Skip to main content
CVE-2026-3401 LOW POC Monitor

Web-Based Pharmacy Product Management System versions up to 1.0 is affected by insufficient session expiration (CVSS 3.1).

Information Disclosure Web Based Pharmacy Product Management System
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.1%
CVE-2026-28360 MEDIUM PATCH This Month

NocoDB versions prior to 0.301.3 store shared view passwords in plaintext and validate them using simple string comparison, allowing attackers with database access to trivially recover authentication credentials. This affects all users relying on shared view password protection for access control. No patch is currently available for affected deployments.

Information Disclosure Nocodb
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-27631 MEDIUM PATCH This Month

Exiv2 versions prior to 0.28.8 are vulnerable to a denial of service attack through integer overflow in the preview component when specific command-line arguments are used, causing the application to crash with an uncaught exception. An attacker can trigger this vulnerability by providing a specially crafted image file to crash Exiv2 processes, affecting systems that rely on the library for metadata processing. A patch is available in version 0.28.8 and later.

Integer Overflow Denial Of Service Exiv2 Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3404 LOW POC Monitor

Jeesite versions up to 5.15.1. contains a vulnerability that allows attackers to xml external entity reference (CVSS 5.0).

Java XXE
NVD VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2026-23865 MEDIUM PATCH This Month

Out-of-bounds memory read in FreeType 2.13.2 and 2.13.3 occurs during parsing of OpenType variable font tables (HVAR/VVAR/MVAR) due to an integer overflow in the tt_var_load_item_variation_store function. Local attackers with user interaction can exploit this by crafting malicious font files to trigger the vulnerability and read sensitive memory. The issue is resolved in FreeType 2.14.2.

Information Disclosure Buffer Overflow Freetype
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-1628 MEDIUM This Month

Mattermost Desktop is affected by inclusion of functionality from untrusted control sphere (CVSS 4.6).

RCE Mattermost Desktop
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-20435 MEDIUM This Month

Device unique identifiers in the preloader of Openwrt, Android, Yocto, RDK-B, and Zephyr can be read by attackers with physical access due to a logic error, leading to local information disclosure without requiring additional privileges or user interaction. This vulnerability affects multiple embedded and IoT platforms where the preloader executes before operating system initialization. No patch is currently available for this issue.

Information Disclosure Openwrt Android Yocto Rdk B +2
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-20445 MEDIUM This Month

Android versions up to 14.0 contains a vulnerability that allows attackers to local denial of service if a malicious actor has already obtained the System pri (CVSS 4.4).

Denial Of Service Race Condition Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-20429 MEDIUM This Month

Android's display component fails to validate buffer boundaries during read operations, allowing a system-privileged attacker to access sensitive memory contents without user interaction. This out-of-bounds read vulnerability enables local information disclosure to any malicious process running with System privileges. No patch is currently available to address this issue.

Information Disclosure Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-20424 MEDIUM This Month

Android's display component contains an out-of-bounds read vulnerability stemming from insufficient bounds validation, allowing system-privileged attackers to disclose sensitive memory contents without user interaction. The vulnerability requires pre-existing system-level access but poses a high confidentiality risk through local information disclosure. No patch is currently available.

Information Disclosure Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-20442 MEDIUM This Month

Android's display subsystem crashes due to a use-after-free memory error that allows a privileged local attacker to trigger a denial of service without user interaction. Exploitation requires pre-existing system-level access, limiting impact to scenarios where an attacker has already compromised the device at the highest privilege level. No patch is currently available for this vulnerability.

Use After Free Denial Of Service Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-20439 MEDIUM This Month

Android's imgsys component is vulnerable to a use-after-free condition that enables local denial of service attacks. Exploitation requires system-level privileges and causes immediate system crashes without user interaction. No patch is currently available for this vulnerability.

Use After Free Denial Of Service Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-20437 MEDIUM This Month

Android MAE component is vulnerable to a use-after-free condition that can trigger a system crash, resulting in denial of service for devices where an attacker has already obtained system-level privileges. No user interaction is required for exploitation. Currently, no patch is available for this vulnerability.

Use After Free Denial Of Service Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-58406 MEDIUM This Month

The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls. [CVSS 4.3 MEDIUM]

Information Disclosure Clininet
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-0024 MEDIUM This Month

MediaProvider on Android lacks proper permission validation in the isRedactionNeededForOpenViaContentResolver function, allowing local attackers to infer the precise locations of media files without requiring special privileges or user interaction. This information disclosure vulnerability affects any application with local access to the device, and while the CVSS score is moderate, no patch is currently available.

Information Disclosure Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-0995 LOW Monitor

An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME. [CVSS 3.6 LOW]

Race Condition Information Disclosure C1 Pro Firmware
NVD
CVSS 3.1
3.6
EPSS
0.0%
CVE-2026-3407 LOW Monitor

A vulnerability was determined in YosysHQ yosy versions up to 0.62. is affected by buffer overflow (CVSS 3.3).

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-3405 LOW Monitor

A vulnerability has been found in thinkgem JeeSite up to 5.15.1. The affected element is an unknown function of the component Connection Handler. [CVSS 3.1 LOW]

Path Traversal Jeesite
NVD VulDB
CVSS 4.0
1.3
EPSS
0.1%
CVE-2026-23600 This Week

A remote authentication bypass vulnerability  exists in HPE AutoPass License Server (APLS).

Authentication Bypass
NVD
EPSS
0.2%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy