Skip to main content
CVE-2026-28427 MEDIUM This Month

OpenDeck is Linux software for your Elgato Stream Deck. versions up to 2.8.1 is affected by path traversal.

Path Traversal Opendeck
NVD GitHub
CVSS 4.0
5.9
EPSS
0.1%
CVE-2026-20066 MEDIUM This Month

Cisco Snort 3 Detection Engine can be remotely restarted by an unauthenticated attacker through crafted HTTP packets exploiting improper JavaScript normalization in the JSTokenizer logic, causing a denial of service condition that interrupts packet inspection. The vulnerability requires the JSTokenizer feature to be enabled and can be triggered via an established network connection without authentication. No patch is currently available.

Cisco Denial Of Service
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2026-20067 MEDIUM This Month

Unauthenticated remote attackers can crash the Snort 3 Detection Engine by sending crafted HTTP packets with malformed Multicast DNS fields, causing a denial of service that interrupts packet inspection across multiple Cisco products. The vulnerability stems from incomplete error checking in HTTP header parsing and requires no authentication or user interaction to trigger. No patch is currently available for this MEDIUM severity issue.

Cisco DNS Denial Of Service
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-20058 MEDIUM This Month

Snort 3 Detection Engine crashes when processing malformed VBA data due to improper decompression error handling, allowing unauthenticated remote attackers to trigger denial-of-service conditions across multiple Cisco products. An attacker can exploit this vulnerability by sending crafted VBA payloads to cause unexpected engine restarts without requiring authentication or user interaction. No patch is currently available for this medium-severity flaw.

Cisco Denial Of Service
NVD VulDB
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-20057 MEDIUM This Month

Denial of service in Cisco Snort 3's VBA decompression feature allows unauthenticated remote attackers to crash the detection engine by sending maliciously crafted VBA data. The vulnerability stems from insufficient error checking during VBA data processing, enabling attackers to trigger unexpected restarts of the Snort 3 Detection Engine. No patch is currently available for this medium-severity issue affecting multiple Cisco products.

Cisco Denial Of Service
NVD VulDB
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-20054 MEDIUM This Month

Improper error checking in Cisco Snort 3's VBA decompression feature allows unauthenticated remote attackers to trigger an infinite loop by sending specially crafted VBA data, causing a denial of service condition. The vulnerability affects multiple Cisco products and requires no user interaction or authentication to exploit. No patch is currently available.

Cisco Denial Of Service
NVD VulDB
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-20053 MEDIUM This Month

Improper range checking in Cisco Snort 3's VBA decompression feature allows unauthenticated remote attackers to trigger a heap buffer overflow by sending crafted VBA data, causing denial of service. The vulnerability affects multiple Cisco products and requires no authentication or user interaction to exploit. No patch is currently available.

Cisco Denial Of Service
NVD VulDB
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-20052 MEDIUM This Month

Denial of service in Cisco Secure Firewall Threat Defense via crafted SSL packets allows unauthenticated remote attackers to crash the Snort 3 Detection Engine through a memory management logic error during SSL inspection. An attacker can exploit this vulnerability by sending malicious SSL packets through an established connection, forcing the detection engine to unexpectedly restart and interrupt security monitoring. No patch is currently available for this medium-severity issue.

Cisco TLS Denial Of Service
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-20013 MEDIUM This Month

Unauthenticated remote attackers can trigger denial-of-service conditions in Cisco Secure Firewall ASA and Secure FTD Software by sending specially crafted IKEv2 packets that cause memory exhaustion due to improper memory management. A successful attack forces manual device reloads and can degrade network services across connected systems. No patch is currently available for this vulnerability.

Cisco Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-20006 MEDIUM This Month

Cisco Secure Firewall Threat Defense (FTD) Software is vulnerable to denial of service through improper TLS protocol implementation in the Snort 3 Detection Engine, allowing unauthenticated remote attackers to trigger unexpected restarts by sending crafted TLS packets. Successful exploitation causes the affected device to drop network traffic, creating a DoS condition affecting TLS versions prior to 1.3. No patch is currently available.

Cisco TLS Denial Of Service
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-20065 MEDIUM This Month

Snort 3 Detection Engine in multiple Cisco products can be remotely restarted by unauthenticated attackers through crafted packets sent over established connections, due to improper binder module initialization logic. This denial-of-service vulnerability interrupts packet inspection capabilities and can be triggered without authentication or user interaction. No patch is currently available for this medium-severity flaw.

Cisco Denial Of Service
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-20068 MEDIUM This Month

Snort 3 detection engine contains a vulnerability that allows attackers to cause a DoS condition when the Snort 3 Detection Engine unexpectedly restarts (CVSS 5.8).

Cisco Denial Of Service
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-20015 MEDIUM This Month

Unauthenticated remote attackers can trigger a denial of service against Cisco Secure Firewall ASA and Secure FTD devices by sending specially crafted IKEv2 packets that trigger a memory leak in the IKEv2 parser. Exploitation exhausts system resources and forces manual device reboot to restore availability. No patch is currently available.

Cisco Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-20005 MEDIUM This Month

Snort 3 Detection Engine contains a vulnerability that allows attackers to cause a denial of service (DoS) condition when the Snort 3 Detection Engine rest (CVSS 5.8).

Cisco TLS Denial Of Service
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-20073 MEDIUM This Month

Unauthenticated remote attackers can bypass firewall access controls on Cisco Secure Firewall ASA and FTD devices by exploiting improper error handling during cluster memory exhaustion when syncing security rules. This allows attackers to send traffic that should be blocked through affected devices to reach protected networks. No patch is currently available.

Cisco Authentication Bypass
NVD VulDB
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-20007 MEDIUM This Month

Snort rule bypass in Cisco Secure Firewall Threat Defense allows unauthenticated remote attackers to evade deep packet inspection through crafted traffic that exploits logic errors in inner and outer connection rule evaluation. An attacker can send specially crafted packets that trigger different Snort rules than intended, permitting malicious traffic through the firewall that should be blocked. No patch is currently available for this medium-severity vulnerability.

Cisco
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-2297 MEDIUM PATCH This Month

The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.7
EPSS
0.0%
CVE-2026-20024 MEDIUM This Month

OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software is affected by buffer overflow (CVSS 6.8).

Cisco Buffer Overflow Adaptive Security Appliance Software Firepower Threat Defense Software
NVD VulDB
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-23237 MEDIUM PATCH This Month

The Linux kernel's Classmate laptop driver lacks NULL pointer checks in sysfs attribute handlers, allowing local users to trigger a denial of service by accessing device attributes before driver initialization completes. A premature sysfs access can cause the driver to dereference a NULL pointer when retrieving uninitialized device data, crashing the affected system.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23232 MEDIUM PATCH This Month

A revert of a Linux kernel patch introduces a potential deadlock condition in the f2fs filesystem when concurrent write operations and checkpoint operations occur, allowing a local user with write permissions to cause a denial of service through system hang. The vulnerability affects the Linux kernel's f2fs module and requires low privileges to trigger. No patch is currently available to address this issue.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-26949 MEDIUM This Month

Dell Device Management Agent versions before 26.02 suffer from an authorization bypass that allows local attackers with low privileges to escalate their access on affected systems. The vulnerability stems from improper privilege validation and requires only local access with no user interaction to exploit. No patch is currently available for this issue.

Authentication Bypass Dell Device Management Agent
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-66168 MEDIUM PATCH This Month

Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. [CVSS 5.4 MEDIUM]

Apache Integer Overflow Buffer Overflow
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-3103 MEDIUM This Month

Data loss in Checkmk versions before 2.4.0p23, 2.3.0p43, and 2.2.0 results from a logic error in the remove_password() function that allows low-privileged users to delete sensitive information. An authenticated attacker can exploit this vulnerability to cause unintended data loss without requiring user interaction. No patch is currently available for affected deployments.

Authentication Bypass Checkmk
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-2732 MEDIUM This Month

The Enable Media Replace plugin for WordPress through version 4.1.7 fails to properly validate user permissions in the RemoveBackGroundViewController::load function, allowing authenticated users with Author-level privileges to replace arbitrary attachments with background-removed versions. This integrity issue affects WordPress installations using the vulnerable plugin and requires user authentication to exploit. No patch is currently available.

WordPress Authentication Bypass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-23808 MEDIUM This Month

Malicious actors can install unauthorized Group Temporal Keys on ArubaOS wireless clients through a standardized roaming protocol vulnerability, enabling frame injection and network segmentation bypass. An attacker positioned on the local network could leverage this to intercept traffic, bypass client isolation, and compromise network integrity and confidentiality. No patch is currently available.

RCE Code Injection Arubaos
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-29086 MEDIUM PATCH This Month

Hono versions up to 4.12.4 contains a vulnerability that allows attackers to injection of additional cookie attributes if untrusted input was passed into the (CVSS 5.4).

Code Injection Hono
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27898 MEDIUM PATCH This Month

Vaultwarden versions up to 1.35.4 is affected by authorization bypass through user-controlled key (CVSS 5.4).

Authentication Bypass Vaultwarden Red Hat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-23809 MEDIUM This Month

Traffic interception in ArubaOS Wi-Fi networks allows adjacent attackers to bypass BSSID isolation controls and redirect victim traffic by exploiting port associations across multiple wireless networks. Successful attacks could enable eavesdropping, session hijacking, or denial of service without authentication or user interaction. No patch is currently available for this medium-severity vulnerability.

Denial Of Service Arubaos
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-23601 MEDIUM This Month

Improper cryptographic validation in ArubaOS Wi-Fi encryption allows adjacent network attackers to forge authenticated frames by spoofing the primary BSSID and inject tampered data to targeted clients without authentication. This medium-severity flaw (CVSS 5.4) bypasses standard encryption separation between wireless endpoints, enabling data manipulation on affected networks. No patch is currently available.

Authentication Bypass Arubaos
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-20031 MEDIUM PATCH This Month

ClamAV's HTML CSS parser fails to properly handle UTF-8 string operations, enabling remote attackers to crash the scanning engine by submitting a malicious HTML file. An unauthenticated attacker can exploit this weakness over the network without user interaction to achieve denial of service. No patch is currently available.

Denial Of Service Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-25907 MEDIUM This Month

Dell PowerScale OneFS 9.13.0.0 is vulnerable to denial of service through an overly restrictive account lockout mechanism that can be triggered by unauthenticated remote attackers. The flaw allows an attacker to lock out legitimate users without authentication, disrupting service availability. No patch is currently available for this medium-severity vulnerability.

Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-20106 MEDIUM This Month

Unauthenticated remote attackers can trigger memory exhaustion on Cisco ASA and FTD devices by sending specially crafted packets to the SSL VPN service, exploiting insufficient input validation in the Remote Access SSL VPN, HTTP management, and MUS functionality. Successful exploitation causes a denial of service condition that requires manual device reboot. No patch is currently available.

Cisco Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-1980 MEDIUM This Month

Unauthenticated attackers can extract sensitive customer data from WPBookit plugin versions 1.0.8 and earlier through an authorization bypass in the 'get_customer_list' endpoint, exposing names, emails, phone numbers, dates of birth, and gender information. This network-accessible vulnerability affects all WordPress installations running the vulnerable plugin without requiring authentication or user interaction. No patch is currently available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-29069 MEDIUM PATCH This Month

Unauthenticated attackers can trigger activation emails for pending user accounts in Craft CMS versions prior to 5.9.0-beta.2 and 4.17.0-beta.2 by exploiting an unprotected endpoint that lacks permission checks. If an attacker controls the target user's email address, they can complete account activation and gain unauthorized system access. A patch is available in the latest beta versions.

Authentication Bypass Craft Cms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22040 MEDIUM This Month

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. [CVSS 5.3 MEDIUM]

Memory Corruption Use After Free Buffer Overflow Nanomq
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-20009 MEDIUM This Month

Unauthenticated SSH authentication bypass in Cisco Secure Firewall ASA allows remote attackers to log in as arbitrary users by exploiting insufficient input validation during the SSH key authentication phase, requiring only knowledge of a valid username and its associated public key. This vulnerability enables attackers to execute arbitrary commands on affected ASA devices with the privileges of the compromised user account. No patch is currently available.

Cisco Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-2748 MEDIUM This Month

SEPPmail Secure Email Gateway versions before 15.0.1 fail to properly validate S/MIME certificates with whitespace characters in email addresses, enabling attackers to forge digital signatures and impersonate legitimate senders. This integrity bypass affects organizations relying on SEPPmail for secure email validation and could undermine trust in digitally signed communications. No patch is currently available for affected installations.

Authentication Bypass Seppmail
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-27445 MEDIUM This Month

Seppmail versions up to 15.0.1 is affected by improper verification of cryptographic signature (CVSS 5.3).

Information Disclosure Seppmail
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-2746 MEDIUM This Month

Seppmail versions up to 15.0.1 is affected by improper verification of cryptographic signature (CVSS 5.3).

Information Disclosure Seppmail
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3439 MEDIUM This Month

Authenticated users can trigger a stack-based buffer overflow in SonicOS certificate handling to cause denial of service against Sonicos firewalls. The vulnerability requires administrative privileges to exploit and results in firewall crashes rather than code execution. No patch is currently available.

Buffer Overflow Stack Overflow Denial Of Service Sonicos
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2026-20003 MEDIUM This Month

SQL injection in Cisco Secure FMC REST API allows authenticated users with administrative roles to extract sensitive database contents and read operating system files. The vulnerability stems from insufficient input validation on user-supplied requests, requiring valid credentials but posing significant risk to organizations using affected systems. No patch is currently available.

Cisco SQLi
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-41257 MEDIUM This Month

Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise. [CVSS 4.8 MEDIUM]

Code Injection
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-40895 MEDIUM This Month

A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties. [CVSS 4.8 MEDIUM]

XSS Information Disclosure Open Redirect Cmc
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-2289 MEDIUM This Month

Stored XSS in WordPress Taskbuilder plugin versions up to 5.0.3 allows authenticated administrators to inject malicious scripts into admin settings that execute for other users, affecting multi-site installations or those with unfiltered_html disabled. The vulnerability stems from inadequate input sanitization and output escaping in the plugin's administrative interface. No patch is currently available.

WordPress XSS
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-2292 MEDIUM This Month

Stored XSS in the Morkva UA Shipping WordPress plugin through version 1.7.9 allows authenticated administrators to inject malicious scripts into plugin settings that execute for all site visitors, affecting multi-site installations and sites with unfiltered_html disabled. The vulnerability stems from inadequate input sanitization and output escaping in the admin interface. Exploitation requires high-privilege administrator access and no patch is currently available.

WordPress XSS
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-22285 MEDIUM This Month

Dell Device Management Agent versions before 26.02 store passwords in plaintext, allowing high-privileged local attackers to gain unauthorized access to sensitive systems. The vulnerability requires administrative-level access and local presence but poses a confidentiality risk to affected deployments. No patch is currently available.

Authentication Bypass Dell Device Management Agent
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-20069 MEDIUM This Month

Cisco Secure Firewall ASA and FTD devices with VPN web services enabled are vulnerable to cross-site request forgery (CSRF) attacks due to insufficient HTTP request validation. An attacker can trick users into visiting a malicious website that sends crafted requests to the affected appliance, potentially allowing injection of malicious content reflected back to the victim's browser. No patch is currently available for this vulnerability.

Cisco XSS Request Smuggling
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-23810 MEDIUM This Month

Arubaos contains a vulnerability that allows attackers to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks (CVSS 4.3).

Code Injection Arubaos
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-20021 MEDIUM This Month

Memory exhaustion in Cisco ASA and FTD OSPF protocol implementation allows adjacent authenticated attackers to trigger denial of service by sending specially crafted packets that bypass input validation. An attacker with network access to the affected device can exploit improper packet parsing to consume available memory and crash the appliance. No patch is currently available for this vulnerability.

Cisco Denial Of Service
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-23812 MEDIUM This Month

ArubaOS access points are vulnerable to gateway impersonation attacks when clients connect via wired or wireless interfaces, allowing unauthenticated attackers to redirect network traffic into a man-in-the-middle position. An attacker can exploit address-based spoofing to intercept or modify data streams intended for the legitimate gateway, compromising the confidentiality of client communications. No patch is currently available.

Information Disclosure Arubaos
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy