Skip to main content
CVE-2026-33697 HIGH This Week

Attested TLS relay attacks in Cocos AI confidential computing system versions 0.4.0 through 0.8.2 enable attackers to impersonate genuine TEE-protected services on AMD SEV-SNP and Intel TDX platforms by extracting ephemeral TLS private keys and redirecting authenticated sessions. The architectural flaw allows an attacker with physical access or side-channel capabilities to relay attestation evidence to a different endpoint, breaking the authentication binding between the TEE and the client. No vendor-released patch is available; the vulnerability affects a specialized confidential computing platform with low EPSS probability (formal EPSS score not provided in input) and no public exploit identified at time of analysis, though formal ProVerif verification confirms the attack feasibility.

Information Disclosure Intel Amd
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-4975 HIGH This Week

Stack-based buffer overflow in Tenda AC15 router firmware 15.03.05.19 enables remote authenticated attackers to achieve code execution via the formSetCfm function. The vulnerability is triggered through POST requests to /goform/setcfm by manipulating the funcpara1 parameter. A publicly available exploit code exists, significantly lowering the barrier to exploitation for attackers with low-privilege credentials.

Tenda Buffer Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-4974 HIGH This Week

Stack-based buffer overflow in Tenda AC7 router firmware 15.03.06.44 allows authenticated remote attackers to execute arbitrary code via crafted Time parameter to /goform/SetSysTimeCfg endpoint. Publicly available exploit code exists. EPSS data not available, but exploitation requires low attack complexity with network access and low privileges (CVSS:4.0 AV:N/AC:L/PR:L). This is a critical pre-authentication boundary issue in consumer router infrastructure with confirmed POC, warranting immediate patching for affected deployments.

Tenda Buffer Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-34076 HIGH PATCH GHSA This Week

A SSRF vulnerability (CVSS 7.4). High severity vulnerability requiring prompt remediation.

SSRF
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-33735 HIGH PATCH This Week

MyTube versions prior to 1.8.69 suffer from an authorization bypass in the `/api/settings/import-database` endpoint that allows low-privilege authenticated users to upload and replace the application's SQLite database entirely, resulting in complete application compromise. The vulnerability affects self-hosted instances of MyTube and extends to other POST routes using the same flawed authorization mechanism. No public exploit code or active exploitation has been confirmed at time of analysis, but the fix is available in version 1.8.69.

Authentication Bypass Mytube
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-33745 HIGH PATCH This Week

The cpp-httplib HTTP/HTTPS client library (versions prior to 0.39.0) leaks authentication credentials to arbitrary third-party servers when following cross-origin HTTP redirects. An attacker operating a malicious server can issue a 301/302/307/308 redirect to capture plaintext Basic Auth, Bearer Token, or Digest Auth credentials from the Authorization header. CVSS score of 7.4 reflects high confidentiality and integrity impact with network attack vector and high complexity; no public exploit identified at time of analysis.

Information Disclosure Cpp Httplib
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-4982 HIGH PATCH This Week

Venueless instances allow authenticated users with 'update world' permissions to exfiltrate chat messages from direct messages or other worlds' channels via a flaw in the reporting feature, provided the attacker can obtain the target channel's internal UUID. This cross-world information disclosure affects Pretix Venueless across versions prior to patching, and exploitability is constrained by the requirement to discover internal identifiers that are not typically exposed to unauthorized users.

Information Disclosure Venueless
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.1%
CVE-2026-33045 HIGH PATCH GHSA This Week

Cross-site scripting in Home Assistant's mobile phone remaining charge time sensor allows authenticated attackers to inject malicious scripts via crafted sensor names imported from Android Auto. Affecting Home Assistant versions 2025.02 through 2026.00, this vulnerability requires low attack complexity and privileged access but relies on user interaction to execute stored XSS payloads. A vendor-released patch is available in version 2026.01, with EPSS data unavailable and no confirmed active exploitation at time of analysis.

XSS Google
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-33044 HIGH PATCH GHSA This Week

Cross-site scripting in Home Assistant's Map card component allows authenticated users to inject malicious JavaScript through device entity names, executing arbitrary code in victims' browsers when they hover over map information points. Affects Home Assistant versions 2020.02 through 2026.0.x, with fix released in version 2026.01. No public exploit identified at time of analysis, though CVSS E:P indicates proof-of-concept code exists. EPSS data not available, but exploitation requires authenticated access and user interaction (hovering), limiting practical attack surface.

XSS Home Assistant
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-33881 HIGH PATCH This Week

JavaScript code injection in Windmill's NativeTS executor allows workspace administrators to achieve remote code execution by embedding malicious payloads in environment variable values. The vulnerability (CWE-94) stems from improper sanitization of single quotes when interpolating workspace environment variables into JavaScript string literals, enabling arbitrary code execution in all NativeTS scripts within the affected workspace. Windmill versions prior to 1.664.0 are affected. CVSS 7.3 reflects high confidentiality, integrity, and availability impact, though exploitation requires high privileges (workspace admin role). Publicly available exploit code exists, though no confirmed active exploitation (CISA KEV) at time of analysis.

Code Injection RCE Windmill
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2024-11604 HIGH This Week

Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-33725 HIGH PATCH This Week

Remote Code Execution and Arbitrary File Read in Metabase Enterprise Edition allows authenticated administrators to execute arbitrary code and read sensitive files via malicious serialization archives. Affected versions span at least 1.47 through 1.59.3, with patches released in versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4. The vulnerability exploits the POST /api/ee/serialization/import endpoint by injecting INIT properties into H2 JDBC specifications within crafted serialization archives, triggering arbitrary SQL execution during database synchronization. Authentication as an admin is required (CVSS PR:H), and the vulnerability has been confirmed exploitable on Metabase Cloud infrastructure.

RCE Deserialization Metabase
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-69986 HIGH This Week

Stack buffer overflow in LSC Indoor Camera V7.6.32 ONVIF GetStreamUri function allows unauthenticated remote attackers to cause denial of service or execute arbitrary code by sending a crafted SOAP request with an oversized Protocol parameter in the Transport element, bypassing input validation and corrupting the stack return instruction pointer.

RCE Denial Of Service Buffer Overflow
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-4620 HIGH This Week

OS command injection in NEC Platforms Aterm wireless router series (models WX1500HP and WX3600HP) permits authenticated network attackers with high privileges to execute arbitrary operating system commands on affected devices. The vulnerability requires user interaction and high attack complexity (CVSS 4.0 score 7.1), with no public exploit identified at time of analysis. NEC Platforms has published a security advisory detailing the issue.

Command Injection Aterm Wx1500Hp Aterm Wx3600Hp
NVD VulDB
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-4622 HIGH This Week

Multiple NEC Aterm wireless router models are vulnerable to OS command injection that enables network-based attackers with high privileges and user interaction to execute arbitrary operating system commands. The vulnerability carries a CVSS 4.0 score of 7.1 and affects at least eight router models in the Aterm series including WG2600HS, WF1200CR, WG1200CR, WG2600HP4, WG2600HM4, WG2600HS2, WX3000HP, and WX3000HP2. No public exploit identified at time of analysis, though exploitation requires both elevated privileges and user interaction which reduces immediate risk.

Command Injection Aterm Wg2600Hs Aterm Wf1200Cr Aterm Wg1200Cr Aterm Wg2600Hp4 +4
NVD VulDB
CVSS 4.0
7.1
EPSS
0.3%
CVE-2025-15616 HIGH PATCH This Week

Multiple shell injection and untrusted search path vulnerabilities in Wazuh agent and manager (versions 2.1.0 through 4.7.x) enable remote code execution through malicious configuration parameters. Authenticated attackers with high privileges can inject commands via logcollector configuration files, maild SMTP server tags, and Kaspersky AR script parameters. The CVSS 4.0 score of 7.1 reflects network-accessible attack vector with low complexity but requiring high-privilege credentials; no public exploit identified at time of analysis.

RCE Code Injection Wazuh Agent Wazuh Manager
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-28788 HIGH PATCH This Week

Open WebUI versions prior to 0.8.6 permit authenticated users to overwrite arbitrary file contents through an insecure batch processing endpoint, escalating read-only knowledge base access to write permissions without ownership validation. Attackers with low-level privileges can manipulate RAG (Retrieval-Augmented Generation) content served to language models, poisoning AI responses delivered to other users. CVSS 7.1 (High) reflects network-accessible exploitation with low complexity requiring only standard user authentication; no public exploit identified at time of analysis.

Authentication Bypass Open Webui
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-34060 HIGH PATCH GHSA This Week

Ruby Language Server (ruby-lsp) allows arbitrary code execution when opening malicious projects. The vulnerability exploits unsanitized interpolation of the rubyLsp.branch workspace setting into a generated Gemfile, enabling attackers to embed malicious Ruby code in .vscode/settings.json that executes when users open and trust the workspace. Affects ruby-lsp gem < 0.26.9 and VS Code extension < 0.10.2. No active exploitation or public POC currently identified at time of analysis, but the attack requires only social engineering to trick developers into opening a crafted repository.

RCE Code Injection
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-34204 HIGH GHSA This Week

Authentication bypass in MinIO allows any authenticated user with s3:PutObject permission to permanently corrupt objects by injecting fake server-side encryption metadata via crafted X-Minio-Replication-* headers. Attackers can selectively render individual objects or entire buckets permanently unreadable through the S3 API without requiring elevated ReplicateObjectAction permissions. Affects all MinIO releases from RELEASE.2024-03-30T09-41-56Z through the final open-source release. Vendor-released patch available in MinIO AIStor RELEASE.2026-03-26T21-24-40Z. No public exploit identified at time of analysis, though the attack mechanism is well-documented in the advisory.

Docker Microsoft Apple Authentication Bypass Suse
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-15381 HIGH GHSA This Week

MLflow's basic-auth authentication system fails to protect tracing and assessment endpoints, enabling any authenticated user with no experiment permissions to read trace metadata and create unauthorized assessments. The vulnerability affects MLflow deployments running with the '--app-name=basic-auth' flag and carries a CVSS score of 8.1 (High) with network-based attack vector requiring low privilege authentication. This vulnerability was reported via the HackerOne bug bounty platform (@huntr_ai) with no public exploit identified at time of analysis.

Information Disclosure Mlflow Mlflow
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-5026 HIGH This Week

Stored XSS in Langflow's image serving endpoint allows authenticated attackers to steal session tokens via malicious SVG uploads. The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves user-uploaded SVG files with 'image/svg+xml' content type without sanitization, enabling embedded JavaScript execution in victim browsers. Authenticated attackers with low privileges can upload crafted SVGs that execute in other users' contexts, exfiltrating JWT access and refresh tokens from cookies. EPSS probability is low (0.07%, 22nd percentile) with no active exploitation confirmed (SSVC: none), but the attack is straightforward for authenticated users with file upload permissions.

XSS Langflow
NVD VulDB
CVSS 4.0
7.0
EPSS
0.1%
CVE-2026-3457 HIGH PATCH This Week

Stored cross-site scripting in Thales Sentinel LDK Runtime on Windows allows attackers with local access to inject malicious scripts that execute with high integrity impact. All versions before 10.22 are affected. The CVSS 4.0 base score of 7.0 reflects local attack vector with no privileges required and no user interaction. Proof-of-concept exploit code exists (CVSS:4.0 E:P). CISA KEV does not list this vulnerability as actively exploited at time of analysis.

XSS Microsoft
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-15615 MEDIUM This Month

Wazuh Manager authd service through version 4.7.3 fails to properly restrict client-initiated SSL/TLS renegotiation requests, allowing unauthenticated remote attackers to trigger excessive renegotiations that consume CPU resources and cause denial of service. The vulnerability affects the authentication daemon across all Wazuh Manager deployments running vulnerable versions, enabling attackers to render the authd service unavailable with no authentication required and minimal attack complexity.

Denial Of Service Privilege Escalation Wazuh Manager
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-32983 MEDIUM This Month

Wazuh Manager authd service through version 4.7.3 fails to properly restrict client-initiated SSL/TLS renegotiation, enabling remote attackers to trigger denial of service by flooding the service with excessive renegotiation requests that exhaust CPU resources and render the authentication daemon unavailable. The vulnerability affects all Wazuh Manager installations up to and including version 4.7.3, requires no authentication or user interaction, and can be exploited over the network by any remote actor. No public exploit code or active exploitation has been confirmed at this time, though the straightforward nature of renegotiation-based DoS attacks and moderate CVSS score of 6.9 indicate practical exploitability.

Denial Of Service Privilege Escalation Wazuh
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-33366 MEDIUM This Month

BUFFALO Wi-Fi router products lack authentication controls on a critical reboot function, allowing remote unauthenticated attackers to forcibly restart affected devices over the network. The vulnerability affects multiple BUFFALO router product lines across unspecified versions. While the CVSS score of 5.3 reflects moderate severity, the attack requires no credentials, no user interaction, and can be executed remotely with low complexity, making it operationally exploitable for denial-of-service attacks against networked BUFFALO routers. No public exploit code or confirmed active exploitation has been identified at the time of analysis.

Authentication Bypass Buffalo Wi Fi Router Products
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-34411 MEDIUM PATCH This Month

Appsmith versions prior to 1.98 allow unauthenticated remote attackers to access sensitive instance management API endpoints (/api/v1/consolidated-api/view, /api/v1/tenants/current) without authentication, enabling disclosure of configuration metadata, license information, and unsalted SHA-256 hashes of admin email domains. This authentication bypass facilitates reconnaissance for targeted follow-up attacks against Appsmith deployments and their administrators. No public exploit code or active exploitation has been independently confirmed at time of analysis.

Authentication Bypass Appsmith
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-4988 LOW POC Monitor

Denial of service in Open5GS 2.7.6 via malformed CCA (Credit-Control-Answer) messages in the SMF (Session Management Function) component allows remote attackers to crash the service without authentication. The vulnerability affects the smf_gx_cca_cb, smf_gy_cca_cb, and smf_s6b functions in the CCA Message Handler, with publicly available exploit code demonstrating the attack despite high complexity requirements. CVSS 6.3 reflects the availability impact and remote attack vector, though exploitation requires crafted network conditions.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.9
EPSS
0.1%
CVE-2026-33993 MEDIUM PATCH This Month

Prototype pollution in the locutus npm package's unserialize() function allows remote attackers to inject arbitrary properties into deserialized objects by crafting malicious PHP-serialized payloads containing __proto__ keys, enabling authorization bypass, property propagation attacks, and denial of service via method override. The vulnerability affects locutus versions prior to 3.0.25; publicly available exploit code exists demonstrating property injection, for-in propagation to real own properties, and built-in method disruption.

PHP Node.js Prototype Pollution Deserialization Denial Of Service +1
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-27855 MEDIUM PATCH This Month

Dovecot OTP authentication enables replay attacks when authentication cache is enabled and username alteration occurs in passdb, allowing attackers who observe an OTP exchange to authenticate as the targeted user. Open-XChange Dovecot Pro is affected (CPE: cpe:2.3:a:open-xchange_gmbh:ox_dovecot_pro:*:*:*:*:*:*:*:*). No public exploit identified at time of analysis, though the vulnerability requires relatively specific preconditions (enabled cache, username modification in passdb) to be exploitable. The CVSS 6.8 score reflects high confidentiality and integrity impact but requires high attack complexity and user interaction.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-31951 MEDIUM This Month

LibreChat versions 0.8.2-rc1 through 0.8.3-rc1 leak OAuth access tokens when authenticated users interact with malicious MCP servers, which can inject credential placeholders into HTTP headers that are automatically substituted with sensitive tokens. An attacker can create a rogue MCP server containing headers like {{LIBRECHAT_OPENID_ACCESS_TOKEN}} to harvest victim credentials during tool execution; the vulnerability is fixed in version 0.8.3-rc2. No public exploit code or CISA KEV listing is documented, but the attack requires user interaction (UI:R) and authenticated access (PR:L), limiting real-world impact.

Information Disclosure Librechat
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-34388 MEDIUM PATCH GHSA This Month

Denial-of-service vulnerability in Fleet device management software prior to version 4.81.0 allows authenticated hosts to crash the entire Fleet server process by sending a malformed log type value to the gRPC Launcher endpoint, disrupting all connected devices, MDM enrollments, and API consumers. The vulnerability requires prior authentication but affects availability across the entire infrastructure. Vendor-released patch: version 4.81.0.

Denial Of Service Suse
NVD GitHub
CVSS 4.0
6.6
EPSS
0.0%
CVE-2026-34391 MEDIUM PATCH This Month

Fleet device management software versions prior to 4.81.1 allow malicious enrolled Windows devices to access Mobile Device Management (MDM) commands intended for other devices, potentially disclosing sensitive configuration data including WiFi credentials, VPN secrets, and certificate payloads across the entire Windows fleet. The vulnerability stems from improper authorization controls in Windows MDM command processing, affecting any organization using Fleet for Windows device management. Vendor-released patch: version 4.81.1.

Microsoft Information Disclosure
NVD GitHub
CVSS 4.0
6.6
EPSS
0.0%
CVE-2023-7339 MEDIUM This Month

Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Pngate Epgate Mbgate +2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-5025 MEDIUM This Month

Log router endpoints in an authenticated application expose full application log buffers to any authenticated user without privilege-level authorization checks, allowing credential harvesting, sensitive data exfiltration, and reconnaissance. The vulnerability affects the '/logs' and '/logs-stream' endpoints which enforce only basic authentication ('get_current_active_user') rather than administrative privilege requirements, enabling authenticated attackers with low privileges to read complete application logs containing sensitive information. No public exploit code or active exploitation has been identified at the time of analysis, though the relatively low attack complexity (AC:L) and straightforward authentication bypass mechanism present moderate real-world risk.

Authentication Bypass Langflow
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-14028 MEDIUM PATCH This Month

Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service Smartlink Hw Dp Smartlink Hw Pn
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33954 MEDIUM PATCH This Month

LinkAce versions before 2.5.3 disclose private notes to authenticated users via the web interface when viewing shared links, despite the API correctly enforcing note visibility restrictions. An authenticated user can read another user's private notes attached to internal or public links by accessing the web link detail page, resulting in unauthorized information disclosure. Version 2.5.3 patches this authorization bypass.

Authentication Bypass Linkace
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3098 MEDIUM This Month

Smart Slider 3 plugin for WordPress allows authenticated attackers with Subscriber-level privileges to read arbitrary files on the server via improper access controls in the 'actionExportAll' function. Affected versions include all releases up to and including 3.5.1.33. The vulnerability exposes sensitive files such as configuration data, database credentials, and private keys to attackers with low-privilege WordPress accounts. No public exploit code or active exploitation has been identified at the time of analysis.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34036 MEDIUM PATCH This Month

Dolibarr Core versions up to 22.0.4 allow authenticated users with minimal privileges to read arbitrary non-PHP files from the server via a Local File Inclusion vulnerability in /core/ajax/selectobject.php. The flaw stems from dynamic file inclusion occurring before authorization checks and a fail-open logic in the access control function, enabling exfiltration of sensitive configuration files, environment variables, and logs. Publicly available exploit code exists, and a vendor patch has been released.

PHP LFI Information Disclosure CSRF Python
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33730 MEDIUM PATCH This Month

OpenSourcePOS versions prior to 3.4.2 contain an Insecure Direct Object Reference (IDOR) vulnerability allowing authenticated low-privileged users to modify password change settings for arbitrary users, including administrators, by manipulating the employee_id parameter without authorization checks. The vulnerability affects the web-based PHP/CodeIgniter point-of-sale application and enables account takeover of higher-privileged accounts. No public exploit code has been identified at the time of analysis, though the fix involves adding object-level authorization validation to the affected endpoint.

PHP Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-69988 MEDIUM This Month

BS Producten Petcam version 33.1.0.0818 fails to enforce access controls on its wireless network interface, allowing unauthenticated attackers within physical proximity to connect to the device's open network and directly access live video and audio streams without authentication. The vulnerability affects a consumer IP camera product and carries a CVSS score of 6.5 (medium severity) driven by high confidentiality impact despite requiring physical proximity. A proof-of-concept and technical analysis are publicly available via GitHub, though no confirmation of active exploitation in the wild has been identified.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27879 MEDIUM PATCH This Month

Grafana versions prior to patching are vulnerable to denial-of-service attacks via maliciously crafted resample queries that exhaust server memory and trigger out-of-memory crashes. Authenticated users with query execution privileges can exploit this low-complexity remote vulnerability to disrupt service availability. No public exploit code or confirmed active exploitation has been identified at the time of analysis, though the attack surface is broad given Grafana's widespread deployment in monitoring infrastructure.

Grafana Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28375 MEDIUM PATCH This Month

Grafana's testdata data-source plugin allows authenticated users to trigger out-of-memory (OOM) crashes, causing a denial of service affecting availability. The vulnerability requires low-privilege user authentication and network access to the affected Grafana instance, enabling local or remote attackers with valid credentials to exhaust server memory resources without user interaction. No public exploit code or active exploitation has been confirmed at the time of analysis.

Grafana Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33994 MEDIUM PATCH This Month

Prototype pollution in locutus npm package version 2.0.39 through 3.0.24 allows remote attackers to bypass `Object.prototype` pollution guards via a crafted query string passed to the `parse_str` function, enabling authentication bypass, denial of service, or remote code execution in chained attack scenarios where `RegExp.prototype.test` has been previously compromised. Publicly available exploit code exists demonstrating the vulnerability; vendor-released patch available in version 3.0.25.

PHP Denial Of Service Node.js Prototype Pollution Authentication Bypass +2
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-5022 MEDIUM This Month

Langflow's '/api/v1/files/images/{flow_id}/{file_name}' endpoint lacks authentication and authorization enforcement, permitting unauthenticated users to download arbitrary images associated with any flow by supplying or enumerating flow IDs and file names. This authentication bypass affects all versions of Langflow AI's langflow product and enables unauthorized disclosure of potentially sensitive image assets. No public exploit code or active exploitation has been confirmed at the time of analysis.

Authentication Bypass Langflow
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-4621 MEDIUM This Month

NEC Aterm wireless router series (including WG1200HP2, WG1900HP, WG1800HP3, WG1200HP4, and nine other models) contain hidden telnet functionality that can be remotely enabled by unauthenticated network attackers via unspecified means, classified as CWE-912 (Hidden Functionality). The vulnerability carries a CVSS 6.3 score reflecting network-accessible attack vector with high complexity requirements and limited confidentiality/integrity impact. No public exploit code or active exploitation via CISA KEV has been confirmed at analysis time, though the remote enablement of administrative telnet access represents a significant privilege escalation pathway for subsequent unauthorized system access.

Information Disclosure Aterm W1200Ex Ms Aterm Wg1200Hp2 Aterm Wg1900Hp Aterm Wg1200Hs2 +17
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-15612 MEDIUM This Month

Wazuh provisioning scripts and container build environments disable SSL/TLS certificate validation by invoking curl with the -k/--insecure flag, enabling man-in-the-middle attackers to intercept and modify downloaded dependencies during the build process and achieve remote code execution within the agent build infrastructure and supply chain. Unauthenticated network attackers with positioning on the network path can exploit this with moderate complexity to compromise the integrity of Wazuh agent builds, affecting all downstream deployments. No public exploit code or active exploitation has been confirmed at the time of analysis.

RCE Wazuh Provisioning Scripts Agent Build Environment
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-4309 MEDIUM This Month

NEC Aterm wireless router series (W1200Ex-MS, WG1200HP2, WG1900HP, WG1800HP3, WG1800HP4, WG1200HP3, WG1200HP4, WG1200HS2, WG1200HS3, WX1500HP, WX3000HP, WX3600HP, WG2600HS, WG2600HS2, WG2600HP4, WG2600HM4, WF1200CR, WG1200CR, and others) suffer from missing authorization controls that enable remote attackers to enumerate device configuration details and modify settings without proper access controls. The vulnerability stems from CWE-862 (Missing Authorization) in the device management interface, allowing unauthenticated or inadequately authenticated network-accessible requests to interact with sensitive administrative functions. No CVSS score, EPSS probability estimate, or public exploit code has been disclosed, and CISA KEV status is unknown.

Authentication Bypass Aterm W1200Ex Ms Aterm Wg1200Hp2 Aterm Wg1900Hp Aterm Wg1200Hs2 +16
NVD
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-34245 MEDIUM GHSA This Month

Broadcast schedule modification in WWBN AVideo versions up to 26.0 allows authenticated users with streaming permissions to hijack playlists and disrupt streams by creating or modifying schedules targeting any playlist regardless of ownership, with rebroadcasts executing under the victim's identity. The vulnerability affects the `plugin/PlayLists/View/Playlists_schedules/add.json.php` endpoint and stems from insufficient authorization checks. Upstream fix available via commit 1e6dc20172de986f60641eb4fdb4090f079ffdce; no public exploit identified at time of analysis.

PHP Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-34386 MEDIUM PATCH GHSA This Month

SQL injection in Fleet device management software versions prior to 4.81.0 allows authenticated Team Admin or Global Admin users to execute arbitrary SQL queries against the Fleet database via the MDM bootstrap package configuration API endpoint. Attackers with these privileges can exfiltrate sensitive data, modify arbitrary team configurations, and inject malicious content into team settings. The vulnerability requires authentication but poses significant risk to multi-tenant Fleet deployments where administrative credentials may be compromised or where insider threats exist.

SQLi Information Disclosure Suse
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-4980 MEDIUM PATCH This Month

Inkscape 1.1 before 1.3 contains a local file disclosure vulnerability in XInclude processing that allows unauthenticated remote attackers to read arbitrary files from an affected system by crafting malicious SVG files with xi:include tags. The vulnerability has a moderate CVSS score of 6.3 but carries high confidentiality impact; no public exploit code or active exploitation has been confirmed at the time of analysis. Upstream fixes are available via GitLab merge requests, and users should upgrade to version 1.3 or later.

XXE Inkscape
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy