Skip to main content
CVE-2025-14778 MEDIUM PATCH This Month

A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService (UMA Protection API). [CVSS 5.4 MEDIUM]

Privilege Escalation Red Hat
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-23903 MEDIUM PATCH This Month

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. [CVSS 5.3 MEDIUM]

macOS Apache Authentication Bypass Shiro Red Hat
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-25878 MEDIUM PATCH This Month

Froshadminer versions up to 2.2.1 is affected by missing authentication for critical function (CVSS 5.3).

Authentication Bypass Froshadminer
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-66605 MEDIUM This Month

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since there are input fields on this webpage with the autocomplete attribute enabled, the input content could be saved in the browser the user is using. [CVSS 5.3 MEDIUM]

Information Disclosure Fast Tools
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-66594 MEDIUM This Month

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed on the error page. [CVSS 5.3 MEDIUM]

Information Disclosure Fast Tools
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-66607 MEDIUM This Month

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The response header contains an insecure setting. [CVSS 5.3 MEDIUM]

Information Disclosure Fast Tools
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-25598 MEDIUM This Month

Harden-Runner versions prior to 2.14.2 fail to log outbound network connections made through sendto, sendmsg, and sendmmsg socket calls when audit mode is enabled, allowing attackers to exfiltrate data from GitHub Actions runners without detection. This integrity bypass affects users relying on Harden-Runner's egress policy auditing for security monitoring. A patch is available in version 2.14.2 and later.

Github Harden Runner Red Hat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-66604 MEDIUM This Month

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The library version could be displayed on the web page. [CVSS 5.3 MEDIUM]

Information Disclosure Fast Tools
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-24027 MEDIUM This Month

Crafted zones can lead to increased incoming network traffic. [CVSS 5.3 MEDIUM]

Information Disclosure Recursor
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-0398 MEDIUM This Month

DNS recursive resolver denial-of-service via crafted zones and CNAME chain manipulation allows unauthenticated attackers to exhaust server resources and potentially poison the resolver's cache. The vulnerability affects Recursor instances exposed to untrusted DNS queries, enabling attackers to degrade performance or compromise DNS resolution integrity. No patch is currently available.

Denial Of Service Recursor
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-63354 MEDIUM This Month

Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter. The device fails to properly handle inputs, allowing an attacker to inject and execute JavaScript. [CVSS 4.8 MEDIUM]

XSS Hi3120 Firmware
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-25916 MEDIUM PATCH This Month

Roundcube Webmail versions before 1.5.13 and 1.6.x before 1.6.13 fail to block SVG feImage elements when the "Block remote images" security feature is enabled, allowing attackers to bypass the protection and load remote content. This remote image bypass could enable tracking, information disclosure, or facilitate phishing attacks against users who rely on this feature to prevent remote content loading. No patch is currently available for this medium-severity vulnerability.

Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-25934 MEDIUM PATCH This Month

Corrupted Git pack and index files are not properly validated in go-git versions before 5.16.5, allowing an attacker to supply malicious packfiles that bypass integrity checks and cause go-git to consume corrupted data. This can result in unexpected application errors and denial of service conditions for any system using the vulnerable go-git library to fetch or process Git repositories. The vulnerability requires user interaction to fetch from a malicious or compromised Git source.

Information Disclosure Go Git Red Hat Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy