341 CVEs tracked today. 38 Critical, 105 High, 168 Medium, 17 Low.
-
CVE-2026-32136
CRITICAL
CVSS 9.8
Auth bypass in AdGuard Home before 0.107.73.
Authentication Bypass
Adguardhome
-
CVE-2026-32133
CRITICAL
CVSS 9.1
Blind SSRF in 2FAuth 2FA manager before 6.1.0.
SSRF
2fauth
-
CVE-2026-32096
CRITICAL
CVSS 9.3
SSRF in Plunk email platform before 0.7.0.
SSRF
Plunk
-
CVE-2026-31975
CRITICAL
CVSS 9.8
OS command injection in Cloud CLI (Claude Code UI) before 1.25.0. EPSS 0.39%.
Command Injection
-
CVE-2026-31957
CRITICAL
CVSS 10.0
Default password in Himmelblau Azure Entra ID suite 3.0.0-3.0.x. CVSS 10.0.
Azure
-
CVE-2026-31896
CRITICAL
CVSS 9.8
SQL injection in WeGIA before 3.6.6.
PHP
SQLi
Denial Of Service
Information Disclosure
Wegia
-
CVE-2026-31877
CRITICAL
CVSS 9.8
SQL injection in Frappe framework before 15.84.0/14.99.0.
SQLi
Frappe
-
CVE-2026-31874
CRITICAL
CVSS 9.8
Missing auth in Taskosaur project management 1.0.0.
Authentication Bypass
-
CVE-2026-31871
CRITICAL
CVSS 9.8
SQL injection in Parse Server before 9.6.0-alpha.5/8.6.31. Third Parse Server SQLi.
Node.js
PostgreSQL
SQLi
Parse Server
-
CVE-2026-31862
CRITICAL
CVSS 9.1
Command injection in Cloud CLI (Claude Code UI) Git operations before 1.24.0.
Command Injection
Cloud Cli
-
CVE-2026-31856
CRITICAL
CVSS 9.8
SQL injection in Parse Server before 9.6.0-alpha.5/8.6.31.
Node.js
PostgreSQL
SQLi
Parse Server
-
CVE-2026-31852
CRITICAL
CVSS 10.0
Arbitrary code execution in Jellyfin iOS GitHub Actions workflow. CVSS 10.0.
Privilege Escalation
RCE
Apple
iOS
-
CVE-2026-31840
CRITICAL
CVSS 9.8
SQL injection in Parse Server before 9.6.0-alpha.2/8.6.28.
Node.js
PostgreSQL
SQLi
Parse Server
-
CVE-2026-30903
CRITICAL
CVSS 9.6
File path control in Zoom Workplace for Windows Mail feature before 6.6.0.
Windows
Zoom
Privilege Escalation
-
CVE-2026-30741
CRITICAL
CVSS 9.8
RCE in OpenClaw Agent Platform v2026.2.6 via prompt injection.
RCE
Code Injection
Openclaw
-
CVE-2026-28229
CRITICAL
CVSS 9.8
Auth bypass in Argo Workflows before 4.0.2/3.7.11.
Kubernetes
Authentication Bypass
Redhat
Suse
-
CVE-2026-27897
CRITICAL
CVSS 10.0
Path traversal in Vociferous speech-to-text tool before 4.4.2. CVSS 10.0.
Path Traversal
-
CVE-2026-27842
CRITICAL
CVSS 9.8
Auth bypass in MR-GM5L-S1/MR-GM5A-L1 devices.
Authentication Bypass
-
CVE-2026-27591
CRITICAL
CVSS 9.9
Access control bypass in Winter CMS before 1.0.477/1.1.12/1.2.12. CVSS 9.9.
PHP
Laravel
-
CVE-2026-27478
CRITICAL
CVSS 9.1
Auth bypass in Unity Catalog 0.4.0 and earlier.
Authentication Bypass
AI / ML
-
CVE-2026-24448
CRITICAL
CVSS 9.8
Hardcoded credentials in MR-GM5L-S1/MR-GM5A-L1 devices.
Authentication Bypass
-
CVE-2026-23813
CRITICAL
CVSS 9.8
Auth bypass in HPE Aruba AOS-CX switch web management.
Authentication Bypass
-
CVE-2026-3916
CRITICAL
CVSS 9.6
Sandbox escape via Web Speech in Chrome before 146.0.7680.71. Patch available.
Google
Information Disclosure
Buffer Overflow
Chrome
-
CVE-2026-3826
CRITICAL
CVSS 9.8
LFI to RCE in IFTOP by WellChoose.
Lfi
PHP
RCE
Organization Portal System
-
CVE-2026-2631
CRITICAL
CVSS 9.8
Unauthenticated REST endpoint in Datalogics Ecommerce Delivery WordPress plugin before 2.6.60.
WordPress
Industrial
-
CVE-2025-70082
CRITICAL
CVSS 9.8
Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.
Command Injection
RCE
-
CVE-2025-70041
CRITICAL
CVSS 9.8
Hardcoded password in ThermaKube Kubernetes monitoring.
Information Disclosure
-
CVE-2025-70024
CRITICAL
CVSS 9.8
SQL injection in generatedata 4.0.14.
SQLi
-
CVE-2025-67041
CRITICAL
CVSS 9.8
Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.
Command Injection
-
CVE-2025-67039
CRITICAL
CVSS 9.1
Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.
Authentication Bypass
-
CVE-2025-67038
CRITICAL
CVSS 9.8
Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.
Command Injection
-
CVE-2025-67035
CRITICAL
CVSS 9.8
Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.
Ssh
-
CVE-2025-66956
CRITICAL
CVSS 9.9
Insecure access control in Asseco SEE Live 2.0. Remote access to attachments.
Authentication Bypass
-
CVE-2023-27573
CRITICAL
CVSS 9.0
Default credentials in netbox-docker before 2.5.0.
Docker
-
CVE-2019-25487
CRITICAL
CVSS 9.8
Command execution in SAPIDO RB-1732 V2.0.43 router. PoC available.
-
CVE-2019-25471
CRITICAL
CVSS 9.8
Arbitrary file upload in FileThingie 2.5.7 via ZIP archives. PoC available.
PHP
-
CVE-2019-25468
CRITICAL
CVSS 9.8
RCE in NetGain EM Plus 10.1.68. PoC available.
RCE
-
CVE-2018-25159
CRITICAL
CVSS 9.8
OGNL injection in Epross AVCON6 management platform. PoC available.
RCE
-
CVE-2026-32132
HIGH
CVSS 7.4
ZITADEL is an open source identity management platform. versions up to 3.4.8 is affected by insufficient session expiration (CVSS 7.4).
Information Disclosure
Zitadel
-
CVE-2026-32131
HIGH
CVSS 7.7
ZITADEL is an open source identity management platform. versions up to 3.4.8 is affected by authorization bypass through user-controlled key (CVSS 7.7).
Authentication Bypass
Zitadel
-
CVE-2026-32130
HIGH
CVSS 7.5
ZITADEL is an open source identity management platform. From 2.68.0 to versions up to 3.4.8 contains a security vulnerability (CVSS 7.5).
Information Disclosure
Zitadel
-
CVE-2026-32127
HIGH
CVSS 8.8
OpenEMR versions prior to 8.0.0.1 contain a SQL injection vulnerability in the ajax graphs library that allows authenticated users to execute arbitrary database queries, potentially leading to complete compromise of patient health records and system data. The vulnerability stems from insufficient input validation and requires valid credentials to exploit, but poses a critical risk given the sensitive nature of healthcare data stored in OpenEMR systems. No patch is currently available for affected versions.
SQLi
Openemr
-
CVE-2026-32126
HIGH
CVSS 7.1
OpenEMR versions prior to 8.0.0.1 contain an inverted boolean condition in the access control logic that allows any authenticated user to access administrative CDR controllers (alerts, ajax, edit, add, detail, browse) intended for administrators only. Affected users can suppress clinical decision support alerts, delete or modify clinical plans, and edit rule configurations without proper authorization. No patch is currently available for this high-severity vulnerability.
Authentication Bypass
Openemr
-
CVE-2026-32123
HIGH
CVSS 7.7
OpenEMR versions prior to 8.0.0.1 fail to properly enforce access controls on group encounters due to sensitivity checks only querying the wrong database table, allowing authenticated users to view restricted medical records such as mental health encounters they should not access. The vulnerability affects multi-user deployments where role-based restrictions are relied upon to protect sensitive patient information. No patch is currently available for affected versions.
Authentication Bypass
Openemr
-
CVE-2026-32121
HIGH
CVSS 7.7
Stored DOM-based cross-site scripting (XSS) in OpenEMR prior to version 8.0.0.1 allows authenticated attackers with low privileges to inject malicious scripts through unsanitized patient names in the portal signing component, which are rendered client-side via jQuery. Successful exploitation requires user interaction and could enable attackers to perform actions in the context of affected users or steal sensitive health information. A patch is available in OpenEMR 8.0.0.1 and later versions.
PHP
XSS
Openemr
-
CVE-2026-32117
HIGH
CVSS 7.6
Grafana Cubism Panel versions 0.1.2 and earlier contain a stored cross-site scripting (XSS) vulnerability where dashboard editors can inject malicious javascript: URIs into zoom-link handlers that execute with Grafana origin privileges when viewers interact with the panel. An authenticated attacker with editor permissions can craft a malicious dashboard that executes arbitrary JavaScript in the context of any user who zooms on the affected panel, potentially compromising sensitive data or session tokens.
Grafana
XSS
Grafanacubism Panel
-
CVE-2026-32110
HIGH
CVSS 8.3
High severity vulnerability in SiYuan Note. # The `/api/network/forwardProxy` endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers. There is no URL validation to prevent requests to internal networks, localhost, or cloud metadata services.
SSRF
Siyuan
-
CVE-2026-32101
HIGH
CVSS 7.6
High severity vulnerability in StudioCMS. The S3 storage manager's `isAuthorized()` function is declared `async` (returns `Promise<boolean>`) but is called without `await` in both the POST and PUT handlers. Since a Promise object is always truthy in JavaScript, `!isAuthorized(type)` always evaluates to `false`, completely bypassing the authorization check. Any authenticated user with the lowest `visitor` role can upload, delete, rename...
Authentication Bypass
Studiocms
-
CVE-2026-32098
HIGH
CVSS 7.5
### Impact
An attacker can exploit LiveQuery subscriptions to infer the values of protected fields without directly receiving them. By subscribing with a WHERE clause that references a protected field (including via dot-notation or `$regex`), the attacker can observe whether LiveQuery events are delivered for matching objects. This creates a boolean oracle that leaks protected field values. The attack affects any class that has both `protectedFields` configured in Class-Level Permissions and LiveQuery enabled.
### Patches
The fix adds validation of the LiveQuery subscription WHERE clause against the class's protected fields, mirroring the existing REST API validation. If a subscription's WHERE clause references a protected field directly, via dot-notation, or inside `$or` / `$and` / `$nor` operators, the subscription is rejected with a permission error. This is applied during subscription creation, so existing event delivery paths are not affected.
### Workarounds
Disable LiveQuery for classes that use `protectedFields` in their Class-Level Permissions, or remove `protectedFields` from classes that require LiveQuery.
### References
- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-j7mm-f4rv-6q6q
- Fix Parse Server 9: https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.9
- Fix Parse Server 8: https://github.com/parse-community/parse-server/releases/tag/8.6.35
Node.js
Information Disclosure
AI / ML
Parse Server
-
CVE-2026-32097
HIGH
CVSS 8.8
Authenticated users in PingPong versions prior to 7.27.2 can access and delete files beyond their authorization scope, potentially exposing or removing private user files and model outputs. An attacker with valid credentials and thread access can exploit improper access controls to retrieve or delete sensitive data belonging to other users. No patch is currently available for this high-severity vulnerability affecting the AI/ML teaching platform.
Authentication Bypass
AI / ML
Pingpong
-
CVE-2026-32063
HIGH
CVSS 7.1
OpenClaw versions prior to 2026.2.21 allow local attackers with limited privileges to inject arbitrary systemd directives through unvalidated environment variables in unit file generation, enabling command execution with gateway service privileges. By manipulating config.env.vars and triggering service installation or restart, an attacker can bypass Environment= line constraints via newline injection to achieve arbitrary code execution. No patch is currently available for this command injection vulnerability.
Command Injection
Openclaw
-
CVE-2026-32062
HIGH
CVSS 8.7
OpenClaw versions2026.2.21-2 versions up to 2026.2.22 is affected by allocation of resources without limits or throttling (CVSS 7.5).
Denial Of Service
-
CVE-2026-32060
HIGH
CVSS 8.8
OpenClaw versions before 2026.2.14 allow authenticated attackers to bypass filesystem restrictions in the apply_patch function through path traversal, enabling arbitrary file write and deletion operations outside the intended workspace. The vulnerability requires an authenticated user but no additional user interaction, and affects systems with apply_patch enabled without sandbox containment. No patch is currently available.
Path Traversal
Openclaw
-
CVE-2026-32059
HIGH
CVSS 8.8
OpenClaw version 2026.2.22-2 versions up to 2026.2.23 is affected by incorrect authorization (CVSS 8.8).
Authentication Bypass
Openclaw
-
CVE-2026-31979
HIGH
CVSS 8.8
Local privilege escalation in Himmelblau prior to versions 3.1.0 and 2.3.8 allows authenticated local users to exploit insecure Kerberos cache file handling in the root-running himmelblaud-tasks daemon through symlink attacks. The vulnerability stems from the removal of PrivateTmp protections, exposing /tmp operations to symlink-based file overwrite and ownership manipulation attacks. An attacker with local access can leverage this flaw to achieve arbitrary file modification and full system compromise.
Privilege Escalation
Microsoft
Himmelblau
-
CVE-2026-31958
HIGH
CVSS 8.7
In versions of Tornado prior to 6.5.5, the only limit on the number of parts in `multipart/form-data` is the `max_body_size` setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts.
Tornado 6.5.5 introduces new limits on the size and complexity of multipart bodies, including a default limit of 100 parts per request. These limits are configurable if needed; see `tornado.httputil.ParseMultipartConfig`. It is also now possible to disable `multipart/form-data` parsing entirely if it is not required for the application.
Python
Denial Of Service
-
CVE-2026-31895
HIGH
CVSS 8.8
WeGIA is a web manager for charitable institutions. versions up to 3.6.6 is affected by sql injection (CVSS 8.8).
PHP
SQLi
Wegia
-
CVE-2026-31894
HIGH
CVSS 7.5
WeGIA 3.6.5 allows unauthenticated remote attackers to read arbitrary files on the server through symlink traversal in backup database extraction functionality. When processing tar.gz archives, the application fails to validate whether extracted members are symbolic links before reading their contents, enabling an attacker to access sensitive files like database credentials or configuration data. No patch is currently available for this vulnerability.
Information Disclosure
Wegia
-
CVE-2026-31892
HIGH
CVSS 8.1
Argo Workflows versions 2.9.0 through 4.0.1 (and 3.x before 3.7.11) allow authenticated users to bypass WorkflowTemplate security policies by injecting a podSpecPatch field in workflow submissions, circumventing even strict template referencing controls. An attacker with workflow submission privileges can exploit this to modify pod specifications without security validation, potentially gaining unauthorized access or executing arbitrary code. This vulnerability affects organizations using Kubernetes with Argo Workflows and requires upgrading to versions 4.0.2, 3.7.11 or later to remediate.
Kubernetes
Authentication Bypass
Argo Workflows
-
CVE-2026-31889
HIGH
CVSS 8.9
Shopware versions before 6.6.10.15 and 6.7.8.1 contain an authentication bypass in the app registration flow that allows attackers to hijack the communication channel between a shop and third-party apps by re-registering with a controlled domain without domain ownership verification. An attacker with knowledge of the app secret can redirect app traffic and intercept API credentials intended for legitimate shops. This vulnerability affects all Shopware installations using the legacy app registration mechanism and currently has no available patch.
Authentication Bypass
-
CVE-2026-31881
HIGH
CVSS 7.7
Runtipi versions prior to 4.8.0 allow unauthenticated attackers to reset the admin password through an unprotected POST /api/auth/reset-password endpoint, enabling complete account takeover during active password-reset windows. Any remote user can set a new operator password within the 15-minute reset window without authentication or authorization checks. This vulnerability remains unpatched in affected versions.
Authentication Bypass
-
CVE-2026-31872
HIGH
CVSS 7.5
Parse Server versions prior to 9.6.0-alpha.6 and 8.6.32 allow attackers to bypass class-level permission restrictions on protected fields by using dot-notation in query and sort parameters, enabling enumeration of sensitive field values through binary oracle attacks. This affects both MongoDB and PostgreSQL deployments and requires no authentication or user interaction. No patch is currently available for affected versions.
Node.js
PostgreSQL
Authentication Bypass
Parse Server
-
CVE-2026-31870
HIGH
CVSS 7.5
cpp-httplib versions prior to 0.37.1 crash when the streaming API receives a malformed Content-Length header from any server, as the library fails to validate or handle exceptions from the underlying string parsing function. An attacker can exploit this denial of service condition by hosting a malicious server, performing a man-in-the-middle attack, or leveraging HTTP redirects to crash any client application using the vulnerable library. Currently no patch is available for this issue.
Denial Of Service
Cpp Httplib
-
CVE-2026-31866
HIGH
CVSS 7.5
Kubernetes flagd feature flag daemon versions before 0.14.2 are vulnerable to denial of service through unbounded memory allocation on publicly accessible evaluation endpoints. An unauthenticated attacker can send HTTP requests with arbitrarily large payloads to exhaust memory and crash the service. This affects deployments without external authentication controls, allowing trivial process termination in containerized environments.
Kubernetes
Denial Of Service
-
CVE-2026-31861
HIGH
CVSS 8.8
Arbitrary OS command execution in Cloud CLI versions prior to 1.24.0 allows authenticated users to inject malicious commands through improperly sanitized git configuration parameters passed to shell execution functions. The /api/user/git-config endpoint fails to properly escape bash metacharacters like backticks and $() substitutions, enabling attackers to execute arbitrary operating system commands with application privileges. No patch is currently available for affected deployments.
RCE
Code Injection
Cloud Cli
-
CVE-2026-31858
HIGH
CVSS 8.8
SQL injection in Craft CMS ElementSearchController allows authenticated control panel users to execute arbitrary SQL queries and extract complete database contents through the criteria[where] and criteria[orderBy] parameters. The vulnerability exists because a previous SQL injection fix applied to ElementIndexesController was never implemented in this endpoint. An attacker with any control panel user account can exploit this via boolean-based blind injection without requiring administrative privileges.
SQLi
Craft Cms
-
CVE-2026-31857
HIGH
CVSS 8.8
Remote code execution in Craft CMS 5 allows authenticated Control Panel users with basic access (including non-admin roles like Author or Editor) to execute arbitrary code by injecting malicious Twig templates through condition rule parameters. The vulnerability exploits an unsandboxed template rendering function that bypasses all security hardening settings, affecting versions prior to 5.9.9 and 4.17.4. No patch is currently available for this HIGH severity vulnerability.
RCE
Code Injection
Craft Cms
-
CVE-2026-31854
HIGH
CVSS 8.8
Cursor is a code editor built for programming with AI. versions up to 2.0 is affected by os command injection.
Command Injection
-
CVE-2026-31844
HIGH
CVSS 8.8
SQL injection in the Koha library management system's staff interface allows authenticated users to manipulate the displayby parameter in suggestion.pl, enabling arbitrary SQL query execution against the backend database. Low-privileged staff members can exploit this vulnerability to extract sensitive data or modify database contents without additional privileges. No patch is currently available to remediate this high-severity vulnerability.
SQLi
-
CVE-2026-31839
HIGH
CVSS 8.2
Striae versions prior to 3.0.0 allow local attackers to bypass package integrity verification by modifying both the manifest hash and package contents simultaneously, enabling delivery of tampered firearm examination data that passes validation checks. This integrity bypass affects forensic workflows relying on Striae's digital confirmation mechanism. No patch is currently available for affected installations.
Authentication Bypass
-
CVE-2026-30902
HIGH
CVSS 7.8
Zoom Client for Windows contains a privilege escalation vulnerability that allows authenticated local users to gain elevated system privileges through improper access controls. An attacker with valid credentials can exploit this weakness to execute arbitrary code or access sensitive system resources without administrative approval. No patch is currently available for this issue.
Windows
Zoom
Privilege Escalation
-
CVE-2026-30901
HIGH
CVSS 7.0
Improper Input Validation in Zoom Room versions up to 6.6.5 is affected by improper input validation (CVSS 7.0).
Windows
Zoom
Privilege Escalation
-
CVE-2026-30900
HIGH
CVSS 7.8
Zoom's Windows client fails to properly validate minimum version requirements during updates, enabling authenticated local users to escalate their privileges on affected systems. An attacker with local access and valid credentials could exploit this validation bypass to gain elevated permissions. No patch is currently available for this vulnerability.
Windows
Zoom
Privilege Escalation
-
CVE-2026-30226
HIGH
CVSS 7.5
In devalue v5.6.3, `devalue.parse` and `devalue.unflatten` were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service (DoS) or type confusion.
Denial Of Service
Prototype Pollution
Devalue
-
CVE-2026-27703
HIGH
CVSS 7.5
Stack buffer overflow in RIOT OS coap_well_known_core_default_handler allows unauthenticated remote attackers to overwrite critical stack data including return addresses through oversized CoAP option responses. Affected IoT devices running RIOT 2026.01 and earlier are vulnerable to denial of service or arbitrary code execution without any user interaction required. No patch is currently available for this vulnerability.
IoT
Denial Of Service
-
CVE-2026-23816
HIGH
CVSS 7.2
Authenticated attackers can execute arbitrary OS commands on AOS-CX Switches through improper input validation in the CLI, potentially compromising network infrastructure. This command injection flaw (CWE-78) affects high-privileged users with network access and carries a CVSS score of 7.2, with no patch currently available.
Command Injection
RCE
-
CVE-2026-23815
HIGH
CVSS 7.2
Authenticated administrators of AOS-CX Switches can inject arbitrary commands through a custom binary in the CLI, potentially compromising switch integrity and network operations. This high-privilege attack requires valid credentials and direct network access but carries no patch availability, leaving affected deployments at persistent risk.
Command Injection
-
CVE-2026-23814
HIGH
CVSS 8.8
Authenticated remote attackers can execute arbitrary commands through malformed parameters in AOS-CX CLI commands, achieving remote code execution with high integrity and confidentiality impact. The vulnerability affects low-privileged users on networked systems and requires no user interaction to exploit. No patch is currently available for this command injection flaw.
Command Injection
-
CVE-2026-22248
HIGH
CVSS 8.0
licenses tracking and software auditing. From 11.0.0 to versions up to 11.0.5 is affected by deserialization of untrusted data (CVSS 8.0).
PHP
Deserialization
-
CVE-2026-21888
HIGH
CVSS 7.5
NanoMQ MQTT Broker versions 0.24.6 and earlier are vulnerable to an out-of-bounds read in the MQTT v5 Variable Byte Integer parser, which lacks proper bounds validation when processing 5-byte varints. Remote unauthenticated attackers can trigger a denial of service by sending malformed MQTT packets that crash the broker. No patch is currently available for this vulnerability.
Information Disclosure
Buffer Overflow
Nanomq
-
CVE-2026-21361
HIGH
CVSS 8.1
Stored XSS in Adobe Commerce versions 2.4.9-alpha3 through 2.4.4-p16 allows high-privileged attackers to inject malicious scripts into form fields, which execute when victims visit the affected pages. Successful exploitation enables session hijacking and compromise of user confidentiality and integrity, though user interaction is required for the attack to succeed. No patch is currently available for this vulnerability.
Adobe
XSS
Commerce B2b
Magento
Commerce
-
CVE-2026-21311
HIGH
CVSS 8.0
Stored XSS in Adobe Commerce versions 2.4.9-alpha3 through 2.4.4-p16 allows privileged attackers to inject malicious scripts into form fields that execute in victims' browsers, enabling session hijacking and credential theft. Exploitation requires user interaction and a high-privileged attacker account, but successful attacks compromise both confidentiality and integrity. No patch is currently available for affected versions.
Adobe
XSS
Commerce
Magento
Commerce B2b
-
CVE-2026-21309
HIGH
CVSS 7.5
Unauthorized data disclosure in Adobe Commerce and Magento B2B versions 2.4.4 through 2.4.9-alpha3 stems from improper access controls that allow attackers to bypass security features and view sensitive information without authentication or user interaction. Multiple supported versions remain vulnerable as no patch is currently available.
Adobe
Commerce B2b
Commerce
Magento
-
CVE-2026-21290
HIGH
CVSS 8.7
Stored XSS in Adobe Commerce and Magento versions 2.4.9-alpha3 through 2.4.4-p16 allows authenticated attackers to inject malicious scripts into form fields that execute in victims' browsers, enabling session hijacking and data theft. Exploitation requires user interaction when a victim visits a page containing the compromised field. No patch is currently available.
Adobe
XSS
Commerce
Magento
Commerce B2b
-
CVE-2026-21289
HIGH
CVSS 7.5
Unauthorized data disclosure in Adobe Commerce and Magento B2B versions 2.4.4 through 2.4.9-alpha3 stems from an authorization bypass flaw that allows unauthenticated attackers to view sensitive information without user interaction. The vulnerability exploits improper access controls to circumvent security protections, exposing confidential data to remote threat actors. Currently no patch is available for affected versions.
Adobe
Commerce B2b
Commerce
Magento
-
CVE-2026-21284
HIGH
CVSS 8.1
Stored XSS in Adobe Commerce versions 2.4.9-alpha3 through 2.4.4-p16 enables high-privileged attackers to inject malicious scripts into form fields, which execute in victim browsers during page visits. An attacker exploiting this vulnerability can achieve session hijacking and compromise both confidentiality and integrity, though successful exploitation requires user interaction and administrative privileges. No patch is currently available.
Adobe
XSS
Commerce
Magento
Commerce B2b
-
CVE-2026-20892
HIGH
CVSS 7.2
Arbitrary command execution in MR-GM5L-S1 and MR-GM5A-L1 devices stems from unsafe code injection handling that can be exploited by administrators to bypass execution restrictions. An authenticated attacker with admin privileges can leverage this vulnerability to run arbitrary commands with elevated permissions on the affected systems. No patch is currently available to remediate this vulnerability.
Code Injection
-
CVE-2026-20163
HIGH
CVSS 7.2
Arbitrary shell command execution in Splunk Enterprise and Cloud Platform allows authenticated users with the edit_cmd capability to inject commands through the unarchive_cmd parameter in the preview upload endpoint. Affected versions include Splunk Enterprise below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, as well as corresponding Cloud Platform versions. An attacker with high-privilege roles could achieve remote code execution on vulnerable systems, though no patch is currently available.
Command Injection
-
CVE-2026-20074
HIGH
CVSS 7.4
Cisco IOS XR Software's IS-IS routing implementation fails to properly validate incoming protocol packets, enabling an adjacent network attacker to trigger repeated process crashes and temporary routing outages. An attacker with Layer 2 adjacency can send malformed IS-IS packets to force denial of service conditions affecting network connectivity. No patch is currently available for this high-severity vulnerability.
Cisco
Denial Of Service
-
CVE-2026-20046
HIGH
CVSS 8.8
Cisco IOS XR Software contains a task group mapping flaw in a specific CLI command that allows authenticated local attackers to bypass privilege checks and gain full administrative access to affected devices. An attacker with low-privileged credentials can exploit this misconfiguration to execute unauthorized administrative actions without proper authorization validation. No patch is currently available.
Cisco
-
CVE-2026-20040
HIGH
CVSS 8.8
Insufficient CLI argument validation in Cisco IOS XR Software enables authenticated local attackers to achieve root-level code execution through crafted commands. An attacker with low-privileged account access can exploit this vulnerability to bypass privilege restrictions and execute arbitrary commands on the affected device's underlying operating system. No patch is currently available for this high-severity vulnerability.
Cisco
-
CVE-2026-3944
HIGH
CVSS 7.3
SQL injection in itsourcecode University Management System 1.0 via the Name parameter in /att_add.php enables unauthenticated remote attackers to read, modify, or delete database contents. Public exploit code exists for this vulnerability, and no patch is currently available.
PHP
SQLi
University Management System
-
CVE-2026-3943
HIGH
CVSS 7.3
Command injection in H3C ACG1000-AK230 through the /webui/?aaa_portal_auth_local_submit endpoint allows unauthenticated remote attackers to execute arbitrary commands by manipulating the suffix parameter. Public exploit code exists for this vulnerability, which affects versions up to 20260227 with no patch currently available. The vulnerability carries a CVSS score of 7.3 and provides attackers with partial access to confidentiality, integrity, and availability.
Command Injection
-
CVE-2026-3936
HIGH
CVSS 8.8
Use after free in WebView in Google Chrome on Android versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).
Google
Use After Free
Memory Corruption
Denial Of Service
Chrome
-
CVE-2026-3932
HIGH
CVSS 7.5
Insufficient policy enforcement in PDF in Google Chrome on Android versions up to 146.0.7680.71 contains a security vulnerability.
Google
Authentication Bypass
Chrome
Android
-
CVE-2026-3931
HIGH
CVSS 8.8
Heap buffer overflow in Skia in Google Chrome versions up to 146.0.7680.71 is affected by heap-based buffer overflow (CVSS 8.8).
Buffer Overflow
Heap Overflow
Chrome
Google
-
CVE-2026-3926
HIGH
CVSS 8.8
Out of bounds read in V8 in Google Chrome versions up to 146.0.7680.71 is affected by out-of-bounds read (CVSS 8.8).
Information Disclosure
Buffer Overflow
Chrome
Google
-
CVE-2026-3924
HIGH
CVSS 7.5
use after free in WindowDialog in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 7.5).
Google
Use After Free
Denial Of Service
Memory Corruption
Chrome
-
CVE-2026-3923
HIGH
CVSS 8.8
Use after free in WebMIDI in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).
Google
Use After Free
Denial Of Service
Memory Corruption
Chrome
-
CVE-2026-3922
HIGH
CVSS 8.8
Use after free in MediaStream in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).
Google
Use After Free
Denial Of Service
Memory Corruption
Chrome
-
CVE-2026-3921
HIGH
CVSS 8.8
Use after free in TextEncoding in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).
Google
Use After Free
Denial Of Service
Memory Corruption
Chrome
-
CVE-2026-3920
HIGH
CVSS 8.8
Out of bounds memory access in WebML in Google Chrome versions up to 146.0.7680.71 is affected by out-of-bounds read (CVSS 8.8).
Google
Information Disclosure
Buffer Overflow
AI / ML
Chrome
-
CVE-2026-3919
HIGH
CVSS 8.8
Use after free in Extensions in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).
Google
Use After Free
Denial Of Service
Memory Corruption
Chrome
-
CVE-2026-3918
HIGH
CVSS 8.8
Use after free in WebMCP in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).
Google
Use After Free
Denial Of Service
Memory Corruption
Chrome
-
CVE-2026-3917
HIGH
CVSS 8.8
Use after free in Agents in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).
Google
Use After Free
Denial Of Service
Memory Corruption
Chrome
-
CVE-2026-3915
HIGH
CVSS 8.8
Heap buffer overflow in WebML in Google Chrome versions up to 146.0.7680.71 is affected by heap-based buffer overflow (CVSS 8.8).
Google
Buffer Overflow
Heap Overflow
AI / ML
Chrome
-
CVE-2026-3914
HIGH
CVSS 8.8
Integer overflow in WebML in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability (CVSS 8.8).
Google
Buffer Overflow
AI / ML
Chrome
-
CVE-2026-3913
HIGH
CVSS 8.8
Heap buffer overflow in WebML in Google Chrome versions up to 146.0.7680.71 is affected by heap-based buffer overflow (CVSS 8.8).
Google
Buffer Overflow
Heap Overflow
AI / ML
Chrome
-
CVE-2026-3805
HIGH
CVSS 7.5
Curl's SMB implementation contains a use-after-free vulnerability that causes denial of service when processing consecutive requests to the same host, as the library incorrectly dereferences freed memory on subsequent connections. Public exploit code exists for this vulnerability affecting Curl installations. An attacker can crash Curl-based applications or services by triggering multiple SMB requests, though remote code execution is not possible due to the nature of the memory corruption.
Use After Free
Curl
-
CVE-2026-3496
HIGH
CVSS 7.5
Unauthenticated attackers can exploit SQL injection in the JetBooking WordPress plugin through the check_in_date parameter to extract sensitive database information, affecting all versions up to 4.0.3. The vulnerability exists due to insufficient input escaping and unprepared SQL statements. No patch is currently available.
WordPress
SQLi
-
CVE-2026-3453
HIGH
CVSS 8.1
Authenticated users can terminate arbitrary subscriptions in WordPress ProfilePress plugin versions up to 4.16.11 through an IDOR vulnerability in the checkout process that lacks ownership validation on subscription IDs. Any subscriber-level user can exploit the change_plan_sub_id parameter to cancel or expire other users' active subscriptions, immediately revoking their paid access. The vulnerability remains unpatched and affects all current versions of the plugin.
WordPress
-
CVE-2026-3231
HIGH
CVSS 7.2
for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom radio and checkboxgroup field values submitted versions up to 2.1.7. is affected by cross-site scripting (xss) (CVSS 7.2).
WordPress
PHP
XSS
-
CVE-2026-3222
HIGH
CVSS 7.5
Unauthenticated attackers can exploit a time-based blind SQL injection in the WP Maps plugin for WordPress (versions up to 4.9.1) through the location_id parameter in the wpgmp_ajax_call AJAX handler to extract sensitive database information. The vulnerability stems from improper input validation that allows backtick-wrapped user input to bypass SQL escaping functions. No patch is currently available, leaving all affected WordPress installations at risk of data disclosure.
WordPress
SQLi
-
CVE-2026-3178
HIGH
CVSS 7.2
Unauthenticated attackers can inject malicious scripts into the Name Directory WordPress plugin (versions up to 1.32.1) through the 'name_directory_name' parameter, which are then executed in users' browsers when they visit affected pages. The vulnerability stems from inadequate input sanitization and output escaping, allowing stored cross-site scripting attacks that impact all unauthenticated visitors. No patch is currently available, though partial mitigations were attempted in versions 1.30.3 and 1.32.1.
WordPress
XSS
-
CVE-2026-2626
HIGH
CVSS 8.1
divi-booster WordPre versions up to 5.0.2 is affected by cross-site request forgery (csrf) (CVSS 8.1).
WordPress
PHP
CSRF
Deserialization
-
CVE-2026-2466
HIGH
CVSS 7.1
DukaPress WordPress plugin versions up to 3.2.4 contain a reflected XSS vulnerability due to improper input sanitization and output encoding, allowing attackers to inject malicious scripts that execute in the browsers of high-privilege users like administrators. The vulnerability requires user interaction to exploit and can result in session hijacking, credential theft, or unauthorized administrative actions. No patch is currently available.
WordPress
XSS
-
CVE-2026-2413
HIGH
CVSS 7.5
Unauthenticated attackers can extract sensitive database information from WordPress sites running the Ally plugin (versions up to 4.0.3) through SQL injection in the URL parameter handling of the Remediation module. The vulnerability exists because user input is insufficiently sanitized before being concatenated into SQL queries, allowing time-based blind SQL injection attacks despite URL escaping being applied. No patch is currently available.
WordPress
SQLi
-
CVE-2026-2368
HIGH
CVSS 7.1
Lenovo Filez fails to properly validate SSL/TLS certificates, enabling network-positioned attackers to intercept traffic and execute arbitrary code on affected systems. An attacker with the ability to perform man-in-the-middle attacks can exploit this weakness to compromise user devices without authentication. No patch is currently available to remediate this vulnerability.
Authentication Bypass
RCE
-
CVE-2026-1993
HIGH
CVSS 8.8
Privilege escalation in ExactMetrics WordPress plugin versions 7.1.0-9.0.2 allows authenticated users with the `exactmetrics_save_settings` capability to modify any plugin configuration without restrictions, potentially escalating themselves to administrative access. An attacker could exploit the missing input validation in the `update_settings()` function to grant plugin permissions to arbitrary user roles, including subscribers, effectively bypassing intended access controls. No patch is currently available for this vulnerability.
WordPress
Industrial
-
CVE-2026-1992
HIGH
CVSS 8.8
Arbitrary plugin installation and remote code execution in ExactMetrics WordPress plugin versions 8.6.0-9.0.2 allows authenticated users with report-viewing permissions to bypass administrative capability checks via parameter manipulation. An attacker can exploit an Insecure Direct Object Reference in the onboarding process to install malicious plugins and execute arbitrary code on vulnerable WordPress installations. This vulnerability requires the site administrator to have previously granted non-admin users report access permissions.
WordPress
Industrial
RCE
-
CVE-2026-1708
HIGH
CVSS 7.5
Simply Schedule Appointments Booking Plugin versions up to 1.6.9.27. is affected by sql injection (CVSS 7.5).
WordPress
SQLi
-
CVE-2026-1454
HIGH
CVSS 7.2
The Responsive Contact Form Builder & Lead Generation Plugin for WordPress through version 2.0.1 fails to properly sanitize form field submissions, allowing unauthenticated attackers to inject malicious scripts that execute in the administrator dashboard when viewing lead entries. The vulnerability stems from incomplete input validation in the sanitization function combined with overly permissive output filtering that permits onclick attributes on links. Attackers can exploit this to steal admin credentials, modify site content, or perform arbitrary actions within WordPress.
WordPress
XSS
-
CVE-2026-1090
HIGH
CVSS 8.7
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 versions up to 18.7.6 is affected by cross-site scripting (xss) (CVSS 8.7).
Gitlab
XSS
-
CVE-2026-1069
HIGH
CVSS 7.5
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 versions up to 18.9.2 is affected by uncontrolled recursion (CVSS 7.5).
Gitlab
Denial Of Service
-
CVE-2025-70027
HIGH
CVSS 7.5
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information [CVSS 7.5 HIGH]
SSRF
-
CVE-2025-68623
HIGH
CVSS 8.8
In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. [CVSS 8.8 HIGH]
Microsoft
Privilege Escalation
-
CVE-2025-67298
HIGH
CVSS 8.1
An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile [CVSS 8.1 HIGH]
Authentication Bypass
-
CVE-2025-67037
HIGH
CVSS 8.8
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. [CVSS 8.8 HIGH]
Command Injection
-
CVE-2025-67036
HIGH
CVSS 8.8
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. [CVSS 8.8 HIGH]
Command Injection
-
CVE-2025-67034
HIGH
CVSS 8.8
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. [CVSS 8.8 HIGH]
Tls
Command Injection
-
CVE-2025-14513
HIGH
CVSS 7.5
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 versions up to 18.7.6 contains a security vulnerability (CVSS 7.5).
Gitlab
Denial Of Service
-
CVE-2025-13929
HIGH
CVSS 7.5
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 versions up to 18.7.6 is affected by allocation of resources without limits or throttling (CVSS 7.5).
Gitlab
Denial Of Service
-
CVE-2025-13067
HIGH
CVSS 8.8
Royal Addons for Elementor (WordPress plugin) versions up to 1.7.1049. is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
WordPress
PHP
RCE
-
CVE-2024-14026
HIGH
CVSS 7.8
A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. [CVSS 7.8 HIGH]
Qnap
Command Injection
Quts Hero
Qts
-
CVE-2019-25486
HIGH
CVSS 8.2
Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_id parameter. [CVSS 8.2 HIGH]
SQLi
Authentication Bypass
-
CVE-2019-25483
HIGH
CVSS 8.4
Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $( ). [CVSS 8.4 HIGH]
Authentication Bypass
-
CVE-2019-25480
HIGH
CVSS 7.5
ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. [CVSS 7.5 HIGH]
PHP
RCE
Path Traversal
-
CVE-2019-25478
HIGH
CVSS 7.5
GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. [CVSS 7.5 HIGH]
Golang
Buffer Overflow
Denial Of Service
-
CVE-2019-25472
HIGH
CVSS 7.5
IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. [CVSS 7.5 HIGH]
Information Disclosure
-
CVE-2019-25470
HIGH
CVSS 7.5
eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. [CVSS 7.5 HIGH]
Authentication Bypass
-
CVE-2019-25467
HIGH
CVSS 8.4
Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. [CVSS 8.4 HIGH]
Buffer Overflow
-
CVE-2019-25466
HIGH
CVSS 8.4
Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. [CVSS 8.4 HIGH]
Buffer Overflow
-
CVE-2019-25465
HIGH
CVSS 7.5
Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. [CVSS 7.5 HIGH]
Dns
Path Traversal
-
CVE-2026-32234
MEDIUM
CVSS 4.7
### Impact
An attacker with access to the master key can inject malicious SQL via crafted field names used in query constraints when Parse Server is configured with PostgreSQL as the database. The field name in a `$regex` query operator is passed to PostgreSQL using unparameterized string interpolation, allowing the attacker to manipulate the SQL query. While the master key controls what can be done through the Parse Server abstraction layer, this SQL injection bypasses Parse Server entirely and operates at the database level.
This vulnerability only affects Parse Server deployments using PostgreSQL.
### Patches
The fix applies proper SQL identifier escaping to field names in the query handler and hardens query field name validation to reject malicious field names for all query types.
### Workarounds
There is no known workaround.
### References
- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-c442-97qw-j6c6
- Fix Parse Server 9: https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.10
- Fix Parse Server 8: https://github.com/parse-community/parse-server/releases/tag/8.6.36
Node.js
PostgreSQL
SQLi
Parse Server
-
CVE-2026-32229
MEDIUM
CVSS 6.8
JetBrains Hub versions prior to 2026.1 contain an authentication bypass vulnerability where attackers with valid credentials can gain unauthorized access to accounts through sign-in mismatches when SSO is disabled and two-factor authentication is not configured. An authenticated attacker can exploit this to achieve both confidentiality and integrity violations. No patch is currently available for this vulnerability.
Authentication Bypass
-
CVE-2026-32128
MEDIUM
CVSS 6.3
FastGPT's Python Sandbox in versions 4.14.7 and earlier allows authenticated users to bypass file write restrictions by remapping standard output to arbitrary file descriptors via fcntl, enabling unauthorized file creation and modification within the container. The vulnerability exploits a gap between static detection and seccomp filtering, where remapped stdout still satisfies the write syscall rules. An attacker with sandbox access could create or overwrite arbitrary files despite the intended file system restrictions.
Python
AI / ML
-
CVE-2026-32125
MEDIUM
CVSS 5.4
Stored cross-site scripting in OpenEMR versions prior to 8.0.0.1 allows authenticated users with Track Anything feature access to inject malicious scripts into item names that execute in the browsers of all users viewing the corresponding Dygraph charts. An attacker with create or edit permissions can craft payloads that run in victims' sessions without their knowledge, potentially enabling session hijacking or unauthorized actions within the application. No patch is currently available for affected versions.
XSS
Openemr
-
CVE-2026-32124
MEDIUM
CVSS 5.4
Stored cross-site scripting (XSS) in OpenEMR prior to 8.0.0.1 allows administrators or users with code management privileges to inject malicious scripts into code descriptions that execute in the browsers of all users accessing the dynamic code picker. All OpenEMR instances running affected versions are at risk, as any authenticated admin can inject payloads affecting the entire user base. No patch is currently available for this vulnerability.
XSS
Openemr
-
CVE-2026-32122
MEDIUM
CVSS 4.3
OpenEMR versions prior to 8.0.0.1 fail to properly enforce access controls on the Claim File Tracker AJAX endpoint, allowing authenticated users without billing permissions to retrieve sensitive claim metadata including claim IDs, payer information, and transmission logs. An authenticated attacker with minimal privileges can access confidential billing information that should be restricted to authorized billing staff. No patch is currently available for affected installations.
Authentication Bypass
Openemr
-
CVE-2026-32118
MEDIUM
CVSS 5.4
Stored XSS in OpenEMR's Pain Map form prior to version 8.0.0.1 allows authenticated users to inject malicious JavaScript into encounter records that executes when other clinicians view the affected form. Since session cookies lack HttpOnly protection, attackers can hijack sessions of other users including administrators. This vulnerability requires user interaction and network access but poses significant risk in multi-user healthcare environments.
XSS
Openemr
-
CVE-2026-32112
MEDIUM
CVSS 6.8
Medium severity vulnerability in Home Assistant MCP. #
Python
XSS
Home Assistant Mcp Server
-
CVE-2026-32111
MEDIUM
CVSS 5.3
### Summary
The ha-mcp OAuth consent form (beta feature) accepts a user-supplied `ha_url` and makes a server-side HTTP request to `{ha_url}/api/config` with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional code paths in OAuth tool calls (REST and WebSocket) are affected by the same primitive.
The primary deployment method (private URL with pre-configured `HOMEASSISTANT_TOKEN`) is not affected.
### Details
**Code path 1 - Consent form validation** (reported)
When a user submits the OAuth consent form, `_validate_ha_credentials()` (`provider.py`) makes a server-side GET request to `{ha_url}/api/config` with no scheme, IP, or domain validation. Different exception types produce distinct error messages, creating an error oracle:
| Outcome | Message returned | Information leaked |
|---------|------------------|--------------------|
| `ConnectError` | "Could not connect..." | Host down or port closed |
| `TimeoutException` | "Connection timed out..." | Host up, port filtered |
| HTTP 401 | "Invalid access token..." | Service alive, requires auth |
| HTTP 403 | "Access forbidden..." | Service alive, forbidden |
| HTTP ≥ 400 | "Failed to connect: HTTP {N}" | Service alive, exact status |
An attacker can drive the flow programmatically: register a client via open DCR (`POST /register`), initiate authorization, extract a `txn_id`, and submit arbitrary `ha_url` values. No user interaction required.
**Code path 2 - REST tool calls with forged token**
OAuth access tokens are stateless base64-encoded JSON payloads (`{"ha_url": "...", "ha_token": "..."}`). Since tokens are not signed, an attacker can forge a token with an arbitrary `ha_url`. REST tool calls then make HTTP requests to hardcoded HA API paths on that host (`/config`, `/states`, `/services`, etc.). JSON responses are returned to the caller.
In practice, path control is limited - most endpoints use absolute paths that ignore the `ha_url` path component. Useful exfiltration requires the target to return JSON at HA API paths, which is unlikely for non-HA services.
**Code path 3 - WebSocket tool calls with forged token**
The same forged token triggers WebSocket connections to `ws://{ha_url}/api/websocket`. The client follows the HA WebSocket handshake protocol (waits for `auth_required`, sends `auth`, expects `auth_ok`). Non-HA targets fail at the protocol level and return nothing useful. Realistic exploitation is limited to pivoting to another HA instance on the internal network.
### Impact
**Confirmed:** Internal network reconnaissance via error oracle (all 3 code paths). An attacker can map reachable hosts and open ports from the server's network position.
### Scope
OAuth mode is a **beta** feature, documented separately in `docs/OAUTH.md` and not part of the main setup instructions. The standard deployment method (pre-configured `HOMEASSISTANT_URL` and `HOMEASSISTANT_TOKEN`) is not affected.
### Fix
Upgrade to 7.0.0
Oracle
SSRF
Home Assistant Mcp Server
-
CVE-2026-32108
MEDIUM
CVSS 6.5
A security vulnerability in Copyparty (CVSS 6.5). Remediation should follow standard vulnerability management procedures.
Authentication Bypass
Copyparty
-
CVE-2026-32106
MEDIUM
CVSS 4.7
## Summary
The REST API `createUser` endpoint uses string-based rank checks that only block creating `owner` accounts, while the Dashboard API uses `indexOf`-based rank comparison that prevents creating users at or above your own rank. This inconsistency allows an admin to create additional admin accounts via the REST API, enabling privilege proliferation and persistence.
## Details
The REST API handler in `packages/studiocms/frontend/pages/studiocms_api/_handlers/rest-api/v1/secure.ts:1365-1378`:
```typescript
// REST API - only blocks creating 'owner'
if (newUserRank === 'owner' && rank !== 'owner') {
return yield* new RestAPIError({
error: 'Unauthorized to create user with owner rank',
});
}
if (rank === 'admin' && newUserRank === 'owner') {
return yield* new RestAPIError({
error: 'Unauthorized to create user with owner rank',
});
}
// Missing: no check preventing admin from creating admin
// newUserRank='admin' passes all checks
```
The Dashboard API handler in `_handlers/dashboard/create.ts` uses the correct approach:
```typescript
// Dashboard API - blocks creating users at or above own rank
const callerPerm = availablePermissionRanks.indexOf(userData.permissionLevel);
const targetPerm = availablePermissionRanks.indexOf(rank);
if (targetPerm >= callerPerm) {
return yield* new DashboardAPIError({
error: 'Unauthorized: insufficient permissions to assign target rank',
});
}
```
With `availablePermissionRanks = ['unknown', 'visitor', 'editor', 'admin', 'owner']`:
- Admin (index 3) creating admin (index 3): `3 >= 3` = blocked in Dashboard
- In REST API: no such check - allowed
## PoC
```bash
# 1. Use an admin-level API token
# 2. Create a new admin user via REST API
curl -X POST 'http://localhost:4321/studiocms_api/rest/v1/secure/users' \
-H 'Authorization: Bearer <admin-api-token>' \
-H 'Content-Type: application/json' \
-d '{
"username": "rogue_admin",
"email": "rogue@attacker.com",
"displayname": "Rogue Admin",
"rank": "admin",
"password": "StrongP@ssw0rd123"
}'
# Expected: 403 Forbidden (admin should not create peer admin accounts)
# Actual: 200 with new admin user created
```
## Impact
- A compromised or rogue admin can create additional admin accounts as persistence mechanisms that survive password resets or token revocations
- Inconsistent security model between Dashboard API and REST API creates confusion about intended authorization boundaries
- Note: requires admin access (PR:H), which limits practical severity
## Recommended Fix
Replace string-based checks with `indexOf` comparison in `packages/studiocms/frontend/pages/studiocms_api/_handlers/rest-api/v1/secure.ts`:
```typescript
// Before:
if (newUserRank === 'owner' && rank !== 'owner') { ... }
if (rank === 'admin' && newUserRank === 'owner') { ... }
// After:
const availablePermissionRanks = ['unknown', 'visitor', 'editor', 'admin', 'owner'];
const callerPerm = availablePermissionRanks.indexOf(rank);
const targetPerm = availablePermissionRanks.indexOf(newUserRank);
if (targetPerm >= callerPerm) {
return yield* new RestAPIError({
error: 'Unauthorized: insufficient permissions to assign target rank',
});
}
```
Privilege Escalation
Studiocms
-
CVE-2026-32104
MEDIUM
CVSS 5.4
A security vulnerability in StudioCMS (CVSS 5.4). Remediation should follow standard vulnerability management procedures.
Authentication Bypass
Studiocms
-
CVE-2026-32103
MEDIUM
CVSS 6.8
Medium severity vulnerability in StudioCMS. The POST /studiocms_api/dashboard/create-reset-link endpoint allows any authenticated user with admin privileges to generate a password reset token for any other user, including the owner account. The handler verifies that the caller is an admin but does not enforce role hierarchy, nor does it validate that the target userId matches the caller's identity. Combined with the POST /studiocms_api/d...
Authentication Bypass
Studiocms
-
CVE-2026-32102
MEDIUM
CVSS 6.5
### Summary
OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can receive output from actions they are
not allowed to view, resulting in broken access control and sensitive information disclosure. I validated this on OliveTin 3000.10.2.
### Details
The issue is in the live event streaming path.
EventStream() only checks whether the caller may access the dashboard, then registers the user as a stream subscriber:
- service/internal/api/api.go:776
After subscription, execution events are broadcast to all connected clients without checking whether each recipient is authorized to view logs for the action:
- service/internal/api/api.go:846 OnExecutionStarted
- service/internal/api/api.go:869 OnExecutionFinished
- service/internal/api/api.go:1047 OnOutputChunk
The event payload includes action output through:
- service/internal/api/api.go:295 internalLogEntryToPb
- service/internal/api/api.go:302 Output
By contrast, the normal log APIs do apply per-action authorization checks:
- service/internal/api/api.go:518 GetLogs
- service/internal/api/api.go:585 GetActionLogs
- service/internal/api/api.go:544 isLogEntryAllowed
Root cause:
- the subscription path enforces only coarse dashboard access
- execution callbacks broadcast to every connected client
- no per-recipient ACL check is applied before sending action metadata or output
I validated the issue using:
- an admin user with full ACLs
- an alice user with no ACLs
- a protected action that outputs TOPSECRET=alpha-bravo-charlie
Despite having no relevant ACLs, alice still receives the ExecutionFinished event for the privileged action, including the protected output.
### PoC
Tested version:
```
- 3000.10.2
```
1. Fetch and check out 3000.10.2 in a clean worktree:
```bash
git -C OliveTin fetch origin tag 3000.10.2
git -C OliveTin worktree add /home/kali/CVE/OliveTin-3000.10.2 3000.10.2
```
2. Copy the PoC test into the clean tree:
```bash
cp OliveTin/service/internal/api/event_stream_leak_test.go \
OliveTin-3000.10.2/service/internal/api/
```
3. Run the targeted PoC test:
```bash
cd OliveTin-3000.10.2/service
go test ./internal/api -run TestEventStreamLeaksUnauthorizedExecutionOutput -count=1 -timeout 30s -v
```
4. Optional: save validation output:
```bash
go test ./internal/api -run TestEventStreamLeaksUnauthorizedExecutionOutput -count=1 -timeout 30s -v \
2>&1 | tee /tmp/olivetin_eventstream_3000.10.2.log
```
Observed validation output:
```bash
=== RUN TestEventStreamLeaksUnauthorizedExecutionOutput
time="2026-03-01T04:44:59-05:00" level=info msg="Action requested" actionTitle=secret-action tags="[]"
time="2026-03-01T04:44:59-05:00" level=info msg="Action parse args - Before" actionTitle=secret-action cmd="echo 'TOPSECRET=alpha-bravo-charlie'"
time="2026-03-01T04:44:59-05:00" level=info msg="Action parse args - After" actionTitle=secret-action cmd="echo 'TOPSECRET=alpha-bravo-charlie'"
time="2026-03-01T04:44:59-05:00" level=info msg="Action started" actionTitle=secret-action timeout=1
time="2026-03-01T04:44:59-05:00" level=info msg="Action finished" actionTitle=secret-action exit=0 outputLength=30 timedOut=false
--- PASS: TestEventStreamLeaksUnauthorizedExecutionOutput (0.00s)
PASS
ok github.com/OliveTin/OliveTin/internal/api 0.025s
```
What this proves:
- admin can execute the protected action
- alice has no ACLs
- alice still receives the streamed completion event for the protected action
- protected action output is exposed through the event stream
### Impact
This is an authenticated broken access control / information disclosure vulnerability.
A low-privileged authenticated user can subscribe to EventStream and receive:
- action execution metadata
- execution tracking IDs
- initiating username
- live output chunks
- final command output
Who is impacted:
- multi-user OliveTin deployments
- environments where privileged actions produce secrets, tokens, internal system details, or other sensitive operational output
- deployments where lower-privileged authenticated users can access the dashboard and subscribe to live events
This bypasses intended per-action log/view restrictions for protected actions.
Information Disclosure
Authentication Bypass
Olivetin
-
CVE-2026-32095
MEDIUM
CVSS 5.4
Plunk is an open-source email platform built on top of AWS SES. versions up to 0.7.1 is affected by cross-site scripting (xss) (CVSS 5.4).
XSS
Plunk
-
CVE-2026-32094
MEDIUM
CVSS 6.5
Shescape versions prior to 2.1.10 fail to properly escape square-bracket glob patterns in Bash, BusyBox sh, and Dash, allowing attackers to manipulate shell arguments into multiple filesystem expansions instead of literal strings. Applications using the library's escape() function are vulnerable to argument injection attacks where an attacker-controlled value like "secret[12]" could expand to match multiple files, bypassing intended pathname restrictions. No patch is currently available for affected deployments.
Information Disclosure
Shescape
-
CVE-2026-32061
MEDIUM
CVSS 4.4
OpenClaw versions before 2026.2.17 allow privileged users with config modification access to read arbitrary files on the system through path traversal in the $include directive. An attacker in this position can exploit absolute paths, directory traversal sequences, or symlinks to access sensitive data like API keys and credentials that the OpenClaw process can read. No patch is currently available for this medium-severity vulnerability.
Path Traversal
Openclaw
-
CVE-2026-31988
MEDIUM
CVSS 5.3
Denial of service in yauzl 3.2.0 (Node.js zip parsing library) allows remote attackers to crash applications by submitting malformed zip files with specially crafted NTFS timestamp fields that trigger an out-of-bounds buffer read. The vulnerability affects any Node.js application that processes untrusted zip uploads and extracts file modification dates. No patch is currently available.
Node.js
Denial Of Service
-
CVE-2026-31961
MEDIUM
CVSS 5.5
Quill before v0.7.1 is susceptible to denial of service through unbounded memory allocation when processing maliciously crafted Mach-O binaries. Environments accepting externally-submitted binaries for signing—such as CI/CD pipelines and shared signing services—face resource exhaustion attacks if they process attacker-controlled files. An authenticated local attacker can trigger excessive memory consumption by exploiting unvalidated size fields in code signing structures, causing the application to crash or hang.
Golang
Denial Of Service
-
CVE-2026-31960
MEDIUM
CVSS 5.3
Unbounded memory consumption in Quill's Apple notarization process allows denial of service when HTTP responses lack size validation, affecting environments with TLS-intercepting proxies or compromised certificate authorities where response manipulation is possible. An attacker positioned to intercept or modify notarization API responses can return arbitrarily large payloads to exhaust memory and crash the signing process. This impacts corporate networks and environments with trust boundary violations, though exploitation is not feasible under standard HTTPS conditions with proper certificate validation.
Tls
Denial Of Service
-
CVE-2026-31959
MEDIUM
CVSS 5.3
Quill before v0.7.1 contains a server-side request forgery vulnerability in its Apple notarization log retrieval functionality that fails to validate URL schemes and destination hosts. Exploitation requires an attacker to intercept or modify API responses, making it primarily a threat in environments with TLS-intercepting proxies, compromised certificate authorities, or other trust boundary violations. An attacker could redirect notarization requests to internal or multicast addresses, potentially exposing sensitive information or accessing restricted resources.
Tls
SSRF
-
CVE-2026-31901
MEDIUM
CVSS 5.3
Parse Server versions before 8.6.34 and 9.6.0-alpha.8 leak user registration status through differential error responses on the email verification endpoint, enabling attackers to enumerate valid email addresses in the system when email verification is enabled. Deployments with verifyUserEmails set to true are vulnerable to this user enumeration attack, which allows an attacker to systematically identify registered accounts by analyzing response codes from the /verificationEmailRequest endpoint. No patch is currently available for affected installations.
Node.js
Information Disclosure
Parse Server
-
CVE-2026-31888
MEDIUM
CVSS 5.3
Shopware's Store API login endpoint (POST /store-api/account/login) leaks information about registered customer accounts by returning distinct error messages and echoing email addresses based on whether credentials belong to known users, enabling unauthenticated attackers to enumerate valid customer accounts. The vulnerability affects versions prior to 6.7.8.1 and 6.6.10.15, while the storefront login controller properly mitigates this issue, indicating inconsistent security controls. No patch is currently available.
Information Disclosure
-
CVE-2026-31879
MEDIUM
CVSS 5.4
Frappe is a full-stack web application framework. versions up to 14.100.2 is affected by cross-site scripting (xss).
XSS
Frappe
-
CVE-2026-31878
MEDIUM
CVSS 5.0
Frappe is a full-stack web application framework. versions up to 14.100.1 is affected by server-side request forgery (ssrf) (CVSS 5.0).
SSRF
Frappe
-
CVE-2026-31876
MEDIUM
CVSS 5.4
Stored XSS in Notesnook Mobile and Desktop versions prior to 3.3.9 allows authenticated users to execute arbitrary JavaScript by injecting malicious code into Twitter/X embed URLs through the editor component. An attacker with user account access can craft a malicious note containing a specially crafted embed URL that executes when the note is viewed, potentially compromising user data or session tokens. No patch is currently available for affected versions.
XSS
Notesnook Mobile
Notesnook Desktop
-
CVE-2026-31875
MEDIUM
CVSS 5.9
Parse Server's TOTP-based multi-factor authentication fails to invalidate recovery codes after use, allowing an attacker with a single recovery code to authenticate repeatedly as an affected user. This vulnerability impacts Parse Server deployments prior to versions 9.6.0-alpha.7 and 8.6.33, where recovery codes intended as single-use fallback mechanisms can be exploited indefinitely to bypass MFA protections. No patch is currently available for affected versions.
Node.js
Information Disclosure
Parse Server
-
CVE-2026-31868
MEDIUM
CVSS 6.1
Stored XSS in Parse Server prior to versions 9.6.0-alpha.4 and 8.6.30 allows unauthenticated attackers to upload files with dangerous extensions (such as .svgz, .xht, .xml) that bypass default upload filters and execute malicious scripts in users' browsers within the Parse Server domain. Successful exploitation enables attackers to steal session tokens, hijack user accounts, or perform unauthorized actions on behalf of victims. User interaction is required to trigger the vulnerability when victims access the uploaded malicious files.
Node.js
XSS
Parse Server
-
CVE-2026-31867
MEDIUM
CVSS 4.8
Craft Commerce versions prior to 4.11.0 and 5.6.0 contain an IDOR vulnerability in the cart functionality that allows unauthenticated attackers to access and modify arbitrary shopping carts by guessing or knowing their 32-character identifiers. The CartController fails to validate cart ownership, enabling attackers to hijack active shopping sessions and potentially access sensitive customer information. No patch is currently available for affected versions.
Authentication Bypass
Craft Commerce
-
CVE-2026-31859
MEDIUM
CVSS 6.1
Reflected XSS in Craft CMS versions before 5.9.7 and 4.17.3 allows remote attackers to execute arbitrary JavaScript in users' browsers via malicious return URLs that bypass insufficient sanitization. The vulnerability exists because the patch for a prior issue relied on strip_tags() to filter URLs, which fails to block dangerous URL schemes like javascript:. An attacker can craft a malicious link that, when clicked by an authenticated user, steals session cookies or performs actions on their behalf.
PHP
XSS
Craft Cms
-
CVE-2026-31853
MEDIUM
CVSS 5.7
ImageMagick is free and open-source software used for editing and manipulating digital images. versions up to 7.1.2-16 is affected by heap-based buffer overflow (CVSS 5.7).
Buffer Overflow
Heap Overflow
Imagemagick
-
CVE-2026-31813
MEDIUM
CVSS 4.8
Supabase Auth allows remote attackers to hijack user sessions by crafting fraudulent ID tokens when Apple or Azure OAuth providers are configured, enabling unauthorized access to victim accounts without requiring user interaction. An attacker can forge a valid JWT token for any target email address and exchange it at the token endpoint to obtain legitimate session credentials, effectively impersonating arbitrary users. This affects organizations using Supabase with Apple or Azure authentication enabled, with no patch currently available to remediate the vulnerability.
Microsoft
Authentication Bypass
Apple
-
CVE-2026-30868
MEDIUM
CVSS 6.3
OPNsense prior to version 26.1.4 contains a CSRF vulnerability where state-changing API endpoints accept HTTP GET requests without proper anti-CSRF protections, allowing authenticated users to be tricked into triggering unintended system operations. An attacker can craft a malicious website that, when visited by an authenticated OPNsense administrator, performs unauthorized configuration changes or service reloads through the vulnerable endpoints. No patch is currently available for this medium-severity vulnerability affecting OPNsense firewall deployments.
CSRF
Opnsense
-
CVE-2026-30239
MEDIUM
CVSS 6.5
Unauthorized budget assignment deletion in OpenProject prior to 17.2.0 allows any authenticated user to remove work package budget associations due to insufficient authorization checks being performed after the deletion operation. This improper access control enables users without proper permissions to manipulate budget data, potentially disrupting project financial tracking and resource allocation. A patch is available in version 17.2.0 and later.
Authentication Bypass
Openproject
-
CVE-2026-30236
MEDIUM
CVSS 4.3
OpenProject prior to 17.2.0 fails to validate project membership when calculating labor costs in budget planning, allowing authenticated users to enumerate non-member employees' default billing rates. This exposure occurs both when editing budgets directly and through the cost preview calculation endpoint, potentially revealing sensitive salary information to unauthorized project users.
Authentication Bypass
Openproject
-
CVE-2026-30235
MEDIUM
CVSS 6.5
web-based project management software. versions up to 17.2.0 is affected by cross-site scripting (xss) (CVSS 6.5).
XSS
Openproject
-
CVE-2026-30234
MEDIUM
CVSS 6.5
OpenProject versions prior to 17.2.0 allow authenticated users with BCF import permissions to read arbitrary files from the server through path traversal in crafted .bcf archive uploads. An attacker can manipulate the Snapshot field in markup.bcf to reference absolute or traversal paths (such as /etc/passwd), enabling unauthorized file disclosure within the application's read permissions. This vulnerability requires valid project member credentials and no patch is currently available.
Path Traversal
Openproject
-
CVE-2026-28803
MEDIUM
CVSS 6.5
Open Forms versions prior to 3.3.13 and 3.4.5 allow authenticated attackers to access arbitrary form submissions through submission reference enumeration or manipulation in the cosigning workflow. An attacker with valid credentials can guess or modify cosigner codes to retrieve submissions they should not have access to, resulting in unauthorized information disclosure.
Authentication Bypass
Open Forms
-
CVE-2026-27266
MEDIUM
CVSS 5.4
Adobe Experience Manager 6.5.23 and earlier contain a stored XSS vulnerability in form fields that allows low-privileged authenticated users to inject malicious scripts. When victims access pages containing the injected payload, the JavaScript executes in their browser context, potentially leading to session hijacking, credential theft, or other client-side attacks. No patch is currently available for this vulnerability.
Adobe
XSS
Experience Manager
-
CVE-2026-27265
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged users to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker can leverage this vulnerability to steal session tokens, credentials, or perform actions on behalf of victims within the AEM environment. No patch is currently available.
Adobe
XSS
Experience Manager
-
CVE-2026-27264
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts into form fields that execute in other users' browsers. An attacker with valid credentials can compromise other users' sessions and steal sensitive data by crafting specially crafted input. Currently no patch is available.
Adobe
XSS
Experience Manager
-
CVE-2026-27263
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts into form fields that execute in other users' browsers. An attacker with valid credentials could leverage this vulnerability to steal session tokens, modify page content, or perform actions on behalf of victims who view the compromised forms. No patch is currently available.
Adobe
XSS
Experience Manager
-
CVE-2026-27262
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute in users' browsers when the page is viewed. An attacker with login credentials can craft payloads in vulnerable fields to steal session data or perform actions on behalf of victims. No patch is currently available.
Adobe
XSS
Experience Manager
-
CVE-2026-27261
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers with low privileges to inject malicious scripts into form fields that execute in other users' browsers. An attacker can leverage this to steal session tokens, perform unauthorized actions, or redirect victims to malicious sites when they view compromised pages. No patch is currently available.
Adobe
XSS
Experience Manager
-
CVE-2026-27260
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts through form fields that execute in other users' browsers. An attacker with valid credentials can craft payloads to steal session tokens, redirect users, or perform actions on their behalf when victims view affected pages. No patch is currently available for this vulnerability.
Adobe
XSS
Experience Manager
-
CVE-2026-27259
MEDIUM
CVSS 5.4
Adobe Experience Manager 6.5.23 and earlier contain a stored XSS vulnerability in form fields that allows low-privileged authenticated users to inject malicious scripts executed in other users' browsers. An attacker can exploit this to steal credentials, perform unauthorized actions, or deface content when victims access affected pages. No patch is currently available.
Adobe
XSS
Experience Manager
-
CVE-2026-27257
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. This requires low privileges and user interaction, enabling attackers to steal session data or perform actions on behalf of victims within the application context. No patch is currently available.
Adobe
XSS
-
CVE-2026-27256
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. The vulnerability requires low privileges and user interaction, enabling attackers to steal session data or perform actions on behalf of victims. No patch is currently available.
Adobe
XSS
-
CVE-2026-27255
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when users view the compromised pages. The vulnerability requires low privileges and user interaction, enabling attackers to steal session data or perform actions on behalf of victims. No patch is currently available.
Adobe
XSS
-
CVE-2026-27254
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers with low privileges to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker can exploit this vulnerability to steal session tokens, perform unauthorized actions, or redirect users to malicious sites through script execution in victims' browsers. No patch is currently available.
Adobe
XSS
-
CVE-2026-27253
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged attackers to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker with valid credentials can exploit this vulnerability to steal session tokens, perform actions on behalf of victims, or redirect users to malicious sites. No patch is currently available for this vulnerability.
Adobe
XSS
-
CVE-2026-27252
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers with low privileges to inject malicious scripts into form fields that execute in other users' browsers. An attacker can exploit this vulnerability to perform actions on behalf of victims or steal sensitive information when they visit pages containing the compromised fields. No patch is currently available for this vulnerability.
Adobe
XSS
-
CVE-2026-27251
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers with low privileges to inject malicious scripts into form fields that execute in victims' browsers. An attacker can exploit this vulnerability by injecting JavaScript that runs when other users access pages containing the compromised fields, potentially enabling session hijacking, credential theft, or malware distribution. No patch is currently available.
Adobe
XSS
-
CVE-2026-27250
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts into form fields that execute in other users' browsers. An attacker could exploit this to steal session tokens, redirect users, or perform actions on behalf of victims viewing affected pages. No patch is currently available.
Adobe
XSS
-
CVE-2026-27249
MEDIUM
CVSS 5.4
Adobe Experience Manager 6.5.23 and earlier contains a stored XSS vulnerability in form fields that allows low-privileged authenticated users to inject malicious scripts. When victims visit pages containing the injected payload, the attacker's JavaScript executes in their browser, potentially compromising user sessions or stealing sensitive data. No patch is currently available.
Adobe
XSS
-
CVE-2026-27248
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute in other users' browsers. An attacker with low privileges can craft malicious input that persists in the application and compromises confidentiality and integrity for victims who access the affected pages. No patch is currently available.
Adobe
XSS
Experience Manager
-
CVE-2026-27247
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts into form fields that execute in victims' browsers when the contaminated pages are viewed. An attacker with valid credentials can exploit this to steal session tokens, credentials, or perform actions on behalf of affected users. No patch is currently available.
Adobe
XSS
Experience Manager
-
CVE-2026-27244
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when users view the affected pages. A low-privileged user can exploit this to perform actions in the context of other users' browsers, potentially compromising session integrity and enabling credential theft or data exfiltration. No patch is currently available.
Adobe
XSS
Experience Manager
-
CVE-2026-27242
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged attackers to inject malicious scripts into form fields that execute when victims view affected pages. The vulnerability requires user interaction and can result in session hijacking, credential theft, or unauthorized actions performed on behalf of the victim. No patch is currently available.
Adobe
XSS
Experience Manager
-
CVE-2026-27241
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. The vulnerability requires low-level privileges and user interaction to exploit, enabling attackers to steal session data or perform actions on behalf of victims. No patch is currently available for this medium-severity issue.
Adobe
XSS
Experience Manager
-
CVE-2026-27240
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager versions 6.5.23 and earlier enables low-privileged attackers to embed malicious scripts in form fields that execute when legitimate users view the affected pages. An attacker with basic authentication can inject JavaScript that runs in victims' browsers, potentially compromising session data or performing unauthorized actions. No patch is currently available for this vulnerability.
Adobe
XSS
Experience Manager
-
CVE-2026-27239
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker with login credentials can compromise victim browsers and potentially steal sensitive information or perform unauthorized actions within the application context. No patch is currently available for this vulnerability.
Adobe
XSS
Experience Manager
-
CVE-2026-27237
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers with low privileges to inject malicious scripts into form fields, which execute in the browsers of users viewing those pages. The vulnerability requires user interaction and has limited scope of impact, affecting confidentiality and integrity but not availability. No patch is currently available for this medium-severity issue.
Adobe
XSS
Experience Manager
-
CVE-2026-27236
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker with low privileges and user interaction can compromise the confidentiality and integrity of victim sessions. No patch is currently available.
Adobe
XSS
Experience Manager
-
CVE-2026-27235
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. A low-privileged user can exploit this to perform actions in victim browsers or steal sensitive information, though no patch is currently available.
Adobe
XSS
Experience Manager
-
CVE-2026-27234
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute in victims' browsers when the affected pages are viewed. The vulnerability requires user interaction and is limited to low-impact information disclosure and modification, though it can affect multiple users due to its stored nature. No patch is currently available for this issue.
Adobe
XSS
Experience Manager
-
CVE-2026-27233
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers with low privileges to inject malicious scripts into form fields, which execute in victims' browsers when they access affected pages. The vulnerability requires user interaction and can result in session hijacking, credential theft, or malware distribution. No patch is currently available.
Adobe
XSS
Experience Manager
-
CVE-2026-27232
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts into form fields that execute in victims' browsers, potentially leading to session hijacking or credential theft. The vulnerability requires user interaction and is currently unpatched, with no active exploitation reported.
Adobe
XSS
Experience Manager
-
CVE-2026-27231
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute in users' browsers when the affected pages are accessed. An attacker with login credentials can craft payloads that persist in the application and compromise victim sessions or steal sensitive data. No patch is currently available.
Adobe
XSS
Experience Manager
-
CVE-2026-27230
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows low-privileged authenticated users to inject malicious scripts into form fields that execute in other users' browsers when they access affected pages. An attacker can exploit this to steal session tokens, perform unauthorized actions, or deface content with minimal user interaction required. No patch is currently available for this vulnerability.
Adobe
XSS
Experience Manager
-
CVE-2026-27229
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields, which execute in victims' browsers when the affected pages are accessed. An attacker with login credentials can exploit this vulnerability to steal session tokens, credentials, or perform actions on behalf of users viewing the compromised forms. No patch is currently available for this vulnerability.
Adobe
XSS
Experience Manager
-
CVE-2026-27228
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields that execute when other users view the affected pages. An attacker with low privileges can exploit this vulnerability to steal session tokens, credentials, or perform actions on behalf of victims through their browsers. No patch is currently available.
Adobe
XSS
Experience Manager
-
CVE-2026-27226
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts through form fields, which execute in victims' browsers when they view affected pages. The vulnerability requires user interaction and network access but can impact confidentiality and integrity across security domains. No patch is currently available.
Adobe
XSS
Experience Manager
-
CVE-2026-27225
MEDIUM
CVSS 5.4
Adobe Experience Manager 6.5.23 and earlier contains a stored XSS vulnerability in form fields that allows low-privileged authenticated users to inject malicious scripts affecting other users who view the compromised pages. When a victim browses to a page containing the injected payload, the malicious JavaScript executes in their browser context, potentially enabling session hijacking or credential theft. No patch is currently available.
Adobe
XSS
Experience Manager
-
CVE-2026-27224
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier allows authenticated attackers to inject malicious scripts into form fields, which execute in victims' browsers when they view affected pages. This requires user interaction and an authenticated attacker, but could compromise the confidentiality and integrity of user sessions. No patch is currently available.
Adobe
XSS
Experience Manager
-
CVE-2026-27223
MEDIUM
CVSS 5.4
Stored XSS in Adobe Experience Manager 6.5.23 and earlier enables authenticated attackers to inject malicious scripts into form fields that execute when users view affected pages. An attacker with login credentials can compromise victim browsers and steal sensitive data or perform actions on their behalf. No patch is currently available.
Adobe
XSS
Experience Manager
-
CVE-2026-24510
MEDIUM
CVSS 6.7
Dell Alienware Command Center versions before 6.12.24.0 suffer from improper privilege management that allows local attackers with low privileges to escalate their access on affected systems. An attacker with physical or local system access combined with user interaction could gain elevated privileges, potentially compromising system integrity and confidentiality. No patch is currently available for this vulnerability.
Privilege Escalation
Dell
-
CVE-2026-23817
MEDIUM
CVSS 6.5
web-based management interface of AOS-CX Switches is affected by url redirection to untrusted site (open redirect) (CVSS 6.5).
Open Redirect
-
CVE-2026-21360
MEDIUM
CVSS 6.8
Adobe Commerce and Magento versions 2.4.9-alpha3 through 2.4.4-p16 contain a path traversal vulnerability that allows high-privileged attackers to bypass security controls and access files outside intended directories. The vulnerability requires administrative credentials but no user interaction for exploitation, potentially exposing sensitive data. No patch is currently available for affected versions.
Adobe
Path Traversal
Commerce B2b
Commerce
Magento
-
CVE-2026-21359
MEDIUM
CVSS 4.7
Incorrect authorization controls in Adobe Commerce versions 2.4.9-alpha3 through 2.4.4-p16 permit attackers to bypass security features and degrade data integrity and availability with no user interaction required. The vulnerability affects multiple Adobe Commerce and Magento B2B product lines, though exploitation requires specific conditions outside the attacker's direct control. No patch is currently available for this medium-severity flaw.
Adobe
Magento
Commerce B2b
Commerce
-
CVE-2026-21310
MEDIUM
CVSS 5.3
Security feature bypass in Adobe Commerce and Magento versions 2.4.4-p16 through 2.4.9-alpha3 results from improper input validation, allowing unauthenticated remote attackers to compromise the integrity of affected systems without user interaction. The vulnerability affects multiple product lines including Commerce B2B, with no patch currently available. The medium severity rating reflects limited impact scope, though the network-accessible attack vector presents a meaningful risk to exposed instances.
Adobe
Commerce
Commerce B2b
Magento
-
CVE-2026-21297
MEDIUM
CVSS 4.3
Improper authorization controls in Adobe Commerce versions 2.4.9-alpha3 through 2.4.4-p16 allow authenticated attackers to bypass security features and access restricted functionality without requiring user interaction. The vulnerability affects multiple Commerce and B2B product lines, enabling low-privileged users to gain unauthorized access to sensitive features. No patch is currently available for this issue.
Adobe
Commerce
Magento
Commerce B2b
-
CVE-2026-21296
MEDIUM
CVSS 4.3
Incorrect authorization in Adobe Commerce 2.4.4 through 2.4.9-alpha3 allows authenticated attackers to bypass security controls and view sensitive data without user interaction. The vulnerability stems from improper access control checks that enable low-privileged users to access information they should not be able to view. Currently, no patch is available for affected versions.
Adobe
Magento
Commerce B2b
Commerce
-
CVE-2026-21294
MEDIUM
CVSS 5.5
Server-side request forgery in multiple Adobe Commerce versions allows high-privileged attackers to bypass security controls by manipulating internal server requests without user interaction. Affected versions include 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, and 2.4.4-p16 or earlier. No patch is currently available.
Adobe
SSRF
Commerce B2b
Magento
Commerce
-
CVE-2026-21293
MEDIUM
CVSS 5.5
Server-side request forgery in Adobe Commerce 2.4.4 through 2.4.9-alpha3 enables high-privileged attackers to bypass security controls and access unauthorized resources without user interaction. The vulnerability affects multiple versions across the Commerce and Commerce B2B product lines, allowing manipulation of internal server requests from an authenticated administrative context. No patch is currently available.
Adobe
SSRF
Commerce
Magento
Commerce B2b
-
CVE-2026-21292
MEDIUM
CVSS 5.4
Stored XSS in Adobe Commerce 2.4.4 through 2.4.9-alpha3 allows authenticated attackers with low privileges to inject malicious scripts into form fields that execute when victims view the affected pages. The vulnerability requires user interaction and could lead to session hijacking, credential theft, or malware distribution within Commerce environments. No patch is currently available for affected versions.
Adobe
XSS
Magento
Commerce
Commerce B2b
-
CVE-2026-21291
MEDIUM
CVSS 4.8
Stored XSS in Adobe Commerce versions 2.4.9-alpha3 through 2.4.4-p16 allows high-privileged attackers to inject malicious scripts into form fields that execute when victims view the affected pages. The vulnerability requires attacker credentials and user interaction but could compromise session security and steal sensitive data across multiple Commerce deployments. No patch is currently available for affected versions.
Adobe
XSS
Magento
Commerce B2b
Commerce
-
CVE-2026-21286
MEDIUM
CVSS 5.3
Incorrect authorization controls in Adobe Commerce versions 2.4.9-alpha3 through 2.4.4-p16 allow unauthenticated remote attackers to bypass security features and gain unauthorized read access to sensitive data without user interaction. The vulnerability stems from improper access restrictions and could expose confidential information across affected Magento Commerce and Commerce B2B deployments. No patch is currently available to remediate this issue.
Adobe
Commerce
Magento
Commerce B2b
-
CVE-2026-21285
MEDIUM
CVSS 4.3
Incorrect authorization controls in Adobe Commerce 2.4.9-alpha3 through 2.4.4-p16 permit low-privileged authenticated users to bypass security features and access restricted functionality without user interaction. The vulnerability stems from improper authorization checks that fail to enforce proper access controls. No patch is currently available for affected versions.
Adobe
Magento
Commerce
Commerce B2b
-
CVE-2026-21282
MEDIUM
CVSS 5.3
Denial-of-service attacks against Adobe Commerce and Magento B2B versions 2.4.4 through 2.4.9-alpha3 are possible through improper input validation that fails to sanitize malicious payloads. An unauthenticated remote attacker can trigger application unavailability by sending specially crafted requests without requiring user interaction. No security patch is currently available for this vulnerability.
Adobe
Magento
Commerce
Commerce B2b
-
CVE-2026-20166
MEDIUM
CVSS 5.4
Improper access control in the Discover Splunk Observability Cloud app allows low-privileged users without admin or power roles to retrieve Observability Cloud API access tokens in Splunk Enterprise versions below 10.2.1/10.0.4 and Splunk Cloud Platform versions below 10.2.2510.5/10.1.2507.16/10.0.2503.12. An attacker with low-level credentials could leverage this to obtain API tokens for unauthorized access to Observability Cloud resources. No patch is currently available.
Information Disclosure
-
CVE-2026-20165
MEDIUM
CVSS 6.3
Improper access control in Splunk Enterprise and Cloud Platform versions below specified thresholds allows low-privileged users without admin or power roles to extract sensitive information from job search logs through the MongoClient logging channel. Affected versions include Enterprise 10.2.1, 10.0.4, 9.4.9, and 9.3.10, as well as corresponding Cloud Platform releases. No patch is currently available for this medium-severity vulnerability.
Information Disclosure
-
CVE-2026-20164
MEDIUM
CVSS 6.5
Splunk Enterprise and Cloud Platform versions below specified thresholds fail to properly restrict access to the passwords configuration API endpoint, allowing low-privileged users without admin or power roles to retrieve hashed or plaintext credential values from passwords.conf. This information disclosure vulnerability could enable attackers to obtain sensitive authentication credentials for further system compromise. No patch is currently available.
Information Disclosure
-
CVE-2026-20162
MEDIUM
CVSS 6.3
Stored XSS via path traversal in Splunk Enterprise and Cloud Platform allows low-privileged users to inject malicious JavaScript into Views, compromising any user who visits the affected page. An attacker must socially engineer a victim into initiating the malicious request, but no special privileges or user interaction beyond initial page load is required. Affected versions include Splunk Enterprise below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, with no patch currently available.
XSS
Path Traversal
-
CVE-2026-20118
MEDIUM
CVSS 6.8
Network interface denial of service in Cisco IOS XR on NCS 5500/5700 routers allows unauthenticated remote attackers to disable packet processing by sending crafted traffic that triggers EPNI Aligner interrupt corruption during heavy transit conditions. Successful exploitation causes the network processing unit and ASIC to stop functioning, rendering affected interfaces unable to forward traffic. No patch is currently available for this medium-severity vulnerability.
Cisco
Denial Of Service
-
CVE-2026-20117
MEDIUM
CVSS 6.1
Unauthenticated attackers can inject malicious scripts into Cisco Unified CCX's web management interface due to insufficient input validation, enabling XSS attacks against administrators and users. Successful exploitation allows arbitrary JavaScript execution within the browser context or theft of sensitive session information. No patch is currently available.
Cisco
XSS
-
CVE-2026-20116
MEDIUM
CVSS 6.1
Unauthenticated attackers can inject malicious scripts into the web management interfaces of multiple Cisco contact center products (Finesse, Packaged CCE, Unified CCE, Unified CCX, and Unified Intelligence Center) due to insufficient input validation. Successful exploitation allows arbitrary script execution in the victim's browser context, potentially enabling session hijacking or credential theft from administrators. No patch is currently available for this cross-site scripting vulnerability.
Cisco
XSS
-
CVE-2026-3964
MEDIUM
CVSS 5.3
A weakness has been identified in OpenAkita versions up to 1.24.3. is affected by command injection (CVSS 5.3).
Command Injection
AI / ML
-
CVE-2026-3962
MEDIUM
CVSS 4.3
Stored cross-site scripting (XSS) in Jcharis Machine-Learning-Web-Apps affects the Jinja2 template handler in Flask applications, allowing attackers to inject malicious scripts that execute in users' browsers. The vulnerability requires user interaction to trigger and can compromise data integrity through DOM manipulation. Public exploit code exists for this vulnerability, and the project maintainers have not yet released a patch.
Flask
XSS
-
CVE-2026-3961
MEDIUM
CVSS 6.3
Server-side request forgery in zyddnys manga-image-translator through beta-0.3 allows authenticated remote attackers to forge requests via the to_pil_image function in the Translate Endpoints component. The vulnerability has been publicly disclosed with exploit code available, though the vendor has not yet released a patch or responded to notification.
SSRF
-
CVE-2026-3959
MEDIUM
CVSS 5.3
Command injection in 0xKoda WireMCP's Tshark CLI command handler allows local attackers with user privileges to execute arbitrary operating system commands through the server.tool function in index.js. Public exploit code exists for this vulnerability, though no patch is currently available. The impact is limited to local attack scenarios with potential for unauthorized code execution and system compromise.
Command Injection
-
CVE-2026-3958
MEDIUM
CVSS 6.3
Woahai321 ListSync versions up to 0.6.6 contain a server-side request forgery vulnerability in the JSON handler component that allows authenticated remote attackers to make arbitrary HTTP requests from the affected server. Public exploit code exists for this vulnerability, and the vendor has not yet responded to the disclosure. An attacker with valid credentials can leverage this to access internal resources or attack systems on the server's network.
SSRF
-
CVE-2026-3957
MEDIUM
CVSS 4.7
SQL injection in the weimai-wetapp HomeController endpoint allows remote attackers with high privileges to manipulate the cat parameter and execute arbitrary database queries, potentially leading to unauthorized data access or modification. Public exploit code is available for this vulnerability, and the development team has not yet responded to the early disclosure notification. A patch is not currently available.
Java
SQLi
-
CVE-2026-3956
MEDIUM
CVSS 4.7
SQL injection in the Admin_AdminUserController of weimai-wetapp allows remote attackers with high privileges to manipulate the keyword parameter and execute arbitrary SQL queries, potentially leading to unauthorized data access and modification. Public exploit code exists for this vulnerability, though no patch is currently available. The vulnerability affects Java-based deployments using affected versions of the weimai-wetapp project.
Java
SQLi
-
CVE-2026-3955
MEDIUM
CVSS 6.3
Code injection in elecV2P versions up to 3.8.3 via the jsfile endpoint allows authenticated attackers to execute arbitrary code remotely through the runJSFile function. Public exploit code is available, though no patch has been released. Affected organizations using this component should restrict access to the vulnerable endpoint and monitor for exploitation attempts.
Code Injection
-
CVE-2026-3954
MEDIUM
CVSS 6.5
OpenBMB XAgent 1.0.0 contains a path traversal vulnerability in the workspace router that allows unauthenticated remote attackers to manipulate the file_name parameter and access or modify arbitrary files on the system. Public exploit code is available for this vulnerability, which affects the integrity and availability of the application. The vendor has not yet released a patch despite early notification of the issue.
Path Traversal
AI / ML
-
CVE-2026-3951
MEDIUM
CVSS 4.3
Reflected cross-site scripting in LockerProject Locker versions 0.0.0 through 0.1.0 allows unauthenticated remote attackers to inject malicious scripts through the ID parameter in the Error Response Handler component. Public exploit code exists for this vulnerability, and the vendor has not yet provided a patch despite early notification.
XSS
-
CVE-2026-3942
MEDIUM
CVSS 4.3
Incorrect security UI in PictureInPicture in Google Chrome versions up to 146.0.7680.71 is affected by user interface (ui) misrepresentation of critical information (CVSS 4.3).
Google
Information Disclosure
Chrome
-
CVE-2026-3941
MEDIUM
CVSS 4.3
Insufficient policy enforcement in DevTools in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability (CVSS 4.3).
Google
Authentication Bypass
Chrome
-
CVE-2026-3940
MEDIUM
CVSS 5.3
Insufficient policy enforcement in DevTools in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.
Google
Authentication Bypass
Chrome
-
CVE-2026-3939
MEDIUM
CVSS 5.3
Insufficient policy enforcement in PDF in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.
Google
Authentication Bypass
Chrome
-
CVE-2026-3938
MEDIUM
CVSS 4.3
Insufficient policy enforcement in Clipboard in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.
Google
Authentication Bypass
Chrome
-
CVE-2026-3937
MEDIUM
CVSS 6.5
Incorrect security UI in Downloads in Google Chrome on Android versions up to 146.0.7680.71 contains a security vulnerability.
Google
Information Disclosure
Chrome
Android
-
CVE-2026-3935
MEDIUM
CVSS 6.5
Incorrect security UI in WebAppInstalls in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.
Google
Information Disclosure
Chrome
-
CVE-2026-3934
MEDIUM
CVSS 6.5
Insufficient policy enforcement in ChromeDriver in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.
Google
Authentication Bypass
Chrome
-
CVE-2026-3930
MEDIUM
CVSS 5.3
Unsafe navigation in Navigation in Google Chrome on iOS versions up to 146.0.7680.71 contains a security vulnerability.
Google
Authentication Bypass
Apple
Chrome
iOS
-
CVE-2026-3928
MEDIUM
CVSS 4.3
Insufficient policy enforcement in Extensions in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.
Google
Information Disclosure
Chrome
-
CVE-2026-3927
MEDIUM
CVSS 4.3
Incorrect security UI in PictureInPicture in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.
Google
Information Disclosure
Chrome
-
CVE-2026-3925
MEDIUM
CVSS 4.3
Incorrect security UI in LookalikeChecks in Google Chrome on Android versions up to 146.0.7680.71 is affected by user interface (ui) misrepresentation of critical information (CVSS 4.3).
Google
Information Disclosure
Chrome
Android
-
CVE-2026-3906
MEDIUM
CVSS 4.3
Authenticated WordPress users with Subscriber-level privileges can create editorial notes on any post via the REST API in versions 6.9-6.9.1, bypassing permission checks that should restrict note creation to authorized editors. This allows attackers to annotate private posts, posts by other authors, and unpublished content without proper authorization. No patch is currently available for this Medium severity vulnerability.
WordPress
-
CVE-2026-3904
MEDIUM
CVSS 6.2
Denial of service in GNU C Library 2.36 on x86_64 systems occurs when nscd-backed functions trigger a race condition in the optimized memcmp implementation, allowing concurrent thread modification of input data to cause application crashes. This affects any application using NSS caching functionality under high load conditions. No patch is currently available.
Denial Of Service
-
CVE-2026-3903
MEDIUM
CVSS 4.3
The Modular DS WordPress plugin through version 2.5.1 lacks CSRF protections on its OAuth disconnection function, allowing unauthenticated attackers to sever the plugin's SSO connection by tricking administrators into clicking a malicious link. This vulnerability affects all website administrators using the plugin and could disrupt authentication mechanisms if exploited. No patch is currently available.
WordPress
CSRF
-
CVE-2026-3884
MEDIUM
CVSS 6.1
Spin.js versions before 3.0.0 allow attackers to execute arbitrary JavaScript through a combination of prototype pollution and XSS in the spin() function, requiring user interaction via a crafted URL. An attacker can exploit this to manipulate Object.prototype and trigger malicious code execution in affected users' browsers. No patch is currently available.
XSS
-
CVE-2026-3848
MEDIUM
CVSS 5.0
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 versions up to 18.7.6 contains a security vulnerability (CVSS 5.0).
Gitlab
-
CVE-2026-3825
MEDIUM
CVSS 6.1
Reflected XSS in the Organization Portal System's IFTOP module enables authenticated attackers to inject malicious JavaScript that executes in victims' browsers via social engineering or phishing links. This vulnerability requires user interaction to trigger and affects confidentiality and integrity with no current patch available.
XSS
Organization Portal System
-
CVE-2026-3824
MEDIUM
CVSS 6.1
WellChoose's IFTOP Organization Portal System contains an open redirect vulnerability that permits authenticated attackers to craft deceptive URLs capable of redirecting users to malicious websites. The vulnerability requires user interaction to trigger and affects cross-origin requests, enabling credential theft or malware distribution through social engineering. No patch is currently available to remediate this issue.
Open Redirect
Organization Portal System
-
CVE-2026-3784
MEDIUM
CVSS 6.5
curl's HTTP proxy connection reuse mechanism fails to validate credential changes, allowing an attacker to intercept or manipulate traffic by leveraging an existing proxy connection established with different authentication. This affects users whose applications reuse proxy connections across requests with varying credentials, enabling credential confusion attacks. Public exploit code exists for this vulnerability, though a patch is available.
Information Disclosure
Curl
-
CVE-2026-3783
MEDIUM
CVSS 5.3
OAuth2 bearer token leakage in curl and .NET occurs when HTTP redirects are followed to a second hostname that matches entries in the .netrc configuration file, allowing attackers to obtain valid authentication tokens for unintended hosts. Public exploit code exists for this vulnerability affecting curl and .NET applications that rely on OAuth2 authentication with automatic redirect handling. This medium-severity vulnerability (CVSS 5.3) requires network access but no user interaction, and patches are available from vendors.
Dotnet
Curl
-
CVE-2026-3534
MEDIUM
CVSS 6.4
Stored cross-site scripting in the Astra WordPress theme through versions 4.12.3 allows authenticated contributors and higher-privileged users to inject malicious scripts into post meta fields that execute when pages are viewed. The vulnerability stems from improper sanitization of background-related meta fields and missing output escaping in CSS property handling. Attackers with contributor-level access can compromise page content and redirect or manipulate user sessions.
WordPress
XSS
-
CVE-2026-3492
MEDIUM
CVSS 6.4
Stored XSS in Gravity Forms WordPress plugin through version 2.9.28.1 allows authenticated subscribers and above to inject malicious JavaScript via the form creation endpoint, which executes when administrators interact with the Form Switcher dropdown. The vulnerability stems from inadequate input sanitization and missing output escaping in the form title field. No patch is currently available.
WordPress
XSS
-
CVE-2026-3429
MEDIUM
CVSS 4.2
Keycloak's Account REST API improperly validates session assurance levels, enabling authenticated attackers with a victim's password to remove MFA/OTP credentials without re-authentication and subsequently register their own authenticator. This allows complete account takeover by bypassing the intended multi-factor authentication protections. The vulnerability affects users relying on MFA as a security control and currently has no available patch.
Authentication Bypass
-
CVE-2026-2918
MEDIUM
CVSS 6.4
Authenticated contributors to WordPress sites running Happy Addons for Elementor up to version 3.21.0 can modify display conditions of published templates due to improper authorization checks in the `ha_condition_update` AJAX action and missing capability validation in `ha_get_current_condition`. The vulnerability allows attackers to alter template visibility rules and potentially inject unescaped content into HTML attributes, affecting site content delivery and potentially enabling stored XSS attacks.
WordPress
XSS
-
CVE-2026-2917
MEDIUM
CVSS 5.4
Unauthorized post duplication in Happy Addons for Elementor (WordPress plugin) versions up to 3.21.0 allows authenticated contributors and above to clone any published content by reusing a nonce from their own posts and modifying the target post ID. The vulnerability stems from insufficient object-level permission checks in the duplicate function, which only validates generic edit capabilities rather than verifying access to specific posts. Attackers can exploit this to duplicate other users' posts, pages, or custom post types without authorization.
WordPress
-
CVE-2026-2707
MEDIUM
CVSS 6.4
Stored XSS in the weForms WordPress plugin allows authenticated users with Subscriber-level access to inject malicious scripts through REST API form submissions, bypassing the sanitization applied to frontend submissions. The vulnerability exists in versions up to 1.6.27 due to inconsistent input validation between the AJAX handler and REST API endpoint, enabling attackers to execute arbitrary JavaScript in the context of other users' browsers. No patch is currently available.
WordPress
PHP
XSS
-
CVE-2026-2640
MEDIUM
CVSS 5.5
Lenovo PC Manager permits local authenticated users to terminate privileged processes due to improper privilege management, potentially disrupting system operations or enabling denial of service. An attacker with valid credentials could leverage this vulnerability to halt critical processes without administrative approval. No patch is currently available to address this issue.
Privilege Escalation
-
CVE-2026-2569
MEDIUM
CVSS 6.4
Stored XSS in Dear Flipbook WordPress plugin through version 2.4.20 allows authenticated users with Author privileges or higher to inject malicious scripts via PDF page labels due to inadequate input sanitization. These injected scripts execute in the browsers of any user viewing the affected pages. No patch is currently available for this vulnerability.
WordPress
XSS
-
CVE-2026-2358
MEDIUM
CVSS 6.4
Stored XSS in the WP ULike WordPress plugin up to version 5.0.1 allows authenticated users with Contributor access or higher to inject malicious scripts into pages through the shortcode template attribute, which executes when visitors view affected content. The vulnerability stems from improper use of html_entity_decode() that circumvents WordPress sanitization filters, requiring at least one like on a post to trigger payload execution. No patch is currently available.
WordPress
XSS
-
CVE-2026-2324
MEDIUM
CVSS 6.1
The LatePoint Calendar Booking Plugin for WordPress versions up to 5.2.7 contains a cross-site request forgery vulnerability in the reload_preview() function due to missing nonce validation, allowing unauthenticated attackers to modify plugin settings and inject malicious scripts if a site administrator can be tricked into clicking a malicious link. An attacker exploiting this vulnerability can alter configurations and inject web-based payloads that execute in the administrator's browser session. No patch is currently available for this vulnerability.
WordPress
CSRF
-
CVE-2026-1965
MEDIUM
CVSS 6.5
libcurl incorrectly reuses authenticated connections when processing Negotiate authentication requests, allowing an attacker with valid credentials to access resources authenticated under different user accounts. An authenticated attacker can exploit this connection pooling logic error to bypass authentication checks by reusing an existing connection that was authenticated with different credentials. This affects libcurl implementations using Negotiate authentication where multiple users access the same server.
Information Disclosure
Curl
Redhat
Suse
-
CVE-2026-1867
MEDIUM
CVSS 5.9
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 exposes sensitive form data and settings through an unauthenticated URL parameter that regenerates JSON files, allowing attackers to download administrator email addresses and other configuration details. This vulnerability affects WordPress installations using the vulnerable plugin versions when admin notifications are enabled. No patch is currently available for this medium-severity information disclosure.
WordPress
-
CVE-2026-1781
MEDIUM
CVSS 6.5
Unauthenticated attackers can arbitrarily unsubscribe email addresses from Mailchimp audiences through the MC4WP: Mailchimp for WordPress plugin (versions up to 4.11.1) by manipulating the unvalidated _mc4wp_action POST parameter, requiring only publicly exposed form IDs. This missing authorization vulnerability allows bulk email removal operations without authentication, impacting any WordPress site using the affected plugin with a connected Mailchimp account. No patch is currently available to address this issue.
WordPress
-
CVE-2026-1753
MEDIUM
CVSS 6.8
Gutena Forms WordPre versions up to 1.6.1 is affected by authorization bypass through user-controlled key (CVSS 6.8).
WordPress
-
CVE-2026-1732
MEDIUM
CVSS 4.3
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 versions up to 18.7.6 contains a security vulnerability (CVSS 4.3).
Gitlab
Information Disclosure
-
CVE-2026-1717
MEDIUM
CVSS 6.8
LenovoProductivitySystemAddin in Lenovo Vantage and Baiying contains an input validation flaw that enables local authenticated users to terminate arbitrary processes with elevated privileges. This medium-severity vulnerability (CVSS 6.8) requires local access and valid credentials but poses a significant availability risk. No patch is currently available.
Information Disclosure
Lenovo
-
CVE-2026-1716
MEDIUM
CVSS 6.9
Lenovo Vantage and Baiying DeviceSettingsSystemAddin contain an input validation flaw that allows authenticated local users to delete arbitrary registry keys with elevated privileges. This vulnerability affects systems where users have local access and could enable attackers to modify system configuration or disable security controls. No patch is currently available.
Information Disclosure
Lenovo
-
CVE-2026-1715
MEDIUM
CVSS 6.9
Lenovo Vantage and Baiying DeviceSettingsSystemAddin contains an input validation flaw that allows authenticated local users to modify arbitrary registry keys with system-level privileges. This vulnerability could enable privilege escalation or system configuration tampering by an attacker with local access. No patch is currently available.
Information Disclosure
Lenovo
-
CVE-2026-1663
MEDIUM
CVSS 4.3
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 versions up to 18.7.6 is affected by missing authorization (CVSS 4.3).
Gitlab
Authentication Bypass
-
CVE-2026-1653
MEDIUM
CVSS 5.5
The Lenovo Virtual Bus driver in Smart Connect contains a divide-by-zero flaw that enables local authenticated users to trigger a system crash (blue screen). No patch is currently available, leaving affected Windows systems vulnerable to denial-of-service attacks by privileged local users.
Windows
-
CVE-2026-1652
MEDIUM
CVSS 6.1
The Lenovo Virtual Bus driver in Smart Connect contains a buffer overflow that allows local authenticated users to corrupt memory and trigger system crashes on Windows systems. This vulnerability requires valid credentials and local access, limiting exposure to users already present on affected machines. No patch is currently available to address this issue.
Windows
Buffer Overflow
-
CVE-2026-1230
MEDIUM
CVSS 4.1
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 versions up to 18.7.6 is affected by use of incorrectly-resolved name or reference (CVSS 4.1).
Gitlab
Information Disclosure
-
CVE-2026-1068
MEDIUM
CVSS 5.3
Lenovo Filez fails to properly validate SSL/TLS certificates, enabling network-positioned attackers to intercept encrypted communications and extract sensitive user information. The vulnerability requires an adjacent network position and specific conditions to exploit, but affects all users of the application. No patch is currently available.
Authentication Bypass
-
CVE-2026-0940
MEDIUM
CVSS 6.7
Improper BIOS initialization in certain ThinkPad models enables local privileged users to modify system data and execute arbitrary code with high integrity impact. The vulnerability requires elevated privileges and local access, posing a risk to organizations where administrative users may be compromised or untrusted. No patch is currently available.
-
CVE-2026-0602
MEDIUM
CVSS 4.3
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 versions up to 18.7.6 contains a security vulnerability (CVSS 4.3).
Gitlab
Information Disclosure
-
CVE-2025-13690
MEDIUM
CVSS 6.5
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 versions up to 18.7.6 is affected by allocation of resources without limits or throttling (CVSS 6.5).
Gitlab
Denial Of Service
-
CVE-2025-12576
MEDIUM
CVSS 6.5
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 versions up to 18.7.6 is affected by allocation of resources without limits or throttling (CVSS 6.5).
Gitlab
Denial Of Service
-
CVE-2025-12555
MEDIUM
CVSS 4.3
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 versions up to 18.7.6 is affected by incorrect authorization (CVSS 4.3).
Gitlab
Authentication Bypass
-
CVE-2025-12473
MEDIUM
CVSS 6.1
The RTMKit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'themebuilder' parameter in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. [CVSS 6.1 MEDIUM]
WordPress
XSS
PHP
-
CVE-2024-14025
MEDIUM
CVSS 6.7
An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands.
SQLi
Video Station
-
CVE-2024-14024
MEDIUM
CVSS 6.7
An improper certificate validation vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to compromise the security of the system.
Information Disclosure
Video Station
-
CVE-2019-25485
MEDIUM
CVSS 6.2
R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. [CVSS 6.2 MEDIUM]
Windows
Buffer Overflow
-
CVE-2019-25484
MEDIUM
CVSS 6.2
WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. [CVSS 6.2 MEDIUM]
Buffer Overflow
Denial Of Service
-
CVE-2019-25477
MEDIUM
CVSS 6.2
RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. [CVSS 6.2 MEDIUM]
Buffer Overflow
Denial Of Service
-
CVE-2019-25476
MEDIUM
CVSS 6.2
Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. [CVSS 6.2 MEDIUM]
Outlook
Buffer Overflow
Denial Of Service
-
CVE-2019-25475
MEDIUM
CVSS 6.2
SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition. [CVSS 6.2 MEDIUM]
Mssql
Buffer Overflow
Denial Of Service
-
CVE-2019-25474
MEDIUM
CVSS 6.2
Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. [CVSS 6.2 MEDIUM]
Buffer Overflow
Denial Of Service
-
CVE-2019-25469
MEDIUM
CVSS 6.2
Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. [CVSS 6.2 MEDIUM]
Buffer Overflow
Denial Of Service
-
CVE-2019-25464
MEDIUM
CVSS 5.5
InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. [CVSS 5.5 MEDIUM]
Buffer Overflow
Denial Of Service
-
CVE-2019-25463
MEDIUM
CVSS 6.2
SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. [CVSS 6.2 MEDIUM]
Buffer Overflow
Denial Of Service
-
CVE-2026-32109
LOW
CVSS 3.7
If an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename `.prologue.html` and then craft a link to potentially execute arbitrary JavaScript in the victim's context.
Note that it is intended behavior that the JavaScript would execute if the target clicks a link to the HTML file itself; "https://example.com/foo/.prologue.html". The vulnerability is that "https://example.com/foo/?b" would also evaluate the file, making the behavior unexpected.
There are existing preventative measures (strict SameSite cookies) which makes it harder to leverage this vulnerability in an attack; in order to gain control of the target's authenticated session, the link must be clicked from a page served by the server itself -- most likely by editing an existing resource, which would require additional access permissions.
Finally, for this attack to be successful, the attacker's target must click the specific crafted link given by the attacker. This vulnerability is not activated by normally browsing the web-UI on the server.
## Impact
If successful, the malicious JavaScript could move or delete existing files on the server, or upload new files, using the account of the person who opens the link.
XSS
-
CVE-2026-31976
None
xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests (#46, #47, #48) injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main branch. However, the attacker used the compromised GitHub App credentials to move the mutable v5 tag to point at the malicious commit (4bf1d4e19ad81a3e8d4063755ae0f482dd3baf12) from one of the un...
Github
-
CVE-2026-31974
LOW
CVSS 3.0
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, OpenProject SMTP test endpoint (POST /admin/settings/mail_notifications) accepts arbitrary host and port values and exhibits measurable differences in response behaviour depending on whether the target IP exists and whether the port is open. An attacker with access can use these timing and error distinctions to map internal hosts and identify which services/ports are reachable. Similarly, you can create web...
SSRF
-
CVE-2026-31954
NONE
Emlog is an open source website building system. In 2.6.6 and earlier, the delete_async action (asynchronous delete) lacks a call to LoginAuth::checkToken(), enabling CSRF attacks.
CSRF
-
CVE-2026-31900
None
Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code.
Python
Github
-
CVE-2026-31887
None
Shopware is an open commerce platform. versions up to 6.7.8.1 is affected by incorrect authorization.
Authentication Bypass
-
CVE-2026-31863
LOW
CVSS 3.6
Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. [CVSS 3.6 LOW]
Authentication Bypass
-
CVE-2026-29777
None
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can bypass listener hostname constraints and redirect traffic for victim hostnames to attacker-controlled ...
Authentication Bypass
-
CVE-2026-29515
None
embedded SwiFTP FTP server component contains a vulnerability that allows attackers to log in without valid credentials.
Authentication Bypass
-
CVE-2026-24509
LOW
CVSS 3.6
Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service. [CVSS 3.6 LOW]
Denial Of Service
-
CVE-2026-24508
LOW
CVSS 2.5
Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. [CVSS 2.5 LOW]
Information Disclosure
-
CVE-2026-21295
LOW
CVSS 3.1
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. [CVSS 3.1 LOW]
Adobe
Open Redirect
-
CVE-2026-3963
LOW
CVSS 3.7
A security flaw has been discovered in perfree go-fastdfs-web up to 1.3.7. This affects the function rememberMeManager of the file src/main/java/com/perfree/config/ShiroConfig.java of the component Apache Shiro RememberMe. Performing a manipulation results in use of hard-coded cryptographic key
. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is reported as difficult. The exploit has been released to the public and may be used for attacks...
Apache
Java
-
CVE-2026-3950
LOW
CVSS 3.3
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. Applying a patch is the recommended action to fix this issue. The patch available is...
Buffer Overflow
-
CVE-2026-3949
LOW
CVSS 3.3
A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called b97c8b...
Buffer Overflow
-
CVE-2026-3946
LOW
CVSS 3.5
A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. [CVSS 3.5 LOW]
PHP
XSS
-
CVE-2026-3929
LOW
CVSS 3.1
Side-channel information leakage in ResourceTiming in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability (CVSS 3.1).
Google
Information Disclosure
Chrome
-
CVE-2026-3911
LOW
CVSS 2.7
A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. [CVSS 2.7 LOW]
Information Disclosure
-
CVE-2026-3013
None
Coppermine Photo Gallery in versions 1.6.09 through 1.6.27 is vulnerable to path traversal.
Path Traversal
-
CVE-2026-1524
None
An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions:
If a neo4j admin configures two or more OIDC providers AND configures one or more of them to be an authorization provider AND configures one or more of them to be authentication-only, then those that are authentication-only will also provide authorization. This edgecase becomes a security problem only if the authentication-only provi...
Authentication Bypass
-
CVE-2026-1497
None
Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition versions up to 2026.02 is affected by incorrect authorization.
Authentication Bypass
-
CVE-2026-1471
None
Excessive caching of authentication context in Neo4j Enterprise edition versions up to 2026.01.4 is affected by incorrect authorization.
Authentication Bypass
-
CVE-2026-0520
LOW
CVSS 2.8
A potential vulnerability was reported in the Lenovo FileZ Android application that, under certain conditions, could allow a local authenticated user to retrieve some sensitive data stored in a log file. [CVSS 2.8 LOW]
Android
-
CVE-2026-0231
None
An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting.
Paloalto
Information Disclosure
-
CVE-2026-0230
None
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection.
Paloalto
macOS
-
CVE-2025-70330
LOW
CVSS 3.3
Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an attacker can trigger an out-of-bounds memory read during parsing. [CVSS 3.3 LOW]
Denial Of Service
-
CVE-2025-62328
LOW
CVSS 3.7
HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors. [CVSS 3.7 LOW]
XSS
-
CVE-2025-12704
LOW
CVSS 3.5
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 versions up to 18.7.6 is affected by missing authorization (CVSS 3.5).
Gitlab
Authentication Bypass
-
CVE-2025-12697
LOW
CVSS 2.2
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 versions up to 18.7.6 is affected by improper encoding or escaping of output (CVSS 2.2).
Gitlab
Information Disclosure
-
CVE-2025-12690
None
Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.This issue affects NGFW Engine versions up to 6.10.19 is affected by execution with unnecessary privileges.
Privilege Escalation