Skip to main content
CVE-2026-4453 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's Dawn component on macOS versions prior to 146.0.7680.153 results from an integer overflow vulnerability that can be triggered through a malicious HTML page. An unauthenticated attacker can exploit this to access sensitive information from other origins without user interaction beyond viewing the crafted page. Patches are available for Chrome, Ubuntu, and Debian.

Google Information Disclosure Ubuntu Debian Chrome +2
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-33313 MEDIUM PATCH This Month

An authenticated user in Vikunja can read any task comment by its ID without proper authorization checks, regardless of whether they have access to the task that comment belongs to. The vulnerability exists in the `GET /api/v1/tasks/{taskID}/comments/{commentID}` endpoint, which validates access against the attacker-controlled task ID in the URL but then loads the comment by ID alone, bypassing task ownership verification. Any authenticated attacker with read access to at least one task can enumerate and retrieve comments from arbitrary tasks and private projects, leading to unauthorized information disclosure.

Authentication Bypass Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-4136 MEDIUM This Month

The Membership Plugin - Restrict Content for WordPress contains an unvalidated redirect vulnerability in the 'rcp_redirect' parameter that allows unauthenticated attackers to redirect users to arbitrary external sites via password reset emails. Affected versions include all releases up to and including 3.2.24. This vulnerability has a CVSS score of 4.3 (low-to-moderate severity) and requires user interaction, limiting its immediate exploitation impact but creating a viable phishing vector for credential harvesting or malware distribution.

WordPress Information Disclosure
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-33371 MEDIUM This Month

An XML External Entity (XXE) vulnerability exists in Zimbra Collaboration Server (ZCS) versions 10.0 and 10.1 within the Exchange Web Services (EWS) SOAP interface due to improper XML input handling. An authenticated attacker can submit crafted XML payloads to an XML parser with external entity resolution enabled, potentially disclosing sensitive local files from the server. No CVSS score, EPSS data, or known exploitation-in-the-wild status is currently available, though the vulnerability has been documented in Zimbra's security advisory system.

XXE Microsoft
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-33369 MEDIUM This Month

An LDAP injection vulnerability exists in Zimbra Collaboration Server (ZCS) versions 10.0 and 10.1 within the Mailbox SOAP service's FolderAction operation. An authenticated attacker can exploit this issue by sending a crafted SOAP request containing malicious LDAP filter syntax to bypass input validation and retrieve sensitive directory attributes from the LDAP backend. This vulnerability enables information disclosure of directory data that should be access-controlled.

Information Disclosure
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-32310 MEDIUM This Month

Cryptomator versions 1.6.0 through 1.19.0 contain a path traversal vulnerability in vault configuration parsing where the masterkeyfile loader resolves an unverified keyId parameter as a filesystem path before integrity checks are performed. An attacker with the ability to supply a malicious vault configuration can exploit this to trigger arbitrary file existence checks, including UNC paths on Windows that can initiate outbound SMB connections before the user even enters a passphrase, potentially leading to information disclosure about local file structure and network exposure. The vulnerability has been patched in version 1.19.1, and while no active KEV exploitation has been reported, the low attack complexity and the ability to chain this with social engineering (malicious vault sharing) makes it a moderate practical risk.

Hashicorp Microsoft Path Traversal Windows
NVD GitHub VulDB
CVSS 3.1
4.1
EPSS
0.0%
CVE-2025-62844 MEDIUM PATCH This Month

A weak authentication vulnerability exists in QNAP QHora/QuRouter devices that allows attackers with local network access to bypass authentication mechanisms and disclose sensitive information. The vulnerability affects QuRouter versions prior to 2.6.2.007, and exploitation requires network-level access but no special privileges. While no CVSS score or EPSS data is publicly available, the classification as CWE-1390 (Weak Authentication) and the emphasis on local network access indicates this is a network-adjacent threat with moderate real-world risk, particularly in environments where untrusted devices can connect to the local network.

Information Disclosure Qurouter
NVD VulDB
CVSS 4.0
4.0
EPSS
0.0%
CVE-2026-32595 LOW PATCH Monitor

Traefik's BasicAuth middleware contains a timing attack vulnerability that enables username enumeration through observable response time differences between valid and invalid usernames. An unauthenticated network attacker can distinguish existing usernames from non-existent ones by measuring response latency-valid usernames trigger ~166ms bcrypt operations while invalid usernames return in ~0.6ms, creating a ~298x timing differential. Affected versions include Traefik 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1; patches are available in versions 2.11.41, 3.6.11, and 3.7.0-ea.2.

Information Disclosure Traefik
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-33490 LOW PATCH Monitor

The h3 web framework contains a path-matching vulnerability in its mount() method that fails to enforce path segment boundaries when checking if requests fall under a mounted sub-application's prefix. This allows attackers to trigger middleware intended for a path like /admin on unrelated routes such as /admin-public or /administrator, potentially polluting request context with unintended privilege flags and leading to authorization bypass. A proof-of-concept is available demonstrating context pollution across mount boundaries, and the vulnerability affects all h3 v2 applications using mount() with prefix-vulnerable path configurations.

Information Disclosure
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-33070 LOW PATCH Monitor

FileRise, a self-hosted web file manager and WebDAV server, contains a missing-authentication vulnerability in the deleteShareLink endpoint that allows unauthenticated attackers to delete arbitrary file share links by providing only the share token, resulting in denial of service to legitimate users accessing shared files. All versions prior to 3.8.0 are affected. While the CVSS score is moderate at 3.7 due to high attack complexity, the vulnerability has a published proof-of-concept via the GitHub security advisory and represents a trivial attack surface requiring only knowledge of a share token.

PHP Denial Of Service CSRF Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-33422 LOW Monitor

Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain an information disclosure vulnerability where IP addresses of flagged users are exposed to any user with access to the review queue, including those without proper authorization. This allows unauthorized access to sensitive network information that should be restricted to administrators. The vulnerability has a CVSS score of 3.5 (low severity) with no known public exploits or KEV designation, but represents a clear privacy and data protection issue in moderation workflows.

Information Disclosure Discourse
NVD GitHub VulDB
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-33426 LOW Monitor

Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain an authorization bypass vulnerability where users with tag-editing permissions can edit and create tag synonyms for tags within restricted tag groups, even when those users lack visibility into the restricted tags themselves. This represents a broken access control issue (CWE-862) with low CVSS score (3.5) due to high privilege requirement and limited impact scope, though it enables unauthorized information disclosure and tag manipulation within the platform. No public exploit code or active exploitation in the wild has been reported at this time.

Authentication Bypass Discourse
NVD GitHub VulDB
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-59383 LOW PATCH Monitor

A stack-based buffer overflow vulnerability exists in QNAP Media Streaming Add-On that allows remote attackers to corrupt memory or crash the affected process. All versions prior to 500.1.1 are vulnerable, and the attack requires no authentication or user interaction. While no CVSS score or EPSS data is currently available, the presence of a confirmed patch and the critical nature of buffer overflow vulnerabilities in media processing software suggests this warrants immediate patching.

Buffer Overflow Stack Overflow Media Streaming Add On
NVD VulDB
CVSS 4.0
2.7
EPSS
0.2%
CVE-2026-3339 LOW Monitor

The Keep Backup Daily WordPress plugin versions up to 2.1.1 contain a limited path traversal vulnerability in the `kbd_open_upload_dir` AJAX action that allows authenticated administrators to enumerate arbitrary directories on the server. An attacker with Administrator-level access can exploit insufficient sanitization of the `kbd_path` parameter (using only `sanitize_text_field()` which does not prevent path traversal sequences) to list directory contents outside the intended uploads directory. While the CVSS score of 2.7 is low and exploitation requires high-privilege Administrator access, the vulnerability represents a real information disclosure risk in multi-user WordPress environments or where administrator accounts are compromised.

WordPress Path Traversal
NVD GitHub VulDB
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-22735 LOW PATCH Monitor

CVE-2026-22735 is a security vulnerability (CVSS 2.6). Remediation should follow standard vulnerability management procedures.

Java Information Disclosure
NVD HeroDevs VulDB
CVSS 3.1
2.6
EPSS
0.0%
CVE-2026-30888 LOW PATCH Monitor

A privilege escalation vulnerability in Discourse allows moderators to edit site policy documents (Terms of Service, guidelines, privacy policy) despite explicit access restrictions, enabling unauthorized modification of critical site governance documents. This affects Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. The vulnerability has a low CVSS score of 2.2 due to high attack complexity and privileged access requirement, but represents a clear integrity violation of role-based access controls.

Privilege Escalation Discourse
NVD GitHub VulDB
CVSS 3.1
2.2
EPSS
0.0%
CVE-2026-4465 LOW Monitor

OS command injection in D-Link DIR-513 1.10 via the /goform/formSysCmd endpoint allows authenticated remote attackers to execute arbitrary commands with network access. The vulnerability stems from insufficient input validation of the sysCmd parameter and has public exploit code available. No patch is available, and affected devices are no longer supported by D-Link.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.5%
CVE-2026-4472 LOW Monitor

SQL injection in itsourcecode Online Frozen Foods Ordering System 1.0 allows authenticated remote attackers to manipulate the Supplier_Name parameter in /admin/admin_edit_supplier.php, potentially enabling data exfiltration or modification. Public exploit code exists for this vulnerability, and no patch is currently available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4476 LOW Monitor

The YI Home Camera 2 (version 2.1.1_20171024151200) CGI endpoint fails to properly authenticate requests to the /home/web/ipc function, allowing unauthenticated attackers on the local network to manipulate camera settings and access sensitive functionality. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. An attacker with network access to the camera could read configuration data, modify settings, or disrupt normal operations.

Authentication Bypass
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4468 LOW Monitor

Command injection in Comfast CF-AC100 2.6.0.8 allows remote attackers to execute arbitrary commands through the /cgi-bin/mbox-config endpoint with high privileges. The vulnerability requires administrative credentials but carries no authentication complexity, and public exploit code exists with no vendor patch available. Affected devices can be compromised remotely to achieve command execution with limited scope.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2026-4467 LOW Monitor

Command injection in Comfast CF-AC100 2.6.0.8 wireless configuration endpoint allows unauthenticated remote attackers to execute arbitrary commands with elevated privileges through the /cgi-bin/mbox-config interface. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. The attack requires network access but no user interaction, making it readily exploitable in exposed deployments.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2026-4466 LOW Monitor

Command injection in Comfast CF-AC100 2.6.0.8 allows authenticated remote attackers to execute arbitrary commands via the /cgi-bin/mbox-config endpoint's ntp_timezone parameter. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response to disclosure notifications. An attacker with high-level privileges can leverage this to compromise device integrity and confidentiality.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2026-4473 LOW Monitor

SQL injection in itsourcecode Online Doctor Appointment System 1.0 allows remote attackers with high privileges to manipulate the appointment_id parameter in /admin/appointment_action.php, potentially compromising data confidentiality and integrity. Public exploit code exists for this vulnerability, though no patch is currently available for PHP-based deployments.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-4471 LOW Monitor

SQL injection in itsourcecode Online Frozen Foods Ordering System 1.0 allows authenticated administrators to manipulate the First_Name parameter in /admin/admin_edit_employee.php, enabling remote database compromise. Public exploit code exists for this vulnerability, which requires high-level privileges but carries low complexity for exploitation. The affected system currently lacks an available patch.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-4470 LOW Monitor

SQL injection in itsourcecode Online Frozen Foods Ordering System 1.0 allows remote attackers with high privileges to manipulate the product_name parameter in /admin/admin_edit_menu.php, enabling unauthorized data access and modification. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The affected PHP application currently lacks an available patch.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-4469 LOW Monitor

SQL injection in itsourcecode Online Frozen Foods Ordering System 1.0 allows remote attackers with high-level privileges to manipulate the product_name parameter in /admin/admin_edit_menu_action.php, potentially exposing or modifying sensitive database information. Public exploit code for this vulnerability exists, though no patch is currently available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-4474 LOW Monitor

A stored cross-site scripting (XSS) vulnerability exists in itsourcecode University Management System version 1.0 within the /admin_single_student_update.php file, where the st_name parameter fails to properly sanitize user input. An authenticated administrator with high privileges can inject malicious scripts that execute in the context of other users' browsers, potentially leading to session hijacking, credential theft, or unauthorized administrative actions. A proof-of-concept exploit has been publicly disclosed on GitHub, increasing real-world exploitation risk despite the low CVSS score of 2.4.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-33423 LOW Monitor

A privilege escalation vulnerability in Discourse allows staff members to arbitrarily modify group notification levels for any user without proper authorization checks. This affects Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, enabling authenticated staff users to alter notification settings for other users in ways they should not be permitted to do. While no CVSS score or EPSS data is available and no known public exploits have been confirmed, the vulnerability is classified under CWE-862 (Missing Authorization) and has been assigned a GitHub Security Advisory (GHSA-qggq-wr6h-vhrg) with patches available.

Authentication Bypass Discourse
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2026-4477 LOW Monitor

Yi Technology YI Home Camera 2 (version 2.1.1_20171024151200) contains a hard-coded cryptographic key vulnerability in its WPA/WPS component that allows attackers to disclose sensitive information through local network access. While the exploit has been publicly disclosed and proof-of-concept code is available, the attack requires high complexity and difficult exploitability, limiting real-world risk to local network environments only. The vendor was notified early but provided no response, leaving users without an official patch.

Information Disclosure
NVD VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2025-62843 LOW PATCH Monitor

An improper restriction of communication channel to intended endpoints vulnerability (CWE-923) has been identified in QNAP QHora devices, allowing attackers with physical access to exploit insufficient endpoint validation and gain privileges intended for legitimate endpoints. The vulnerability affects QHora/QuRouter products prior to version 2.6.3.009. While no CVSS score or EPSS data is currently available and the vulnerability does not appear in active exploitation databases (KEV), the physical access requirement significantly constrains real-world exploitability, though the privilege escalation impact remains concerning for organizations with physical security controls.

Information Disclosure Qurouter
NVD VulDB
CVSS 4.0
0.9
EPSS
0.0%
CVE-2026-23276 PATCH Monitor

A stack overflow vulnerability exists in the Linux kernel's tunnel transmission functions (iptunnel_xmit and ip6tunnel_xmit) due to missing recursion limits when GRE tap interfaces operate as slaves in bonded devices with broadcast mode enabled. This allows local attackers or legitimate multicast/broadcast traffic to trigger infinite recursion between bond_xmit_broadcast() and tunnel transmission functions, causing kernel stack exhaustion and denial of service. The vulnerability affects multiple Linux kernel versions and has been resolved with the addition of IP_TUNNEL_RECURSION_LIMIT (4) to prevent excessive stack consumption during nested tunnel packet encapsulation.

Linux Denial Of Service Stack Overflow Debian Ubuntu +1
NVD VulDB
EPSS
0.0%
CVE-2026-32765 Awaiting Data

Rejected reason: This repository is no longer public.

Information Disclosure
NVD
CVE-2026-32764 Awaiting Data

Rejected reason: This repository is no longer public.

Information Disclosure
NVD
Prev Page 6 of 6

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy