Skip to main content
CVE-2026-27933 MEDIUM POC This Month

Session hijacking in Manyfold prior to version 0.133.0 allows unauthenticated attackers to steal user session cookies through proxy cache leakage, potentially gaining unauthorized access to self-hosted 3D model collections. Public exploit code exists for this vulnerability, and no patch is currently available for affected versions. This attack requires user interaction and can result in complete account compromise without data modification capabilities.

Information Disclosure Manyfold
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-27711 MEDIUM POC This Month

NanaZip versions 5.0.1252.0 through 6.5.1637.0 contain an out-of-bounds memory access flaw in the UFS file parser that can be triggered by opening a malicious .ufs/.ufs2/.img archive file, potentially causing process crashes, hangs, or exploitable heap corruption. Local attackers can exploit this vulnerability through normal file-open operations without elevated privileges, and public exploit code is available. No patch is currently available for affected versions.

Memory Corruption Denial Of Service Nanazip
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-28207 MEDIUM POC This Month

Zen C is a systems programming language that compiles to human-readable GNU C/C11. [CVSS 6.6 MEDIUM]

Command Injection Zen C
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-27709 MEDIUM POC This Month

Out-of-bounds memory read in NanaZip versions 5.0.1252.0 through 6.0.1637.x allows local authenticated attackers to disclose in-process memory or trigger application crashes by crafting malicious .NET Single File Application bundles with malformed manifest headers. Public exploit code exists for this vulnerability, and patches are available in versions 6.0.1638.0 and 6.5.1638.0. The issue affects Dotnet and Nanazip products where a malicious user interaction with crafted archive files can bypass bounds checking during manifest parsing.

.NET Denial Of Service Nanazip
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-27943 MEDIUM POC PATCH This Month

Authenticated users in OpenEMR through version 8.0.0 can access and modify eye exam records belonging to other patients by manipulating form IDs, bypassing patient context validation. This allows disclosure or alteration of sensitive medical data across the patient database, and public exploit code exists for this vulnerability. A patch is available on the main branch of the OpenEMR repository.

Github Openemr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-27829 MEDIUM POC PATCH This Month

Astro web framework versions 9.0.0 through 9.5.3 fail to validate remote image domains when the inferSize option is enabled, allowing attackers to trigger server-side requests to arbitrary hosts and bypass configured image.domains and image.remotePatterns restrictions. An attacker controlling image URLs through CMS content or user input can exploit this to perform SSRF attacks or access unauthorized resources. Public exploit code exists for this vulnerability.

SSRF Astrojs Node
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28217 MEDIUM POC This Month

hoppscotch is an open source API development ecosystem. [CVSS 6.5 MEDIUM]

Authentication Bypass Hoppscotch
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28226 MEDIUM POC PATCH This Month

SQL injection in Phishing Club's GetOrphaned recipient endpoint allows authenticated attackers to manipulate ORDER BY clauses by injecting malicious SQL expressions through an unvalidated sortBy parameter. Public exploit code exists for this vulnerability, affecting versions prior to 1.30.2, where attackers can extract sensitive data despite the lack of direct integrity or availability impact. The vulnerability has been patched in v1.30.2 through implementation of column allowlist validation.

SQLi Phishing Club
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27837 MEDIUM POC PATCH This Month

Dottie versions 2.0.4 through 2.0.6 suffer from an incomplete prototype pollution fix that allows attackers to bypass validation by placing `__proto__` in non-first positions within dot-separated paths, affecting both `dottie.set()` and `dottie.transform()` functions. An attacker can exploit this to pollute object prototypes and achieve limited confidentiality, integrity, and availability impacts. Public exploit code exists and a patch is available in version 2.0.7.

Code Injection Dottie Red Hat
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-3263 MEDIUM POC This Month

Asp.Net-Core-Inventory-Order-Management-System versions up to 9.20250118. contains a security vulnerability (CVSS 6.3).

.NET Asp.Net Core Inventory Order Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-28208 MEDIUM POC PATCH This Month

Junrar versions prior to 7.5.8 contain a path traversal vulnerability in LocalFolderExtractor that allows attackers to write arbitrary files to the filesystem when processing malicious RAR archives on Linux/Unix systems. Public exploit code exists for this vulnerability, which can facilitate remote code execution through file overwrite attacks such as modifying shell profiles or cron jobs. Users should upgrade to version 7.5.8 or later to remediate this issue.

Linux Java RCE Path Traversal Junrar +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-27808 MEDIUM POC PATCH This Month

Mailpit versions prior to 1.29.2 contain a Server-Side Request Forgery vulnerability in the Link Check API that allows unauthenticated remote attackers to perform HTTP requests to arbitrary hosts, including internal and private IP addresses. The API fails to validate or filter target URLs and returns status codes for each link, enabling non-blind SSRF attacks. Public exploit code exists for this vulnerability, affecting deployments with default configuration.

SSRF Mailpit Suse
NVD GitHub
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-3261 MEDIUM POC This Month

SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /settings/index.php allows unauthenticated remote attackers to manipulate database queries and potentially read or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available. Organizations running affected versions should implement access controls or upgrade immediately to mitigate the risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-28225 MEDIUM POC This Month

Manyfold versions up to 0.133.1 is affected by authorization bypass through user-controlled key (CVSS 5.3).

Authentication Bypass Manyfold
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-27710 MEDIUM POC This Month

NanaZip versions 5.0.1252.0 through 6.5.1637.x contain an integer underflow in the .NET Single File Application parser that allows local attackers with user privileges to cause denial of service through unbounded memory allocation when opening a specially crafted archive file. Public exploit code exists for this vulnerability. Patches are available in versions 6.0.1638.0 and 6.5.1638.0.

.NET Integer Overflow Nanazip
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-27963 MEDIUM POC PATCH This Month

Stored XSS in Audiobookshelf prior to version 2.32.0 enables privileged users to inject malicious code into library metadata that executes in other users' browsers, potentially compromising sessions and enabling data theft. Public exploit code exists for this vulnerability. A patch is available in version 2.32.0 and later.

XSS Audiobookshelf
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-27839 MEDIUM POC PATCH This Month

Wger versions up to 2.4 allow authenticated users to access other users' private nutrition plans through insecure direct object references in the nutritional_values endpoints, exposing sensitive dietary data including caloric intake and macronutrient breakdowns. The vulnerability stems from bypassing user-scoped querysets via direct primary key lookups, and public exploit code is available.

Authentication Bypass Wger
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-27835 MEDIUM POC PATCH This Month

Wger versions up to 2.4 expose all users' repetition configuration data to any authenticated attacker due to missing authorization checks in the RepetitionsConfigViewSet and MaxRepetitionsConfigViewSet endpoints. A registered user can enumerate the complete workout structures of all other users on the platform. Public exploit code exists for this vulnerability, and a patch is available.

Authentication Bypass Wger
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-23939 MEDIUM This Month

Path traversal in hexpm's Local Storage backend allows unauthenticated attackers to read sensitive files through relative path manipulation in the file storage routines. Only self-hosted hexpm deployments using Local Storage are affected; the managed hex.pm service is not vulnerable. An attacker can access arbitrary files accessible to the hexpm process without authentication or user interaction.

Path Traversal Hexpm
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-26935 MEDIUM This Month

Kibana's Content Connectors search endpoint fails to properly validate user input, allowing authenticated attackers to trigger a denial of service condition through crafted request data. This medium-severity vulnerability affects systems where users have login credentials and can be exploited without user interaction.

Denial Of Service Kibana
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-26077 MEDIUM This Month

Unauthenticated attackers can submit forged webhook payloads to multiple email provider integrations in Discourse versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 when authentication tokens are not configured, allowing them to artificially inflate user bounce scores and disable legitimate user accounts. The vulnerability affects webhook endpoints for SendGrid, Mailjet, Mandrill, Postmark, and SparkPost, with Mailpace having no token validation whatsoever. Administrators should immediately configure webhook authentication tokens for all email provider integrations as a workaround until patching is available.

Authentication Bypass Discourse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-26934 MEDIUM This Month

Kibana contains a vulnerability that allows attackers to an authenticated attacker with view-only privileges to cause a Denial of Service (CVSS 6.5).

Denial Of Service Kibana
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-26937 MEDIUM This Month

Kibana's Timelion component is vulnerable to denial of service through uncontrolled resource consumption when processing malicious input data, affecting authenticated users with network access to the application. An attacker with valid credentials can manipulate input to exhaust system resources and render the service unavailable. No patch is currently available for this vulnerability.

Denial Of Service Kibana
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27465 MEDIUM PATCH This Month

Fleet versions up to 4.80.1 contains a vulnerability that allows attackers to unauthorized access to Google Calendar resources associated with the service acc (CVSS 6.5).

Privilege Escalation Fleet Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27945 MEDIUM PATCH This Month

Server-Side Request Forgery in Zitadel's Action V2 webhook feature allows unauthenticated attackers to probe internal network services and gather information about internal infrastructure by crafting malicious webhook target URLs pointing to localhost or private IP addresses. The vulnerability affects Zitadel versions 4.0.0 through 4.11.0, with schema validation providing limited mitigation. No patch is currently available.

SSRF Zitadel Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25963 MEDIUM PATCH This Month

Fleet device management software versions before 4.80.1 contain an authorization bypass in the certificate template deletion API that allows team administrators to delete certificate templates belonging to other teams. The vulnerability stems from insufficient validation of template ownership during batch deletion operations, enabling cross-team resource destruction that could disrupt certificate-dependent functions like device enrollment and VPN access. A patch is not yet available as of this CVE publication.

Privilege Escalation Fleet Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28131 MEDIUM This Month

WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder contains a security vulnerability (CVSS 6.5).

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28083 MEDIUM This Month

Stored cross-site scripting in UX-themes Flatsome version 3.20.1 and earlier enables authenticated attackers to inject malicious scripts that execute in other users' browsers, potentially compromising session data or performing unauthorized actions. The vulnerability requires user interaction to trigger the stored payload, and no patch is currently available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27946 MEDIUM PATCH GHSA This Month

Zitadel versions prior to 4.11.1 and 3.4.7 permit authenticated users to bypass email and phone verification procedures through the self-management feature, allowing them to mark contact information as verified without completing actual validation. This integrity bypass enables account compromise scenarios where attackers with valid credentials can impersonate other users or escalate privileges by falsifying verified contact details. No patch is currently available for affected deployments, though implementing action rules (v2) can mitigate the risk.

Authentication Bypass Zitadel Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27149 MEDIUM This Month

SQL injection in Discourse's private message tag filtering allows authenticated users to bypass tag restrictions and read unauthorized private message metadata. Affected versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 expose sensitive conversation information to users who should not have access. No patch workaround exists for unpatched installations.

SQLi Discourse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27954 MEDIUM This Month

Live Helper Chat is an open-source application that enables live support websites. [CVSS 6.5 MEDIUM]

PHP Privilege Escalation Live Helper Chat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27735 MEDIUM PATCH This Month

Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2026.1.14, the git_add tool did not validate that file paths provided in the files argument were within the repository boundaries.

Path Traversal Model Context Protocol Servers
NVD GitHub
CVSS 4.0
6.4
EPSS
0.1%
CVE-2026-2029 MEDIUM This Month

Livemesh Addons for Beaver Builder (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-26227 MEDIUM This Month

VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password (OTP) verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockout within the OTP validity window, allowing an attacker with network reachability to the server to repeatedly attempt OTP verification until a valid user_session cookie is issued. Successful exploita...

Authentication Bypass Google
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-23747 MEDIUM This Month

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The golioth_payload_as_int() and golioth_payload_as_float() helpers copy network-supplied payload data into fixed-size stack buffers using memcpy() with a length derived from payload_size. The only length checks are guarded by assert(); in release builds, the asserts are compiled out and memcpy() may copy an unbounded payload_size. Payloads larger than 12 bytes...

Buffer Overflow Stack Overflow Denial Of Service
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-23748 MEDIUM This Month

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit d7f55b38, contain an out-of-bounds read in LightDB State string parsing. When processing a string payload, a payload_size value less than 2 can cause a size_t underflow when computing the number of bytes to copy (nbytes). The subsequent memcpy() reads past the end of the network buffer, which can crash the device. The condition is reachable from on_payload, and golioth_payload_is_null() does not block payload_size==1. A mali...

Denial Of Service Buffer Overflow Integer Overflow
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-2506 MEDIUM This Month

Stored cross-site scripting in the EM Cost Calculator WordPress plugin up to version 2.3.1 allows unauthenticated attackers to inject malicious scripts through the customer name field, which execute when administrators access the customer list. An attacker can exploit this to steal admin credentials or perform unauthorized actions within the WordPress environment. No patch is currently available for this vulnerability.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-2680 MEDIUM This Month

A3factura's sales delivery notes endpoint is vulnerable to reflected XSS through the customerVATNumber parameter, enabling attackers to execute arbitrary JavaScript in users' browsers via malicious links. The vulnerability requires user interaction and affects the confidentiality and integrity of victim sessions, with no patch currently available. The attack has low complexity and can impact multiple users if the vulnerable parameter is exploited in phishing or watering hole scenarios.

XSS A3factura
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-2679 MEDIUM This Month

A3factura's sales invoice endpoint is vulnerable to reflected XSS through the customerName parameter, enabling attackers to execute arbitrary JavaScript in users' browsers via a crafted link. This requires user interaction to trigger but affects all A3factura users on the vulnerable platform. No patch is currently available.

XSS A3factura
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-2678 MEDIUM This Month

Reflected XSS in the A3factura customer management interface allows unauthenticated attackers to inject malicious scripts through the name parameter, potentially enabling session hijacking or credential theft when victims click a crafted link. The vulnerability requires user interaction and affects the web application at wolterskluwer.es, with no patch currently available.

XSS A3factura
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-2677 MEDIUM This Month

A3factura's representatives management endpoint contains a reflected XSS vulnerability in the 'name' parameter that enables attackers to inject and execute arbitrary JavaScript in users' browsers through a crafted URL. An attacker can exploit this via social engineering to steal session tokens, manipulate account data, or perform unauthorized actions on behalf of the victim. Currently no patch is available for this medium-severity vulnerability affecting the Wolters Kluwer A3factura platform.

XSS A3factura
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-27901 MEDIUM PATCH This Month

Svelte versions prior to 5.53.5 fail to properly escape text bindings on contenteditable elements, allowing attackers to inject malicious HTML and execute arbitrary scripts when the application renders untrusted data as initial binding values during server-side rendering. This affects applications that use `bind:innerText` or `bind:textContent` with user-controlled input. A patch is available in version 5.53.5.

XSS Svelte Red Hat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-27154 MEDIUM This Month

Stored cross-site scripting in Discourse allows attackers to inject malicious HTML through user full names when specific display settings are enabled, which executes in the browsers of users viewing or editing affected posts. The vulnerability requires the `display_name_on_posts` setting to be true and `prioritize_username_in_ux` to be false, potentially affecting installations with these configurations. No patch is currently available, and users should disable the vulnerable display settings or upgrade to patched versions 2025.12.2, 2026.1.1, or 2026.2.0.

XSS Discourse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-28280 MEDIUM PATCH This Month

Stored XSS in osctrl-admin prior to version 0.5.0 allows low-privileged users with query permissions to inject malicious JavaScript into the on-demand query list, affecting all users who view the page. An attacker can exploit this vulnerability to steal CSRF tokens and impersonate other users, potentially compromising the entire platform if an administrator is compromised. A patch is available in version 0.5.0.

XSS CSRF Osctrl Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-22722 MEDIUM This Month

Null pointer dereference in Windows allows authenticated local users to cause a denial of service condition with potential system instability. An attacker with valid user credentials can trigger this memory safety issue to crash affected processes or degrade system availability. No patch is currently available for this vulnerability.

Windows Null Pointer Dereference
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-28269 MEDIUM This Month

Kiteworks versions prior to 9.2.0 suffer from a command injection vulnerability that permits authenticated users to redirect command output to arbitrary file locations, potentially enabling overwriting of critical system files and privilege escalation. The vulnerability requires high privileges and manual user interaction to exploit, resulting in a medium severity rating with limited real-world exploitation likelihood (EPSS 0.1%). No patch is currently available for affected installations.

Command Injection Kiteworks
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-22715 MEDIUM This Month

VMWare Workstation and Fusion contain a logic flaw in the management of network packets. Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's. [CVSS 5.9 MEDIUM]

VMware
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-28230 MEDIUM PATCH This Month

SteVe is an open-source EV charging station management system. [CVSS 6.3 MEDIUM]

Authentication Bypass Steve
NVD GitHub
CVSS 4.0
5.7
EPSS
0.0%
CVE-2026-26932 MEDIUM This Month

Packetbeat's PostgreSQL protocol parser improperly validates array indices, allowing authenticated attackers on the same network to crash the monitoring service by sending malicious packets. An attacker exploiting this denial-of-service vulnerability can terminate the Packetbeat process, disrupting monitoring capabilities on systems with PostgreSQL protocol monitoring enabled. No patch is currently available.

Golang PostgreSQL Denial Of Service Packetbeat
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-23999 MEDIUM PATCH This Month

Fleet's device lock and wipe PIN generation relies on predictable timestamps without additional entropy, allowing attackers with physical access to a locked device and knowledge of the approximate lock time to brute-force the 6-digit PIN within a limited search window. This vulnerability affects Fleet versions prior to 4.80.1 and requires local access and timing knowledge to exploit. No patch is currently available.

Authentication Bypass Fleet Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy