Skip to main content
CVE-2026-2026 MEDIUM This Month

Nessus Agent on Windows systems contains improper file permission controls that allow local authenticated users to trigger denial of service attacks against the agent process. The vulnerability requires local access with standard user privileges and could disrupt security monitoring capabilities on affected hosts. No patch is currently available for this issue.

Windows Denial Of Service Nessus Agent
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-1790 MEDIUM This Month

Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain elevated privileges on the affected system.

Privilege Escalation Microsoft
NVD
CVSS 4.0
5.8
EPSS
0.0%
CVE-2026-26269 MEDIUM PATCH This Month

Stack buffer overflow in Vim's NetBeans integration allows a malicious NetBeans server to corrupt memory and potentially crash the editor or execute arbitrary code through a specially crafted specialKeys command. The vulnerability affects Vim builds with NetBeans support enabled and requires user interaction to connect to a compromised server. A patch is available in Vim version 9.1.2148 and later.

Buffer Overflow Vim Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-2443 MEDIUM PATCH This Month

libsoup's improper validation of HTTP Range headers enables remote attackers to read sensitive server memory when processing specially crafted requests against vulnerable SoupServer instances. The flaw affects GNOME-based systems using certain build configurations and requires no authentication or user interaction. No patch is currently available, and exploitation likelihood remains low at 0.1% EPSS.

Buffer Overflow Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-26226 MEDIUM PATCH This Month

beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting (XSS) when rendering attacker-controlled Mermaid diagrams.

XSS
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-15520 MEDIUM This Month

The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above. [CVSS 4.3 MEDIUM]

WordPress PHP
NVD WPScan
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22892 MEDIUM PATCH This Month

Mattermost versions 11.1.2, 10.11.9, and 11.2.1 and earlier fail to properly enforce access controls in the Jira plugin's /create-issue API endpoint, allowing authenticated users to read restricted post content and attachments from channels they cannot access by referencing post IDs. An attacker with Jira plugin access can exploit this to enumerate and exfiltrate sensitive information from private or restricted channels. No patch is currently available for affected versions.

Jira Mattermost Server Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-20796 LOW PATCH Monitor

Mattermost versions 10.11.x <= 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /common_teams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549 [CVSS 3.1 LOW]

Race Condition Mattermost Server
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-9292 LOW Monitor

A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface.

Information Disclosure Cors Misconfiguration
NVD
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-1578 This Week

HP App for Android is potentially vulnerable to cross-site scripting (XSS) when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities.

Android XSS
NVD
EPSS
0.0%
CVE-2026-0872 Monitor

Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2.

Windows
NVD
EPSS
0.0%
CVE-2026-1721 PATCH This Week

Summary A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler.

Github XSS
NVD GitHub
EPSS
0.0%
CVE-2024-21961 This Week

Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack against the host resulting in loss of availability.

Denial Of Service
NVD
EPSS
0.0%
CVE-2025-68128 Awaiting Data

Rejected reason: reserved but not needed. No vendor patch available.

Information Disclosure
NVD
CVE-2025-68127 Awaiting Data

Rejected reason: reserved but not needed. No vendor patch available.

Information Disclosure
NVD
CVE-2025-68126 Awaiting Data

Rejected reason: reserved but not needed. No vendor patch available.

Information Disclosure
NVD
CVE-2025-68125 Awaiting Data

Rejected reason: reserved but not needed. No vendor patch available.

Information Disclosure
NVD
CVE-2025-68124 Awaiting Data

Rejected reason: reserved but not needed. No vendor patch available.

Information Disclosure
NVD
CVE-2025-58184 Awaiting Data

Rejected reason: reserved but not needed. No vendor patch available.

Information Disclosure
NVD
CVE-2025-58182 Awaiting Data

Rejected reason: reserved but not needed. No vendor patch available.

Information Disclosure
NVD
CVE-2025-47915 Awaiting Data

Rejected reason: reserved but not needed. No vendor patch available.

Information Disclosure
NVD
CVE-2024-34157 Awaiting Data

Rejected reason: reserved but not needed. No vendor patch available.

Information Disclosure
NVD
CVE-2024-34154 Awaiting Data

Rejected reason: reserved but not needed. No vendor patch available.

Information Disclosure
NVD
CVE-2025-36552 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Information Disclosure
NVD
CVE-2025-36545 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Information Disclosure
NVD
CVE-2025-36542 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Information Disclosure
NVD
CVE-2025-36538 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Information Disclosure
NVD
CVE-2025-36534 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Linux Denial Of Service
NVD
CVE-2025-36532 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Information Disclosure
NVD
CVE-2025-36526 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Information Disclosure
NVD
CVE-2025-36524 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Information Disclosure
NVD
CVE-2025-36523 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Denial Of Service
NVD
CVE-2025-36517 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Information Disclosure
NVD
CVE-2025-35997 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Information Disclosure
NVD
CVE-2025-35993 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Information Disclosure
NVD
CVE-2025-35976 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Information Disclosure
NVD
CVE-2025-35962 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Information Disclosure
NVD
CVE-2025-35961 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Information Disclosure
NVD
CVE-2025-35960 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Denial Of Service
NVD
CVE-2025-32734 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Denial Of Service
NVD
CVE-2025-32733 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Information Disclosure
NVD
CVE-2025-32090 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Information Disclosure
NVD
CVE-2025-32085 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Information Disclosure
NVD
CVE-2025-32082 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Denial Of Service
NVD
CVE-2025-32009 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Denial Of Service
NVD
CVE-2025-31942 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Denial Of Service
NVD
CVE-2025-31364 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Information Disclosure
NVD
CVE-2025-31358 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Information Disclosure
NVD
CVE-2025-31145 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Information Disclosure
NVD
CVE-2025-30517 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Information Disclosure
NVD
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy