---
Vulnerabilities
---
Vendors
---
Products
Vulnerability Media Exposure
These listed vulnerabilities have been referenced across multiple public sources, indicating high media attention and potential significance.
CVE-2026-44747 EUVD-2026-43586
CRITICAL

SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability. This has high impact on confidentiality, integrity, and availability of the application.

CVE-2026-27690 EUVD-2026-43584
CRITICAL

Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could result in the exposure of user responses and cause the system to become unavailable. This leads to a high impact on confidentiality and availability.

CVE-2026-44761 EUVD-2026-43591
CRITICAL

SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token and invoke certain APIs to read and modify data. Successful exploitation results in high impact on confidentiality and integrity, with no impact on availability.

CVE-2026-48282 EUVD-2026-40339
CRITICAL

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

adobe:coldfusion

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186.

cisco:ios
Newly recorded security issues per week
Stay up to date! New information is added to our knowledge database every day. Here you can see the history of newly added vulnerabilities that have been added to our CVE DB in recent years.
Vulnerabilities by severity (over the last 7 days)
Information about the vulnerabilities of the last 7 days can be found here. As you can see, critical vulnerabilities are also added on a daily basis. Therefore, validate your current security situation sets on a daily basis to ensure the security of your IT.
CVSS Score Distribution
The CVSS score rates security vulnerabilities from 0 to 10, based on factors like attack vectors and impacts on confidentiality, integrity, and availability.
EPSS Score Distribution
The EPSS score predicts the likelihood of a known vulnerability being exploited, complementing CVSS by assessing real-world exploitability based on threat activity and exploit availability.
Enginsight Threat Intelligence
Our multi-source enrichment pipeline aggregates vulnerability data from dozens of security organizations worldwide — delivering affected product details and severity scores before the NVD has completed their analysis.
3,565
Early Detections
Vulnerabilities identified
before NVD analysis
1,539
Critical + High
CVSS 7.0 or above
among early detections
20+
Intelligence Sources
Security organizations
contributing data
---
Detections / Week
New vulnerabilities enriched
ahead of NVD each week
Monthly Early Detections
Vulnerabilities enriched with affected product data before NVD has completed analysis.
Severity Distribution
Severity breakdown of vulnerabilities detected ahead of the NVD.
Top Intelligence Sources
Security organizations contributing the most vulnerability intelligence to our database.
NVD Analysis Gap
Where our early detections stand in the NVD pipeline — most are still waiting for official analysis.
Latest Vulnerability Reports
The 10 most recently published CVE reports.
  • Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-repos enforces authorization using the routed user path segment while building the backend object key from the raw uncleaned URL path, allowing an authenticated user to include .. in a request such as //..//config and read, overwrite, or delete another user's private repository on backends that clean path components. This issue is fixed in version 1.74.4.

    rclone:rclone
  • Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone archive extract can write extracted files outside the user-selected destination prefix when extracting a crafted archive containing parent path components such as ../, allowing creation or overwrite of sibling objects in the same bucket or path scope. This issue is fixed in version 1.74.4.

    rclone:rclone
  • jadx is a Dex to Java decompiler. From 1.5.2 to 1.5.5, a malicious .xapk file can cause jadx to write attacker-controlled archive entry contents outside the intended XAPK plugin temporary unpack directory because XApkLoader resolves each entry name directly with tmpDir.resolve(fileName) after a CWD-based ZIP security check. When jadx is launched from a directory that is an ancestor of the config directory, the arbitrary write can plant a JAR in plugins/dropins, and the next jadx run loads the JAR with URLClassLoader and ServiceLoader, executing attacker-controlled plugin code. This issue is fixed in version 1.5.6.

  • Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an attacker-controlled remote to plant an escaping symlink and cause a following object write to land outside the destination with attacker-chosen contents. This issue is fixed in version 1.74.4.

    rclone:rclone
  • Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to 6.4.2, a user with code execution as the unprivileged pihole user can escalate to root by replacing /etc/pihole/logrotate. The replacement is laundered to root:root ownership by pihole-FTL-prestart.sh and then parsed as root by the daily pihole flush cron, executing firstaction shell as uid 0. This issue is fixed in version 6.4.3.

  • Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was originally checked with a different or empty policy. This issue is fixed in version 3.27.0.

  • Twig is a template language for PHP. Prior to 3.27.0, the column filter passes the active sandbox state as a boolean but does not forward the current Source to SandboxExtension::checkPropertyAllowed(), so SourcePolicyInterface decisions are lost and a template author can read public or magic properties not allowed by the sandbox policy. This issue is fixed in version 3.27.0.

  • Twig is a template language for PHP. Prior to 3.27.0, the sandbox __toString() checks do not fully cover Traversable values passed to join and replace filters or operands evaluated by the in and not in operators, allowing contained Stringable objects to be coerced to strings without consulting the sandbox policy. This issue is fixed in version 3.27.0.

  • Twig is a template language for PHP. Prior to 3.27.0, ArrayExpression does not guard dynamic mapping keys that are coerced to strings, allowing PHP to invoke __toString() on a Stringable object used as a mapping key without calling SandboxExtension::ensureToStringAllowed(). This issue is fixed in version 3.27.0.

  • Twig is a template language for PHP. Prior to 3.27.0, deprecated internal wrappers in src/Resources/core.php do not forward the current sandbox state to CoreExtension::checkArrow(), arraySome(), and arrayEvery(), allowing legacy calls such as twig_array_some(), twig_array_every(), and twig_check_arrow_in_sandbox() to bypass sandbox callable restrictions. This issue is fixed in version 3.27.0.