Trending Vulnerabilities

CVE-2026-50751 is a critical improper authentication vulnerability in Check Point Remote Access VPN, Mobile Access/SSL VPN, and affected Spark Firewall/Security Gateway deployments that use the deprecated IKEv1 key exchange protocol. The flaw is described as a logic flow weakness in Remote Access and Mobile Access certificate validation during IKEv1 processing. Under vulnerable configurations, an unauthenticated remote attacker can bypass user authentication and establish a remote access VPN session without a valid user password. Public reporting and vendor-linked summaries indicate the issue affects only specific deployments where Remote Access or Mobile Access is enabled, IKEv1 is enabled for remote access, legacy remote access clients are accepted, and machine certificate authentication is not required.

CVE-2026-20245 is an authenticated local command injection and privilege escalation vulnerability in the CLI of Cisco Catalyst SD-WAN Controller (formerly vSmart), Cisco Catalyst SD-WAN Manager (formerly vManage), and Cisco Catalyst SD-WAN Validator (formerly vBond), with reporting heavily centered on SD-WAN Manager. The flaw is caused by insufficient validation of user-supplied input during processing of an uploaded crafted file. A netadmin-level attacker can upload a malicious file to the affected system and trigger command injection, resulting in arbitrary command execution as root. Cisco has stated that exploitation has been observed in limited cases in the wild, including cases where configuration changes were pushed to edge devices.

CVE-2026-11645 is a high-severity out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine used by Google Chrome and other Chromium-based browsers. Google describes the issue as affecting Google Chrome prior to 149.0.7827.103 and allowing a remote attacker to execute arbitrary code inside the browser sandbox via a crafted HTML page. Supporting reporting indicates the flaw is triggered when V8 processes attacker-controlled HTML/JavaScript content, leading to memory access outside intended buffer boundaries. Public technical analysis in the provided content attributes the root cause to a logic flaw in TurboFan range analysis that can incorrectly prove an array index is in-bounds and eliminate runtime bounds checks, or to stale optimized assumptions around ElementsKind transitions, resulting in invalid reads/writes and memory corruption. Google has confirmed exploitation in the wild.

CVE-2026-20230 is a critical server-side request forgery vulnerability affecting Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME). The flaw is caused by improper input validation for specific HTTP requests handled by the WebDialer feature. Available supporting content indicates the vulnerable WebDialer request-handling logic accepts attacker-controlled parameters and uses them to initiate backend HTTP connections without sufficiently restricting destinations, enabling SSRF. Additional reporting states the validation does not adequately prevent access to localhost or private-addressed internal services, allowing the WebDialer service to reach trusted local microservices. Successful exploitation by an unauthenticated remote attacker can cause the affected system to write files to the underlying operating system; those files can then be used in a follow-on privilege escalation path to obtain root access. Cisco rated the issue Critical because of the potential for root compromise, despite the CVSS base score being 8.6.

CVE-2026-28318 is an uncontrolled resource consumption vulnerability in SolarWinds Serv-U’s HTTP request handling for POST bodies using the Content-Encoding: deflate header. A remote attacker can send a specially crafted HTTP POST request that is processed before authentication, causing excessive resource consumption and crashing the Serv-U service. Public reporting consistently describes the issue as unauthenticated and remotely reachable, and the supplied content indicates it affects Serv-U versions prior to 15.5.4 Hotfix 1 on Windows and Linux.

CVE-2026-42271 is a command injection vulnerability in BerriAI LiteLLM affecting versions 1.74.2 through 1.83.6. Two MCP server preview/test endpoints, POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list, accepted a full MCP server configuration in the request body, including stdio transport fields such as command, args, and env. When these endpoints were invoked with a stdio configuration, LiteLLM attempted to connect by spawning the supplied command as a subprocess on the proxy host. Because access control on these endpoints required only a valid proxy API key and did not enforce an administrative role check, any authenticated user, including holders of low-privilege internal-user keys, could cause arbitrary OS commands to execute with the privileges of the LiteLLM proxy process.

CVE-2026-45247 is a deserialization of untrusted data / PHP object injection vulnerability in Mirasvit Full Page Cache Warmer for Magento 2 affecting versions before 1.11.12. The extension processes attacker-controlled data from the CacheWarmer cookie and passes it to PHP's native unserialize() function without adequate restrictions. Because the cookie is client-controlled and the vulnerable code path is reachable on normal storefront requests, an unauthenticated remote attacker can supply a crafted serialized PHP object. By leveraging gadget chains present in Magento and its dependencies, the attacker can turn the unsafe deserialization into arbitrary code execution on the server.

CVE-2026-3300 is a critical remote code execution vulnerability in the Everest Forms Pro WordPress plugin affecting all versions up to and including 1.9.12. The flaw is in the Calculation Addon’s process_filter() function, which constructs a PHP code string by concatenating user-supplied form field values and then executes that string via eval(). Although input is passed through sanitize_text_field(), that sanitization is insufficient for PHP code context and does not escape single quotes and other syntax-significant characters. As a result, an unauthenticated attacker can submit crafted input that breaks out of the intended string context and injects arbitrary PHP code. Exploitation is possible through string-type form fields, including text, email, URL, select, and radio fields, when the target form uses the Complex Calculation feature.

CVE-2026-23111 is a local Linux kernel vulnerability in the nf_tables subsystem caused by an inverted activity/genmask check in nft_map_catchall_activate(). This function is used on the abort path to reactivate catchall map elements that were deactivated during a failed transaction. Due to the inverted condition, the function skips inactive catchall elements that should be restored and instead processes already-active ones. As a result, when a DELSET operation is aborted, nft_setelem_data_activate() is not invoked for the catchall element. For NFT_GOTO verdict elements, nft_data_hold() is therefore not called to restore the referenced chain's chain->use reference count. Repeated abort cycles can decrement chain->use until it reaches zero, after which DELCHAIN can free a chain that is still referenced by catchall verdict elements, producing a kernel use-after-free.

CVE-2025-48595 is a high-severity integer overflow vulnerability in the Android Framework. The available descriptions state that the flaw exists in multiple locations and that the integer overflow can enable code execution, which in turn can lead to local escalation of privilege. Public reporting and bulletin-derived summaries indicate the issue affects Android 14, 15, 16, and Android 16 QPR2. No vulnerable function names or exact code paths were provided in the supplied content.

CVE-2026-49975 is a moderate-severity denial-of-service vulnerability in Apache HTTP Server's mod_http2 component affecting versions 2.4.17 through 2.4.67. The flaw is described by Apache as a memory allocation with excessive size value issue reachable via malicious HTTP requests. Supporting disclosures indicate the vulnerable behavior is tied to incorrect cookie header accounting in HTTP/2 request processing: cookie header crumbs were not counted against LimitRequestFields, enabling an attacker to send crafted HTTP/2 requests with many cookie fragments and trigger disproportionate per-entry memory allocation and resource retention. Public reporting associates this with the "HTTP/2 Bomb" technique, which combines HPACK indexed-header amplification with HTTP/2 flow-control stalling to drive excessive memory consumption in mod_http2 and exhaust server resources.

CVE-2025-8088 is a path traversal vulnerability in the Windows version of WinRAR during archive extraction. The flaw affects WinRAR for Windows up to version 7.12 and was fixed in WinRAR 7.13, released in July 2025. Multiple reports state the issue is enabled by WinRAR’s handling of NTFS Alternate Data Streams (ADS), allowing a specially crafted RAR archive to bypass normal extraction-directory restrictions and write files outside the intended destination. Observed exploit chains hide a malicious payload in ADS entries associated with decoy files inside the archive and use crafted traversal paths so that, when the archive is opened or extracted by a vulnerable WinRAR instance, the payload is written to attacker-chosen filesystem locations such as the user’s Windows Startup folder. Public reporting also notes related impact on Windows WinRAR command-line utilities, UnRAR.dll, and the portable UnRAR source code. The vulnerability has been exploited in the wild by multiple threat actors.

CVE-2026-0257 is an authentication bypass vulnerability in the GlobalProtect portal and gateway components of Palo Alto Networks PAN-OS, and is also reported as affecting Prisma Access deployments using the same GlobalProtect authentication override mechanism. The issue occurs in deployments where the non-default Authentication Override feature is enabled and the certificate used to encrypt/decrypt authentication override cookies is reused with another feature, particularly the portal or gateway HTTPS service. In the vulnerable flow, PAN-OS decrypts the supplied authentication override cookie and trusts the decrypted contents without sufficient validation or integrity checking, allowing a remote unauthenticated attacker who can obtain the corresponding public key from the exposed HTTPS certificate to forge a cookie accepted by the appliance. Successful exploitation allows the attacker to bypass normal GlobalProtect authentication and establish an unauthorized VPN session. Panorama and Cloud NGFW are not impacted.

CVE-2026-23479 is an authenticated use-after-free vulnerability in Redis affecting redis-server from 7.2.0 through 8.6.2, with fixes released in 7.2.14, 7.4.9, 8.2.6, 8.4.3, and 8.6.3. The flaw is in the blocked-client re-execution path, specifically the unblock client flow in src/blocked.c, including unblockClientOnKey(). When Redis re-executes a blocked command, it calls processCommandAndResetClient() but does not correctly handle an error return indicating the client may have been freed as a side effect. If the blocked client is evicted during this flow, Redis can continue operating on a stale client pointer, creating a use-after-free condition. Public reporting describes exploitation by reclaiming the freed client allocation with attacker-controlled data so that later processing of the unblocked client queue dereferences a fake client structure. This can be leveraged into memory corruption and, in demonstrated exploit chains, remote code execution.

CVE-2022-0492 is a Linux kernel privilege-escalation vulnerability in the cgroups v1 subsystem, specifically in cgroup_release_agent_write() in kernel/cgroup/cgroup-v1.c. The flaw is caused by insufficient privilege/authentication checks when writing to the release_agent mechanism. Under certain conditions, an attacker can configure notify_on_release and release_agent so that when a cgroup becomes empty, the host kernel executes an attacker-controlled program path. In containerized environments, this can be abused to bypass namespace isolation and escape from a container to the underlying host. Public reporting describes exploitation by mounting a cgroups v1 controller, resolving the container filesystem path as seen by the host, writing a payload into the container filesystem, setting release_agent to the host-visible payload path, and triggering execution when a short-lived process exits the cgroup.

CVE-2026-50752 is a vulnerability in the certificate validation logic of Check Point's deprecated IKEv1 key exchange implementation affecting Security Gateways and Spark Firewall products. The flaw impacts VPN site-to-site connections that use certificate-based authentication and may allow an unauthenticated attacker in a man-in-the-middle position to bypass certificate validation during IKEv1 negotiation. As a result, the attacker may interfere with establishment or protection of the VPN tunnel and compromise the trust model of certificate-authenticated site-to-site VPN communications. Public reporting states the issue was identified during investigation of CVE-2026-50751 via Check Point's BLAST AI-assisted code review platform. No specific vulnerable function or code path beyond the IKEv1 certificate validation logic has been provided in the available content.

CVE-2026-10520 is a critical OS command injection vulnerability in Ivanti Sentry affecting versions prior to R10.5.2, R10.6.2, and R10.7.1. Available reporting indicates that user-supplied parameters are not properly sanitized before being passed to internal shell layers, enabling command injection. The issue is reachable remotely without authentication and can be exploited to execute attacker-controlled commands in a root context on the appliance.

CVE-2026-45447 is a high-severity use-after-free vulnerability in OpenSSL's PKCS#7 signature verification path, specifically in PKCS7_verify(). When an application processes a specially crafted PKCS#7 or S/MIME signed message whose SignedData digestAlgorithms field is encoded as an empty ASN.1 SET, OpenSSL may incorrectly free a caller-owned BIO during verification. If the application subsequently reuses or frees that BIO, a use-after-free condition occurs. In the common case, this is triggered when the caller later invokes BIO_free() on the same BIO originally passed to PKCS7_verify(). The flaw affects applications using OpenSSL PKCS#7 APIs for PKCS#7 or S/MIME signed message processing; applications using the CMS APIs are not affected. Reported affected versions include OpenSSL 4.0.0 before 4.0.1, 3.6.0 before 3.6.3, 3.5.0 before 3.5.7, 3.4.0 before 3.4.6, 3.0.0 before 3.0.21, 1.1.1 before 1.1.1zh, and 1.0.2 before 1.0.2zq. The OpenSSL FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are stated to be unaffected because the vulnerable code lies outside the FIPS module boundary.

CVE-2026-44963 is a critical remote code execution vulnerability in Veeam Backup & Replication affecting version 12.x, including 12.3.2.4465 and earlier version 12 builds. The flaw allows an authenticated domain user to execute arbitrary code remotely on the Veeam Backup Server when that server is joined to an Active Directory domain. Supporting content indicates the CVE has been assigned CWE-502, implying the issue is related to deserialization of untrusted data. Version 13.x is reported as not affected due to architectural changes.

CVE-2026-50507 is a Windows BitLocker security feature bypass vulnerability caused by a protection mechanism failure in BitLocker. According to the provided Microsoft-derived advisory content, successful exploitation allows an unauthorized attacker with physical access to bypass the BitLocker Device Encryption feature on the system storage device without a valid recovery key and gain access to encrypted data. Multiple sources in the provided content associate this CVE with the publicly disclosed issue referred to as “Bitskrieg,” and some reporting links it to the previously discussed “YellowKey” research. The vulnerability is described as requiring physical access, no prior privileges, and no user interaction.

CVE-2026-45586 is a local elevation-of-privilege vulnerability in the Windows Collaborative Translation Framework (CTFMON). The flaw is caused by improper link resolution before file access ('link following'), allowing the component to follow a link to an unintended file or resource during privileged file operations. Microsoft classifies the issue as CWE-59 and describes it as affecting Windows Collaborative Translation Framework/CTFMON, a Windows component associated with text input services such as voice and handwriting recognition. Successful exploitation by a locally authorized attacker with low privileges can result in privilege escalation to SYSTEM. Microsoft rates the issue Important with CVSS 3.1 7.8 and notes it was publicly disclosed at publication time but not known to be exploited then.

CVE-2026-49160 is a denial-of-service vulnerability in the Windows HTTP Protocol Stack (HTTP.sys) caused by uncontrolled resource consumption in HTTP/2. Public reporting describes the issue as the "HTTP/2 Bomb" technique, which abuses HTTP/2 mechanisms including header compression and flow control by sending large numbers of tiny messages and excessive headers, forcing the server to allocate resources rapidly until service instability or a crash occurs. Microsoft characterizes the flaw as an unauthorized network-reachable DoS in HTTP.sys with no required privileges or user interaction.

CVE-2026-41089 is a critical stack-based buffer overflow in the Windows Netlogon service on systems acting as Active Directory domain controllers. The provided content consistently describes the flaw as reachable remotely without authentication by sending a specially crafted network request to a domain controller. More specific technical reporting in the content places the bug in the Netlogon DC locator CLDAP response handling path, where netlogon.dll copies Unicode string data into a fixed-size stack buffer without sufficient bounds checking. The vulnerable logic is described as involving NetpLogonPutUnicodeString, called while building a logon/DC locator response, resulting in overflow of a 528-byte stack buffer under certain hostname/domain-length conditions. Successful exploitation can lead to remote code execution, and multiple sources in the content also note that malformed packets can crash LSASS and force the domain controller to reboot.

CVE-2021-27137 is a stack-based buffer overflow in the UPnP service of vulnerable DD-WRT router firmware, reported as affecting versions before changeset 45723. The flaw is triggered by improper handling of oversized user-supplied values in SSDP M-SEARCH requests sent over UDP port 1900, specifically oversized ST:uuid data processed by the UPnP/SSDP parser. Because the vulnerable code copies or processes attacker-controlled input without adequate bounds checking, a remote unauthenticated attacker can overflow stack memory and achieve arbitrary code execution on the device.