Skip to main content
CVE-2026-29044 MEDIUM PATCH This Month

EVerest EV charging software before version 2026.02.0 fails to properly stop charging transactions when authorization withdrawal occurs before the TransactionStarted event, allowing attackers with high privileges to bypass deauthorization through precise timing and maintain unauthorized charging sessions. The vulnerability stems from incomplete StopTransaction handling in the Charging state, affecting IoT and Everest Core deployments with no currently available patch.

Authentication Bypass Everest Core
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-3113 MEDIUM PATCH This Month

Mattermost bulk export functionality fails to apply proper file permissions, allowing unprivileged local users on affected servers to read sensitive exported data. Mattermost versions 11.4.0, 11.3.x through 11.3.1, 11.2.x through 11.2.3, and 10.11.x through 10.11.11 are vulnerable (CVE-2026-3113, MMSA-2026-00593). An authenticated local attacker with login credentials can access bulk export files created by other users, leading to unauthorized information disclosure of potentially sensitive team and channel communications. No public exploit code has been identified at time of analysis, and CISA has not listed this in the Known Exploited Vulnerabilities catalog, though the vulnerability's automatable nature and low attack complexity warrant prompt patching.

Information Disclosure Mattermost
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-33531 MEDIUM PATCH This Month

InvenTree versions prior to 1.2.6 contain a path traversal vulnerability in the report template engine that allows authenticated staff users to read arbitrary files from the server filesystem through crafted template tags in the `encode_svg_image()`, `asset()`, and `uploaded_image()` functions. An attacker with staff privileges can exploit this to access sensitive files if the InvenTree installation runs with elevated host system permissions. Vendor-released patches are available in versions 1.2.6 and 1.3.0 or later; no public exploit code or active exploitation has been confirmed at this time.

Path Traversal SQLi Inventree
NVD GitHub
CVSS 4.0
4.9
EPSS
0.0%
CVE-2026-3116 MEDIUM This Month

Mattermost Plugins versions 11.4 and earlier fail to validate incoming request sizes on webhook endpoints, allowing authenticated attackers to trigger denial of service by sending oversized requests. The vulnerability affects multiple Mattermost release branches (10.x, 11.0.x, 11.1.x, 11.3.x) and has been assigned CVSS 4.9 (medium severity) with no public exploit identified at time of analysis. While exploitability requires high-privilege authentication and manual intervention, the lack of request size enforcement on webhooks represents a fundamental input validation gap that could disrupt service availability in production environments.

Denial Of Service Mattermost
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-2389 MEDIUM PATCH This Month

Stored Cross-Site Scripting in Complianz - GDPR/CCPA Cookie Consent plugin versions up to 7.4.4.2 allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript into WordPress pages via the `revert_divs_to_summary` function, which improperly converts HTML entities to unescaped characters without subsequent sanitization. The vulnerability requires both the Classic Editor plugin and authenticated user privileges, limiting exposure to internal threats. No public exploit identified at time of analysis, and CISA KEV status is not confirmed.

WordPress XSS
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-33738 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in Lychee photo-management application versions prior to 7.5.3 allows unauthenticated remote attackers to execute arbitrary JavaScript through unsanitized photo description fields rendered in publicly accessible RSS, Atom, and JSON feed endpoints. The vulnerability stems from use of Blade's unescaped output syntax ({!! !!}) in feed templates, enabling malicious descriptions to inject executable scripts that execute in the context of any RSS reader or client consuming the feed.

XSS Lychee
NVD GitHub
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-33732 MEDIUM PATCH This Month

srvx's FastURL pathname parser on Node.js can be bypassed to circumvent route-based middleware (authentication guards, rate limiters) when absolute URIs with non-standard schemes are sent in raw HTTP requests. An attacker sending a crafted request like `GET file://hehe?/internal/run HTTP/1.1` can cause the router to match a different pathname than what downstream middleware sees after a deoptimization occurs, allowing access to protected endpoints. This affects srvx versions prior to 0.11.13, requires direct HTTP request capability (not browser-accessible), and has a CVSS score of 4.8 with medium complexity attack requirements. No public exploit identified at time of analysis.

Node.js Authentication Bypass
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-33916 MEDIUM PATCH This Month

Handlebars template engine fails to guard prototype-chain access when resolving partial templates, allowing unauthenticated remote attackers to inject unescaped HTML and JavaScript through prototype pollution. When Object.prototype is polluted with a string value matching a partial name referenced in a template, the malicious string is rendered without HTML escaping, resulting in reflected or stored XSS. Exploitation requires a separate prototype pollution vulnerability in the target application (such as via qs or minimist libraries) combined with knowledge of partial names used in templates; publicly available proof-of-concept code demonstrates the attack. The vulnerability affects npm package handlebars (pkg:npm/handlebars) across multiple versions and is distinct from earlier prototype-access issues CVE-2021-23369 and CVE-2021-23383.

XSS Red Hat
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-33711 MEDIUM PATCH This Month

Incus versions prior to 6.23.0 allow local authenticated attackers to manipulate temporary screenshot files via predictable /tmp paths and symlink attacks, potentially truncating and altering permissions of arbitrary files on systems with disabled symlink protection (rare), leading to denial of service or local privilege escalation. The vulnerability requires local access and authenticated user privileges but is particularly dangerous on systems without kernel-level symlink protections enabled. An exploit proof-of-concept exists, and the vendor has released patched version 6.23.0 to address the issue.

Linux Privilege Escalation Denial Of Service Red Hat Suse
NVD GitHub
CVSS 4.0
4.7
EPSS
0.0%
CVE-2026-33653 MEDIUM PATCH This Month

Stored XSS in Uploady file uploader (farisc0de/Uploady versions prior to 3.1.2) allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by uploading files with malicious filenames that are rendered without proper escaping in file list and details pages. The vulnerability requires user interaction (viewing the affected page) and authenticated access, resulting in confidentiality and integrity impact with a CVSS score of 4.6. Vendor-released patch version 3.1.2 is available.

XSS File Upload Uploady
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-26070 MEDIUM PATCH This Month

Concurrent access to std::map<std::optional> in EVerest-Core versions prior to 2026.02.0 causes a data race condition that can corrupt container state during simultaneous EV state-of-charge updates, power meter periodic updates, and session termination events, resulting in denial of service of the EV charging stack. EVerest-Core (cpe:2.3:a:everest:everest-core) is the affected product, with patched version 2026.02.0 available. No public exploit code has been identified at time of analysis, and this vulnerability is not confirmed actively exploited; however, the condition is readily triggerable through normal charging operations combining multiple concurrent data sources.

Race Condition Information Disclosure Everest Core
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-2272 MEDIUM PATCH This Month

A security vulnerability in A flaw (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Buffer Overflow Denial Of Service Integer Overflow Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +2
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-4331 MEDIUM This Month

The Blog2Social plugin for WordPress contains an authorization flaw in the resetSocialMetaTags() function that allows authenticated attackers with Subscriber-level access to permanently delete all social media metadata from the site's post records. The vulnerability exists in all versions up to and including 8.8.2 and affects sites using the Blog2Social: Social Media Auto Post & Scheduler plugin, which is available via the WordPress plugin repository. Attackers can exploit this by crafting AJAX requests with a valid nonce that is broadly available due to the plugin granting the 'blog2social_access' capability to all user roles upon activation, resulting in complete data loss of social media scheduling information across all posts.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3190 MEDIUM PATCH This Month

Keycloak's User-Managed Access (UMA) 2.0 Protection API fails to enforce role-based access control on the permission tickets endpoint, allowing any authenticated user with a resource server client token to enumerate all permission tickets regardless of authorization level. This information disclosure vulnerability affects Red Hat Build of Keycloak across multiple versions and requires valid authentication to exploit, posing a moderate risk to multi-tenant environments where ticket enumeration could expose sensitive access control data. No public exploit code has been identified at time of analysis.

Information Disclosure Red Hat Build Of Keycloak
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-33884 MEDIUM PATCH This Month

Statamic CMS versions prior to 5.73.16 and 6.7.2 allow authenticated Control Panel users with live preview access to abuse live preview tokens to access restricted content beyond the token's intended scope. This is an authenticated privilege escalation affecting the Statamic CMS product (pkg:composer/statamic_cms) with a CVSS score of 4.3 and low complexity; no public exploit code or active exploitation has been identified at time of analysis.

Authentication Bypass
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-33477 MEDIUM PATCH This Month

FileRise versions 2.3.7 through 3.10.0 suffer from improper access control in the file snippet endpoint, allowing authenticated users with read-only access to retrieve file content uploaded by other users in shared folders. An attacker with limited folder permissions can exploit this authorization bypass to view sensitive files beyond their intended access scope. The vulnerability affects FileRise running on PHP and is resolved in version 3.11.0.

PHP File Upload Authentication Bypass
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3115 MEDIUM PATCH This Month

Mattermost versions 11.2.x through 11.4.x fail to enforce view restrictions on group member endpoints, allowing authenticated guest users to enumerate user IDs beyond their authorized visibility scope. This authorization bypass requires valid credentials but enables attackers to discover internal user information through the group retrieval API. No patch is currently available for affected versions.

Authentication Bypass Mattermost
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-1206 MEDIUM This Month

The Elementor Website Builder plugin for WordPress contains an authorization bypass vulnerability in the is_allowed_to_read_template() function that incorrectly permits authenticated users with contributor-level privileges to read private and draft template content. Attackers can exploit this through the 'get_template_data' action of the 'elementor_ajax' endpoint by supplying a 'template_id' parameter, resulting in exposure of sensitive template information. The vulnerability affects all versions up to and including 3.35.7 with a CVSS score of 4.3 (low-to-moderate severity) and requires low-complexity exploitation with authenticated access.

WordPress Information Disclosure Authentication Bypass Elementor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-33934 MEDIUM This Month

OpenEMR contains a missing authorization check in the signature retrieval endpoint (portal/sign/lib/show-signature.php) that allows any authenticated patient portal user to access the drawn signature images of arbitrary staff members by manipulating the POST parameter. Versions prior to 8.0.0.3 are affected, and while the companion write endpoint was previously hardened against this issue, the read endpoint was left vulnerable. This is a low-severity information disclosure vulnerability (CVSS 4.3) with limited real-world exploitability due to the requirement for prior authentication and the relatively low sensitivity of signature images compared to full medical records.

PHP Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-33764 MEDIUM This Month

The AVideo AI plugin's save.json.php endpoint fails to validate that AI-generated responses belong to the target video before applying them, allowing authenticated users to exfiltrate private video metadata and full transcriptions by referencing arbitrary AI response IDs. An attacker with canUseAI permission can steal AI-generated titles, descriptions, keywords, summaries, and complete transcription files from other users' private videos through a simple parameter manipulation attack, then apply this stolen content to their own video for reading. No public exploit is confirmed actively exploited, but proof-of-concept methodology is detailed in the advisory, making this a practical attack for any platform user with basic video ownership.

PHP Authentication Bypass
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3530 MEDIUM PATCH This Month

The Drupal OpenID Connect / OAuth client module versions prior to 1.5.0 contains a Server-Side Request Forgery (SSRF) vulnerability that allows remote attackers to make arbitrary HTTP requests from the affected server. This vulnerability affects all installations running OpenID Connect / OAuth client versions 0.0.0 through 1.5.0, and attackers can leverage the SSRF to access internal services, retrieve sensitive metadata, or interact with backend systems not directly accessible from the internet. No public exploit code or active exploitation has been confirmed at the time of analysis, though the vulnerability affects a widely-deployed Drupal authentication module.

SSRF Openid Connect Oauth Client
NVD HeroDevs
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-1032 MEDIUM This Month

Unauthenticated attackers can modify conditional menu assignments in the Conditional Menus WordPress plugin (versions up to 1.2.6) through cross-site request forgery attacks by exploiting missing nonce validation in the save_options function. An attacker can trick site administrators into clicking a malicious link to alter menu configurations without their knowledge. No patch is currently available for this vulnerability.

WordPress CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-4393 MEDIUM PATCH This Month

Drupal Automated Logout module contains a Cross-Site Request Forgery (CSRF) vulnerability that allows unauthenticated remote attackers to perform unauthorized actions on behalf of authenticated users by crafting malicious requests. The vulnerability affects Automated Logout versions prior to 1.7.0 and versions 2.0.0 through 2.0.1, with patched versions available at 1.7.0 and 2.0.2 respectively. No public exploit code or active exploitation has been identified at the time of analysis.

CSRF Automated Logout
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-55268 MEDIUM This Month

HCL Aftermarket DPC version 1.0.0 is vulnerable to excessive spamming that consumes server bandwidth and processing resources, potentially causing denial of service to legitimate users. The vulnerability requires user interaction (UI:R per CVSS vector) and is remotely exploitable without authentication, resulting in partial availability impact. No public exploit code or active exploitation has been identified at time of analysis, though the low barrier to exploitation (AC:L) makes this a practical attack vector for resource exhaustion.

Denial Of Service Aftermarket Dpc
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-55273 MEDIUM This Month

HCL Aftermarket DPC is vulnerable to Cross Domain Script Include (CWE-829) that permits unauthenticated remote attackers to inject and execute malicious external scripts, enabling DOM tampering and theft of session credentials without user interaction. Affected versions include Aftermarket DPC 1.0.0. No public exploit code or active exploitation has been identified at time of analysis, though the attack vector is network-accessible and requires only user interaction (rendering this a moderate-impact integrity threat rather than a critical one).

Information Disclosure Aftermarket Dpc
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3532 MEDIUM PATCH This Month

Improper case sensitivity handling in the Drupal OpenID Connect / OAuth client module versions prior to 1.5.0 allows privilege escalation through authentication bypass mechanisms. Authenticated or remote attackers can exploit case-sensitivity weaknesses in identity claim validation to assume elevated permissions within Drupal systems relying on this module for federated authentication. The vulnerability affects all versions from 0.0.0 through 1.5.0, and vendor-released patch version 1.5.0 is available.

Privilege Escalation Openid Connect Oauth Client
NVD HeroDevs
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-26072 MEDIUM PATCH This Month

EVerest EV charging software prior to version 2026.02.0 contains a race condition in concurrent map access that can corrupt internal data structures when EV state-of-charge updates coincide with power meter refreshes and session termination events. Local attackers with physical access to charging equipment can trigger this condition to cause denial of service by crashing the charging system. Patch availability is limited to version 2026.02.0 and later.

Race Condition Information Disclosure Everest
NVD GitHub
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-26071 MEDIUM PATCH This Month

EVerest EV charging software versions before 2026.02.0 contain a race condition in std::string handling triggered by concurrent EVCCID updates and OCPP session events, potentially leading to heap-use-after-free and denial of service. Local attackers with physical access to the charging infrastructure can exploit this timing-dependent vulnerability to crash the charging service. A patch is available in version 2026.02.0 or later.

Race Condition Information Disclosure Everest
NVD GitHub
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-27814 MEDIUM PATCH This Month

Data race conditions in EVerest Core versions before 2026.02.0 allow concurrent access to charging state during phase switching operations, potentially causing integrity violations or service interruptions on affected EV charging systems. An attacker with adjacent network access can trigger the race condition by initiating phase switches during active charging sessions, exploiting the unsafe concurrent execution between the state machine and switching requests. No patch is currently available for this vulnerability.

Information Disclosure Race Condition Everest Core
NVD GitHub
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-55269 MEDIUM This Month

HCL Aftermarket DPC version 1.0.0 enforces weak password policies that enable attackers to conduct brute-force attacks and guess user credentials, potentially gaining unauthorized account access with low confidentiality and availability impact. The vulnerability requires user interaction and high attack complexity to exploit, but affects unauthenticated threat actors over the network. No public exploit code or active exploitation has been identified at the time of analysis.

Authentication Bypass Aftermarket Dpc
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-33535 MEDIUM PATCH This Month

X11 display interaction path contains an out-of-bounds write vulnerability that allows local attackers to crash affected applications through a single zero byte write. The medium-severity flaw (CVSS 4.0) requires no privileges or user interaction to trigger a denial of service condition. No patch is currently available for this vulnerability.

Buffer Overflow Memory Corruption Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.0
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy