Skip to main content
CVE-2026-0495 MEDIUM This Month

SAP Fiori App Intercompany Balance Reconciliation contains an email redirection flaw that allows high-privileged attackers to redirect uploaded files to arbitrary email addresses, facilitating targeted phishing attacks. The vulnerability requires high privileges and user interaction, resulting in limited confidentiality, integrity, and availability impact. No patch is currently available for this medium-severity issue.

SAP
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2026-0716 MEDIUM PATCH This Month

Libsoup WebSocket implementations with unset maximum payload size limits are vulnerable to out-of-bounds memory reads during frame processing, potentially exposing sensitive data or causing application crashes. This vulnerability affects applications using non-default WebSocket configurations and requires no user interaction or authentication to exploit. No patch is currently available.

Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
4.8
EPSS
0.1%
CVE-2026-0513 MEDIUM PATCH This Month

Supplier Relationship Management versions up to 700 is affected by url redirection to untrusted site (open redirect) (CVSS 4.7).

SAP Open Redirect Supplier Relationship Management
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-68947 MEDIUM This Month

NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL requests to the driver. [CVSS 4.7 MEDIUM]

Windows
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-71074 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffs_epfile_open() can race with removal, ending up with file->private_data pointing to freed object.

Linux Information Disclosure Race Condition Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-20834 MEDIUM PATCH This Month

Windows Shell path traversal vulnerability affecting Windows 10 21H2, Windows Server 2016, 2019, and 2022 allows an attacker with physical access to spoof system resources without requiring user interaction. The vulnerability has no patch available and poses a confidentiality risk through unauthorized information disclosure.

Windows Path Traversal Windows Server 2016 Windows 10 21h2 Windows Server 2022 23h2 +12
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2026-20828 MEDIUM PATCH This Month

Windows Internet Connection Sharing (ICS) contains an out-of-bounds read vulnerability affecting Windows 7 through Windows 11 24H2 and Windows Server 2008-2019, enabling information disclosure through physical access to an affected system. An attacker with direct hardware access can exploit this flaw to read sensitive data from memory, though no patch is currently available. The attack requires physical presence and does not provide code execution or availability impact.

Windows Windows Server 2019 Windows 11 24h2 Windows Server 2008 Windows Server 2016 +11
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-20962 MEDIUM PATCH This Month

Uninitialized memory in the Dynamic Root of Trust for Measurement (DRTM) component of Windows 11 25h2, Windows Server 2019, Windows 10 22h2, Windows 10 1809, and Windows 11 23h2 allows a high-privileged local attacker to read sensitive information from kernel memory. The vulnerability requires administrative or equivalent privileges to exploit and carries no patch availability. This issue is tracked under CWE-908 with a CVSS score of 4.4.

Information Disclosure Windows 11 25h2 Windows Server 2019 Windows 10 22h2 Windows 10 1809 +7
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2026-20825 MEDIUM PATCH This Month

Improper access control in Windows Hyper-V enables privileged local users to read sensitive system information without authorization. The vulnerability affects Windows 10 (versions 21H2 and 22H2), Windows Server 2025, and Hyper-V implementations where an authenticated attacker with high privileges can bypass security controls to access confidential data. Currently no patch is available for this medium-severity issue.

Windows Hyper-V Windows 10 21h2 Windows Server 2025 Windows 10 22h2 +8
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-22809 MEDIUM PATCH This Month

Tarteaucitronjs versions up to 1.29.0 is affected by inefficient regular expression complexity (redos) (CVSS 4.4).

Denial Of Service Tarteaucitronjs
NVD GitHub
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-0494 MEDIUM This Month

SAP Fiori App Intercompany Balance Reconciliation contains an information disclosure vulnerability that allows authenticated attackers to access restricted data under specific conditions. The vulnerability requires valid user credentials and network access but does not impact system integrity or availability. No patch is currently available.

SAP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-0497 MEDIUM This Month

SAP Product Designer Web UI in Business Server Pages permits authenticated users without administrative privileges to view non-sensitive information they should not access. This authorization bypass affects confidentiality but carries no risk to system integrity or availability. No patch is currently available to remediate this exposure.

SAP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-68658 MEDIUM PATCH This Month

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. opensourcepos 3.4.0 and 3.4.1 has a stored XSS vulnerability exists in the Configuration (Information) functionality. [CVSS 4.3 MEDIUM]

PHP XSS Open Source Point Of Sale
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-0493 MEDIUM This Month

SAP Fiori App Intercompany Balance Reconciliation an attacker is affected by cross-site request forgery (csrf) (CVSS 4.3).

SAP Industrial CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-0887 MEDIUM PATCH This Month

The PDF Viewer component in Firefox and Thunderbird is vulnerable to clickjacking attacks that enable information disclosure through UI redressing techniques. Attackers can manipulate user interactions to trick victims into unintentionally revealing sensitive information, affecting Firefox versions below 147, Firefox ESR below 140.7, Thunderbird below 147, and Thunderbird ESR below 140.7. No patch is currently available for this vulnerability.

Information Disclosure Mozilla
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-0684 MEDIUM This Month

CP Image Store with Slideshow (WordPress plugin) versions up to 1.1.9 is affected by incorrect authorization (CVSS 4.3).

WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy