NVD disclosure day
CVE-2026-7381
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical flaw in Plack::Middleware::XSendfile lets attackers read any file on your server by tricking it into rewriting paths, potentially exposing sensitive data from internet-facing web applications.
CVE-2018-25318
Halo Surface Signal: 3 out of 5 — possibly public-facing.
An external attacker can exploit a flaw in Tenda FH303/A300 routers to manipulate internet traffic routing without needing a password. This allows them to redirect users to malicious websites, creating a significant risk of credential theft and the compromise of sensitive data.
CVE-2018-25317
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
Tenda routers have a flaw allowing anyone to change your internet's destination, sending you to fake sites instead of where you want to go. This affects devices often left exposed online.
CVE-2018-25316
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
Tenda routers have a critical flaw allowing attackers to hijack your internet traffic by changing DNS settings without needing a password. This could send you to fake websites.
CVE-2026-30893
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
An internal attacker with access to Wazuh can overwrite critical files to take full administrative control over monitoring systems. This vulnerability allows them to compromise the security infrastructure and potentially hide malicious activity across the network.
CVE-2026-26015
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
DocsGPT has a critical flaw allowing attackers to run any code on your systems, even if they are publicly accessible, by exploiting a security bypass. Update to version 0.16.0 now.
CVE-2026-5166
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
An internal attacker could use Pardus Software Center to read or modify restricted system files by submitting manipulated software updates. This risk could lead to the exposure of sensitive company data or full system control.
CVE-2026-41940
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
An authentication bypass vulnerability in cPanel and WHM allows unauthenticated attackers to gain unauthorized access. This presents a significant business risk by potentially exposing sensitive system configurations and data. Organizations using affected versions should prioritize immediate action to identify and secu
CVE-2026-38992
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical flaw in Cockpit CMS allows anyone on the internet to run any command on your servers, potentially giving them full control. This is a serious risk and needs immediate attention.
CVE-2026-36841
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
TOTOLINK N200RE V5 has a critical flaw letting attackers take full control of your router over the internet without needing a password, potentially impacting all connected devices.
CVE-2026-42523
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
The Jenkins GitHub Plugin contains a flaw that allows an internal attacker with existing access to inject malicious code into the system. This can be used to hijack administrator sessions, potentially leading to unauthorized changes and full control over the CI/CD environment.
CVE-2026-3325
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
MegaCMS has a critical flaw allowing anyone to run unauthorized commands on your database, potentially stealing customer data or disrupting services.