Skip to main content
CVE-2026-33933 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in the custom template editor of OpenEMR, a widely-deployed open-source electronic health records system. Attackers can craft malicious URLs that, when clicked by authenticated staff members, execute arbitrary JavaScript within their browser sessions and gain access to sensitive medical data and system functions; notably, the attacker does not require an OpenEMR account themselves. The vulnerability affects OpenEMR versions 7.0.2.1 through 8.0.0.2, and while there is no evidence of active exploitation in the wild or public proof-of-concept code, the moderate CVSS score of 6.1 combined with the user-interaction requirement and the context-sensitive nature of healthcare data makes this a meaningful priority for healthcare organizations.

XSS Openemr
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-28297 MEDIUM This Month

SolarWinds Observability Self-Hosted versions 2026.1.1 and earlier contain a stored cross-site scripting vulnerability that allows authenticated attackers with high privileges to inject malicious scripts into the application, resulting in unintended script execution within the security context of the affected system. The vulnerability requires administrative or high-privilege access and does not currently show evidence of active exploitation, though the ability to persist malicious payloads in stored data represents a significant insider threat. Affected organizations should prioritize patching to versions after 2026.1.1 to eliminate the XSS attack surface.

XSS Solarwinds Observability Self Hosted
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-3529 MEDIUM PATCH This Month

Drupal Google Analytics GA4 module versions before 1.1.14 contain a cross-site scripting (XSS) vulnerability through improper input neutralization during web page generation, allowing attackers to inject and execute arbitrary JavaScript in user browsers. Remote attackers can craft malicious requests that persist within analytics data or configuration, affecting all users of sites running vulnerable versions. The vulnerability is documented in Drupal's security advisory SA-CONTRIB-2026-024 and has been assigned EUVD-2026-16383; no public exploit code or active exploitation has been confirmed at the time of this analysis.

XSS Google
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-3528 MEDIUM PATCH This Month

Cross-site scripting (XSS) in Drupal Calculation Fields module versions prior to 1.0.4 permits remote attackers to inject arbitrary JavaScript into dynamically generated web pages, enabling session hijacking, credential theft, and malware distribution against users viewing affected pages. The vulnerability stems from improper input neutralization during calculation field rendering, affecting all installations running Calculation Fields 0.0.0 through 1.0.3. No public exploit code or active exploitation has been confirmed at time of analysis.

XSS Calculation Fields
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-33883 MEDIUM PATCH This Month

The user:reset_password_form template tag in Statamic CMS fails to escape user-supplied input before rendering it into HTML, enabling reflected cross-site scripting (XSS) attacks via crafted URLs. An unauthenticated remote attacker can exploit this by tricking a victim into clicking a malicious link, causing arbitrary JavaScript execution in the victim's browser with access to session tokens and sensitive page content. Vendor-released patches are available in versions 5.73.16 and 6.7.2.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-30162 MEDIUM This Month

Timo 2.0.3 contains a stored cross-site scripting (XSS) vulnerability in the title field that allows unauthenticated remote attackers to inject malicious scripts via crafted links, resulting in session hijacking, credential theft, or malware distribution to other users viewing affected content. Publicly available exploit code exists (referenced via GitHub issue), and the vulnerability is rated CVSS 6.1 with cross-site scope impact, though no evidence of active exploitation in the wild has been confirmed at the time of analysis.

XSS
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-29934 MEDIUM This Month

Lightcms v2.0 contains a reflected cross-site scripting vulnerability in the /admin/menus component that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the HTTP referer header. The vulnerability requires user interaction (clicking a crafted link) to trigger exploitation. A proof-of-concept has been publicly disclosed on GitHub, though no evidence of active exploitation in the CISA Known Exploited Vulnerabilities catalog was identified. With a CVSS score of 6.1 and low attack complexity, this represents a moderate-severity risk requiring prompt patching.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-29933 MEDIUM This Month

YZMCMS v7.4 suffers from a reflected cross-site scripting (XSS) vulnerability in the /index/login.html component that permits attackers to execute arbitrary JavaScript in a user's browser by manipulating the referrer value in request headers. Remote attackers can exploit this to steal session credentials, perform actions on behalf of authenticated users, or redirect users to malicious sites without requiring prior authentication. No public exploit code or active exploitation has been independently confirmed at the time of analysis.

XSS Yzmcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-29969 MEDIUM This Month

StaffWiki v7.0.1.19219 contains a reflected cross-site scripting (XSS) vulnerability in the wff_cols_pref.css.aspx endpoint that enables remote attackers to execute arbitrary JavaScript in a user's browser context through a crafted HTTP request. The vulnerability affects StaffWiki versions up to at least 7.0.1.19219, and publicly available exploit code has been disclosed via GitHub, though no active exploitation has been confirmed by CISA at the time of analysis.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-4923 MEDIUM PATCH GHSA This Month

path-to-regexp versions prior to 8.4.0 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing multiple wildcard parameters combined with path parameters in specific configurations. Unauthenticated remote attackers can craft malicious path patterns containing multiple wildcards (not at the end) to trigger catastrophic regex backtracking, causing denial of service against applications using the affected library. No public exploit code or active exploitation has been confirmed at time of analysis.

Denial Of Service Red Hat
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-26073 MEDIUM PATCH This Month

EVerest charging software stack versions prior to 2026.02.0 suffer from a data race condition in queue/deque handling triggered by concurrent powermeter public key updates and EV session/error events, resulting in heap corruption and potential denial of service. Unauthenticated remote attackers can exploit this via specially timed network events to crash the charging infrastructure, though successful exploitation requires precise timing due to high attack complexity. The vulnerability affects everest-core and has been patched in version 2026.02.0.

Heap Overflow Buffer Overflow Everest Core
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-28298 MEDIUM This Month

SolarWinds Observability Self-Hosted versions 2026.1.1 and earlier contain a stored cross-site scripting (XSS) vulnerability that permits authenticated high-privilege users to inject malicious scripts into the application, resulting in unintended script execution when other users access affected pages. The vulnerability requires high privilege level and user interaction to exploit, limiting real-world attack surface; no public exploit code or active exploitation has been identified at the time of analysis.

XSS Solarwinds Observability Self Hosted
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-55266 MEDIUM This Month

HCL Aftermarket DPC versions up to 1.0.0 are vulnerable to session fixation attacks that enable attackers to hijack user sessions and perform unauthorized transactions without requiring valid credentials. The vulnerability exploits improper session management to allow an attacker to force a victim to use a predetermined session identifier, then leverage that session for fraudulent activity. This is a network-accessible flaw requiring user interaction (e.g., clicking a malicious link) but no prior authentication. No public exploit code or active exploitation has been identified at the time of analysis.

Authentication Bypass Aftermarket Dpc
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-33729 MEDIUM PATCH This Month

OpenFGA's condition-based caching mechanism can generate identical cache keys for different authorization check requests, allowing attackers to bypass access controls by triggering cache reuse of previously evaluated decisions. This affects deployments with relations that evaluate conditions and have caching enabled. Organizations should upgrade to OpenFGA v1.13.1 to remediate the cache poisoning vulnerability.

Information Disclosure Suse
NVD GitHub
CVSS 4.0
5.8
EPSS
0.0%
CVE-2026-33542 MEDIUM PATCH GHSA This Month

Incus versions prior to 6.23.0 fail to validate image fingerprints when downloading from simplestreams servers, enabling attackers with local privileges to poison the image cache and potentially cause other tenants to execute attacker-controlled container or virtual machine images instead of legitimate ones. The vulnerability requires local authentication and specific conditions but carries high integrity impact in multi-tenant environments; no active exploitation has been confirmed.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.7
EPSS
0.0%
CVE-2025-55267 MEDIUM This Month

HCL Aftermarket DPC versions prior to and including 1.0.0 suffer from an unrestricted file upload vulnerability (CWE-434) that enables authenticated remote attackers to upload and execute arbitrary scripts on the affected server, potentially achieving full system compromise. The attack requires user interaction and low-privilege authentication but carries high integrity impact. No public exploit code or active exploitation has been confirmed; however, the vulnerability's straightforward exploitation mechanics and authenticated attack vector make it a moderate-priority issue for organizations deploying this software.

File Upload Aftermarket Dpc
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-0967 MEDIUM PATCH This Month

libssh's match_pattern() function is vulnerable to ReDoS (Regular Expression Denial of Service) attacks when processing maliciously crafted hostnames in client configuration or known_hosts files, allowing local attackers with limited privileges and user interaction to trigger inefficient regex backtracking that exhausts system resources and causes client-side timeouts. The vulnerability affects Red Hat Enterprise Linux 6-10 and OpenShift Container Platform 4, with CVSS 2.2 reflecting low severity due to local attack vector and high complexity requirements, though the denial of service impact warrants attention in environments where SSH client availability is critical.

Denial Of Service Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-28503 MEDIUM PATCH This Month

Tandoor Recipes versions prior to 2.6.0 allow authenticated admin users to bypass space isolation controls and trigger synchronization operations on Sync configurations belonging to other organizational spaces, exposing the ability to initiate Dropbox, Nextcloud, or local imports outside the attacker's own space and access resulting sync logs. The vulnerability stems from missing space validation in the `SyncViewSet.query_synced_folder()` API endpoint, enabling horizontal privilege escalation across multi-tenant deployments. No public exploit code has been identified at the time of analysis.

Authentication Bypass Recipes
NVD GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-23398 MEDIUM PATCH This Month

Linux kernel ICMP tag validation routines fail to check for NULL protocol handler pointers before dereferencing them, causing kernel panics in softirq context when processing fragmentation-needed errors with unregistered protocol numbers and ip_no_pmtu_disc hardened mode enabled. The vulnerability affects multiple Linux kernel versions across stable branches (6.1, 6.6, 6.12, 6.18, 6.19, and 7.0-rc5), with an EPSS score of 0.02% (7th percentile) indicating low real-world exploitation probability. No public exploit code or active exploitation has been confirmed; the fix requires adding a NULL pointer check in icmp_tag_validation() before accessing icmp_strict_tag_validation.

Linux Denial Of Service Null Pointer Dereference Canonical
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23396 MEDIUM PATCH This Month

Linux kernel mac80211 mesh networking crashes on NULL pointer dereference when processing Channel Switch Announcement (CSA) action frames lacking Mesh Configuration IE, allowing adjacent WiFi attackers to trigger kernel panic (DoS) via crafted frames. Affects multiple stable kernel versions (6.1.167, 6.6.130, 6.12.78, 6.18.20, 6.19.10, 7.0-rc5 and earlier); EPSS exploitation probability is 0.02% (low), no public exploit identified, and upstream fixes are available across all affected release branches.

Linux Denial Of Service Null Pointer Dereference Canonical Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-27828 MEDIUM PATCH This Month

EVerest charging software stack versions prior to 2026.02.0 contain a use-after-free vulnerability in the ISO15118_chargerImpl::handle_session_setup function that crashes the EVSE process when session setup commands are issued after ISO15118 initialization failure. Remote attackers with MQTT access can trigger this denial of service condition by sending a crafted session_setup command, causing the process to reference freed memory (v2g_ctx). A vendor-released patch is available in version 2026.02.0.

Use After Free Denial Of Service Memory Corruption Everest Core
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-27816 MEDIUM PATCH This Month

EVerest-Core prior to version 2026.02.0 contains an out-of-bounds write vulnerability in the ISO15118_chargerImpl::handle_update_energy_transfer_modes function, where variable-length MQTT command payloads are copied into a fixed-size 6-element array without bounds checking. When schema validation is disabled by default, oversized payloads trigger memory corruption that can crash the EV charging service or corrupt adjacent EVSE (Electric Vehicle Supply Equipment) state, affecting the integrity and availability of EV charging infrastructure. No public exploit code has been identified at the time of analysis, but the vulnerability is patched in version 2026.02.0.

Buffer Overflow Memory Corruption Everest Core
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-27815 MEDIUM PATCH This Month

Out-of-bounds memory writes in EVerest charging software stack versions prior to 2026.02.0 allow local attackers to corrupt EVSE state or crash the charging process by sending oversized MQTT command payloads that bypass disabled schema validation. The ISO15118_chargerImpl::handle_session_setup function copies variable-length payment_options lists into a fixed 2-element array without bounds checking, exposing a CWE-787 buffer overflow vulnerability with availability and integrity impact. No public exploit code has been identified at time of analysis.

Buffer Overflow Memory Corruption Everest Core
NVD GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4897 MEDIUM PATCH This Month

Polkit's polkit-agent-helper-1 setuid binary fails to bound input length on stdin, allowing local authenticated users to trigger out-of-memory conditions and deny system availability. An attacker with local login privileges can supply excessively long input to exhaust memory resources, causing a system-wide denial of service. No public exploit code or active exploitation has been confirmed at the time of analysis.

Denial Of Service Polkit Openshift Container Platform Enterprise Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-55264 MEDIUM This Month

Session invalidation failure in HCL Aftermarket DPC versions up to 1.0.0 allows authenticated attackers to maintain active sessions after a password change, enabling persistent account takeover. An attacker who gains initial session access can continue to operate under a compromised account identity even after the victim resets their password, as the application fails to terminate pre-existing sessions upon credential modification. No public exploit code or active exploitation has been identified at time of analysis.

Authentication Bypass Session Fixation Aftermarket Dpc
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-34071 MEDIUM This Month

Stirling-PDF version 2.7.3 fails to sanitize HTML content from email bodies in the /api/v1/convert/eml/pdf endpoint when the downloadHtml=true parameter is set, allowing unauthenticated remote attackers to inject and execute arbitrary JavaScript code. An attacker can craft a malicious email that, when processed by a Stirling-PDF user through the 'Download HTML intermediate file' feature, executes JavaScript in the user's browser context with access to local data and session tokens. Proof-of-concept code has been demonstrated, and the vendor released version 2.8.0 to address the vulnerability.

XSS Stirling Pdf
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-4335 MEDIUM This Month

The ShortPixel Image Optimizer WordPress plugin contains a Stored Cross-Site Scripting (XSS) vulnerability in versions up to and including 6.4.3, affecting the getEditorPopup() function and media-popup.php template. Authenticated attackers with Author-level permissions can inject arbitrary JavaScript into attachment post titles via the REST API, which executes when administrators open the ShortPixel AI editor popup for the poisoned attachment. This vulnerability has a CVSS score of 5.4 (moderate severity) and requires user interaction from a higher-privileged administrator to trigger, limiting its immediate exploitation scope but still presenting a meaningful privilege escalation risk in multi-author WordPress environments.

WordPress PHP XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-33742 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in Invoice Ninja v5.13.0 through v5.13.3 allows authenticated attackers with product notes field access to inject and execute arbitrary JavaScript in invoice templates via unvalidated Markdown rendering. The vulnerability affects all Invoice Ninja instances running affected versions where the Markdown parser output bypasses HTML sanitization, enabling session hijacking, credential theft, or malicious template manipulation for other users viewing invoices. A vendor-released patch (v5.13.4) addresses this by implementing purify::clean() sanitization on Markdown output.

XSS Invoiceninja
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-21724 MEDIUM PATCH This Month

Grafana OSS provisioning contact points API fails to enforce the alert.notifications.receivers.protected:write permission, allowing users with the Editor role to modify protected webhook URLs and bypass intended authorization controls. This affects Grafana OSS versions 11.6.9 through 11.6.14, 12.1.5 through 12.1.10, 12.2.2 through 12.2.8, and 12.3.1 through 12.3.6. Authenticated Editor-level users can exploit this to reconfigure webhook destinations, potentially redirecting alert notifications to attacker-controlled endpoints. No public exploit identified at time of analysis.

Grafana Authentication Bypass
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-4274 MEDIUM PATCH This Month

Mattermost versions 11.2.x through 11.2.2, 10.11.x through 10.11.10, 11.4.0, and 11.3.x through 11.3.1 fail to properly restrict team-level access during remote cluster membership synchronization, allowing a malicious remote cluster to grant users access to entire private teams rather than limiting access to only shared channels. An authenticated attacker controlling a federated remote cluster can send crafted membership sync messages to trigger unintended team membership assignment, resulting in unauthorized access to private team resources. The EPSS score of 0.03% (percentile 7%) indicates low real-world exploitation probability, and no public exploit code has been identified at time of analysis.

Mattermost Privilege Escalation Debian
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-34051 MEDIUM This Month

OpenEMR versions prior to 8.0.0.3 contain an improper access control vulnerability in the Import/Export functionality that allows authenticated users to bypass UI restrictions and perform unauthorized import and export operations through direct request manipulation. An attacker with valid credentials can extract bulk patient data, access sensitive health records, or modify system data despite not having explicit permissions for these actions. The vulnerability requires valid authentication (PR:L in CVSS) but enables significant data exfiltration and integrity violations once access is obtained.

Authentication Bypass Openemr
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-33887 MEDIUM PATCH This Month

Statamic CMS versions prior to 5.73.16 and 6.7.2 fail to enforce collection-level permissions on entry revision endpoints, allowing authenticated control panel users to view revisions and field data across any collection with revisions enabled regardless of their assigned permissions. The vulnerability also permits unauthenticated revision creation that snapshots existing content without modifying published entries. This represents a medium-severity authorization bypass affecting authenticated attackers with control panel access, with no public exploit identified at time of analysis.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-33726 MEDIUM PATCH This Month

Cilium Network Policy enforcement is bypassed for traffic from pods to L7 Services with local backends on the same node when Per-Endpoint Routing is enabled and BPF Host Routing is disabled, allowing authenticated local attackers to circumvent ingress network policies and access restricted services. This affects Cilium v1.19.0-v1.19.1, v1.18.0-v1.18.7, and all versions prior to v1.17.13, with the most common vulnerable deployment being Amazon EKS with Cilium ENI mode. Vendor-released patches are available (v1.19.2, v1.18.8, v1.17.14), and no public exploit code has been identified at the time of analysis.

Microsoft Kubernetes Authentication Bypass Suse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-4281 MEDIUM This Month

The FormLift for Infusionsoft Web Forms WordPress plugin contains a missing authorization vulnerability (CWE-862) that allows unauthenticated attackers to hijack the site's Infusionsoft OAuth connection. Affected versions through 7.5.21 fail to validate user authentication on critical OAuth handler methods, enabling attackers to intercept temporary OAuth credentials and inject arbitrary OAuth tokens and app domains via the update_option() function. This is a network-accessible, low-complexity vulnerability with no required privileges; while the CVSS score is moderate (5.3), the real-world impact is integrity compromise of the CRM integration layer, potentially affecting customer data flows and automation.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-33763 MEDIUM PATCH This Month

AVideo password verification API endpoint allows unauthenticated attackers to brute-force video access passwords at network speed with no rate limiting, enabling compromise of password-protected video content across the platform. The vulnerable endpoint pkg:composer/wwbn_avideo returns a boolean confirmation for any password guess without authentication, CAPTCHA, or throttling mechanisms, combined with plaintext password storage and loose equality comparison that further weakens defenses. Publicly available exploit code exists demonstrating rapid password enumeration against any video ID.

PHP Information Disclosure Oracle
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33761 MEDIUM PATCH This Month

Unauthenticated information disclosure in AVideo Scheduler plugin exposes internal infrastructure details, admin-composed email campaigns, and user targeting mappings through three unprotected list.json.php endpoints. Remote attackers without authentication can retrieve all scheduled task callbacks with internal URLs and parameters, complete email message bodies, and user-to-email relationships by issuing simple GET requests. A public proof-of-concept exists demonstrating the vulnerability; patch availability has been confirmed by the vendor.

PHP Information Disclosure SSRF
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33759 MEDIUM PATCH This Month

AVideo playlist video enumeration allows unauthenticated attackers to bypass authorization checks and directly access video contents from private playlists including watch_later and favorite lists via the playlistsVideos.json.php endpoint. Sequential playlist IDs enable trivial enumeration of all users' private viewing habits, favorites, and unlisted custom playlists without authentication. A publicly available proof-of-concept exists demonstrating the vulnerability, which affects WWBN AVideo via Composer package wwbn_avideo.

PHP Authentication Bypass
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33766 MEDIUM PATCH This Month

PHP applications using the affected functions fail to re-validate redirect targets during HTTP requests, allowing attackers to bypass SSRF protections by chaining a legitimate public URL with a redirect to internal resources. An attacker can exploit this weakness in endpoints that fetch remote content after initial URL validation, potentially gaining access to private IP ranges and internal services. A patch is available.

SSRF PHP Microsoft
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-33537 MEDIUM PATCH This Month

Incomplete IP validation in Lychee's SSRF protection mechanism allows authenticated users to bypass all four security configuration settings by leveraging loopback and link-local addresses, enabling access to internal services. The vulnerability affects Lychee versions prior to 7.5.1 and requires prior authentication but carries low confidentiality impact. No public exploit code or active exploitation has been identified at time of analysis, though the attack vector is network-accessible and requires minimal complexity.

SSRF Lychee
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-0748 MEDIUM This Month

The Drupal 7 Internationalization (i18n) module's i18n_node submodule allows authenticated users holding both 'Translate content' and 'Administer content translations' permissions to bypass access controls and view unpublished node titles and IDs through the translation user interface and autocomplete functionality. Affected versions range from 7.x-1.0 through 7.x-1.35. No public exploit code or active exploitation has been confirmed at the time of analysis.

Authentication Bypass Internationalization I18N I18N Node Submodule
NVD HeroDevs VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-29055 MEDIUM PATCH This Month

Tandoor Recipes versions prior to 2.6.0 fail to strip EXIF metadata from WebP and GIF image uploads, exposing sensitive information such as GPS coordinates, timestamps, and camera details to all users viewing shared recipes. This information disclosure vulnerability affects any user uploading recipe photos, particularly those using modern smartphones that default to WebP format. The vulnerability is fixed in version 2.6.0.

Information Disclosure Recipes
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3526 MEDIUM PATCH This Month

Forceful browsing attacks in Drupal File Access Fix (deprecated) versions below 1.2.0 allow unauthenticated remote attackers to bypass file access controls and retrieve unauthorized files through direct path enumeration. The vulnerability stems from incorrect authorization validation in the deprecated module (cpe:2.3:a:drupal:file_access_fix_(deprecated):*:*:*:*:*:*:*:*), affecting all versions from 0.0.0 through 1.1.x. No public exploit code or active exploitation has been identified at time of analysis, but the deprecated status and widespread use of Drupal installations increase real-world risk exposure.

Authentication Bypass File Access Fix Deprecated
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3525 MEDIUM PATCH This Month

Forceful browsing via incorrect authorization in Drupal File Access Fix (deprecated) module versions prior to 1.2.0 allows unauthenticated remote attackers to access files without proper access control checks. The vulnerability stems from CWE-863 (Incorrect Authorization) and affects all versions from 0.0.0 through 1.2.0. No public exploit code or active exploitation has been confirmed at the time of analysis, but the straightforward nature of authorization bypass attacks in file access contexts presents moderate real-world risk to installations still running deprecated versions of this module.

Authentication Bypass File Access Fix Deprecated
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-27813 MEDIUM PATCH This Month

EVerest charging software stack versions prior to 2026.02.0 contain a data race condition leading to use-after-free memory corruption, triggered by EV plug-in/unplug events and authorization flows (RFID, RemoteStart, OCPP). Unauthenticated physical attackers with high complexity can exploit this to leak sensitive information or cause denial of service on affected charging infrastructure. No public exploit identified at time of analysis.

Information Disclosure Memory Corruption Use After Free Everest Core
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33015 MEDIUM PATCH This Month

EVerest charging software stack versions prior to 2026.02.0 allow EV operators to bypass remote stop commands issued by a Charging Station Management System (CSMS) by toggling the EV's Battery Control Box (BCB), causing the EVSE to return to PrepareCharging state and restart charging sessions. This circumvents billing, operational, and safety controls enforced by remote stop functionality. A proof-of-concept exists and the vulnerability has been patched in version 2026.02.0, though the attack requires physical proximity to the charging equipment (CVSS attack vector: Physical).

Authentication Bypass Everest Core
NVD GitHub VulDB
CVSS 3.1
5.2
EPSS
0.0%
CVE-2026-33014 MEDIUM PATCH This Month

EVerest-core prior to version 2026.02.0 fails to properly terminate EV charging transactions during remote stop operations due to a delayed authorization response that incorrectly restores the authorized flag to true, allowing transactions to remain open even after a PowerOff event triggers stop_transaction(). This authentication bypass affects EV charging infrastructure and enables continued power delivery after an operator-initiated remote stop command. A proof-of-concept exists but no public confirmation of active exploitation has been identified.

Authentication Bypass Everest Core
NVD GitHub VulDB
CVSS 3.1
5.2
EPSS
0.0%
CVE-2025-41027 MEDIUM PATCH This Month

GDTaller allows unauthenticated remote attackers to execute arbitrary JavaScript in victim browsers through reflected cross-site scripting (XSS) via the 'site' parameter in app_recuperarclave.php. The vulnerability affects all versions of GDTaller (version 0 and beyond) and has been assigned a CVSS 4.0 base score of 5.1 with limited scope impact. A vendor patch is available from INCIBE, and exploitation requires user interaction (UI:A) but presents moderate risk due to the network-accessible attack surface and low technical complexity.

XSS PHP
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41026 MEDIUM PATCH This Month

GDTaller is vulnerable to reflected cross-site scripting (XSS) in the app_login.php file, specifically through the 'site' parameter, allowing unauthenticated remote attackers to execute arbitrary JavaScript in victim browsers via malicious URLs. The vulnerability affects GDTaller versions prior to an unspecified patch release and carries a CVSS 5.1 score reflecting low immediate confidentiality impact but limited scope and user interaction requirement. A vendor patch is available from INCIBE, though no public exploit code has been identified at time of analysis.

XSS PHP
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-4346 MEDIUM PATCH This Month

Cleartext credential storage in TP-Link TL-WR850N v3 flash memory combined with weak serial interface authentication enables attackers with physical access to extract administrative and Wi-Fi credentials, leading to full device compromise and unauthorized network access. The vulnerability is addressed by a vendor patch, and exploitation requires physical proximity to the device's serial port with no public exploit code identified at time of analysis.

Authentication Bypass Tl Wr850N V3
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-33536 MEDIUM PATCH This Month

Stack buffer overflow in ImageMagick and Magick.NET due to incorrect pointer arithmetic on certain platforms allows local attackers to write one byte past allocated stack boundaries, causing denial of service. ImageMagick versions prior to 7.1.2-18 and 6.9.13-43, along with multiple Magick.NET NuGet packages, are affected. The vulnerability requires local access and specific platform conditions, but succeeds without user interaction.

Buffer Overflow Stack Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.1
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy