Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-62644 | In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover. | 6.4 | N/A | 2026-07-14 | 2026-07-14 |
| CVE-2026-62643 | In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. NOTE: this issue exists because of insufficient fixes for CVE-2026-35540 and CVE-2026-48843. | 7.2 | N/A | 2026-07-14 | 2026-07-14 |
| CVE-2026-62642 | In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an infinite loop was discovered in the TNEF decoder, which may lead to denial of service upon opening an email with a TNEF attachment. | 4.3 | N/A | 2026-07-14 | 2026-07-14 |
| CVE-2026-62641 | In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the TNEF decoder was subject to denial of service via a crafted compressed-RTF size. | 4.3 | N/A | 2026-07-14 | 2026-07-14 |
| CVE-2026-60002 | ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.) | 7.7 | 0.25% | 2026-07-07 | 2026-07-09 |
| CVE-2026-60001 | sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay. | 6.5 | 0.27% | 2026-07-07 | 2026-07-09 |
| CVE-2026-60000 | sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries was mishandled for GSSAPIAuthentication. | 3.7 | 0.41% | 2026-07-07 | 2026-07-09 |
| CVE-2026-59999 | In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not. | 5.9 | 0.13% | 2026-07-07 | 2026-07-09 |
| CVE-2026-59998 | sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory. | 4.8 | 0.18% | 2026-07-07 | 2026-07-09 |
| CVE-2026-59997 | internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection. | 4.2 | 0.16% | 2026-07-07 | 2026-07-09 |
| CVE-2026-59996 | scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations. | 4.2 | 0.20% | 2026-07-07 | 2026-07-09 |
| CVE-2026-59995 | sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server. | 4.2 | 0.20% | 2026-07-07 | 2026-07-09 |
| CVE-2026-58374 | In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be) Multi-Link Operation (MLO) association request processing allows an unauthenticated attacker within wireless range to send a crafted management frame containing a malformed Multi-Link Element or Per-STA Profile subelement. In hostapd_process_ml_assoc_req() in src/ap/ieee802_11_eht.c, the received link_id field can be parsed as value 15, but the corresponding links[] storage only has valid entries for lower link IDs | 6.5 | 0.29% | 2026-06-30 | 2026-07-02 |
| CVE-2026-58302 | rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen() by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to load an arbitrary shared library. Because the process retains elevated privileges during module loading, this results in local privilege escalation to root. | 8.4 | 0.15% | 2026-06-29 | 2026-06-30 |
| CVE-2026-57940 | HTMLy 3.1.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the RSS feed import functionality. The function get_feed() in system/admin/admin.php passes user-supplied $feed_url directly to file_get_contents() without any validation. An authenticated attacker with administrative privileges can exploit this by entering a crafted URL (e.g., http://dnslog.example.com, file:///etc/passwd, or http://169.254.169.254 in cloud contexts) via Tools -> Import RSS. The server will then make a r | 2.1 | 0.23% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57920 | Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/{orgId} endpoints. | 7.7 | 0.21% | 2026-06-26 | 2026-07-02 |
| CVE-2026-57919 | PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe (\\.\pipe\PBackupVSS) with a DACL that grants GENERIC_READ and GENERIC_WRITE permissions to all authenticated users. A low-privileged local attacker can connect to this pipe and send crafted IPC messages to trigger execution of arbitrary commands with SYSTEM privileges via an untrusted search path. This allows privilege escalation by placing a malicious shadow.exe in a controlled working directory. | 7.8 | 0.12% | 2026-06-29 | 2026-06-30 |
| CVE-2026-57918 | libnfs through 6.0.2 before 935b8db has an xid integer underflow in READ_IOVEC in rpc_read_from_socket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds the absolute pdu size from the xid/record-marker. | 7.1 | 0.19% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57913 | Johnson & Johnson Audit Tracking Management System (ATMS) before 2026-04-21 allows viewing of meeting minutes and transcripts. | 7.5 | 0.24% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57912 | Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data provided by recruited students, and notes entered about students by interviewers. | 7.5 | 0.24% | 2026-06-26 | 2026-06-26 |