Skip to main content
CVE-2026-22853 MEDIUM POC PATCH This Month

FreeRDP RDPEAR NDR array reader has a heap overflow due to missing bounds checking on element counts. Malicious RDP server can overwrite heap memory. PoC available. Fixed in 3.20.1.

Buffer Overflow Freerdp Memory Corruption
NVD GitHub VulDB
CVSS 4.0
6.8
EPSS
0.1%
CVE-2026-0594 MEDIUM POC This Month

Reflected XSS in WordPress List Site Contributors plugin up to version 1.1.8 allows unauthenteric attackers to inject malicious scripts through the 'alpha' parameter due to inadequate input sanitization. Successful exploitation requires social engineering to trick users into clicking malicious links, potentially compromising user sessions and site integrity. No patch is currently available for this vulnerability.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2026-22787 MEDIUM POC PATCH This Month

html2pdf.js versions prior to 0.14.0 fail to sanitize text input before inserting it into the DOM, enabling stored or reflected XSS attacks that compromise client-side data confidentiality and integrity. Attackers can inject malicious scripts that execute in users' browsers when the library processes untrusted text sources, and public exploit code is available. Update to version 0.14.0 or later to remediate this vulnerability.

XSS Html2pdf.Js
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-22851 MEDIUM POC PATCH This Month

FreeRDP versions prior to 3.20.1 contain a race condition between the RDPGFX virtual channel and SDL rendering threads that enables heap use-after-free when graphics are reset. Public exploit code exists for this vulnerability, allowing attackers to crash the application or potentially execute code in industrial control systems and other environments using vulnerable FreeRDP implementations. A patch is not currently available, leaving affected systems exposed until an update is released.

Industrial Use After Free Race Condition Freerdp Red Hat +1
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-22819 MEDIUM POC PATCH This Month

Outray versions prior to 0.1.5 lack database transaction locking in the subdomain creation API endpoint, allowing authenticated users to bypass rate limits and provision more subdomains than permitted by their service tier. Public exploit code exists for this vulnerability, which affects the quota enforcement mechanism for free plan users. Upgrade to version 0.1.5 or later to remediate.

Information Disclosure Outray
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-22858 MEDIUM POC PATCH This Month

FreeRDP Base64 decoder has a global buffer overflow on ARM builds due to implementation-defined char signedness. Fixed in 3.20.1.

Buffer Overflow Information Disclosure Freerdp
NVD GitHub VulDB
CVSS 4.0
5.6
EPSS
0.1%
CVE-2026-22859 MEDIUM POC PATCH This Month

FreeRDP URBDRC USB redirect client has OOB read when processing server-supplied interface descriptors without bounds checking. Fixed in 3.20.1.

Buffer Overflow Information Disclosure Freerdp
NVD GitHub VulDB
CVSS 4.0
5.6
EPSS
0.1%
CVE-2026-22855 MEDIUM POC PATCH This Month

FreeRDP smartcard SetAttrib heap OOB read when attribute length mismatches NDR buffer. Fixed in 3.20.1.

Buffer Overflow Information Disclosure Freerdp
NVD GitHub VulDB
CVSS 4.0
5.6
EPSS
0.1%
CVE-2026-0961 MEDIUM POC PATCH This Month

BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service [CVSS 5.5 MEDIUM]

Denial Of Service Wireshark Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71106 MEDIUM POC PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fs: PM: Fix reverse check in filesystems_freeze_callback() The freeze_all_ptr check in filesystems_freeze_callback() introduced by commit a3f8f8662771 ("power: always freeze efivarfs") is reverse which quite confusingly causes all file systems to be frozen when filesystem_freeze_enabled is false.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71107 MEDIUM POC PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: f2fs: ensure node page reads complete before f2fs_put_super() finishes Xfstests generic/335, generic/336 sometimes crash with the following message: F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1 ------------[ cut here ]------------ kernel BUG at fs/f2fs/super.c:1939!

Linux Debian Denial Of Service Null Pointer Dereference Linux Kernel +2
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-14556 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Flag allows Cross-Site Scripting (XSS).This issue affects Flag: from 7.X-3.0 through 7.X-3.9. [CVSS 5.4 MEDIUM]

Drupal XSS Flag
NVD HeroDevs
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-63644 MEDIUM POC This Month

Ph7 Social Dating Builder versions up to 17.9.1 is affected by cross-site scripting (xss) (CVSS 5.4).

XSS Ph7 Social Dating Builder
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-56226 MEDIUM POC PATCH This Month

Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function within the mpeg_l3_encode.c file. [CVSS 5.3 MEDIUM]

Denial Of Service Libsndfile Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-0962 MEDIUM POC PATCH This Month

Denial of service in Wireshark 4.6.0-4.6.2 and 4.4.0-4.4.12 can be triggered through a malformed SOME/IP-SD protocol packet, causing the application to crash. Public exploit code exists for this vulnerability, and affected users should avoid opening untrusted packet captures until a patch is available.

Denial Of Service Wireshark Red Hat Suse
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-14557 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Facebook Pixel facebook_pixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1. [CVSS 4.8 MEDIUM]

Drupal XSS Facebook Pixel
NVD HeroDevs
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-71166 MEDIUM POC This Month

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the administrative interface within the Tools Status move message handling. [CVSS 5.4 MEDIUM]

PHP XSS Typesetter
NVD GitHub
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-71165 MEDIUM POC This Month

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php. [CVSS 5.4 MEDIUM]

PHP XSS Typesetter
NVD GitHub
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-71164 MEDIUM POC This Month

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the Editing component. [CVSS 5.4 MEDIUM]

PHP XSS Typesetter
NVD GitHub
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-0960 MEDIUM POC PATCH This Month

HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service [CVSS 4.7 MEDIUM]

Denial Of Service Wireshark Red Hat Suse
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-65397 MEDIUM This Month

An insecure authentication mechanism in the safe_exec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/public_key.der is not present in the file system. [CVSS 6.8 MEDIUM]

Dome Flare Firmware Information Disclosure
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2026-22718 MEDIUM This Month

Arbitrary command execution in the VSCode Spring CLI extension allows local users with interactive access to execute arbitrary commands on their machine through unsanitized input. An attacker with local access could exploit this to compromise the affected system, though no patch is currently available.

Spring Command Injection
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-68969 MEDIUM This Month

Multi-thread race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]

Race Condition Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-13454 MEDIUM This Month

Thinkplus Fu100 Firmware versions up to - is affected by cleartext transmission of sensitive information (CVSS 5.5).

Information Disclosure Thinkplus Fu100 Firmware Thinkplus Fu200 Firmware Thinkplus Tu800 Firmware Thinkplus Tsd303 Firmware
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-14242 MEDIUM PATCH This Month

A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence. [CVSS 6.5 MEDIUM]

Integer Overflow Denial Of Service
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-67835 MEDIUM This Month

Prtg Network Monitor versions up to 25.4.114 is affected by uncontrolled resource consumption (CVSS 6.5).

Denial Of Service Prtg Network Monitor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-15020 MEDIUM This Month

Gotham Block Extra Light (WordPress plugin) versions up to 1.5.0 is affected by path traversal (CVSS 6.5).

WordPress Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-0529 MEDIUM This Month

Packetbeat's MongoDB protocol parser fails to properly validate array indices, enabling attackers to trigger buffer overflows via malformed network packets sent to monitored interfaces. Organizations running Packetbeat with MongoDB protocol parsing enabled could experience denial of service conditions when processing specially crafted traffic. No patch is currently available for this vulnerability.

MongoDB
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-0421 MEDIUM This Month

Secure Boot bypass in iOS allows local privileged users to disable Secure Boot protections even when explicitly configured as enabled in BIOS, affecting systems with Secure Boot set to User Mode. An attacker with high-level system access and user interaction can circumvent boot-time security protections, potentially enabling unsigned code execution. No patch is currently available for this medium-severity vulnerability.

NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-0694 MEDIUM This Month

Stored XSS in the SearchWiz WordPress plugin through version 1.0.0 allows authenticated contributors and above to inject malicious scripts into post titles that execute when other users view search results. The vulnerability stems from improper output escaping using esc_attr() instead of esc_html() when rendering post titles in search functionality. No patch is currently available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-12178 MEDIUM This Month

The SpiceForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'spiceforms' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-68964 MEDIUM This Month

Data verification vulnerability in the HiView module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]

Code Injection Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-68959 MEDIUM This Month

Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 6.2 MEDIUM]

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-67833 MEDIUM This Month

Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter. [CVSS 6.1 MEDIUM]

XSS Prtg Network Monitor
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-65396 MEDIUM This Month

A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. [CVSS 6.1 MEDIUM]

Buffer Overflow Dome Flare Firmware
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-68970 MEDIUM This Month

Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 6.1 MEDIUM]

Code Injection Emui Harmonyos
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-22694 MEDIUM PATCH This Month

Incomplete validation of passkey requests in AliasVault Android versions 0.24.0-0.25.2 allows a locally installed malicious application to obtain passkey responses for unauthorized websites by bypassing checks on calling app identity, origin, and RP ID. An attacker with local access could leverage this to gain unauthorized access to user accounts on targeted services. The vulnerability has been patched in version 0.25.3.

Android Aliasvault
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-22036 MEDIUM PATCH This Month

Undici versions up to 7.18.0 is affected by allocation of resources without limits or throttling (CVSS 5.9).

Node.js Undici Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-68967 MEDIUM This Month

Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 5.7).

Privilege Escalation Harmonyos
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-68963 MEDIUM This Month

Man-in-the-middle attack vulnerability in the Clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.7 MEDIUM]

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-71121 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: parisc: Do not reprogram affinitiy on ASP chip The ASP chip is a very old variant of the GSP chip and is used e.g. in HP 730 workstations.

Linux Denial Of Service HP Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71132 MEDIUM PATCH This Month

{RT,(full)} [ 13.062353] Hardware name: , BIOS [ 13.062382] Workqueue: mld mld_ifc_work [ 13.062469] Call trace: [ 13.062494] show_stack+0x24/0x40 (C) [ 13.062602] __dump_stack+0x28/0x48 [ 13.062710] dump_stack_lvl+0x7c/0xb0 [ 13.062818] dump_stack+0x18/0x34 [ 13.062926] process_scheduled_works+0x294/0x450 [ 13.063043] worker_thread+0x260/0x3d8 [ 13.063124] kthread+0x1c4/0x228 [ 13.063235] ret_from_fork+0x10/0x20 This happens because smc_special_trylock() disables IRQs even on PREEMPT_RT, but smc_special_unlock() does not restore IRQs on PREEMPT_RT.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71131 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req->iv after crypto_aead_encrypt As soon as crypto_aead_encrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req->iv after it returns is invalid.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71127 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Discard Beacon frames to non-broadcast address Beacon frames are required to be sent to the broadcast address, see IEEE Std 802.11-2020, 11.1.3.1 ("The Address 1 field of the Beacon ..

Linux Authentication Bypass Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71125 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tracing: Do not register unsupported perf events Synthetic events currently do not have a function to register perf events.

Linux Debian Null Pointer Dereference Denial Of Service Linux Kernel +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71120 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL.

Linux Null Pointer Dereference Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71118 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid walking the Namespace if start_node is NULL Although commit 0c9992315e73 ("ACPICA: Avoid walking the ACPI Namespace if it is not there") fixed the situation when both start_node and acpi_gbl_root_node are NULL, the Linux kernel mainline now still crashed on Honor Magicbook 14 Pro [1].

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71114 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: via_wdt: fix critical boot hang due to unnamed resource allocation The VIA watchdog driver uses allocate_resource() to reserve a MMIO region for the watchdog control register.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71113 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - zero initialize memory allocated via sock_kmalloc Several crypto user API contexts and requests allocated with sock_kmalloc() were left uninitialized, relying on callers to set fields explicitly.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71108 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Handle incorrect num_connectors capability The UCSI spec states that the num_connectors field is 7 bits, and the 8th bit is reserved and should be set to zero.

Linux Lenovo Information Disclosure Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy