Skip to main content
CVE-2026-28551 MEDIUM This Month

Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.7 MEDIUM]

Race Condition Harmonyos
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-26998 MEDIUM PATCH This Month

Traefik versions prior to 2.11.38 and 3.6.9 fail to limit memory allocation when processing ForwardAuth middleware responses, allowing a malicious or compromised authentication server to trigger unbounded memory consumption. An attacker controlling the auth server can return an arbitrarily large response body that causes the Traefik process to exhaust available memory and crash, resulting in denial of service for all proxied routes. A patch is available in the specified versions.

Denial Of Service Traefik Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-28543 MEDIUM This Month

Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.4 MEDIUM]

Industrial Race Condition Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-22052 MEDIUM This Month

NetApp ONTAP 9.12.1 and later with S3 NAS buckets allows authenticated attackers to enumerate directory contents they lack authorization to access, resulting in unauthorized information disclosure. An attacker with valid credentials can exploit this to view sensitive file listings without proper permissions. No patch is currently available for this vulnerability.

Information Disclosure Ontap
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3236 MEDIUM This Month

Octopus Server allows authenticated attackers to generate new API keys from existing access tokens with extended lifetimes that exceed the original token's validity period. This token lifetime extension vulnerability (CWE-863) could enable attackers with valid credentials to maintain persistent access beyond intended restrictions. The vulnerability affects Octopus Server with no patch currently available.

Authentication Bypass Octopus Server
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-27723 MEDIUM This Month

Unauthorized wiki page creation in OpenProject prior to versions 17.0.5 and 17.1.2 allows authenticated attackers to bypass project access controls and create pages in projects they lack permission to access. The vulnerability stems from improper authentication validation on wiki page creation requests, enabling an attacker to modify project documentation without proper authorization. No patch is currently available for affected versions.

Authentication Bypass Openproject
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3072 MEDIUM This Month

The Media Library Assistant plugin for WordPress through version 3.33 fails to validate user permissions in the mla_update_compat_fields_action() function, allowing authenticated subscribers and higher-privileged users to modify taxonomy terms on any attachment. This authorization bypass enables attackers to alter attachment metadata without proper capability restrictions. A patch is not currently available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-28550 MEDIUM This Month

Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.0 MEDIUM]

Race Condition Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-28541 MEDIUM This Month

Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 4.0).

Privilege Escalation Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-28540 MEDIUM This Month

Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 4.0 MEDIUM]

Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-11143 LOW PATCH Monitor

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. [CVSS 3.7 LOW]

Code Injection Jetty
NVD GitHub HeroDevs VulDB
CVSS 3.1
3.7
EPSS
0.1%
CVE-2026-21786 LOW Monitor

HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs. [CVSS 3.3 LOW]

Information Disclosure Sametime
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-66319 LOW Monitor

Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 3.3).

Privilege Escalation
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-3606 LOW Monitor

A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segment of the file src/ettercap/utils/etterfilter/ef_output.c of the component etterfilter. [CVSS 3.3 LOW]

Buffer Overflow Ettercap
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-28436 LOW Monitor

Stored cross-site scripting in Frappe versions prior to 16.11.0 and 15.102.0 allows unauthenticated attackers to execute arbitrary JavaScript in users' browsers through malicious image URLs in avatar fields and website comments. The vulnerability affects any user viewing a page containing the compromised avatar, enabling session hijacking, credential theft, or malware distribution without user interaction.

XSS Frappe
NVD GitHub
CVSS 4.0
1.3
EPSS
0.0%
CVE-2025-13350 This Week

Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports upstream commit 8594d9b85c07 ("af_unix: Don’t call skb_get() for OOB skb"). When orphaned MSG_OOB sockets hit unix_gc(), the garbage collector still calls kfree_skb() as if OOB SKBs held two references; on Ubuntu Linux 6.8 (Noble Numbat) kernel tree, they have only the queue reference, so the buffer is freed while still reachable and subsequent queue walks dereference freed memory, yielding a reliable local privile...

Linux Ubuntu Use After Free Privilege Escalation Linux Kernel
NVD
EPSS
0.0%
Prev Page 10 of 10

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy