Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
17 articles

#CVSS 9.8

All CosmicBytez Labs articles tagged #CVSS 9.8, across news, security advisories, how-to guides, and projects.

  • SecurityJul 10, 2026

    CVE-2026-14894: WordPress Super Forms Plugin Critical Arbitrary File Upload

    A critical unauthenticated arbitrary file upload vulnerability in the Super Forms plugin for WordPress (CVSS 9.8) allows attackers to upload and execute...

  • SecurityJul 10, 2026

    CVE-2026-15282: WordPress Instant Appointment Plugin Critical File Upload

    A critical unauthenticated arbitrary file upload flaw (CVSS 9.8) in the Instant Appointment WordPress plugin allows attackers to upload and execute...

  • SecurityJun 13, 2026

    CVE-2026-11849: IRM-IEI Remote Management Hardcoded Credentials

    A critical CVSS 9.8 hardcoded credentials vulnerability in IEI Integration Corp's IRM-IEI Remote Management software allows unauthenticated remote...

  • SecurityJun 3, 2026

    CVE-2026-35075: Hardcoded Default Password in Firmware Enables Full Device Takeover (CVSS 9.8)

    A CVSS 9.8 critical vulnerability allows unauthenticated remote attackers to recover a default hardcoded password from a firmware image, granting full…

  • SecurityJun 3, 2026

    CVE-2026-47065: Java Deserialization Filter Bypass via resolveProxyClass (CVSS 9.8)

    A CVSS 9.8 critical Java deserialization vulnerability allows attackers to bypass ObjectInputFilter via TC_PROXYCLASSDESC, circumventing acceptMatchers…

  • SecurityJun 3, 2026

    CVE-2026-49448: authentik Source Stage Authentication Bypass (CVSS 9.8)

    A critical authentication bypass in authentik allows attackers to skip the Source stage entirely by sending an empty POST request, completely circumventing…

  • SecurityMay 30, 2026

    CVE-2026-10042: manga-image-translator RCE via Unsafe Python Deserialization

    A critical CVSS 9.8 remote code execution vulnerability in manga-image-translator allows unauthenticated attackers to execute arbitrary commands by...

  • SecurityMay 28, 2026

    CVE-2026-45083 — Goobi Viewer Unauthenticated RCE via Solr Streaming Expression Injection

    CVSS 9.8 in Goobi Viewer REST API lets unauthenticated clients inject Solr streaming expressions, enabling RCE on affected digital heritage platforms.

  • SecurityMay 20, 2026

    CVE-2026-24207: NVIDIA Triton Inference Server Auth Bypass

    A critical authentication bypass vulnerability in NVIDIA Triton Inference Server could allow unauthenticated attackers to execute code, escalate...

  • SecurityMay 20, 2026

    CVE-2026-7637: WordPress Boost Plugin PHP Object Injection

    The Boost plugin for WordPress versions up to 2.0.3 is vulnerable to PHP Object Injection via deserialization of the STYXKEY-BOOST_USER_LOCATION cookie,...

  • SecurityApr 28, 2026

    CVE-2026-40860: Apache Camel JMS Unsafe ObjectMessage

    Apache Camel's JmsBinding class in camel-jms and camel-sjms deserializes incoming JMS ObjectMessage payloads via javax.jms.ObjectMessage.getObject()...

  • SecurityApr 28, 2026

    CVE-2026-41635: Apache MINA Class Allowlist Bypass Enables

    Apache MINA's AbstractIoBuffer.resolveClass() contains a branch for static classes and primitive types that skips allowlist validation entirely, letting...

  • SecurityApr 24, 2026

    CVE-2026-26210: KTransformers Unsafe Deserialization RCE

    KTransformers through version 0.5.3 contains a critical unsafe deserialization vulnerability in its balance_serve backend mode, where an unauthenticated...

  • SecurityApr 24, 2026

    CVE-2026-6942: radare2-mcp OS Command Injection via Shell

    A critical OS command injection vulnerability in radare2-mcp 1.6.0 and earlier allows remote attackers to execute arbitrary commands by bypassing the...

  • SecurityApr 21, 2026

    CVE-2026-5965: NewSoftOA Critical OS Command Injection

    A critical OS command injection vulnerability in NewSoftOA by NewSoft allows unauthenticated local attackers to inject and execute arbitrary OS commands...

  • SecurityMar 31, 2026

    CVE-2026-31946: Critical JWT Signature Verification Bypass

    OpenOlat versions 10.5.4 through 20.2.4 fail to verify JWT signatures in their OpenID Connect implicit flow, allowing unauthenticated attackers to...

  • SecurityMar 20, 2026

    CVE-2026-21992: Critical Oracle Identity Manager

    Oracle's March 2026 Critical Patch Update includes CVE-2026-21992, a CVSS 9.8 unauthenticated remote code execution vulnerability in Oracle Identity...