CVE-2026-10112
(2.4 LOW)

EPSS: 0.00%

updated 2026-05-30T08:16:16.180000

2 posts

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not

CVE-2026-10110
(7.3 HIGH)

EPSS: 0.00%

updated 2026-05-30T07:16:27.813000

2 posts

A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument roll results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

1 repos

https://github.com/Xmyronn/CVE-2026-10110-SQLi

CVE-2026-10044
(7.5 HIGH)

EPSS: 0.05%

updated 2026-05-30T04:17:05.463000

1 posts

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/{filename} endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal sequences. Attackers can bypass the incomplete path traversal guard, which only blocks forward slashes and '

CVE-2026-44724
(7.8 HIGH)

EPSS: 0.05%

updated 2026-05-30T02:16:19.137000

1 posts

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces() when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained internally from real nmcli device status output. The library sanitizes the network interface name befor

CVE-2026-9831
(6.3 MEDIUM)

EPSS: 0.00%

updated 2026-05-29T22:16:23.980000

2 posts

A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issue was observed through ExtremeCloud IQ/XIQ API endpoints and validated against both XIQ/XAPI and Extrem

CVE-2026-42941
(8.3 HIGH)

EPSS: 0.00%

updated 2026-05-29T21:31:30

2 posts

The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change.

CVE-2026-9051
(9.1 CRITICAL)

EPSS: 0.00%

updated 2026-05-29T21:31:24

2 posts

There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure.  Successful exploitation requires an attacker to send a specially crafted HTTP request.  This vulnerability affects NI SystemLink Enterprise 2026-04 and pr

CVE-2026-49368
(8.7 HIGH)

EPSS: 0.00%

updated 2026-05-29T21:31:23

2 posts

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible

CVE-2026-49374
(7.6 HIGH)

EPSS: 0.00%

updated 2026-05-29T21:31:23

2 posts

In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters

CVE-2026-49367
(8.0 HIGH)

EPSS: 0.00%

updated 2026-05-29T21:31:22

2 posts

In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account

CVE-2026-5343
(7.4 HIGH)

EPSS: 0.02%

updated 2026-05-29T21:31:18

1 posts

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4.

CVE-2026-45663
(9.9 CRITICAL)

EPSS: 0.00%

updated 2026-05-29T21:16:40.203000

2 posts

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When an authenticated user uploads a file to a container, the destinationPath parameter is not properly sanitized and is directly interpolated into a shell command string. By including shell metacharacters such as ; or ", an attacke

CVE-2026-8364
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-05-29T20:26:29.583000

1 posts

Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache.

CVE-2026-8363
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-05-29T20:26:29.583000

1 posts

A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:

CVE-2026-45627
(8.2 HIGH)

EPSS: 0.00%

updated 2026-05-29T20:25:00.760000

2 posts

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, the unauthenticated GET /api/app-images/logo endpoint reflects a user-supplied color query parameter into the body of an SVG document via strings.ReplaceAll with no escaping. The substitution lands inside a <style> element of the embedded logo.svg, allowing an attacker to close the style block an

CVE-2026-45625
(9.9 CRITICAL)

EPSS: 0.00%

updated 2026-05-29T20:25:00.760000

2 posts

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eight of those endpoints (list, create, get, update, delete, test, listBranches, browseFiles) never call t

CVE-2026-45661
(9.9 CRITICAL)

EPSS: 0.00%

updated 2026-05-29T20:25:00.760000

2 posts

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitrary files to the filesystem during application deployment. When combined with Dokploy's remote server deployment feature, this vulnerability enables arbitrary file write to remote server filesystems, a

CVE-2026-45633
(9.9 CRITICAL)

EPSS: 0.00%

updated 2026-05-29T20:25:00.760000

2 posts

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing authenticated users to execute arbitrary commands with root privileges.

CVE-2026-47179
(7.7 HIGH)

EPSS: 0.00%

updated 2026-05-29T20:25:00.760000

2 posts

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because ProjectService.CreateProject writes attacker-supplied compose content to disk without validating include paths,

CVE-2026-45372
(9.9 CRITICAL)

EPSS: 0.00%

updated 2026-05-29T20:23:08.683000

2 posts

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. The validity check (is_field_value) is run before decoding, so encoded %0D%0A passes the check and is then expanded to a literal \r\n byte pair inside the stored header

CVE-2026-44422
(7.5 HIGH)

EPSS: 0.00%

updated 2026-05-29T20:22:37.383000

2 posts

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is reused across two pointer fields, the parser assigns the same heap object to both output fields. The generic destructor

CVE-2026-44420
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-29T20:22:37.383000

2 posts

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process (remote DoS) and may be exploitable for code execution because it corrupts heap memory. This vulner

CVE-2026-48557
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-29T20:21:38.773000

2 posts

Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer(). The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo() preserving inner .php stems in saved filenames. The blocklist also omits executable extensions including .php6, .shtml,

CVE-2026-9998
(8.3 HIGH)

EPSS: 0.03%

updated 2026-05-29T20:18:44.250000

1 posts

Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2026-44648
(7.5 HIGH)

EPSS: 0.00%

updated 2026-05-29T20:17:38.110000

2 posts

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern relies on cookie-session for authentication, storing all session data (user handle, permissions) in a signed cookie. The endpoints POST /api/users/change-password and POST /api/users/recov

1 repos

https://github.com/zzzm0919/CVE-2026-44648

CVE-2026-0257
(9.1 CRITICAL)

EPSS: 0.07%

updated 2026-05-29T20:16:21.803000

6 posts

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

4 repos

https://github.com/0xBlackash/CVE-2026-0257

https://github.com/sfewer-r7/CVE-2026-0257

https://github.com/HORKimhab/CVE-2026-0257

https://github.com/akashsingh0454/CVE-2026-0257-PoC

CVE-2026-49366
(7.8 HIGH)

EPSS: 0.00%

updated 2026-05-29T20:11:15.977000

2 posts

In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion

CVE-2026-49372
(7.5 HIGH)

EPSS: 0.00%

updated 2026-05-29T20:11:15.977000

2 posts

In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible

CVE-2026-45321
(9.6 CRITICAL)

EPSS: 15.09%

updated 2026-05-29T19:41:37.437000

3 posts

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn

12 repos

https://github.com/nkopylov/tanscript-exploit-check

https://github.com/Intrudify/mini-shai-hulud-scanner

https://github.com/qi-scape/scan-shai-hulud

https://github.com/Yomisana/are-you-get-tanstack-attack

https://github.com/digi4care/shai-scan

https://github.com/Caixa-git/tanstack-shield

https://github.com/fabriziosalmi/tanstack-compromise-checker

https://github.com/shayr1/shai-hulud-scan

https://github.com/Breakingcircuitsllc/teampcp_shai_hulud.yar

https://github.com/ry-allan/tanstack-compromise-checker

https://github.com/renewablehacking/CVE-2026-45321-Tanstack

https://github.com/prashanthnataraj/mini-shai-hulud-detector

CVE-2026-42929
(8.3 HIGH)

EPSS: 0.00%

updated 2026-05-29T19:16:23.830000

2 posts

Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials.

CVE-2026-46834
(7.5 HIGH)

EPSS: 0.04%

updated 2026-05-29T18:32:27

1 posts

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Net Servic

CVE-2026-5386
(9.1 CRITICAL)

EPSS: 0.00%

updated 2026-05-29T18:31:42

2 posts

The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings.

CVE-2026-7786
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-05-29T18:31:42

2 posts

Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services.

CVE-2026-6824
(8.4 HIGH)

EPSS: 0.00%

updated 2026-05-29T18:31:42

2 posts

A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators or users access affected pages, the stored scripts are executed in their browsers, leading to potentia

CVE-2026-32905
(8.3 HIGH)

EPSS: 0.00%

updated 2026-05-29T18:31:42

2 posts

OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with chat command access can create setup codes to enroll devices with operator/node capabilities, granting persistent credentials until manual removal.

CVE-2026-44962
(9.9 CRITICAL)

EPSS: 0.00%

updated 2026-05-29T18:31:42

2 posts

Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the server, resulting in local privilege escalation.

CVE-2026-10066
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-29T18:31:41

2 posts

A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub_9068 of the file tomatoups.cgi of the component UPS Service. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2026-10065
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-29T18:31:41

2 posts

A weakness has been identified in Shibby Tomato 1.28. This vulnerability affects the function get_ups_field of the file tomatodata.cgi. Executing a manipulation of the argument Date can lead to stack-based buffer overflow. It is possible to launch the attack remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2026-46821
(7.7 HIGH)

EPSS: 0.03%

updated 2026-05-29T18:31:20

1 posts

Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financials Common Modules. While the vulnerability is in Oracle Financials Common Modules, attacks may sig

CVE-2026-46840
(10.0 CRITICAL)

EPSS: 0.04%

updated 2026-05-29T18:31:20

1 posts

Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in Oracle REST Data Services, attacks may significantly impact additional products (scope change). S

1 repos

https://github.com/fangbarristerbar/CVE-2026-46840-ORDS-RCE

CVE-2026-46837
(8.8 HIGH)

EPSS: 0.04%

updated 2026-05-29T18:31:20

1 posts

Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite (component: Security). Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via SQL to compromise Oracle Flow Manufacturing. Successful attacks of this vulnerability can result in takeover of Oracle Flow Manufacturing. CVSS 3.1

CVE-2026-9999
(8.8 HIGH)

EPSS: 0.04%

updated 2026-05-29T18:17:18.940000

1 posts

Inappropriate implementation in ANGLE in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

1 repos

https://github.com/24520597-blip/CVE-2026-999999

CVE-2026-5768
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-29T18:17:12.997000

2 posts

The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities, triggering vibrations, causing denial-of-service conditions, and fuzzing characteristic values to induce une

CVE-2026-45615
(8.2 HIGH)

EPSS: 0.00%

updated 2026-05-29T18:17:10.163000

1 posts

mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c (specifically INTEGER_oer.c). When parsing a maliciously crafted, zero-length OER payload for a variable-length, non-negative INTEGER type, the decoder fails to validate the required bytes before extracting the Most Significant Bit (MSB). Thi

CVE-2026-44973
(8.1 HIGH)

EPSS: 0.05%

updated 2026-05-29T16:32:14.400000

1 posts

Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcement may allow crafted paths (e.g., using ..) to escape intended base directories. While go-billy was not originally designed to provide a strong security boundary, some of these issues were inconsisten

CVE-2026-35674
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-29T16:29:34.540000

2 posts

OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and operator.admin scope requirements, enabling unauthorized plugin, config, MCP, allowlist, and ACP mutations.

CVE-2026-35630
(8.0 HIGH)

EPSS: 0.00%

updated 2026-05-29T16:29:34.540000

2 posts

OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization.

CVE-2026-10067
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-29T16:29:11.350000

2 posts

A vulnerability was detected in Shibby Tomato 1.28. Impacted is the function sub_90F0 of the file multimon.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2026-45104
(7.5 HIGH)

EPSS: 0.04%

updated 2026-05-29T16:25:57.843000

1 posts

MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls _SLDApplyRuleValues(psRule, psLayer, 1); for any <Rule> carrying <ElseFilter/> — it assumes msSLDParseRule added one class. When the rule has no symbolizer (a structurally valid SLD), msSLDParseRule adds zero, and _SLDApplyRuleValues ends up indexing _class[-1], resulting i

CVE-2026-32847
(7.5 HIGH)

EPSS: 0.08%

updated 2026-05-29T16:19:35.753000

1 posts

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in new_ui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /{full_path:path} endpoint. Attackers can bypass Starlette's path normalization by encoding slashes as %2F and dots as %2E%2E, causing the joined path to trave

CVE-2026-46839
(9.9 CRITICAL)

EPSS: 0.04%

updated 2026-05-29T16:16:30.780000

1 posts

Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in Oracle REST Data Services, attacks may significantly impact additional products (scope change). Successful attacks

CVE-2026-46835
(7.5 HIGH)

EPSS: 0.04%

updated 2026-05-29T16:16:30.520000

1 posts

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Net Servic

CVE-2026-9739
(0 None)

EPSS: 0.02%

updated 2026-05-29T15:42:56.873000

1 posts

Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During the beta phase, we implemented `allowed-origins` and `allowed-hosts` flags to align with MCP security guidelines. However, the hardcoded `Access-Control-Allow-Origin: *` header in the SSE initialization handler was inadvertently retained. This vulnerability specifically impacts users connecting via Toolbox using SSE un

CVE-2026-32999
(9.0 CRITICAL)

EPSS: 0.05%

updated 2026-05-29T15:39:34.620000

1 posts

Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices.

CVE-2026-44887
(9.8 CRITICAL)

EPSS: 0.21%

updated 2026-05-29T15:29:42.387000

1 posts

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec(), injected code executes as the daemon process. With web protection disabled (the default configuration), no authentication is require

CVE-2026-45083
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-05-29T15:29:42.387000

1 posts

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to the backend Solr server without restriction. An attacker could read the complete Solr index and, in defau

CVE-2026-45578
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-29T15:06:44.207000

1 posts

WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/on_publish.php builds an execAsync() command line by string concatenation, single-quoting each argument but never calling escapeshellarg(). A ' in any of the three interpolated values ($users_id, $m3u8, $obj->liveTransmitionHistory_id

CVE-2026-44850
(8.5 HIGH)

EPSS: 0.03%

updated 2026-05-29T15:06:44.207000

1 posts

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind mounts for non-administrators security setting that blocks regular users from binding host paths into containers they crea

CVE-2026-7480
(0 None)

EPSS: 0.01%

updated 2026-05-29T14:46:09.837000

1 posts

An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary code via a crafted RPC call that bypass the validation mechanism. Refer to the 'Security Update for ASUS System Control Interface' section on the ASUS Security Advisory for more information.

CVE-2026-46510
(8.2 HIGH)

EPSS: 0.00%

updated 2026-05-29T14:16:31.807000

1 posts

form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys (e.g. name[sub]) into nested objects without filtering __proto__, constructor, or prototype. A single HTTP form field whose name starts with __proto__[...] causes the library to mutate Object.prototype, which is a prototype pollution primitive of the entire Node.js process. This

CVE-2026-35675
(8.2 HIGH)

EPSS: 0.11%

updated 2026-05-29T14:16:26.403000

1 posts

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate valid usernames, obtain plaintext passwords via email, and achieve complete account takeover including administrative access.

CVE-2026-38703
(9.8 CRITICAL)

EPSS: 0.27%

updated 2026-05-29T14:09:03.913000

1 posts

A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.

CVE-2026-38707
(9.8 CRITICAL)

EPSS: 0.27%

updated 2026-05-29T14:08:41.327000

1 posts

A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.

CVE-2026-49127
(8.6 HIGH)

EPSS: 0.06%

updated 2026-05-29T14:07:47.980000

1 posts

Music Player Daemon (MPD) before version 0.24.11 contains a stack buffer overflow vulnerability in the pcm_unpack_24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one write in the PCM decoder plugin. Attackers can issue two MPD commands referencing a malicious HTTP audio source to cause the unpack loop to write 1366 entries int

CVE-2026-3655
(9.8 CRITICAL)

EPSS: 0.26%

updated 2026-05-29T13:09:05.450000

1 posts

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the `lwp_ajax_register` AJAX handler not binding the Firebase session to the phone number supplied in the request. The `idehweb_lwp_activate_through_firebase()` function validates that a Firebase OTP sessio

CVE-2026-8732
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-05-29T07:20:15

1 posts

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmp_temp_access_ajax AJAX action being registered with wp_ajax_nopriv_ and protected only by a nonce check using the fc-call-nonce nonce, which is publicly embedded into every frontend page via wp_localize_script as the nonc

1 repos

https://github.com/xShadow-Here/CVE-2026-8732

CVE-2026-8070(CVSS UNKNOWN)

EPSS: 0.01%

updated 2026-05-29T03:31:14

1 posts

Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the '  Security Update for Armoury Crate App   ' section on the ASUS Security Advisory for more information.

CVE-2026-46833
(9.0 CRITICAL)

EPSS: 0.04%

updated 2026-05-29T02:47:03.023000

1 posts

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. While the vulnerability is in Net Service, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerabi

CVE-2026-47333
(7.8 HIGH)

EPSS: 0.01%

updated 2026-05-29T02:45:36.283000

1 posts

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, leading to a heap memory out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in invalid data being processed by the AppArmor DFA policy engine.

CVE-2026-49128
(7.5 HIGH)

EPSS: 0.11%

updated 2026-05-29T00:39:36

1 posts

Music Player Daemon (MPD) before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without canonicalization, allowing '..' segments to survive into the resolved path and be flattened by the kernel

CVE-2026-8809
(9.8 CRITICAL)

EPSS: 0.19%

updated 2026-05-29T00:38:45

1 posts

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation via Validation Bypass in all versions up to and including 0.9.2.5. The vulnerability exists due to the after_validate_save_post() function unconditionally trusting the attacker-controlled _acf_post_id POST parameter — with no authentication or integrity verification — to select a cleanup branch that sil

CVE-2026-39929
(7.5 HIGH)

EPSS: 0.11%

updated 2026-05-28T22:16:58.693000

1 posts

Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler that allows remote attackers to crash the application by sending a specially crafted UDP packet. Attackers can send a malformed packet with an invalid memory address at offset 0x4 in the payload to trigger an access violation and c

CVE-2026-9645
(9.9 CRITICAL)

EPSS: 0.05%

updated 2026-05-28T21:32:17

1 posts

Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system compromise as commands are executed as root.

CVE-2026-47331
(7.8 HIGH)

EPSS: 0.01%

updated 2026-05-28T21:32:10

1 posts

Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-free (UAF) and, theoretically, arbitrary code execution.

CVE-2026-4944
(8.8 HIGH)

EPSS: 0.09%

updated 2026-05-28T21:32:10

1 posts

vllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remote_code=True` parameter is hardcoded in two model implementation files (`vllm/model_executor/models/nemotron_vl.py` and `vllm/model_executor/models/kimi_k25.py`). This bypasses the user's explicit `--trust-remote-code=False` setting, enabling remote code execution via malicious HuggingFace model repositories. This issue

CVE-2026-43898
(10.0 CRITICAL)

EPSS: 0.05%

updated 2026-05-28T20:16:23.810000

1 posts

SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-controlled fake context and obj values to extract blocked host statics, recover the real host Function constructor, and execute arbitrary host JavaScript. This

CVE-2026-47759
(8.7 HIGH)

EPSS: 0.03%

updated 2026-05-28T19:19:37.803000

1 posts

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce-* attributes (data-mce-href, data-mce-src, data-mce-style). Allows attackers to inject malicious values that override safe attributes during serialization, bypassing validation. This vulnerability is fixed in 5.11.1, 7.9.3, and 8.5.1.

CVE-2026-47760
(8.7 HIGH)

EPSS: 0.03%

updated 2026-05-28T19:19:03.740000

1 posts

TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This vulnerability is fixed in 7.1.0.

CVE-2026-46509
(8.2 HIGH)

EPSS: 0.04%

updated 2026-05-28T19:16:39.280000

1 posts

deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain __proto__/constructor/prototype. The property path must not be exposed as user input. This vulnerability is fixed in 1.0.3.

CVE-2026-46414
(8.8 HIGH)

EPSS: 0.04%

updated 2026-05-28T18:56:36.823000

2 posts

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK message claiming client_type="constellation" and target_id=<victim-device-id>. The server trusts the rol

CVE-2026-45322
(7.8 HIGH)

EPSS: 0.06%

updated 2026-05-28T18:56:36.823000

1 posts

Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in the shell action replay path. In affected releases, ShellReceiver.run_shell() passes a command string from action parameters directly to subprocess.Popen() with shell=True and executable=powershell.exe

CVE-2026-45311
(9.6 CRITICAL)

EPSS: 0.04%

updated 2026-05-28T18:40:37.990000

1 posts

CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and executes arbitrary code: test binaries, build.rs build scripts, and proc macros. While auto-approving test execution is a deliberate design choice, it creates

CVE-2026-38702
(9.8 CRITICAL)

EPSS: 0.27%

updated 2026-05-28T18:30:39

1 posts

A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.

CVE-2026-9095
(8.1 HIGH)

EPSS: 0.04%

updated 2026-05-28T18:30:39

1 posts

Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse() function in object/saml_sp.go calls sp.RetrieveAssertionInfo() and immediately maps the result to a user session. There is no assertion ID cache, OneTimeUse condition enforcement, or replay detection anywhere in the SAML SP code path. As a result, an attacker can replay a pr

CVE-2026-38704
(9.8 CRITICAL)

EPSS: 0.27%

updated 2026-05-28T18:30:39

1 posts

A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.

CVE-2026-49238
(8.4 HIGH)

EPSS: 0.02%

updated 2026-05-28T18:00:33.730000

1 posts

An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component (sshfs_server), which executes with root privileges on the host, contains a path containment bypass vulnerability within its validate_path function in src/sshfs_mount/sftp_server.cpp. The function performs a plain string prefix comparison on requested paths without path separator validation or

CVE-2026-44326
(9.4 CRITICAL)

EPSS: 0.04%

updated 2026-05-28T16:25:38.687000

1 posts

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, patch, and delete traffic-influence subscriptions either with no Authorization header at all, or with a forged bearer token (e.g. Authorization: Beare

CVE-2026-48151
(7.5 HIGH)

EPSS: 0.03%

updated 2026-05-28T16:16:28.793000

1 posts

Budibase is an open-source low-code platform. Prior to 3.39.0, the webhook schema-building endpoint is registered under builderRoutes, but the generic authorization middleware skips authorization for all paths matching /api/webhooks/schema. As a result, an unauthenticated caller can update the body schema for a known webhook and mutate the corresponding automation trigger output schema. This vulne

CVE-2026-35671
(8.8 HIGH)

EPSS: 0.04%

updated 2026-05-28T14:19:43

1 posts

### Summary An Insecure Direct Object Reference (IDOR) vulnerability in phpMyFAQ's Admin API allows any authenticated administrator to change the password of any user account, including SuperAdmin accounts (userId=1), without authorization verification. An attacker with a low-privilege admin account can escalate privileges to full SuperAdmin control by simply changing the target user's ID in the A

CVE-2026-44711
(7.9 HIGH)

EPSS: 0.02%

updated 2026-05-28T14:16:21.263000

1 posts

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7.

CVE-2026-44635
(7.5 HIGH)

EPSS: 0.05%

updated 2026-05-28T14:16:20.450000

1 posts

Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters (., [, ], *, **, ?). When attacker-controlled input flows into eb.ref(col, '->$').key(input) or .at(input) — including type-safe code where the JSON column is shaped like Record<string, T> so K extends string is the inferred type — every dot bec

CVE-2026-44709
(7.8 HIGH)

EPSS: 0.02%

updated 2026-05-28T13:57:25.390000

1 posts

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRY_FALLBACK_APP environment variable and executes it directly without any validation. Any process that can set environment variables before pamusb-pinentry is invoked can point PINENTRY_FALLBACK_APP at an arbitrary binary or script and have it executed with the privile

CVE-2026-9227
(8.8 HIGH)

EPSS: 0.14%

updated 2026-05-28T13:45:25.260000

1 posts

The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_and_ext_json function. This is due to a flawed strpos() substring check that only verifies whether the filename contains the string '.json' rather than confirming the filename ends with a .json extension, allowing double-extension filenames

CVE-2026-9009
(8.8 HIGH)

EPSS: 0.24%

updated 2026-05-28T13:45:25.260000

2 posts

The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filter_content function. This is due to passing the attacker-supplied 'callback_raw' shortcode attribute directly into call_user_func() with no sanitization or allowlist validation, relying solely on an is_callable() check that permits dan

CVE-2026-8915
(8.8 HIGH)

EPSS: 0.02%

updated 2026-05-28T13:44:54.327000

2 posts

Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31.

CVE-2026-7862
(8.6 HIGH)

EPSS: 0.04%

updated 2026-05-28T12:33:02

1 posts

The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant's payment gateway credentials, and for applicable payment methods, to redirect refunded funds to an attacker-controlled bank account.

CVE-2026-4408
(9.0 None)

EPSS: 0.23%

updated 2026-05-28T09:31:27

2 posts

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper escaping of shell meta-characters. This vulnerability allows an attacker to achieve remote command execu

CVE-2026-6455
(8.1 HIGH)

EPSS: 0.04%

updated 2026-05-28T09:31:26

1 posts

The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Deletion via SQL Injection and PHP Object Injection in versions up to and including 3.0. This is due to a missing nonce verification in the process_bulk_action() function, the nonce check is only executed when _wpnonce is present in the POST body, allowing it to be trivially

CVE-2026-7802
(8.8 HIGH)

EPSS: 0.06%

updated 2026-05-28T06:31:16

1 posts

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite an administrator's user_pass, user_email, first_name, last_n

CVE-2026-9789(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-05-28T03:31:21

1 posts

A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List (ACL). This allows any authenticated local user to connect and send commands. Because the service does not check the caller's privileges before running file deletion comma

CVE-2026-9208
(8.8 HIGH)

EPSS: 0.07%

updated 2026-05-28T00:30:35

1 posts

Tanium addressed an unauthorized code execution vulnerability in Connect.

CVE-2026-45332
(7.5 HIGH)

EPSS: 0.04%

updated 2026-05-27T21:32:32

1 posts

### Summary A Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcrypt password hash of every administrator account with a single POST request. The `/_api/user-collection/create-first-user` setup endpoint remains publicly accessible once initial configuration is complete and returns full serialized user data in the JSON response body. ### Details Affected

CVE-2026-8359
(7.5 HIGH)

EPSS: 0.05%

updated 2026-05-27T21:31:33

1 posts

When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBin_LoadHttpModule function in the dll would be called to set up a "module" object for that module. However, WOSHttpStatusModule.dll is not present in the installation. As a result, a function pointer to WOSBin_LoadHttpModule (which would have bee

CVE-2026-8362
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-05-27T21:31:32

1 posts

A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome

CVE-2026-8361
(7.5 HIGH)

EPSS: 0.04%

updated 2026-05-27T21:31:32

1 posts

A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome

CVE-2026-8360
(7.5 HIGH)

EPSS: 0.04%

updated 2026-05-27T21:31:32

1 posts

Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() in various DLLs (i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll) can return a NULL pointer (i.e., when no user is logged into the Triofox Server Agent Management Console). The returned NULL pointer is not checked before being dereferenced.

CVE-2026-48027
(9.8 CRITICAL)

EPSS: 26.85%

updated 2026-05-27T20:34:24.850000

3 posts

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx C

CVE-2026-45716
(8.8 HIGH)

EPSS: 0.03%

updated 2026-05-27T20:16:39.200000

1 posts

Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured (the default for self-hosted Budibase instances), this endpoint bypasses the admin-restricted invite flow and directly creates users via bulkCreate, a

CVE-2026-45108
(8.4 HIGH)

EPSS: 0.07%

updated 2026-05-27T20:16:38.550000

1 posts

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant (DAG) flow that allowed a user within the same Entra ID domain to obtain a local Unix session as another user by providing their own valid credentials. The vulnerability existed in the t

CVE-2026-48153
(8.5 HIGH)

EPSS: 0.03%

updated 2026-05-27T19:44:35.987000

1 posts

Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check that every other outbound fetch path in the codebase uses. The Joi schema for the OAuth2 URL has no scheme or host restriction. This vulnerability is fixed in 3.39.0.

CVE-2026-45659
(8.8 HIGH)

EPSS: 0.62%

updated 2026-05-27T18:32:54.337000

1 posts

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

2 repos

https://github.com/HORKimhab/CVE-2026-45659

https://github.com/mistbarbarianspot/CVE-2026-45659-SharePoint-RCE

CVE-2015-2808
(10.0 CRITICAL)

EPSS: 23.36%

updated 2026-05-27T18:32:34

1 posts

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force appro

CVE-2025-14713
(7.5 HIGH)

EPSS: 0.03%

updated 2026-05-27T14:54:20.160000

1 posts

An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server.

CVE-2026-46372
(8.5 HIGH)

EPSS: 0.00%

updated 2026-05-27T06:01:20

2 posts

## Resolution SillyTavern 1.18.0 added a generic server-side request filter (Private Request Whitelisting). Since we expect users to use the application in a trusted environment, the filter is disabled by default, however it is strongly advised to be enabled and properly configured when an instance is being hosted over a network, as suggested by a console warning message and an officially publish

Nuclei template

CVE-2026-5426
(9.1 CRITICAL)

EPSS: 0.07%

updated 2026-05-26T19:16:29.123000

2 posts

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks

1 repos

https://github.com/HORKimhab/CVE-2026-5426

CVE-2026-43284
(7.8 HIGH)

EPSS: 25.56%

updated 2026-05-26T18:32:39

1 posts

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packet data can first make a private copy. The IPv4/IPv6 datagram append paths did not set this flag when

33 repos

https://github.com/6abc/Copy-Fail-CVE-2026-31431-dirty-frag-CVE-2026-43284

https://github.com/AtlasVector/Dirty-Frag-CVE-2026-43284

https://github.com/ryan2929/CVE-2026-43284-

https://github.com/LucasPDiniz/CVE-2026-43284

https://github.com/dixyes/dirtypatch

https://github.com/XRSecCD/202605_dirty_frag

https://github.com/jayhutajulu1/CVE-2026-43284-DirtyFrag-PoC

https://github.com/krisiasty/vcheck

https://github.com/metalx1993/dirtyfrag-patches

https://github.com/haydenjames/dirty-frag-check

https://github.com/FrosterDL/CVE-2026-43284

https://github.com/attaattaatta/CVE-2026-43500

https://github.com/kuniyal08/Dirty-Frag-CVE-2026-43284

https://github.com/gagaltotal/CVE-2026-43284-CVE-2026-43500-scan

https://github.com/0xBlackash/CVE-2026-43284

https://github.com/Percivalll/Dirty-Frag-Kubernetes-PoC

https://github.com/ChernStepanov/DirtyFrag-for-dummies

https://github.com/liamromanis101/DirtyFrag-Detector

https://github.com/scriptzteam/Paranoid-Dirty-Frag-CVE-2026-43284

https://github.com/AK777177/Dirty-Frag-Analysis

https://github.com/mym0us3r/DIRTY-FRAG-Detection-with-Wazuh-4.14.4

https://github.com/suominen/CVE-2026-43284

https://github.com/Aiyakami/rust_dirtyfrag

https://github.com/DylanClaudio/Reporte-de-Escalada-de-Privilegios-Local-Dirty-Frag

https://github.com/grabesec/XCP_ng_CVE-2026-43284_tester

https://github.com/Koshmare-Blossom/DirtyFrag-go

https://github.com/ochebotar/copy-fail-CVE-2026-31431-detection-probe

https://github.com/whosfault/CVE-2026-43284

https://github.com/linnemanlabs/dirtyfrag-arm64

https://github.com/0xlane/pagecache-guard

https://github.com/xd20111/CVE-2026-43284

https://github.com/KaraZajac/DIRTYFAIL

https://github.com/infiniroot/ansible-mitigate-copyfail-dirtyfrag

CVE-2026-47125
(8.8 HIGH)

EPSS: 0.00%

updated 2026-05-23T00:16:58

2 posts

## Summary The `PUT /api/environments/{id}/templates/variables` endpoint, which writes the system-wide `.env.global` file used for variable substitution in every project's compose file, is missing an admin authorization check. Any authenticated non-admin user can call this endpoint with their bearer token or API key and overwrite the global environment variables that are merged into every project

CVE-2026-41091
(7.8 HIGH)

EPSS: 6.98%

updated 2026-05-20T19:06:36.850000

1 posts

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

2 repos

https://github.com/0xBlackash/CVE-2026-41091

https://github.com/ridhinva/defender-vulnerability-scanner

CVE-2026-45498
(4.0 None)

EPSS: 4.11%

updated 2026-05-20T18:31:35

1 posts

Microsoft Defender Denial of Service Vulnerability

1 repos

https://github.com/ridhinva/defender-vulnerability-scanner

CVE-2026-45137
(8.2 HIGH)

EPSS: 0.04%

updated 2026-05-19T16:08:42

1 posts

### Summary An logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential arbitrary cpi in programs that invoke system program instructions. ### Details In the TryFrom<&'a AccountInfo<'a>> implementation for Program<'a, T>, the id of T is compared with Pubkey::default() to check whether anchor should allow any

CVE-2026-31431
(7.8 HIGH)

EPSS: 2.23%

updated 2026-05-18T18:32:28

5 posts

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just

100 repos

https://github.com/qi4L/CVE-2026-31431-Container-Escape

https://github.com/liamromanis101/CVE-2026-31431-Copy-Fail---Vulnerability-Detection-Script

https://github.com/bigwario/copy-fail-CVE-2026-31431-C

https://github.com/AliHzSec/CVE-2026-31431

https://github.com/sudoytang/copyfail-arm64

https://github.com/Sl4cK0TH/CVE-2026-31431-PoC

https://github.com/AdityaBhatt3010/CVE-2026-31431

https://github.com/bootsareme/copyfail-deconstructed

https://github.com/adityasingh108/CVE-2026-31431-Metasploit-exploit

https://github.com/wvverez/CVE-2026-31431-Copy-Fail

https://github.com/xn0kkx/CVE-2026-31431_CopyFail_LinuxKernel_LPE

https://github.com/RoflSecurity/copy_fail

https://github.com/ZephrFish/CopyFail-CVE-2026-31431

https://github.com/Crihexe/copy-fail-tiny-elf-CVE-2026-31431

https://github.com/Boos4721/copyfail-rs

https://github.com/wesmar/CVE-2026-31431

https://github.com/professional-slacker/alg_check

https://github.com/suominen/CVE-2026-31431

https://github.com/sgkdev/ptrace_may_dream

https://github.com/mahdi13830510/CVE-2026-31431-mitigation-suite

https://github.com/povzayd/CVE-2026-31431

https://github.com/painoob/Copy-Fail-Exploit-CVE-2026-31431

https://github.com/philfry/cve-2026-31431-ftrace

https://github.com/ochebotar/copy-fail-CVE-2026-31431-detection-probe

https://github.com/lonelyor/CVE-2026-31431-exp

https://github.com/MrAriaNet/cPanel-Fix

https://github.com/sec17br/CVE-2026-31431-Copy-Fail

https://github.com/Percivalll/Copy-Fail-CVE-2026-31431-Kubernetes-PoC

https://github.com/Dullpurple-sloop726/CVE-2026-31431-Linux-Copy-Fail

https://github.com/rootsecdev/cve_2026_31431

https://github.com/0xBlackash/CVE-2026-31431

https://github.com/Webhosting4U/Copy-Fail_Detect_and_mitigate_CVE-2026-31431

https://github.com/Iamliuxiaozhen/copy_fail

https://github.com/guiimoraes/CVE-2026-31431

https://github.com/Shotafry/CopyFail-Exploits-CVE-2026-31431

https://github.com/adysec/cve-2026-31431

https://github.com/abdullaabdullazade/CVE-2026-31431

https://github.com/Sndav/CVE-2026-31431-Advanced-Exploit

https://github.com/sgkdev/page_inject

https://github.com/theori-io/copy-fail-CVE-2026-31431

https://github.com/MartinPham/copy-fail-CVE-2026-31431-php

https://github.com/JuanBindez/CVE-2026-31431

https://github.com/insomnisec/Detections-CVE-2026-31431

https://github.com/ExploitEoom/CVE-2026-31431

https://github.com/xeloxa/copyfail-exploit

https://github.com/Percivalll/Copy-Fail-CVE-2026-31431-Statically-PoC

https://github.com/tgies/copy-fail-c

https://github.com/0xShe/CVE-2026-31431

https://github.com/novysodope/copy-fail-CVE-2026-31431-C

https://github.com/luotian2/CVE-2026-31431

https://github.com/M4xSec/CVE-2026-31431-RCE-Exploit

https://github.com/wgnet/wg.copyfail.patch

https://github.com/Dabbleam/CVE-2026-31431-mitigation

https://github.com/kvakirsanov/CVE-2026-31431-live-process-code-injection

https://github.com/gbonacini/CVE-2026-31431

https://github.com/Huchangzhi/autorootlinux

https://github.com/aestechno/cve-2026-31431-ansible

https://github.com/darioomatos/cve-2026-31431-copyfail

https://github.com/yxdm02/CVE-2026-31431

https://github.com/Koshmare-Blossom/Copyfail-sh

https://github.com/rvizx/CVE-2026-31431

https://github.com/EynaExp/Copy-Fail-CVE-2026-31431-modernized

https://github.com/cozystack/copy-fail-blocker

https://github.com/Aurillium/RootRemover

https://github.com/badsectorlabs/copyfail-go

https://github.com/ErdemOzgen/copy-fail-cve-2026-31431

https://github.com/Alfredooe/CVE-2026-31431

https://github.com/cyber-joker/copy-fail-python

https://github.com/yandex-cloud-examples/yc-mk8s-copy-fail-mitigation

https://github.com/pascal-gujer/CVE-2026-31431

https://github.com/samanzamani/copy-fail-checker

https://github.com/SeanRickerd/cve-2026-31431

https://github.com/Smarttfoxx/copyfail

https://github.com/XsanFlip/CVE-2026-31431-Patch

https://github.com/desultory/CVE-2026-31431

https://github.com/wuwu001/CVE-2026-31431-exploit

https://github.com/b5null/CVE-2026-31431-C

https://github.com/scriptzteam/Paranoid-Copy-Fail-CVE-2026-31431

https://github.com/kadir/copy-fail-CVE-2026-31431-IOC

https://github.com/beatbeast007/Linux-CopyFail-C-Version-CVE-2026-31431

https://github.com/diemoeve/copyfail-rs

https://github.com/ncmprbll/copy-fail-rs

https://github.com/ben-slates/CVE-2026-31431-Exploit

https://github.com/krisiasty/vcheck

https://github.com/atgreen/block-copyfail

https://github.com/Xerxes-2/CVE-2026-31431-rs

https://github.com/toxy4ny/copy-fail-exploit-on-c-redteam

https://github.com/malwarekid/CVE-2026-31431

https://github.com/KanbaraAkihito/CVE-2026-31431-copyfail-rs

https://github.com/yuspring/cve-2026-31431-poc

https://github.com/iss4cf0ng/CVE-2026-31431-Linux-Copy-Fail

https://github.com/4xura/CVE-2026-31431-Copy-Fail

https://github.com/shadowabi/CVE-2026-31431-CopyFail-Universal-LPE

https://github.com/jbnetwork-git/copy-fail-check

https://github.com/H1d3r/copy-fail_LPE_Interactive

https://github.com/KaraZajac/DIRTYFAIL

https://github.com/infiniroot/ansible-mitigate-copyfail-dirtyfrag

https://github.com/mrunalp/block-copyfail

https://github.com/sammwyy/copyfail-rs

https://github.com/rippsec/CVE-2026-31431-Copy-Fail

CVE-2026-45707
(8.1 HIGH)

EPSS: 0.00%

updated 2026-05-18T17:41:42

1 posts

## Summary When `ENABLE_MULTI_TENANT=true`, the HTTP transport documents that the target n8n instance is selected per-request from `x-n8n-url` / `x-n8n-key` headers. Requests that omitted those headers — or supplied only one of them — silently fell back to the process-level `N8N_API_URL` / `N8N_API_KEY` credentials configured for the operator's own n8n instance. As a result, an authenticated MCP

CVE-2026-45697
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-05-18T17:23:40

2 posts

### Impact - Unauthenticated users could submit crafted values into Hidden fields (with Default value → Custom) that were evaluated as Twig during submission handling, which could lead to serious compromise of the Craft site (depending on template/sandbox behavior). - Sites with public Formie forms that include at least one Hidden field with that configuration. - No CP login for the reported chain

CVE-2026-43500
(7.8 HIGH)

EPSS: 27.00%

updated 2026-05-17T16:16:16.740000

1 posts

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() copy the skb to a linear one before calling into the security ops only when skb_cloned() is true. An skb that is not cloned but still carries externally-o

15 repos

https://github.com/haydenjames/dirty-frag-check

https://github.com/Koshmare-Blossom/DirtyFrag-go

https://github.com/attaattaatta/CVE-2026-43500

https://github.com/vorkampfer/dirty_frag_mitigation

https://github.com/linnemanlabs/dirtyfrag-arm64

https://github.com/liamromanis101/DirtyFrag-Detector

https://github.com/0xlane/pagecache-guard

https://github.com/AK777177/Dirty-Frag-Analysis

https://github.com/gagaltotal/CVE-2026-43284-CVE-2026-43500-scan

https://github.com/KaraZajac/DIRTYFAIL

https://github.com/mym0us3r/DIRTY-FRAG-Detection-with-Wazuh-4.14.4

https://github.com/XRSecCD/202605_dirty_frag

https://github.com/krisiasty/vcheck

https://github.com/metalx1993/dirtyfrag-patches

https://github.com/DylanClaudio/Reporte-de-Escalada-de-Privilegios-Local-Dirty-Frag