CRITICAL9.8 CVE-2026-31220 EPSS 0.31% PySyft server-side arbitrary Python execution after code approval 2026/5/12 CRITICAL9.1 CVE-2026-45091 EPSS 0.01% sealed-env: TOTP secret embedded in unseal token payload (enterprise mode) 2026/5/12 CRITICAL9.6 CVE-2026-45321 ⚠ KEV EPSS 17.1% Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys 2026/5/12 CRITICAL10.0 CVE-2026-43898 EPSS 0.06% SandboxJS has a sandbox escape via Function.caller leakage of internal call op 2026/5/11 CRITICAL9.9 CVE-2026-7813 EPSS 0.06% pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules 2026/5/11 CRITICAL9.1 CVE-2026-27478 EPSS 0.03% Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation 2026/5/11 CRITICAL9.8 CVE-2026-25244 EPSS 0.15% WebdriverIO BrowserStack Service has a Command Injection issue 2026/5/11 CRITICAL9.6 CVE-2026-44336 EPSS 0.14% PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection 2026/5/11 CRITICAL9.6 CVE-2026-44211 EPSS 0.02% Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability 2026/5/8 CRITICAL9.1 CVE-2026-44551 EPSS 0.04% Open WebUI has an LDAP Empty Password Authentication Bypass 2026/5/8 CRITICAL9.6 CVE-2026-43944 EPSS 0.15% Electerm users can run dangrous code through link or command line 2026/5/8 CRITICAL9.8 CVE-2026-43940 EPSS 0.04% Electerm runWidget has a path traversal that leads to arbitrary code execution 2026/5/8 CRITICAL9.8 CVE-2026-44009 EPSS 0.02% vm2 has Sandbox Breakout Through Null Proto Exception 2026/5/8 CRITICAL9.8 CVE-2026-44008 EPSS 0.08% vm2 has sandbox breakout via `neutralizeArraySpeciesBatch` 2026/5/8 CRITICAL9.8 CVE-2025-63704 EPSS 0.02% query-parser-string is vulnerable to Prototype Pollution 2026/5/7 CRITICAL9.8 CVE-2025-63703 EPSS 0.02% parse-ini is vulnerable to Prototype Pollution in index.js() 2026/5/7 CRITICAL9.8 CVE-2025-63706 EPSS 0.11% next-npm-version is vulnerable to Command injection 2026/5/7 CRITICAL9.1 CVE-2026-40982 EPSS 0.14% Spring Cloud Config vulnerable to Path Traversal 2026/5/7 CRITICAL9.1 CVE-2026-44007 EPSS 0.05% vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution 2026/5/7 CRITICAL9.9 CVE-2026-43999 EPSS 0.18% vm2 has a NodeVM builtin allowlist bypass via `module` builtin's `Module._load` that allows sandbox escape 2026/5/7 CRITICAL10.0 CVE-2026-44005 EPSS 0.11% vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape 2026/5/7 CRITICAL10.0 CVE-2026-43997 EPSS 0.02% vm2 Access to Host Object Enables Sandbox Escape 2026/5/7 CRITICAL10.0 CVE-2026-44006 EPSS 0.06% vm2 has a Sandbox Escape Vulnerability 2026/5/7 CRITICAL9.1 CVE-2026-44351 EPSS 0.01% fast-jwt: JWT auth bypass due to empty HMAC secret accepted by async key resolver 2026/5/6 CRITICAL9.8 CVE-2026-44335 EPSS 0.05% PraisonAI has an SSRF bypass 2026/5/6