CVE-2026-8751: h2oai h2o-3 up to Deserialization
h2oai h2o-3 up to deserialization (CVE-2026-8751) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
Intelligence Feed
Dispatches from the lab
The Sherlock Forensics Intelligence Feed provides expert analysis of AI code security, vibe coding vulnerabilities, CVE advisories and digital forensics methodologies from certified examiners with over 20 years of field experience in Vancouver, BC.
Weekly Roundup
CVE-2026-8755: A flaw has been Directory traversal
A flaw has been directory traversal (CVE-2026-8755) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8756: fishaudio Bert-VITS2 up to Directory traversal
fishaudio Bert-VITS2 up to directory traversal (CVE-2026-8756) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8757: adenhq hive up to Directory traversal
adenhq hive up to directory traversal (CVE-2026-8757) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8758: Metasoft 美特软件 MetaCRM up Vulnerability
Metasoft 美特软件 MetaCRM up vulnerability (CVE-2026-8758) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8759: xiandafu beetl up to Vulnerability
xiandafu beetl up to vulnerability (CVE-2026-8759) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8764: A security vulnerability has Buffer overflow
A security vulnerability has buffer overflow (CVE-2026-8764) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8768: vercel ai up to Vulnerability
vercel ai up to vulnerability (CVE-2026-8768) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7498: Improper neutralization of input Cross-site scripting
Improper neutralization of input cross-site scripting (CVE-2026-7498) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8771: linlinjava litemall up to SQL injection
linlinjava litemall up to SQL injection (CVE-2026-8771) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8775: A flaw has been Buffer overflow
A flaw has been buffer overflow (CVE-2026-8775) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8776: Edimax BR-6428NS 1.10. This Buffer overflow
Edimax BR-6428NS 1.10. This buffer overflow (CVE-2026-8776) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8785: A flaw has been SQL injection
A flaw has been SQL injection (CVE-2026-8785) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8719: AI Engine – The PrivilegEscalation
AI Engine – The privilege escalation (CVE-2026-8719) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8725: A weakness has been Vulnerability
A weakness has been vulnerability (CVE-2026-8725) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8734: Oinone Pamirs up to SQL injection
Oinone Pamirs up to SQL injection (CVE-2026-8734) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-46364: phpMyFAQ before 4.1.2 unauthenticated SQL injection
phpMyFAQ before 4.1.2 unauthenticated SQL injection (CVE-2026-46364) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2025-11024: Improper neutralization of special SQL injection
Improper neutralization of special SQL injection (CVE-2025-11024) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2025-12008: Authorization bypass through User-Controlled CVSS 8.8
Authorization bypass through User-Contro (CVE-2025-12008) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2025-15023: Incorrect Authorization vulnerability in Authorization bypass
Incorrect Authorization vulnerability in authorization bypass (CVE-2025-15023) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2025-15024: Improper Control of Generation Code injection
Improper Control of Generation code injection (CVE-2025-15024) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2025-15025: Authorization bypass through User-Controlled CVSS 8.8
Authorization bypass through User-Contro (CVE-2025-15025) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-20224: A vulnerability in the XXE
A vulnerability in the XXE (CVE-2026-20224) scores CVSS 8.6 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-2347: Authorization bypass through User-Controlled CVSS 9.8
Authorization bypass through User-Contro (CVE-2026-2347) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-4029: Database Backup for WordPress Vulnerability
Database Backup for WordPress vulnerability (CVE-2026-4029) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-4030: Database Backup for WordPress File read
Database Backup for WordPress file read (CVE-2026-4030) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-4031: Database Backup for WordPress Authorization bypass
Database Backup for WordPress authorization bypass (CVE-2026-4031) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41615: Exposure of sensitive information Vulnerability
Exposure of sensitive information vulnerability (CVE-2026-41615) scores CVSS 9.6 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-42897: Improper neutralization of input Cross-site scripting
Improper neutralization of input cross-site scripting (CVE-2026-42897) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8621: Crabbox prior to v0.12.0 Authentication bypass
Crabbox prior to v0.12.0 authentication bypass (CVE-2026-8621) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8629: Crabbox prior to v0.12.0 PrivilegEscalation
Crabbox prior to v0.12.0 privilege escalation (CVE-2026-8629) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8634: Crabbox prior to v0.12.0 Vulnerability
Crabbox prior to v0.12.0 vulnerability (CVE-2026-8634) scores CVSS 9.1 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-4094: FOX – Currency Switcher Vulnerability
FOX – Currency Switcher vulnerability (CVE-2026-4094) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5229: Form Notify plugin for Authentication bypass
Form Notify plugin for authentication bypass (CVE-2026-5229) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-6228: Frontend Admin by DynamiApps PrivilegEscalation
Frontend Admin by DynamiApps privilege escalation (CVE-2026-6228) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6403: Quick Playground plugin for Directory traversal
Quick Playground plugin for directory traversal (CVE-2026-6403) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-20916: An authenticated iControl REST File read
An authenticated iControl REST file read (CVE-2026-20916) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-32673: A vulnerability exists in CVSS 8.7
A vulnerability exists in (CVE-2026-32673) scores CVSS 8.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34176: When running in Appliance Command injection
When running in Appliance command injection (CVE-2026-34176) scores CVSS 8.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-3425: RTMKit Addons for Elementor Authorization bypass
RTMKit Addons for Elementor authorization bypass (CVE-2026-3425) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-39455: When the BIG-IP Configuration Vulnerability
When the BIG-IP Configuration vulnerability (CVE-2026-39455) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-39458: When a BIG-IP DNS Vulnerability
When a BIG-IP DNS vulnerability (CVE-2026-39458) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-39459: A vulnerability exists in CVSS 7.2
A vulnerability exists in (CVE-2026-39459) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40061: When BIG-IP DNS is Vulnerability
When BIG-IP DNS is vulnerability (CVE-2026-40061) scores CVSS 8.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40423: When a SIProfile Vulnerability
When a SIP profile vulnerability (CVE-2026-40423) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40618: When an SSL profile Vulnerability
When an SSL profile vulnerability (CVE-2026-40618) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40631: An authenticated attacker with PrivilegEscalation
An authenticated attacker with privilege escalation (CVE-2026-40631) scores CVSS 8.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40698: A vulnerability exists in PrivilegEscalation
A vulnerability exists in privilege escalation (CVE-2026-40698) scores CVSS 8.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41217: A vulnerability exists in CVSS 7.9
A vulnerability exists in (CVE-2026-41217) scores CVSS 7.9 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41218: When BIG-IPEM iRules Vulnerability
When BIG-IP PEM iRules vulnerability (CVE-2026-41218) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41225: A vulnerability exists in CVSS 9.1
A vulnerability exists in (CVE-2026-41225) scores CVSS 9.1 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-41227: On an HTTP/2 virtual Denial of service
On an HTTP/2 virtual denial of service (CVE-2026-41227) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41953: A vulnerability exists in PrivilegEscalation
A vulnerability exists in privilege escalation (CVE-2026-41953) scores CVSS 8.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41956: When a classification profile Vulnerability
When a classification profile vulnerability (CVE-2026-41956) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41957: An authenticated remote code Remote codExecution
An authenticated remote code remote code execution (CVE-2026-41957) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42409: When an HTTP/2 profile Vulnerability
When an HTTP/2 profile vulnerability (CVE-2026-42409) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42920: When a Client SSL Vulnerability
When a Client SSL vulnerability (CVE-2026-42920) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42924: An authenticated attacker with PrivilegEscalation
An authenticated attacker with privilege escalation (CVE-2026-42924) scores CVSS 8.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42930: When running in Appliance Vulnerability
When running in Appliance vulnerability (CVE-2026-42930) scores CVSS 8.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-44293: protobufjs project protobufjs Vulnerability
protobufjs project protobufjs vulnerability (CVE-2026-44293) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-45229: Quark Drive before 0.8.5 Vulnerability
Quark Drive before 0.8.5 vulnerability (CVE-2026-45229) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-4609: ProfileGrid – User Profiles, Vulnerability
ProfileGrid – User Profiles, vulnerability (CVE-2026-4609) scores CVSS 7.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-4798: Avada Builder plugin for SQL injection
Avada Builder plugin for SQL injection (CVE-2026-4798) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5773: haxx curl Vulnerability
haxx curl vulnerability (CVE-2026-5773) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6177: Custom Twitter Feeds plugin Cross-site scripting
Custom Twitter Feeds plugin cross-site scripting (CVE-2026-6177) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6281: A potential vulnerability was Remote codExecution
A potential vulnerability was remote code execution (CVE-2026-6281) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6282: A potential improper file Vulnerability
A potential improper file vulnerability (CVE-2026-6282) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-3718: ManageWP Worker plugin for Cross-site scripting
ManageWP Worker plugin for cross-site scripting (CVE-2026-3718) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-3892: Motors – Car Dealership File read
Motors – Car Dealership file read (CVE-2026-3892) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5395: Fluent Forms – Customizable Vulnerability
Fluent Forms – Customizable vulnerability (CVE-2026-5395) scores CVSS 8.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5396: Fluent Forms plugin for Authorization bypass
Fluent Forms plugin for authorization bypass (CVE-2026-5396) scores CVSS 8.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6271: Career Section plugin foRemote codExecution
Career Section plugin for remote code execution (CVE-2026-6271) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-6506: InfusedWoo Pro plugin for PrivilegEscalation
InfusedWoo Pro plugin for privilege escalation (CVE-2026-6506) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6510: InfusedWoo Pro plugin for PrivilegEscalation
InfusedWoo Pro plugin for privilege escalation (CVE-2026-6510) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-6512: InfusedWoo Pro plugin for Authorization bypass
InfusedWoo Pro plugin for authorization bypass (CVE-2026-6512) scores CVSS 9.1 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-6514: InfusedWoo Pro plugin for File read
InfusedWoo Pro plugin for file read (CVE-2026-6514) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8181: BurStatistics – Privacy-Friendly PrivilegEscalation
Burst Statistics – Privacy-Friendly privilege escalation (CVE-2026-8181) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2025-40833: affecteDevices contain a Denial of service
affected devices contain a denial of service (CVE-2025-40833) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2025-40947: RUGGEDCOM ROX MX5000
RUGGEDCOM ROX MX5000 (All remote code execution (CVE-2025-40947) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2025-40949: RUGGEDCOM ROX MX5000
RUGGEDCOM ROX MX5000 (All remote code execution (CVE-2025-40949) scores CVSS 9.1 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2025-6577: Improper neutralization of special SQL injection
Improper neutralization of special SQL injection (CVE-2025-6577) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-1250: Court Reservation – Manage SQL injection
Court Reservation – Manage SQL injection (CVE-2026-1250) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-22924: SIMATICN 4100
SIMATIC CN 4100 (All vulnerability (CVE-2026-22924) scores CVSS 9.1 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-22925: SIMATICN 4100
SIMATIC CN 4100 (All vulnerability (CVE-2026-22925) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-2465: Incorrect Authorization vulnerability in PrivilegEscalation
Incorrect Authorization vulnerability in privilege escalation (CVE-2026-2465) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-25786: AffecteDevices do not Vulnerability
Affected devices do not vulnerability (CVE-2026-25786) scores CVSS 9.1 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-25787: AffecteDevices do not Vulnerability
Affected devices do not vulnerability (CVE-2026-25787) scores CVSS 9.1 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-25789: AffecteDevices do not Vulnerability
Affected devices do not vulnerability (CVE-2026-25789) scores CVSS 7.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-27662: AffecteDevices do not Vulnerability
Affected devices do not vulnerability (CVE-2026-27662) scores CVSS 7.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-32161: Concurrent execution using shared Vulnerability
Concurrent execution using shared vulnerability (CVE-2026-32161) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-32177: Heap-based buffer overflow in PrivilegEscalation
Heap-based buffer overflow in privilege escalation (CVE-2026-32177) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-32204: External control oFile PrivilegEscalation
External control of file privilege escalation (CVE-2026-32204) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-33110: Deserialization of untrusteData CVSS 8.8
Deserialization of untrusted data (CVE-2026-33110) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-33112: Deserialization of untrusteData CVSS 8.8
Deserialization of untrusted data (CVE-2026-33112) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-33117: Improper authentication in Azure Vulnerability
Improper authentication in Azure vulnerability (CVE-2026-33117) scores CVSS 9.1 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-33833: Improper neutralization of special Vulnerability
Improper neutralization of special vulnerability (CVE-2026-33833) scores CVSS 8.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-33834: Improper access control in PrivilegEscalation
Improper access control in privilege escalation (CVE-2026-33834) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-33835: Use after free in PrivilegEscalation
Use after free in privilege escalation (CVE-2026-33835) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-33837: Heap-based buffer overflow in PrivilegEscalation
Heap-based buffer overflow in privilege escalation (CVE-2026-33837) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-33838: Double free in Windows PrivilegEscalation
Double free in Windows privilege escalation (CVE-2026-33838) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-33839: Concurrent execution using shared PrivilegEscalation
Concurrent execution using shared privilege escalation (CVE-2026-33839) scores CVSS 7.0 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-33840: Use after free in PrivilegEscalation
Use after free in privilege escalation (CVE-2026-33840) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-33841: Heap-based buffer overflow in PrivilegEscalation
Heap-based buffer overflow in privilege escalation (CVE-2026-33841) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34329: Heap-based buffer overflow in CVSS 8.8
Heap-based buffer overflow in (CVE-2026-34329) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34330: Integer overflow or wraparound PrivilegEscalation
Integer overflow or wraparound privilege escalation (CVE-2026-34330) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34331: Concurrent execution using shared PrivilegEscalation
Concurrent execution using shared privilege escalation (CVE-2026-34331) scores CVSS 7.0 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34332: Use after free in Vulnerability
Use after free in vulnerability (CVE-2026-34332) scores CVSS 8.0 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34333: Use after free in PrivilegEscalation
Use after free in privilege escalation (CVE-2026-34333) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34334: Concurrent execution using shared PrivilegEscalation
Concurrent execution using shared privilege escalation (CVE-2026-34334) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34336: Buffer over-read in Windows Vulnerability
Buffer over-read in Windows vulnerability (CVE-2026-34336) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34337: Use after free in PrivilegEscalation
Use after free in privilege escalation (CVE-2026-34337) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34338: Use after free in PrivilegEscalation
Use after free in privilege escalation (CVE-2026-34338) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34340: Use after free in PrivilegEscalation
Use after free in privilege escalation (CVE-2026-34340) scores CVSS 7.0 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34341: Double free in Windows PrivilegEscalation
Double free in Windows privilege escalation (CVE-2026-34341) scores CVSS 7.0 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34342: Concurrent execution using shared PrivilegEscalation
Concurrent execution using shared privilege escalation (CVE-2026-34342) scores CVSS 7.0 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34343: Heap-based buffer overflow in PrivilegEscalation
Heap-based buffer overflow in privilege escalation (CVE-2026-34343) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34344: Access of resource using PrivilegEscalation
Access of resource using privilege escalation (CVE-2026-34344) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34345: Concurrent execution using shared PrivilegEscalation
Concurrent execution using shared privilege escalation (CVE-2026-34345) scores CVSS 7.0 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34347: Use after free in PrivilegEscalation
Use after free in privilege escalation (CVE-2026-34347) scores CVSS 7.0 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34351: Concurrent execution using shared PrivilegEscalation
Concurrent execution using shared privilege escalation (CVE-2026-34351) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34636: Premiere Pro versions 26.0.2, Remote codExecution
Premiere Pro versions 26.0.2, remote code execution (CVE-2026-34636) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34637: Premiere Pro versions 26.0.2, Remote codExecution
Premiere Pro versions 26.0.2, remote code execution (CVE-2026-34637) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34638: Premiere Pro versions 26.0.2, Remote codExecution
Premiere Pro versions 26.0.2, remote code execution (CVE-2026-34638) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34639: Media Encoder versions 26.0.2, Remote codExecution
Media Encoder versions 26.0.2, remote code execution (CVE-2026-34639) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34640: Media Encoder versions 26.0.2, Remote codExecution
Media Encoder versions 26.0.2, remote code execution (CVE-2026-34640) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34642: After Effects versions 26.0, Remote codExecution
After Effects versions 26.0, remote code execution (CVE-2026-34642) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34643: After Effects versions 26.0, Remote codExecution
After Effects versions 26.0, remote code execution (CVE-2026-34643) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34644: After Effects versions 26.0, Remote codExecution
After Effects versions 26.0, remote code execution (CVE-2026-34644) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34645: Adobe Commerce versions 2.4.9-beta1, Authorization bypass
Adobe Commerce versions 2.4.9-beta1, authorization bypass (CVE-2026-34645) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34646: Adobe Commerce versions 2.4.9-beta1, Authorization bypass
Adobe Commerce versions 2.4.9-beta1, authorization bypass (CVE-2026-34646) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34647: Adobe Commerce versions 2.4.9-beta1, SSRF
Adobe Commerce versions 2.4.9-beta1, SSRF (CVE-2026-34647) scores CVSS 7.4 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34648: Adobe Commerce versions 2.4.9-beta1, Vulnerability
Adobe Commerce versions 2.4.9-beta1, vulnerability (CVE-2026-34648) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34649: Adobe Commerce versions 2.4.9-beta1, Vulnerability
Adobe Commerce versions 2.4.9-beta1, vulnerability (CVE-2026-34649) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34650: Adobe Commerce versions 2.4.9-beta1, Vulnerability
Adobe Commerce versions 2.4.9-beta1, vulnerability (CVE-2026-34650) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34651: Adobe Commerce versions 2.4.9-beta1, Vulnerability
Adobe Commerce versions 2.4.9-beta1, vulnerability (CVE-2026-34651) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34652: Adobe Commerce versions 2.4.9-beta1, Vulnerability
Adobe Commerce versions 2.4.9-beta1, vulnerability (CVE-2026-34652) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34653: Adobe Commerce versions 2.4.9-beta1, Directory traversal
Adobe Commerce versions 2.4.9-beta1, directory traversal (CVE-2026-34653) scores CVSS 8.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34659: Adobe Connect versions 2025.9.15, Remote codExecution
Adobe Connect versions 2025.9.15, remote code execution (CVE-2026-34659) scores CVSS 9.6 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-34660: Adobe Connect versions 2025.9.15, Remote codExecution
Adobe Connect versions 2025.9.15, remote code execution (CVE-2026-34660) scores CVSS 9.3 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-34661: adobe illustratoRemote codExecution
adobe illustrator remote code execution (CVE-2026-34661) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34665: CAI Content Credentials versions Vulnerability
CAI Content Credentials versions vulnerability (CVE-2026-34665) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34675: adobe substance 3d painteRemote codExecution
adobe substance 3d painter remote code execution (CVE-2026-34675) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34676: adobe substance 3d painteRemote codExecution
adobe substance 3d painter remote code execution (CVE-2026-34676) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34681: Substance3D - Designer versions Remote codExecution
Substance3D - Designer versions remote code execution (CVE-2026-34681) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34682: Substance3D - Designer versions Remote codExecution
Substance3D - Designer versions remote code execution (CVE-2026-34682) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34686: Adobe Commerce versions 2.4.9-beta1, Cross-site scripting
Adobe Commerce versions 2.4.9-beta1, cross-site scripting (CVE-2026-34686) scores CVSS 8.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34687: adobe illustratoRemote codExecution
adobe illustrator remote code execution (CVE-2026-34687) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34690: After Effects versions 26.0, Remote codExecution
After Effects versions 26.0, remote code execution (CVE-2026-34690) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-35415: Integer overflow or wraparound PrivilegEscalation
Integer overflow or wraparound privilege escalation (CVE-2026-35415) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-35416: Use after free in PrivilegEscalation
Use after free in privilege escalation (CVE-2026-35416) scores CVSS 7.0 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-35417: Access of resource using PrivilegEscalation
Access of resource using privilege escalation (CVE-2026-35417) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-35418: Use after free in PrivilegEscalation
Use after free in privilege escalation (CVE-2026-35418) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-35420: Heap-based buffer overflow in PrivilegEscalation
Heap-based buffer overflow in privilege escalation (CVE-2026-35420) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-35421: Heap-based buffer overflow in CVSS 7.8
Heap-based buffer overflow in (CVE-2026-35421) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-35424: Missing release of memory Vulnerability
Missing release of memory vulnerability (CVE-2026-35424) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-35436: Insufficient granularity of access PrivilegEscalation
Insufficient granularity of access privilege escalation (CVE-2026-35436) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-35438: Missing authorization in Windows PrivilegEscalation
Missing authorization in Windows privilege escalation (CVE-2026-35438) scores CVSS 8.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-35439: Deserialization of untrusteData CVSS 8.8
Deserialization of untrusted data (CVE-2026-35439) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40357: Deserialization of untrusteData CVSS 8.8
Deserialization of untrusted data (CVE-2026-40357) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40358: Use after free in Vulnerability
Use after free in vulnerability (CVE-2026-40358) scores CVSS 8.4 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40359: Use after free in Vulnerability
Use after free in vulnerability (CVE-2026-40359) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40360: Out-of-bounds read in Microsoft Vulnerability
Out-of-bounds read in Microsoft vulnerability (CVE-2026-40360) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40361: Use after free in Vulnerability
Use after free in vulnerability (CVE-2026-40361) scores CVSS 8.4 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40362: Heap-based buffer overflow in CVSS 7.8
Heap-based buffer overflow in (CVE-2026-40362) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40363: Heap-based buffer overflow in CVSS 8.4
Heap-based buffer overflow in (CVE-2026-40363) scores CVSS 8.4 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40364: Access of resource using Vulnerability
Access of resource using vulnerability (CVE-2026-40364) scores CVSS 8.4 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40365: Insufficient granularity of access Authorization bypass
Insufficient granularity of access authorization bypass (CVE-2026-40365) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40366: Use after free in Vulnerability
Use after free in vulnerability (CVE-2026-40366) scores CVSS 8.4 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40367: Untrusted pointer dereference in Vulnerability
Untrusted pointer dereference in vulnerability (CVE-2026-40367) scores CVSS 8.4 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40368: Deserialization of untrusteData CVSS 8.0
Deserialization of untrusted data (CVE-2026-40368) scores CVSS 8.0 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40369: Untrusted pointer dereference in PrivilegEscalation
Untrusted pointer dereference in privilege escalation (CVE-2026-40369) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40377: Heap-based buffer overflow in PrivilegEscalation
Heap-based buffer overflow in privilege escalation (CVE-2026-40377) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40379: Exposure of sensitive information Vulnerability
Exposure of sensitive information vulnerability (CVE-2026-40379) scores CVSS 9.3 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-40381: Improper access control in PrivilegEscalation
Improper access control in privilege escalation (CVE-2026-40381) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40382: Use after free in PrivilegEscalation
Use after free in privilege escalation (CVE-2026-40382) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40397: Integer underflow
Integer underflow (wrap or privilege escalation (CVE-2026-40397) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40398: Heap-based buffer overflow in PrivilegEscalation
Heap-based buffer overflow in privilege escalation (CVE-2026-40398) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40399: Stack-based buffer overflow in PrivilegEscalation
Stack-based buffer overflow in privilege escalation (CVE-2026-40399) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40401: Null pointer dereference in Vulnerability
Null pointer dereference in vulnerability (CVE-2026-40401) scores CVSS 7.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40402: Use after free in PrivilegEscalation
Use after free in privilege escalation (CVE-2026-40402) scores CVSS 9.3 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-40403: Heap-based buffer overflow in CVSS 8.8
Heap-based buffer overflow in (CVE-2026-40403) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40405: Null pointer dereference in Vulnerability
Null pointer dereference in vulnerability (CVE-2026-40405) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40406: Use after free in Vulnerability
Use after free in vulnerability (CVE-2026-40406) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40407: Heap-based buffer overflow in PrivilegEscalation
Heap-based buffer overflow in privilege escalation (CVE-2026-40407) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40408: Use after free in PrivilegEscalation
Use after free in privilege escalation (CVE-2026-40408) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40410: Use after free in PrivilegEscalation
Use after free in privilege escalation (CVE-2026-40410) scores CVSS 7.0 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40413: Null pointer dereference in Vulnerability
Null pointer dereference in vulnerability (CVE-2026-40413) scores CVSS 7.4 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40414: Null pointer dereference in Vulnerability
Null pointer dereference in vulnerability (CVE-2026-40414) scores CVSS 7.4 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40415: Use after free in Vulnerability
Use after free in vulnerability (CVE-2026-40415) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40417: Weak authentication in Dynamics PrivilegEscalation
Weak authentication in Dynamics privilege escalation (CVE-2026-40417) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40418: Use after free in PrivilegEscalation
Use after free in privilege escalation (CVE-2026-40418) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40419: Use after free in PrivilegEscalation
Use after free in privilege escalation (CVE-2026-40419) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40420: Improper access control in PrivilegEscalation
Improper access control in privilege escalation (CVE-2026-40420) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41086: Improper access control in PrivilegEscalation
Improper access control in privilege escalation (CVE-2026-41086) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41088: External control oFile PrivilegEscalation
External control of file privilege escalation (CVE-2026-41088) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41089: Stack-based buffer overflow in CVSS 9.8
Stack-based buffer overflow in (CVE-2026-41089) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-41094: Improper control of generation Code injection
Improper control of generation code injection (CVE-2026-41094) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41096: Heap-based buffer overflow in CVSS 9.8
Heap-based buffer overflow in (CVE-2026-41096) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-41101: Improper access control in Authorization bypass
Improper access control in authorization bypass (CVE-2026-41101) scores CVSS 7.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41102: Improper access control in Authorization bypass
Improper access control in authorization bypass (CVE-2026-41102) scores CVSS 7.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41103: Incorrect implementation of authentication PrivilegEscalation
Incorrect implementation of authenticati privilege escalation (CVE-2026-41103) scores CVSS 9.1 CRITICAL. Analysis of affected systems and remediation steps
CVE-2026-41109: Improper neutralization of special Vulnerability
Improper neutralization of special vulnerability (CVE-2026-41109) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41551: ROS#
ROS# (All versions < directory traversal (CVE-2026-41551) scores CVSS 9.1 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-41611: Improper neutralization of script-related Cross-site scripting
Improper neutralization of script-relate cross-site scripting (CVE-2026-41611) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42823: Improper access control in PrivilegEscalation
Improper access control in privilege escalation (CVE-2026-42823) scores CVSS 9.9 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-42825: Use after free in PrivilegEscalation
Use after free in privilege escalation (CVE-2026-42825) scores CVSS 7.0 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42831: Heap-based buffer overflow in CVSS 7.8
Heap-based buffer overflow in (CVE-2026-42831) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42832: Improper access control in Authorization bypass
Improper access control in authorization bypass (CVE-2026-42832) scores CVSS 7.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42833: Execution with unnecessary privileges Vulnerability
Execution with unnecessary privileges vulnerability (CVE-2026-42833) scores CVSS 9.1 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-42893: Improper neutralization of special Command injection
Improper neutralization of special command injection (CVE-2026-42893) scores CVSS 7.4 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42896: Integer overflow or wraparound PrivilegEscalation
Integer overflow or wraparound privilege escalation (CVE-2026-42896) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42898: Improper control of generation Code injection
Improper control of generation code injection (CVE-2026-42898) scores CVSS 9.9 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-44412: Solid Edge SE2026
Solid Edge SE2026 (All vulnerability (CVE-2026-44412) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-45225: Heym before 0.0.21 path Directory traversal
Heym before 0.0.21 path directory traversal (CVE-2026-45225) scores CVSS 7.6 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-45226: Heym before 0.0.21 Authorization bypass
Heym before 0.0.21 authorization authorization bypass (CVE-2026-45226) scores CVSS 7.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-45227: Heym before 0.0.21 sandbox Vulnerability
Heym before 0.0.21 sandbox vulnerability (CVE-2026-45227) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5371: MonsterInsights – Google Analytics Vulnerability
MonsterInsights – Google Analytics vulnerability (CVE-2026-5371) scores CVSS 7.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6001: Authorization bypass through User-Controlled CVSS 8.8
Authorization bypass through User-Contro (CVE-2026-6001) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8429: SPIP versions prior to Remote codExecution
SPIP versions prior to remote code execution (CVE-2026-8429) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8449: Linux ksmbd remote memory PrivilegEscalation
Linux ksmbd remote memory privilege escalation (CVE-2026-8449) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2021-47923: OpenCart 3.0.3.8 session fixation Vulnerability
OpenCart 3.0.3.8 session fixation vulnerability (CVE-2021-47923) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2021-47928: OpencarTMD Vendor System SQL injection
Opencart TMD Vendor System SQL injection (CVE-2021-47928) scores CVSS 8.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2021-47930: Balbooa Joomla Forms Builder SQL injection
Balbooa Joomla Forms Builder SQL injection (CVE-2021-47930) scores CVSS 8.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2021-47932: WordPress TheCartPress 1.5.3.6 unauthenticated
WordPress TheCartPress 1.5.3.6 unauthent privilege escalation (CVE-2021-47932) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps
CVE-2021-47933: WordPress MStore API 2.0.6 Remote codExecution
WordPress MStore API 2.0.6 remote code execution (CVE-2021-47933) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2021-47935: Sentry 8.2.0 remote code Remote codExecution
Sentry 8.2.0 remote code remote code execution (CVE-2021-47935) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2021-47936: OpenCATS 0.9.4 remote code Remote codExecution
OpenCATS 0.9.4 remote code remote code execution (CVE-2021-47936) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2021-47937: e107 CMS 2.3.0 Remote codExecution
e107 CMS 2.3.0 remote remote code execution (CVE-2021-47937) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2021-47938: ImpressCMS 1.4.2 remote code Remote codExecution
ImpressCMS 1.4.2 remote code remote code execution (CVE-2021-47938) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2021-47939: Evolution CMS 3.1.6 Remote codExecution
Evolution CMS 3.1.6 remote remote code execution (CVE-2021-47939) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2021-47940: WordPress Plugin Download From File read
WordPress Plugin Download From file read (CVE-2021-47940) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2021-47941: WordPress Plugin Survey & SQL injection
WordPress Plugin Survey & SQL injection (CVE-2021-47941) scores CVSS 8.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2021-47943: TextPattern CMS 4.8.7 Remote codExecution
TextPattern CMS 4.8.7 remote remote code execution (CVE-2021-47943) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2021-47944: memoNotepad 4.2 Denial of service
memono Notepad 4.2 denial denial of service (CVE-2021-47944) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2021-47945: ArguSurveillance DVR 4.0 Vulnerability
Argus Surveillance DVR 4.0 vulnerability (CVE-2021-47945) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2021-47949: CyberPanel 2.1 command execution File read
CyberPanel 2.1 command execution file read (CVE-2021-47949) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34963: barebox version prior to Buffer overflow
barebox version prior to buffer overflow (CVE-2026-34963) scores CVSS 8.4 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-43639: Bitwarden Server prior to Vulnerability
Bitwarden Server prior to vulnerability (CVE-2026-43639) scores CVSS 8.0 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-43640: Bitwarden Server prior to Vulnerability
Bitwarden Server prior to vulnerability (CVE-2026-43640) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-44995: OpenClaw before 2026.4.20 improper Code injection
OpenClaw before 2026.4.20 improper code injection (CVE-2026-44995) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-45001: OpenClaw before 2026.4.20 guard SSRF
OpenClaw before 2026.4.20 guard SSRF (CVE-2026-45001) scores CVSS 7.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-45004: OpenClaw before 2026.4.23 arbitrary Remote codExecution
OpenClaw before 2026.4.23 arbitrary remote code execution (CVE-2026-45004) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-45006: OpenClaw before 2026.4.23 improper Authorization bypass
OpenClaw before 2026.4.23 improper authorization bypass (CVE-2026-45006) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-4802: A flaWas found Vulnerability
A flaw was found vulnerability (CVE-2026-4802) scores CVSS 8.0 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8305: OpenClaw up to 2026.1.24. Vulnerability
OpenClaw up to 2026.1.24. vulnerability (CVE-2026-8305) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8321: inkeep agents 0.58.14. This Authentication bypass
inkeep agents 0.58.14. This authentication bypass (CVE-2026-8321) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-2993: AI Chatbot & Workflow SQL injection
AI Chatbot & Workflow SQL injection (CVE-2026-2993) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34259: Due to an OS Vulnerability
Due to an OS vulnerability (CVE-2026-34259) scores CVSS 8.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34260: SAP S/4HANA
SAP S/4HANA (SAP Enterprise SQL injection (CVE-2026-34260) scores CVSS 9.6 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-34263: Due to improper Spring Code injection
Due to improper Spring code injection (CVE-2026-34263) scores CVSS 9.6 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-6690: LifePress plugin for WordPress Cross-site scripting
LifePress plugin for WordPress cross-site scripting (CVE-2026-6690) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7256: ** UNSUPPORTED WHEN ASSIGNED Command injection
** UNSUPPORTED WHEN ASSIGNED command injection (CVE-2026-7256) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7287: ** UNSUPPORTED WHEN ASSIGNED Buffer overflow
** UNSUPPORTED WHEN ASSIGNED buffer overflow (CVE-2026-7287) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2022-50944: Aero CMS 0.0.1 PHP Code injection
Aero CMS 0.0.1 PHP code injection (CVE-2022-50944) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8260: D-Link DCS-935L up to Buffer overflow
D-Link DCS-935L up to buffer overflow (CVE-2026-8260) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8216: Industrial Application Software IAS Vulnerability
Industrial Application Software IAS vulnerability (CVE-2026-8216) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8234: A security vulnerability has Buffer overflow
A security vulnerability has buffer overflow (CVE-2026-8234) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2022-50994: DrayTek Vigor 2960 firmwaRemote codExecution
DrayTek Vigor 2960 firmware remote code execution (CVE-2022-50994) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-39816: apache nifi Vulnerability
apache nifi vulnerability (CVE-2026-39816) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41583: zfnd zebra-script Vulnerability
zfnd zebra-script vulnerability (CVE-2026-41583) scores CVSS 9.1 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-41584: zfnd zebra-chain Vulnerability
zfnd zebra-chain vulnerability (CVE-2026-41584) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-44335: PraisonaiagentSSRF
praison praisonaiagents SSRF (CVE-2026-44335) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-44336: Praisonai Remote codExecution
praison praisonai remote code execution (CVE-2026-44336) scores CVSS 9.6 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-44400: MailEnablEnterprise Premium 10.55 Authorization bypass
MailEnable Enterprise Premium 10.55 authorization bypass (CVE-2026-44400) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-44497: zfnd zebra-script Vulnerability
zfnd zebra-script vulnerability (CVE-2026-44497) scores CVSS 9.1 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-44498: zfnd zebrad Vulnerability
zfnd zebrad vulnerability (CVE-2026-44498) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7807: SmarterToolSmarterMail builds prior Vulnerability
SmarterTools SmarterMail builds prior vulnerability (CVE-2026-7807) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2025-14341: Improperly controlled modification of Vulnerability
Improperly controlled modification of vulnerability (CVE-2025-14341) scores CVSS 8.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-26164: Improper neutralization of special Vulnerability
Improper neutralization of special vulnerability (CVE-2026-26164) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-32207: Improper neutralization of input Cross-site scripting
Improper neutralization of input cross-site scripting (CVE-2026-32207) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-33109: Improper access control in Authorization bypass
Improper access control in authorization bypass (CVE-2026-33109) scores CVSS 9.9 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-33111: Improper neutralization of special Command injection
Improper neutralization of special command injection (CVE-2026-33111) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-33587: lfnovOpen-notebook Vulnerability
lfnovo open-notebook vulnerability (CVE-2026-33587) scores CVSS 10.0 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-33588: lfnovOpen-notebook Directory traversal
lfnovo open-notebook directory traversal (CVE-2026-33588) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-33823: Improper authorization in Microsoft Authorization bypass
Improper authorization in Microsoft authorization bypass (CVE-2026-33823) scores CVSS 9.6 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-33844: Improper input validation in Vulnerability
Improper input validation in vulnerability (CVE-2026-33844) scores CVSS 9.0 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-34327: Externally controlled reference to Vulnerability
Externally controlled reference to vulnerability (CVE-2026-34327) scores CVSS 8.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-35428: Improper neutralization of special Command injection
Improper neutralization of special command injection (CVE-2026-35428) scores CVSS 9.6 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-35435: Improper access control in PrivilegEscalation
Improper access control in privilege escalation (CVE-2026-35435) scores CVSS 8.6 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-3953: Improper neutralization of input Cross-site scripting
Improper neutralization of input cross-site scripting (CVE-2026-3953) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41105: Server-side request forgery (ssrf) PrivilegEscalation
Server-side request forgery (ssrf) privilege escalation (CVE-2026-41105) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42011: A flaWas found Vulnerability
A flaw was found vulnerability (CVE-2026-42011) scores CVSS 7.4 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42284: gitpython project gitpython Vulnerability
gitpython project gitpython vulnerability (CVE-2026-42284) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42826: Exposure of sensitive information Vulnerability
Exposure of sensitive information vulnerability (CVE-2026-42826) scores CVSS 10.0 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-44243: gitpython project gitpython Vulnerability
gitpython project gitpython vulnerability (CVE-2026-44243) scores CVSS 7.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5784: Improper neutralization of input Cross-site scripting
Improper neutralization of input cross-site scripting (CVE-2026-5784) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5791: Cross-Site request forgery (CSRF) Vulnerability
Cross-Site request forgery (CSRF) vulnerability (CVE-2026-5791) scores CVSS 9.6 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-6002: Improper neutralization of Script-Related Cross-site scripting
Improper neutralization of Script-Relate cross-site scripting (CVE-2026-6002) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6508: Origin Validation Error vulnerability CVSS 9.8
Origin Validation Error vulnerability (CVE-2026-6508) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-6795: URL redirection to untrusted Vulnerability
URL redirection to untrusted vulnerability (CVE-2026-6795) scores CVSS 9.6 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-7821: ivanti endpoint manager mobile Information disclosure
ivanti endpoint manager mobile information disclosure (CVE-2026-7821) scores CVSS 7.4 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8083: SourceCodester Pharmacy Sales and SQL injection
SourceCodester Pharmacy Sales and SQL injection (CVE-2026-8083) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8098: A security vulnerability haSQL injection
A security vulnerability has SQL injection (CVE-2026-8098) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5127: User Frontend: AI PowereDeserialization
User Frontend: AI Powered deserialization (CVE-2026-5127) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7330: Auto Affiliate Links plugin Cross-site scripting
Auto Affiliate Links plugin cross-site scripting (CVE-2026-7330) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8126: A flaw has been SQL injection
A flaw has been SQL injection (CVE-2026-8126) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8128: SourceCodester SUP Online Shopping SQL injection
SourceCodester SUP Online Shopping SQL injection (CVE-2026-8128) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8129: SourceCodester SUP Online Shopping SQL injection
SourceCodester SUP Online Shopping SQL injection (CVE-2026-8129) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8130: SourceCodester SUP Online Shopping SQL injection
SourceCodester SUP Online Shopping SQL injection (CVE-2026-8130) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8131: SourceCodester SUP Online Shopping SQL injection
SourceCodester SUP Online Shopping SQL injection (CVE-2026-8131) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8132: A weakness has been SQL injection
A weakness has been SQL injection (CVE-2026-8132) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8133: A security vulnerability haSQL injection
A security vulnerability has SQL injection (CVE-2026-8133) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8137: Totolink X5000R 9.1.0u.6369_B20230113. This Buffer overflow
Totolink X5000R 9.1.0u.6369_B20230113. T buffer overflow (CVE-2026-8137) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8138: Tenda CX12L 16.03.53.12. This Buffer overflow
Tenda CX12L 16.03.53.12. This buffer overflow (CVE-2026-8138) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-1719: Gravity Bookings Premium plugin SQL injection
Gravity Bookings Premium plugin SQL injection (CVE-2026-1719) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-20034: A vulnerability in the CVSS 8.8
A vulnerability in the (CVE-2026-20034) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-20035: A vulnerability in the SSRF
A vulnerability in the SSRF (CVE-2026-20035) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-20167: A vulnerability in the Denial of service
A vulnerability in the denial of service (CVE-2026-20167) scores CVSS 7.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-20185: A vulnerability in the Denial of service
A vulnerability in the denial of service (CVE-2026-20185) scores CVSS 7.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-20188: A vulnerability in the Denial of service
A vulnerability in the denial of service (CVE-2026-20188) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40010: apache wicket Vulnerability
apache wicket vulnerability (CVE-2026-40010) scores CVSS 9.1 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-41934: VvveBefore version 1.0.8.2 Remote codExecution
Vvveb before version 1.0.8.2 remote code execution (CVE-2026-41934) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-43575: OpenClaw versions 2026.2.21 before Authentication bypass
OpenClaw versions 2026.2.21 before authentication bypass (CVE-2026-43575) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-43576: OpenClaw before 2026.4.5 server-side SSRF
OpenClaw before 2026.4.5 server-side SSRF (CVE-2026-43576) scores CVSS 7.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-43578: OpenClaw versions 2026.3.31 before PrivilegEscalation
OpenClaw versions 2026.3.31 before privilege escalation (CVE-2026-43578) scores CVSS 9.1 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-43580: OpenClaw before 2026.4.10 incomplete SSRF
OpenClaw before 2026.4.10 incomplete SSRF (CVE-2026-43580) scores CVSS 7.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-43581: OpenClaw before 2026.4.10 improper Vulnerability
OpenClaw before 2026.4.10 improper vulnerability (CVE-2026-43581) scores CVSS 9.6 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-43584: OpenClaw before 2026.4.10 insufficient Vulnerability
OpenClaw before 2026.4.10 insufficient vulnerability (CVE-2026-43584) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-43585: OpenClaw before 2026.4.15 captures Vulnerability
OpenClaw before 2026.4.15 captures vulnerability (CVE-2026-43585) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-44109: OpenClaw before 2026.4.15 authentication Remote codExecution
OpenClaw before 2026.4.15 authentication remote code execution (CVE-2026-44109) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation step
CVE-2026-44110: OpenClaw before 2026.4.15 Authorization bypass
OpenClaw before 2026.4.15 authorization authorization bypass (CVE-2026-44110) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-44114: OpenClaw before 2026.4.20 fails Vulnerability
OpenClaw before 2026.4.20 fails vulnerability (CVE-2026-44114) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-44115: OpenClaw before 2026.4.22 exec Vulnerability
OpenClaw before 2026.4.22 exec vulnerability (CVE-2026-44115) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-44116: OpenClaw before 2026.4.22 server-side SSRF
OpenClaw before 2026.4.22 server-side SSRF (CVE-2026-44116) scores CVSS 8.6 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-44118: OpenClaw before 2026.4.22 derives Vulnerability
OpenClaw before 2026.4.22 derives vulnerability (CVE-2026-44118) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7875: NanoClaw host/container filesystem boundary File read
NanoClaw host/container filesystem bound file read (CVE-2026-7875) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-8032: A flaw has been Vulnerability
A flaw has been vulnerability (CVE-2026-8032) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-4348: BetterDocs Pro plugin for SQL injection
BetterDocs Pro plugin for SQL injection (CVE-2026-4348) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6692: SlideRevolution plugin foRemote codExecution
Slider Revolution plugin for remote code execution (CVE-2026-6692) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7252: WP-Optimize – Cache, Compress Remote codExecution
WP-Optimize – Cache, Compress remote code execution (CVE-2026-7252) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2023-54342: EclipsEquinox OSGi versions Remote codExecution
Eclipse Equinox OSGi versions remote code execution (CVE-2023-54342) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2023-54344: EclipsEquinox OSGi 3.7.2 Remote codExecution
Eclipse Equinox OSGi 3.7.2 remote code execution (CVE-2023-54344) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2023-54345: frappErpnext Vulnerability
frappe erpnext vulnerability (CVE-2023-54345) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2023-54346: WordPress Plugin Backup Migration Information disclosure
WordPress Plugin Backup Migration information disclosure (CVE-2023-54346) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2023-54347: open-emr openemr Vulnerability
open-emr openemr vulnerability (CVE-2023-54347) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2023-54348: ERPGo SaaS 3.9 CSVulnerability
ERPGo SaaS 3.9 CSV vulnerability (CVE-2023-54348) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42434: OpenClaw versions 2026.4.5 before Vulnerability
OpenClaw versions 2026.4.5 before vulnerability (CVE-2026-42434) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42435: OpenClaw versions from 2026.2.22 Vulnerability
OpenClaw versions from 2026.2.22 vulnerability (CVE-2026-42435) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42436: OpenClaw before 2026.4.14 improper Authorization bypass
OpenClaw before 2026.4.14 improper authorization bypass (CVE-2026-42436) scores CVSS 7.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42437: OpenClaw versions 2026.4.9 before Denial of service
OpenClaw versions 2026.4.9 before denial of service (CVE-2026-42437) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42438: OpenClaw versions 2026.4.9 before Vulnerability
OpenClaw versions 2026.4.9 before vulnerability (CVE-2026-42438) scores CVSS 7.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42439: OpenClaw before 2026.4.10 server-side SSRF
OpenClaw before 2026.4.10 server-side SSRF (CVE-2026-42439) scores CVSS 8.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-4304: WeePie Cookie Allow plugin SQL injection
WeePie Cookie Allow plugin SQL injection (CVE-2026-4304) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-43526: OpenClaw before 2026.4.12 server-side SSRF
OpenClaw before 2026.4.12 server-side SSRF (CVE-2026-43526) scores CVSS 8.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-43527: OpenClaw before 2026.4.14 server-side SSRF
OpenClaw before 2026.4.14 server-side SSRF (CVE-2026-43527) scores CVSS 7.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-43530: OpenClaw versions 2026.2.23 before Vulnerability
OpenClaw versions 2026.2.23 before vulnerability (CVE-2026-43530) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-43531: OpenClaw before 2026.4.9 environment Vulnerability
OpenClaw before 2026.4.9 environment vulnerability (CVE-2026-43531) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-43532: OpenClaw versions 2026.4.7 before Vulnerability
OpenClaw versions 2026.4.7 before vulnerability (CVE-2026-43532) scores CVSS 7.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-43534: OpenClaw before 2026.4.10 input Vulnerability
OpenClaw before 2026.4.10 input vulnerability (CVE-2026-43534) scores CVSS 9.1 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-43566: OpenClaw versions 2026.4.7 before PrivilegEscalation
OpenClaw versions 2026.4.7 before privilege escalation (CVE-2026-43566) scores CVSS 9.1 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-43569: OpenClaw before 2026.4.9 Authentication bypass
OpenClaw before 2026.4.9 authentication authentication bypass (CVE-2026-43569) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-43571: OpenClaw before 2026.4.10 plugin Vulnerability
OpenClaw before 2026.4.10 plugin vulnerability (CVE-2026-43571) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-43573: OpenClaw before 2026.4.10 server-side SSRF
OpenClaw before 2026.4.10 server-side SSRF (CVE-2026-43573) scores CVSS 7.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6261: BeTheme for WordPress Remote codExecution
Betheme theme for WordPress remote code execution (CVE-2026-6261) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6918: eclipse openj9 Vulnerability
eclipse openj9 vulnerability (CVE-2026-6918) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7832: IObit Advanced SystemCare 19. Vulnerability
IObit Advanced SystemCare 19. vulnerability (CVE-2026-7832) scores CVSS 7.0 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7833: A weakness has been Command injection
A weakness has been command injection (CVE-2026-7833) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7834: A security vulnerability has Buffer overflow
A security vulnerability has buffer overflow (CVE-2026-7834) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-7851: D-Link DI-8100 16.07.26A1. This Buffer overflow
D-Link DI-8100 16.07.26A1. This buffer overflow (CVE-2026-7851) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7853: A weakness has been Buffer overflow
A weakness has been buffer overflow (CVE-2026-7853) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-7854: A security vulnerability has Buffer overflow
A security vulnerability has buffer overflow (CVE-2026-7854) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-7855: D-Link DI-8100 16.07.26A1. Affected Buffer overflow
D-Link DI-8100 16.07.26A1. Affected buffer overflow (CVE-2026-7855) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7856: A flaw has been Buffer overflow
A flaw has been buffer overflow (CVE-2026-7856) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7857: D-Link DI-8100 16.07.26A1. This Buffer overflow
D-Link DI-8100 16.07.26A1. This buffer overflow (CVE-2026-7857) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7332: LatePoint – Calendar Booking Cross-site scripting
LatePoint – Calendar Booking cross-site scripting (CVE-2026-7332) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7448: LatePoint – Calendar Booking Cross-site scripting
LatePoint – Calendar Booking cross-site scripting (CVE-2026-7448) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2025-47405: Memory corruption when processing Vulnerability
Memory corruption when processing vulnerability (CVE-2025-47405) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2025-47407: Memory corruption while creating Vulnerability
Memory corruption while creating vulnerability (CVE-2025-47407) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2025-47408: Memory corruption when another Vulnerability
Memory corruption when another vulnerability (CVE-2025-47408) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-24082: Memory Corruption when copying Vulnerability
Memory Corruption when copying vulnerability (CVE-2026-24082) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-25293: Buffer overflow due to CVSS 9.6
Buffer overflow due to (CVE-2026-25293) scores CVSS 9.6 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-25863: Conditional Fields for Contact Vulnerability
Conditional Fields for Contact vulnerability (CVE-2026-25863) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-29004: BusyBox before commit 42202bf Remote codExecution
BusyBox before commit 42202bf remote code execution (CVE-2026-29004) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-29514: NetBox versions 4.3.5 through Remote codExecution
NetBox versions 4.3.5 through remote code execution (CVE-2026-29514) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-3120: Improper Control of Generation Command injection
Improper Control of Generation command injection (CVE-2026-3120) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-32834: Easy PayPal Events & Authentication bypass
Easy PayPal Events & authentication bypass (CVE-2026-32834) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41471: Easy PayPal Events & Information disclosure
Easy PayPal Events & information disclosure (CVE-2026-41471) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42796: Arelle before 2.39.10 unauthenticated Remote codExecution
Arelle before 2.39.10 unauthenticated remote code execution (CVE-2026-42796) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-43616: Detect-It-Easy prior to 3.21 Directory traversal
Detect-It-Easy prior to 3.21 directory traversal (CVE-2026-43616) scores CVSS 7.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7748: A weakness has been Buffer overflow
A weakness has been buffer overflow (CVE-2026-7748) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7749: A security vulnerability has Buffer overflow
A security vulnerability has buffer overflow (CVE-2026-7749) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7750: Totolink N300RH 3.2.4-B20220812. This Buffer overflow
Totolink N300RH 3.2.4-B20220812. This buffer overflow (CVE-2026-7750) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2025-13618: Mentoring plugin for WordPress PrivilegEscalation
Mentoring plugin for WordPress privilege escalation (CVE-2025-13618) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-3359: ForMaker by 10Web SQL injection
Form Maker by 10Web SQL injection (CVE-2026-3359) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-3456: GeekyBot — Generate AI SQL injection
GeekyBot — Generate AI SQL injection (CVE-2026-3456) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-35228: Oracle MCP Server Helper Vulnerability
Oracle MCP Server Helper vulnerability (CVE-2026-35228) scores CVSS 8.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-4803: Royal Elementor Addons plugin Cross-site scripting
Royal Elementor Addons plugin cross-site scripting (CVE-2026-4803) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5100: AWP Classifieds plugin for SQL injection
AWP Classifieds plugin for SQL injection (CVE-2026-5100) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5192: Forminator Forms – Contact Directory traversal
Forminator Forms – Contact directory traversal (CVE-2026-5192) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5294: Geeky Bot plugin foRemote codExecution
Geeky Bot plugin for remote code execution (CVE-2026-5294) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-5722: MoreConvert Pro plugin for Authentication bypass
MoreConvert Pro plugin for authentication bypass (CVE-2026-5722) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-7784: RTGS2017 NagaAgent up to Directory traversal
RTGS2017 NagaAgent up to directory traversal (CVE-2026-7784) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7785: A-G-U-P-T-A wireshark-mcp
A-G-U-P-T-A wireshark-mcp edaf604416fbc9 command injection (CVE-2026-7785) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7788: Axle-Bucamp MCP-Docusaurus up to Directory traversal
Axle-Bucamp MCP-Docusaurus up to directory traversal (CVE-2026-7788) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7810: A flaw has been Directory traversal
A flaw has been directory traversal (CVE-2026-7810) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7811: 54yyyu code-mcp up to Directory traversal
54yyyu code-mcp up to directory traversal (CVE-2026-7811) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7812: 54yyyu code-mcp up to Command injection
54yyyu code-mcp up to command injection (CVE-2026-7812) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7823: Totolink A8000RU 7.1cu.643_b20200521. Affected Command injection
Totolink A8000RU 7.1cu.643_b20200521. Af command injection (CVE-2026-7823) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-7694: A flaw has been SQL injection
A flaw has been SQL injection (CVE-2026-7694) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7695: AcrElectrical EEMS Enterprise SQL injection
Acrel Electrical EEMS Enterprise SQL injection (CVE-2026-7695) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7698: Tiandy Easy7 Integrated Management Command injection
Tiandy Easy7 Integrated Management command injection (CVE-2026-7698) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7703: A flaw has been Code injection
A flaw has been code injection (CVE-2026-7703) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2025-14320: Improper neutralization of input Cross-site scripting
Improper neutralization of input cross-site scripting (CVE-2025-14320) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-7710: YunaiV yudao-cloud up to Vulnerability
YunaiV yudao-cloud up to vulnerability (CVE-2026-7710) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7711: A weakness has been Vulnerability
A weakness has been vulnerability (CVE-2026-7711) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7717: Totolink WA300 5.2cu.7112_B20190227. This Buffer overflow
Totolink WA300 5.2cu.7112_B20190227. Thi buffer overflow (CVE-2026-7717) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7719: Totolink WA300 5.2cu.7112_B20190227. The Buffer overflow
Totolink WA300 5.2cu.7112_B20190227. The buffer overflow (CVE-2026-7719) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-7723: A flaw has been Vulnerability
A flaw has been vulnerability (CVE-2026-7723) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7727: Shandong Hoteam Software PDM SQL injection
Shandong Hoteam Software PDM SQL injection (CVE-2026-7727) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7733: A flaw has been Vulnerability
A flaw has been vulnerability (CVE-2026-7733) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7735: osrGoBGP up to Buffer overflow
osrg GoBGP up to buffer overflow (CVE-2026-7735) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7747: Totolink N300RH 3.2.4-B20220812. Affected Buffer overflow
Totolink N300RH 3.2.4-B20220812. Affecte buffer overflow (CVE-2026-7747) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-2554: WCFM – Frontend Manager Vulnerability
WCFM – Frontend Manager vulnerability (CVE-2026-2554) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-4060: Geo MashuPlugin for SQL injection
Geo Mashup plugin for SQL injection (CVE-2026-4060) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-4061: Geo MashuPlugin for SQL injection
Geo Mashup plugin for SQL injection (CVE-2026-4061) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-4062: Geo MashuPlugin for SQL injection
Geo Mashup plugin for SQL injection (CVE-2026-4062) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-4100: Paid Memberships Pro plugin Vulnerability
Paid Memberships Pro plugin vulnerability (CVE-2026-4100) scores CVSS 7.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6320: Salon Booking System – File read
Salon Booking System – file read (CVE-2026-6320) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7489: CTMS developed by Sunnet SQL injection
CTMS developed by Sunnet SQL injection (CVE-2026-7489) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7490: CTMS and CPAS developed Remote codExecution
CTMS and CPAS developed remote code execution (CVE-2026-7490) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7630: innocommerce InnoShop up to Vulnerability
innocommerce InnoShop up to vulnerability (CVE-2026-7630) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7644: ChatGPTNextWeb NextChat up to Authorization bypass
ChatGPTNextWeb NextChat up to authorization bypass (CVE-2026-7644) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7668: MikroTik RouterOS 6.49.8. This Vulnerability
MikroTik RouterOS 6.49.8. This vulnerability (CVE-2026-7668) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7670: A flaw has been SQL injection
A flaw has been SQL injection (CVE-2026-7670) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5063: NEX-Forms – Ultimate Forms Cross-site scripting
NEX-Forms – Ultimate Forms cross-site scripting (CVE-2026-5063) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7674: A flaw has been Buffer overflow
A flaw has been buffer overflow (CVE-2026-7674) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7675: Shenzhen Libituo Technology LBT-T300-HW1 Buffer overflow
Shenzhen Libituo Technology LBT-T300-HW1 buffer overflow (CVE-2026-7675) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7679: YunaiV yudao-cloud up to Vulnerability
YunaiV yudao-cloud up to vulnerability (CVE-2026-7679) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7684: A security vulnerability has Buffer overflow
A security vulnerability has buffer overflow (CVE-2026-7684) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7685: Edimax BR-6208AC up to Buffer overflow
Edimax BR-6208AC up to buffer overflow (CVE-2026-7685) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41940: cPanel and WHM Authentication Bypass (CVSS 9.8 CRITICAL)
cPanel and WHM authentication bypass affects versions 11.40 through 136.0.4. CISA KEV: action required by May 3, 2026. Public exploits documented.
Why Every PDF You Open Is a Security Risk
PDFs execute JavaScript, launch URLs and drop payloads the moment you open them. Your PDF reader is running code you never consented to. Here is how to stop it.
copy.fail: A 732-Byte Script That Roots Every Linux Box Since 2017
CVE-2026-31431: a logic bug in the Linux kernel crypto API lets any unprivileged user escape containers and get root. 732 bytes of Python. Self-check guide inside.
CVE-2026-5109: Gravity Forms plugin for Cross-site scripting
Gravity Forms plugin for cross-site scripting (CVE-2026-5109) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5110: Gravity Forms plugin for Cross-site scripting
Gravity Forms plugin for cross-site scripting (CVE-2026-5110) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5111: Gravity Forms plugin for Cross-site scripting
Gravity Forms plugin for cross-site scripting (CVE-2026-5111) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5112: Gravity Forms plugin for Cross-site scripting
Gravity Forms plugin for cross-site scripting (CVE-2026-5112) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5113: Gravity Forms plugin for Cross-site scripting
Gravity Forms plugin for cross-site scripting (CVE-2026-5113) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5324: Brizy – Page Builder Cross-site scripting
Brizy – Page Builder cross-site scripting (CVE-2026-5324) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7049: PixelYourSite Pro – Your SSRF
PixelYourSite Pro – Your SSRF (CVE-2026-7049) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7458: User Verification by PickPlugins Authentication bypass
User Verification by PickPlugins authentication bypass (CVE-2026-7458) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-7641: Import and export users PrivilegEscalation
Import and export users privilege escalation (CVE-2026-7641) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7649: ARMember – MembershiPlugin, SQL injection
ARMember – Membership Plugin, SQL injection (CVE-2026-7649) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2022-50993: Weaver (Fanwei) E-office versions Remote codExecution
Weaver (Fanwei) E-office versions remote code execution (CVE-2022-50993) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-2892: Otter Blocks plugin for Vulnerability
Otter Blocks plugin for vulnerability (CVE-2026-2892) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-4503: IBM Langflow Desktop 1.0.0 Vulnerability
IBM Langflow Desktop 1.0.0 vulnerability (CVE-2026-4503) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6389: IBM Turbonomic prometurbo agent Vulnerability
IBM Turbonomic prometurbo agent vulnerability (CVE-2026-6389) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6543: IBM Langflow Desktop 1.0.0 Remote codExecution
IBM Langflow Desktop 1.0.0 remote code execution (CVE-2026-6543) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7435: SSCMS v7.4.0 SQL injection CVSS 7.2
SSCMS v7.4.0 SQL injection (CVE-2026-7435) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2018-25309: MyBB RecenThreads 17.0 Cross-site scripting
MyBB Recent threads 17.0 cross-site scripting (CVE-2018-25309) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5166: Improper Limitation of a Directory traversal
Improper Limitation of a directory traversal (CVE-2026-5166) scores CVSS 9.6 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-7466: AgentFlow arbitrary codExecution Remote codExecution
AgentFlow arbitrary code execution remote code execution (CVE-2026-7466) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7468: A security vulnerability has Authorization bypass
A security vulnerability has authorization bypass (CVE-2026-7468) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-27760: OpenCATS prior to commit Code injection
OpenCATS prior to commit code injection (CVE-2026-27760) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41378: OpenClaw before 2026.3.31 privilege Remote codExecution
OpenClaw before 2026.3.31 privilege remote code execution (CVE-2026-41378) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41386: OpenClaw before 2026.3.22 Privilege escalation
OpenClaw before 2026.3.22 privilege privilege escalation (CVE-2026-41386) scores CVSS 9.1 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-41395: OpenClaw before 2026.3.28 webhook Vulnerability
OpenClaw before 2026.3.28 webhook vulnerability (CVE-2026-41395) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41399: OpenClaw before 2026.3.28 accepts Vulnerability
OpenClaw before 2026.3.28 accepts vulnerability (CVE-2026-41399) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41405: OpenClaw before 2026.3.31 parses Vulnerability
OpenClaw before 2026.3.31 parses vulnerability (CVE-2026-41405) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41636: apache thrift Vulnerability
apache thrift vulnerability (CVE-2026-41636) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41873: apache pony mail Vulnerability
apache pony mail vulnerability (CVE-2026-41873) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-41912: OpenClaw before 2026.4.8 server-side SSRF
OpenClaw before 2026.4.8 server-side SSRF (CVE-2026-41912) scores CVSS 7.6 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42423: OpenClaw before 2026.4.8 approval-timeout Vulnerability
OpenClaw before 2026.4.8 approval-timeou vulnerability (CVE-2026-42423) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42426: OpenClaw before 2026.4.8 improper Authorization bypass
OpenClaw before 2026.4.8 improper authorization bypass (CVE-2026-42426) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42431: OpenClaw before 2026.4.8 security Vulnerability
OpenClaw before 2026.4.8 security vulnerability (CVE-2026-42431) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-42432: OpenClaw before 2026.4.8 Privilege escalation
OpenClaw before 2026.4.8 privilege privilege escalation (CVE-2026-42432) scores CVSS 7.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7272: A flaw has been Directory traversal
A flaw has been directory traversal (CVE-2026-7272) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7314: eiceblue spire-doc-mcp-server 1.0.0. This Directory traversal
eiceblue spire-doc-mcp-server 1.0.0. Thi directory traversal (CVE-2026-7314) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7036: Tenda i9 1.0.0.5(2204). This Directory traversal
Tenda i9 1.0.0.5(2204). This directory traversal (CVE-2026-7036) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7042: A flaw has been Vulnerability
A flaw has been vulnerability (CVE-2026-7042) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7060: liyupi yu-picture up to SQL injection
liyupi yu-picture up to SQL injection (CVE-2026-7060) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7061: A weakness has been Command injection
A weakness has been command injection (CVE-2026-7061) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7065: BidingCC BuildingAI up to Vulnerability
BidingCC BuildingAI up to vulnerability (CVE-2026-7065) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7072: CodePanda Source canteen_management_system 1.0. SQL injection
CodePanda Source canteen_management_syst SQL injection (CVE-2026-7072) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7097: A weakness has been Buffer overflow
A weakness has been buffer overflow (CVE-2026-7097) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6977: A security vulnerability has Authorization bypass
A security vulnerability has authorization bypass (CVE-2026-6977) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6987: PicoClaw up to 0.2.4. Command injection
PicoClaw up to 0.2.4. command injection (CVE-2026-6987) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-7002: KLiK SocialMediaWebsite up to SQL injection
KLiK SocialMediaWebsite up to SQL injection (CVE-2026-7002) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-21515: Exposure of sensitive information PrivilegEscalation
Exposure of sensitive information privilege escalation (CVE-2026-21515) scores CVSS 9.9 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-39920: BridgeHead FileStore versions prioRemote codExecution
BridgeHead FileStore versions prior remote code execution (CVE-2026-39920) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-23751: Kofax Capture, now referred Remote code execution
Kofax Capture, now referred remote code execution (CVE-2026-23751) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-26210: KTransformers through 0.5.3 unsafe Deserialization
KTransformers through 0.5.3 unsafe deserialization (CVE-2026-26210) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-41349: OpenClaw before 2026.3.28 agentic Vulnerability
OpenClaw before 2026.3.28 agentic vulnerability (CVE-2026-41349) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41352: OpenClaw before 2026.3.31 remote Remote code execution
OpenClaw before 2026.3.31 remote remote code execution (CVE-2026-41352) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41353: OpenClaw before 2026.3.22 access Authorization bypass
OpenClaw before 2026.3.22 access authorization bypass (CVE-2026-41353) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5364: Drag and Drop File Remote code execution
Drag and Drop File remote code execution (CVE-2026-5364) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5464: ExactMetrics – Google Analytics Remote code execution
ExactMetrics – Google Analytics remote code execution (CVE-2026-5464) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6885: Borg SPM 2007 (Sales Remote code execution
Borg SPM 2007 (Sales remote code execution (CVE-2026-6885) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
OSINT Recon Guide for Beginners
How to run external reconnaissance on your own organization. Domain enumeration, DNS analysis, port discovery and credential leak checks.
Healthcare Cybersecurity 2026
Healthcare breaches cost $10.93M average. HIPAA Security Rule requirements, ransomware targeting hospitals and what your security program needs.
SOC 2 Penetration Testing | What Auditors Want
SOC 2 Trust Service Criteria CC7.1 and CC7.2 require penetration testing. What auditors read in your report, common fails and how to pass.
How to Read a Pentest Report | Guide for Executives
Penetration test report explained for non-technical executives. Severity ratings, finding vs vulnerability, red flags and what to do next.
Why Law Firms Are Prime Targets for Cyber Attacks
Law firms hold high-value confidential data and process large wire transfers with low security maturity. Here is what attackers know.
Ransomware Recovery: What Happens When You Call Us
What actually happens when you call an incident responder during a ransomware attack. Containment, recovery and insurance coordination.
The Real Cost of Skipping a Penetration Test
Five breaches that a pentest would have prevented. Average breach costs $4.45M. Average pentest costs $5K-$25K. The math is simple.
DMARC, SPF and DKIM: Your Email Auth Is Probably Broken
Most DMARC implementations are stuck on p=none. SPF records have too many lookups. DKIM keys haven't been rotated in years.
First 72 Hours After a Data Breach
Hour-by-hour incident response timeline from detection through 72 hours. What to do, who to call and what most companies get wrong.
Your Google Maps API Key Is Now a Gemini Backdoor
Google told developers API keys aren't secrets. Then Gemini changed the rules. Nearly 3,000 public API keys now silently authenticate to Gemini.
What to Expect from Your First Penetration Test
First pentest? Here is what happens before, during and after. Scoping, rules of engagement, the report and remediation. No surprises.
How a $2M Wire Fraud Starts with One Email
Business email compromise case study: from initial phish to $2M wire transfer. Timeline, forensic findings and prevention steps.
Cyber Insurance Renewal Checklist 2026
2026 cyber insurance requirements: MFA, EDR, IR plan, annual pentest, tabletop exercises. Complete checklist for your renewal.
Android Evidence Collection for HR Investigations
How to collect phone evidence for HR investigations. Legal considerations, logical acquisition, chain of custody and court-ready reporting.
Construction Companies Are the #1 Target for BEC
Why construction firms lose more to email fraud than any other industry. The subcontractor invoice scam and how to stop it.
CVE-2026-3621: IBM WebSphere Application Server Vulnerability
IBM WebSphere Application Server vulnerability (CVE-2026-3621) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41454: WeKan before 8.35 missing authorization Vulnerability
WeKan before 8.35 missing authorization vulnerability (CVE-2026-41454) scores CVSS 8.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41455: WeKan before 8.35 server-side request Vulnerability
WeKan before 8.35 server-side request vulnerability (CVE-2026-41455) scores CVSS 8.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-41468: Beghelli Sicuro24 SicuroWeb embeds Vulnerability
Beghelli Sicuro24 SicuroWeb embeds vulnerability (CVE-2026-41468) scores CVSS 8.7 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5935: IBM Total Storage Service Remote code execution
IBM Total Storage Service remote code execution (CVE-2026-5935) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6859: A flaw was found Vulnerability
A flaw was found vulnerability (CVE-2026-6859) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-22016: Oracle CVSS 7.5 HIGH
Oracle vulnerability (CVE-2026-22016) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-33519: Incorrect Authorization CVSS 9.8 CRITICAL
Incorrect authorization vulnerability (CVE-2026-33519) scores CVSS 9.8 CRITICAL. Analysis of affected systems and remediation steps.
CVE-2026-34282: Vulnerability in the Oracle Denial of service
Vulnerability in the Oracle denial of service (CVE-2026-34282) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34292: Oracle CVSS 7.2 HIGH
Oracle vulnerability (CVE-2026-34292) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-34305: Oracle CVSS 7.5 HIGH
Oracle vulnerability (CVE-2026-34305) scores CVSS 7.5 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-40520: FreePBX api module version Remote code execution CVSS 7.2
FreePBX api module version remote code execution (CVE-2026-40520) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-4132: The HTTP Headers plugin Remote code execution
The HTTP Headers plugin remote code execution (CVE-2026-4132) scores CVSS 7.2 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6832: Hermes WebUI Directory Traversal
Hermes WebUI directory traversal (CVE-2026-6832) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-5966: ThreatSonar Anti-Ransomware developed by Directory traversal
ThreatSonar Anti-Ransomware developed by directory traversal (CVE-2026-5966) scores CVSS 8.1 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6568: A vulnerability was determined Directory traversal CVSS 7.3
A vulnerability was determined directory traversal (CVE-2026-6568) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6569: CVSS 7.3 HIGH
Vulnerability (CVE-2026-6569) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6574: CVSS 7.3 HIGH
Vulnerability (CVE-2026-6574) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6580: CVSS 7.3 HIGH
Vulnerability (CVE-2026-6580) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6581: A vulnerability was detected Buffer overflow
A vulnerability was detected buffer overflow (CVE-2026-6581) scores CVSS 8.8 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6596: CVSS 7.3 HIGH
A security flaw has vulnerability (CVE-2026-6596) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6602: CVSS 7.3 HIGH
Vulnerability (CVE-2026-6602) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6603: A vulnerability was determined Code injection
A vulnerability was determined code injection (CVE-2026-6603) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6604: CVSS 7.3 HIGH
Vulnerability (CVE-2026-6604) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
CVE-2026-6605: CVSS 7.3 HIGH
A security flaw has vulnerability (CVE-2026-6605) scores CVSS 7.3 HIGH. Analysis of affected systems and remediation steps.
Recover Deleted Emails from a PST File
How to find and recover deleted emails from PST files. Step-by-step forensic recovery using a read-only PST viewer with SHA-256 verification.
PST Viewer Now Opens MSG and EML Files
Sherlock Forensics PST Viewer v0.1.6 reads MSG and EML files with SMTP transport chain analysis, anomaly detection and MAPI timestamps. Free download.
Android Forensic Acquisition for $399
Sherlock Forensics Android Acquirer: logical extraction via ADB with SHA-256 per artifact. Free + Forensic Edition from $399. Cellebrite alternative.
We Built a Forensic PST Viewer for $67
Why we built Sherlock Forensics PST Viewer. Court-ready reports, SHA256 per message, $67 instead of $300. The story behind our forensic email tool.
4 Free Forensic Desktop Tools Available
Free forensic desktop tools: PST/OST viewer, hash calculator, metadata inspector and port scanner. SHA256 verified. Built by investigators.
PST Viewer Comparison 2026: Sherlock vs SysTools vs Kernel
Feature-by-feature comparison of PST viewer tools for forensic examiners and legal professionals. Pricing, SHA-256 hashing and court-ready reporting compared.
How to Open a PST File Forensically
Step-by-step guide to opening PST email archives with chain of custody preservation. Hash verification, read-only analysis and evidence integrity.
Why Outlook PST Files Matter for eDiscovery
PST files remain critical evidence sources in litigation. How to preserve, search and produce PST archives for legal proceedings.
The Easy Appointments plugin Vulnerability Scores 7.5 - CVE-2026-2262 Breakdown
The Easy Appointments plugin vulnerability (CVE-2026-2262) scores CVSS 7.5 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-40515: OpenHarness before commit bd4df81 contains Hit with HIGH Vulnerability
OpenHarness before commit bd4df81 contains vulnerability (CVE-2026-40515) scores CVSS 7.5 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVSS 8.3: OpenHarness before commit bd4df81 contains Vulnerability Puts Organizations at Risk
OpenHarness before commit bd4df81 contains vulnerability (CVE-2026-40516) scores CVSS 8.3 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-40525: OpenViking prior to commit c7bb167 Hit with CRITICAL Authentication bypass
OpenViking prior to commit c7bb167 authentication bypass (CVE-2026-40525) scores CVSS 9.1 CRITICAL. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-5710: The Drag and Drop Directory traversal Enables Remote Exploitation
The Drag and Drop directory traversal (CVE-2026-5710) scores CVSS 7.5 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-6518: The CMP – Coming Remote code execution Enables Remote Exploitation
The CMP – Coming remote code execution (CVE-2026-6518) scores CVSS 8.8 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-3489: The DirectoryPress – Business Hit with HIGH SQL injection
The DirectoryPress – Business SQL injection (CVE-2026-3489) scores CVSS 7.5 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-5231: The WP Statistics plugin Cross-site scripting Enables Remote Exploitation
The WP Statistics plugin cross-site scripting (CVE-2026-5231) scores CVSS 7.2 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-20147: A vulnerability in Cisco Hit with CRITICAL Denial of service
A vulnerability in Cisco denial of service (CVE-2026-20147) scores CVSS 9.9 CRITICAL. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-20180: A vulnerability in Cisco Denial of service Enables Remote Exploitation
A vulnerability in Cisco denial of service (CVE-2026-20180) scores CVSS 9.9 CRITICAL. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-20184: Cisco Webex SSO Certificate Validation Bypass CVSS 9.8 CRITICAL
Cisco Webex SSO certificate validation bypass (CVE-2026-20184) scores CVSS 9.8 CRITICAL. Analysis of affected systems, exploitation risk and remediation steps.
CVSS 9.9: A vulnerability in Cisco Denial of service Puts Organizations at Risk
A vulnerability in Cisco denial of service (CVE-2026-20186) scores CVSS 9.9 CRITICAL. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-20204: In Splunk Enterprise versions Remote code execution Enables Remote Exploitation
In Splunk Enterprise versions remote code execution (CVE-2026-20204) scores CVSS 7.1 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
In Splunk MCP Server Vulnerability Scores 7.2 - CVE-2026-20205 Breakdown
In Splunk MCP Server vulnerability (CVE-2026-20205) scores CVSS 7.2 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-3599: The Riaxe Product Customizer SQL injection Enables Remote Exploitation
The Riaxe Product Customizer SQL injection (CVE-2026-3599) scores CVSS 7.5 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-3876: The Prismatic plugin for Hit with HIGH Cross-site scripting
The Prismatic plugin for cross-site scripting (CVE-2026-3876) scores CVSS 7.2 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-4880: The Barcode Scanner (+Mobile Hit with CRITICAL Privilege escalation
The Barcode Scanner (+Mobile privilege escalation (CVE-2026-4880) scores CVSS 9.8 CRITICAL. Analysis of affected systems, exploitation risk and remediation steps.
CVSS 7.5: The Payment Gateway for Vulnerability Puts Organizations at Risk
The Payment Gateway for vulnerability (CVE-2026-5050) scores CVSS 7.5 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
Spring Security Cleaning: 10 Things to Review
Spring cleaning for your security posture. Remove old accounts, rotate keys, patch outstanding CVEs and test your incident response plan.
Cross-Site Scripting (XSS) Is Surging: 4 New CVEs This Week
4 new Cross-Site Scripting (XSS) CVEs this week including CVE-2026-27243 (CVSS 9.3). What SaaS Security teams need to know.
Does SOC 2 Require a Penetration Test? What SaaS Founders Actually Need
SOC 2 does not explicitly require a penetration test. But every auditor expects one. What the Trust Services Criteria actually say and what your report needs.
Scoping a SaaS Penetration Test: APIs, Auth Flows, and What Most Vendors Miss
How to scope a SaaS penetration test. Covers API endpoints, authentication flows, multi-tenant isolation, webhooks and third-party integrations that most vendors skip.
CVSS 7.8: Improper access control in Access control Puts Organizations at Risk
Improper access control in access control (CVE-2026-26183) scores CVSS 7.8 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-27243: Adobe Connect versions 2025.3, Hit with CRITICAL Cross-site scripting
Adobe Connect versions 2025.3, cross-site scripting (CVE-2026-27243) scores CVSS 9.3 CRITICAL. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-27245: Adobe Connect versions 2025.3, Cross-site scripting Enables Remote Exploitation
Adobe Connect versions 2025.3, cross-site scripting (CVE-2026-27245) scores CVSS 9.3 CRITICAL. Analysis of affected systems, exploitation risk and remediation steps.
CVSS 9.3: Adobe Connect versions 2025.3, Cross-site scripting Puts Organizations at Risk
Adobe Connect versions 2025.3, cross-site scripting (CVE-2026-27246) scores CVSS 9.3 CRITICAL. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-27305: ColdFusion versions 2023.18, 2025.6 Vulnerability Enables Remote Exploitation
ColdFusion versions 2023.18, 2025.6 vulnerability (CVE-2026-27305) scores CVSS 8.6 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-27926: Concurrent execution using shared Hit with HIGH Vulnerability
Concurrent execution using shared vulnerability (CVE-2026-27926) scores CVSS 7.0 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
Use after free in Vulnerability Scores 7.8 - CVE-2026-32089 Breakdown
Use after free in vulnerability (CVE-2026-32089) scores CVSS 7.8 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-32090: Concurrent execution using shared Hit with HIGH Vulnerability
Concurrent execution using shared vulnerability (CVE-2026-32090) scores CVSS 7.8 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-32168: Improper input validation in Vulnerability Enables Remote Exploitation
Improper input validation in vulnerability (CVE-2026-32168) scores CVSS 7.8 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
Insufficiently protected credentials in Vulnerability Scores 8.8 - CVE-2026-32171 Breakdown
Insufficiently protected credentials in vulnerability (CVE-2026-32171) scores CVSS 8.8 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVSS 7.8: Deserialization of untrusted data Deserialization Puts Organizations at Risk
Deserialization of untrusted data deserialization (CVE-2026-32192) scores CVSS 7.8 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-34617: Adobe Connect versions 2025.3, Hit with HIGH Privilege escalation
Adobe Connect versions 2025.3, privilege escalation (CVE-2026-34617) scores CVSS 8.7 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
ColdFusion versions 2023.18, 2025.6 Vulnerability Scores 7.7 - CVE-2026-34619 Breakdown
ColdFusion versions 2023.18, 2025.6 vulnerability (CVE-2026-34619) scores CVSS 7.7 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
Does Your Cyber Insurance Cover Penetration Testing?
Many cyber insurance policies cover penetration testing under loss prevention or pre-breach services. Search your policy for four key terms to find out.
How a Penetration Test Reduces Your Cyber Insurance Premium
Spend $1,500 on a pentest, save $3,000 to $10,000 on your premium. The ROI math and what to include in your renewal package.
Cyber Insurance Policy Checklist: Security Benefits You Are Probably Missing
Most policyholders use 2 of 10 available security benefits. Here is the full checklist of what your premium pays for.
Your Insurance Broker Will Not Tell You This About Pentests
What brokers skip: proactive benefits, vendor lists and premium reduction strategies. Five questions to ask at renewal.
How to Submit a Penetration Test to Your Cyber Insurer for Reimbursement
Six steps from policy check to reimbursement. Our reports are formatted for insurance submission.
What Cyber Insurers Look for in a Penetration Test Report
Scope definition, CVSS ratings, remediation steps, executive summary, tester credentials and retest results. Our reports check every box.
Denied Cyber Insurance Claim? How a Pentest Would Have Helped
Five common denial reasons and how a $1,500 pentest provides the due diligence evidence that prevents each one.
How to Get Your Cyber Insurance to Pay for a Penetration Test
Many cyber insurance policies cover annual penetration tests as a preventive benefit. Your premium already includes this. Here is how to check and submit the request.
What Happens When You File a Cyber Insurance Claim
Step-by-step walkthrough of the cyber insurance claims process from notification through triage, investigation, report and claim resolution.
Why Your Cyber Insurer Requires a Penetration Test
Penetration tests reduce claims, demonstrate due diligence and satisfy policy conditions. Skip them and your coverage faces exclusions and denied claims.
Large Panel Vendor vs. Independent Forensics: Which Is Better for Your Claim?
The big firms handle 500 cases a year. We handle yours. Comparing large panel vendors to independent forensics for cyber insurance claims.
5 Things Your Cyber Insurer Wishes You Had Done Before the Breach
Recent pentest, IR plan, MFA, tested backups and logging. Do these five and your insurer loves you. Skip them and your claim gets complicated.
The Indie Hacker's Guide to Not Getting Hacked
You are one person against every bot on the internet. A casual, direct guide to the attacks that actually hit solo builders and how to stop them.
The Solopreneur's Security Checklist: 10 Things to Check Before You Launch
10 quick security checks with how-to steps for each. Free checklist for solopreneurs and indie hackers launching web apps.
I Built a SaaS in a Weekend. Is It Secure?
First person narrative. Relatable. Honest. The answer is almost certainly no. But that is fixable.
Security on a Bootstrap Budget: What to Prioritize When You Cannot Afford Everything
A priority ladder from free tools to $5,000 pentests. Genuinely helpful at every budget level. No hard sell.
Your First Paying User Changes Everything About Security
The moment someone gives you money or personal data, you are responsible for protecting it. Legal obligations kick in.
How Can I Audit My Code for Vulnerabilities Using AI?
AI-assisted code auditing with ChatGPT, Claude and SAST tools. What AI catches, what it misses and when to call a professional.
Vibe Coding Prompts for Secure Development
10 copy-paste security prompts for vibe coders. Check your AI-generated code for SQL injection, hardcoded secrets, broken auth and more.
Claude Mythos: What It Means for Your Security in 2026
Claude Mythos can find zero-days faster than any human. If AI discovers vulnerabilities this fast, your unaudited code is a sitting target.
Digital Forensic Investigation Services Across Canada
National reach, court-qualified in BC and Newfoundland, remote forensic capabilities and on-site collection anywhere in Canada.
How to Test If Your Website Is Secure (Free Methods)
5 free methods to test your website security. Security headers, SSL, exposed files, admin panels and Google dorking.
Active Incident: What to Do in the First 60 Minutes
Step-by-step guide for the first 60 minutes of an active breach. Isolate, preserve, assess, communicate and engage forensics.
Sherlock Forensics: Who We Are and What We Do
20 years of cybersecurity and forensics. Services, pricing, credentials, CBC appearances and what makes Sherlock different.
SaaS Penetration Testing: The Complete Guide for 2026
SaaS penetration testing covers multi-tenant security, API testing, auth/authz review and compliance reporting. From $5,000 CAD.
Vibe Code Audit: What to Expect and How It Works
What happens during a vibe code audit, what we check, common findings and how to prepare your AI-built app for review. From $1,500 CAD.
Penetration Testing in Vancouver: Why Local Expertise Matters
On-site forensic collection, BC court testimony, PIPEDA compliance and same-day incident response from two Metro Vancouver offices.
Digital Forensics in Vancouver: Expert Services for Legal and Corporate Cases
Court-qualified examiner with 20+ years experience. Computer forensics, cellphone forensics, eDiscovery and expert witness testimony.
AI Code Slop: The Security Risks Nobody Is Talking About in 2026
AI code slop is getting worse. Our 2026 audit data shows what happens when AI-generated code ships without security review.
Claude Mythos Security Vulnerabilities: What We Know in 2026
Analysis of Claude Mythos vulnerability discovery capabilities, what remains unpatched and what it means for your security posture.
Your Firewall Configuration Has Never Been Tested. That Is a Problem.
Most firewalls are configured once and never validated. Years of rule bloat create hidden pathways through your perimeter.
Top 10 Firewall Misconfigurations We Find in Every Pentest
Default credentials, any-any rules, no egress filtering and seven other misconfigurations we find in nearly every firewall we test.
EDR Is Not Enough: Why You Still Need a Penetration Test
Fileless attacks, LOLBins and credential abuse bypass EDR detection. A penetration test reveals what your endpoint protection misses.
Zero Trust Is Not Zero Risk
Zscaler, Cloudflare Zero Trust and BeyondTrust have limitations. Insider threats and misconfigurations bypass the architecture.
When Was the Last Time You Tested Your Entire Security Stack?
Companies buy firewall, EDR, NDR, SIEM and MFA but never test them together. ShadowTap tests the whole stack simultaneously.
Who Checks the Checker? Why You Need to Validate Your Security Tools
Companies spend millions on Darktrace, CrowdStrike and Sentinel but never test if they work. Why security tool validation is the missing piece.
Darktrace Blind Spots: What It Cannot See
Known limitations of behavioral analysis: encrypted tunnels, MAC spoofing, low-throughput DNS tunnels and traffic mimicking normal patterns.
Blindly Trusting AI Security Is the New Blind Spot
AI detection tools need training data and baseline. New devices have no baseline. Slow-moving attackers stay under radar.
How We Test Darktrace Without Breaking It
Sanitized methodology: Darktrace stays fully operational, controlled phase escalation and joint review after testing.
Your NDR Sees 80% of Traffic. What About the Other 20%?
Encrypted tunnels, DNS exfiltration, ICMP tunnels, non-standard ports and identity rotation. The gaps attackers exploit.
From NIDS to Offensive: How We Built ShadowTap
Years watching networks for attackers taught us exactly how to be one. 12,000+ signatures became 12,000+ things we know how to test for.
The Device Your Network Cannot See
ShadowTap Ghost Mode: physically on your network, generating zero outbound traffic. All C2 through cellular. Your IDS cannot see what is not there.
We Cloned Your Network Identity. Your AI Did Not Notice.
Anti-Antigena MAC prefix matching and hostname mimicry. To the AI, we looked like just another Intel workstation named WS4827.
4 Ways to Tunnel Out of a Corporate Network (And Which Ones Your IDS Catches)
Cloudflare ARGO, Iodine DNS, ICMP ptunnel, SSH reverse and JML ICMP timing. Each tunnel that fails teaches us about your detection.
How Fast Does Your NDR Detect a New Device?
When ShadowTap plugs in, the clock starts. The baseline window is the attacker's window. A real attacker has the same opportunity.
5 Questions to Ask Your Darktrace Vendor
If your vendor cannot answer these five questions about detection coverage, we can. By testing it.
Red Team vs. Blue Team: Why You Need Both
Blue team monitors. Red team attacks. Purple team approach delivers collaborative improvement that neither side achieves alone.
How to Vibe Code Securely: Build Fast Without Getting Hacked
AI coding is incredible. Here is how to do it without leaving the door open. Secure environments, security prompts, pre-commit hooks and deploy checks.
AI Is the Future of Software Development. And That Is Fine.
Every revolution needed a security layer. Assembly needed memory safety. The web needed HTTPS. AI needs audit.
The CTO Guide to Letting Your Team Use AI Coding Tools Safely
Ban AI and your developers use it anyway. Embrace it with guardrails. Policy template for enterprise CTOs who want to say yes to AI.
We Audited Our Own Website. Here Is What We Found.
We pointed our own tools at sherlockforensics.com and documented everything honestly. Missing headers, demo files, permission issues and more.
What Is a Penetration Test? [Simple Definition]
A penetration test is an authorized simulated cyberattack to find vulnerabilities. Learn types, cost, timeline and what to expect.
How Much Does a Penetration Test Cost in 2026?
Penetration test costs from $1,500 to $50,000 CAD. Pricing table by tier, scope and timeline. Transparent pricing breakdown.
What Is AI Slop? [Definition and Examples]
AI slop is unreviewed AI-generated code that compiles correctly but hides security vulnerabilities. Definition, examples and how to fix it.
What Is Vibe Coding? [2026 Definition]
Vibe coding is building apps with AI assistants and minimal manual coding. Learn the security risks and how to protect vibe-coded applications.
Steps in a Penetration Test [The 7-Step Process]
The complete 7-step penetration testing process from scoping and planning through exploitation, reporting and remediation support.
Types of Penetration Testing [Complete Guide]
External, internal, web app, API, mobile, social engineering, cloud and red team. Which type of penetration test do you need?
Best Penetration Testing Companies in Canada (2026)
Comparing the top pentest firms in Canada: Sherlock Forensics, Mandiant, Coalfire, GoSecure, Herjavec Group and KPMG. Specialties, pricing and target markets.
Automated Scanning vs. Manual Penetration Testing: Which Do You Need?
What Nessus, Qualys and Burp Suite find vs. what a human pentester catches. Pricing comparison and why you likely need both.
CrowdStrike Alternative for Small Business Security
CrowdStrike protects endpoints. We test if your application can be broken into. Why SMBs need pentesting, not just EDR.
Penetration Testing Cost Comparison: What Companies Actually Charge in 2026
Real pricing from $1,500 quick audits to $50,000+ enterprise red teams. Transparent comparison with factors affecting cost.
Free Security Tools vs. Professional Audit: Where to Draw the Line
What OWASP ZAP, Nikto, nmap and SSL Labs do well and where free tools stop. Use them for hygiene. Hire professionals for assurance.
I Audited My Own Vibe-Coded App. Here Is What I Found.
I built a SaaS with Cursor in a weekend. Then I ran our own security testing tool against it. 14 vulnerabilities in 45 minutes.
The Password Was Literally in a Text File
Took us 4 minutes to find the database password. passwords.txt in the public directory. A war story of escalating findings from one engagement.
The AI Coding Security Checklist Nobody Talks About
15 practical security checks for AI-generated code. Each item includes what to check, why it matters and a copy-paste fix you can use right now.
Your Cursor App Is Probably Leaking .env Variables
How .env files end up exposed in apps built with Cursor, Bolt and Lovable. How to check if yours is leaking and how to fix it in 5 minutes.
We Scanned 100 Websites Built With AI. Here Is What We Found.
92% had critical vulnerabilities. 78% stored secrets in plaintext. Data-driven analysis with visual breakdowns by vulnerability category and AI tool.
Why Choose a 20-Year Veteran Over a Startup Pentester
Experience catches business logic flaws, court-admissible documentation and auditor-ready reports. What 20 years and CISSP/ISSAP/ISSMP certifications actually deliver.
10 Questions to Ask Before Hiring a Penetration Tester
A buyer's guide covering certifications, manual testing, compliance reports, retesting, expert witness capability and more. With Sherlock's answers to each.
The Top 10 Things We Find in Every Penetration Test
Default credentials, missing rate limiting, exposed admin panels, SQL injection and more. The 10 most common findings from real pentests with severity ratings.
7 Security Prompts Every Vibe Coder Needs Before They Ship
Seven essential security prompts to paste into your AI coding tool before deploying. Catch broken auth, injection flaws, exposed secrets and more.
Corporations Are Mandating AI Coding. Who Audits the Output?
The security gap between mandating AI coding tools and auditing what they produce. References Linus Torvalds, Zuckerberg and the enterprise accountability problem.
How to Verify That AI-Suggested Packages Are Real (Not Hallucinated)
Practical npm and pip verification commands to confirm AI-suggested packages exist before installing them. Prevent supply chain attacks from hallucinated dependencies.
SOC 2 Pentest Checklist: What CPAs Need From the Penetration Tester
A 7-point checklist for CPAs reviewing SOC 2 pentest reports. Scope, methodology, CVSS findings, remediation status, retest evidence and red flags.
How Much Does a Pentest Cost in 2026? Real Pricing Breakdown
Transparent pricing from $1,500 to $25,000+ CAD. Four tiers compared to industry averages, cost factors and why cheap pentests are expensive.
Top 10 Things We Find in Every Penetration Test
Aggregate data from hundreds of engagements. Default credentials, SQL injection, broken access controls and more, with severity ratings and fixes.
Pentest vs. Vulnerability Scan: What Is the Difference and Which Do You Need?
Clear comparison of pentests, vulnerability scans, bug bounties and red teams. Table format with costs, use cases and a decision tree.
What a Pentest Actually Looks Like (No, It Is Not Like the Movies)
Step-by-step walkthrough of a real engagement. Scoping, reconnaissance, exploitation, reporting and debrief demystified for founders and CTOs.
What Is Penetration Testing? Explained for Non-Technical Founders
Penetration testing explained in plain language. What it is, why it matters, what happens during one, what the report looks like and how much it costs.
Penetration Testing vs. Bug Bounties: Which One Do You Need?
Side-by-side comparison for CTOs. Pros, cons, costs and a decision framework for choosing between pentests and bug bounty programs.
What Happens During a Penetration Test: Day by Day
A detailed day-by-day walkthrough of a standard penetration test. Scoping, reconnaissance, active testing, exploitation, reporting and debrief.
API Security Testing: Why Your Endpoints Are Probably Exposed
The most common API vulnerabilities mapped to the OWASP API Security Top 10. Broken auth, BOLA, mass assignment, rate limiting and SSRF with real findings.
Pentest Report Red Flags: What to Look For
How to tell a good pentest report from a bad one. Red flags, green flags and what to demand from your security vendor.
SOC 2 Pentest Requirements: What Your Auditor Actually Wants to See
SOC 2 penetration testing requirements for startups. What the standard requires, how to scope, timing and what auditors look for in the report.
State of AI Code Security: What We Found in 2026
Top 5 findings from the 2026 AI Code Security Report. 92% of AI-generated codebases have critical vulnerabilities. 88% lack rate limiting. 78% expose secrets.
What We Found Auditing 50 AI-Built Applications
Aggregate data from 50 AI code audits. 92% had critical vulnerabilities, 78% stored secrets in plaintext and 54% had SQL injection. Vibe-coded vs professional comparison.
How a $1,500 Audit Saved a Startup From a Data Breach
Anonymized case study. 3-person SaaS startup built with Cursor. 8 critical vulnerabilities found in a $1,500 quick audit and fixed in 2 days.
Security Audit vs. Doing Nothing: The Real Cost
$1,500 audit vs $4.88M breach. The math of prevention vs doing nothing, including PIPEDA fines, cyber insurance and reputation damage.
Is Your Vibe-Coded Login Page Actually Secure? (Probably Not)
The 10 most common security disasters in vibe-coded authentication. Plaintext passwords, client-side auth, exposed .env files and more.
The 5-Minute Security Check Before You Launch Your AI-Built App
Ten checks you can run right now. If you fail more than two you need a professional audit before launch.
Your AI-Built App vs. a Real Attacker: What Actually Happens
A realistic 60-minute attack walkthrough on a typical vibe-coded SaaS. From recon to database dump to Stripe access.
Do I Need a Pentest for My Side Project?
Decision tree for founders. If it handles user data, processes payments or has login, the answer is yes.
What Happens When You Store Passwords in Text Files
Directory traversal, server misconfiguration and zero hashing. Why flat file password storage is catastrophic and what to use instead.
Audit Your AI Slop Before It Costs You Everything
AI slop ships fast and breaks faster. Unreviewed AI-generated code carries injection flaws, hallucinated dependencies and hardcoded secrets that survive to production.
Your AI Masterpiece Might Be a Security Timebomb
Working code is not secure code. AI writes functional applications that hide auth bypasses, injectable queries and unprotected API endpoints.
Your Vibe-Coded App Got Hacked. Now What?
You built it in a weekend with Cursor. An attacker dismantled it in an afternoon. The incident response playbook for AI-built applications.
The 2026 AI Code Audit Checklist: What Every CTO Needs to Review
Nine security categories every CTO must check before shipping AI-generated code. Dependency verification, secrets scanning, auth review and more.
5 Vulnerabilities AI Code Assistants Introduce
Hallucinated packages, weak randomness, SQL injection, hardcoded secrets and insecure deserialization. The five patterns we find in every AI code audit.
Claude Mythos Just Changed the Game
Anthropic's Claude Mythos found thousands of zero-days for under $50 each. Over 99% remain unpatched.
You Vibe Coded It. Now Secure It.
The rise of non-developers shipping production apps and why scanning alone is not enough to secure vibe coded software.
Why Every AI Product Needs a Security Audit Before Launch
EU AI Act, NIST AI RMF and investor expectations are making AI security audits a pre-launch requirement.
Real AI Attacks in 2026: What Actually Happened
Documented cases of AI systems being exploited in production. Prompt injection, model poisoning and supply chain attacks with real-world impact.
Can AI Be Hacked?
A forensic examination of AI attack surfaces. Model extraction, data poisoning, adversarial inputs and the security gaps most teams overlook.
Shadow AI: The Employee Risk You Are Not Tracking
Employees are using AI tools you did not approve on data you did not authorize. The compliance and security implications are significant.
Best Penetration Testing Tools in 2026
The tools our team actually uses on engagements. From reconnaissance to exploitation to reporting.
PIPEDA Compliance Guide for 2026
What Canadian businesses need to know about PIPEDA compliance, data breach notification and privacy impact assessments.
Encrypted Memory Forensics in the Post-Quantum Era
How evolving post-quantum encryption standards are reshaping volatile memory analysis and what forensic examiners must adapt.
AI-Generated Deepfakes in Legal Proceedings
A forensic methodology for authenticating digital evidence when AI-generated media enters the courtroom.
Why Your AI Startup Needs a Pen Test Before Demo Day
Investors are asking about security posture. Here is what a pre-funding penetration test actually covers and why waiting costs more.
CVE Intelligence
Latest CVE Alerts
High and critical vulnerabilities relevant to cloud, web and AI infrastructure. Updated daily from the National Vulnerability Database.
| CVE | Severity | CVSS | Affected Product | Vulnerability |
|---|---|---|---|---|
| CVE-2026-23696 | CRITICAL | 9.9 | Windmill CE/EE | SQL injection in folder ownership management |
| CVE-2021-4473 | CRITICAL | 9.8 | Tianxin Management System | Command injection in Reporter component |
| CVE-2026-22679 | CRITICAL | 9.8 | Weaver E-cology 10.0 | Unauthenticated RCE via debug endpoint |
| CVE-2026-3296 | CRITICAL | 9.8 | Everest Forms (WordPress) | PHP Object Injection via deserialization |
| CVE-2026-4631 | CRITICAL | 9.8 | Cockpit (Linux) | SSH command injection via login endpoint |
| CVE-2026-1346 | CRITICAL | 9.3 | IBM Verify Identity Access | Privilege escalation for local users |
| CVE-2026-22683 | HIGH | 8.8 | Windmill | Missing authorization bypasses operator restrictions |
| CVE-2026-3357 | HIGH | 8.8 | IBM Langflow Desktop | Insecure FAISS deserialization enables code execution |
| CVE-2026-1342 | HIGH | 8.5 | IBM Verify Identity Access | Local users can execute malicious scripts |
| CVE-2026-4788 | HIGH | 8.4 | IBM Tivoli Netcool Impact | Sensitive data exposure in log files |
| CVE-2026-4740 | HIGH | 8.2 | Red Hat ACM / Open Cluster Mgmt | Certificate forgery via improper validation |
| CVE-2026-5736 | HIGH | 7.3 | PowerJob | detailPlus endpoint manipulation |
| CVE-2026-5739 | HIGH | 7.3 | PowerJob | Code injection via OpenAPI workflow endpoint |
| CVE-2026-5741 | HIGH | 7.3 | docker-mcp-server | OS command injection via HTTP interface |
| CVE-2026-1343 | HIGH | 7.2 | IBM Verify Identity Access | SSRF exposes internal auth endpoints |
| CVE-2026-22682 | HIGH | 7.1 | OpenHarness | Improper access control exposes local files |