Skip to main content
CVE-2026-25916 MEDIUM PATCH This Month

Roundcube Webmail versions before 1.5.13 and 1.6.x before 1.6.13 fail to block SVG feImage elements when the "Block remote images" security feature is enabled, allowing attackers to bypass the protection and load remote content. This remote image bypass could enable tracking, information disclosure, or facilitate phishing attacks against users who rely on this feature to prevent remote content loading. No patch is currently available for this medium-severity vulnerability.

Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-25934 MEDIUM PATCH This Month

Corrupted Git pack and index files are not properly validated in go-git versions before 5.16.5, allowing an attacker to supply malicious packfiles that bypass integrity checks and cause go-git to consume corrupted data. This can result in unexpected application errors and denial of service conditions for any system using the vulnerable go-git library to fetch or process Git repositories. The vulnerability requires user interaction to fetch from a malicious or compromised Git source.

Information Disclosure Go Git Red Hat Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-2215 LOW Monitor

A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRET_KEY results in use of default cryptographic key. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult...

Information Disclosure
NVD VulDB
CVSS 4.0
2.9
EPSS
0.0%
CVE-2026-2216 LOW Monitor

Path traversal in rachelos WeRSS plugin versions up to 1.4.8 allows authenticated remote attackers to access arbitrary files through manipulation of the filename parameter in the download_export_file function. Public exploit code exists for this vulnerability. The issue requires valid credentials but has a low complexity attack surface, affecting file confidentiality without requiring user interaction.

Path Traversal
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2245 LOW Monitor

A vulnerability was identified in CCExtractor versions up to 183. is affected by buffer overflow (CVSS 3.3).

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2246 LOW Monitor

A security vulnerability has been detected in AprilRobotics apriltag versions up to 3.4.5. is affected by buffer overflow (CVSS 3.3).

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-66600 Monitor

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product lacks HSTS (HTTP Strict Transport Security) configuration.

Information Disclosure
NVD
EPSS
0.1%
CVE-2025-66599 Monitor

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Physical paths could be displayed on web pages.

Information Disclosure
NVD
EPSS
0.1%
CVE-2026-24095 This Week

Improper permission enforcement in Checkmk versions 2.4.0 versions up to 2.4.0 is affected by missing authorization.

Authentication Bypass
NVD
EPSS
0.0%
CVE-2026-1960 This Week

Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes, via the 'Facebook' parameter in '/loggrodemo/jbrain/ConsultaTerceros' endpoint.

XSS
NVD
EPSS
0.0%
CVE-2026-1959 This Week

Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes, via the 'descripción' parameter in the '/loggrodemo/jbrain/MaestraCuentasBancarias' endpoint.

XSS
NVD
EPSS
0.0%
CVE-2025-7432 Monitor

DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. This may allow an attacker to eventually extract secret keys through a DPA attack.

Information Disclosure
NVD
EPSS
0.0%
CVE-2026-25740 This Week

captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings.

DNS Chrome
NVD GitHub
EPSS
0.0%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy