Skip to main content
CVE-2026-33125 HIGH PATCH This Week

Frigate video surveillance software contains an authentication bypass vulnerability allowing users with viewer role privileges to delete administrator and other user accounts via an unrestricted API endpoint. The vulnerability affects the Frigate Python package (pkg:pip/frigate) and has been confirmed with a proof-of-concept demonstration successfully deleting the admin user on the demo.frigate.video instance. This leads to denial of service and compromises data integrity by allowing unauthorized account deletions.

Authentication Bypass Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-23269 HIGH PATCH This Week

Out-of-bounds read in Linux kernel's AppArmor subsystem allows local authenticated attackers to disclose kernel memory and potentially crash the system via maliciously crafted security policies. Affects Linux kernels from 3.4 onwards with patches released for stable branches 6.12.77, 6.18.18, 6.19.8, and 7.0-rc4. No active exploitation confirmed (not in CISA KEV), EPSS probability low at 0.02%, but Ubuntu rates priority as medium with patches deployed across 729 releases. Requires local access with low privileges (PR:L) and ability to load AppArmor policies.

Linux Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-23244 HIGH PATCH This Week

A memory allocation vulnerability exists in the Linux kernel's NVMe Persistent Reservation implementation where the nvme_pr_read_keys() function fails to properly handle large num_keys values passed from userspace, resulting in excessive memory allocation attempts up to 4MB that trigger page allocator warnings and potential denial of service. This affects Linux kernel versions across multiple stable branches (6.5, 6.12.77, 6.18.17, 6.19.7, and 7.0-rc3) and requires local access with ioctl privileges to trigger. The vulnerability is addressed through replacement of kzalloc() with kvzalloc() to support larger allocations via vmalloc fallback, and patches are available across multiple kernel stable branches.

Linux Information Disclosure Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-55045 HIGH This Week

A Cross-Site Request Forgery (CSRF) vulnerability exists in MuraCMS through version 10.1.10 affecting the cUsers.updateAddress function, which lacks proper CSRF token validation. Attackers can exploit this by crafting malicious webpages that, when visited by an authenticated administrator, automatically submit hidden forms to add, modify, or delete user address records without the administrator's knowledge or consent. Successful exploitation enables unauthorized manipulation of user address data, potentially redirecting sensitive communications to attacker-controlled addresses, compromising user privacy, and disrupting legitimate business operations through injection of malicious contact information.

CSRF
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-31964 MEDIUM PATCH This Month

HTSlib, a bioinformatics library for reading and writing sequence alignment formats, contains a null pointer dereference vulnerability in its CRAM format decoder affecting versions before 1.23.1, 1.22.2, and 1.21.1. The vulnerability exists in the CONST, XPACK, and XRLE encodings which fail to properly handle CRAM records with omitted sequence or quality data, causing attempts to write to NULL pointers when these records are decoded. An attacker can exploit this by providing a malformed CRAM file to any application using vulnerable HTSlib versions, resulting in denial of service through application crash, with no known active exploitation or public proof-of-concept at this time.

Denial Of Service Debian Htslib Red Hat
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-31965 MEDIUM PATCH This Month

HTSlib contains an out-of-bounds read vulnerability in the cram_decode_slice() function that fails to validate the reference ID field early enough during CRAM file parsing, allowing two separate out-of-bounds reads before error detection. The vulnerability affects HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1, and can result in information disclosure through leaked memory values or application crashes when processing malicious or corrupted CRAM bioinformatics files. While the function reports an error after the reads occur, the window for exploitation exists and the practical impact depends on memory layout and application context.

Buffer Overflow Information Disclosure Denial Of Service Debian Htslib +1
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-31967 MEDIUM PATCH This Month

HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1 contain an out-of-bounds read vulnerability in the CRAM file parser where the mate reference ID field is not validated during decoding. An attacker can craft a malicious CRAM file that, when processed by affected applications (particularly those converting CRAM to SAM format), triggers out-of-bounds array access that may leak sensitive information about program state or cause a denial of service through memory access violations. No public exploit has been reported, but no workaround exists, making patching essential.

Denial Of Service Debian Htslib
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-31966 MEDIUM PATCH This Month

HTSlib versions prior to 1.21.1, 1.22.2, and 1.23.1 contain a buffer over-read vulnerability in the CRAM decoder's cram_decode_seq() function that fails to properly validate feature data offsets. An attacker can craft malicious CRAM files to read arbitrary data from memory adjacent to reference sequence buffers, leading to information disclosure of program state or denial of service through memory access violations. No active exploitation has been documented, but patches are available from the vendor.

Buffer Overflow Information Disclosure Denial Of Service Debian Htslib
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-31973 MEDIUM PATCH This Month

SAMtools versions 1.17 and later contain a null pointer dereference vulnerability in the cram-size command due to missing error handling for the cram_decode_compression_header() function. When this function fails and returns an error, the code does not properly validate the return value before dereferencing the pointer, allowing an attacker to crash the application by providing a malformed CRAM file. This is a denial-of-service vulnerability with no active exploitation reported in the wild, though patches are available in versions 1.23.1, 1.22.2, and 1.21.1.

Denial Of Service Samtools Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-31972 MEDIUM PATCH This Month

SAMtools mpileup command contains a use-after-free vulnerability in reference data management that can leak sensitive program state information or trigger application crashes when processing aligned DNA sequences. The vulnerability affects versions prior to 1.2 and requires no authentication or user interaction to exploit, though a patch is not yet available. An attacker could leverage this to obtain information disclosure or cause denial of service against systems processing bioinformatics data with vulnerable SAMtools versions.

Use After Free Information Disclosure Denial Of Service Samtools Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-22177 MEDIUM PATCH This Month

OpenClaw versions prior to 2026.2.21 contain an environment variable injection vulnerability that allows authenticated local attackers to execute arbitrary code at startup time by injecting dangerous process-control variables (such as NODE_OPTIONS or LD_*) through the configuration env.vars mechanism. An attacker with local privileges can manipulate the gateway service's runtime environment to achieve code execution in the service context, potentially compromising the entire OpenClaw deployment. A patch is available from the vendor, and this vulnerability has been documented by VulnCheck with supporting references to the GitHub security advisory and corresponding commit fix.

RCE Openclaw
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-33194 MEDIUM PATCH This Month

Docker's IsSensitivePath() function uses an incomplete denylist that fails to restrict access to sensitive directories including /opt, /usr, /home, /mnt, and /media, allowing authenticated users with high privileges to read arbitrary files outside the intended workspace through the globalCopyFiles and importStdMd endpoints. An attacker with administrative credentials could exploit this path traversal vulnerability to access sensitive configuration files and data from other users or mounted volumes. No patch is currently available for this medium-severity issue.

Path Traversal Docker Suse
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-32694 MEDIUM PATCH This Month

A predictable secret identifier (XID) vulnerability in Juju versions 3.0.0 through 3.6.18 allows a malicious grantee to enumerate and predict previously granted secrets owned by the same administrator, enabling unauthorized access to resources intended for other applications. An attacker with high privileges and control over at least one deployed application can exploit this to obtain credentials or configuration data from past secret grants, resulting in information disclosure and potential privilege escalation. While the CVSS score is moderate at 6.6 and exploitation requires specific configuration and high privileges, the fundamental weakness in secret ownership verification represents a significant trust boundary violation in Juju's secret management architecture.

Information Disclosure Debian Juju Suse
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-22316 MEDIUM PATCH This Month

A buffer overflow vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Buffer Overflow Stack Overflow Fl Switch 2207 Fx Sm Fl Switch 2208 Pn Fl Switch 2206 2fx St +68
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-22168 MEDIUM PATCH This Month

OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in the system.run function that allows authenticated operators to execute arbitrary commands on Windows systems by appending malicious arguments after cmd.exe /c while the approval audit log records only the benign command text. An authenticated attacker with operator privileges can exploit this to achieve local command execution on trusted Windows nodes with mismatched or incomplete audit trails, enabling information disclosure and lateral movement while evading detection.

Information Disclosure Microsoft Openclaw Windows
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27522 MEDIUM PATCH This Month

OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability that allows authenticated attackers to read arbitrary files from the host system through the sendAttachment and setGroupIcon message actions when sandboxRoot configuration is unset. An attacker with valid credentials can exploit path traversal to hydrate media from absolute file paths, gaining unauthorized access to sensitive files accessible by the OpenClaw runtime user. A patch is available from the vendor, and this vulnerability has been tracked in the ENISA EUVD database (EUVD-2026-12732) with confirmed GitHub security advisory and commit-level patch information.

Path Traversal Openclaw
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-22320 MEDIUM PATCH This Month

A buffer overflow vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Buffer Overflow Denial Of Service Stack Overflow Fl Switch 2512 2gc 2sfp Fl Switch 2206 2sfx Pn +69
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-22178 MEDIUM PATCH This Month

OpenClaw versions before 2026.2.19 are vulnerable to regex injection and denial of service through unescaped Feishu mention metadata in the stripBotMention function. An unauthenticated network attacker can craft malicious mention metadata containing nested-quantifier patterns or regex metacharacters to trigger catastrophic backtracking, block message processing, or remove unintended content before model processing, with a CVSS score of 6.5 indicating medium severity with integrity and availability impact. Patch availability exists from the vendor via GitHub commits, and proof-of-concept details are available through VulnCheck advisory references.

Denial Of Service Openclaw
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-26004 MEDIUM This Month

An Insecure Direct Object Reference (IDOR) vulnerability exists in Sentry versions prior to 26.1.0 within the GroupEventJsonView endpoint, allowing attackers to access event data across different organizations without proper authorization checks. This information disclosure vulnerability enables cross-organization data leakage where an authenticated attacker with access to one organization can enumerate and retrieve sensitive error tracking and performance monitoring data belonging to other organizations. The vulnerability has been patched in version 26.1.0, and a proof-of-concept is available via the referenced GitHub Security Lab advisory.

Authentication Bypass Sentry
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55043 MEDIUM This Month

MuraCMS through version 10.1.10 contains a Cross-Site Request Forgery (CSRF) vulnerability in the bundle creation functionality (csettings.cfc createBundle method) that allows unauthenticated attackers to force administrators into unknowingly creating and exporting site bundles containing complete sensitive data to publicly accessible web directories. Affected administrators have no knowledge the attack occurred, enabling complete data exfiltration including user accounts, password hashes, form submissions, email lists, plugins, and site content. While no CVSS score or EPSS probability is available and KEV status is unknown, the vulnerability's silent nature combined with its ability to compromise all site data without authentication represents a critical confidentiality and integrity risk.

Information Disclosure CSRF
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33058 MEDIUM PATCH This Month

An authenticated SQL injection vulnerability exists in Kanboard project management software prior to version 1.2.51. Authenticated attackers with permission to add users to a project can exploit this vulnerability to dump the entire Kanboard database, potentially exposing sensitive project data, user credentials, and application secrets. The vulnerability is confirmed under active tracking by Debian (2 releases) and Ubuntu (medium priority), with a GitHub Security Advisory published.

SQLi Ubuntu Debian Kanboard
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-32761 MEDIUM PATCH This Month

FileBrowser contains an authorization bypass vulnerability where users with share privileges but without download privileges can still expose and retrieve file content via public share links, enabling unauthorized data exfiltration to unauthenticated users. The vulnerability affects FileBrowser (CPE: pkg:go/https:__github.com_filebrowser_filebrowser) and has been confirmed with a working proof-of-concept demonstrating that restricted users can create shares and access files publicly despite download restrictions. With a CVSS score of 6.5 and an attack vector requiring only low privileges and no user interaction, this represents a significant access control bypass in environments relying on download restrictions for data loss prevention.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25745 MEDIUM This Month

OpenEMR versions up to 8.0.0 contain an authorization bypass vulnerability in the message/note update endpoints that allows authenticated users with notes permissions to modify any patient's messages without proper access control verification. An attacker can exploit this by supplying arbitrary message IDs in PUT or POST requests, enabling unauthorized modification of other patients' medical records. This is a moderate-risk issue (CVSS 6.5) with integrity impact on sensitive healthcare data, though exploitation requires existing authentication and notes permissions.

Authentication Bypass Openemr
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33123 MEDIUM PATCH This Month

A Denial of Service vulnerability exists in pypdf (Python PDF library) where an attacker can craft a malicious PDF file that causes excessive runtime and memory consumption by exploiting improper handling of array-based streams with large numbers of entries. All versions of pypdf prior to 6.9.1 are affected. An attacker can remotely trigger resource exhaustion on any system processing untrusted PDF files with this library, potentially causing application crashes or service unavailability.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-2512 MEDIUM PATCH This Month

The Code Embed plugin for WordPress (versions up to 2.5.1) contains a stored cross-site scripting vulnerability that allows authenticated attackers with Contributor-level access or higher to inject arbitrary JavaScript into pages through custom field meta values. The vulnerability exists because the plugin's sanitization function only runs during post saves, while WordPress AJAX endpoints can add meta fields without triggering sanitization, and the plugin then outputs these unsanitized values directly without HTML escaping. An attacker can inject malicious scripts that execute whenever any user visits an affected page, potentially leading to session hijacking, credential theft, or malware distribution.

WordPress XSS
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4268 MEDIUM This Month

WP Go Maps (formerly WP Google Maps) plugin for WordPress contains a Stored Cross-Site Scripting (XSS) vulnerability in the 'wpgmza_custom_js' parameter due to insufficient input sanitization and output escaping. Authenticated attackers with Subscriber-level privileges or higher can inject arbitrary JavaScript code that executes in the browsers of users visiting affected pages, potentially leading to session hijacking, credential theft, or malware distribution. The vulnerability affects all versions up to and including 10.0.05, with a CVSS score of 6.4 indicating moderate severity but significant practical impact due to low attack complexity and the ability to affect site-wide functionality.

WordPress XSS Google
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-22170 MEDIUM PATCH This Month

OpenClaw versions prior to 2026.2.22 contain an access control bypass vulnerability in the optional BlueBubbles plugin where empty allowFrom configuration causes the allowlist validation logic to fail, enabling remote attackers to send direct messages to BlueBubbles accounts without proper authorization. The vulnerability stems from improper handling of misconfigured sender authorization checks, allowing attackers to circumvent dmPolicy pairing and allowlist restrictions. Patches are available from the vendor, and this is classified as an authentication bypass issue with a CVSS score of 4.8 indicating moderate severity.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-33265 MEDIUM This Month

LibreChat 0.8.1-rc2 improperly issues JWT tokens to authenticated users for both the LibreChat API and RAG API without adequate scope separation or validation, enabling token reuse across API boundaries. An authenticated attacker with local access can exploit this misconfiguration to access or manipulate resources in the RAG API using credentials intended only for the main LibreChat API. This authentication bypass affects all deployments of LibreChat 0.8.1-rc2, with a proof-of-concept available via the SBA Research advisory (EUVD-2026-12813), though no active KEV exploitation has been reported at this time.

Information Disclosure Librechat
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-1780 MEDIUM This Month

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the [CR]Paid Link Manager WordPress plugin through version 0.5, caused by insufficient input sanitization and output escaping in the URL path parameter. Unauthenticated attackers can craft malicious URLs containing arbitrary JavaScript that executes in the browsers of users who click the link, potentially leading to session hijacking, credential theft, or malware distribution. The vulnerability has a moderate CVSS score of 6.1 and requires user interaction (UI:R), but the network-accessible attack vector (AV:N) and lack of privilege requirements make it a practical threat for WordPress sites using this plugin.

WordPress XSS
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-33209 MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability exists in the `return_to` query parameter of the Avo Ruby gem (pkg:rubygems/avo), allowing attackers to inject arbitrary JavaScript that executes when users click dynamically generated navigation buttons. The vulnerability affects both authenticated and unauthenticated deployments, with unauthenticated setups being directly exploitable via crafted links. The CWE-79 classification confirms this as a classic reflected XSS issue without a published CVSS score or EPSS metric currently available.

XSS
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-33140 MEDIUM PATCH This Month

PySpector versions 0.1.6 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability in the HTML report generator that fails to sanitize JavaScript payloads embedded within scanned Python code. When a victim scans a malicious Python file crafted by an attacker and opens the resulting HTML report in a browser, the embedded JavaScript executes in the local file context, potentially enabling DOM manipulation, page redirects, and theft of locally accessible data. A proof-of-concept demonstrating the vulnerability has been publicly disclosed.

Python XSS
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-22181 MEDIUM PATCH This Month

OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability that allows authenticated attackers to circumvent SSRF (Server-Side Request Forgery) protections by exploiting environment proxy variable configuration. When HTTP_PROXY, HTTPS_PROXY, or ALL_PROXY environment variables are present, attackers can route malicious URLs through proxy mechanisms instead of pinned-destination routing, enabling access to internal resources that should be protected. The vulnerability requires low privilege (PR:L) and non-interactive attack (UI:N) with medium attack complexity (AC:H), resulting in high confidentiality impact (C:H) and lesser integrity and availability impact. A patch is available from the vendor.

SSRF Openclaw
NVD GitHub VulDB
CVSS 4.0
6.1
EPSS
0.0%
CVE-2026-33230 MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability exists in NLTK's WordNet Browser application (nltk.app.wordnet_app) in the lookup_... route, where attacker-controlled word parameters are reflected into HTML responses without proper escaping. This vulnerability affects users running the local WordNet Browser server and allows attackers to inject and execute arbitrary JavaScript in the browser context of the affected application. A proof-of-concept exploit has been publicly demonstrated, and a vendor patch is available.

XSS Docker Python Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-3512 MEDIUM This Month

The Writeprint Stylometry WordPress plugin (versions up to 0.1) contains a Reflected Cross-Site Scripting (XSS) vulnerability in the bjl_wprintstylo_comments_nav() function that fails to properly sanitize and escape the 'p' GET parameter before outputting it in HTML href attributes. An attacker can craft a malicious link containing arbitrary JavaScript code and trick users into clicking it, resulting in session hijacking, credential theft, or malware distribution. The vulnerability requires user interaction (clicking a link) but has a network attack vector with low complexity and no privilege requirements, making it a practical threat in WordPress ecosystems.

WordPress XSS
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-27545 MEDIUM PATCH This Month

OpenClaw versions prior to 2026.2.26 contain a Time-of-Check-Time-of-Use (TOCTOU) approval bypass vulnerability in the system.run execution function that allows local attackers with low privileges to execute arbitrary commands from unintended filesystem locations. An attacker can exploit a race condition by modifying parent symlinks in the current working directory after command approval but before execution, redirecting execution while maintaining the appearance of a safe working directory. A patch is available from the vendor, and this vulnerability has been documented by both VulnCheck and the OpenClaw security advisory (GHSA-f7ww-2725-qvw2).

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-30695 MEDIUM This Month

A Cross-Site Scripting (XSS) vulnerability exists in the web-based configuration interface of Zucchetti Axess physical access control devices across multiple product lines (XA4, X3/X3BIO, X4, X7, and XIO/i-door/i-door+). The vulnerability stems from improper sanitization of the dirBrowse parameter in the /file_manager.cgi endpoint, allowing attackers to inject malicious scripts that execute in the context of authenticated administrators. A public proof-of-concept has been disclosed on GitHub (https://github.com/iremnurylmz/CVE-2026-30695), and given the lack of CVSS/EPSS scoring data and KEV status confirmation, the true exploitation likelihood remains uncertain but the presence of a POC elevates practical risk.

XSS N A
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-27523 MEDIUM PATCH This Month

OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation bypass vulnerability that allows local attackers with low privileges to circumvent allowed-root and blocked-path security checks through symlinked parent directories combined with non-existent leaf paths. An attacker can craft bind source paths that appear to reside within permitted sandbox roots but resolve outside sandbox boundaries once missing path components are created, effectively weakening the sandbox's bind-source isolation enforcement. A patch is available from the vendor, and exploitation requires local access with standard user privileges, making this a practical threat in multi-tenant or shared-system environments.

Path Traversal Openclaw
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-4356 LOW POC Monitor

A Cross-Site Scripting (XSS) vulnerability exists in itsourcecode University Management System version 1.0, specifically in the /add_result.php file where the 'vr' parameter is not properly sanitized. An authenticated attacker with high privileges can inject malicious scripts that execute in the context of other users' browsers, potentially leading to session hijacking, credential theft, or unauthorized actions within the application. A public proof-of-concept exploit is available on GitHub, and while the CVSS score is low (2.4), the vulnerability is actively documented in security databases and poses a real risk in educational environments.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-33129 MEDIUM PATCH This Month

A timing side-channel vulnerability exists in the h3 npm package's `requireBasicAuth` function, where unsafe string comparison using the `!==` operator allows attackers to deduce valid passwords character-by-character by measuring server response times. This affects all versions of h3 that implement this vulnerable authentication mechanism, and while a proof-of-concept exists demonstrating feasibility in local/co-located network environments, the attack requires statistical analysis over multiple requests and is significantly hampered by network jitter in internet-scale scenarios. The CVSS score of 5.9 reflects high confidentiality impact but high attack complexity, placing this in moderate-priority territory despite the linear password recovery capability.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-22174 MEDIUM PATCH This Month

OpenClaw Gateway versions prior to 2026.2.22 leak authentication tokens through Chrome DevTools Protocol (CDP) probe traffic on loopback interfaces, allowing local attackers to intercept the x-OpenClaw-relay-token header and reuse it for unauthorized Gateway access. An attacker with local network access or control of a loopback port can capture reachability probes to the /json/version endpoint and escalate privileges by replaying the stolen token as bearer authentication. A vendor patch is available, and this vulnerability has been documented by VulnCheck with references to the official GitHub security advisory and patch commit.

Authentication Bypass Google Chrome
NVD GitHub VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-33081 MEDIUM PATCH This Month

PinchTab contains a Server-Side Request Forgery (SSRF) vulnerability in its /download endpoint that allows unauthenticated attackers to bypass URL validation and cause the embedded Chromium browser to make requests to internal network services. The vulnerability affects PinchTab versions 0.7.x and 0.8.x when the security.allowDownload setting is enabled (disabled by default), and exploits a validation gap where only the initial user-supplied URL is checked while subsequent browser-initiated requests (redirects, JavaScript navigations, resource fetches) bypass this protection entirely. Although the attacker cannot receive response bodies from internal services (blind SSRF), they can trigger state-changing endpoints on localhost or private network addresses reachable from the PinchTab host, with a proof-of-concept publicly available demonstrating counter increments on internal services.

Google Python SSRF Chrome Suse
NVD GitHub VulDB
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-4366 MEDIUM This Month

A remote code execution vulnerability in A flaw (CVSS 5.8) that allows an attacker. Remediation should follow standard vulnerability management procedures.

Information Disclosure SSRF Red Hat Build Of Keycloak Red Hat Jboss Enterprise Application Platform 8 Red Hat Jboss Enterprise Application Platform Expansion Pack +1
NVD VulDB
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-22217 MEDIUM PATCH This Month

OpenClaw versions prior to 2026.2.23 contain an arbitrary code execution vulnerability in shell-env that allows local attackers with low privileges to execute attacker-controlled binaries by manipulating the $SHELL environment variable through trusted-prefix fallback logic. An attacker who can write to directories like /opt/homebrew/bin can trick OpenClaw into executing malicious binaries in its process context, potentially escalating privileges or compromising system integrity. A patch is available from the vendor, and this vulnerability has been documented by VulnCheck and tracked under EUVD-2026-12730.

RCE Openclaw
NVD GitHub VulDB
CVSS 4.0
5.8
EPSS
0.0%
CVE-2025-71265 MEDIUM PATCH This Month

An infinite loop vulnerability exists in the Linux kernel's NTFS3 file system implementation within the attr_load_runs_range() function, triggered by inconsistent metadata where an attribute header claims to be empty (evcn=-1) while directory entries reference it as containing actual data. This vulnerability affects Linux kernel versions across multiple stable branches (5.15, 6.1, 6.6, 6.12, 6.18, 6.19, and 7.0-rc1) and can be exploited by an attacker mounting a malformed NTFS image to cause a Denial-of-Service condition by inducing infinite CPU consumption in kernel space.

Linux Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23267 MEDIUM PATCH This Month

This vulnerability is a race condition in the Linux kernel's F2FS file system that causes flag inconsistency between concurrent atomic commit and checkpoint write operations. The issue affects all Linux kernel versions with F2FS support (cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*), allowing information disclosure through incorrect inode state recovery after sudden power-off (SPO) scenarios. An attacker with local file system access during atomic write operations could trigger the race condition, leading to potential data inconsistency and information leakage when the system recovers.

Linux Information Disclosure Checkpoint Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23266 MEDIUM PATCH This Month

A divide-by-zero vulnerability exists in the Linux kernel's rivafb framebuffer driver in the nv3_arb() function, which can be triggered by unprivileged userspace applications via the FBIOPUT_VSCREENINFO ioctl call on /dev/fb* devices. An attacker can crash the kernel by crafting a malicious or misconfigured PCI device that exposes a bogus PRAMDAC MCLK PLL configuration, causing the state->mclk_khz divisor to become zero. This is a Denial of Service vulnerability affecting the Linux kernel across multiple stable versions, with patches available in the kernel git repository.

Denial Of Service Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23258 MEDIUM PATCH This Month

A memory leak vulnerability exists in the Linux kernel's Liquidio network driver within the setup_nic_devices() function where the netdev pointer is not initialized in the oct->props[i].netdev structure before calling queue setup functions. If netif_set_real_num_rx_queues() or netif_set_real_num_tx_queues() fail, the allocated netdev memory is not freed because the cleanup function liquidio_destroy_nic_device() cannot locate it via the NULL pointer. This affects all Linux kernel versions with the Liquidio driver and allows for memory exhaustion through repeated device initialization failures.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23257 MEDIUM PATCH This Month

A memory leak vulnerability exists in the Linux kernel's liquidio network driver within the setup_nic_devices() function, where an off-by-one error in the cleanup loop causes failure to deallocate the last successfully allocated device during error handling. The vulnerability affects Linux kernel versions across multiple stable branches (as evidenced by patches in 4.9, 4.14, 4.19, 5.4, 5.10, 5.15, and 5.16 stable trees per the kernel.org references). While this is a local denial-of-service vector through memory exhaustion rather than a direct code execution path, it could be leveraged by unprivileged users to degrade system stability over time.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23256 MEDIUM PATCH This Month

This vulnerability is an off-by-one error in the Linux kernel's liquidio driver that causes a memory leak during virtual function (VF) setup failure cleanup. The vulnerability affects the Linux kernel across all versions where the liquidio net driver is compiled, as identified through the affected CPE (cpe:2.3:a:linux:linux). While this is a memory leak rather than a direct code execution vulnerability, it can be exploited to exhaust kernel memory resources, leading to denial of service.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71267 MEDIUM PATCH This Month

A denial-of-service vulnerability exists in the Linux kernel's ntfs3 file system driver where a malformed NTFS image with a zero-sized ATTR_LIST attribute triggers an infinite loop during file system mount operations. The vulnerability affects Linux kernel versions across multiple stable branches (5.15, 6.1, 6.6, 6.12, 6.18, 6.19, and 7.0-rc1) and can cause the kernel to hang indefinitely, preventing normal system operation. An attacker can exploit this by providing a crafted NTFS image file that triggers the loop when mounted, requiring no special privileges and resulting in complete denial of service for affected systems.

Linux Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy