Skip to main content
CVE-2026-20133 MEDIUM POC KEV THREAT This Month

Insufficient filesystem access controls in Cisco Catalyst SD-WAN Manager expose sensitive operating system information to authenticated remote attackers through API access. An attacker with valid credentials can exploit this vulnerability to read confidential data from the underlying system without requiring user interaction. No patch is currently available for this medium-severity information disclosure vulnerability.

Cisco Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
Threat
4.3
CVE-2026-20122 MEDIUM POC KEV THREAT This Month

Catalyst Sd-Wan Manager contains a vulnerability that allows attackers to overwrite arbitrary files on the affected system and gain vmanage user priv (CVSS 5.4).

Cisco Information Disclosure
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
Threat
4.1
CVE-2026-25930 MEDIUM POC PATCH This Month

Openemr versions up to 8.0.0 is affected by authorization bypass through user-controlled key (CVSS 6.5).

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-25929 MEDIUM POC PATCH This Month

Openemr versions up to 8.0.0 is affected by authorization bypass through user-controlled key (CVSS 6.5).

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-25220 MEDIUM POC PATCH This Month

OpenEMR versions prior to 8.0.0 allow any authenticated user to view all internal messages and notes from other users by exploiting insufficient authorization checks on the Message Center's `show_all` parameter. The vulnerability exists because the application does not verify administrator privileges before returning the complete message list, enabling unauthorized disclosure of sensitive medical communications. Public exploit code exists for this medium-severity information disclosure vulnerability.

PHP Openemr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-25127 MEDIUM POC PATCH This Month

OpenEMR versions prior to 8.0.0 fail to properly enforce permission checks, allowing authenticated users to access sensitive information belonging to other authorized users. The vulnerability requires valid credentials and network access but does not enable data modification or denial of service. Public exploit code exists and a patch is available in version 8.0.0 and later.

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-27598 MEDIUM POC PATCH This Month

Arbitrary file write in Dagu workflow engine up to version 1.16.7 allows authenticated users with DAG write permissions to place malicious YAML files anywhere on the filesystem due to insufficient name validation in the CreateNewDAG API endpoint. Since Dagu executes DAG files as shell commands, an attacker can achieve remote code execution by overwriting existing DAGs or configuration files. Public exploit code exists for this vulnerability, and a patch is available.

RCE Dagu Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-24487 MEDIUM POC PATCH This Month

OpenEMR versions prior to 8.0.0 contain an authorization bypass in the FHIR CareTeam endpoint that allows authenticated users with patient-scoped tokens to retrieve care team information for all patients rather than only their own, potentially exposing Protected Health Information across the entire system. The vulnerability exists because the service fails to enforce patient compartment filtering, and public exploit code is available. Security professionals should prioritize patching to version 8.0.0 or later to prevent unauthorized PHI disclosure.

Information Disclosure Openemr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-27015 MEDIUM POC PATCH This Month

Denial of service in FreeRDP prior to version 3.23.0 allows a malicious RDP server to crash the client application through a missing bounds check in smartcard packet handling. This vulnerability affects users who have explicitly enabled smartcard redirection, and public exploit code exists. The crash is triggered via assertion failure in builds with verbose assert checking enabled, which is the default configuration in FreeRDP 3.22.0.

Denial Of Service Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25124 MEDIUM POC PATCH This Month

OpenEMR prior to version 8.0.0 allows low-privileged users to export sensitive patient and medical data through the message_list.php report functionality due to missing access controls. The vulnerability affects receptionists and similar roles who can bypass authorization checks to extract entire message databases containing confidential information. Public exploit code exists for this issue, though a patch is available in version 8.0.0 and later.

PHP CSRF Openemr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27611 MEDIUM POC PATCH GHSA This Month

FileBrowser Quantum versions prior to 1.1.3-stable and 1.2.6-beta expose a password bypass vulnerability in shared files, allowing unauthenticated recipients to download protected content by accessing the direct download link embedded in share details. An attacker possessing only the share link can retrieve files without providing the intended password, completely circumventing access controls. Public exploit code exists for this vulnerability, and patches are available in the patched versions.

Information Disclosure Filebrowser Quantum Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24896 MEDIUM POC PATCH This Month

OpenEMR versions before 8.0.0 contain an improper access control flaw in the edih_main.php endpoint that allows any authenticated user, including low-privilege accounts like Receptionists, to retrieve sensitive EDI log files by manipulating the log_select parameter. The vulnerability bypasses role-based access controls that should restrict access through the GUI, enabling unauthorized disclosure of system logs. Public exploit code exists for this issue, which is fixed in version 8.0.0.

PHP Openemr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27691 MEDIUM POC PATCH This Month

iccDEV provides a set of libraries and tools for working with ICC color management profiles. [CVSS 6.2 MEDIUM]

Integer Overflow Denial Of Service Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-24847 MEDIUM POC PATCH This Month

Openemr versions up to 8.0.0 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).

Open Redirect Openemr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-25736 MEDIUM POC PATCH This Month

Stored XSS in Rucio's WebUI Custom RSE Attribute field allows authenticated attackers to inject malicious JavaScript that persists in the backend and executes for any user viewing affected pages, potentially leading to session hijacking or unauthorized actions. Public exploit code exists for this vulnerability, which affects Rucio versions prior to 35.8.3, 38.5.4, and 39.3.1. No patch is currently available for all affected versions.

XSS Rucio
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-25735 MEDIUM POC PATCH This Month

Stored XSS in Rucio's WebUI Identity Name field allows authenticated attackers to inject malicious scripts that execute in users' browsers, enabling session hijacking or unauthorized actions. The vulnerability affects versions prior to 35.8.3, 38.5.4, and 39.3.1, and public exploit code exists. Administrators should upgrade immediately as no patch availability timeline has been announced for unpatched versions.

XSS Rucio
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-25734 MEDIUM POC PATCH This Month

Stored XSS in Rucio's WebUI RSE metadata allows authenticated attackers to inject malicious scripts that execute in users' browsers when viewing affected pages, potentially leading to session hijacking or unauthorized actions. The vulnerability affects Rucio versions prior to 35.8.3, 38.5.4, and 39.3.1, and public exploit code exists. A security update is available in the patched versions listed above.

XSS Rucio
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-27645 MEDIUM POC PATCH This Month

changedetection.io versions before 0.54.1 are vulnerable to reflected cross-site scripting (XSS) via the RSS endpoint, where user-supplied UUID parameters are rendered without HTML encoding in text/html responses, allowing attackers to execute arbitrary JavaScript in users' browsers. Public exploit code exists for this vulnerability. The issue affects Flask-based deployments and is resolved in version 0.54.1.

Flask Changedetection
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-27612 MEDIUM POC PATCH This Month

Reflected XSS in Repostat's RepoCard React component prior to version 1.0.1 allows attackers to execute arbitrary JavaScript in users' browsers when developers pass unsanitized input from URL parameters or other sources to the repo prop. The vulnerability stems from unsafe use of dangerouslySetInnerHTML without input validation, and public exploit code exists. Upgrading to version 1.0.1 or later eliminates the risk by removing dangerouslySetInnerHTML in favor of safe JSX data binding.

Github React XSS Repostat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-27116 MEDIUM POC This Month

Vikunja is an open-source self-hosted task management platform. [CVSS 6.1 MEDIUM]

XSS Vikunja Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-3135 MEDIUM POC This Month

SQL injection in itsourcecode News Portal Project 1.0 via the Category parameter in /admin/add-category.php allows unauthenticated remote attackers to manipulate database queries. Public exploit code is available for this vulnerability, and no patch has been released, leaving affected installations vulnerable to data exfiltration, modification, or deletion. The attack requires no user interaction and can be executed over the network with a CVSS score of 7.3.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3134 MEDIUM POC This Month

SQL injection in itsourcecode News Portal Project 1.0's category editing functionality allows unauthenticated remote attackers to manipulate the Category parameter and execute arbitrary SQL queries. Public exploit code is available for this vulnerability, increasing the likelihood of active exploitation. Currently, no patch is available to remediate this issue.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3133 MEDIUM POC This Month

SQL injection in itsourcecode Document Management System 1.0 login functionality allows unauthenticated remote attackers to manipulate the Username parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires only network access with no user interaction, enabling attackers to potentially read, modify, or delete sensitive data within the application.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3164 MEDIUM POC This Month

SQL injection in the News Portal Project 1.0 /admin/contactus.php endpoint allows unauthenticated remote attackers to manipulate the pagetitle parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could enable data theft, modification, or denial of service against affected installations.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3153 MEDIUM POC This Month

SQL injection in itsourcecode Document Management System 1.0 via the Username parameter in /register.php allows unauthenticated remote attackers to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems face potential data theft, modification, and denial of service through successful exploitation.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3152 MEDIUM POC This Month

SQL injection in itsourcecode College Management System 1.0 via the teacher_id parameter in /admin/teacher-salary.php enables unauthenticated remote attackers to execute arbitrary database queries and manipulate sensitive payroll data. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects confidentiality, integrity, and availability of the system.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3151 MEDIUM POC This Month

SQL injection in itsourcecode College Management System 1.0's login functionality allows remote attackers to manipulate the email parameter and execute arbitrary SQL queries without authentication. Public exploit code exists for this vulnerability, enabling immediate attack capability against unpatched systems. The flaw permits data disclosure, modification, and potential service disruption with a CVSS score of 7.3.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3148 MEDIUM POC This Month

Simple And Nice Shopping Cart Script versions up to 1.0 contains a security vulnerability (CVSS 7.3).

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-67491 MEDIUM POC PATCH This Month

OpenEMR is a free and open source electronic health records and medical practice management application. Versions 5.0.0.5 through 7.0.3.4 have a stored cross-site scripting vulnerability in the ub04 helper of the billing interface. [CVSS 5.4 MEDIUM]

XSS Openemr
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-27621 MEDIUM POC PATCH This Month

Stored XSS in TypiCMS prior to version 16.1.7 allows authenticated users to upload malicious SVG files that execute JavaScript in administrators' browsers, compromising their sessions through unsanitized file content. Public exploit code exists for this vulnerability affecting Laravel-based TypiCMS installations. The flaw stems from insufficient validation of SVG file contents despite MIME type checks being present.

Laravel XSS Typicms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27951 MEDIUM POC PATCH This Month

An integer overflow in FreeRDP's Stream_EnsureCapacity function prior to version 3.23.0 can trigger an endless blocking loop, causing denial of service on affected client and server implementations. This vulnerability primarily impacts 32-bit systems with sufficient physical memory and has public exploit code available. Administrators should upgrade to FreeRDP 3.23.0 or later to remediate this issue.

Integer Overflow Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-25138 MEDIUM POC PATCH This Month

Rucio's WebUI login endpoint prior to versions 35.8.3, 38.5.4, and 39.3.1 discloses whether usernames exist through differential error messages, enabling unauthenticated attackers to enumerate valid accounts. Public exploit code exists for this username enumeration vulnerability. The issue affects all unpatched Rucio installations and requires upgrading to the fixed versions.

Information Disclosure Rucio
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3185 MEDIUM POC PATCH This Month

Authorization bypass in Sz Boot Parent up to version 1.3.2-beta allows unauthenticated remote attackers to access arbitrary messages through manipulation of the messageId parameter in the /api/admin/sys-message/ endpoint. Public exploit code exists for this vulnerability, enabling attackers to query messages beyond their authorization scope. Upgrade to version 1.3.3-beta or later to remediate, which implements message ownership verification.

Authentication Bypass Sz Boot Parent
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3145 MEDIUM POC PATCH This Month

Memory corruption in libvips up to version 8.18.0 affects the matrix file loading functionality, allowing local attackers with user privileges to corrupt memory through crafted input files. Public exploit code is available for this vulnerability, and a patch has been released to remediate the issue.

Memory Corruption Libvips
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-68277 MEDIUM POC PATCH This Month

Openemr versions up to 7.0.4 is affected by user interface (ui) misrepresentation of critical information (CVSS 5.0).

Information Disclosure Openemr
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-25743 MEDIUM POC PATCH This Month

Stored XSS in OpenEMR prior to version 8.0.0 allows authenticated users with "Forms administration" role to inject malicious JavaScript into patient encounter forms, which executes when other users with the same role view the affected data. Public exploit code exists for this vulnerability. The issue is resolved in version 8.0.0.

XSS Openemr
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2026-3201 MEDIUM POC PATCH This Month

Wireshark 4.6.0-4.6.3 and 4.4.0-4.4.13 can be crashed through memory exhaustion in the USB HID protocol dissector when processing malformed packets. A local attacker with the ability to trigger packet analysis can cause a denial of service condition, and public exploit code exists for this vulnerability. No patch is currently available.

Denial Of Service Wireshark Red Hat Suse
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-25941 MEDIUM POC PATCH This Month

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 4.3 MEDIUM]

Denial Of Service Information Disclosure Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-20099 MEDIUM This Month

Insufficient input validation in Cisco FXOS and UCS Manager web interfaces enables authenticated administrators to inject arbitrary commands and achieve root-level code execution on affected systems. The vulnerability requires local access and valid admin credentials, allowing privileged attackers to bypass normal OS restrictions. No patch is currently available, and the lack of input sanitization on command arguments represents a critical privilege escalation vector for insider threats.

Cisco Command Injection
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2026-27794 MEDIUM PATCH This Month

Remote code execution in LangGraph's caching layer affects applications that explicitly enable cache backends inheriting from BaseCache with nodes opted into caching via CachePolicy. An attacker can exploit unsafe deserialization through pickle when msgpack serialization fails, allowing arbitrary code execution on affected systems. This vulnerability requires explicit cache configuration and does not affect default deployments.

Redis RCE SQLi Deserialization AI / ML +1
NVD GitHub
CVSS 3.1
6.6
EPSS
0.3%
CVE-2026-20036 MEDIUM This Month

Cisco UCS Manager's CLI and web management interfaces are vulnerable to OS command injection when authenticated administrators submit specially crafted input due to inadequate argument validation. An attacker with valid admin credentials can exploit this to execute arbitrary commands as root on the affected device. No patch is currently available for this vulnerability.

Cisco
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-3100 MEDIUM This Month

Man-in-the-middle attacks in TLS/SSL certificate verification for FTPES/FTPS connections in ADM 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.2.RE51 allow remote attackers to intercept and modify backup data and authentication credentials without patching available. The FTP Backup feature fails to properly validate certificates, enabling network traffic interception and credential compromise during secure file transfers. Affected organizations should implement network segmentation or disable FTPES/FTPS backup functionality until patches become available.

TLS Data Master
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-3525 MEDIUM This Month

Gitlab versions up to 18.7.5 is affected by allocation of resources without limits or throttling (CVSS 6.5).

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3118 MEDIUM This Month

Denial of Service in Red Hat Developer Hub's Orchestrator Plugin allows authenticated users to crash the entire Backstage application through malformed GraphQL queries due to insufficient input validation. An attacker can leverage this to temporarily disable platform access for all legitimate users. No patch is currently available to address this vulnerability.

Red Hat Denial Of Service SQLi
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-2845 MEDIUM This Month

Gitlab versions up to 18.7.5 is affected by allocation of resources without limits or throttling (CVSS 6.5).

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27705 MEDIUM PATCH This Month

Plane prior to version 1.2.2 allows authenticated users to modify project assets across any workspace by directly referencing asset IDs, as the asset lookup fails to verify workspace and project ownership. An attacker with guest-level credentials can enumerate asset UUIDs and alter asset attributes and upload status without authorization. The vulnerability has been patched in version 1.2.2.

Authentication Bypass Plane
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-2367 MEDIUM This Month

Secure Copy Content Protection and Content Locking (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-1614 MEDIUM This Month

Stored XSS in Rise Blocks WordPress plugin versions up to 3.7 allows authenticated contributors and above to inject malicious scripts into pages through the logoTag Site Identity block attribute due to inadequate input sanitization. The injected scripts execute in the browsers of all users who access the compromised pages, potentially leading to credential theft, session hijacking, or malware distribution. No patch is currently available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-22721 MEDIUM PATCH This Month

Privilege escalation in VMware Aria Operations allows authenticated users with vCenter access to escalate their privileges to administrative level within Aria Operations. The vulnerability affects multiple Broadcom products including Telco Cloud Platform, Aria Operations, and Cloud Foundation, requiring administrative intervention but no user interaction to exploit. Patches are available through VMSA-2026-0001.

VMware Broadcom Privilege Escalation Telco Cloud Platform Aria Operations +2
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2026-27846 MEDIUM This Month

Missing authentication in the mesh network functionality of Netgear MR9600 (1.0.4.205530) and MX4200 (1.0.13.210200) allows an attacker with physical device access to add unauthorized mesh devices and extract sensitive credentials including admin passwords and Wi-Fi keys. The vulnerability requires no user interaction and affects the confidentiality of authentication materials stored on the device. No patch is currently available for this issue.

Authentication Bypass
NVD
CVSS 3.1
6.2
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy