Skip to main content
CVE-2025-66689 MEDIUM POC This Month

A path traversal vulnerability exists in Zen MCP Server before 9.8.2 that allows authenticated attackers to read arbitrary files on the system. [CVSS 6.5 MEDIUM]

Path Traversal Pal Mcp Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68471 MEDIUM POC PATCH This Month

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart. [CVSS 6.5 MEDIUM]

Denial Of Service Avahi Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-22813 MEDIUM POC PATCH This Month

OpenCode's markdown renderer fails to sanitize HTML input in LLM responses, allowing attackers who control the chat output to inject arbitrary JavaScript that executes in the localhost:4096 origin without Content Security Policy protections. Public exploit code exists for this cross-site scripting vulnerability, affecting users of the AI coding agent through versions prior to 1.1.10. An attacker can achieve session compromise or local code execution by manipulating LLM responses to inject malicious scripts.

XSS AI / ML Opencode
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-22695 MEDIUM POC PATCH This Month

Libpng versions 1.6.51-1.6.53 contain a heap buffer over-read in the simplified API function png_image_finish_read when processing interlaced 16-bit PNG images with 8-bit output and non-minimal row stride, allowing local attackers to read out-of-bounds memory through a malicious image file. Public exploit code exists for this regression, which was introduced by a previous security fix. Upgrade to version 1.6.54 to remediate.

Buffer Overflow Libpng Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-22772 MEDIUM POC PATCH This Month

Fulcio versions prior to 1.8.5 allow unauthenticated attackers to bypass MetaIssuer URL validation through unanchored regex patterns, enabling blind SSRF attacks against internal services. Although the vulnerability is limited to read-only GET requests with no response exfiltration, attackers can probe internal networks to discover active services and infrastructure. Public exploit code exists for this medium-severity issue, and a patch is available in version 1.8.5.

SSRF Fulcio Red Hat Suse
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-0852 MEDIUM POC This Month

SQL injection in Online Music Site 1.0's AdminUpdateUser.php allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could enable unauthorized data access, modification, or deletion with confidentiality, integrity, and availability impact.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-0851 MEDIUM POC This Month

SQL injection in code-projects Online Music Site 1.0 via the txtusername parameter in AdminAddUser.php enables unauthenticated remote attackers to manipulate database queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-66939 MEDIUM POC This Month

Cross Site Scripting vulnerability in 66biolinks by AltumCode v.61.0.1 allows an attacker to execute arbitrary code via a crafted favicon file [CVSS 5.4 MEDIUM]

XSS 66biolinks
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-22033 MEDIUM POC PATCH This Month

Stored XSS in Label Studio's custom_hotkeys feature allows authenticated attackers to inject malicious JavaScript that executes in other users' browsers, potentially enabling API token theft and account takeover due to insufficient CSRF protections. Public exploit code exists for this vulnerability affecting Label Studio 1.22.0 and earlier. An attacker could abuse this to gain unauthorized API access or perform actions on behalf of compromised users.

XSS CSRF Label Studio
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-22784 MEDIUM POC PATCH This Month

Lychee photo management tool versions before 7.1.0 contain an authorization bypass in the album password unlock mechanism that allows authenticated users to access multiple password-protected albums by unlocking just one that shares the same password. Public exploit code exists for this vulnerability. Administrators should upgrade to version 7.1.0 or later to prevent unauthorized access to protected photo collections.

Authentication Bypass Lychee
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22214 MEDIUM This Month

RIOT OS ethos utility has a stack buffer overflow in _handle_char() due to missing bounds checking on serial frame data. Incoming frame bytes overflow a fixed-size stack buffer.

Buffer Overflow Stack Overflow Riot
NVD GitHub VulDB
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-68622 MEDIUM PATCH This Month

Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in the esp-usb UVC host implementation allows a malicious USB Video Class (UVC) device to trigger a stack buffer overflow during configuration-descriptor parsing. When UVC configuration-descriptor printing is enabled, the host prints detailed descriptor information provided by the connected USB device. A specially crafted UVC descriptor may advertise an excessively large length...

Buffer Overflow Usb Host Uvc Class Driver
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-68656 MEDIUM PATCH This Month

Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. [CVSS 6.8 MEDIUM]

Use After Free Usb Host Hid Driver
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-22801 MEDIUM PATCH This Month

Libpng versions 1.6.26 through 1.6.53 contain an integer truncation flaw in the simplified write API functions that triggers a heap buffer over-read when processing images with negative row strides or strides exceeding 65535 bytes. Local attackers can exploit this to read sensitive heap memory, potentially disclosing application data. No patch is currently available; users should avoid processing untrusted PNG images with these vulnerable libpng versions.

Buffer Overflow Libpng Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-69267 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Path Traversal.This issue affects DX NetOps Spectrum: 24.3.8 and earlier. [CVSS 6.5 MEDIUM]

Broadcom Linux Windows Path Traversal Dx Netops Spectrum
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-65553 MEDIUM This Month

Xz-G12 Firmware versions up to 2.1.17 contains a vulnerability that allows attackers to undetected intrusions or failure to trigger safety alerts (CVSS 6.5).

Xz G12 Firmware Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68468 MEDIUM PATCH This Month

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. [CVSS 6.5 MEDIUM]

Denial Of Service Avahi Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68657 MEDIUM PATCH This Month

Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, calls to hid_host_device_close() can free the same usb_transfer_t twice. [CVSS 6.4 MEDIUM]

Information Disclosure Usb Host Hid Driver
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-69275 MEDIUM This Month

Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier. [CVSS 6.1 MEDIUM]

Broadcom Linux Windows Dx Netops Spectrum XSS
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-69268 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Reflected XSS.This issue affects DX NetOps Spectrum: 24.3.8 and earlier. [CVSS 6.1 MEDIUM]

Broadcom Linux Windows XSS Dx Netops Spectrum
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-22798 MEDIUM PATCH This Month

Hermes versions up to 0.9.1 is affected by insertion of sensitive information into log file (CVSS 5.9).

Information Disclosure Hermes
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-68276 MEDIUM PATCH This Month

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon (with wide-area disabled) by creating record browsers with the AVAHI_LOOKUP_USE_WIDE_AREA flag set via D-Bus. [CVSS 5.5 MEDIUM]

Denial Of Service Avahi Red Hat Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-22789 MEDIUM PATCH This Month

WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. [CVSS 5.4 MEDIUM]

PHP RCE Wem
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2021-41074 MEDIUM This Month

A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a crafted HTML document. [CVSS 5.4 MEDIUM]

PHP CSRF Qloapps
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-0853 MEDIUM This Month

A-Plus Video Technologies NVR devices expose an unauthenticated debug page that allows remote attackers to retrieve sensitive device status information without authentication. The vulnerability requires no user interaction and can be exploited over the network, enabling reconnaissance attacks against affected systems. No patch is currently available to remediate this exposure.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-67813 MEDIUM This Month

Kace Desktop Authority versions up to 11.3.1 is affected by incorrect default permissions (CVSS 5.3).

Privilege Escalation Kace Desktop Authority
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22251 MEDIUM PATCH This Month

Wlc versions prior to 1.17.0 fail to restrict unscoped API keys, allowing them to be transmitted to unintended Weblate servers and potentially leaked to attackers with local access or through compromised credentials. A local attacker with user privileges could exploit this information disclosure to gain unauthorized access to Weblate instances across multiple servers. A patch is available in version 1.17.0 and later.

Information Disclosure Wlc
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22212 MEDIUM This Month

TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy() and strcat() functions when constructing device paths during automatic device discovery.

Buffer Overflow Stack Overflow
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-14579 MEDIUM This Month

Quiz Maker WordPre versions up to 6.7.0.89 contains a vulnerability that allows attackers to high privilege users such as admin to perform Stored Cross-Site Scripting attack (CVSS 4.8).

WordPress XSS PHP
NVD WPScan
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-22050 MEDIUM This Month

Ontap versions up to 9.16.1 is affected by authorization bypass through user-controlled key (CVSS 4.3).

Authentication Bypass Ontap
NVD
CVSS 3.1
4.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy