Skip to main content
CVE-2026-3794 MEDIUM POC This Month

DoraCMS 3.0.x Email API endpoint /api/v1/mail/send contains an authentication bypass vulnerability that allows unauthenticated remote attackers to send emails and potentially access sensitive functionality. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification. The flaw carries a CVSS score of 7.3 with moderate confidentiality, integrity, and availability impact.

Authentication Bypass Doracms
NVD VulDB
CVSS 4.0
5.5
EPSS
0.2%
CVE-2026-3817 MEDIUM POC This Month

Patients Waiting Area Queue Management System versions up to 1.0 contains a security vulnerability (CVSS 5.3).

PHP Patients Waiting Area Queue Management System
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-29023 MEDIUM This Month

Keygraph Shannon's router component exposes a hard-coded API key that allows unauthenticated network attackers to intercept and proxy requests through the application when the router is enabled and accessible. Attackers can leverage this static credential to abuse upstream provider API resources and potentially access sensitive request/response data belonging to legitimate users. No patch is currently available for this vulnerability.

Authentication Bypass
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-41755 MEDIUM This Month

A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. [CVSS 6.5 MEDIUM]

Path Traversal Information Disclosure Universal Bacnet Router Firmware
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-41754 MEDIUM This Month

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system. [CVSS 6.5 MEDIUM]

Information Disclosure Universal Bacnet Router Firmware
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-41763 MEDIUM This Month

A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files. [CVSS 6.5 MEDIUM]

Information Disclosure Universal Bacnet Router Firmware
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-70050 MEDIUM This Month

An issue pertaining to CWE-312: Cleartext Storage of Sensitive Information was discovered in lesspass lesspass v9.6.9 which allows attackers to obtain sensitive information. [CVSS 6.5 MEDIUM]

Information Disclosure Lesspass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3822 MEDIUM This Month

The Taipower Android application fails to validate TLS/SSL certificates during HTTPS connections, enabling unauthenticated attackers to conduct man-in-the-middle attacks against users. This vulnerability allows adversaries to intercept and modify network traffic without user awareness. No patch is currently available for this medium-severity issue (CVSS 6.5).

TLS Taipower App
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-69648 MEDIUM PATCH This Month

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. [CVSS 6.2 MEDIUM]

RCE Denial Of Service Buffer Overflow Binutils Red Hat +1
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-69647 MEDIUM PATCH This Month

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. [CVSS 6.2 MEDIUM]

Denial Of Service Binutils Red Hat Suse
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-41762 MEDIUM This Month

An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates. [CVSS 6.2 MEDIUM]

Authentication Bypass Information Disclosure Universal Bacnet Router Firmware
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-70037 MEDIUM This Month

An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in linagora Twake v2023.Q1.1223. This allows attackers to obtain sensitive information and execute arbitrary code. [CVSS 6.1 MEDIUM]

RCE Open Redirect Twake
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-40638 MEDIUM This Month

A reflected Cross-Site Scripting (XSS) vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the 'name' parameter in '/search-results'. [CVSS 6.1 MEDIUM]

XSS Eventobot
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-70032 MEDIUM This Month

An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. [CVSS 6.1 MEDIUM]

Open Redirect
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-3638 MEDIUM This Month

Improper access control in Devolutions Server 2025.3.11.0 and earlier allows authenticated low-privileged users to restore deleted users and roles through crafted API requests, potentially enabling unauthorized account recovery and privilege escalation. Organizations running affected versions are at risk as attackers with basic authentication credentials can manipulate user and role restoration without proper authorization checks. No patch is currently available.

Authentication Bypass Devolutions Server
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2024-14027 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput() in fremovexattr error path In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a file reference but returns early without calling fdput() when strncpy_from_user() fails on the name argument.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-3818 MEDIUM This Month

SQL injection in Tiandy Easy7 CMS 7.17.0 allows unauthenticated remote attackers to manipulate the strTBName parameter in GetDBData.jsp, potentially accessing or modifying sensitive database information. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

SQLi Microsoft
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-70060 MEDIUM This Month

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0. [CVSS 5.4 MEDIUM]

XSS Yapi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-25604 MEDIUM PATCH This Month

AWS Airflow Providers with Auth Manager fail to validate SAML response origins against the actual instance URL, allowing attackers with valid credentials from one instance to authenticate to other instances with potentially different access controls. This cross-instance authentication bypass requires low privileges and network access but does not directly compromise confidentiality or integrity. Users should upgrade to version 9.22.0 or later to remediate this vulnerability.

Airflow Providers Amazon Information Disclosure
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-70033 MEDIUM This Month

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. [CVSS 5.4 MEDIUM]

XSS Sunbirded Portal
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-70040 MEDIUM This Month

An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information. [CVSS 5.3 MEDIUM]

Information Disclosure Jimeng Web Mcp Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3089 MEDIUM PATCH This Month

Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions up to 26.3.0 is affected by path traversal.

Path Traversal Actual
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-41760 MEDIUM This Month

An administrator may attempt to block all traffic by configuring a pass filter with an empty table. However, in UBR, an empty list does not enforce any restrictions and allows all network traffic to pass unfiltered. [CVSS 4.9 MEDIUM]

Information Disclosure Universal Bacnet Router Firmware
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-41759 MEDIUM This Month

An administrator may attempt to block all networks by specifying "\*" or "all" as the network identifier. However, these values are not supported and do not trigger any validation error. [CVSS 4.9 MEDIUM]

Information Disclosure Universal Bacnet Router Firmware
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-70973 MEDIUM This Month

ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cookie to unauthenticated users and does not regenerate the session identifier after successful authentication. [CVSS 4.8 MEDIUM]

Session Fixation Information Disclosure
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-21736 MEDIUM This Month

Improper GPU system call handling in the DDK allows non-privileged users to bypass memory protections on user-mode wrapped memory regions and gain unauthorized write access. An attacker with local access could exploit this to modify read-only memory structures, potentially compromising system integrity or escalating privileges. No patch is currently available for this medium-severity vulnerability.

Information Disclosure Ddk
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-2919 MEDIUM This Month

Domain spoofing in Focus for iOS versions prior to 148.2 allows remote attackers to display malicious content under trusted domain names through navigation stalling and iframe redirection techniques, without requiring user interaction beyond the initial page load. An attacker can leverage this to conduct phishing attacks or distribute misleading content by presenting spoofed trusted domains in the browser UI. No patch is currently available for this vulnerability.

Information Disclosure Apple
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy