Skip to main content
CVE-2026-21525 MEDIUM KEV PATCH THREAT This Month

Windows Remote Access Connection Manager contains a null pointer dereference flaw affecting Windows 10 (versions 1809 and 21h2) and Windows 11 (version 23h2) that has been confirmed as actively exploited. A local attacker can trigger a denial of service condition without requiring authentication or user interaction. No patch is currently available for this vulnerability.

Null Pointer Dereference Denial Of Service Microsoft
NVD VulDB
CVSS 3.1
6.2
EPSS
3.4%
CVE-2026-26006 MEDIUM POC PATCH This Month

AutoGPT platform versions before 0.6.32 contain a regular expression denial of service vulnerability in the Code Extraction Block due to overlapping quantifiers that cause catastrophic backtracking when processing whitespace-heavy inputs. Authenticated attackers can exploit this by submitting malicious input with long sequences of spaces to trigger excessive regex processing, causing the service to become unavailable. Public exploit code exists for this vulnerability, and a patch is available in version 0.6.32 and later.

Denial Of Service AI / ML Autogpt Platform
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25805 MEDIUM POC This Month

Zed Editor versions prior to 0.219.4 fail to display tool invocation parameters during permission prompts or after execution, allowing attackers with high privileges to execute tools with malicious or unintended parameters without user awareness. Public exploit code exists for this vulnerability. The issue is resolved in version 0.219.4, which adds expandable tool call details for transparency.

Information Disclosure Zed
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2026-24885 MEDIUM POC PATCH This Month

Kanboard versions prior to 1.2.50 contain a CSRF vulnerability in the ProjectPermissionController that accepts text/plain content instead of enforcing application/json, enabling attackers to modify project user roles through malicious forms. An authenticated admin visiting a malicious website could be tricked into unknowingly changing role assignments, potentially granting unauthorized access to projects. Public exploit code exists for this vulnerability, though a patch is available in version 1.2.50 and later.

CSRF Kanboard
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-64157 MEDIUM CISA This Month

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration. [CVSS 6.7 MEDIUM]

Fortinet Authentication Bypass
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-25530 MEDIUM POC PATCH This Month

Kanboard versions up to 1.2.50 is affected by authorization bypass through user-controlled key (CVSS 4.3).

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-55018 MEDIUM CISA This Month

An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header [CVSS 5.8 MEDIUM]

Fortinet Request Smuggling Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-0651 MEDIUM This Month

TP-Link Tapo C260 v1 firmware contains a path traversal vulnerability in HTTPS GET request handling that allows local network attackers to probe filesystem paths and determine file existence without authentication. While the vulnerability does not permit file read, write, or code execution, it enables information disclosure about the device's filesystem structure to unauthenticated local users. No patch is currently available.

TP-Link Path Traversal RCE
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-25870 MEDIUM This Month

DoraCMS 3.1 and earlier allows unauthenticated attackers to perform server-side request forgery through the UEditor remote image fetch feature, which fails to validate or restrict destination URLs. An attacker can exploit this to force the server to make arbitrary HTTP/HTTPS requests to internal network resources, enabling internal reconnaissance and potential denial of service attacks.

SSRF Denial Of Service
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-20080 MEDIUM This Month

Null pointer dereference in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability within Ring 0: Kernel may allow a denial of service. Network adversary with an unauthenticated user combined with a high complexity attack may enable denial of service. [CVSS 6.8 MEDIUM]

Linux Null Pointer Dereference Denial Of Service
NVD VulDB
CVSS 3.1
6.8
EPSS
0.1%
CVE-2026-21522 MEDIUM PATCH This Month

Azure Compute Gallery contains a command injection vulnerability that enables authorized users to execute arbitrary commands with elevated privileges on local systems. The flaw requires high-level privileges to exploit and affects confidentiality, integrity, and availability of the target system. No patch is currently available.

Azure Command Injection Confcom
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-32452 MEDIUM This Month

Uncontrolled search path for some AI Playground before version 2.6.1 beta within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowl...

Privilege Escalation AI / ML
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20070 MEDIUM This Month

Improper conditions check for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege. [CVSS 6.7 MEDIUM]

Privilege Escalation
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-36522 MEDIUM This Month

Incorrect default permissions for some Intel(R) Chipset Software before version 10.1.20266.8668 or later. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with...

Privilege Escalation
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-31655 MEDIUM This Month

Incorrect default permissions for some Intel(R) Battery Life Diagnostic Tool within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. [CVSS 6.7 MEDIUM]

Privilege Escalation
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-35999 MEDIUM This Month

Incorrect permission assignment for critical resource for some System Firmware Update Utility (SysFwUpdt) for Intel(R) Server Boards and Intel(R) Server Systems Based before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result ...

Privilege Escalation
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20106 MEDIUM This Month

Uncontrolled search path in some software installer for some VTune(TM) Profiler software and Intel(R) oneAPI Base Toolkits before version 2025.0. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access w...

Privilege Escalation
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-36511 MEDIUM This Month

Incorrect default permissions for some Intel(R) Memory and Storage Tool before version 2.5.2 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special i...

Privilege Escalation
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-22849 MEDIUM This Month

Incorrect default permissions for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege. [CVSS 6.7 MEDIUM]

Privilege Escalation
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-21528 MEDIUM PATCH This Month

Azure IoT Explorer binds to unrestricted IP addresses, enabling unauthenticated remote attackers to intercept and disclose sensitive information over the network. This vulnerability affects Azure IoT deployments where the Explorer tool is exposed without proper network segmentation. No patch is currently available, making network isolation the primary mitigation strategy.

Azure IoT Azure Iot Explorer
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-21527 MEDIUM PATCH This Month

Microsoft Exchange Server is vulnerable to UI spoofing attacks that allow unauthenticated remote attackers to misrepresent critical information and deceive users. The vulnerability has a CVSS score of 6.5 and currently lacks an available patch, leaving affected systems exposed to social engineering and impersonation attacks. Organizations running Exchange Server should implement network-level protections and monitor for suspicious activity until a fix is released.

Microsoft Exchange Server Authentication Bypass
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-21512 MEDIUM PATCH This Month

Authenticated users of Azure and Azure DevOps Server can exploit a server-side request forgery vulnerability to perform network-based spoofing attacks. This MEDIUM severity issue (CVSS 6.5) requires valid credentials but allows attackers to manipulate the server into making unauthorized requests, potentially compromising confidentiality. No patch is currently available.

Azure SSRF Azure Devops Server
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-1602 MEDIUM This Month

Authenticated attackers can exploit SQL injection in Ivanti Endpoint Manager prior to version 2024 SU5 to extract sensitive data from the underlying database. This network-accessible vulnerability requires valid credentials but allows unauthorized information disclosure with no user interaction needed. No patch is currently available for affected systems.

Ivanti SQLi Endpoint Manager
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-23655 MEDIUM PATCH This Month

Confidential Sidecar Containers is affected by cleartext storage of sensitive information (CVSS 6.5).

Azure Confidential Sidecar Containers
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-25613 MEDIUM This Month

MongoDB server denial of service can be triggered by authenticated users querying collections with malformed compound wildcard indexes. An attacker with valid credentials can crash the MongoDB instance, disrupting availability for all users. No patch is currently available.

MongoDB
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25610 MEDIUM This Month

MongoDB server crashes when an authenticated user executes a $geoNear aggregation pipeline with malformed index hints, enabling denial of service attacks by any user with database access. This medium-severity vulnerability requires valid credentials and does not affect confidentiality or integrity, only availability. No patch is currently available.

Denial Of Service MongoDB
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-1850 MEDIUM This Month

MongoDB's Query Planner can be exhausted of available memory when processing specially crafted complex queries, leading to service denial through out-of-memory crashes. Authenticated users can trigger this condition without user interaction, affecting availability of MongoDB instances. No patch is currently available to address this vulnerability.

MongoDB Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-1849 MEDIUM This Month

MongoDB Server can be crashed via denial of service by authenticated users who craft expressions that generate deeply nested documents, exploiting missing recursion depth validation that causes out-of-memory failures. This vulnerability affects deployments where database access is granted to untrusted users and requires valid credentials to exploit. No patch is currently available.

MongoDB
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-1847 MEDIUM This Month

MongoDB replica set replication can be disrupted when oversized documents are inserted, preventing secondaries from synchronizing oplog entries with the primary and potentially causing server crashes. Authenticated users with write access can trigger this denial of service condition to destabilize replica set availability. No patch is currently available for this vulnerability.

Denial Of Service MongoDB
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-0653 MEDIUM This Month

Guest users on TP-Link Tapo C260 v1 cameras can modify protected device settings by exploiting inadequate access controls on synchronization endpoints. Authenticated attackers with limited privileges can bypass restrictions to change sensitive configuration parameters without authorization. No patch is currently available for this vulnerability.

TP-Link Authentication Bypass RCE Tapo C260 Firmware
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-32003 MEDIUM This Month

Out-of-bounds read in the firmware for some 100GbE Intel(R) Ethernet Network Adapter E810 before version cvl fw 1.7.6, cpk 1.3.7 within Ring 0: Bare Metal OS may allow a denial of service. [CVSS 6.5 MEDIUM]

Denial Of Service Intel Information Disclosure Buffer Overflow Ethernet Controller
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25612 MEDIUM This Month

MongoDB server's resource locking mechanism can cause unintended collisions between collections due to improper internal encoding, leading to service denial of availability. Authenticated users can trigger this condition to disrupt database operations across affected collections without requiring user interaction. No patch is currently available to remediate this vulnerability.

MongoDB
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-2303 MEDIUM PATCH This Month

The mongo-go-driver's GSSAPI authentication wrapper on Linux and macOS contains a heap buffer over-read vulnerability stemming from improper handling of non-null-terminated GSSAPI buffers, allowing authenticated attackers to read sensitive memory content. This vulnerability affects applications using Go-based MongoDB drivers with Kerberos authentication enabled and could lead to information disclosure of heap memory. No patch is currently available.

Linux macOS Golang Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-2302 MEDIUM This Month

Mongoid's Criteria.from_hash method in Ruby can execute arbitrary code when processing specially crafted Hash objects, allowing authenticated attackers to achieve remote code execution on systems using vulnerable versions. The vulnerability requires valid credentials and network access but no user interaction, making it exploitable in environments where untrusted users have application access. No patch is currently available.

Ruby
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-1495 MEDIUM This Month

Unprivileged users with Event Log Reader privileges can extract proxy server credentials and URLs from PI to CONNECT event logs, potentially enabling unauthorized proxy access. This local information disclosure affects systems where such log access is granted to low-privileged accounts. No patch is currently available.

Authentication Bypass Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24324 MEDIUM This Month

Businessobjects Business Intelligence Platform versions up to 430 contains a security vulnerability (CVSS 6.5).

SAP Denial Of Service Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-30508 MEDIUM This Month

Improper authorization in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. [CVSS 6.5 MEDIUM]

Linux Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-0484 MEDIUM This Month

Sap Basis versions up to 700 is affected by url redirection to untrusted site (open redirect) (CVSS 6.5).

SAP Sap Basis
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-0996 MEDIUM This Month

Stored cross-site scripting in the Fluent Forms WordPress plugin's AI Form Builder module (versions up to 6.1.14) enables authenticated subscribers to inject malicious scripts that execute for all users viewing affected forms through missing authorization checks, leaked nonces, and insufficient input sanitization of AI-generated content. An attacker with subscriber-level access can exploit this to perform actions on behalf of administrators or steal sensitive information from form viewers. The vulnerability affects WordPress installations using this plugin and has no patch currently available.

WordPress XSS AI / ML
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-1922 MEDIUM This Month

Stored cross-site scripting in The Events Calendar Shortcode & Block plugin for WordPress up to version 3.1.2 allows authenticated users with contributor-level access to inject malicious scripts through the `ecs-list-events` shortcode's `message` attribute due to inadequate input sanitization. When injected pages are accessed by other users, the malicious scripts execute in their browsers, potentially compromising session data or performing unauthorized actions. A patch is not currently available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-62439 MEDIUM CISA This Month

vulnerability in Fortinet FortiOS 7.6.0 versions up to 7.6.4 contains a vulnerability that allows attackers to an authenticated user with knowledge of FSSO policy configurations to gain unaut (CVSS 4.2).

Fortinet Authentication Bypass
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-24328 MEDIUM This Month

Business Server Pages versions up to 740 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).

SAP Business Server Pages
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-2098 MEDIUM This Month

Reflected XSS in AgentFlow enables unauthenticated attackers to inject malicious JavaScript that executes in victims' browsers during phishing campaigns, potentially compromising user sessions and data. The vulnerability affects the AI/ML platform with no patch currently available, requiring users to rely on defensive measures such as email filtering and user awareness training.

XSS AI / ML Agentflow
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-25956 MEDIUM PATCH This Month

Malicious signup URLs in Frappe versions prior to 14.99.14 and 15.94.0 can redirect users to attacker-controlled sites or execute reflected XSS payloads during the registration process. An attacker can craft a crafted signup link to trick users into visiting malicious destinations or having malicious scripts executed in their browsers. A patch is available in the fixed versions.

Open Redirect Frappe
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-0505 MEDIUM This Month

Unauthenticated attackers can manipulate unvalidated URL parameters in S4core, Document Management System, and ERP applications to redirect users to malicious websites, potentially compromising user credentials or distributing malware. The vulnerability requires user interaction to exploit and has limited impact on confidentiality and integrity, with no availability impact. No patch is currently available.

XSS S4core Document Management System Erp
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-24323 MEDIUM This Month

Document Management System versions up to 600 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).

Open Redirect S4core Document Management System Erp
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-27560 MEDIUM This Month

Loop with unreachable exit condition ('infinite loop') for some Intel(R) Platform within Ring 0: Kernel may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. [CVSS 6.0 MEDIUM]

Linux Denial Of Service
NVD VulDB
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-27243 MEDIUM This Month

Out-of-bounds write in the firmware for some Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. [CVSS 6.0 MEDIUM]

Denial Of Service Intel Memory Corruption Buffer Overflow Ethernet Controller
NVD VulDB
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-24851 MEDIUM This Month

Uncaught exception in the firmware for some 100GbE Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. [CVSS 6.0 MEDIUM]

Denial Of Service Intel Ethernet Controller
NVD VulDB
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-23684 MEDIUM This Month

Commerce Cloud versions up to 2205 contains a vulnerability that allows attackers to a cart entry being created with erroneous product value which could be checked o (CVSS 5.9).

SAP Race Condition Commerce Cloud
NVD
CVSS 3.1
5.9
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy