{"articles":[{"id":"a0e9d366fa33a16f","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41478","title":"CVE-2026-41478 — Saltcorn: Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s","published_at":1777065379353,"severity":"critical","editorial_score":100,"summary":"Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through sync parameters. This can lead to full database exfiltration, including admin password hashes and configuration secrets, and may also enable database modification or destruction depen\n\nCVSSv3.1 9.9 (CRITICAL)","commentary":"","cves":["CVE-2026-41478"],"tags":["type:vulnerability","cwe:CWE-89","vendor:saltcorn"],"likes_count":0,"cvss_score":9.9},{"id":"d1344c85572e3eaa","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41248","title":"CVE-2026-41248 — Clerk: createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted","published_at":1777065378497,"severity":"critical","editorial_score":96,"summary":"Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerability is fixed in @clerk/astro 1.5.7, 2.17.10, and 3.0.15; @clerk/nextjs 5.7.6, 6.39.2, and 7.2.1; @clerk/nuxt 1.13.28 and 2.2.2; and @clerk/shared 2.22.1, 3.47.4, anc 4.8.1\n\nCVSSv3.1 9.1 (CRITICAL)","commentary":"","cves":["CVE-2026-41248"],"tags":["type:vulnerability","cwe:CWE-863","vendor:clerk","cwe:CWE-436"],"likes_count":0,"cvss_score":9.1},{"id":"e5272b819ffd0fed","source":{"id":"rapid7","name":"Rapid7 Research","host":"rapid7.com"},"external_url":"https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-04-25-2026","title":"Metasploit Wrap-Up 25/04/2026","published_at":1777061876000,"severity":"high","editorial_score":68,"summary":"Metasploit 6.4.129 release adds four new modules including a Langflow prompt-injection RCE (CVE-2026-27966), Camaleon CMS directory traversal, and WebDAV PHP upload exploit with Linux support. The update also improves check method visibility with reasoning information, enhances SMB module reliability for legacy targets, and includes performance optimizations and bug fixes.","commentary":"The Langflow RCE via exposed REPL is a solid addition—prompt injection as a vector for code execution in LLM frameworks is increasingly relevant. The WebDAV PHP upload getting Linux support and proper cleanup is practical; the SMB improvements matter for network-wide scanning reliability. Check method transparency is a quality-of-life win that reduces false negatives during assessment phases.","cves":["CVE-2024-46987","CVE-2026-27966","CVE-2012-10062","CVE-2009-1285"],"tags":["surface:application","type:tool","exploit:rce","stage:execution","surface:web","exploit:lfi","vendor:rapid7","exploit:prompt-injection","vendor:metasploit"],"likes_count":0,"cvss_score":null},{"id":"7082807fc1519def","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41433","title":"CVE-2026-41433 — OpenTelemetry: From 0.4.0 to before 0.8.0, a flaw in the Java agent injection","published_at":1777061787803,"severity":"high","editorial_score":92,"summary":"OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker controlling a Java workload to overwrite arbitrary host files when Java injection is enabled and OBI is running with elevated privileges. The injector trusted TMPDIR from the target process and used unsafe file creation semantics, enabling both filesystem boundary escape and symlink-ba\n\nCVSSv3.1 8.4 (HIGH)","commentary":"","cves":["CVE-2026-41433"],"tags":["type:vulnerability","cwe:CWE-22","vendor:opentelemetry","cwe:CWE-59"],"likes_count":0,"cvss_score":8.4},{"id":"c90759ee916bd3ba","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41429","title":"CVE-2026-41429 — Arduino: Prior to 3.3.8, there is a remotely reachable memory corruption issue in","published_at":1777061787663,"severity":"high","editorial_score":94,"summary":"arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled by calling NBNS.begin(...), the device listens on UDP port 137 and processes untrusted NBNS requests from the local network.\nThe request parser trusts the attacker-controlled name_len field without enforcing a bound consistent with th\n\nCVSSv3.1 8.8 (HIGH)","commentary":"","cves":["CVE-2026-41429"],"tags":["type:vulnerability","cwe:CWE-121","vendor:arduino"],"likes_count":0,"cvss_score":8.8},{"id":"15fdfddf60bfd43f","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41428","title":"CVE-2026-41428 — Budibase: Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match","published_at":1777061787523,"severity":"critical","editorial_score":96,"summary":"Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public (no-auth) endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint by appending a public endpoint path as a query parameter. For example, POST /api/global/users/search?x=/api/system/status bypasses all authentication because the regex /api/system/s\n\nCVSSv3.1 9.1 (CRITICAL)","commentary":"","cves":["CVE-2026-41428"],"tags":["type:vulnerability","cwe:CWE-287","vendor:budibase"],"likes_count":0,"cvss_score":9.1},{"id":"d4d1d67db24840bd","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41492","title":"CVE-2026-41492 — Dgraph: Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated","published_at":1777058234047,"severity":"critical","editorial_score":99,"summary":"Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security \"token=...\" startup flag, an unauthenticated attacker can retrieve that token and replay it in the X-Dgraph-AuthToken header to access admin-only endpoints. This is a variant of the previously fixed /debug/pprof/cmdline issue, but the current f\n\nCVSSv3.1 9.8 (CRITICAL)","commentary":"","cves":["CVE-2026-41492"],"tags":["type:vulnerability","cwe:CWE-200","vendor:dgraph"],"likes_count":0,"cvss_score":9.8},{"id":"6943dac8bfcc213a","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41421","title":"CVE-2026-41421 — SiYuan: On desktop builds, this is not limited to ordinary XSS.","published_at":1777058233740,"severity":"high","editorial_score":94,"summary":"SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg accepts a user-controlled msg value, forwards it through the backend broadcast layer, and the frontend inserts it into the DOM with insertAdjacentHTML(...) at message.ts. On desktop builds, this is not limited to ordinary XSS. Electron windows are created with \n\nCVSSv3.1 8.8 (HIGH)","commentary":"","cves":["CVE-2026-41421"],"tags":["type:vulnerability","cwe:CWE-79","cwe:CWE-78","vendor:siyuan"],"likes_count":0,"cvss_score":8.8},{"id":"baae534e52936092","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41328","title":"CVE-2026-41328 — Dgraph: The second sends a crafted JSON mutation to /mutate?commitNow=true where a JSON","published_at":1777058232553,"severity":"critical","editorial_score":96,"summary":"Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack requires two HTTP POSTs to port 8080. The first sets up a schema predicate with @unique @index(exact) @lang via /alter (also unauthenticated in default config). The second sends a crafted JS\n\nCVSSv3.1 9.1 (CRITICAL)","commentary":"","cves":["CVE-2026-41328"],"tags":["type:vulnerability","vendor:dgraph","cwe:CWE-943"],"likes_count":0,"cvss_score":9.1},{"id":"fa81589352b11abc","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41327","title":"CVE-2026-41327 — Dgraph: Prior to 25.3.3, a vulnerability has been found in Dgraph that gives","published_at":1777058232407,"severity":"critical","editorial_score":96,"summary":"Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack is a single HTTP POST to /mutate?commitNow=true containing a crafted cond field in an upsert mutation. The cond value is concatenated directly into a DQL query string via strings.Builder.Wri\n\nCVSSv3.1 9.1 (CRITICAL)","commentary":"","cves":["CVE-2026-41327"],"tags":["type:vulnerability","vendor:dgraph","cwe:CWE-943"],"likes_count":0,"cvss_score":9.1},{"id":"aeb071748708dba6","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6912","title":"CVE-2026-6912 — Improperly: Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool","published_at":1777050982377,"severity":"high","editorial_score":94,"summary":"Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API call that sets the custom:deployment_admin attribute.\n\nTo remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched\n\nCVSSv3.1 8.8 (HIGH)","commentary":"","cves":["CVE-2026-6912"],"tags":["type:vulnerability","cwe:CWE-915","vendor:improperly"],"likes_count":0,"cvss_score":8.8},{"id":"830d4e7193a400cb","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6911","title":"CVE-2026-6911 — Missing: Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to","published_at":1777050982220,"severity":"critical","editorial_score":99,"summary":"Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the deployment's User Pool, via a crafted JWT sent to the API Gateway endpoint.\n\nTo remediate this issue, users should redeploy from the updated repository and ensure any forked or deriva\n\nCVSSv3.1 9.8 (CRITICAL)","commentary":"","cves":["CVE-2026-6911"],"tags":["type:vulnerability","cwe:CWE-347","vendor:missing"],"likes_count":0,"cvss_score":9.8},{"id":"1a2ee5e27f1e460a","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40897","title":"CVE-2026-40897 — Math: From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via","published_at":1777050980783,"severity":"high","editorial_score":94,"summary":"Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser. This vulnerability is fixed in 15.2.0.\n\nCVSSv3.1 8.8 (HIGH)","commentary":"","cves":["CVE-2026-40897"],"tags":["type:vulnerability","cwe:CWE-915","vendor:math"],"likes_count":0,"cvss_score":8.8},{"id":"3efc3512f55d4fc5","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39920","title":"CVE-2026-39920 — BridgeHead: BridgeHead FileStore versions prior to 24A (released in early 2024) expose the","published_at":1777047396267,"severity":"critical","editorial_score":99,"summary":"BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console using default credentials, upload a malicious Java archive as a web service, and execute arbitrary commands on the host via SOAP requests to the deployed service.\n\nCVSSv3.1 9.8 (CRITICAL)","commentary":"","cves":["CVE-2026-39920"],"tags":["type:vulnerability","cwe:CWE-1188","cwe:CWE-1391","vendor:bridgehead"],"likes_count":0,"cvss_score":9.8},{"id":"d6958a1a6834ec28","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5367","title":"CVE-2026-5367 — OVN: This out-of-bounds read can lead to the disclosure of sensitive information stored","published_at":1777036581990,"severity":"high","editorial_score":93,"summary":"A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.\n\nCVSSv3.1 8.6 (HIGH)","commentary":"","cves":["CVE-2026-5367"],"tags":["type:vulnerability","vendor:ovn","cwe:CWE-130"],"likes_count":0,"cvss_score":8.6},{"id":"6c678b06dfdd61b7","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-21515","title":"CVE-2026-21515 — Exposure: Exposure of sensitive information to an unauthorized actor in Azure IOT Central","published_at":1777036563610,"severity":"critical","editorial_score":100,"summary":"Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.\n\nCVSSv3.1 9.9 (CRITICAL)","commentary":"","cves":["CVE-2026-21515"],"tags":["type:vulnerability","cwe:CWE-200","vendor:exposure"],"likes_count":0,"cvss_score":9.9},{"id":"fecf8fcaf583a3ca","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23902","title":"CVE-2026-23902 — Incorrect: Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login","published_at":1777033026453,"severity":"high","editorial_score":91,"summary":"Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution.\n\nThis issue affects Apache DolphinScheduler versions prior to 3.4.1. \n\nUsers are recommended to upgrade to version 3.4.1, which fixes this issue.\n\nCVSSv3.1 8.1 (HIGH)","commentary":"","cves":["CVE-2026-23902"],"tags":["type:vulnerability","cwe:CWE-863","vendor:incorrect"],"likes_count":0,"cvss_score":8.1},{"id":"df1b91240ae144d5","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41044","title":"CVE-2026-41044 — Improper: Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability","published_at":1777029382790,"severity":"high","editorial_score":94,"summary":"Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All.\n\nAn authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to include an xbean binding that can be later used by a VM transport to load a remote Spring XML application.\nThe attacker can then use the DestinationView mbean to send a message to trig\n\nCVSSv3.1 8.8 (HIGH)","commentary":"","cves":["CVE-2026-41044"],"tags":["type:vulnerability","cwe:CWE-94","cwe:CWE-20","vendor:improper"],"likes_count":0,"cvss_score":8.8},{"id":"045bb4e3eb83d357","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40466","title":"CVE-2026-40466 — Improper: Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability","published_at":1777029382540,"severity":"high","editorial_score":94,"summary":"Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.\n\n\n\nAn authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport via BrokerView.addNetworkConnector or BrokerView.addConnector through Jolokia if the activemq-http module is on the classpath.\nA malicious HTTP endpoint can return a VM transport through the HTT\n\nCVSSv3.1 8.8 (HIGH)","commentary":"","cves":["CVE-2026-40466"],"tags":["type:vulnerability","cwe:CWE-94","cwe:CWE-20","vendor:improper"],"likes_count":0,"cvss_score":8.8},{"id":"00d762832e45a751","source":{"id":"securelist","name":"Kaspersky Securelist","host":"securelist.com"},"external_url":"https://securelist.com/phantomrpc-rpc-vulnerability/119428/","title":"PhantomRPC: A new privilege escalation technique in Windows RPC","published_at":1777017612000,"severity":"high","editorial_score":82,"summary":"Kaspersky researchers disclosed PhantomRPC, a novel local privilege escalation vulnerability in Windows RPC architecture that allows processes with impersonation privileges to escalate to SYSTEM level. The vulnerability stems from RPC's lack of server legitimacy verification, enabling attackers to deploy fake RPC servers mimicking legitimate services like TermService. Microsoft has not issued a patch despite proper disclosure, and the researchers demonstrate five distinct exploitation paths affecting all Windows versions.","commentary":"This is a fundamental architectural weakness in Windows RPC that's been sitting in plain sight—no CVE needed because it's not a bug, it's design. The attack chain is elegant: compromise any Network Service process, stand up a fake RPC endpoint, coerce a privileged service into connecting via gpupdate or other benign APIs, then impersonate SYSTEM. The methodology for discovering additional vectors via ETW is reusable and the attack surface is effectively unlimited since any new RPC-dependent service becomes a potential escalation path. Defenders need to monitor for suspicious RPC endpoint registration and restrict which processes can create ALPC ports.","cves":[],"tags":["type:research","exploit:privilege-escalation","stage:privesc","surface:os","tactic:TA0004","tactic:TA0005","technique:T1134","vendor:microsoft","type:vulnerability","stage:initial-access","technique:T1547","status:unpatched"],"likes_count":0,"cvss_score":null},{"id":"f621f424f88f2925","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1952","title":"CVE-2026-1952 — Delta: Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.","published_at":1777014969627,"severity":"critical","editorial_score":99,"summary":"Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.\n\nCVSSv3.1 9.8 (CRITICAL)","commentary":"","cves":["CVE-2026-1952"],"tags":["type:vulnerability","vendor:delta","cwe:CWE-912"],"likes_count":0,"cvss_score":9.8},{"id":"a62f90464effbfba","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1951","title":"CVE-2026-1951 — Delta: Delta Electronics AS320T has no checking of the length of the buffer","published_at":1777014969520,"severity":"critical","editorial_score":99,"summary":"Delta Electronics AS320T has no checking of the length of the buffer with the directory name\n\n vulnerability.\n\nCVSSv3.1 9.8 (CRITICAL)","commentary":"","cves":["CVE-2026-1951"],"tags":["type:vulnerability","cwe:CWE-121","vendor:delta"],"likes_count":0,"cvss_score":9.8},{"id":"342c1625049d6fa3","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1950","title":"CVE-2026-1950 — Delta: Delta Electronics AS320T has No checking of the length of the buffer","published_at":1777014968523,"severity":"critical","editorial_score":99,"summary":"Delta Electronics AS320T has \nNo checking of the length of the buffer with the file name vulnerability.\n\nCVSSv3.1 9.8 (CRITICAL)","commentary":"","cves":["CVE-2026-1950"],"tags":["type:vulnerability","cwe:CWE-121","vendor:delta"],"likes_count":0,"cvss_score":9.8},{"id":"cbbeb97846e9c9a7","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5364","title":"CVE-2026-5364 — Drag: The Drag and Drop File Upload for Contact Form 7 plugin for","published_at":1777011368480,"severity":"high","editorial_score":91,"summary":"The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file extension before sanitization occurs and allowing the file type parameter to be controlled by the attacker rather than being restricted to administrator-configured values, which when combined with the fact that validation occurs on the unsanitized extension while the file is saved wi\n\nCVSSv3.1 8.1 (HIGH)","commentary":"","cves":["CVE-2026-5364"],"tags":["type:vulnerability","cwe:CWE-434","vendor:drag"],"likes_count":0,"cvss_score":8.1},{"id":"9309e169ab5233d1","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1949","title":"CVE-2026-1949 — Delta: Delta Electronics AS320T has incorrect calculation of the buffer size on the","published_at":1777011363883,"severity":"critical","editorial_score":99,"summary":"Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service.\n\nCVSSv3.1 9.8 (CRITICAL)","commentary":"","cves":["CVE-2026-1949"],"tags":["type:vulnerability","cwe:CWE-131","vendor:delta"],"likes_count":0,"cvss_score":9.8},{"id":"35c556765cfa519a","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41323","title":"CVE-2026-41323 — Kyverno: Since the admission controller SA has permissions to patch webhook configurations, a","published_at":1777004180593,"severity":"high","editorial_score":91,"summary":"Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has no validation — it can point anywhere, including attacker-controlled servers. Since the admission controller SA has permissions to patch webhook configurations, a stolen token leads to\n\nCVSSv3.1 8.1 (HIGH)","commentary":"","cves":["CVE-2026-41323"],"tags":["type:vulnerability","cwe:CWE-918","cwe:CWE-200","vendor:kyverno"],"likes_count":0,"cvss_score":8.1},{"id":"d9b55eef1ed3065b","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41316","title":"CVE-2026-41316 — ERB: Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init`","published_at":1777000571897,"severity":"high","editorial_score":91,"summary":"ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marshal.load` (deserialization). However, three other public methods that also evaluate `@src` via `eval()` were not given the same guard: `ERB#def_method`, `ERB#def_module`, and `ERB#def_class`. An attacker who can trigger `Marshal.load` \n\nCVSSv3.1 8.1 (HIGH)","commentary":"","cves":["CVE-2026-41316"],"tags":["type:vulnerability","cwe:CWE-693","vendor:erb"],"likes_count":0,"cvss_score":8.1},{"id":"cd9e18bb95d543c3","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41309","title":"CVE-2026-41309 — Open: Versions prior to 9.0 are vulnerable to resource exhaustion.","published_at":1777000571720,"severity":"high","editorial_score":91,"summary":"Open Source Social Network (OSSN) is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions (e.g., $10000 \\times 10000$ pixels). While the compressed file size on disk may be small, the server attempts to allocate significant memory and CPU cycles during the decompression and resizing process, leading to a Denial of Service (DoS) condit\n\nCVSSv3.1 8.2 (HIGH)","commentary":"","cves":["CVE-2026-41309"],"tags":["type:vulnerability","cwe:CWE-770","cwe:CWE-400","vendor:open"],"likes_count":0,"cvss_score":8.2},{"id":"6db4a9d6cc361d21","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33318","title":"CVE-2026-33318 — Actual: Together these allow an attacker to set a known password and authenticate","published_at":1777000571203,"severity":"high","editorial_score":94,"summary":"Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user (including `BASIC` role) can escalate to `ADMIN` on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: `POST /account/change-password` has no authorization check, allowing any session to overwrite the password hash; the inactive password `auth` row is never removed on migration; and the login endpoint accepts a client-supplied `loginMethod` th\n\nCVSSv3.1 8.8 (HIGH)","commentary":"","cves":["CVE-2026-33318"],"tags":["type:vulnerability","cwe:CWE-862","cwe:CWE-284","vendor:actual"],"likes_count":0,"cvss_score":8.8},{"id":"24d9dfbc6752dc1b","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33317","title":"CVE-2026-33317 — TEE: In versions 3.13.0 through 4.10.0, missing checks in `entry_get_attribute_value()` in `ta/pkcs11/src/object.c` can","published_at":1777000571020,"severity":"high","editorial_score":94,"summary":"OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in `entry_get_attribute_value()`  in `ta/pkcs11/src/object.c` can lead to out-of-bounds read from the PKCS#11 TA heap or a crash. When chained with the OOB read, the PKCS#11 TA function `PKCS11_CMD_GET_ATTRIBUTE_VALUE`  or `entry_get_attribute_value()` can, with a bad\n\nCVSSv3.1 8.7 (HIGH)","commentary":"","cves":["CVE-2026-33317"],"tags":["type:vulnerability","cwe:CWE-125","cwe:CWE-787","vendor:tee"],"likes_count":0,"cvss_score":8.7},{"id":"ef8c261fcc154332","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40630","title":"CVE-2026-40630 — SenseLive: A vulnerability in SenseLive X3050’s web management interface allows unauthorized access to","published_at":1776989789040,"severity":"critical","editorial_score":99,"summary":"A vulnerability in \nSenseLive \n\nX3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism and directly interact with sensitive configuration functions.\n\nCVSSv3.1 9.8 (CRITICAL)","commentary":"","cves":["CVE-2026-40630"],"tags":["type:vulnerability","cwe:CWE-288","vendor:senselive"],"likes_count":0,"cvss_score":9.8},{"id":"31b6d6ac05cc7f61","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40623","title":"CVE-2026-40623 — SenseLive: A vulnerability in SenseLive X3050's web management interface allows critical system and","published_at":1776989788860,"severity":"high","editorial_score":91,"summary":"A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchdog timers, reconnect intervals, and service ports can be set to unsupported or unsafe values. These configuration changes directly affect core device behaviour and recovery mechanisms\n\nCVSSv3.1 8.1 (HIGH)","commentary":"","cves":["CVE-2026-40623"],"tags":["type:vulnerability","cwe:CWE-862","vendor:senselive"],"likes_count":0,"cvss_score":8.1},{"id":"96ecaf3780d87b81","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40620","title":"CVE-2026-40620 — SenseLive: A vulnerability in SenseLive X3050’s embedded management service allows full administrative control","published_at":1776989788690,"severity":"critical","editorial_score":99,"summary":"A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host, enabling unrestricted modification of critical configuration parameters, operational modes, and device state through a vendor-supplied or compatible client.\n\nCVSSv3.1 9.8 (CRITICAL)","commentary":"","cves":["CVE-2026-40620"],"tags":["type:vulnerability","cwe:CWE-306","vendor:senselive"],"likes_count":0,"cvss_score":9.8},{"id":"1ed1bff531bb70de","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39462","title":"CVE-2026-39462 — SenseLive: A vulnerability exists in SenseLive X3050’s web management interface in which password","published_at":1776989788333,"severity":"high","editorial_score":91,"summary":"A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that the password update was successful; however, the system may continue to accept the previous or default credentials, demonstrating that the password-change process is not consistently \n\nCVSSv3.1 8.1 (HIGH)","commentary":"","cves":["CVE-2026-39462"],"tags":["type:vulnerability","cwe:CWE-522","vendor:senselive"],"likes_count":0,"cvss_score":8.1},{"id":"d61823cc92565ae3","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35503","title":"CVE-2026-35503 — SenseLive: A vulnerability in SenseLive X3050’s web management interface allows authentication logic to","published_at":1776989788143,"severity":"critical","editorial_score":99,"summary":"A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page could retrieve these exposed parameters and gain unauthorized access to administrative functionality.\n\nCVSSv3.1 9.8 (CRITICAL)","commentary":"","cves":["CVE-2026-35503"],"tags":["type:vulnerability","cwe:CWE-798","vendor:senselive"],"likes_count":0,"cvss_score":9.8},{"id":"2bf721654964497c","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27843","title":"CVE-2026-27843 — SenseLive: A vulnerability exists in SenseLive X3050's web management interface that allows critical","published_at":1776989787123,"severity":"critical","editorial_score":96,"summary":"A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network settings, an attacker can induce a persistent lockout state. Because the device lacks a physical reset button, recovery requires specialized technical access via the console to perform a factory reset, resulti\n\nCVSSv3.1 9.1 (CRITICAL)","commentary":"","cves":["CVE-2026-27843"],"tags":["type:vulnerability","cwe:CWE-306","vendor:senselive"],"likes_count":0,"cvss_score":9.1},{"id":"25cec5a1438753e7","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27841","title":"CVE-2026-27841 — SenseLive: A vulnerability in SenseLive X3050's web management interface allows state-changing operations to","published_at":1776989786933,"severity":"high","editorial_score":91,"summary":"A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does not enforce server-side validation of request origin or implement CSRF tokens, a malicious external webpage could cause a user's browser to submit unauthorized configuration requests to the device.\n\nCVSSv3.1 8.1 (HIGH)","commentary":"","cves":["CVE-2026-27841"],"tags":["type:vulnerability","cwe:CWE-352","vendor:senselive"],"likes_count":0,"cvss_score":8.1},{"id":"05639782b7e14af5","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25775","title":"CVE-2026-25775 — SenseLive: A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and","published_at":1776989786757,"severity":"critical","editorial_score":99,"summary":"A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware.\n\nCVSSv3.1 9.8 (CRITICAL)","commentary":"","cves":["CVE-2026-25775"],"tags":["type:vulnerability","cwe:CWE-306","vendor:senselive"],"likes_count":0,"cvss_score":9.8},{"id":"b861a234d2871f03","source":{"id":"sophos","name":"Sophos X-Ops","host":"news.sophos.com"},"external_url":"https://www.sophos.com/en-us/blog/supply-chain-attacks-hit-checkmarx-and-bitwarden-developer-tools","title":"Supply chain attacks hit Checkmarx and Bitwarden developer tools","published_at":1776988800000,"severity":"critical","editorial_score":92,"summary":"On April 22, 2026, threat actors compromised the CI/CD pipelines of Checkmarx (KICS scanner) and Bitwarden (CLI tool), injecting credential-harvesting malware across Docker Hub, npm, Open VSX, and GitHub Actions. Both payloads targeted developer credentials (GitHub tokens, SSH keys, cloud provider keys, AI tool configs) and exfiltrated to a shared C2 domain, with the Bitwarden variant weaponizing stolen tokens to inject malicious workflows into victim repositories.","commentary":"Coordinated supply-chain compromise of two high-trust developer tools in the same window—a security scanner and password manager—signals a sophisticated actor who understands the privilege and credential density of dev environments. The reuse of stolen GitHub tokens to inject workflows and the deliberate targeting of AI assistant configs (Claude, Cursor, MCP) suggests reconnaissance for downstream pivots into production infrastructure. Immediate action: treat any host that pulled these artifacts as fully compromised, rotate all credentials at scale, and audit GitHub for injected workflows and rogue repositories—this is a foothold-to-production scenario.","cves":[],"tags":["surface:application","status:patched","stage:initial-access","status:itw-exploited","tactic:TA0001","stage:cred-access","tactic:TA0006","type:threat-intel","type:advisory","stage:exfil","stage:lat-movement","exploit:supply-chain","exploit:exfil-via-render","tactic:TA0009","technique:T1056","technique:T1555","surface:supply-chain","technique:T1195","technique:T1041","technique:T1195.001","vendor:checkmarx","vendor:bitwarden"],"likes_count":0,"cvss_score":null},{"id":"821116628813c81e","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41353","title":"CVE-2026-41353 — OpenClaw: OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles","published_at":1776982602493,"severity":"high","editorial_score":91,"summary":"OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can exploit this by manipulating browser proxy profiles at runtime to access restricted profiles and bypass intended access controls.\n\nCVSSv3.1 8.1 (HIGH)","commentary":"","cves":["CVE-2026-41353"],"tags":["type:vulnerability","vendor:openclaw","cwe:CWE-472"],"likes_count":0,"cvss_score":8.1},{"id":"f6bcdd0225d03ee0","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41352","title":"CVE-2026-41352 — OpenClaw: OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired","published_at":1776982602327,"severity":"high","editorial_score":94,"summary":"OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node pairing validation.\n\nCVSSv3.1 8.8 (HIGH)","commentary":"","cves":["CVE-2026-41352"],"tags":["type:vulnerability","vendor:openclaw","cwe:CWE-862"],"likes_count":0,"cvss_score":8.8},{"id":"53f041bde317f7b0","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41349","title":"CVE-2026-41349 — OpenClaw: OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents","published_at":1776982601827,"severity":"high","editorial_score":94,"summary":"OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations without user consent.\n\nCVSSv3.1 8.8 (HIGH)","commentary":"","cves":["CVE-2026-41349"],"tags":["type:vulnerability","vendor:openclaw","cwe:CWE-862"],"likes_count":0,"cvss_score":8.8},{"id":"9d3417ba342fe1cb","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35431","title":"CVE-2026-35431 — Server: Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an","published_at":1776982598510,"severity":"critical","editorial_score":100,"summary":"Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.\n\nCVSSv3.1 10.0 (CRITICAL)","commentary":"","cves":["CVE-2026-35431"],"tags":["type:vulnerability","cwe:CWE-918","vendor:server"],"likes_count":0,"cvss_score":10},{"id":"33875aa19c9ffbc1","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33819","title":"CVE-2026-33819 — Deserialization: Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to","published_at":1776982597817,"severity":"critical","editorial_score":100,"summary":"Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.\n\nCVSSv3.1 10.0 (CRITICAL)","commentary":"","cves":["CVE-2026-33819"],"tags":["type:vulnerability","cwe:CWE-502","vendor:deserialization"],"likes_count":0,"cvss_score":10},{"id":"da81d9ee2381fd0c","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33102","title":"CVE-2026-33102 — Url: Url redirection to untrusted site ('open redirect') in M365 Copilot allows an","published_at":1776982597093,"severity":"critical","editorial_score":97,"summary":"Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.\n\nCVSSv3.1 9.3 (CRITICAL)","commentary":"","cves":["CVE-2026-33102"],"tags":["type:vulnerability","cwe:CWE-601","vendor:url"],"likes_count":0,"cvss_score":9.3},{"id":"bc95e50d8ec320dd","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32210","title":"CVE-2026-32210 — Server: Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized","published_at":1776982595260,"severity":"critical","editorial_score":97,"summary":"Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.\n\nCVSSv3.1 9.3 (CRITICAL)","commentary":"","cves":["CVE-2026-32210"],"tags":["type:vulnerability","cwe:CWE-918","vendor:server"],"likes_count":0,"cvss_score":9.3},{"id":"497bfedbc7cb27a6","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32172","title":"CVE-2026-32172 — Uncontrolled: Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker","published_at":1776982593720,"severity":"high","editorial_score":90,"summary":"Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.\n\nCVSSv3.1 8.0 (HIGH)","commentary":"","cves":["CVE-2026-32172"],"tags":["type:vulnerability","cwe:CWE-427","vendor:uncontrolled"],"likes_count":0,"cvss_score":8},{"id":"574fdc80ba6510a6","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26210","title":"CVE-2026-26210 — KTransformers: KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend","published_at":1776982586400,"severity":"critical","editorial_score":99,"summary":"KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads() without validation. Attackers can send a crafted pickle payload to the exposed ZMQ socket to execute arbitrary code on the server with the privileges of the ktransformers process.\n\nCVSSv3.1 9.8 (CRITICAL)","commentary":"","cves":["CVE-2026-26210"],"tags":["type:vulnerability","cwe:CWE-502","vendor:ktransformers"],"likes_count":0,"cvss_score":9.8},{"id":"354476252e3f85be","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26150","title":"CVE-2026-26150 — Server: Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to","published_at":1776982583177,"severity":"high","editorial_score":93,"summary":"Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.\n\nCVSSv3.1 8.6 (HIGH)","commentary":"","cves":["CVE-2026-26150"],"tags":["type:vulnerability","cwe:CWE-918","vendor:server"],"likes_count":0,"cvss_score":8.6},{"id":"14763ff9ee924b97","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24303","title":"CVE-2026-24303 — Improper: Improper access control in Microsoft Partner Center allows an authorized attacker to","published_at":1776982582483,"severity":"critical","editorial_score":98,"summary":"Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.\n\nCVSSv3.1 9.6 (CRITICAL)","commentary":"","cves":["CVE-2026-24303"],"tags":["type:vulnerability","cwe:CWE-284","vendor:improper"],"likes_count":0,"cvss_score":9.6}]}