCT: PraisonAI
AFFECTED_VERSIONS: Prior to 1.6.32
---END_METADATA---
Description Summary:
PraisonAI contains a logical flaw in its URL checking mechanism that allows unauthenticated attackers to perform Server-Side Request Forgery (SSRF) attacks.
Executive Summary:
A logical flaw in PraisonAI's URL validation logic exposes the application to Server-Side Request Forgery (SSRF), potentially allowing unauthorized internal network access.
Vulnerability Details
CVE-ID: CVE-2026-44335
Affected Software: PraisonAI PraisonAI
Affected Versions: Prior to 1.6.32
Vulnerability: The application's URL checking logic is insufficient, allowing an unauthenticated attacker to bypass security filters. This enables the application to be used as a proxy to send requests to internal resources that are otherwise inaccessible from the public internet.
Business Impact
SSRF vulnerabilities can lead to the exposure of internal-only services, metadata endpoints, and sensitive configuration interfaces. By leveraging the internal trust of the server, an attacker can bypass traditional network defenses. The 9.8 CVSS score reflects the high potential for lateral movement and internal reconnaissance within the organization's infrastructure.
Remediation Plan
Immediate Action: Upgrade to PraisonAI version 1.6.32 or later to rectify the URL validation logic flaws.
Proactive Monitoring: Monitor egress traffic from the server for requests directed toward internal IP ranges or sensitive internal services.
Compensating Controls: Implement strict network segmentation and egress filtering to prevent the application server from initiating connections to sensitive internal network segments.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 8, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the potential for internal network exposure, this vulnerability requires immediate attention. Administrators must apply the patch version 1.6.32 to prevent SSRF-based attacks that could lead to broader infrastructure compromise.
Update Teams system to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
PraisonAI is a multi-agent teams system
PraisonAI is a multi-agent teams system
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In ProFTPD through 1
In ProFTPD through 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The free5GC NEF component suffers from an authentication bypass on the PFD management route group, allowing unauthenticated attackers to manipulate ap...
The free5GC NEF component suffers from an authentication bypass on the PFD management route group, allowing unauthenticated attackers to manipulate application data and subscriptions.
---METADATA---
VENDOR: free5GC
PRODUCT: free5GC
AFFECTED_VERSIONS: Prior to 4.2.2
---END_METADATA---
Description Summary:
The free5GC NEF component suffers from an authentication bypass on the PFD management route group, allowing unauthenticated attackers to manipulate application data and subscriptions.
Executive Summary:
A critical authentication bypass in the free5GC NEF component allows unauthenticated attackers to read sensitive PFD data and manipulate notification subscriptions.
Vulnerability Details
CVE-ID: CVE-2026-44330
Affected Software: free5GC free5GC
Affected Versions: Prior to 4.2.2
Vulnerability: The nnef-pfdmanagement route group is mounted without inbound OAuth2/bearer-token authorization, permitting unauthenticated access to PFD data retrieval and subscription management.
Business Impact
A CVSS score of 10 reflects the severe impact of this vulnerability, which enables an attacker to influence PFD application data and subscription notifications. This could lead to service disruption, unauthorized data exfiltration, or the poisoning of network policy configurations within the 5G core.
Remediation Plan
Immediate Action: Upgrade to free5GC version 4.2.2 or higher to enforce proper OAuth2 authentication for PFD management operations.
Proactive Monitoring: Monitor for anomalous GET/POST/DELETE requests targeting the NEF PFD management API endpoints.
Compensating Controls: Utilize a Service Mesh with strict authorization policies to intercept and block unauthorized requests to the NEF SBI interface.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of May 27, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the critical nature of core network policy components, immediate patching is required. Failure to secure these endpoints could allow attackers to manipulate critical network traffic and subscriber policies.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
The free5GC SMF component improperly manages UPI route groups, allowing unauthenticated attackers to perform unauthorized read, write, and delete oper...
The free5GC SMF component improperly manages UPI route groups, allowing unauthenticated attackers to perform unauthorized read, write, and delete operations.
---METADATA---
VENDOR: free5GC
PRODUCT: SMF (Session Management Function)
AFFECTED_VERSIONS: Prior to 4.2.2
---END_METADATA---
Description Summary:
The free5GC SMF component improperly manages UPI route groups, allowing unauthenticated attackers to perform unauthorized read, write, and delete operations.
Executive Summary:
A critical authentication bypass in the free5GC SMF component allows an unauthenticated network attacker to perform unauthorized management operations on the 5G core network.
Vulnerability Details
CVE-ID: CVE-2026-44329
Affected Software: free5GC SMF
Affected Versions: Prior to 4.2.2
Vulnerability: The vulnerability stems from the SMF component mounting UPI management route groups without required OAuth2/bearer-token authorization middleware. This allows an unauthenticated attacker with network access to the Service-Based Architecture (SBI) to interact directly with UPI endpoints.
Business Impact
The CVSS score of 10.0 signifies the highest level of risk, as it allows for unauthorized control over critical 5G network management functions. Exploitation could lead to severe network disruption, interception of communication, or total manipulation of user plane nodes, causing catastrophic service outages.
Remediation Plan
Immediate Action: Update free5GC SMF to version 4.2.2 or later to implement required authorization middleware.
Proactive Monitoring: Audit network logs for unauthorized access attempts or suspicious traffic patterns directed at SBI endpoints and UPI management routes.
Compensating Controls: Implement strict network micro-segmentation to ensure only authorized components can communicate with the SMF service, effectively isolating it from untrusted network segments.
Exploitation Status
Public Exploit Available: Yes
Analyst Notes: As of May 27, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability is exceptionally severe due to the lack of any authentication requirements. Organizations utilizing free5GC must prioritize the update to version 4.2.2 to close this critical security gap and prevent unauthorized manipulation of core network infrastructure.
Update Docker lab this to the latest version. Monitor for exploitation attempts and review access logs.
free5GC is an open-source implementation of the 5G core network
free5GC is an open-source implementation of the 5G core network
---METADATA---
VENDOR: free5GC
PRODUCT: free5GC Core Network
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
CONFIDENCE: low
MISSING: versions, patch, technical_details
---END_METADATA---
Description Summary:
A security vulnerability has been identified in the free5GC open-source 5G core network implementation. Technical details regarding the flaw are currently limited.
Executive Summary:
A critical vulnerability within the free5GC core network implementation could allow unauthorized access or disruption of 5G infrastructure services.
Vulnerability Details
CVE-ID: CVE-2026-44328
Affected Software: free5GC Core Network
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability details are currently sparse; however, given the context of core network software, the potential for impact on network signaling or control plane integrity is high. Authentication requirements remain unknown at this time.
Business Impact
An 8.2 CVSS score indicates a High risk of service disruption or unauthorized control over the network core. Compromise of free5GC could lead to significant telecommunications service outages, unauthorized interception of traffic, or complete loss of control over the 5G network environment.
Remediation Plan
Immediate Action: Verify the version of free5GC in use and apply security patches immediately upon availability from the official project repository.
Proactive Monitoring: Monitor network core signaling logs and management interfaces for unauthorized access or irregular traffic patterns.
Compensating Controls: Implement strict network segmentation and firewall rules to isolate the 5G core components from untrusted network segments.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 29, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the critical nature of core network infrastructure, the potential for exploitation is high.
Analyst Recommendation
Security teams managing free5GC deployments must prioritize this vulnerability. It is essential to monitor the official project security advisories and apply all recommended updates immediately to maintain the integrity and availability of the 5G core network.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The free5GC NEF component fails to enforce authentication on the OAM route group, allowing unauthenticated network attackers to access OAM-related fun...
The free5GC NEF component fails to enforce authentication on the OAM route group, allowing unauthenticated network attackers to access OAM-related functions.
---METADATA---
VENDOR: free5GC
PRODUCT: free5GC
AFFECTED_VERSIONS: Prior to 4.2.2
---END_METADATA---
Description Summary:
The free5GC NEF component fails to enforce authentication on the OAM route group, allowing unauthenticated network attackers to access OAM-related functions.
Executive Summary:
A critical authentication bypass in the free5GC NEF component allows unauthenticated network attackers to access the OAM interface.
Vulnerability Details
CVE-ID: CVE-2026-44327
Affected Software: free5GC free5GC
Affected Versions: Prior to 4.2.2
Vulnerability: The OAM route group is mounted without any inbound OAuth2 or bearer-token middleware, exposing the interface to any attacker capable of reaching the Service-Based Architecture (SBI) network.
Business Impact
With a CVSS score of 10, this vulnerability allows for unauthenticated interaction with core network management functions. While currently a stub, the lack of an authentication boundary creates a structural defect that exposes the core network to unauthorized management operations, leading to potential denial of service or future exploitation of added OAM features.
Remediation Plan
Immediate Action: Upgrade to free5GC version 4.2.2 or higher to implement mandatory authentication middleware across all OAM route groups.
Proactive Monitoring: Monitor network traffic directed at the NEF SBI interface for unauthorized connection attempts or unexpected OAM requests.
Compensating Controls: Implement strict network segmentation and mTLS (mutual TLS) at the transport layer to ensure only authorized network functions can communicate with the NEF.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of May 27, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This is a critical security defect in a 5G core component. It is imperative that operators apply the 4.2.2 update immediately to establish a hardened authentication boundary for the OAM interface.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-S...
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery (SSRF) vulnerability in the fetchTitleAndHeaders function allows authenticated users to make arbitrary HTTP requests to internal services due to insufficient URL validation that only checks for "http://" or "https://" prefixes. This issue has been patched in version 2.13.0.
---METADATA---
VENDOR: Linkwarden
PRODUCT: Linkwarden
AFFECTED_VERSIONS: Prior to 2.13.0
---END_METADATA---
Description Summary:
A Server-Side Request Forgery (SSRF) vulnerability in Linkwarden allows authenticated users to make unauthorized requests to internal services via insufficient URL validation.
Executive Summary:
An SSRF vulnerability in Linkwarden allows authenticated users to probe internal network services, potentially leading to unauthorized data access or service disruption.
Vulnerability Details
CVE-ID: CVE-2026-44313
Affected Software: Linkwarden Linkwarden
Affected Versions: Prior to 2.13.0
Vulnerability: The fetchTitleAndHeaders function contains an SSRF flaw due to inadequate URL validation. Authenticated users can bypass checks that only verify the "http://" or "https://" prefix to query internal, non-public services.
Business Impact
With a CVSS score of 9.1, this vulnerability poses a significant risk to the internal network infrastructure. An attacker can leverage this SSRF to scan internal ports, interact with internal APIs, or access metadata services, potentially leading to further compromise of the internal environment.
Remediation Plan
Immediate Action: Update Linkwarden to version 2.13.0 or later to implement strict URL validation.
Proactive Monitoring: Monitor network logs for outbound requests originating from the Linkwarden server directed at internal IP ranges or sensitive internal services.
Compensating Controls: Implement network segmentation to isolate the Linkwarden instance and restrict its ability to communicate with internal, non-public resources.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of May 9, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
SSRF vulnerabilities are often used as a stepping stone for deeper network penetration. Organizations should prioritize updating Linkwarden and ensuring that the host server follows the principle of least privilege regarding network access.
Update Arch Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Lemur manages TLS certificate creation
Lemur manages TLS certificate creation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
protobufjs-cli is the command line add-on for protobuf
protobufjs-cli is the command line add-on for protobuf
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
protobufjs compiles protobuf definitions into JavaScript (JS) functions
protobufjs compiles protobuf definitions into JavaScript (JS) functions
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
protobufjs compiles protobuf definitions into JavaScript (JS) functions
protobufjs compiles protobuf definitions into JavaScript (JS) functions
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A logic error in CRL distribution point validation in AWS-LC before 1
A logic error in CRL distribution point validation in AWS-LC before 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiA...
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via <insert attack vector here>
---METADATA---
VENDOR: Fortinet
PRODUCT: FortiAuthenticator
AFFECTED_VERSIONS: 6.5.0-6.5.6, 6.6.0-6.6.8, 8.0.0, 8.0.2
CONFIDENCE: medium
MISSING: technical_details, exploit_status
---END_METADATA---
Description Summary:
Fortinet FortiAuthenticator is affected by an improper access control vulnerability that may allow an attacker to execute unauthorized code or commands.
Executive Summary:
A critical access control vulnerability in Fortinet FortiAuthenticator exposes the system to unauthorized command execution, threatening the security of the entire authentication infrastructure.
Vulnerability Details
CVE-ID: CVE-2026-44277
Affected Software: Fortinet FortiAuthenticator
Affected Versions: 6.5.0 through 6.5.6; 6.6.0 through 6.6.8; 8.0.0; 8.0.2
Vulnerability: The software contains an improper access control flaw that can be leveraged to execute unauthorized code or system commands. The specific attack vector remains currently undisclosed, but the impact level indicates a severe failure in security boundary enforcement.
Business Impact
The CVSS score of 9.8 reflects the extreme risk posed by this vulnerability. Since FortiAuthenticator manages critical identity and access services, a successful compromise could allow an attacker to hijack authentication tokens, bypass MFA, or gain administrative control over the identity provider, leading to widespread organizational impact.
Remediation Plan
Immediate Action: Consult the official Fortinet security advisory to identify the specific patched firmware version and apply the update immediately.
Proactive Monitoring: Monitor system logs for unauthorized configuration changes, unexpected administrative logins, or abnormal service execution patterns.
Compensating Controls: Isolate the FortiAuthenticator management interface from the public internet and restrict access to trusted administrative subnets only.
Exploitation Status
Public Exploit Available: unknown
Analyst Notes: As of May 12, 2026, there is no public information indicating active exploitation. However, the critical nature of FortiAuthenticator in enterprise environments makes it a high-value target; organizations should apply patches as soon as they are made available by the vendor.
Analyst Recommendation
Given the critical nature of authentication infrastructure, administrators must prioritize this update. Monitor Fortinet’s security channels closely for the specific patch release and ensure that all affected versions of FortiAuthenticator are upgraded to a secured state as a matter of urgency.
Update Fortinet FortiAuthenticator to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution Before File Access vulnerability
Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution Before File Access vulnerability
---METADATA---
VENDOR: Dell
PRODUCT: Wyse Management Suite (WMS)
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
Dell Wyse Management Suite (WMS) is susceptible to an improper link resolution vulnerability, potentially leading to unauthorized file access.
Executive Summary:
An improper link resolution vulnerability in Dell Wyse Management Suite (WMS) could allow attackers to gain unauthorized access to sensitive files on the host system.
Vulnerability Details
CVE-ID: CVE-2026-44274
Affected Software: Dell Wyse Management Suite (WMS)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The application suffers from an improper link resolution (Time-of-Check Time-of-Use) vulnerability before file access, which can be leveraged to read or manipulate files outside the intended scope. This flaw typically requires access to the application environment to exploit.
Business Impact
Successful exploitation could result in the disclosure of sensitive configuration files, credentials, or system data, significantly compromising the security posture of the management server. The CVSS score of 7.8 underscores the high risk of this vulnerability, as it allows attackers to bypass file system permissions and gain deeper insights into the underlying infrastructure.
Remediation Plan
Immediate Action: Apply the latest security updates provided by Dell, specifically ensuring the system is updated to at least version 2605.
Proactive Monitoring: Monitor system logs for unauthorized file access attempts or anomalous process activity associated with the WMS service account.
Compensating Controls: Restrict access to the WMS server to only necessary administrative personnel and ensure the application runs with the principle of least privilege.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 23, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
File access vulnerabilities in management suites are frequently targeted for lateral movement and privilege escalation. Security teams should prioritize patching this vulnerability to mitigate the risk of unauthorized file disclosure and maintain the integrity of their Dell WMS deployments.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Inje...
Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability
---METADATA---
VENDOR: Dell
PRODUCT: Wyse Management Suite (WMS)
AFFECTED_VERSIONS: Versions prior to WMS 2605
---END_METADATA---
Description Summary:
Dell Wyse Management Suite (WMS) is vulnerable to SQL injection, potentially allowing unauthenticated or authenticated attackers to execute arbitrary database commands.
Executive Summary:
A critical SQL injection vulnerability in Dell Wyse Management Suite (WMS) allows for potential remote code execution or unauthorized data access.
Vulnerability Details
CVE-ID: CVE-2026-44272
Affected Software: Dell Wyse Management Suite (WMS)
Affected Versions: Versions prior to WMS 2605
Vulnerability: This is an Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability. This flaw allows attackers to inject malicious SQL queries into the database, which could lead to full database compromise.
Business Impact
With a CVSS score of 8.8, this vulnerability is classified as High/Critical. An attacker successfully exploiting this flaw could gain full control over the WMS database, leading to the compromise of managed thin clients, exposure of sensitive configuration data, and potential lateral movement within the network.
Remediation Plan
Immediate Action: Upgrade to Dell Wyse Management Suite version 2605 or later immediately.
Proactive Monitoring: Enable database query logging and monitor for anomalous or highly complex SQL queries that deviate from standard application behavior.
Compensating Controls: Utilize a Web Application Firewall (WAF) with SQL injection protection rules to block malicious payloads targeting the WMS web interface.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 23, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The 8.8 CVSS score necessitates immediate attention. Organizations running Dell Wyse Management Suite should verify their current version and upgrade to 2605 or higher without delay. This vulnerability represents a significant entry point for attackers to gain persistence within the environment.
Apply vendor patches immediately. Review database access controls and enable query logging.
Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Inje...
Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability
---METADATA---
VENDOR: Dell
PRODUCT: Wyse Management Suite (WMS)
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
Dell Wyse Management Suite (WMS) contains an SQL injection vulnerability allowing unauthorized database interaction.
Executive Summary:
A high-severity SQL injection vulnerability in Dell Wyse Management Suite (WMS) poses a significant risk of unauthorized database manipulation and potential data exfiltration.
Vulnerability Details
CVE-ID: CVE-2026-44271
Affected Software: Dell Wyse Management Suite (WMS)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability involves improper neutralization of special elements in SQL commands, which may allow an attacker to execute arbitrary SQL queries. While the authentication requirement is not explicitly detailed, SQL injection flaws in management suites often permit unauthenticated or low-privileged attackers to bypass security controls.
Business Impact
The exploitation of this flaw could lead to unauthorized access to sensitive management data, potential modification of device configurations, or full compromise of the backend database. With a CVSS score of 8.1, this represents a high risk to organizational confidentiality and integrity, potentially resulting in widespread disruption to managed endpoint environments.
Remediation Plan
Immediate Action: Upgrade to WMS version 2605 or the latest available security release provided by Dell.
Proactive Monitoring: Review database query logs for unusual patterns, such as unexpected syntax or unauthorized attempts to access system tables.
Compensating Controls: Deploy a Web Application Firewall (WAF) with SQL injection protection rules enabled to filter malicious traffic directed at the WMS interface.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 23, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the critical nature of centralized management software, this vulnerability must be treated with urgency. Administrators should prioritize patching the Wyse Management Suite immediately to prevent potential unauthorized database access and ensure the continued security of the managed endpoint ecosystem.
Apply vendor patches immediately. Review database access controls and enable query logging.
A flaw was found in pgproto3
A flaw was found in pgproto3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and vali...
Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of arbitrary PHP code in the application context. This vulnerability is fixed in 0.13.22.
---METADATA---
VENDOR: Scramble
PRODUCT: Scramble
AFFECTED_VERSIONS: 0.13.2 to 0.13.22 (exclusive)
CONFIDENCE: high
MISSING: none
---END_METADATA---
Description Summary:
Scramble API documentation generator for Laravel is vulnerable to remote code execution when validation rules process user-supplied data during documentation generation.
Executive Summary:
A critical remote code execution vulnerability in the Scramble package for Laravel allows unauthenticated attackers to execute arbitrary PHP code.
Vulnerability Details
CVE-ID: CVE-2026-44262
Affected Software: Scramble (Laravel package)
Affected Versions: 0.13.2 through 0.13.21
Vulnerability: This is an arbitrary code execution vulnerability occurring during the automated generation of API documentation. An unauthenticated attacker can trigger this by providing malicious input to validation rules that the documentation generator then evaluates within the application context.
Business Impact
Successful exploitation results in full server compromise, as the attacker gains the ability to execute arbitrary PHP code with the privileges of the web application. Given the CVSS score of 9.4, this poses an extreme risk of data exfiltration, service disruption, and complete loss of system integrity.
Remediation Plan
Immediate Action: Upgrade the Scramble package to version 0.13.22 or higher immediately.
Proactive Monitoring: Review web application logs for suspicious input patterns or unexpected execution errors originating from documentation routes.
Compensating Controls: Restrict access to API documentation endpoints to authorized internal IP addresses using firewall rules or web server access controls.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of May 12, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability represents a critical threat to the confidentiality and integrity of the hosting environment. Organizations utilizing Scramble within Laravel projects must prioritize patching to version 0.13.22 to eliminate the risk of remote code execution.
Update HP code in to the latest version. Monitor for exploitation attempts and review access logs.
efw4
efw4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Netty is a network application framework for development of protocol servers and clients
Netty is a network application framework for development of protocol servers and clients
---METADATA---
VENDOR: Netty
PRODUCT: Netty
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A high-severity vulnerability exists within the Netty network application framework, potentially leading to unauthorized access or service disruption.
Executive Summary:
A high-severity vulnerability in the Netty network application framework necessitates immediate patching to prevent potential unauthorized access or service degradation.
Vulnerability Details
CVE-ID: CVE-2026-44250
Affected Software: Netty
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This is a framework-level vulnerability in Netty, commonly used for high-performance protocol servers and clients. The flaw could be leveraged by an attacker to manipulate network traffic or compromise server-side operations depending on the specific implementation.
Business Impact
Given the CVSS score of 7.5, this vulnerability poses a significant risk to applications built on the Netty framework. Compromise of the network layer can lead to unauthorized access to sensitive data, session hijacking, or service-wide outages, significantly impacting business continuity and data security.
Remediation Plan
Immediate Action: Update all instances of the Netty framework to the latest patched version provided by the vendor.
Proactive Monitoring: Monitor application logs for unusual connection requests or unexpected protocol errors that may indicate exploitation attempts.
Compensating Controls: Implement strict Web Application Firewall (WAF) rules to filter malicious traffic patterns and provide a layer of virtual patching against common protocol-based attacks.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 15, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Netty is a foundational component for many critical applications. It is imperative that security and development teams collaborate to identify all dependencies, upgrade to the secure version, and perform regression testing to ensure that security measures do not break existing functionality.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Netty is a network application framework for development of protocol servers and clients
Netty is a network application framework for development of protocol servers and clients
---METADATA---
VENDOR: Netty
PRODUCT: Netty
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
A high-severity vulnerability has been reported in the Netty network application framework, which is used for developing protocol servers and clients.
Executive Summary:
The Netty network application framework is affected by a high-severity vulnerability that could compromise the security of protocol servers and clients.
Vulnerability Details
CVE-ID: CVE-2026-44249
Affected Software: Netty
Affected Versions: See vendor advisory for affected versions
Vulnerability: The vulnerability affects the Netty framework, which is widely used for high-performance network communication. Users should refer to the official vendor security advisory for technical specifics regarding the exploit vector and authentication requirements.
Business Impact
Given the CVSS score of 8.1, successful exploitation could lead to severe security breaches, including unauthorized data access or remote code execution within applications leveraging the Netty framework. This poses a critical risk to the availability and confidentiality of networked services.
Remediation Plan
Immediate Action: Verify the version of Netty currently in use across all applications and update to the latest secure release provided by the vendor.
Proactive Monitoring: Monitor network traffic for anomalous patterns or unexpected protocol behaviors that might indicate an attempt to exploit the framework.
Compensating Controls: Utilize a Web Application Firewall (WAF) or an Intrusion Prevention System (IPS) to filter malicious traffic targeting known protocol vulnerabilities.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 13, 2026, there is no public information indicating active exploitation of this vulnerability. However, given the widespread use of Netty, the potential for exploitation is high.
Analyst Recommendation
Security teams must immediately audit their software supply chain to identify applications utilizing the vulnerable Netty framework. Applying the vendor's patch is the only reliable method to mitigate this high-severity risk and prevent potential exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
GitPython is a python library used to interact with Git repositories
GitPython is a python library used to interact with Git repositories
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw was found in libarchive
A flaw was found in libarchive
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
FreePBX is an open source IP PBX
FreePBX is an open source IP PBX
---METADATA---
VENDOR: Sangoma
PRODUCT: FreePBX
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability exists in FreePBX, an open-source IP PBX platform, regarding file-based operations.
Executive Summary:
A high-severity vulnerability in the FreePBX platform may allow attackers to compromise system security, necessitating immediate attention from administrators.
Vulnerability Details
CVE-ID: CVE-2026-44239
Affected Software: Sangoma FreePBX
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability concerns file-based operations within the FreePBX environment. Further technical details regarding the authentication level required are pending, but the high CVSS score suggests a significant flaw in how the system handles file interactions.
Business Impact
The CVSS score of 8.8 indicates a high-risk scenario. Successful exploitation could lead to unauthorized file manipulation or system-level access, potentially disrupting telecommunications services and exposing sensitive configuration data.
Remediation Plan
Immediate Action: Update the FreePBX system to the latest stable release provided by Sangoma.
Proactive Monitoring: Monitor file integrity and access logs for unauthorized changes to system configuration files or unexpected administrative actions.
Compensating Controls: Ensure that the PBX interface is not exposed to the public internet and restrict access to authorized management networks only.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 2, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Administrators should treat this vulnerability with urgency. Review the Sangoma security portal for specific version requirements and apply patches immediately to prevent unauthorized access to your PBX infrastructure.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
FreePBX is an open source IP PBX
FreePBX is an open source IP PBX
---METADATA---
VENDOR: Sangoma
PRODUCT: FreePBX
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A high-severity security vulnerability has been identified in the FreePBX open-source IP PBX system.
Executive Summary:
The FreePBX system is affected by a high-severity vulnerability that could threaten the integrity of communication infrastructure.
Vulnerability Details
CVE-ID: CVE-2026-44238
Affected Software: FreePBX
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the FreePBX system, potentially allowing unauthorized actions within the PBX management or telephony interfaces.
Business Impact
The CVSS score of 8.8 indicates a high risk to business communications. Successful exploitation could lead to unauthorized call routing, eavesdropping, or disruption of communication services, which could severely impact organizational operations.
Remediation Plan
Immediate Action: Check the FreePBX official security advisories and apply any available updates or patches to the PBX software.
Proactive Monitoring: Monitor PBX logs for unusual administrative access, unauthorized configuration changes, or suspicious call traffic.
Compensating Controls: Restrict administrative access to the FreePBX web interface to trusted IP addresses only and ensure the system is behind a robust firewall.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 2, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the high CVSS score, the potential for exploitation is high.
Analyst Recommendation
Given the critical role of IP PBX systems, it is vital to keep FreePBX software updated. Security teams should prioritize this update to ensure the continued security and availability of voice communication services.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every p...
Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath() function is supposed to sandbox this access, but its blocklist is incomplete. Any web app packaged with Pulpy can read and write arbitrary files in the user's home directory — including ~/.ssh/id_rsa, ~/.aws/credentials, and ~/Library/Keychains/. This vulnerability is fixed in 0.1.1.
---METADATA---
VENDOR: enesgkky
PRODUCT: Pulpy
AFFECTED_VERSIONS: < 0.1.1
CONFIDENCE: high
MISSING: none
---END_METADATA---
Description Summary:
The Pulpy desktop application packager contains an incomplete path blocklist in its filesystem API, allowing packaged web applications to access sensitive files in the user's home directory.
Executive Summary:
A critical path traversal vulnerability in Pulpy allows packaged web applications to read and write sensitive user files, including SSH keys and cloud credentials.
Vulnerability Details
CVE-ID: CVE-2026-44225
Affected Software: enesgkky Pulpy
Affected Versions: < 0.1.1
Vulnerability: This is an improper access control and path traversal vulnerability where the validateFsPath() function fails to properly sandbox the pulpy.fs JavaScript API. An attacker-controlled web application can bypass the blocklist to access restricted files such as ~/.ssh/id_rsa or ~/.aws/credentials.
Business Impact
Exploitation allows for the theft of credentials, cryptographic keys, and sensitive local data, leading to a total compromise of the user's local workstation and potential lateral movement into cloud environments. The high CVSS score of 9.3 reflects the severity of this unauthorized access to highly sensitive system files.
Remediation Plan
Immediate Action: Update all applications packaged with Pulpy to version 0.1.1 or later and rebuild the application bundles.
Proactive Monitoring: Scan for unauthorized file access attempts or anomalous read/write activity on sensitive system configuration files.
Compensating Controls: Implement endpoint protection solutions to monitor and block unauthorized processes from accessing sensitive directories like ~/.ssh or ~/.aws.
Exploitation Status
Public Exploit Available: Yes (Proof of Concept)
Analyst Notes: As of May 12, 2026, while there is no public information indicating widespread active exploitation, a proof-of-concept exists. The potential for exploitation is high.
Analyst Recommendation
The risk of credential theft via this vulnerability is significant for developers and users of applications packaged with Pulpy. It is imperative to update the packager and redistribute affected software immediately to prevent local data compromise.
Update AWS Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Authorization bypass flaws in ArcadeDB allow authenticated users to access, modify, or corrupt data and schemas across different databases on the same...
Authorization bypass flaws in ArcadeDB allow authenticated users to access, modify, or corrupt data and schemas across different databases on the same server.
---METADATA---
VENDOR: ArcadeDB
PRODUCT: ArcadeDB
AFFECTED_VERSIONS: Prior to 2.6.4
---END_METADATA---
Description Summary:
Authorization bypass flaws in ArcadeDB allow authenticated users to access, modify, or corrupt data and schemas across different databases on the same server.
Executive Summary:
An authorization bypass vulnerability in ArcadeDB allows authenticated users to perform unauthorized actions across multiple databases, compromising data isolation.
Vulnerability Details
CVE-ID: CVE-2026-44221
Affected Software: ArcadeDB ArcadeDB
Affected Versions: Prior to 2.6.4
Vulnerability: This vulnerability consists of two defects: failure to initialize file access maps and improper security configuration during database creation. These issues allow an authenticated principal to bypass both record-level and database-level authorization.
Business Impact
Successful exploitation allows an authenticated user to perform unauthorized read, write, and schema mutations on any database residing on the affected server. Given the 9.0 CVSS score, this represents a major risk to data integrity and multi-tenant isolation, potentially resulting in cross-database data leakage or catastrophic system-wide database corruption.
Remediation Plan
Immediate Action: Upgrade all instances of ArcadeDB to version 2.6.4 or later immediately.
Proactive Monitoring: Audit database access logs for unusual cross-database queries or unauthorized attempts to modify database schemas.
Compensating Controls: Enforce strict database-level access controls and review API token permissions to ensure the principle of least privilege is maintained.
Exploitation Status
Public Exploit Available: Not specified
Analyst Notes: As of May 12, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability fundamentally breaks the security model of the database server. Administrators must ensure all instances are updated to version 2.6.4 to restore proper authorization enforcement and prevent potential unauthorized data manipulation by authenticated entities.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A stored Cross-Site Scripting (XSS) vulnerability in PrestaShop allows unauthenticated attackers to trigger a back-office takeover via the Contact Us...
A stored Cross-Site Scripting (XSS) vulnerability in PrestaShop allows unauthenticated attackers to trigger a back-office takeover via the Contact Us form.
---METADATA---
VENDOR: PrestaShop
PRODUCT: PrestaShop
AFFECTED_VERSIONS: Prior to 8.2.6 and 9.1.1
---END_METADATA---
Description Summary:
A stored Cross-Site Scripting (XSS) vulnerability in PrestaShop allows unauthenticated attackers to trigger a back-office takeover via the Contact Us form.
Executive Summary:
A critical stored XSS vulnerability in the PrestaShop back-office allows unauthenticated attackers to hijack administrative sessions and gain full control over the application.
Vulnerability Details
CVE-ID: CVE-2026-44212
Affected Software: PrestaShop
Affected Versions: Prior to 8.2.6 and 9.1.1
Vulnerability: The vulnerability exists in the Customer Service view of the back-office. An unauthenticated attacker can submit a malicious payload via the public Contact Us form, which is then stored and executed when an administrator views the ticket.
Business Impact
This flaw facilitates a full back-office takeover, granting the attacker total control over the e-commerce environment. Given the CVSS score of 9.3, this represents a severe threat to the integrity of the store, allowing for unauthorized modifications to product listings, customer data theft, and potential malware distribution.
Remediation Plan
Immediate Action: Apply the security update to PrestaShop version 8.2.6 or 9.1.1 immediately.
Proactive Monitoring: Audit back-office customer service threads for suspicious email addresses or script tags.
Compensating Controls: Utilize a WAF to inspect incoming form submissions for malicious JavaScript payloads.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of May 14, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Administrative takeover vulnerabilities are high-priority targets. It is essential to update the PrestaShop environment to the latest patched version to prevent unauthorized access and maintain the security of your e-commerce operations.
Update PrestaShop is an to the latest version. Monitor for exploitation attempts and review access logs.
Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows a...
Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and password to skip the second-factor authentication (TOTP) requirement entirely. Although, an attacker still needs the user's password to reach this stage. This vulnerability is fixed in 1.16.3.
---METADATA---
VENDOR: smp46
PRODUCT: Pingvin Share X
AFFECTED_VERSIONS: >= 1.14.1, < 1.16.3
CONFIDENCE: high
MISSING: none
---END_METADATA---
Description Summary:
Pingvin Share X contains an authentication bypass flaw that allows users who possess a valid password to skip the TOTP second-factor authentication requirement.
Executive Summary:
A critical authentication bypass vulnerability in Pingvin Share X allows an attacker with a valid password to circumvent secondary multi-factor authentication requirements.
Vulnerability Details
CVE-ID: CVE-2026-44196
Affected Software: smp46 Pingvin Share X
Affected Versions: 1.14.1 through 1.16.2
Vulnerability: This is an improper authentication flaw caused by an incorrect comparison in the TOTP verification process. An attacker who has already obtained a legitimate user's password can bypass the second-factor authentication layer, effectively nullifying the security benefits of MFA.
Business Impact
By bypassing MFA, an attacker with compromised credentials gains full access to the file-sharing platform, leading to unauthorized data access and potential data leakage. With a CVSS score of 9.1, this vulnerability significantly undermines the security posture of the platform by rendering multi-factor authentication ineffective.
Remediation Plan
Immediate Action: Update the Pingvin Share X installation to version 1.16.3 or later.
Proactive Monitoring: Review authentication logs for suspicious logins, particularly those that occur without the expected MFA challenges.
Compensating Controls: If immediate patching is not feasible, restrict access to the application via a VPN or IP allow-listing to reduce the attack surface.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of May 12, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Securing the authentication flow is vital for maintaining the confidentiality of shared files. Administrators must upgrade to version 1.16.3 immediately to restore the integrity of the multi-factor authentication process.
Update Pingvin Share Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prio...
Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the X-Forwarded-For header as the client IP. That entry is attacker-controlled — X-Forwarded-For is append-only, so the leftmost value is whatever the original HTTP client claimed. By sending a spoofed local IP in the header, an unauthenticated remote attacker passes the trusted-network check and is logged in as the Cleanuparr administrator. This vulnerability is fixed in 2.9.10.
---METADATA---
VENDOR: Cleanuparr
PRODUCT: Cleanuparr
AFFECTED_VERSIONS: < 2.9.10
CONFIDENCE: high
MISSING: none
---END_METADATA---
Description Summary:
An authentication bypass vulnerability in Cleanuparr allows unauthenticated remote attackers to gain administrative access via X-Forwarded-For header spoofing.
Executive Summary:
Cleanuparr versions prior to 2.9.10 are vulnerable to an authentication bypass flaw that allows unauthenticated attackers to gain full administrative control.
Vulnerability Details
CVE-ID: CVE-2026-44183
Affected Software: Cleanuparr Cleanuparr
Affected Versions: < 2.9.10
Vulnerability: The application incorrectly trusts the leftmost entry of the X-Forwarded-For HTTP header to determine the client IP address. An unauthenticated attacker can spoof a trusted local network IP to bypass authentication checks and assume administrator privileges.
Business Impact
Successful exploitation of this vulnerability grants an attacker full administrative access to the Cleanuparr instance. Given the CVSS score of 9.8, this poses a critical risk, enabling unauthorized configuration changes, file manipulation, and potential compromise of the underlying host environment.
Remediation Plan
Immediate Action: Upgrade to Cleanuparr version 2.9.10 or later immediately to apply the fix for the authentication logic.
Proactive Monitoring: Review web server and application access logs for suspicious X-Forwarded-For header values or anomalous administrative login patterns from unexpected IP ranges.
Compensating Controls: Implement a Web Application Firewall (WAF) to sanitize or strip X-Forwarded-For headers if the application is exposed to untrusted networks.
Exploitation Status
Public Exploit Available: Not explicitly stated (PoC exists per SSVC)
Analyst Notes: As of May 12, 2026, while there is no information regarding widespread active exploitation in the wild, a Proof-of-Concept is available. The ease of exploitation and the critical nature of the impact necessitate immediate patching.
Analyst Recommendation
This vulnerability represents a critical security failure in access control. Administrators must prioritize updating to version 2.9.10 to prevent unauthorized administrative access. Organizations should also audit their network architecture to ensure that only trusted proxies are permitted to set the X-Forwarded-For header.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
MariaDB server is a community developed fork of MySQL server
MariaDB server is a community developed fork of MySQL server
---METADATA---
VENDOR: MariaDB
PRODUCT: Server
AFFECTED_VERSIONS: MariaDB server versions 10.6.1 to 10.6.25, 10.11.1 to 10.11.16, 11.4.1 to 11.4.10, 11.8.1 to 11.8.6, and 12.3.1
---END_METADATA---
Description Summary:
Unsafe parameter handling during State Snapshot Transfer (SST) in MariaDB server allows malicious joiner nodes to execute arbitrary shell commands on the donor node.
Executive Summary:
A high-severity command injection vulnerability in MariaDB's SST process allows unauthorized shell command execution, requiring an immediate update to patched versions.
Vulnerability Details
CVE-ID: CVE-2026-44168
Affected Software: MariaDB Server
Affected Versions: MariaDB server versions 10.6.1 to 10.6.25, 10.11.1 to 10.11.16, 11.4.1 to 11.4.10, 11.8.1 to 11.8.6, and 12.3.1
Vulnerability: This vulnerability resides in the State Snapshot Transfer (SST) process, where donor nodes perform unsafe interpolation of joiner-sent parameters. An attacker acting as a joiner can inject shell commands via the mariabackup method to execute code on the donor side.
Business Impact
Successful exploitation results in remote code execution on the database server, granting an attacker full control over the database environment. With a CVSS score of 8.0, this vulnerability presents a critical threat to data confidentiality, integrity, and availability.
Remediation Plan
Immediate Action: Upgrade to MariaDB versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, 12.3.2, or 10.6.27.
Proactive Monitoring: Monitor database server logs for unexpected process execution or unauthorized shell activity originating from the SST process.
Compensating Controls: Restrict network access to the database cluster and ensure only trusted nodes can initiate SST operations.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 14, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability allows for full command execution on database servers, which is a critical security failure. Administrators must apply the provided patches immediately to secure their database infrastructure.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability
The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tyler Identity Local (TID-L) uses documented, default administrative credentials. Users are not required to change the credentials before deployment....
Tyler Identity Local (TID-L) uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 2020, and has not been supported since 2021.
---METADATA---
VENDOR: Tyler Technologies
PRODUCT: Tyler Identity Local (TID-L)
AFFECTED_VERSIONS: All versions
CONFIDENCE: high
MISSING: none
---END_METADATA---
Description Summary:
Tyler Identity Local (TID-L) utilizes default administrative credentials that are not required to be changed upon deployment, posing a significant risk of unauthorized administrative access.
Executive Summary:
The Tyler Identity Local (TID-L) platform is vulnerable to unauthorized administrative access due to the use of hardcoded, default credentials, posing a critical risk of total system compromise.
Vulnerability Details
CVE-ID: CVE-2026-44159
Affected Software: Tyler Technologies Tyler Identity Local (TID-L)
Affected Versions: All versions
Vulnerability: This vulnerability involves the use of default administrative credentials (CWE-1392) that remain active because the system does not enforce credential changes during initialization. An unauthenticated attacker with network access to the management interface can leverage these known credentials to gain full administrative control over the application.
Business Impact
Successful exploitation allows an attacker to gain full administrative access to the Tyler Identity Local system. Given the CVSS score of 9.8, this represents a critical risk, potentially leading to unauthorized data exfiltration, system reconfiguration, or lateral movement within the enterprise network. Organizations are advised that because the product is end-of-life and unsupported, the risk profile is significantly elevated.
Remediation Plan
Immediate Action: Since Tyler Identity Local is end-of-life and unsupported, the only effective remediation is the immediate decommissioning and removal of the software from the environment.
Proactive Monitoring: Review all access logs for the TID-L interface to identify any unauthorized logins or suspicious administrative activity performed using default accounts.
Compensating Controls: If immediate decommissioning is not possible, place the affected system behind a strict network-level firewall that limits access to the management interface to authorized IP addresses only.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of May 19, 2026, there is no public information indicating active exploitation of this vulnerability. However, the use of default credentials in an unsupported, legacy application makes this a high-priority target for automated scanning and exploitation.
Analyst Recommendation
The reliance on default credentials in an unsupported product creates an unacceptable security posture. Organizations must prioritize the migration away from Tyler Identity Local immediately, as no security patches will be provided by the vendor.
Update Tyler Identity Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability
Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw before 2026
OpenClaw before 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw before 2026
OpenClaw before 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw before 2026
OpenClaw before 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw before 2026
OpenClaw before 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw before 2026
OpenClaw before 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw contains an authentication bypass in webhook validation that allows unauthenticated attackers to execute arbitrary commands.
OpenClaw contains an authentication bypass in webhook validation that allows unauthenticated attackers to execute arbitrary commands.
---METADATA---
VENDOR: OpenClaw
PRODUCT: Sandbox Browser
AFFECTED_VERSIONS: Before 2026.4.15
---END_METADATA---
Description Summary:
OpenClaw contains an authentication bypass in webhook validation that allows unauthenticated attackers to execute arbitrary commands.
Executive Summary:
A critical authentication bypass in OpenClaw's webhook validation allows unauthenticated attackers to execute arbitrary commands on the system.
Vulnerability Details
CVE-ID: CVE-2026-44109
Affected Software: OpenClaw Sandbox Browser
Affected Versions: Before 2026.4.15
Vulnerability: The application fails to validate webhook signatures when configuration keys are missing, effectively failing open. This allows an unauthenticated attacker to replay requests or bypass signature verification entirely to execute arbitrary commands.
Business Impact
The ability to execute arbitrary commands on the host system represents the highest level of security risk. Given the 9.8 CVSS score, this vulnerability could be leveraged to gain full system control, install malware, or exfiltrate sensitive data.
Remediation Plan
Immediate Action: Update OpenClaw to version 2026.4.15 or later immediately.
Proactive Monitoring: Review system logs for unauthorized command execution and audit webhook callback patterns.
Compensating Controls: Ensure that all webhook endpoints are protected by robust authentication and signature verification, and use network segmentation to limit the exposure of these endpoints.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 6, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This is a critical vulnerability that must be addressed immediately. Ensure all instances are patched and that cryptographic keys are properly configured to prevent unauthorized command execution.
Update OpenClaw Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
The Totolink EX1200L router contains a buffer overflow in the login functionality, allowing unauthenticated remote attackers to execute arbitrary code...
The Totolink EX1200L router contains a buffer overflow in the login functionality, allowing unauthenticated remote attackers to execute arbitrary code as root.
---METADATA---
VENDOR: Totolink
PRODUCT: EX1200L
AFFECTED_VERSIONS: 9.3.5u.6146_B20201023 (likely others)
---END_METADATA---
Description Summary:
The Totolink EX1200L router contains a buffer overflow in the login functionality, allowing unauthenticated remote attackers to execute arbitrary code as root.
Executive Summary:
A critical buffer overflow in the Totolink EX1200L login interface allows unauthenticated attackers to execute code as root and gain full control of the device.
Vulnerability Details
CVE-ID: CVE-2026-44089
Affected Software: Totolink EX1200L
Affected Versions: 9.3.5u.6146_B20201023 (and potentially others)
Vulnerability: A buffer overflow exists in the cgi-bin/cstecgi.cgi endpoint, which handles login requests. An unauthenticated attacker can send a crafted request to trigger this overflow and execute arbitrary commands with root-level privileges.
Business Impact
With a CVSS score of 9.4, this vulnerability allows for total compromise of the router. An attacker gaining root access can intercept network traffic, modify DNS settings, or use the device as an entry point to attack other internal systems, posing a significant risk to the entire network environment.
Remediation Plan
Immediate Action: Update the EX1200L firmware to the latest available version provided by Totolink.
Proactive Monitoring: Monitor network traffic for unusual activity originating from the router, such as unexpected outbound connections or system configuration changes.
Compensating Controls: Disable remote management of the router and restrict access to the web interface to trusted internal IP addresses only.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Jun 23, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the potential for root-level remote code execution, this vulnerability poses a severe threat to network integrity. Organizations should immediately apply firmware updates and restrict management access to the device to mitigate the risk of unauthorized remote exploitation.
Update Totolink EX1200L to the latest version. Check the vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
In Netatalk 2
In Netatalk 2
---METADATA---
VENDOR: Netatalk
PRODUCT: Netatalk 2
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
CONFIDENCE: low
MISSING: versions, patch, technical_details
---END_METADATA---
Description Summary:
A vulnerability has been identified in Netatalk 2. Further technical details regarding the nature of the flaw are currently unavailable.
Executive Summary:
A security vulnerability in Netatalk 2 presents a potential risk to system integrity and requires immediate attention from system administrators.
Vulnerability Details
CVE-ID: CVE-2026-44068
Affected Software: Netatalk 2
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The specific nature of this vulnerability is currently undisclosed. Due to the limited information provided, the authentication requirements for exploitation cannot be determined.
Business Impact
The vulnerability carries a CVSS score of 7.6, categorizing it as a High-severity risk. Successful exploitation could lead to unauthorized system access or service disruption, potentially impacting the availability and confidentiality of the affected file services.
Remediation Plan
Immediate Action: System administrators should monitor official vendor channels for security patches and apply them as soon as they become available.
Proactive Monitoring: Review system and application access logs for any anomalous behavior or unauthorized connection attempts.
Compensating Controls: Ensure the service is not exposed to the public internet and restrict access to trusted network segments only.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 21, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the High severity of this issue, organizations utilizing Netatalk 2 should prioritize tracking vendor security bulletins. Applying updates promptly remains the primary defense against potential exploitation of this vulnerability.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3
Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3
---METADATA---
VENDOR: Netatalk
PRODUCT: Netatalk 3
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
CONFIDENCE: medium
MISSING: versions, patch, technical_details
---END_METADATA---
Description Summary:
Multiple heap out-of-bounds read vulnerabilities exist in the Spotlight RPC unmarshalling code within Netatalk 3, potentially leading to information disclosure.
Executive Summary:
Heap out-of-bounds read vulnerabilities in Netatalk 3 could permit an attacker to access sensitive memory information, threatening the confidentiality of the affected system.
Vulnerability Details
CVE-ID: CVE-2026-44066
Affected Software: Netatalk Netatalk 3
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability involves heap out-of-bounds reads during the unmarshalling of Spotlight RPC requests. This flaw may allow an attacker to read data outside of intended memory boundaries.
Business Impact
Exploitation of this memory corruption vulnerability can lead to unauthorized information disclosure, potentially exposing sensitive data residing in memory. With a CVSS score of 7.1, this is a High severity issue that requires immediate attention to prevent the leakage of credentials or other critical system information.
Remediation Plan
Immediate Action: Update all installations of Netatalk 3 to the latest version as recommended by the vendor to address the memory handling errors.
Proactive Monitoring: Monitor network traffic and server logs for unusual RPC requests or service crashes that may indicate an attempt to trigger memory corruption.
Compensating Controls: Deploy network-based intrusion detection systems to filter and inspect RPC traffic, blocking malformed packets that match the vulnerability signature.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 22, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Organizations utilizing Netatalk 3 should treat this vulnerability as a high priority. Ensure that all affected systems are patched promptly, and consider restricting access to the Netatalk service to trusted networks only until updates are fully implemented.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An out-of-bounds read in ASP session ID handling in Netatalk 1
An out-of-bounds read in ASP session ID handling in Netatalk 1
---METADATA---
VENDOR: Netatalk
PRODUCT: Netatalk 1
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
CONFIDENCE: medium
MISSING: versions, patch, technical_details
---END_METADATA---
Description Summary:
An out-of-bounds read vulnerability in the ASP session ID handling code of Netatalk 1 may result in information disclosure.
Executive Summary:
A vulnerability in Netatalk 1's session ID handling could allow an attacker to perform out-of-bounds reads, potentially leading to the compromise of sensitive memory contents.
Vulnerability Details
CVE-ID: CVE-2026-44064
Affected Software: Netatalk Netatalk 1
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability occurs during the processing of ASP session IDs, where an out-of-bounds read condition can be triggered. This may allow unauthorized access to adjacent memory areas.
Business Impact
Successful exploitation can result in the exposure of sensitive information stored in the application's memory space. Rated at 7.1 on the CVSS scale, this vulnerability poses a High severity risk, as memory disclosure can often serve as a precursor to more complex attacks or data exfiltration.
Remediation Plan
Immediate Action: Apply the latest security patches provided by the vendor for Netatalk 1 to remediate the session ID handling logic.
Proactive Monitoring: Review application logs for abnormal session activity or unexpected errors during authentication/session processes that could indicate exploitation attempts.
Compensating Controls: Utilize a Web Application Firewall or similar filtering mechanism to sanitize incoming session ID parameters and block malformed inputs.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 22, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
To mitigate the risk of memory disclosure, administrators should prioritize updating Netatalk 1 instances. If patching is not immediately feasible, restrict access to the affected service to minimize the exposure to potentially malicious actors.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A missing output length bounds check in pull_charset_flags() in Netatalk 2
A missing output length bounds check in pull_charset_flags() in Netatalk 2
---METADATA---
VENDOR: Netatalk
PRODUCT: Netatalk 2
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
CONFIDENCE: medium
MISSING: patch, exploit_status, technical_details
---END_METADATA---
Description Summary:
A missing output length bounds check in the pull_charset_flags() function of Netatalk 2 may lead to memory safety issues.
Executive Summary:
A memory safety vulnerability in Netatalk 2 poses a significant risk of system instability or potential code execution.
Vulnerability Details
CVE-ID: CVE-2026-44062
Affected Software: Netatalk Netatalk 2
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability involves a missing output length bounds check within the pull_charset_flags() function. The authentication requirement is currently unspecified, but such memory corruption flaws often allow for remote exploitation.
Business Impact
The vulnerability carries a CVSS score of 7.5, indicating a high severity risk that could lead to unauthorized system access or service disruption. Successful exploitation could result in the compromise of sensitive file data managed by the Netatalk server, leading to potential data exfiltration or loss.
Remediation Plan
Immediate Action: Consult the official Netatalk security advisories to identify and apply the necessary patches or version upgrades.
Proactive Monitoring: Review system and application logs for unusual crashes or anomalous traffic patterns targeting the Netatalk service.
Compensating Controls: Implement network segmentation to isolate the Netatalk service from untrusted networks, reducing the attack surface.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 22, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the high CVSS score, organizations running Netatalk 2 should prioritize identifying affected instances within their environment. Apply vendor-provided security patches immediately to mitigate the risk of memory-related exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: PraisonAI
PRODUCT: Multi-agent teams system
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
PraisonAI multi-agent teams system contains an unspecified security vulnerability requiring immediate investigation.
Executive Summary:
A security vulnerability in the PraisonAI multi-agent platform could potentially expose critical business logic to unauthorized manipulation.
Vulnerability Details
CVE-ID: CVE-2026-44340
Affected Software: PraisonAI Multi-agent teams system
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The exact nature of this vulnerability is currently under investigation; however, it affects the core multi-agent framework of the PraisonAI system. The authentication requirements remain indeterminate pending further vendor disclosure.
Business Impact
Given the CVSS score of 7.5, this vulnerability represents a high-risk scenario that could lead to unauthorized access or degradation of AI-driven workflows. Successful exploitation may result in the compromise of proprietary automated processes and the leakage of sensitive data handled by the agentic architecture.
Remediation Plan
Immediate Action: Review the official PraisonAI security advisories and apply available patches or configuration changes immediately.
Proactive Monitoring: Monitor system logs for unusual agent behavior or unauthorized API calls directed at the core framework.
Compensating Controls: Implement strict network segmentation and egress filtering to limit the impact of a potential agent-based compromise.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 10, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the critical role of AI agent systems in business workflows, the potential for exploitation is considered high.
Analyst Recommendation
Security teams should prioritize the identification of PraisonAI instances within their environment. Applying the vendor-supplied updates is the only definitive way to mitigate this risk; monitor vendor communication channels closely for technical bulletins.