Skip to main content
CVE-2026-2323 MEDIUM PATCH This Month

Chrome versions up to 145.0.7632.45 is affected by user interface (ui) misrepresentation of critical information (CVSS 4.3).

Google Chrome Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-1215 MEDIUM This Month

The MMA Call Tracking WordPress plugin through version 2.3.15 lacks proper CSRF protection on its admin configuration page, allowing attackers to modify call tracking settings by tricking site administrators into clicking malicious links. An unauthenticated attacker can alter plugin configurations without authorization through forged requests. No patch is currently available for this vulnerability.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-26019 MEDIUM PATCH This Month

RecursiveUrlLoader in LangChain Community prior to 1.1.14 uses weak string-based URL validation that allows attackers to bypass the preventOutside crawling restriction by crafting domains with matching prefixes, potentially exposing the crawler to malicious or internal infrastructure endpoints. An attacker controlling a crawled webpage could inject links to cloud metadata services or private IP ranges, which the crawler would follow without validation, leading to information disclosure.

SSRF AI / ML Langchain Community Langchain Red Hat
NVD GitHub
CVSS 3.1
4.1
EPSS
0.0%
CVE-2025-14592 LOW Monitor

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API endpoint. [CVSS 3.7 LOW]

Gitlab
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-2345 LOW Monitor

Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. [CVSS 3.6 LOW]

CSRF Chrome
NVD
CVSS 3.1
3.6
EPSS
0.0%
CVE-2026-1282 LOW Monitor

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles. [CVSS 3.5 LOW]

Gitlab
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-14594 LOW Monitor

Gitlab versions up to 18.6.6 is affected by authorization bypass through user-controlled key (CVSS 3.5).

Gitlab
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-20681 LOW Monitor

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. [CVSS 3.3 LOW]

Apple macOS
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-20646 LOW Monitor

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.3. [CVSS 3.3 LOW]

Apple macOS
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-20601 LOW Monitor

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. [CVSS 3.3 LOW]

Apple macOS
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-20656 LOW Monitor

A logic issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, Safari 26.3, macOS Tahoe 26.3. [CVSS 3.3 LOW]

Apple Authentication Bypass
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-20663 LOW Monitor

The issue was resolved by sanitizing logging. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. [CVSS 3.3 LOW]

Apple Information Disclosure
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-20671 LOW Monitor

A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. [CVSS 3.1 LOW]

Apple Command Injection
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-20642 LOW Monitor

An input validation issue was addressed. This issue is fixed in iOS 26.3 and iPadOS 26.3. [CVSS 2.4 LOW]

Apple iOS
NVD
CVSS 3.1
2.4
EPSS
0.0%
CVE-2025-12474 LOW Monitor

A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches.

Information Disclosure Libjxl
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-2337 This Week

A vulnerability in Plunet Plunet BusinessManager allows session hijacking, data theft, unauthorized actions on behalf of the user.This issue affects Plunet BusinessManager: 10.15.1.

XSS
NVD
EPSS
0.1%
CVE-2026-2344 This Week

A vulnerability in Plunet Plunet BusinessManager allows unauthorized actions being performed on behalf of privileged users.This issue affects Plunet BusinessManager: 10.15.1

XSS
NVD
EPSS
0.1%
CVE-2026-1226 This Week

CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file.

Industrial
NVD
EPSS
0.0%
CVE-2026-1227 This Week

CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions when a local user uploads a specially crafted TGML graphics file to the EBO server from Workstation.

Industrial XXE Denial Of Service
NVD
EPSS
0.0%
CVE-2026-0229 Monitor

A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet.

Paloalto DNS
NVD
EPSS
0.0%
CVE-2025-48518 This Week

Improper input validation in AMD Graphics Driver could allow a local attacker to write out of bounds, potentially resulting in loss of integrity or denial of service.

Industrial Denial Of Service
NVD
EPSS
0.0%
CVE-2024-36320 This Week

Integer Overflow within atihdwt6.sys can allow a local attacker to cause out of bound read/write potentially leading to loss of confidentiality, integrity and availability

Integer Overflow
NVD
EPSS
0.0%
CVE-2026-0228 CERT-EU Monitor

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.

Paloalto Windows
NVD
EPSS
0.0%
CVE-2023-20514 Monitor

Improper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker to pass an arbitrary memory value to functions in the trusted execution environment resulting in arbitrary code execution

RCE
NVD
EPSS
0.0%
CVE-2025-61969 Monitor

Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Privilege Escalation RCE
NVD
EPSS
0.0%
Prev Page 7 of 7

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy