Skip to main content
CVE-2026-32695 MEDIUM PATCH This Month

Traefik's Knative provider fails to escape user-controlled values when interpolating host and header rules into backtick-delimited expressions, allowing attackers to inject rule syntax and bypass host restrictions in multi-tenant clusters. Versions prior to 3.6.11 and 3.7.0-ea.2 are affected. An attacker can craft malicious Knative ingress configurations to route traffic intended for one tenant to attacker-controlled hosts, enabling unauthorized cross-tenant traffic exposure and service impersonation.

Authentication Bypass Traefik
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-34385 MEDIUM PATCH GHSA This Month

SQL injection in Fleet's Apple MDM profile delivery pipeline before version 4.81.0 allows authenticated attackers with valid MDM enrollment certificates to exfiltrate or modify database contents, including user credentials, API tokens, and device enrollment secrets. This second-order SQL injection vulnerability affects the cpe:2.3:a:fleetdm:fleet product line and requires valid MDM enrollment credentials to exploit, limiting the attack surface to adversaries who have already established trust within the MDM enrollment process. No public exploit code or active exploitation has been identified at the time of this analysis.

SQLi Apple Suse
NVD GitHub
CVSS 4.0
6.2
EPSS
0.0%
CVE-2026-4907 LOW POC Monitor

Page-Replica endpoint /sitemap improperly validates the url parameter in the sitemap.fetch function, enabling server-side request forgery (SSRF) attacks by authenticated users. An attacker with login credentials can craft malicious requests to make the vulnerable server fetch arbitrary internal or external resources, potentially exposing sensitive data or facilitating lateral movement. The vulnerability affects all versions up to commit e4a7f52e75093ee318b4d5a9a9db6751050d2ad0 under the product's rolling release model, with publicly available exploit code and an EPSS score indicating elevated exploitation probability, though the vendor has not responded to early disclosure.

SSRF Page Replica
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4992 LOW POC Monitor

HTML injection in wandb OpenUI up to version 1.0 allows remote unauthenticated attackers to inject arbitrary HTML via manipulation of the ID argument in the create_share and get_share functions in backend/openui/server.py. The attack requires user interaction and has a publicly available exploit. CVSS score is 5.3 (moderate) with EPSS indicating limited practical exploitation probability. The vendor has not responded to disclosure attempts.

XSS Openui
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4970 LOW POC Monitor

SQL injection in code-projects Social Networking Site 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in delete_photos.php, potentially enabling unauthorized data access, modification, or deletion. The vulnerability affects an unknown function in the Endpoint component and has publicly available exploit code, increasing the likelihood of active abuse despite the moderate CVSS 5.3 score.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4966 LOW POC Monitor

SQL injection in itsourcecode Free Hotel Reservation System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /admin/mod_room/index.php?view=edit, leading to unauthorized database query execution. The vulnerability requires valid admin credentials (CVSS PR:L) but has publicly available exploit code and represents a moderate information disclosure and integrity risk (CVSS 5.3 with limited confidentiality, integrity, and availability impact). Active exploitation status is not confirmed via CISA KEV, but proof-of-concept code is documented in public repositories.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4954 LOW POC Monitor

SQL injection in mingSoft MCMS 5.5.0 allows authenticated remote attackers to manipulate the Web Content List Endpoint (ContentAction.java) and execute arbitrary database queries, potentially leading to unauthorized data disclosure, modification, or deletion. The vulnerability requires low-privilege authentication (CVSS PR:L) and has publicly available exploit code disclosed on GitHub, making it an active threat to deployed MCMS instances.

SQLi Java
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-61190 MEDIUM This Month

DSpace JSPUI 6.5 contains a reflected cross-site scripting (XSS) vulnerability in the search/discover filtering functionality where the filter_type_1 parameter is not properly sanitized, allowing remote attackers to inject malicious scripts that execute in the context of other users' browsers. The vulnerability affects DSpace repository instances running version 6.5. A proof-of-concept has been publicly disclosed via GitHub (https://gist.github.com/MerttTuran/9cf7de549749fe3ef7ce08d65e3540bd), though no active exploitation via CISA KEV listing has been confirmed at the time of analysis.

XSS N A
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-4971 LOW POC Monitor

Cross-site request forgery (CSRF) in SourceCodester Note Taking App up to version 1.0 allows remote attackers to perform unauthorized actions via crafted requests, exploiting lack of CSRF token validation. The vulnerability requires user interaction (clicking a malicious link) but carries no authentication barrier. Publicly available exploit code exists, elevating practical risk despite the moderate CVSS score of 4.3.

CSRF Note Taking App
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4968 LOW POC Monitor

Cross-site request forgery (CSRF) in SourceCodester Diary App 1.0 allows unauthenticated remote attackers to manipulate an unknown function within diary.php, potentially leading to unauthorized state-changing actions. The vulnerability has a moderate CVSS score of 5.3 with user interaction required, and publicly available exploit code exists, though active exploitation status is unconfirmed. An attacker could craft malicious web pages to trick users into performing unwanted actions within the application.

CSRF PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4963 LOW POC Monitor

Code injection in HuggingFace smolagents 1.25.0.dev0 allows remote attackers without authentication to execute arbitrary code through incomplete remediation of CVE-2025-9959 in the local Python executor component. The vulnerability affects the evaluate_augassign, evaluate_call, and evaluate_with functions in src/smolagents/local_python_executor.py, with publicly available exploit code and active public disclosure despite lack of vendor response.

RCE Code Injection Smolagents
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4964 LOW POC Monitor

Server-side request forgery in letta-ai letta 0.16.4 allows authenticated remote attackers to manipulate ImageContent parameters in the _convert_message_create_to_message function within the file URL handler, enabling arbitrary HTTP requests to internal or external systems. Letta versions up to and including 0.16.4 are affected. Publicly available exploit code exists, and the vendor has not responded to early disclosure notifications, leaving affected deployments without an official patch at time of analysis.

SSRF Letta
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4619 MEDIUM This Month

NEC Aterm WX3600HP routers contain a path traversal vulnerability enabling remote attackers to write arbitrary files to the device via network access, potentially compromising system integrity and enabling persistent attacks. The vulnerability (CVE-2026-4619) affects the Aterm WX3600HP model and exploits insufficient input validation in file handling mechanisms. No CVSS score or publicly available exploit has been identified at the time of analysis, though the CWE-22 classification confirms the path traversal root cause.

Path Traversal Aterm Wx3600Hp
NVD VulDB
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-26060 MEDIUM PATCH This Month

Fleet's password reset token invalidation logic fails to revoke previously issued tokens when a user changes their password, allowing attackers with a captured token to perform account takeover by resetting the password again within the token's 24-hour validity window. The vulnerability affects Fleet versions distributed via the Go package github.com/fleetdm/fleet/v4 and requires prior compromise of a valid password reset token to exploit, limiting real-world impact to scenarios where token interception has already occurred.

Authentication Bypass Suse
NVD GitHub
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-4969 LOW POC Monitor

Stored cross-site scripting (XSS) in code-projects Social Networking Site 1.0 allows authenticated remote attackers to inject malicious scripts via the content parameter in the Alert Handler component (/home.php), requiring user interaction to trigger. The vulnerability carries a CVSS score of 5.1 (medium) with publicly available exploit code, though no confirmed active exploitation in the wild has been reported. Affected users can have their sessions hijacked or credentials stolen if they interact with malicious alerts crafted by authenticated attackers.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-34043 MEDIUM PATCH This Month

The serialize-javascript npm library versions prior to 7.0.5 contain a CPU exhaustion denial-of-service vulnerability triggered when processing specially crafted array-like objects with artificially large length properties, causing the serialization process to hang indefinitely and consume 100% CPU. The vulnerability affects npm package serialize-javascript (pkg:npm/serialize-javascript) and impacts applications that serialize untrusted or user-controlled objects, particularly those also vulnerable to prototype pollution or YAML deserialization attacks that could inject malicious payloads. No public exploit code has been identified, but the attack vector is network-accessible with high complexity, posing a moderate real-world threat in supply-chain and backend service contexts.

Denial Of Service Deserialization Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-4972 LOW POC Monitor

Stored cross-site scripting (XSS) in code-projects Online Reviewer System up to version 1.0 allows authenticated users with high privileges to inject malicious scripts via the Description parameter in /system/system/students/assessments/databank/btn_functions.php, which are then executed in the context of other users' browsers. The vulnerability requires user interaction (UI:R) and has publicly available exploit code, but poses minimal real-world risk given the high privilege requirement (PR:H) and low impact severity (CVSS 2.4).

XSS PHP
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-27856 MEDIUM PATCH This Month

OX Dovecot Pro's doveadm HTTP service is vulnerable to timing oracle attacks during credential verification, allowing remote unauthenticated attackers to enumerate valid credentials through timing analysis and gain full administrative access to the doveadm management interface. The vulnerability affects OX Dovecot Pro installations with exposed doveadm HTTP service ports, carries a CVSS score of 7.4, and has no public exploit identified at time of analysis.

Oracle Authentication Bypass Ox Dovecot Pro
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-4909 LOW POC Monitor

Stored cross-site scripting (XSS) in code-projects Exam Form Submission 1.0 allows authenticated remote attackers to inject malicious scripts via the sname parameter in /admin/update_s7.php, potentially compromising administrator sessions and enabling unauthorized actions. Publicly available exploit code exists for this vulnerability, though it requires high-privilege authentication to trigger. The CVSS 2.4 score reflects limited impact (information integrity only) and the requirement for authenticated access and user interaction, but the public availability of working exploit code elevates practical risk.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-34353 MEDIUM PATCH This Month

OCaml's Bigarray.reshape function contains an integer overflow vulnerability that permits unauthenticated local attackers to read arbitrary memory contents when processing untrusted input. Affected versions through 4.14.3 allow an attacker with local access to trigger the overflow condition, bypassing memory protections and potentially exposing sensitive data including cryptographic keys or process memory. No public exploit code or active exploitation has been confirmed at time of analysis.

Buffer Overflow Integer Overflow Ocaml
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-33996 MEDIUM This Month

LibJWT versions 3.0.0 through 3.2.x are vulnerable to denial of service through a NULL pointer dereference in RSA-PSS JWK parsing. When processing specially crafted JWK files that substitute integers for expected string values, the library fails to validate input types, causing a crash. This affects applications that import RSA-PSS keys from JWK files, particularly those handling untrusted key sources. No public exploit code has been identified; patch 3.3.0 resolves the issue.

Null Pointer Dereference Denial Of Service Red Hat
NVD GitHub VulDB
CVSS 4.0
5.8
EPSS
0.0%
CVE-2026-34387 MEDIUM PATCH This Month

Fleet device management software versions prior to 4.81.1 are vulnerable to command injection in the software installer pipeline, enabling remote attackers with high privileges to achieve arbitrary code execution as root on macOS/Linux or SYSTEM on Windows when triggering uninstall operations on crafted software packages. The vulnerability requires high privileges and user interaction but delivers complete system compromise on affected managed hosts. No public exploit code or active exploitation has been identified at time of analysis.

RCE Command Injection Apple Microsoft
NVD GitHub
CVSS 4.0
5.7
EPSS
0.3%
CVE-2026-33739 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in FOG Project versions prior to 1.5.10.1812 allows authenticated high-privilege administrators to inject malicious scripts into management pages (Host, Storage, Group, Image, Printer, Snapin) through unsanitized record creation/update parameters, which are then executed when other administrators view the listing tables. The vulnerability requires administrative access and user interaction to trigger, resulting in potential session hijacking, credential theft, or lateral movement within the management interface.

XSS Fogproject
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-4990 MEDIUM This Month

Improper authorization in Chatwoot up to version 4.11.1 allows remote unauthenticated attackers to bypass authentication via the signupEnabled parameter in the /app/login endpoint's Signup Endpoint component. The vulnerability enables attackers to manipulate signup authorization controls by setting signupEnabled to true, resulting in unauthorized access. Publicly available exploit code exists, and the vendor did not respond to early disclosure notification.

Authentication Bypass Chatwoot
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4955 MEDIUM This Month

Streamax Crocus 1.3.44 contains a remote SQL injection vulnerability in the /OperateStatistic.do endpoint via the VehicleID parameter, allowing unauthenticated remote attackers to manipulate database queries and extract or modify sensitive data. Public exploit code exists for this vulnerability, and the vendor has not responded to early disclosure notifications, leaving affected deployments without an official patch.

SQLi
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4956 MEDIUM This Month

SQL injection in Streamax Crocus 1.3.44 parameter handler allows unauthenticated remote attackers to manipulate the State argument in /DevicePrint.do?Action=ReadTask endpoint, enabling database queries with low confidentiality, integrity, and availability impact. Publicly available exploit code exists; the vendor has not responded to early disclosure notification and no patch is available.

SQLi
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4948 MEDIUM PATCH This Month

Firewalld on Red Hat Enterprise Linux 7, 8, 9, and 10, as well as OpenShift Container Platform 4, contains an authentication bypass vulnerability in two D-Bus setters (setZoneSettings2 and setPolicySettings) that allows local unprivileged users to modify runtime firewall configurations without proper authorization. An authenticated local attacker can exploit this to change network security policies, potentially enabling lateral movement or service disruption. No public exploit code has been identified at the time of analysis, though Red Hat has issued security advisories (CVE-2026-4948, Bugzilla #2452086).

Authentication Bypass Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9 +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-34475 MEDIUM PATCH This Month

Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12 mishandle HTTP/1.1 URLs with a root path (/) in unchecked req.url scenarios, enabling cache poisoning and authentication bypass attacks. Unauthenticated remote attackers can exploit this with moderate complexity to poison cached content or bypass authentication controls affecting downstream clients. No active exploitation has been confirmed, though the vulnerability carries a 5.4 CVSS score reflecting network accessibility and partial impact to confidentiality and integrity.

Authentication Bypass Varnish Enterprise Vinyl Cache
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-29070 MEDIUM PATCH This Month

Open WebUI versions prior to 0.8.6 allow authenticated users to delete arbitrary files from knowledge bases they have write access to, due to missing validation that files actually belong to the target knowledge base. An attacker with legitimate write permissions to any knowledge base can exploit this to delete files from other knowledge bases by crafting requests with known file identifiers, resulting in data loss and service disruption. No public exploit code or active exploitation has been reported at time of analysis.

Authentication Bypass Open Webui
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-34362 MEDIUM GHSA This Month

WebSocket token validation bypass in WWBN AVideo versions up to 26.0 allows authenticated attackers to retain permanent real-time access to sensitive connection metadata after account revocation. The verifyTokenSocket() function fails to enforce token expiration despite generating 12-hour timeouts, enabling captured tokens to grant indefinite access to admin-level data including IP addresses, browser fingerprints, and user page locations. Authenticated users (PR:L per CVSS vector) can exploit this to maintain surveillance capabilities even after account deletion or privilege demotion. No public exploit identified at time of analysis.

PHP Information Disclosure
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-34247 MEDIUM GHSA This Month

WWBN AVideo versions up to 26.0 allow authenticated users to arbitrarily overwrite poster images for any scheduled live stream due to missing authorization checks in the uploadPoster.php endpoint, combined with subsequent broadcast of sensitive broadcast keys and user IDs to all connected WebSocket clients. An authenticated attacker can exploit this vulnerability without user interaction to deface another user's scheduled broadcasts and potentially harvest credential material for further attacks. No public exploit identified at time of analysis, though the vulnerability has been disclosed via GitHub security advisory with a published fix commit available.

PHP Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-59028 MEDIUM PATCH This Month

OX Dovecot Pro authentication server becomes disconnected when processing invalid base64 SASL data, causing all concurrent active authentication sessions to fail and enabling denial-of-service attacks against login infrastructure. Unauthenticated remote attackers can trigger this condition with minimal attack complexity by sending malformed base64 sequences to the SASL authentication handler. No public exploit code is currently available, and the vulnerability carries a CVSS score of 5.3 reflecting limited availability impact without confidentiality or integrity compromise.

Information Disclosure Ox Dovecot Pro
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-33721 MEDIUM PATCH This Month

MapServer versions 4.2 through 8.6.0 are vulnerable to a heap buffer overflow in the SLD (Styled Layer Descriptor) parser that allows remote, unauthenticated attackers to crash the MapServer process by sending a crafted SLD document containing more than 100 Threshold elements within a ColorMap/Categorize structure. The vulnerability is reachable via WMS GetMap requests using the SLD_BODY parameter, requiring no authentication or user interaction. Vendor-released patch: version 8.6.1 eliminates the issue; no public exploit code or active exploitation has been identified at time of analysis.

Buffer Overflow Memory Corruption Mapserver
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-32984 MEDIUM This Month

Wazuh authd daemon contains a heap-buffer overflow vulnerability (CWE-125) triggered by specially crafted input from authenticated remote users, causing memory corruption and denial of service to the authentication daemon. The vulnerability affects all versions of Wazuh (CPE: cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*) and requires authenticated network access to exploit; no public exploit code or active exploitation has been confirmed at this time.

Buffer Overflow Denial Of Service Information Disclosure Wazuh
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-33936 MEDIUM PATCH This Month

Denial-of-service vulnerability in python-ecdsa library allows remote attackers to crash applications parsing untrusted DER-encoded private keys through truncated or malformed DER structures. The DER parsing functions accept invalid input that declares a longer byte length than actually provided, subsequently triggering unexpected internal IndexError exceptions instead of cleanly rejecting the malformed data. Publicly available proof-of-concept code demonstrates deterministic crashes via SigningKey.from_der() on mutated DER inputs.

Python Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-0394 MEDIUM PATCH This Month

Path traversal in OX Dovecot Pro allows unauthenticated remote attackers to read arbitrary files such as /etc/passwd when per-domain passwd files are misconfigured above /etc or when slash characters are added to the domain path component. Successful exploitation can expose system authentication data or make system users appear as valid mail users, leading to unauthorized access. No public exploit code is currently known, and the vulnerability requires specific misconfiguration to trigger, resulting in a moderate CVSS score of 5.3 with low confidentiality impact.

Path Traversal Ox Dovecot Pro
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-4985 MEDIUM PATCH This Month

Integer overflow in dloebl CGIF up to version 0.5.2 allows remote attackers to trigger availability impact via manipulation of width/height arguments in the cgif_addframe function. The vulnerability requires user interaction (UI:P) but can be exploited over the network with no authentication. A patch is available via upstream commit b0ba830093f4317a5d1f345715d2fa3cd2dab474.

Integer Overflow Buffer Overflow Cgif
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-27859 MEDIUM PATCH This Month

OX Dovecot Pro mail delivery processes consume excessive CPU resources when processing mail messages containing abnormally high numbers of RFC 2231 MIME parameters, enabling remote denial of service without authentication or user interaction. Unauthenticated remote attackers can craft malicious MIME messages to trigger algorithmic complexity in parameter parsing, degrading mail service availability. No public exploit code is currently known, and patch availability has not been independently confirmed from the provided advisory reference.

Denial Of Service Ox Dovecot Pro
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-34369 MEDIUM GHSA This Month

WWBN AVideo up to version 26.0 fails to enforce password verification on API endpoints `get_api_video_file` and `get_api_video`, allowing unauthenticated remote attackers to retrieve direct playback URLs (MP4 files and HLS manifests) for password-protected videos by directly invoking the API. The web interface enforces password checks through the `CustomizeUser::getModeYouTube()` hook, but this validation is entirely absent from the API code path, creating a complete authentication bypass. Upstream fix available via commit be344206f2f461c034ad2f1c5d8212dd8a52b8c7; no public exploit or active exploitation confirmed at time of analysis.

Authentication Bypass Avideo
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-31950 MEDIUM PATCH This Month

Unauthenticated stream hijacking in LibreChat versions 0.8.2-rc2 through 0.8.2-rc3 allows authenticated users to read other users' real-time chat conversations via the SSE streaming endpoint `/api/agents/chat/stream/:streamId` without ownership verification. An attacker with valid credentials can enumerate or guess stream IDs to intercept sensitive messages, AI-generated responses, and tool invocation data from arbitrary users. The vulnerability was patched in version 0.8.2.

Authentication Bypass Librechat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-34368 MEDIUM GHSA This Month

WWBN AVideo up to version 26.0 allows authenticated attackers to conduct concurrent balance transfers that exploit a Time-of-Check-Time-of-Use (TOCTOU) race condition in the wallet module, enabling arbitrary financial value multiplication without database transaction protection. An attacker with multiple authenticated sessions can trigger parallel transfer requests that each read the same wallet balance, all pass the sufficiency check independently, but result in only a single deduction while the recipient receives multiple credits. The vulnerability requires local authentication and moderate attacker effort (AC:H) but carries high integrity impact; no public exploit code or active exploitation has been identified at the time of analysis.

PHP Race Condition Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-4958 LOW POC Monitor

OpenBMB XAgent 1.0.0 allows authenticated remote attackers to bypass authorization controls via manipulation of the interaction_id argument in the WebSocket ReplayServer endpoint (XAgentServer/application/websockets/replayer.py), enabling unauthorized access to replay functionality. The vulnerability requires low privileges and is difficult to exploit due to high attack complexity, but publicly available exploit code exists. No vendor patch has been released despite early disclosure notification.

Authentication Bypass Xagent
NVD VulDB GitHub
CVSS 4.0
1.3
EPSS
0.0%
CVE-2023-7340 MEDIUM This Month

Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Wazuh
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-34364 MEDIUM GHSA This Month

WWBN AVideo versions up to 26.0 expose all non-private video categories to unauthenticated remote attackers due to missing access control enforcement in the categories.json.php endpoint. The vulnerability combines two distinct flaws: complete bypass of group-based filtering when no user parameter is supplied, and a type confusion bug that substitutes the admin user's group memberships when a user parameter is present, allowing unauthorized disclosure of category metadata intended for restricted user groups. CVSS 5.3 reflects the information disclosure impact with no authentication required and low attack complexity; no public exploit code or active exploitation has been confirmed at time of analysis.

PHP Authentication Bypass
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-5010 MEDIUM PATCH This Month

Clickedu contains a reflected XSS vulnerability in the /user.php/ endpoint that permits remote attackers to execute arbitrary JavaScript in a victim's browser via malicious URL parameters, enabling session hijacking, credential theft, and unauthorized actions. The vulnerability affects all versions of Sanoma's Clickedu product (per CPE cpe:2.3:a:sanoma:clickedu:*:*:*:*:*:*:*:*) and a vendor patch is available. No CVSS score or active exploitation data was provided; however, the reflected XSS attack vector combined with educational platform context indicates moderate to high real-world risk given typical user trust in institutional URLs.

PHP XSS
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-32859 MEDIUM PATCH This Month

ByteDance Deer-Flow artifacts API fails to sanitize user-supplied HTML and script content before storage and rendering, enabling stored cross-site scripting (XSS) attacks that execute arbitrary scripts in the browser context of users viewing artifacts. All versions prior to commit 5dbb362 are affected; attackers can compromise sessions, steal credentials, and execute arbitrary JavaScript without authentication. A patch is available from the vendor via GitHub commit 5dbb3623b2f0e490c8bb3cd81b1e3b1b12eae1a6, and no public exploit code or active exploitation has been identified at time of analysis.

XSS Deerflow
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-4991 MEDIUM This Month

Cross-site scripting (XSS) in QDOCS Smart School Management System up to version 7.2 allows authenticated remote attackers to inject malicious scripts via the Note parameter in the /admin/enquiry endpoint of the Admission Enquiry Module, potentially compromising session integrity and user data. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), resulting in a CVSS 5.1 score with low integrity impact. No public exploit code or active exploitation has been confirmed at the time of this analysis.

XSS Smart School Management System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-33559 MEDIUM This Month

Stored cross-site scripting (XSS) in the WordPress OpenStreetMap plugin by MiKa allows authenticated users with page creation or editing privileges to inject malicious scripts that execute in the browsers of other users viewing the affected pages. The vulnerability affects all versions of the plugin via CPE cpe:2.3:a:mika:openstreetmap:*:*:*:*:*:*:*:*. With a CVSS score of 5.4 and moderate attack complexity requiring user interaction, this poses a localized but meaningful risk to WordPress sites where contributors or editors cannot be fully trusted. No public exploit code or active exploitation has been confirmed at time of analysis.

WordPress XSS
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-33433 MEDIUM PATCH GHSA This Month

Traefik reverse proxy and load balancer versions prior to 2.11.42, 3.6.11, and 3.7.0-ea.3 allow authenticated attackers to inject canonical HTTP header names that override non-canonical headers configured via the `headerField` setting, enabling identity impersonation to backend systems. The vulnerability exploits HTTP header handling inconsistencies where backends read the attacker-supplied canonical header before Traefik's non-canonical configuration, permitting authentication bypass for any identity. Vendor-released patches are available for all affected major versions.

Authentication Bypass Canonical Traefik
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-34389 MEDIUM PATCH GHSA This Month

Fleet device management software prior to version 4.81.0 allows privilege escalation through email validation bypass in the user invitation flow. An attacker with a valid invite token can create an account using an arbitrary email address while retaining the role permissions granted by the invite, potentially obtaining global admin access. No public exploit code or active exploitation has been identified at the time of analysis.

Authentication Bypass Suse
NVD GitHub
CVSS 4.0
4.9
EPSS
0.0%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy