NVD disclosure day
CVE-2026-47372
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
Crypt::SaltedHash contains a flaw that allows an external attacker to predict the security codes protecting stored passwords. By cracking these passwords, attackers can gain unauthorized account access, potentially exposing sensitive customer data or compromising administrative systems.
CVE-2026-8631
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
An internal attacker can exploit a flaw in HP Linux Imaging and Printing Software by sending malicious print files to gain elevated access. This allows the attacker to potentially take full administrative control over the impacted systems.
CVE-2026-9141
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An external attacker can bypass login requirements on the Taiko AG1000-01A SMS Alert Gateway to gain full administrative control. This access allows them to modify alarm configurations and completely halt critical monitoring operations.
CVE-2026-9139
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
Taiko SMS gateways have exposed admin passwords in their web interfaces, allowing anyone on the network to take full control. This is a serious concern for critical communication systems.
CVE-2026-9129
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
An internal attacker can exploit a flaw in the Altium Enterprise Server Viewer to read unauthorized files on the system. This allows them to steal sensitive configuration data and credentials, creating a risk of full server compromise and data access.
CVE-2026-9102
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An internal attacker can exploit a file upload weakness in Altium Enterprise Server to overwrite critical system files. This allows them to gain full control of the server, risking unauthorized access and major service disruption.
CVE-2026-9082
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical flaw in Drupal core allows unauthenticated attackers to inject malicious SQL commands, potentially leading to full system takeover and data theft. This vulnerability is actively exploited and requires immediate attention.
CVE-2026-45444
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
The Gift Cards for WooCommerce Pro plugin allows attackers to upload harmful files, potentially leading to website takeover and data theft on any exposed e-commerce site.
CVE-2026-39405
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
Frappe LMS allows users with editing roles to upload files that could overwrite critical system data, potentially leading to unauthorized access. This is a critical issue that demands immediate attention.
CVE-2026-33137
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
XWiki Platform's API allows anyone to change any document without logging in, impacting widely used collaboration tools and potentially leading to unauthorized data changes.
CVE-2026-23734
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
XWiki Platform is vulnerable to attackers reading sensitive configuration files due to path traversal. This is critical as it exposes system details and could lead to broader compromise.
CVE-2026-20223
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An external attacker can gain unauthorized administrative access to Cisco Secure Workload, allowing them to steal sensitive information and alter security configurations. This could result in a complete compromise of the organization's managed security environment.
CVE-2026-8598
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
ZKTeco cameras have a serious security gap; an unauthenticated port exposes camera passwords and system details, potentially giving unauthorized users control.
CVE-2026-8467
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An external attacker can exploit Phoenix Storybook to run malicious code on your server. This flaw could allow them to gain full administrative control, leading to unauthorized access to sensitive data and critical system infrastructure.
CVE-2026-45498
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A denial-of-service vulnerability exists in Microsoft Defender that could disrupt its security functions. While exploitation often requires local access, understanding this issue is important for confirming relevance and assessing potential exposure within your environment. The vulnerability affects the availability of
CVE-2026-41091
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
An internal attacker with existing access could trick Microsoft Defender into granting them higher system permissions. This could allow the unauthorized user to gain full administrative control of the system, putting business data and security at risk.
CVE-2026-3593
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A use-after-free vulnerability in BIND 9's DNS-over-HTTPS implementation could allow an unauthenticated attacker to crash the service. This affects organizations using vulnerable versions of BIND 9, potentially leading to denial-of-service disruptions and impacting the availability of internet-facing DNS services. The
CVE-2025-31973
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
HCL BigFix Service Management relies on outdated software components, which could allow an internal attacker to compromise the system. This could lead to a full administrative takeover of the platform and unauthorized access to sensitive configuration files.
CVE-2026-22314
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An internal attacker could exploit a flaw in Mesalvo Meona software to gain unauthorized control of workstations. This could allow the attacker to access sensitive patient data and compromise organizational security.
CVE-2026-33278
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
Unbound DNS software has a critical flaw allowing attackers to crash or take control of internet-facing servers, potentially impacting internet access. Update to version 1.25.1 immediately.
CVE-2026-9065
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
SureCart has a critical flaw allowing authenticated users to inject malicious SQL commands, potentially exposing sensitive customer data and compromising your e-commerce operations. This warrants immediate attention.
CVE-2026-9059
Halo Surface Signal: 3 out of 5 — possibly public-facing.
An internal attacker with specific administrative permissions can manipulate NextGEN Gallery to extract or alter information. This vulnerability poses a risk to sensitive business data and could allow unauthorized control of the website.
CVE-2026-7637
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
The Boost plugin for WordPress has a critical flaw. Attackers can potentially take control of your website or steal data if your site also has another vulnerable plugin or theme.
CVE-2026-24214
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical flaw in NVIDIA Triton Inference Server's DALI backend could let attackers remotely take control, tamper with data, or shut down services. This affects the core AI inference platform.
CVE-2026-24213
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
NVIDIA Triton Inference Server has a critical flaw allowing attackers to steal sensitive data or disrupt services by remotely sending malicious requests.
CVE-2026-24207
Halo Surface Signal: 3 out of 5 — possibly public-facing.
An NVIDIA Triton Inference Server vulnerability allows attackers to bypass authentication and potentially execute code or steal data. This is critical because it impacts systems serving machine learning models, which are often deployed internally.
CVE-2026-24206
Halo Surface Signal: 3 out of 5 — possibly public-facing.
The NVIDIA Triton Inference Server has an authentication flaw that an external attacker could exploit to bypass security controls. This could allow unauthorized access to sensitive model data, escalation of system privileges, or the disruption of critical machine learning operations.
CVE-2026-24163
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
The testing interface in NVIDIA TRT-LLM contains a security flaw that allows an internal attacker to execute unauthorized code or disrupt services. These actions could enable the compromise of the server and potential exposure of sensitive model information.
CVE-2026-24142
Halo Surface Signal: 3 out of 5 — possibly public-facing.
An external attacker can exploit a flaw in NVIDIA TRT-LLM to run unauthorized code, allowing them to steal sensitive data or gain full administrative control. This risk affects your core AI services and potentially compromises your entire business infrastructure.
CVE-2025-33255
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A flaw in NVIDIA TRT-LLM allows an internal attacker to gain unauthorized control of systems. This enables them to steal sensitive proprietary information, tamper with data, or crash services, directly threatening your model integrity and computing infrastructure.
CVE-2026-7284
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
The Easy Elements for Elementor WordPress plugin allows anyone to register as an administrator, giving them full control of your website without needing an account. This is a critical security risk for any site using this plugin.
CVE-2026-6555
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical flaw in the ProSolution WP Client WordPress plugin allows anyone to upload malicious files, potentially taking over your website and sensitive data. Act now to secure your site.