NVD disclosure day
CVE-2026-5450
Halo Surface Signal: 3 out of 5 — possibly public-facing.
An external attacker can use a flaw in the GNU C Library to crash Linux-based applications or gain unauthorized control over them. This risk could lead to critical service outages and the unauthorized exposure of sensitive company data.
CVE-2026-32613
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An internal attacker with access to Spinnaker’s deployment pipeline can run unauthorized commands or access restricted system files. This could allow them to take complete control of your continuous delivery platform and gain unauthorized access to your wider production cloud environments.
CVE-2026-32604
Halo Surface Signal: 3 out of 5 — possibly public-facing.
An external attacker can exploit a flaw in Spinnaker to run unauthorized commands on the server. This could allow them to steal sensitive cloud credentials, modify production infrastructure, and compromise the integrity of the software delivery process.
CVE-2026-29646
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
An internal attacker with access to a virtual machine on OpenXiangShan NEMU could bypass security controls to interfere with the host server. This flaw risks the integrity of the host environment, potentially allowing the attacker to disrupt operations or gain unauthorized access.
CVE-2026-6257
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A security flaw in Vvveb CMS allows an authenticated user to run any command on your server by renaming files, potentially leading to a full system compromise.
CVE-2026-32311
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An external attacker could exploit Flowsint to take full control of the system. This allows them to steal sensitive investigation data and gain complete access to the server, resulting in a total compromise of the platform.
CVE-2026-29649
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
An internal attacker with privileged guest access can exploit a flaw in the NEMU virtualization software to cause system crashes or disrupt virtualized services. This unauthorized activity threatens the stability and reliability of business-critical workloads.
CVE-2026-39109
Halo Surface Signal: 3 out of 5 — possibly public-facing.
An external attacker can use the Apartment Visitors Management System login page to steal visitor logs and administrative credentials. This exposes private resident data and allows unauthorized access to the system.
CVE-2026-30269
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An internal attacker with a standard user account can manipulate their Doorman profile to grant themselves administrative rights. This flaw allows a user to bypass permission settings and could lead to unauthorized access to sensitive data or full control over the platform.
CVE-2026-39918
Halo Surface Signal: 3 out of 5 — possibly public-facing.
An external attacker can exploit a vulnerability in the Vvveb installation process to run malicious commands on the server without needing credentials. This allows them to take full control of the web server, which could compromise all hosted data and business applications.
CVE-2026-24467
Halo Surface Signal: 3 out of 5 — possibly public-facing.
An external attacker can exploit the OpenAEV password reset feature to hijack user accounts, including administrator access. This allows them to steal sensitive simulation data and seize full control over the platform and connected systems.
CVE-2026-5760
Halo Surface Signal: 3 out of 5 — possibly public-facing.
An external attacker can exploit SGLang by sending malicious instructions to the reranking feature. This flaw allows them to execute unauthorized code on the server, potentially stealing sensitive configuration data or gaining full control over the host system.
CVE-2026-33557
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
Apache Kafka has a flaw that allows an external attacker to fake their identity and impersonate any user, including administrators. This could grant unauthorized access to sensitive business data and enable the manipulation of critical message streams.
CVE-2026-5964
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
Digiwin's EasyFlow .NET has a critical vulnerability that lets unauthenticated attackers steal or alter your sensitive database information remotely by injecting harmful commands.
CVE-2026-5963
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
Digiwin's EasyFlow .NET has a critical flaw allowing remote attackers to steal, modify, or delete your company's database contents without needing a password.
CVE-2026-6644
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An internal attacker with administrative access to ADM could modify VPN settings to take full control of the system. This level of access could allow them to plant backdoors or steal sensitive files, potentially resulting in a complete compromise of the device.
CVE-2026-32956
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An external attacker can exploit Silex SD-330AC and AMC Manager to run unauthorized code on the device. This flaw could grant them full control over network hardware, potentially allowing them to compromise your network or establish persistent access.