Skip to main content
CVE-2026-33368 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in the Zimbra Collaboration Suite (ZCS) Classic Webmail REST interface (/h/rest) affecting versions 10.0 and 10.1, allowing unauthenticated attackers to inject malicious JavaScript via crafted URLs. When a victim accesses the malicious link, the injected script executes within the Zimbra webmail application context, enabling the attacker to perform unauthorized actions on behalf of the victim such as reading emails, modifying settings, or sending messages. No CVSS score, EPSS probability, or public exploit code availability data is currently documented in the available intelligence sources, though the vulnerability is documented in the Zimbra Releases 10.1.16 security fixes, indicating a patch has been made available.

XSS
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-29828 MEDIUM This Month

DooTask v1.6.27 contains a Stored or Reflected Cross-Site Scripting (XSS) vulnerability in the /manage/project/<id> endpoint via the projectDesc input field, allowing an attacker to inject malicious JavaScript that executes in the context of other users' browsers. An authenticated or unauthenticated attacker can exploit this to steal session cookies, perform actions on behalf of victims, or redirect users to malicious sites. A proof-of-concept has been publicly disclosed on GitHub, increasing the likelihood of active exploitation.

XSS
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-33370 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in Zimbra Collaboration Server (ZCS) versions 10.0 and 10.1 within the Briefcase feature, caused by insufficient sanitization of uploaded file types. When an attacker crafts a malicious file and shares it via the Briefcase public sharing mechanism, the embedded JavaScript executes in the victim's browser session context when the file is opened, enabling arbitrary script execution, session hijacking, credential theft, and unauthorized actions on behalf of the victim. No CVSS score, EPSS data, or active KEV status is currently available, though the attack vector is network-based with low complexity and requires user interaction (file opening).

XSS
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-31382 MEDIUM This Month

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the error_description parameter of Gainsight Assist, allowing unauthenticated attackers to inject malicious JavaScript payloads that execute in victims' browsers. The vulnerability is particularly dangerous because attackers can bypass the application's Web Application Firewall (WAF) using Safari-specific event handlers such as onpagereveal, which are not typically filtered by standard XSS protections. While the CVSS score of 6.1 indicates moderate severity with limited direct impact (integrity and availability degradation rather than confidentiality breach), the attack requires minimal technical complexity and no special privileges, making it exploitable by any attacker who can craft a malicious URL and socially engineer a victim into clicking it.

XSS Apple
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-33499 MEDIUM This Month

AVideo contains a reflected cross-site scripting (XSS) vulnerability in the password unlock functionality where the unlockPassword request parameter is directly reflected into HTML input tag attributes without output encoding. The vulnerability affects AVideo (pkg:composer/wwbn_avideo) and can be exploited by any unauthenticated attacker to execute arbitrary JavaScript in the victim's browser with no user interaction beyond clicking a crafted link, potentially leading to session hijacking, account takeover, or credential theft. A proof-of-concept has been published and the vulnerability is documented in the official GitHub advisory.

PHP XSS
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-33343 MEDIUM PATCH This Month

An authenticated user with restricted RBAC permissions on specific key ranges in etcd can use nested transactions to completely bypass key-level authorization controls and access the entire etcd data store. This affects etcd versions 3.4.x before 3.4.42, 3.5.x before 3.5.28, and 3.6.x before 3.6.9. While Kubernetes deployments are typically protected because Kubernetes handles authentication and authorization at the API server layer rather than relying on etcd's built-in controls, direct etcd deployments with RBAC restrictions are at significant risk.

Kubernetes Authentication Bypass Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
1.0%
CVE-2026-4495 LOW POC Monitor

A Stored Cross-Site Scripting (XSS) vulnerability exists in atjiu pybbs 6.0.0 within the CommentApiController.java file's create function, allowing authenticated attackers to inject malicious scripts that execute in the browsers of other users viewing comments. The vulnerability requires user interaction (UI:R per CVSS vector) but carries a low CVSS score of 3.5 due to low impact scope; however, a public proof-of-concept exploit is available and the vulnerability has been disclosed, increasing real-world exploitation risk despite the low severity rating.

Java XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-4494 LOW POC Monitor

A stored cross-site scripting (XSS) vulnerability exists in atjiu pybbs 6.0.0 within the TopicApiController.java create function that allows authenticated attackers to inject malicious scripts into topic creation requests. The vulnerability affects all versions of the pybbs application matching the CPE cpe:2.3:a:atjiu:pybbs:*:*:*:*:*:*:*:*, and while the CVSS score of 3.5 is low, a publicly available proof-of-concept exploit has been disclosed, indicating active research and potential real-world exploitation risk.

XSS Java
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-4496 LOW POC PATCH Monitor

Local command injection in sigmade Git-MCP-Server's merge diff functions allows authenticated local attackers to execute arbitrary OS commands through unsanitized input passed to child_process.exec in src/gitUtils.ts. Public exploit code exists for this vulnerability, increasing the risk of active abuse. A patch is available and should be applied immediately, as the vendor has not responded to early disclosure notifications.

Command Injection Git Mcp Server
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.2%
CVE-2024-31119 MEDIUM This Month

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Vasilis Triantafyllou Special Box for Content allows DOM-Based XSS. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Special Box For Content
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-22737 MEDIUM PATCH This Month

Spring Framework applications using Java scripting engines (JRuby, Jython) for template views in Spring MVC or Spring WebFlux can leak sensitive file contents from outside intended directories through path traversal. Affected versions include 7.0.0-7.0.5, 6.2.0-6.2.16, 6.1.0-6.1.25, and 5.3.0-5.3.46, with no patch currently available. An unauthenticated remote attacker can read arbitrary files on the system with confidentiality impact.

Java Path Traversal
NVD HeroDevs VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-33424 MEDIUM This Month

Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain an access control bypass vulnerability where attackers can grant invites to private message topics even after losing direct access to those conversations. This authentication bypass (CWE-863) allows unauthorized lateral privilege escalation within discussion communities. No public exploit code has been widely reported, but the vulnerability is patched across multiple release branches, indicating vendor awareness of active exploitation risk.

Authentication Bypass Discourse
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-33061 MEDIUM This Month

Jexactyl, a game management panel and billing system, contains a stored DOM-based cross-site scripting (XSS) vulnerability in its template rendering engine where server-side objects are injected into client-side JavaScript without proper escaping. The vulnerability affects versions after commit 025e8dbb0daaa04054276bda814d922cf4af58da and before the patched commit e28edb204e80efab628d1241198ea4f079779cfd, allowing authenticated attackers with high privileges to inject malicious payloads through attacker-controlled fields such as usernames or display names that execute arbitrary JavaScript in the browsers of all users viewing the affected page. The CVSS score of 5.8 reflects local attack vector requirements and high privilege prerequisites, though the stored nature of the XSS and lack of user interaction requirements for viewing the malicious content represent meaningful security risk for multi-user deployments.

XSS PHP
NVD GitHub VulDB
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-33144 MEDIUM PATCH This Month

Heap-based buffer overflow in GPAC MP4Box's XML parsing function allows local attackers to corrupt memory and potentially crash the application or achieve code execution by crafting malicious NHML files with specially formatted BitSequence elements. The vulnerability affects systems processing untrusted multimedia files and remains unpatched as of this advisory. Exploitation requires user interaction to open a malicious file.

Memory Corruption Buffer Overflow Gpac
NVD GitHub VulDB
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-22902 MEDIUM PATCH This Month

Arbitrary command execution in QuNetSwitch can be achieved by local attackers with administrator privileges due to insufficient input validation in command processing. This vulnerability affects QuNetSwitch versions prior to 2.0.5.0906, allowing authenticated high-privilege users to bypass security controls and execute system commands. No patch is currently available for affected versions.

Command Injection Qunetswitch
NVD VulDB
CVSS 4.0
5.7
EPSS
0.1%
CVE-2026-33473 MEDIUM PATCH This Month

A time-based one-time password (TOTP) reuse vulnerability exists in Vikunja's authentication implementation where a valid TOTP code can be used multiple times within its 30-second validity window, allowing an attacker who captures or obtains a valid code to authenticate as a targeted user. This affects all users who have enabled two-factor authentication (2FA) on Vikunja instances, and while the CVSS score of 5.7 reflects moderate severity, the vulnerability undermines a critical layer of the defense-in-depth authentication model. A proof-of-concept demonstrating the reuse attack has been publicly disclosed.

Microsoft Authentication Bypass Windows Suse
NVD GitHub VulDB
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-62845 MEDIUM PATCH This Month

An improper neutralization of escape, meta, or control sequences vulnerability (CWE-150) affects QNAP QHora/QuRouter devices, allowing local attackers with administrator privileges to cause unexpected behavior through injection of unfiltered control sequences. The vulnerability has been patched in QuRouter version 2.6.3.009 and later. While no CVSS score, EPSS probability, or KEV/POC data are currently published, the requirement for local administrator access significantly limits exploitation scope in typical deployments.

Information Disclosure Qurouter
NVD VulDB
CVSS 4.0
5.6
EPSS
0.0%
CVE-2026-23277 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability exists in the Linux kernel's TEQL (Trivial Ethernet Queue Limiting) network scheduler when transmitting through tunnel slave devices, particularly gretap tunnels. The vulnerability occurs because teql_master_xmit() fails to update skb->dev to the slave device before transmission, causing tunnel xmit functions to reference unallocated per-CPU statistics on the TEQL master device. This allows a local or networked attacker to trigger a kernel page fault and crash the system, resulting in a denial of service. No CVSS score, EPSS risk score, or KEV active exploitation status is currently published, but patch commits are available in Linux kernel stable branches (6.18.19, 6.19.9, and 7.0-rc4).

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-33165 MEDIUM PATCH This Month

A remote code execution vulnerability in libde265 (CVSS 5.5). Remediation should follow standard vulnerability management procedures.

Memory Corruption Buffer Overflow Libde265
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-32810 MEDIUM This Month

Halloy, an IRC application written in Rust, fails to properly restrict file permissions on its configuration directory and files on *nix and macOS systems prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, resulting in world-readable access to plaintext credentials. Any local user on an affected system can read sensitive authentication data stored in config.toml or referenced password files, leading to credential compromise. While no CVSS score or EPSS data is currently available, the vulnerability represents a direct information disclosure risk with low exploitation complexity.

Information Disclosure Apple macOS Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-33291 MEDIUM This Month

A broken access control vulnerability in Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allows moderators to create Zendesk support tickets for topics they lack permission to view, bypassing intended access restrictions. This affects all Discourse forums utilizing the Zendesk plugin integration. The vulnerability is classified as CWE-863 (Incorrect Authorization) and has no publicly disclosed active exploitation or proof-of-concept code, though patches are available from the vendor.

Authentication Bypass Discourse
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-33312 MEDIUM PATCH This Month

A permission-check bypass vulnerability exists in Vikunja versions 0.20.2 through 2.1.x where the DELETE /api/v1/projects/:project/background endpoint incorrectly validates CanRead permissions instead of CanUpdate permissions, allowing read-only project members to permanently delete a project's background image. This affects the go-vikunja:vikunja product family, and the vulnerability has been patched in version 2.2.0 as documented in the GitHub security advisory GHSA-564f-wx8x-878h.

Authentication Bypass Suse
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-4438 MEDIUM PATCH This Month

The GNU C Library (glibc) versions 2.34 through 2.43 contain a vulnerability in the gethostbyaddr and gethostbyaddr_r functions that can return invalid DNS hostnames violating DNS specification requirements when using a configured nsswitch.conf with the DNS backend. This affects any application or system service relying on reverse DNS lookups through glibc, potentially leading to information disclosure or incorrect hostname resolution. While no CVSS score, EPSS probability, or active exploitation status has been publicly assigned, the vulnerability represents a data integrity issue in a foundational system library affecting millions of Linux systems.

Information Disclosure Glibc
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-33411 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in Discourse's solved posts stream feature where unsanitized topic titles can be persisted and executed in the browser context of authenticated users. The vulnerability affects Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, allowing authenticated attackers to inject malicious JavaScript that executes in the browsers of other users viewing the affected topics. While the CVSS score of 5.4 reflects moderate severity with low impact scope and no availability impact, the attack requires user interaction indirectly through viewing a crafted topic title, making real-world exploitation limited to scenarios where attackers have post creation privileges.

XSS Discourse
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-33500 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in AVideo's comment markdown processing, where the fix for a prior XSS issue (CVE-2026-27568) inadvertently disabled Parsedown's safe mode while implementing incomplete custom sanitization. An attacker with comment posting privileges can inject malicious JavaScript via markdown link syntax (e.g., `[text](javascript:alert(1))`) that executes in the browser context of any user viewing the comment, enabling session hijacking and account takeover. A working proof-of-concept exists and the vulnerability affects all versions of WWBN AVideo using the vulnerable ParsedownSafeWithLinks class (pkg:composer/wwbn_avideo).

PHP XSS
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-33251 MEDIUM This Month

An authorization bypass vulnerability in Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allows authenticated users to accept or unaccept solutions in hidden Solved topics without proper authorization checks. The vulnerability affects the open-source Discourse discussion platform and permits users with valid credentials to manipulate solution status across topics they should not have access to, resulting in information disclosure and integrity violations. This is a low-to-moderate severity issue with a CVSS score of 5.4 that requires prior authentication but carries exploitation risk in multi-tenant or federated Discourse installations.

Authentication Bypass Discourse
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-63260 MEDIUM This Month

SyncFusion versions up to 30.1.37 contain stored Cross-Site Scripting (XSS) vulnerabilities in two distinct UI components: the Document-Editor reply-to-comment field and the Chat-UI chat message field. An attacker can inject malicious JavaScript payloads through these fields, which are then stored and executed in the browsers of other users who view the affected content, potentially enabling session hijacking, credential theft, or malware distribution. No CVSS score, EPSS data, or KEV status is currently available, but proof-of-concept exploitation details are documented in the pentest-tools reference (PTT-2025-023-Multiple-Stored-XSS.pdf).

XSS N A
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-33372 MEDIUM This Month

Zimbra Collaboration Server 10.0 and 10.1 accept CSRF tokens from request bodies instead of enforcing header-based validation, allowing attackers to perform unauthorized actions by deceiving authenticated users into submitting malicious requests. This CSRF bypass affects webmail users and could enable account compromise or sensitive data modification without user awareness. No patch is currently available.

CSRF
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-32881 MEDIUM This Month

ewe, a Gleam web server, contains an authentication bypass vulnerability in versions 0.6.0 through 3.0.4 that exploits improper handling of chunked transfer encoding trailer headers. An unauthenticated remote attacker can declare sensitive HTTP headers in the Trailer field and append them after the final chunk to overwrite legitimate values set by reverse proxies, enabling them to forge authentication credentials, hijack sessions, bypass rate limiting, or spoof proxy-trust headers. The vulnerability has been patched in version 3.0.5, and while not currently listed in CISA's KEV catalog, the CVSS score of 5.3 reflects medium severity with integrity impact.

Authentication Bypass Ewe
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-33501 MEDIUM PATCH This Month

An unauthenticated information disclosure vulnerability exists in the AVideo Permissions plugin endpoint `list.json.php`, which exposes the complete permission matrix mapping user groups to installed plugins without any authentication check. The vulnerability affects AVideo instances with the Permissions plugin enabled and allows unauthenticated attackers to enumerate all user groups, plugins, and their permission assignments-information that significantly aids targeted privilege escalation attacks. A proof-of-concept curl command exists, and this represents a clear authentication bypass in a sensitive administrative endpoint.

PHP Authentication Bypass Privilege Escalation
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-29794 MEDIUM PATCH This Month

Vikunja API fails to properly validate the source IP address for rate-limiting unauthenticated endpoints, allowing attackers to bypass rate limits by spoofing the X-Forwarded-For or X-Real-IP headers. This affects Vikunja API (pkg:go/code.vikunja.io_api) and enables unlimited brute-force attacks against login endpoints and other unauthenticated routes. A functional proof-of-concept has been published demonstrating the bypass mechanism, making this vulnerability readily exploitable without authentication or user interaction.

Docker RCE Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-33425 MEDIUM This Month

An information disclosure vulnerability in Discourse prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allows unauthenticated attackers to enumerate private group membership by observing directory result changes when manipulating the exclude_groups parameter. This enables attackers to determine whether specific users are members of private groups without authentication, representing a direct privacy violation. The vulnerability does not appear to be actively exploited in the wild (no KEV status indicated), but patches are available from the vendor.

Information Disclosure Discourse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-31805 MEDIUM PATCH This Month

A remote code execution vulnerability in Discourse (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Discourse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3550 MEDIUM This Month

The RockPress WordPress plugin (versions up to 1.0.17) contains a Missing Authorization vulnerability in five AJAX actions that allows authenticated users with Subscriber-level privileges to trigger privileged operations intended for administrators. The vulnerability stems from a combination of missing capability checks (current_user_can() calls) in AJAX handlers and exposure of an admin nonce to all authenticated users via an unconditionally enqueued script. Attackers can extract the nonce from the HTML source and use it to trigger resource-intensive imports, reset import data, check service connectivity, and read import status information without administrative privileges.

WordPress PHP Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33481 MEDIUM PATCH This Month

Syft versions before v1.42.3 fail to properly clean up temporary files when temporary storage becomes exhausted during archive scanning, allowing an attacker to trigger a denial of service by exhausting the system's temporary storage through highly compressed or large artifacts. This affects all users of Syft who scan untrusted or adversarially-crafted archives, as the vulnerability requires no authentication and can be triggered remotely through the normal scanning interface. The vulnerability has been patched in v1.42.3 and no active exploitation has been reported in the wild, though the attack vector is straightforward and does not require special privileges.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3567 MEDIUM This Month

A security vulnerability in for WordPress is vulnerable to unauthorized access in all (CVSS 5.3) that allows any authenticated user. Remediation should follow standard vulnerability management procedures.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-31381 MEDIUM This Month

Gainsight Assist contains an information disclosure vulnerability where user email addresses (PII) are exposed in base64-encoded format within the OAuth callback URL's state parameter. This affects all versions of Gainsight Assist and allows unauthenticated remote attackers to extract sensitive personal information with no user interaction required. The vulnerability has a CVSS score of 5.3 (moderate) with confirmed disclosure via Rapid7, and patch availability has been documented in vendor advisories.

Information Disclosure Gainsight Assist
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-46598 MEDIUM This Month

Bitcoin Core versions through 29.0 contain a denial of service vulnerability that can be triggered by a specially crafted transaction. An attacker with network access can send a malicious transaction to cause the affected Bitcoin Core node to become unresponsive or crash, disrupting normal operation of the node. No CVSS score, EPSS data, or active exploitation in the wild has been disclosed, but the vulnerability has been formally disclosed by the Bitcoin Core project.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32844 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in XinLiangCoder's php_api_doc application through commit 1ce5bbf, specifically in the list_method.php file where the 'f' GET parameter is output directly to the page without sanitization. Remote attackers can inject arbitrary JavaScript code by crafting malicious URLs, enabling session hijacking, credential theft, and malware distribution within the application context. No CVSS score, EPSS data, or KEV status are currently available, but the vulnerability is confirmed with a proof-of-concept reference available via VulnCheck advisory.

XSS PHP
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-32828 MEDIUM PATCH This Month

Kargo versions 1.4.0-1.6.3, 1.7.0-1.7.8, 1.8.0-1.8.11, and 1.9.0-1.9.4 contain a Server-Side Request Forgery vulnerability in http and http-download promotion steps that allows authenticated attackers to access cloud instance metadata endpoints and exfiltrate sensitive credentials like IAM keys. An attacker with permissions to create or modify Stages or Promotion resources can exploit this by crafting malicious manifests with full control over request headers and methods, bypassing cloud provider SSRF protections. Currently, no patch is available for this vulnerability.

SSRF Information Disclosure Suse
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-33126 MEDIUM PATCH This Month

Frigate versions prior to 0.16.3 contain a Server-Side Request Forgery (SSRF) vulnerability in the /ffprobe endpoint that accepts arbitrary user-controlled URLs without proper validation. An authenticated attacker can leverage this endpoint to make HTTP requests to internal network resources, cloud metadata services (such as AWS IMDSv1), or perform reconnaissance activities like port scanning against systems accessible from the Frigate server. The vulnerability requires low privileges (authenticated user) and has a network attack vector with low complexity, making it moderately exploitable in environments where Frigate is exposed to untrusted users.

SSRF Frigate
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-3474 MEDIUM This Month

The EmailKit - Email Customizer for WooCommerce & WP WordPress plugin contains a path traversal vulnerability in the TemplateData class that allows authenticated administrators to read arbitrary files from the server via the 'emailkit-editor-template' REST API parameter. An attacker with Administrator privileges can exploit this flaw to access sensitive files such as wp-config.php or /etc/passwd by supplying directory traversal sequences, with the retrieved file contents stored as post metadata and retrievable through the fetch-data REST API endpoint. The vulnerability affects all versions up to and including 1.6.3, and while it requires high-level administrative access and has a moderate CVSS score of 4.9, it represents a critical information disclosure risk in multi-user WordPress environments.

WordPress PHP Path Traversal
NVD VulDB
CVSS 3.1
4.9
EPSS
0.1%
CVE-2026-30889 MEDIUM PATCH This Month

A moderator authorization bypass vulnerability in Discourse allows authenticated moderators to access post metadata they should not have permission to view due to insufficient authorization checks. The vulnerability affects Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, with patched versions now available. While the CVSS score of 5.3 indicates moderate severity and the attack requires authenticated access with moderator privileges, this represents a meaningful confidentiality risk in multi-tenant forum environments where metadata isolation between moderation scopes is critical.

Authentication Bypass Discourse
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-3577 MEDIUM This Month

The Keep Backup Daily WordPress plugin versions up to 2.1.2 contain a Stored Cross-Site Scripting (XSS) vulnerability in the backup title alias functionality due to insufficient input sanitization and output escaping. Authenticated administrators can inject arbitrary JavaScript via the `val` parameter in the `update_kbd_bkup_alias` AJAX action, which executes when other administrators view the backup list page. With a CVSS score of 4.4 and moderate real-world risk due to high privilege requirements, this vulnerability requires administrator-level access to exploit but can compromise other administrator sessions.

WordPress XSS
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-2432 MEDIUM This Month

CM Custom Reports - Flexible reporting to track what matters most plugin for WordPress contains a Stored Cross-Site Scripting (XSS) vulnerability in admin settings that allows authenticated administrators to inject arbitrary web scripts. The vulnerability affects all versions up to and including 1.2.7 and is caused by insufficient input sanitization and output escaping in the GraphModule.php file. While the CVSS score of 4.4 is moderate, exploitation is restricted to high-privilege authenticated attackers on multi-site WordPress installations or where unfiltered_html has been disabled, making real-world exploitability dependent on specific WordPress configurations.

WordPress XSS
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-33071 MEDIUM PATCH This Month

FileRise, a self-hosted web file manager and WebDAV server, contains an unrestricted file upload vulnerability in its WebDAV endpoint that bypasses filename validation controls present in the regular upload path, allowing authenticated attackers to upload executable file types such as .phtml, .php5, and .htaccess. In non-default Apache configurations lacking LocationMatch protection, this enables remote code execution on the underlying web server. The vulnerability affects FileRise versions prior to 3.8.0 and has been patched; no public exploit code or active KEV listing is currently confirmed, but the presence of a GitHub security advisory indicates vendor acknowledgment of the threat.

PHP RCE Apache File Upload
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-33315 MEDIUM PATCH This Month

The Vikunja todo application contains an authentication bypass vulnerability in its CalDAV endpoint that allows attackers to circumvent two-factor authentication (2FA) protections by using basic HTTP authentication. An attacker with valid username and password credentials can access CalDAV endpoints without providing a TOTP token, gaining unauthorized access to protected project information including names, descriptions, and task details. A proof-of-concept exploit has been publicly documented, and patches are available from the vendor.

Authentication Bypass Docker Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-30580 MEDIUM This Month

File Thingie version 2.5.7 contains a directory traversal vulnerability in its 'create folder from URL' functionality that allows unauthenticated attackers to read arbitrary files from the target system. An attacker can exploit this path traversal flaw by crafting malicious input to the folder creation feature, bypassing directory restrictions and accessing sensitive files outside the intended application directory. Proof-of-concept code is available in public repositories, and while CVSS and EPSS scores are not published, the vulnerability enables direct unauthorized information disclosure.

Path Traversal
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-32114 MEDIUM PATCH This Month

An Insecure Direct Object Reference (IDOR) vulnerability in Discourse allows any authenticated user to access restricted metadata about AI personas, features, and LLM models by directly referencing their identifiers, exposing sensitive information including credit allocations and usage statistics. The vulnerability affects Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, and requires only low-privilege access (any logged-in user account) over the network. While the CVSS score of 5.3 indicates low confidentiality impact with no integrity or availability impact, this represents a clear information disclosure risk that could enable unauthorized tracking of AI resource consumption and usage patterns.

Authentication Bypass Discourse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-31869 MEDIUM PATCH This Month

Discourse prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contains an information disclosure vulnerability in the ComposerController#mentions endpoint that reveals hidden group membership to any authenticated user capable of messaging the group. An attacker can exploit this by supplying hidden-membership group names and probing arbitrary usernames to infer membership based on whether the user_reasons field returns 'private', effectively bypassing group member-visibility controls designed to protect sensitive group information. This vulnerability is not known to be actively exploited in the wild (KEV status unknown), carries a moderate CVSS score of 5.3 reflecting low confidentiality impact with low attack complexity, and requires prior authentication.

Information Disclosure Discourse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy