Skip to main content
CVE-2026-23255 MEDIUM PATCH This Month

A race condition vulnerability exists in the Linux kernel's /proc/net/ptype implementation where concurrent readers and writers violate RCU (Read-Copy-Update) synchronization rules, allowing information disclosure through unsafe access to device pointers. The vulnerability affects all Linux kernel versions with the vulnerable ptype_seq_show() and ptype_seq_next() functions. An attacker with local access can trigger RCU stalls, kernel panics, or read uninitialized kernel memory by racing concurrent packet type structure modifications against /proc/net/ptype reads, potentially leaking sensitive kernel data or causing denial of service.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23254 MEDIUM PATCH This Month

A vulnerability in the Linux kernel's Generic Receive Offload (GRO) implementation for UDP traffic causes incorrect network offset calculations when processing encapsulated packets. The flaw affects all Linux kernel versions where the GRO subsystem handles UDP encapsulation, as specified in the CPE cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*. When hardware NICs, the tun driver, or veth setups inject packets with the encapsulation flag set, the udp4_gro_complete() function incorrectly computes the outer UDP header pseudo checksum using the inner network offset, leading to checksum validation failures that can disrupt packet processing and potentially cause denial of service or packet drops. No active exploitation has been reported in the wild, and no public proof-of-concept code is known to exist, though the vulnerability is triggered through normal network operations involving UDP-encapsulated traffic.

Linux Code Injection Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71270 MEDIUM PATCH This Month

This vulnerability is a missing exception fixup handler in the LoongArch architecture's BPF JIT compiler that fails to properly recover from memory access exceptions (ADEM) triggered by BPF_PROBE_MEM* instructions. The Linux kernel on LoongArch systems (CPE: cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*) is affected, potentially allowing information disclosure or denial of service when BPF programs attempt to safely probe memory locations. This is not actively exploited (no KEV status), but patches are available across multiple stable kernel branches.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71269 MEDIUM PATCH This Month

A resource management vulnerability exists in the Linux kernel's Btrfs filesystem implementation where qgroup data reservations are incorrectly freed when an inline extent creation fails due to -ENOSPC (no space available). This causes the kernel to prematurely release qgroup quota accounting for data that will actually be used when the operation falls back to the normal copy-on-write path, potentially leading to qgroup quota inconsistencies and information disclosure about quota state. All Linux distributions using Btrfs with qgroup quota tracking enabled are affected. While no CVSS score or EPSS risk score has been assigned, the vulnerability has stable patches available in the Linux kernel repository.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71268 MEDIUM PATCH This Month

A resource leak vulnerability exists in the Linux kernel's btrfs filesystem implementation where reserved qgroup data fails to be freed in error paths during inline extent insertion operations. This affects all Linux versions with vulnerable btrfs code, and allows local attackers with filesystem write access to exhaust kernel memory resources through repeated failed inline extent insertions, potentially causing denial of service. No active exploitation in the wild has been reported, but kernel memory exhaustion vulnerabilities are routinely targeted by local privilege escalation chains.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23251 MEDIUM PATCH This Month

This vulnerability in the Linux kernel's XFS filesystem code involves improper pointer validation in xfarray and xfblob destructor functions, where the destructors can be called with invalid (dangling) pointers if the pointer is not properly nulled after deallocation. The vulnerability affects Linux kernel versions 6.9 through 6.10 and later patch versions, potentially allowing information disclosure or system instability. While no CVSS score or exploitation data is publicly available, the fix was backported across multiple kernel versions (6.12.75, 6.18.16, 6.19.6, 7.0-rc1) indicating recognition of the issue's significance across the kernel maintenance community.

Linux Null Pointer Dereference Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23250 MEDIUM PATCH This Month

A null pointer dereference vulnerability exists in the XFS filesystem checker (xchk_scrub_create_subord) in the Linux kernel, where the function returns a mangled ENOMEM error instead of NULL, and callers fail to properly validate the return value. This affects Linux kernel versions 6.2 through 6.10 and later stable branches, potentially allowing a local attacker with filesystem access to trigger a denial of service condition through unhandled memory allocation failures during XFS filesystem integrity checks.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23249 MEDIUM PATCH This Month

A null pointer dereference vulnerability exists in the Linux kernel's XFS filesystem repair code when revalidating B-tree structures during fsck operations. The vulnerability affects Linux kernel versions across multiple release branches (6.8, 6.12.75, 6.18.16, 6.19.6, and 7.0-rc1) when the xfs_scrub utility attempts to repair both the free space B-tree (bnobt) and count B-tree (cntbt) simultaneously. An authenticated attacker with fsck/scrub privileges can trigger a kernel crash (denial of service) by injecting corruption markers via XFS_IOC_ERROR_INJECTION ioctl, causing the kernel to crash when the second B-tree revalidation is attempted after the first one fails and nullifies a required cursor.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23265 MEDIUM PATCH This Month

A vulnerability in the Linux kernel's f2fs (Flash-Friendly File System) implementation fails to validate node footer integrity during asynchronous read and write I/O operations, allowing corrupted node page data to trigger a kernel BUG and cause denial of service. This affects all Linux kernel versions using f2fs, particularly those processing untrusted or fuzzed filesystem images. An attacker with the ability to craft a malicious f2fs filesystem image can trigger a kernel panic when the corrupted node page is written back, resulting in system unavailability.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23252 MEDIUM PATCH This Month

A memory allocation failure vulnerability exists in the Linux kernel's XFS filesystem checking code where the xchk_xfile_*_descr macros call kasprintf with formatted strings that can exceed safe allocation limits, leading to potential denial of service or information disclosure. This affects Linux kernel versions 6.6 through 6.14 and later releases including 6.18.16, 6.19.6, and 7.0-rc1, with the vulnerability discoverable through syzbot fuzzing by researcher Jiaming Zhang. While no active exploitation has been confirmed, the issue represents a path to failure in a core filesystem validation component that could be triggered by malicious or malformed filesystem structures.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23247 MEDIUM PATCH This Month

This vulnerability is an information disclosure issue in the Linux kernel's TCP implementation where the timestamp offset calculation was insufficiently randomized, allowing off-path attackers to leak TCP source ports via a SYN cookie side-channel attack. All Linux kernel versions from 4.11 onwards are affected, with confirmed vulnerable versions including Linux 6.18.17, 6.19.7, and 7.0-rc3. An attacker can exploit this to infer source port numbers used in TCP connections without being on the network path, which can facilitate further network-level attacks such as connection hijacking or targeted DoS.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-33051 MEDIUM PATCH This Month

This vulnerability is a stored cross-site scripting (XSS) flaw in Craft CMS's element editor revision/draft context menu that renders user-supplied fullName data as raw HTML without proper sanitization. A low-privileged control panel user (such as an Author) can inject malicious JavaScript into their profile's fullName field, which executes when an administrator views the revision context menu. If weaponized with a carefully crafted payload while an administrator is authenticated, an attacker can escalate their account privileges to administrator level. A patch is available in Craft CMS version 5.9.11.

XSS
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-1217 MEDIUM PATCH This Month

The Yoast Duplicate Post WordPress plugin through version 4.5 contains a missing capability check vulnerability in the clone_bulk_action_handler() and republish_request() functions, allowing authenticated attackers with Contributor-level access to duplicate restricted posts (private, draft, trashed) and Author-level attackers to overwrite published posts via the Rewrite & Republish feature. The vulnerability carries a CVSS score of 5.4 (medium severity) with ENISA EUVD tracking (EUVD-2026-12800), and Wordfence has documented specific vulnerable code paths in the plugin's bulk handler and post republisher modules.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-30048 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in NotChatbot WebChat widget versions through 1.4.4, where user-supplied input in chat messages is not properly sanitized before being stored and rendered in the chat history. This allows attackers to inject arbitrary JavaScript code that executes whenever the chat history is reloaded, affecting all independent implementations of the widget. A proof-of-concept has been publicly disclosed on GitHub (https://github.com/0xN4no/CVE-2026-30048) and a detailed technical writeup is available via Gist (https://gist.github.com/0xN4no/0601f398942a29259d217ea650f694fe), indicating active demonstration of exploitability.

XSS
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-1926 MEDIUM This Month

The Subscriptions for WooCommerce plugin contains a critical authentication bypass vulnerability in the subscription cancellation function that allows unauthenticated attackers to cancel any active WooCommerce subscription. The vulnerability affects all versions up to and including 1.9.2 of the plugin (CPE: cpe:2.3:a:wpswings:subscriptions_for_woocommerce:*:*:*:*:*:*:*:*) and stems from a missing capability check combined with improper nonce validation. An attacker can exploit this with a simple GET request, requiring no special privileges or user interaction, resulting in unauthorized modification of subscription data with a CVSS score of 5.3 and confirmed active exploitation potential.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-33132 MEDIUM PATCH This Month

Zitadel's OAuth2/OIDC implementation contains an authentication bypass vulnerability (CWE-863: Improper Authorization) that allows unauthenticated attackers to circumvent organization enforcement controls during login. Affected versions 3.0.0-3.4.8 and 4.0.0-4.12.2 fail to validate organization membership scopes in device authorization flows and all Login V2/OIDC API V2 endpoints, enabling attackers to authenticate with users from unauthorized organizations. While the CVSS score of 5.3 indicates low-to-moderate severity with confidentiality impact only, the attack requires no privileges or user interaction and operates over the network, making it a practical concern for multi-tenant deployments.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-12518 MEDIUM PATCH This Month

The beefree.io SDK contains a Stored Cross-Site Scripting (XSS) vulnerability in the Social Media icon URL parameter within its email builder functionality, allowing attackers to inject arbitrary HTML and JavaScript code that persists in email templates and executes when preview pages are visited. The vulnerability affects beefree.io SDK versions prior to 3.47.0 across all platforms. While the impact is partially mitigated by beefree's Content Security Policy, attackers can still achieve limited script execution and social engineering attacks, making this a moderate-risk vulnerability that requires immediate patching.

XSS Befree Sdk
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-33065 MEDIUM PATCH This Month

This is an improper error handling vulnerability in free5GC's UDM (Unified Data Management) component that incorrectly converts valid 400 Bad Request responses from downstream UDR (Unified Data Repository) services into 500 Internal Server Error responses when processing DELETE requests with empty `supi` path parameters. An attacker or misconfigured client can exploit this by sending malformed DELETE requests to the sdm-subscriptions endpoint, causing the UDM to leak internal error handling behavior and making it difficult for legitimate clients to distinguish between client-side errors and actual server failures. This vulnerability affects free5GC v4.0.1 and is classified as an information disclosure issue (CWE-209), though no CVSS score or KEV status has been assigned and no public exploit code is currently known.

Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-26945 MEDIUM PATCH This Month

A Process Control vulnerability (CWE-114) exists in Dell Integrated Dell Remote Access Controller (iDRAC) across multiple generations that allows a high-privileged attacker with adjacent network access to achieve code execution. Affected versions include iDRAC 9 (14G prior to 7.00.00.181, 15G and 16G prior to 7.20.10.50) and iDRAC 10 (17G prior to 1.20.25.00). While the CVSS score of 5.3 is moderate, the integrity impact is rated high and remote code execution capability presents significant risk to out-of-band management infrastructure.

Dell RCE Integrated Dell Remote Access Controller
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33192 MEDIUM PATCH This Month

UDM incorrectly converts client-side errors to server-side errors and mistranslates PATCH requests to PUT when forwarding to UDR, exposing internal error handling behavior that prevents clients from distinguishing between legitimate client errors and actual server failures. An unauthenticated remote attacker can exploit this by sending PATCH requests with malformed parameters to leak information about the service's internal architecture and error handling mechanisms. A patch is available to address this HTTP method translation and improper error handling issue.

Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22321 MEDIUM PATCH This Month

A buffer overflow vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Buffer Overflow Stack Overflow Fl Switch 2708 Pn Fl Switch Tsn 2316 Fl Switch 2206c 2fx +68
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33060 MEDIUM PATCH This Month

The @aborruso/ckan-mcp-server MCP server contains a Server-Side Request Forgery (SSRF) vulnerability in its ckan_package_search, sparql_query, and ckan_datastore_search_sql tools, which accept an arbitrary base_url parameter without validation, allowing attackers to scan internal networks, exfiltrate cloud metadata credentials (including IAM tokens from 169.254.169.254), and potentially execute injection attacks. The vulnerability affects the npm package @aborruso/ckan-mcp-server (pkg:npm/@aborruso/ckan-mcp-server) and requires prompt injection to exploit, making attack complexity high; a proof-of-concept exists demonstrating 9 unthrottled HTTP requests to a canary endpoint, and patch availability exists from the vendor.

Docker SSRF
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32691 MEDIUM PATCH This Month

Juju 3.0.0 through 3.6.18 contains a race condition in secrets management that allows authenticated unit agents to intercept and claim ownership of newly created secrets due to a timing window between secret ID generation and revision creation. An attacker with valid unit agent credentials can exploit this to read the initial content of secrets intended for other units. The vulnerability requires local authentication and manual interaction but results in high-impact confidentiality disclosure with no available patch.

Information Disclosure Debian Juju Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32565 MEDIUM PATCH This Month

Contextual Related Posts versions before 4.2.2 contain an authorization bypass vulnerability that allows unauthenticated attackers to access sensitive information by exploiting improperly configured access controls. The vulnerability affects the plugin's ability to enforce proper permission checks, potentially exposing confidential data to unauthorized users. No patch is currently available for this issue.

Authentication Bypass Contextual Related Posts
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-2559 MEDIUM PATCH This Month

The Post SMTP WordPress plugin for versions up to 3.8.0 contains an authorization bypass vulnerability in the Office 365 OAuth redirect handler that allows authenticated subscribers and above to overwrite sensitive SMTP configuration without proper capability checks or nonce validation. An attacker with subscriber-level access can craft a malicious URL to inject attacker-controlled Azure app credentials into the site's Microsoft 365 configuration, potentially causing administrators to unknowingly connect to the attacker's account during Pro wizard setup. This vulnerability has a CVSS score of 5.3 and is classified as CWE-862 (Missing Authorization), with active evidence of the vulnerable code path present in the plugin repository.

WordPress Microsoft Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-2575 MEDIUM PATCH This Month

Unauthenticated remote attackers can exhaust memory in Red Hat Build of Keycloak 26.4 and 26.4.10 by sending highly compressed SAML requests that bypass decompression size limits, triggering denial of service. The vulnerability affects SAML Redirect Binding implementations that fail to enforce resource constraints during DEFLATE decompression, allowing attackers to crash the application with OutOfMemoryError conditions. No patch is currently available.

Denial Of Service Red Hat Build Of Keycloak 26 4 Red Hat Build Of Keycloak 26 4 10
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22180 MEDIUM PATCH This Month

OpenClaw prior to version 2026.3.2 allows local users with standard privileges to write files outside designated directories through insufficient path validation in the browser output handler. An attacker can exploit this path-confinement bypass to place malicious files in arbitrary filesystem locations, potentially leading to privilege escalation or system compromise.

Canonical Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-26948 MEDIUM PATCH This Month

Dell Integrated Dell Remote Access Controller (iDRAC) versions 9, 14G (prior to 7.00.00.174), 15G, and 16G (prior to 7.10.90.00) contain an exposure of sensitive system information vulnerability caused by uncleared debug information in memory or logs. A remote attacker with high privileges can exploit this to disclose confidential system details without modifying or disrupting service availability. While the CVSS score is moderate at 4.9 due to high privilege requirements, the confidentiality impact is rated high, making this relevant for organizations where insider threats or compromised administrator accounts are a concern.

Dell Information Disclosure Integrated Dell Remote Access Controller
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-22319 MEDIUM PATCH This Month

Denial of service in Stack Overflow and Fl networking devices results from a stack-based buffer overflow in the file installation workflow that can be triggered by high-privileged attackers through oversized POST parameters. An authenticated attacker with elevated privileges can crash the affected service by exploiting this memory corruption vulnerability. No patch is currently available for the impacted products.

Buffer Overflow Stack Overflow Fl Switch 2516 Fl Switch 2207 Fx Sm Fl Switch 2314 2sfp +68
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-22318 MEDIUM PATCH This Month

A buffer overflow vulnerability (CVSS 4.9) that allows a high-privileged attacker. Remediation should follow standard vulnerability management procedures.

Buffer Overflow Stack Overflow Fl Switch 2708 Fl Switch 2105 Fl Switch 2216 Pn +68
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-32736 MEDIUM PATCH This Month

An Insecure Direct Object Reference (IDOR) vulnerability in the Hytale Modding Wiki prior to version 1.0.0 allows any authenticated user to access and view mod authors' personal information, including full names and email addresses, by navigating directly to mod pages using their slugs. The vulnerability requires only low-privilege authentication (account creation) and no user interaction, making it trivially exploitable. While the CVSS score is moderate at 4.3, the exposure of personally identifiable information (PII) represents a direct privacy harm to affected mod authors.

Authentication Bypass Wiki
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-33003 MEDIUM PATCH This Month

The Jenkins LoadNinja Plugin versions 2.1 and earlier stores LoadNinja API keys in plaintext within job configuration files (config.xml) on the Jenkins controller, allowing unauthorized disclosure of sensitive credentials. Users with Item/Extended Read permission on Jenkins jobs or direct file system access to the controller can extract these API keys, potentially leading to account compromise and unauthorized access to LoadNinja services. This is a straightforward credential exposure vulnerability with no complexity barriers to exploitation once access is gained.

Jenkins Information Disclosure
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-33004 MEDIUM PATCH This Month

The Jenkins LoadNinja Plugin version 2.1 and earlier fails to mask LoadNinja API keys displayed on the job configuration form, allowing attackers with access to the Jenkins web interface to observe and capture sensitive credentials. This information disclosure vulnerability affects Jenkins administrators and users with job configuration visibility, enabling credential theft that could lead to unauthorized access to LoadNinja services and associated testing infrastructure. No CVSS score, EPSS data, or active exploitation status (KEV listing) is currently available in public sources.

Jenkins Information Disclosure
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-33171 MEDIUM PATCH This Month

Authenticated Control Panel users can read arbitrary JSON, YAML, and CSV files from the server by manipulating the filename parameter in the fieldtype endpoint, resulting in unauthorized information disclosure. The vulnerability requires valid authentication credentials and affects versions prior to 5.73.14 and 6.7.0. No patch is currently available for affected deployments.

Path Traversal
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-33177 MEDIUM PATCH This Month

A low-privileged authorization bypass vulnerability in Statamic CMS allows Control Panel users to create taxonomy terms without proper authorization by submitting crafted requests to the field action processing endpoint with attacker-controlled field definitions. This vulnerability affects Statamic CMS versions prior to 5.73.14 and 6.7.0, enabling unauthorized data modification with a CVSS score of 4.3 and low attack complexity. No active exploitation or public proof-of-concept has been confirmed, but patches are readily available from the vendor.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy