7.2
CVE-2026-2273 - Code Injection via Malicious Project Files in Schneider Electric EcoStruxure Automation Expert
CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of โฆ
5.4
CVE-2026-30964 - Webauthn Framework: allowed_origins collapses URL-like origins to host-only values, bypassing exactโฆ
web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. Prior to 5.2.4, when allowed_origins is configured, CheckAllowedOrigins reduces URL-like values to their host component and aโฆ
9.4
CVE-2026-30960 - RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Interface
rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities. The vulnerability exists in the JIT (Just-In-Time) compilation engine, which is fully exposed via the CFFI (Foreign Functโฆ
7
CVE-2026-1286 - Deserialization Vulnerability in EcoStruxure Foxboro DCS Allows Remote Code Execution
CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated user opens a malicious project file.
5.3
CVE-2026-30959 - OneUptime has WhatsApp Resend Verification Authorization Bypass
OneUptime is a solution for monitoring and managing online services. The resend-verification-code endpoint allows any authenticated user to trigger a verification code resend for any UserWhatsApp record by ID. Ownership is not validated (unlike the verify endpoint). This affects the UserWhatsAppAPIโฆ
5.1
CVE-2025-13902 -
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition where authenticated attackers can have a victimโs browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server coโฆ
7.5
CVE-2026-26144 - Microsoft Excel Information Disclosure Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
7.8
CVE-2026-26141 - Hybrid Worker Extension (Arcโenabled Windows VMs) Elevation of Privilege Vulnerability
Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally.
7.5
CVE-2026-26130 - ASP.NET Core Denial of Service Vulnerability
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
8.8
CVE-2026-26118 - Azure MCP Server Tools Elevation of Privilege Vulnerability
Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.