{"title":"PublicCVE — latest vulnerabilities","link":"https://publiccve.com","items":[{"cve_id":"CVE-2026-20262","title":"Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability","link":"https://publiccve.com/cve/CVE-2026-20262","description":"A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.\r\n\r\nThis vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account.","severity":"MEDIUM","cvss_score":6.5,"published":"2026-06-15T16:21:09.696000Z"},{"cve_id":"CVE-2026-54420","title":"LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability","link":"https://publiccve.com/cve/CVE-2026-54420","description":"LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.","severity":"HIGH","cvss_score":8.5,"published":"2026-06-14T03:23:12.863000Z"},{"cve_id":"CVE-2026-35273","title":"Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability","link":"https://publiccve.com/cve/CVE-2026-35273","description":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).","severity":"CRITICAL","cvss_score":9.8,"published":"2026-06-11T02:25:15.375000Z"},{"cve_id":"CVE-2026-20253","title":"Splunk Enterprise Missing Authentication for Critical Function Vulnerability","link":"https://publiccve.com/cve/CVE-2026-20253","description":"In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.","severity":"CRITICAL","cvss_score":9.8,"published":"2026-06-10T17:16:21.242000Z"},{"cve_id":"CVE-2026-10520","title":"Ivanti Sentry OS Command Injection Vulnerability","link":"https://publiccve.com/cve/CVE-2026-10520","description":"An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution","severity":"CRITICAL","cvss_score":10.0,"published":"2026-06-09T14:10:21.581000Z"},{"cve_id":"CVE-2026-11645","title":"Google Chromium V8 Out-of-Bounds Read and Write Vulnerability","link":"https://publiccve.com/cve/CVE-2026-11645","description":"Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","severity":"HIGH","cvss_score":8.8,"published":"2026-06-08T23:27:31.298000Z"},{"cve_id":"CVE-2026-50751","title":"Check Point Security Gateway Improper Authentication Vulnerability","link":"https://publiccve.com/cve/CVE-2026-50751","description":"A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.","severity":"CRITICAL","cvss_score":9.3,"published":"2026-06-08T11:07:15.746000Z"},{"cve_id":"CVE-2026-7473","title":"Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability","link":"https://publiccve.com/cve/CVE-2026-7473","description":"On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tunnel traffic.\n\n\n\nThis issue has been reported as being exploited in the wild.","severity":"MEDIUM","cvss_score":6.9,"published":"2026-06-05T16:22:47.989000Z"},{"cve_id":"CVE-2026-48907","title":"Widget Factory Joomla Content Editor Improper Access Control Vulnerability","link":"https://publiccve.com/cve/CVE-2026-48907","description":"A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.","severity":"CRITICAL","cvss_score":10.0,"published":"2026-06-05T07:31:30.257000Z"},{"cve_id":"CVE-2026-20245","title":"Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability","link":"https://publiccve.com/cve/CVE-2026-20245","description":"A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected system and elevate their privileges as the root user. \r\nTo exploit this vulnerability, the attacker must have netadmin privileges on the affected system. This would require valid credentials or exploitation of  or . Cisco is not aware of successful exploitation by other methods. Cisco has observed limited cases where the exploitation of this bug resulted in a configuration change pushed to edge devices.\r\nCisco recommends that customers upgrade to the fixed software that is documented in the  that was published on May 14, 2026, and verify the configuration of the edge devices.","severity":"HIGH","cvss_score":7.8,"published":"2026-06-04T22:33:00.748000Z"},{"cve_id":"CVE-2026-28318","title":"SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability","link":"https://publiccve.com/cve/CVE-2026-28318","description":"SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update","severity":"HIGH","cvss_score":7.5,"published":"2026-06-04T14:05:58.218000Z"},{"cve_id":"CVE-2025-48595","title":"Android Framework Integer Overflow Vulnerability","link":"https://publiccve.com/cve/CVE-2025-48595","description":"In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","severity":"HIGH","cvss_score":8.4,"published":"2026-06-01T21:14:49.921000Z"},{"cve_id":"CVE-2026-48027","title":"Nx Console Embedded Malicious Code Vulnerability","link":"https://publiccve.com/cve/CVE-2026-48027","description":"Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.","severity":"CRITICAL","cvss_score":9.3,"published":"2026-05-27T15:50:01.143000Z"},{"cve_id":"CVE-2026-45247","title":"Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability","link":"https://publiccve.com/cve/CVE-2026-45247","description":"Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted call to PHP's native unserialize() function combined with gadget chains available in Magento and its dependencies to execute arbitrary code on the server.","severity":"CRITICAL","cvss_score":9.3,"published":"2026-05-26T14:15:33.596000Z"},{"cve_id":"CVE-2026-34910","title":"Ubiquiti UniFi OS Improper Input Validation Vulnerability","link":"https://publiccve.com/cve/CVE-2026-34910","description":"A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.","severity":"CRITICAL","cvss_score":10.0,"published":"2026-05-22T00:43:49.096000Z"},{"cve_id":"CVE-2026-34908","title":"Ubiquiti UniFi OS Improper Access Control Vulnerability","link":"https://publiccve.com/cve/CVE-2026-34908","description":"A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.","severity":"CRITICAL","cvss_score":10.0,"published":"2026-05-22T00:43:49.077000Z"},{"cve_id":"CVE-2026-34909","title":"Ubiquiti UniFi OS Path Traversal Vulnerability","link":"https://publiccve.com/cve/CVE-2026-34909","description":"A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.","severity":"CRITICAL","cvss_score":10.0,"published":"2026-05-22T00:43:49.072000Z"},{"cve_id":"CVE-2026-34926","title":"Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability","link":"https://publiccve.com/cve/CVE-2026-34926","description":"A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.\n\n\r\nThis vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.","severity":"MEDIUM","cvss_score":6.7,"published":"2026-05-21T13:03:21.164000Z"},{"cve_id":"CVE-2026-48172","title":"LiteSpeed cPanel Plugin Privilege Escalation Vulnerability","link":"https://publiccve.com/cve/CVE-2026-48172","description":"LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE \"cpanel_jsonapi_func=redisAble\" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash. If you get no output, you have not been hit with exploitation of the vulnerability. If there is output, we recommend you examine the IP addresses in the list, determine if they are valid IP addresses, and if not, block them. To determine damage done, examine the system logs for use by the detected IP addresses. The issue is related to mishandling of Redis enable/disable features. The recommended minimum version is 2.4.7.","severity":"CRITICAL","cvss_score":10.0,"published":"2026-05-21T00:38:04.489000Z"},{"cve_id":"CVE-2026-9082","title":"Drupal Core SQL Injection Vulnerability","link":"https://publiccve.com/cve/CVE-2026-9082","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection.\n\nThis issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0 before 11.2.12, from 11.3.0 before 11.3.10.","severity":"CRITICAL","cvss_score":9.8,"published":"2026-05-20T18:20:52.863000Z"},{"cve_id":"CVE-2026-41091","title":"Microsoft Defender Link Following Vulnerability","link":"https://publiccve.com/cve/CVE-2026-41091","description":"Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.","severity":"HIGH","cvss_score":7.8,"published":"2026-05-20T13:09:13.634000Z"},{"cve_id":"CVE-2026-45498","title":"Microsoft Defender Denial of Service Vulnerability","link":"https://publiccve.com/cve/CVE-2026-45498","description":"Microsoft Defender Denial of Service Vulnerability","severity":"MEDIUM","cvss_score":4.0,"published":"2026-05-20T13:09:12.903000Z"},{"cve_id":"CVE-2026-8398","title":"Daemon Tools Lite Embedded Malicious Code Vulnerability","link":"https://publiccve.com/cve/CVE-2026-8398","description":"A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure and trojanized three binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. These files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to appear trustworthy and bypass signature-based detection.","severity":"CRITICAL","cvss_score":9.3,"published":"2026-05-15T07:30:29.287000Z"},{"cve_id":"CVE-2026-42897","title":"Microsoft Exchange Server Cross-Site Scripting Vulnerability","link":"https://publiccve.com/cve/CVE-2026-42897","description":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.","severity":"HIGH","cvss_score":8.1,"published":"2026-05-14T17:00:36.515000Z"},{"cve_id":"CVE-2026-20182","title":"Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability","link":"https://publiccve.com/cve/CVE-2026-20182","description":"May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the  was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The  section of this advisory includes Show Control Connections guidance to help with system checks. \r\n\r\nA vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.\r\nThis vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.","severity":"CRITICAL","cvss_score":10.0,"published":"2026-05-14T16:08:25.566000Z"},{"cve_id":"CVE-2026-0257","title":"Palo Alto Networks PAN-OS Authentication Bypass Vulnerability","link":"https://publiccve.com/cve/CVE-2026-0257","description":"Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection.\n\nPanorama and Cloud NGFW are not impacted by these issues.","severity":"HIGH","cvss_score":7.8,"published":"2026-05-13T18:15:10.172000Z"},{"cve_id":"CVE-2026-45321","title":"TanStack Unspecified Vulnerability","link":"https://publiccve.com/cve/CVE-2026-45321","description":"On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target \"Pwn Request\" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.","severity":"CRITICAL","cvss_score":9.6,"published":"2026-05-12T00:12:35.452000Z"},{"cve_id":"CVE-2026-42208","title":"BerriAI LiteLLM SQL Injection Vulnerability","link":"https://publiccve.com/cve/CVE-2026-42208","description":"LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route (for example POST /chat/completions) and reach this query through the proxy's error-handling path. An attacker could read data from the proxy's database and may be able to modify it, leading to unauthorised access to the proxy and the credentials it manages. This issue has been patched in version 1.83.7.","severity":"CRITICAL","cvss_score":9.3,"published":"2026-05-08T03:38:14.124000Z"},{"cve_id":"CVE-2026-42271","title":"BerriAI LiteLLM Command Injection Vulnerability","link":"https://publiccve.com/cve/CVE-2026-42271","description":"LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied command as a subprocess on the proxy host with the privileges of the proxy process. The endpoints were gated only by a valid proxy API key, with no role check. Any authenticated user — including holders of low-privilege internal-user keys — could therefore run arbitrary commands on the host. This issue has been patched in version 1.83.7.","severity":"HIGH","cvss_score":8.7,"published":"2026-05-08T03:35:16.758000Z"},{"cve_id":"CVE-2026-6973","title":"Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability","link":"https://publiccve.com/cve/CVE-2026-6973","description":"An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.","severity":"HIGH","cvss_score":7.2,"published":"2026-05-07T15:21:24.849000Z"},{"cve_id":"CVE-2026-0300","title":"Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability","link":"https://publiccve.com/cve/CVE-2026-0300","description":"A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. \n\nThe risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the  best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail  by restricting access to only trusted internal IP addresses.\n\nPrisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.","severity":"CRITICAL","cvss_score":9.3,"published":"2026-05-06T18:57:39.876000Z"},{"cve_id":"CVE-2026-41940","title":"WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability","link":"https://publiccve.com/cve/CVE-2026-41940","description":"cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.","severity":"CRITICAL","cvss_score":9.3,"published":"2026-04-29T15:10:37.899000Z"},{"cve_id":"CVE-2026-31431","title":"Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability","link":"https://publiccve.com/cve/CVE-2026-31431","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings.  Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly.","severity":"HIGH","cvss_score":7.8,"published":"2026-04-22T08:15:10.123000Z"},{"cve_id":"CVE-2026-32201","title":"Microsoft SharePoint Server Improper Input Validation Vulnerability","link":"https://publiccve.com/cve/CVE-2026-32201","description":"Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.","severity":"MEDIUM","cvss_score":6.5,"published":"2026-04-14T16:58:36.981000Z"},{"cve_id":"CVE-2026-33825","title":"Microsoft Defender Insufficient Granularity of Access Control Vulnerability","link":"https://publiccve.com/cve/CVE-2026-33825","description":"Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.","severity":"HIGH","cvss_score":7.8,"published":"2026-04-14T16:57:49.361000Z"},{"cve_id":"CVE-2026-32202","title":"Microsoft Windows Protection Mechanism Failure Vulnerability","link":"https://publiccve.com/cve/CVE-2026-32202","description":"Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.","severity":"MEDIUM","cvss_score":4.3,"published":"2026-04-14T16:57:36.996000Z"},{"cve_id":"CVE-2026-34621","title":"Adobe Acrobat and Reader Prototype Pollution Vulnerability","link":"https://publiccve.com/cve/CVE-2026-34621","description":"Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","severity":"HIGH","cvss_score":8.6,"published":"2026-04-11T06:45:43.512000Z"},{"cve_id":"CVE-2026-39987","title":"Marimo Remote Code Execution Vulnerability","link":"https://publiccve.com/cve/CVE-2026-39987","description":"marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.","severity":"CRITICAL","cvss_score":9.3,"published":"2026-04-09T17:16:55.639000Z"},{"cve_id":"CVE-2026-34197","title":"Apache ActiveMQ Improper Input Validation Vulnerability","link":"https://publiccve.com/cve/CVE-2026-34197","description":"Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ.\n\nApache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including\nBrokerService.addNetworkConnector(String) and BrokerService.addConnector(String).\n\nAn authenticated attacker can invoke these operations with a crafted discovery URI that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext.\nBecause Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec().\n\n\n\nThis issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ All: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ: before 5.19.4, from 6.0.0 before 6.2.3.\n\n\n\nUsers are recommended to upgrade to version 5.19.4 or 6.2.3, which fixes the issue","severity":"HIGH","cvss_score":8.8,"published":"2026-04-07T07:50:10.958000Z"},{"cve_id":"CVE-2026-35616","title":"Fortinet FortiClient EMS Improper Access Control Vulnerability","link":"https://publiccve.com/cve/CVE-2026-35616","description":"A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.","severity":"CRITICAL","cvss_score":9.1,"published":"2026-04-04T00:38:35.828000Z"},{"cve_id":"CVE-2026-5281","title":"Google Dawn Use-After-Free Vulnerability","link":"https://publiccve.com/cve/CVE-2026-5281","description":"Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)","severity":"HIGH","cvss_score":8.8,"published":"2026-04-01T04:41:32.723000Z"},{"cve_id":"CVE-2026-3502","title":"TrueConf Client Download of Code Without Integrity Check Vulnerability","link":"https://publiccve.com/cve/CVE-2026-3502","description":"TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.","severity":"HIGH","cvss_score":7.8,"published":"2026-03-30T18:05:42.806000Z"},{"cve_id":"CVE-2026-33634","title":"Aquasecurity Trivy Embedded Malicious Code Vulnerability","link":"https://publiccve.com/cve/CVE-2026-33634","description":"Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` to credential-stealing malware, and replace all 7 tags in `aquasecurity/setup-trivy` with malicious commits. This incident is a continuation of the supply chain attack that began in late February 2026. Following the initial disclosure on March 1, credential rotation was performed but was not atomic (not all credentials were revoked simultaneously). The attacker could have use a valid token to exfiltrate newly rotated secrets during the rotation window (which lasted a few days). This could have allowed the attacker to retain access and execute the March 19 attack. Affected components include the `aquasecurity/trivy` Go / Container image version 0.69.4, the `aquasecurity/trivy-action` GitHub Action versions 0.0.1 – 0.34.2 (76/77), and the`aquasecurity/setup-trivy` GitHub Action versions 0.2.0 – 0.2.6, prior to the recreation of 0.2.6 with a safe commit. Known safe versions include versions 0.69.2 and 0.69.3 of the Trivy binary, version 0.35.0 of trivy-action, and version 0.2.6 of setup-trivy. Additionally, take other mitigations to ensure the safety of secrets. If there is any possibility that a compromised version ran in one's environment, all secrets accessible to affected pipelines must be treated as exposed and rotated immediately. Check whether one's organization pulled or executed Trivy v0.69.4 from any source. Remove any affected artifacts immediately. Review all workflows using `aquasecurity/trivy-action` or `aquasecurity/setup-trivy`. Those who referenced a version tag rather than a full commit SHA should check workflow run logs from March 19–20, 2026 for signs of compromise. Look for repositories named `tpcp-docs` in one's GitHub organization. The presence of such a repository may indicate that the fallback exfiltration mechanism was triggered and secrets were successfully stolen. Pin GitHub Actions to full, immutable commit SHA hashes, don't use mutable version tags.","severity":"CRITICAL","cvss_score":9.4,"published":"2026-03-23T21:47:29.636000Z"},{"cve_id":"CVE-2026-3055","title":"Citrix NetScaler Out-of-Bounds Read Vulnerability","link":"https://publiccve.com/cve/CVE-2026-3055","description":"Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread","severity":"CRITICAL","cvss_score":9.3,"published":"2026-03-23T20:21:27.107000Z"},{"cve_id":"CVE-2026-33017","title":"Langflow Code Injection Vulnerability","link":"https://publiccve.com/cve/CVE-2026-33017","description":"Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution. This is distinct from CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code. This issue has been fixed in version 1.9.0.","severity":"CRITICAL","cvss_score":9.3,"published":"2026-03-20T04:52:52.885000Z"},{"cve_id":"CVE-2026-3910","title":"Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability","link":"https://publiccve.com/cve/CVE-2026-3910","description":"Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","severity":"HIGH","cvss_score":8.8,"published":"2026-03-12T21:30:51.861000Z"},{"cve_id":"CVE-2026-3909","title":"Google Skia Out-of-Bounds Write Vulnerability","link":"https://publiccve.com/cve/CVE-2026-3909","description":"Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","severity":"HIGH","cvss_score":8.8,"published":"2026-03-12T21:30:51.265000Z"},{"cve_id":"CVE-2025-67038","title":"Lantronix EDS5000 Code Injection Vulnerability","link":"https://publiccve.com/cve/CVE-2025-67038","description":"An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.","severity":"CRITICAL","cvss_score":9.8,"published":"2026-03-11T00:00:00Z"},{"cve_id":"CVE-2026-20131","title":"Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability","link":"https://publiccve.com/cve/CVE-2026-20131","description":"A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.\r\n\r\nThis vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root.\r\nNote: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.","severity":"CRITICAL","cvss_score":10.0,"published":"2026-03-04T17:17:56.008000Z"},{"cve_id":"CVE-2026-21385","title":"Qualcomm Multiple Chipsets Memory Corruption Vulnerability","link":"https://publiccve.com/cve/CVE-2026-21385","description":"Memory corruption while using alignments for memory allocation.","severity":"HIGH","cvss_score":7.8,"published":"2026-03-02T16:53:59.406000Z"}]}