Skip to main content
CVE-2019-25648 MEDIUM POC This Month

MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Myvideoconverter Pro
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25216 MEDIUM POC This Month

AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Anyburn
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25214 MEDIUM POC This Month

MegaPing contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload to the Destination Address List field in the Finger. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Megaping
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-15433 MEDIUM POC PATCH This Month

The Shared Files WordPress plugin before version 1.7.58 contains a path traversal vulnerability that allows attackers with Contributor-level privileges or higher to download arbitrary files from the web server, including sensitive configuration files such as wp-config.php. A public proof-of-concept exploit is available, making this vulnerability actively exploitable in the wild. This represents a critical information disclosure risk affecting WordPress installations using affected versions of the plugin.

WordPress PHP Path Traversal
NVD WPScan
CVSS 3.1
6.8
EPSS
0.0%
CVE-2019-25649 MEDIUM POC This Month

River Past Audio Converter 7.7.16 contains a local buffer overflow vulnerability in the activation code field that allows local attackers to crash the application by supplying an oversized input. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service River Past Audio Converter
NVD Exploit-DB VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2018-25215 MEDIUM POC This Month

Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long string to the 'E-Mail. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Excel Password Recovery Professional
NVD Exploit-DB VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-15488 MEDIUM POC PATCH This Month

The Responsive Plus WordPress plugin before version 3.4.3 contains an arbitrary shortcode execution vulnerability that allows unauthenticated attackers to execute malicious shortcodes through the update_responsive_woo_free_shipping_left_shortcode AJAX action. The vulnerability stems from improper validation of the content_rech_data parameter before processing it as a shortcode, effectively enabling remote code execution in the context of the WordPress installation. A public proof-of-concept exploit is available via WPScan, and this vulnerability poses an immediate threat to all unpatched installations of the affected plugin versions.

WordPress RCE
NVD WPScan
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-4860 MEDIUM POC This Month

A deserialization vulnerability exists in the wvp-GB28181-pro project (a video streaming platform using GB28181 protocol) through version 2.7.4, specifically in the GenericFastJsonRedisSerializer implementation within the Redis configuration. The flaw allows unauthenticated remote attackers to exploit insecure deserialization through the API endpoint, potentially achieving code execution or data manipulation with low complexity. A public proof-of-concept exploit has been released on GitHub, significantly increasing the risk of active exploitation, and the vendor has not responded to disclosure attempts.

Java Redis Deserialization
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4900 MEDIUM POC This Month

A security vulnerability in A weakness (CVSS 5.5). Risk factors: public PoC available.

Path Traversal Information Disclosure Online Food Ordering System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4850 MEDIUM POC This Month

SQL injection in Simple Laundry System 1.0's /checkregisitem.php parameter handler allows unauthenticated remote attackers to manipulate the Long-arm-shirtVol argument and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available to remediate this issue.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4844 MEDIUM POC This Month

SQL injection in the Admin Login Module of code-projects Online Food Ordering System 1.0 allows unauthenticated remote attackers to manipulate the Username parameter in /admin.php and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations should implement network-level controls or upgrade to a patched version once available.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4842 MEDIUM POC This Month

SQL injection in itsourcecode Online Enrollment System 1.0 allows unauthenticated remote attackers to execute arbitrary SQL commands via the deptid parameter in the grades index page. Public exploit code is available for this vulnerability, and no patch is currently available. The attack requires only network access with no additional complexity or user interaction.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4841 MEDIUM POC This Month

SQL injection in code-projects Online Food Ordering System 1.0's Shopping Cart Module (cart.php) allows unauthenticated remote attackers to manipulate the del parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected PHP-based installations are at immediate risk of database compromise and data exfiltration.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4839 MEDIUM POC This Month

SQL injection in SourceCodester Food Ordering System 1.0 via the custom parameter in /purchase.php allows unauthenticated remote attackers to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. The vulnerability affects PHP-based installations of this food ordering platform.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4838 MEDIUM POC This Month

SQL injection in SourceCodester Malawi Online Market 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /display.php and execute arbitrary database queries. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The vulnerability remains unpatched and affects PHP-based deployments of this application.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-1890 MEDIUM POC PATCH This Month

The LeadConnector WordPress plugin before version 3.0.22 contains an authorization bypass vulnerability in a REST API endpoint, allowing unauthenticated attackers to overwrite existing data without authentication. This vulnerability affects an unknown vendor's LeadConnector product and has a publicly available proof-of-concept exploit, making it actively exploitable. The vulnerability enables unauthorized data manipulation, which could compromise business data integrity and customer information stored within the plugin.

WordPress Information Disclosure
NVD WPScan
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-1430 MEDIUM POC PATCH This Month

WP Lightbox 2 WordPress plugin before version 3.0.7 contains a Stored Cross-Site Scripting (XSS) vulnerability in its settings due to insufficient input sanitization and output escaping. High-privilege users, particularly administrators, can inject malicious JavaScript that persists in the database and executes in the browsers of other users, even in multisite installations where the unfiltered_html capability is restricted. A publicly available proof-of-concept demonstrates active exploitation potential, making this a practical threat in WordPress environments.

WordPress XSS
NVD WPScan
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-33515 MEDIUM PATCH This Month

Squid prior to version 7.5 contains an out-of-bounds read vulnerability in ICP (Internet Cache Protocol) traffic handling due to improper input validation, classified as CWE-125. Remote attackers can exploit this to leak small amounts of process memory potentially containing sensitive information by sending malformed ICP requests to deployments with explicitly enabled ICP support (non-zero icp_port configuration). The vulnerability affects all versions of Squid before 7.5, and while no CVSS score or EPSS data is currently available, the information disclosure impact and remote attack vector indicate moderate to significant risk for affected deployments.

Buffer Overflow Information Disclosure Squid
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.0%
CVE-2026-1556 MEDIUM PATCH This Month

Drupal File (Field) Paths module 7.x prior to 7.1.3 allows authenticated users to disclose other users' private files through filename-collision uploads that manipulate file URI processing, causing hook_node_insert() consumers such as email attachment modules to access incorrect file URIs and bypass access controls on sensitive files. The vulnerability affects the Drupal File (Field) Paths package as confirmed via CPE cpe:2.3:a:drupal:drupal_file_(field)_paths:*:*:*:*:*:*:*:*. No public exploit code or active exploitation data has been identified at the time of analysis.

Information Disclosure Red Hat
NVD HeroDevs VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-4263 MEDIUM This Month

HiJiffy Chatbot contains an authorization bypass vulnerability in the /api/v1/webchat/message endpoint that allows unauthenticated attackers to download private messages from arbitrary users by manipulating the 'visitor' parameter. The vulnerability affects all versions of HiJiffy Chatbot (as indicated by the wildcard CPE) and has been reported by INCIBE. No public exploit code or active exploitation has been confirmed at the time of analysis.

Authentication Bypass Hijiffy Chatbot
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-4262 MEDIUM This Month

An incorrect authorization vulnerability in HiJiffy Chatbot allows unauthenticated attackers to download private messages from arbitrary users by manipulating the 'ID' parameter in the '/api/v1/download/<ID>/' endpoint. This is a classic authorization bypass enabling unauthorized access to sensitive conversation data. No public exploit code or active exploitation has been identified at the time of analysis, though the vulnerability was reported by INCIBE and affects all versions of HiJiffy Chatbot. The exposure is direct and requires only network access to the affected API endpoint.

Authentication Bypass Hijiffy Chatbot
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2021-4474 MEDIUM This Month

Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Ruckus Access Point Ruckus Unleashed Smartzone 100 Sz 100 Eol +5
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-3112 MEDIUM PATCH This Month

Mattermost Advanced Logging configuration fails to properly validate file target paths, allowing authenticated system administrators to read arbitrary files from the host system during support packet generation. The vulnerability affects Mattermost versions 11.4.0 and earlier in the 11.4.x line, 11.3.1 and earlier in the 11.3.x line, 11.2.3 and earlier in the 11.2.x line, and 10.11.11 and earlier in the 10.11.x line. An authenticated administrator with access to Advanced Logging JSON configuration can craft a malicious configuration to traverse the filesystem and extract sensitive host files through the support packet mechanism. No public exploit code has been identified at time of analysis, though exploitation requires administrative privileges and is not automatable according to CISA SSVC assessment.

Path Traversal Mattermost
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-2436 MEDIUM PATCH This Month

libsoup's SoupServer contains a use-after-free vulnerability in the soup_server_disconnect() function that prematurely frees connection objects while TLS handshakes are pending, allowing remote unauthenticated attackers to trigger a server crash via denial of service when a handshake completes after memory deallocation. The vulnerability affects Red Hat Enterprise Linux versions 6, 7, 8, 9, and 10, as well as Ubuntu and Debian distributions across multiple releases. No public exploit code or active exploitation has been confirmed at the time of analysis.

Denial Of Service Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-33882 MEDIUM PATCH This Month

Statamic CMS versions prior to 5.73.16 and 6.7.2 allow authenticated control panel users to extract sensitive user data including email addresses, encrypted passkey credentials, and encrypted two-factor authentication codes through manipulation of the markdown preview endpoint. The vulnerability stems from insufficient input validation (CWE-20) that permits attackers to retrieve data from arbitrary fieldtypes beyond the intended scope. With a CVSS score of 6.5 reflecting low attack complexity and high confidentiality impact, the threat is moderate but requires valid control panel authentication to exploit.

RCE
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-33750 MEDIUM PATCH This Month

Brace-expansion library versions prior to 5.0.5 allow unauthenticated remote attackers to cause denial of service through resource exhaustion by supplying brace expansion patterns with zero step values (e.g., {1..2..0}), triggering an infinite loop that consumes gigabytes of memory and hangs the process for seconds. The vulnerability affects any application passing untrusted input to the expand() function, including glob/minimatch-based tools consuming CLI arguments or configuration files, and requires only 10 bytes of malicious input to trigger.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-33148 MEDIUM PATCH This Month

Tandoor Recipes versions prior to 2.6.0 allow authenticated remote attackers to cause denial of service by injecting URL parameters into the USDA FoodData Central search endpoint through improper URL encoding of the query parameter, enabling API key override and server crashes via malformed requests. Publicly available exploit code exists, and a vendor-released patch is available in version 2.6.0.

Denial Of Service Recipes
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33743 MEDIUM PATCH This Month

Denial of service in Incus prior to version 6.23.0 allows authenticated users with storage bucket access to crash the Incus daemon via specially crafted storage bucket backups, enabling repeated attacks to render the control plane API unavailable while leaving running workloads unaffected. The vulnerability requires local or remote authentication to the Incus system and has a CVSS score of 6.5 (medium severity) with high availability impact. Vendor-released patch available in version 6.23.0.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33541 MEDIUM PATCH This Month

TSPortal versions prior to 34 contain an uncontrolled resource creation vulnerability that allows authenticated attackers to generate arbitrary user database records through validation logic abuse, resulting in potential denial of service via uncontrolled database growth. The flaw exists in Miraheze's Trust and Safety management platform (cpe:2.3:a:miraheze:tsportal) and requires low-privilege authenticated access to exploit. Vendor-released patch available in version 34; no public exploit identified at time of analysis.

Denial Of Service Tsportal
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33438 MEDIUM PATCH This Month

Stirling-PDF versions 2.1.5 through 2.5.1 are vulnerable to resource exhaustion denial of service through the watermark API endpoint, where authenticated users can supply extreme values for fontSize and widthSpacer parameters to crash the server. A proof-of-concept exists according to SSVC data, and the vendor has released patched version 2.5.2 to resolve the issue.

Denial Of Service Stirling Pdf
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-29905 MEDIUM PATCH GHSA This Month

Kirby CMS versions through 5.1.4 allow authenticated editors to trigger a persistent denial of service by uploading malformed images that bypass getimagesize() validation, causing fatal TypeErrors during metadata or thumbnail processing. A proof-of-concept exists and the vulnerability is automatable post-authentication, though no CISA KEV confirmation is evident. The impact is availability degradation affecting CMS operations for all users.

PHP Denial Of Service
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3114 MEDIUM PATCH This Month

Mattermost server versions 10.11.x through 11.4.x fail to validate decompressed archive entry sizes during ZIP file extraction, allowing authenticated users with file upload permissions to trigger denial of service by uploading crafted zip bombs that exhaust server memory. The vulnerability affects Mattermost 10.11.0-10.11.11, 11.2.0-11.2.3, 11.3.0-11.3.1, and 11.4.0, with CVSS 6.5 (medium) reflecting the requirement for prior authentication and limited scope (availability impact only). No public exploit identified at time of analysis, though the attack vector is network-accessible and requires low complexity once an attacker has valid upload credentials.

Denial Of Service File Upload Mattermost
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33886 MEDIUM PATCH This Month

Statamic CMS versions prior to 5.73.16 and 6.7.2 allow authenticated control panel users with access to Antlers-enabled fields to read sensitive application configuration values through template variable injection, exposing secrets such as API keys and database credentials. The vulnerability requires low-privilege authenticated access and network connectivity to the control panel, with a CVSS score of 6.5 reflecting moderate real-world risk. No public exploit code or active exploitation has been identified at the time of analysis.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33470 MEDIUM This Month

Frigate network video recorder versions prior to 0.17.1 allow authenticated users with restricted camera access to enumerate and retrieve snapshots from unauthorized cameras through a two-step authorization bypass in the timeline and snapshot APIs. An attacker with low-privilege credentials limited to one camera can exploit missing validation in the snapshot-clean.webp endpoint to access video evidence from other cameras in the system, compromising the confidentiality of surveillance data across the entire installation. A proof-of-concept exists, though no confirmation of active exploitation in the wild has been reported.

Authentication Bypass Frigate
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33469 MEDIUM This Month

Broken access control in Frigate 0.17.0 allows authenticated non-admin users to retrieve the complete raw configuration file via the `/api/config/raw` endpoint, exposing camera credentials, RTMP stream passwords, MQTT secrets, and proxy authentication tokens that are intentionally redacted from the standard `/api/config` API. The vulnerability stems from inconsistent authorization enforcement between `/api/config/raw_paths` (admin-only) and `/api/config/raw` (authenticated-user-accessible), introduced during an admin-by-default API refactor. Patch version 0.17.1 is available; publicly available exploit code exists but the vulnerability is not confirmed as actively exploited in the wild.

Authentication Bypass Frigate
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33907 MEDIUM PATCH This Month

Ella Core crashes when processing NAS Authentication Response and Authentication Failure messages with missing Information Elements, enabling unauthenticated attackers on the adjacent network to trigger denial of service affecting all connected subscribers. The vulnerability stems from a null pointer dereference in message handling logic (CWE-476) and carries a CVSS 6.5 score reflecting high availability impact with low attack complexity. Vendor-released patch available via GitHub release v1.7.0.

Denial Of Service Null Pointer Dereference
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3531 MEDIUM PATCH This Month

Drupal OpenID Connect / OAuth client versions before 1.5.0 contain an authentication bypass vulnerability that allows attackers to circumvent authentication mechanisms through an alternate path or channel. The vulnerability affects all versions from 0.0.0 through 1.4.x, enabling remote attackers to gain unauthorized access without proper credentials. No CVSS score, EPSS data, or confirmed active exploitation status is currently available; however, the vulnerability's authentication bypass nature and wide version range suggest significant real-world risk to Drupal installations relying on OpenID Connect or OAuth authentication.

Authentication Bypass Openid Connect Oauth Client
NVD HeroDevs
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3527 MEDIUM PATCH This Month

Drupal AJAX Dashboard versions before 3.1.0 fail to enforce authentication on critical AJAX endpoints, allowing unauthenticated remote attackers to bypass access controls and invoke privileged dashboard functions. The vulnerability affects all versions from 0.0.0 through 3.1.0 (exclusive) and is categorized as a Missing Authentication for Critical Function (CWE-306). No public exploit code or active exploitation via CISA KEV has been confirmed at time of analysis, but the authentication bypass nature of this defect presents significant risk to installations relying on dashboard security.

Authentication Bypass Ajax Dashboard
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3121 MEDIUM PATCH This Month

Keycloak allows authenticated administrators with manage-clients permission to escalate privileges to manage-permissions level, enabling unauthorized control over roles, users, and administrative functions within a realm. Red Hat Build of Keycloak, JBoss Enterprise Application Platform 8, and Red Hat Single Sign-On 7 are affected when admin permissions are enabled at the realm level. The vulnerability requires high-privilege authentication but carries medium CVSS severity (6.5) due to confidentiality and integrity impact without availability compromise.

Privilege Escalation Red Hat Build Of Keycloak Red Hat Jboss Enterprise Application Platform 8 Red Hat Jboss Enterprise Application Platform Expansion Pack Red Hat Single Sign On 7
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33903 MEDIUM PATCH This Month

Ella Core suffers a null pointer dereference vulnerability in its NGAP LocationReport message handler that causes the process to panic and crash, enabling unauthenticated network-adjacent attackers to trigger denial of service affecting all connected mobile subscribers. The vulnerability (CVE-2026-33903, CVSS 6.5) stems from missing input validation guards and has a vendor-released patch available in version 1.7.0; no public exploit code or active exploitation has been identified at time of analysis.

Denial Of Service Null Pointer Dereference
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33904 MEDIUM PATCH This Month

Ella Core's AMF control plane deadlocks in the SCTP notification handler when processing malformed or stale radio entries, allowing unauthenticated attackers with N2 interface access to hang the entire Access and Mobility Function until manual process restart, completely denying service to all subscribers. The vulnerability (CVSS 6.5, CWE-833 deadlock) stems from improper synchronization in radio cleanup logic combined with stale-entry scanning, and patches are available in version 1.7.0 and later.

Denial Of Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33375 MEDIUM PATCH This Month

Grafana MSSQL data source plugin versions across multiple release branches contain a logic flaw enabling low-privileged Viewer users to bypass API restrictions and trigger catastrophic out-of-memory exhaustion, resulting in host container denial of service. The vulnerability affects Grafana OSS versions 11.6.0 through 12.4.0 across multiple patch branches (11.6.14+security-01, 12.1.10+security-01, 12.2.8+security-01, 12.3.6+security-01, and 12.4.2 or later) and requires only network access and valid low-privileged credentials to exploit; no public exploit code or active exploitation has been confirmed at time of analysis.

Grafana Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55265 MEDIUM This Month

HCL Aftermarket DPC version 1.0.0 is vulnerable to unauthenticated file discovery that allows remote attackers to read sensitive files from the system without user interaction beyond a single click, potentially enabling reconnaissance for follow-on attacks. The vulnerability carries a CVSS score of 6.5 (Medium) with high confidentiality impact but no integrity or availability consequences. No public exploit code or active exploitation has been reported at the time of analysis.

Information Disclosure Aftermarket Dpc
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-4278 MEDIUM This Month

The Simple Download Counter WordPress plugin contains a Stored Cross-Site Scripting (XSS) vulnerability in the 'sdc_menu' shortcode due to insufficient input sanitization and output escaping of the 'text' and 'cat' attributes. Authenticated attackers with Contributor-level access or higher can inject arbitrary JavaScript code into pages via these unescaped shortcode attributes, which will execute for all users visiting the affected pages. All versions up to and including 2.3 are vulnerable, with a CVSS score of 6.4 indicating moderate severity and the vulnerability requiring low attack complexity and only low privileges to exploit.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2026-4075 MEDIUM This Month

The BWL Advanced FAQ Manager Lite WordPress plugin contains a Stored Cross-Site Scripting (XSS) vulnerability in the 'baf_sbox' shortcode due to insufficient input sanitization and output escaping of user-supplied attributes. Authenticated attackers with Contributor-level access or higher can inject arbitrary JavaScript code through shortcode attributes (sbox_id, sbox_class, placeholder, highlight_color, highlight_bg, cont_ext_class) that will execute in the browsers of all users viewing the affected pages. The vulnerability affects all versions up to and including 1.1.1, and while no public exploit code or KEV designation is currently documented, the CVSS 6.4 score and straightforward nature of the flaw indicate moderate real-world risk.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4389 MEDIUM This Month

This is a Stored Cross-Site Scripting (XSS) vulnerability in the DSGVO Snippet for Leaflet Map and its Extensions WordPress plugin (all versions up to and including 3.1) that allows authenticated attackers with contributor-level or higher privileges to inject arbitrary JavaScript code into pages via the `leafext-cookie-time` and `leafext-delete-cookie` shortcodes. The vulnerability stems from insufficient input sanitization and output escaping on user-supplied shortcode attributes (`unset`, `before`, `after`), enabling script execution whenever visitors access the compromised pages. With a CVSS score of 6.4 and attack complexity of low, this represents a moderate but real threat in WordPress environments where multiple content contributors exist.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-0964 MEDIUM PATCH This Month

SCP client implementations across Red Hat Enterprise Linux 6-10 and OpenShift Container Platform 4 are vulnerable to path traversal during file transfer, allowing a malicious SCP server to write files outside the designated working directory and potentially execute arbitrary code or modify system configuration. This vulnerability mirrors CVE-2019-6111 in OpenSSH; unauthenticated remote attackers can exploit it with high user interaction (the victim must initiate an SCP connection to a malicious server), resulting in confidentiality, integrity, and availability compromise. No public exploit code or active exploitation has been confirmed at the time of analysis.

SSH Path Traversal
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-29976 MEDIUM This Month

The getradiotapfield() function in ZerBea hcxpcapngtool version 7.0.1-43-g2ee308e contains a buffer overflow vulnerability allowing local attackers to trigger a denial of service condition through memory corruption. While the vulnerability is classified as causing information disclosure in the description, the CVSS vector (C:N/I:N/A:H) indicates the primary impact is availability degradation rather than confidentiality compromise. No public exploit code or active exploitation has been identified at the time of analysis, though the local attack vector and lack of required privileges make exploitation feasible for any user with local system access.

Buffer Overflow Red Hat
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-1986 MEDIUM This Month

A Reflected Cross-Site Scripting (XSS) vulnerability exists in FloristPress for Woo (BakkBone) plugin versions up to 7.8.2, where the 'noresults' parameter is insufficiently sanitized and escaped, allowing unauthenticated attackers to inject arbitrary JavaScript. An attacker can craft a malicious URL and trick users into clicking it, resulting in script execution within the victim's browser session with access to sensitive data and session tokens. The vulnerability requires user interaction (UI:R) but has a network attack vector with low complexity, and while no KEV or confirmed active exploitation data is available in the provided intelligence, Wordfence has documented the issue with references to vulnerable code locations.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-33885 MEDIUM PATCH This Month

Statamic CMS versions prior to 5.73.16 and 6.7.2 contain an open redirect vulnerability in external URL detection logic that protects unauthenticated endpoints. Unauthenticated remote attackers can exploit insufficient redirect validation to bypass security controls and redirect users to attacker-controlled external URLs following form submissions or authentication workflows, potentially facilitating phishing, credential theft, or malware distribution. No public exploit code or active exploitation has been identified at time of analysis.

Open Redirect
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy