Skip to main content
CVE-2025-15555 MEDIUM POC PATCH This Month

A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. [CVSS 7.3 HIGH]

Buffer Overflow Open5gs
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-25475 MEDIUM POC PATCH This Month

OpenClaw versions prior to 2026.1.30 suffer from a path traversal vulnerability in the isValidMedia() function that permits authenticated agents to read arbitrary files on the system by crafting malicious MEDIA output directives. An attacker with agent access can leverage this flaw to exfiltrate sensitive data accessible to the application process. Public exploit code exists for this vulnerability, and no patch is currently available.

Path Traversal AI / ML Openclaw
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-68699 MEDIUM POC PATCH This Month

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions ($share/). [CVSS 6.5 MEDIUM]

Denial Of Service Nanomq
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-69618 MEDIUM POC This Month

Coto versions up to 11.4.0 is affected by unrestricted upload of file with dangerous type (CVSS 6.5).

File Upload RCE Coto
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-25579 MEDIUM POC PATCH This Month

Navidrome versions prior to 0.60.0 allow authenticated users to trigger denial of service by requesting image resizing with extremely large parameters, causing uncontrolled memory allocation and potential disk exhaustion. Public exploit code exists for this vulnerability, which can crash the server process via the OOM killer or fill the cache directory with massive files. An attacker with valid credentials can achieve complete service outage without administrative privileges.

Linux Denial Of Service Navidrome Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-70997 MEDIUM POC This Month

A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level. [CVSS 6.5 MEDIUM]

Authentication Bypass Eladmin
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25578 MEDIUM POC PATCH This Month

Navidrome versions before 0.60.0 contain a stored cross-site scripting vulnerability in song comment metadata that allows attackers to inject malicious scripts and steal user credentials when victims view affected music files. Public exploit code exists for this vulnerability. Administrators should upgrade to version 0.60.0 or later to remediate the risk.

XSS Navidrome Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-69620 MEDIUM POC This Month

A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage. [CVSS 5.0 MEDIUM]

Denial Of Service Path Traversal Office Reader
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-25511 MEDIUM POC PATCH This Month

Server-side request forgery in Group Office's WOPI service discovery allows authenticated System Administrators to access internal hosts, ports, and files on the affected server. The vulnerability enables attackers to exfiltrate SSRF response bodies through the debug system, effectively converting a blind SSRF into a visible information disclosure attack. Public exploit code exists for this medium-severity flaw, which has been patched in versions 6.8.150, 25.0.82, and 26.0.5.

SSRF Group Office
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-20980 MEDIUM This Month

Android versions up to 14.0 contains a vulnerability that allows attackers to execute arbitrary commands (CVSS 6.8).

RCE Android
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-14740 MEDIUM This Month

Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. [CVSS 6.7 MEDIUM]

Windows Docker Race Condition RCE
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20981 MEDIUM This Month

Arbitrary command execution with system privileges in Android's FacAtFunction component allows a privileged physical attacker to bypass input validation controls prior to the February 2026 Security Maintenance Release 1. An adversary with physical access and elevated privileges can exploit this vulnerability to execute arbitrary commands at the system level. No patch is currently available.

RCE Android
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-25540 MEDIUM This Month

Mastodon versions prior to 4.3.19, 4.4.13, and 4.5.6 are vulnerable to web cache poisoning in ActivityPub endpoints when AUTHORIZED_FETCH is enabled, allowing cached responses to be served across different user contexts regardless of request signing. An attacker could exploit this to view content intended for non-blocked accounts or cause blocked users to receive empty responses meant for them, potentially bypassing access controls. No patch is currently available for affected deployments.

Information Disclosure Mastodon
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-0948 MEDIUM PATCH This Month

The Microsoft Entra ID SSO Login module for Drupal before version 1.0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to escalate privileges through an alternate authentication channel. An attacker can exploit this flaw to gain unauthorized access with elevated permissions on affected Drupal installations. No patch is currently available, and the vulnerability has low exploit probability (EPSS 0.1%).

Drupal Privilege Escalation Authentication Bypass Microsoft Entra Id Sso Login
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-51451 MEDIUM This Month

Concert versions up to 2.1.0 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 6.5).

IBM XSS Concert
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-22044 MEDIUM This Month

Authenticated users in GLPI versions 0.85 through 10.0.22 can exploit a SQL injection vulnerability to read sensitive data from the application database. The vulnerability requires valid credentials and network access but does not allow data modification or denial of service. Version 10.0.23 contains the fix, though no patch is currently available for affected deployments.

SQLi Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-0572 MEDIUM This Month

Unauthenticated attackers can modify WordPress plugin settings in WebPurify Profanity Filter up to version 4.0.2 due to missing authorization checks on the options-saving function. This allows unauthorized configuration changes without requiring user authentication or interaction. No patch is currently available for this vulnerability.

WordPress
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-15260 MEDIUM This Month

Loyalty Points and Rewards for WooCommerce versions up to 5.6.0. is affected by missing authorization (CVSS 6.5).

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24447 MEDIUM This Month

Malformed data processed by the affected product can be embedded in exported CSV files, which execute arbitrary code when opened by users due to improper input validation. Movable Type 7 and 8.4 series (both EOL) along with current versions are vulnerable to this code injection attack through user-initiated file downloads. An authenticated attacker can craft malicious input to compromise any user who downloads and opens the resulting CSV file.

Code Injection
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2026-23704 MEDIUM This Month

Movable Type allows non-administrative users to upload arbitrary files that execute malicious scripts in an administrator's browser when accessed, enabling cross-site scripting attacks with medium impact on confidentiality, integrity, and availability. This vulnerability affects both current and end-of-life versions (7.x and 8.4 series) with no patch currently available. An attacker with basic user privileges can compromise administrator sessions through stored script execution.

File Upload
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2026-0742 MEDIUM This Month

Stored cross-site scripting in the Smart Appointment & Booking WordPress plugin through version 1.0.7 allows authenticated subscribers and higher-privileged users to inject malicious scripts into pages via the saab_save_form_data AJAX action due to inadequate input sanitization. Attackers can exploit this vulnerability to execute arbitrary JavaScript that persists and runs for any user viewing the compromised pages. No patch is currently available for this medium-severity flaw.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-1895 MEDIUM PATCH This Month

Wekan versions up to 8.20. contains a vulnerability that allows attackers to improper access controls (CVSS 6.3).

Information Disclosure Wekan
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-43181 MEDIUM This Month

IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. [CVSS 6.3 MEDIUM]

IBM Concert
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-25532 MEDIUM PATCH This Month

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. [CVSS 6.3 MEDIUM]

IoT Integer Overflow Esp Idf
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-25508 MEDIUM PATCH This Month

Out-of-bounds read in ESP-IDF versions 5.1.6 through 5.5.2 allows remote attackers to trigger memory corruption via malformed BLE prepare-write requests during device provisioning mode. An unauthenticated BLE client can exploit improper length tracking in the protocomm_ble transport to cause the provisioning handler to read beyond allocated buffer boundaries. This results in potential information disclosure and denial of service for affected IoT devices.

IoT Memory Corruption Esp Idf
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-25507 MEDIUM PATCH This Month

Espressif IoT Development Framework versions 5.1.6-5.5.2 contain a use-after-free vulnerability in the BLE provisioning layer that allows remote attackers to trigger memory corruption when provisioning is stopped with keep_ble_on enabled. A connected BLE client can exploit freed GATT metadata through read/write callbacks to cause denial of service or potential code execution. Patches are available for all affected versions.

IoT Use After Free Esp Idf
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-1894 MEDIUM PATCH This Month

Improper authorization in WeKan's REST API (versions up to 8.20) allows authenticated users to manipulate checklist item parameters and gain unauthorized access to resources across different boards and checklists. An attacker with valid credentials can exploit this vulnerability to read or modify data they should not have access to. The vulnerability has been patched in version 8.21 and users should upgrade immediately.

Information Disclosure Wekan
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-25543 MEDIUM PATCH This Month

Htmlsanitizer versions up to 9.0.892 is affected by improper encoding or escaping of output (CVSS 6.1).

.NET XSS Htmlsanitizer
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-0946 MEDIUM PATCH This Month

Cross-site scripting in the AT Internet SmartTag Drupal module versions before 1.0.1 enables attackers to inject malicious scripts through improper input validation on web pages. An attacker can exploit this vulnerability remotely without authentication to steal session cookies, perform actions on behalf of users, or deface content, though user interaction is required for successful exploitation. No patch is currently available for affected Drupal installations.

Drupal XSS At Internet Smarttag
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-20123 MEDIUM This Month

Open redirect in Cisco Prime Infrastructure and Evolved Programmable Network Manager allows unauthenticated remote attackers to redirect users to malicious websites through insufficient input validation in the web management interface. An attacker can intercept and modify HTTP requests to craft malicious URLs that deceive users into visiting attacker-controlled pages. No patch is currently available for this vulnerability.

Cisco Prime Infrastructure Evolved Programmable Network Manager Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-70545 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in the web management interface of the PPC (Belden) ONT 2K05X router running firmware v1.1.9_206L. [CVSS 6.1 MEDIUM]

XSS Ppc 2k05x Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-20978 MEDIUM This Month

Android versions up to 13.0 contains a vulnerability that allows attackers to bypass the persistence configuration of the application (CVSS 6.1).

Authentication Bypass Android
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-20982 MEDIUM This Month

Android ShortcutService path traversal vulnerability prior to the February 2026 SMR Release 1 enables privileged local attackers to create files with system-level privileges. The vulnerability requires high-level authentication and does not affect confidentiality significantly, but could allow attackers to modify system files or degrade availability. No patch is currently available.

Path Traversal Android
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-22548 MEDIUM This Month

BIG-IP Advanced WAF and ASM experience denial of service when processing specific requests under certain conditions, causing the bd process to terminate and disrupting security policy enforcement. An unauthenticated remote attacker can trigger this crash without user interaction, though exploitation requires specific timing and environmental factors. No patch is currently available for affected versions.

Race Condition Big Ip Application Security Manager Big Ip Advanced Web Application Firewall
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-25518 MEDIUM PATCH This Month

Denial-of-service in cert-manager versions 1.18.0-1.18.4 and 1.19.0-1.19.2 allows network-adjacent attackers to crash the controller by poisoning DNS cache entries during ACME DNS-01 validation through unencrypted DNS traffic interception. An attacker positioned to intercept DNS queries from the cert-manager pod can inject malicious DNS responses that trigger a panic in the controller, disrupting certificate management operations in affected Kubernetes clusters. A patch is available for immediate deployment.

Kubernetes DNS Cert Manager Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-1642 MEDIUM PATCH This Month

NGINX proxy configurations forwarding traffic to upstream TLS servers can be exploited by network-positioned attackers to inject unencrypted data into proxied responses, potentially compromising data integrity. This vulnerability affects NGINX OSS, NGINX Plus, and related products when specific upstream server conditions are present. No patch is currently available for this medium-severity issue.

Nginx Nginx Ingress Controller Nginx Open Source Nginx Instance Manager Nginx Gateway Fabric +3
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-23093 MEDIUM PATCH This Month

CVE-2026-23093 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-23063 MEDIUM PATCH This Month

Linux kernel UACCE subsystem is vulnerable to a null pointer dereference that causes a denial of service when queue release and device removal operations execute concurrently during system shutdown. A local attacker with standard user privileges can trigger this condition by forcing accelerator queue cleanup while the device is being removed, crashing the kernel. No patch is currently available.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23108 MEDIUM PATCH This Month

The Linux kernel USB CAN driver (usb_8dev) fails to properly manage URB memory when USB transfers complete, allowing a local attacker with user privileges to trigger a memory leak and cause a denial of service through resource exhaustion. The vulnerability occurs because completed URBs are unanchored by the USB framework before the callback function executes, preventing proper cleanup during driver shutdown. No patch is currently available for this issue.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23103 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrs_lock be per port Make the addrs_lock be per port, not per ipvlan dev. Initial code seems to be written in the assumption, that any address change must occur under RTNL.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23097 MEDIUM PATCH This Month

A deadlock vulnerability in the Linux kernel's hugetlb file folio migration code allows a local privileged user to cause a denial of service by triggering conflicting lock acquisitions between folio locks and memory mapping semaphores. The vulnerability occurs when migrate_pages() and hugetlbfs_fallocate() operations compete for locks in opposite orders, freezing affected processes. No patch is currently available for this medium-severity issue.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23096 MEDIUM PATCH This Month

The Linux kernel's uacce subsystem can hang during device cleanup when cdev_device_add fails, as subsequent calls to cdev_device_del attempt to release already-freed memory. Local users with sufficient privileges can trigger a denial of service by causing the device initialization to fail, resulting in a system hang. A patch is not currently available.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23095 MEDIUM PATCH This Month

A memory leak in the Linux kernel's GUE (Generic UDP Encapsulation) implementation occurs when processing packets with inner IP protocol 0, allowing a local attacker to cause a denial of service by exhausting kernel memory. The vulnerability exists because gue_udp_recv() fails to properly handle protocol 0 during packet resubmission, resulting in unreferenced skb objects that are never freed. No patch is currently available for this medium-severity issue affecting the Linux kernel.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23091 MEDIUM PATCH This Month

The Linux kernel's Intel Trace Hub driver fails to properly release device references during output device operations, leading to resource exhaustion on systems with local access. A local authenticated user can trigger this memory leak through repeated open/close cycles or error conditions, potentially causing denial of service. No patch is currently available for this vulnerability.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23090 MEDIUM PATCH This Month

The Linux kernel's Slimbus core driver fails to properly release device references when processing report-present messages, leading to a memory leak that can exhaust system resources. A local attacker with user privileges can trigger this leak by causing repeated Slimbus device registration events, potentially causing a denial of service through memory exhaustion. No patch is currently available for this vulnerability.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23087 MEDIUM PATCH This Month

The Linux kernel's Xen SCSI backend driver fails to properly deallocate memory for vscsiblk_info structures during device removal and error handling, allowing local users with appropriate privileges to trigger denial of service through memory exhaustion. The vulnerability exists because scsiback_remove() does not free memory allocated in scsiback_probe(), resulting in persistent memory leaks when removing the device or during probe failures. No patch is currently available for this issue.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23085 MEDIUM PATCH This Month

The GICv3 interrupt controller driver in the Linux kernel on 32-bit systems with CONFIG_ARM_LPAE can truncate physical memory addresses above the 4GB limit when storing them in 32-bit variables, potentially causing system crashes or memory corruption. A local attacker with kernel-level privileges could trigger this condition through memory allocation patterns that force addresses into higher physical memory ranges. This vulnerability affects Linux systems using ARM Large Physical Address Extension with 32-bit address space configurations.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23084 MEDIUM PATCH This Month

A null pointer dereference vulnerability in the Linux kernel's be2net driver allows local users with low privileges to cause a denial of service by triggering a crash through improper parameter handling in the be_cmd_get_mac_from_list() function. The vulnerability occurs when the driver passes both a false pmac_id_valid flag and a NULL pointer to this function, causing the kernel to dereference the invalid pointer. No patch is currently available for this issue.

Linux Null Pointer Dereference Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23080 MEDIUM PATCH This Month

Memory leak in Linux kernel CAN USB driver (mcba_usb) allows local attackers with user privileges to exhaust system memory by triggering improper URB cleanup in the USB bulk read callback function. The vulnerability occurs because USB framework unanchors URBs before the completion callback executes, preventing proper deallocation when the device is closed. No patch is currently available.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23075 MEDIUM PATCH This Month

The Linux kernel esd_usb driver leaks memory in its USB bulk transfer callback function because unanchored URBs are not properly freed during device closure, allowing a local attacker with device access to exhaust kernel memory and cause a denial of service. The vulnerability affects systems using esd_usb CAN interface devices and can be triggered repeatedly through device open/close cycles.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy