Skip to main content
CVE-2026-4962 MEDIUM POC This Month

UltraVNC versions up to 1.6.4.0 suffer from an uncontrolled search path vulnerability in version.dll loaded by the Service component, enabling local attackers with low privileges to achieve code execution with elevated privileges through DLL hijacking. Publicly available exploit code exists (Google Drive link in references), and the vendor has not responded to disclosure attempts. While the CVSS score is 7.3, exploitation requires local access, high attack complexity, and is considered difficult to execute, tempering immediate risk for most deployments.

Information Disclosure Ultravnc
NVD VulDB
CVSS 4.0
6.4
EPSS
0.0%
CVE-2026-30567 MEDIUM POC This Month

Reflected XSS in SourceCodester Inventory System 1.0 allows remote attackers to inject arbitrary JavaScript via the unvalidated 'limit' parameter in view_product.php. The vulnerability affects the web application without authentication requirements, and publicly available exploit code has been disclosed. While CVSS scoring data is unavailable, the combination of reflected XSS execution context, public POC availability, and lack of input sanitization indicates meaningful risk to deployments of this legacy system.

PHP XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-30570 MEDIUM POC This Month

SourceCodester Inventory System 1.0 contains a reflected cross-site scripting (XSS) vulnerability in the view_sales.php file's 'limit' parameter that allows remote attackers to inject arbitrary JavaScript or HTML through a crafted URL. The vulnerability stems from insufficient input sanitization and publicly available exploit code has been disclosed. Authentication requirements are not confirmed from available CVSS data.

PHP XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-30571 MEDIUM POC This Month

SourceCodester Inventory System 1.0 contains a reflected cross-site scripting vulnerability in the view_category.php file where the 'limit' parameter is not sanitized, enabling remote attackers to inject arbitrary JavaScript or HTML through a crafted URL. Publicly available exploit code exists for this vulnerability, affecting the PHP-based Inventory System application. Remote attackers can execute client-side scripts in the context of authenticated user sessions without requiring elevated privileges.

PHP XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-30569 MEDIUM POC This Month

SourceCodester Inventory System 1.0 contains a reflected cross-site scripting (XSS) vulnerability in the view_stock_availability.php file's 'limit' parameter that permits remote attackers to inject arbitrary HTML and JavaScript through a crafted URL. Publicly available exploit code has been disclosed via GitHub, enabling attackers without authentication to execute malicious scripts in the context of victim browsers. The vulnerability affects an unspecified version range of the Inventory System application with no CVSS scoring or patch availability data currently confirmed.

PHP XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-4959 MEDIUM POC This Month

OpenBMB XAgent 1.0.0 ShareServer WebSocket endpoint allows remote authentication bypass through manipulation of the interaction_id parameter in the check_user function, enabling unauthenticated attackers to access protected resources with low confidentiality, integrity, and availability impact. Publicly available exploit code exists, the vendor was contacted but did not respond, and active exploitation remains possible.

Authentication Bypass Xagent
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-4953 MEDIUM POC This Month

Server-side request forgery in mingSoft MCMS versions through 5.5.0 enables remote unauthenticated attackers to force the application server to make arbitrary HTTP requests to internal or external systems via the catchimage parameter in the Editor Endpoint's catchImage function. Publicly available exploit code exists (GitHub POC published), increasing immediate risk. The CVSS score of 7.3 reflects network-based attack vector with no authentication required and impacts to confidentiality, integrity, and availability.

Java SSRF
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4908 MEDIUM POC This Month

SQL injection in code-projects Simple Laundry System 1.0 allows unauthenticated remote attackers to extract, modify, or delete database contents via the userid parameter in /modstaffinfo.php. Publicly available exploit code exists on GitHub, significantly lowering the barrier to exploitation. The CVSS score of 7.3 reflects network accessibility without authentication requirements (PR:N), though impact is rated as Low across confidentiality, integrity, and availability.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4910 MEDIUM POC This Month

SQL injection in Shenzhen Ruiming Technology Streamax Crocus bis version 1.3.44 allows unauthenticated remote attackers to execute arbitrary SQL commands via the State parameter in the /RemoteFormat.do endpoint. Publicly available exploit code exists, as documented in a Feishu document linked in VulDB disclosure 353661. The vendor was notified but has not responded, leaving users without a vendor-acknowledged remediation path. With a CVSS score of 7.3 and network-accessible attack vector requiring no privileges, this represents a significant risk to exposed systems.

SQLi Streamax Crocus
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4965 MEDIUM POC This Month

Improper neutralization of directives in dynamically evaluated code within letta-ai letta 0.16.4 allows remote attackers without authentication to manipulate the resolve_type function in letta/functions/ast_parsers.py, resulting in code injection and information disclosure. This vulnerability represents an incomplete fix for CVE-2025-6101, and publicly available exploit code exists that demonstrates remote exploitation with low attack complexity.

Code Injection Information Disclosure Letta
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-30527 MEDIUM POC This Month

Stored XSS in SourceCodester Online Food Ordering System v1.0 allows authenticated administrators to inject malicious JavaScript via the Category Name field in the admin panel, with payloads executing in the browsers of any user viewing the Category list. Publicly available exploit code exists; the vulnerability stems from insufficient input sanitization on a critical administrative function that affects all downstream users who access affected categories.

XSS Online Food Ordering System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-30568 MEDIUM POC This Month

Reflected cross-site scripting (XSS) in SourceCodester Inventory System 1.0 allows remote attackers to inject arbitrary JavaScript or HTML through an unsanitized 'limit' parameter in the view_purchase.php file. The vulnerability affects unauthenticated users who click a malicious link, enabling session hijacking, credential theft, or malware distribution. Publicly available exploit code exists, elevating practical exploitation risk despite the absence of CVSS scoring data.

PHP XSS
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-33868 MEDIUM POC PATCH This Month

Mastodon prior to versions 4.5.8, 4.4.15, and 4.3.21 contains an unauthenticated Open Redirect vulnerability in the `/web/*` route that allows remote attackers to redirect users to arbitrary external domains via specially URL-encoded path segments. An attacker can exploit this to conduct phishing attacks or steal OAuth credentials by crafting malicious links that bypass Rails path normalization through URL-encoded slashes (%2F). No public exploit code or active exploitation has been confirmed at time of analysis.

Open Redirect
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-15615 MEDIUM This Month

Wazuh Manager authd service through version 4.7.3 fails to properly restrict client-initiated SSL/TLS renegotiation requests, allowing unauthenticated remote attackers to trigger excessive renegotiations that consume CPU resources and cause denial of service. The vulnerability affects the authentication daemon across all Wazuh Manager deployments running vulnerable versions, enabling attackers to render the authd service unavailable with no authentication required and minimal attack complexity.

Denial Of Service Privilege Escalation Wazuh Manager
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-32983 MEDIUM This Month

Wazuh Manager authd service through version 4.7.3 fails to properly restrict client-initiated SSL/TLS renegotiation, enabling remote attackers to trigger denial of service by flooding the service with excessive renegotiation requests that exhaust CPU resources and render the authentication daemon unavailable. The vulnerability affects all Wazuh Manager installations up to and including version 4.7.3, requires no authentication or user interaction, and can be exploited over the network by any remote actor. No public exploit code or active exploitation has been confirmed at this time, though the straightforward nature of renegotiation-based DoS attacks and moderate CVSS score of 6.9 indicate practical exploitability.

Denial Of Service Privilege Escalation Wazuh
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-33366 MEDIUM This Month

BUFFALO Wi-Fi router products lack authentication controls on a critical reboot function, allowing remote unauthenticated attackers to forcibly restart affected devices over the network. The vulnerability affects multiple BUFFALO router product lines across unspecified versions. While the CVSS score of 5.3 reflects moderate severity, the attack requires no credentials, no user interaction, and can be executed remotely with low complexity, making it operationally exploitable for denial-of-service attacks against networked BUFFALO routers. No public exploit code or confirmed active exploitation has been identified at the time of analysis.

Authentication Bypass Buffalo Wi Fi Router Products
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-34411 MEDIUM PATCH This Month

Appsmith versions prior to 1.98 allow unauthenticated remote attackers to access sensitive instance management API endpoints (/api/v1/consolidated-api/view, /api/v1/tenants/current) without authentication, enabling disclosure of configuration metadata, license information, and unsalted SHA-256 hashes of admin email domains. This authentication bypass facilitates reconnaissance for targeted follow-up attacks against Appsmith deployments and their administrators. No public exploit code or active exploitation has been independently confirmed at time of analysis.

Authentication Bypass Appsmith
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-33993 MEDIUM PATCH This Month

Prototype pollution in the locutus npm package's unserialize() function allows remote attackers to inject arbitrary properties into deserialized objects by crafting malicious PHP-serialized payloads containing __proto__ keys, enabling authorization bypass, property propagation attacks, and denial of service via method override. The vulnerability affects locutus versions prior to 3.0.25; publicly available exploit code exists demonstrating property injection, for-in propagation to real own properties, and built-in method disruption.

PHP Node.js Prototype Pollution Deserialization Denial Of Service +1
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-27855 MEDIUM PATCH This Month

Dovecot OTP authentication enables replay attacks when authentication cache is enabled and username alteration occurs in passdb, allowing attackers who observe an OTP exchange to authenticate as the targeted user. Open-XChange Dovecot Pro is affected (CPE: cpe:2.3:a:open-xchange_gmbh:ox_dovecot_pro:*:*:*:*:*:*:*:*). No public exploit identified at time of analysis, though the vulnerability requires relatively specific preconditions (enabled cache, username modification in passdb) to be exploitable. The CVSS 6.8 score reflects high confidentiality and integrity impact but requires high attack complexity and user interaction.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-31951 MEDIUM This Month

{{LIBRECHAT_OPENID_ACCESS_TOKEN}} to harvest victim credentials during tool execution; the vulnerability is fixed in version 0.8.3-rc2. No public exploit code or CISA KEV listing is documented, but the attack requires user interaction (UI:R) and authenticated access (PR:L), limiting real-world impact.

Information Disclosure Librechat
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-34388 MEDIUM PATCH GHSA This Month

Denial-of-service vulnerability in Fleet device management software prior to version 4.81.0 allows authenticated hosts to crash the entire Fleet server process by sending a malformed log type value to the gRPC Launcher endpoint, disrupting all connected devices, MDM enrollments, and API consumers. The vulnerability requires prior authentication but affects availability across the entire infrastructure. Vendor-released patch: version 4.81.0.

Denial Of Service Suse
NVD GitHub
CVSS 4.0
6.6
EPSS
0.0%
CVE-2026-34391 MEDIUM PATCH This Month

Fleet device management software versions prior to 4.81.1 allow malicious enrolled Windows devices to access Mobile Device Management (MDM) commands intended for other devices, potentially disclosing sensitive configuration data including WiFi credentials, VPN secrets, and certificate payloads across the entire Windows fleet. The vulnerability stems from improper authorization controls in Windows MDM command processing, affecting any organization using Fleet for Windows device management. Vendor-released patch: version 4.81.1.

Microsoft Information Disclosure
NVD GitHub
CVSS 4.0
6.6
EPSS
0.0%
CVE-2023-7339 MEDIUM This Month

Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Pngate Epgate Mbgate +2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-5025 MEDIUM This Month

Log router endpoints in an authenticated application expose full application log buffers to any authenticated user without privilege-level authorization checks, allowing credential harvesting, sensitive data exfiltration, and reconnaissance. The vulnerability affects the '/logs' and '/logs-stream' endpoints which enforce only basic authentication ('get_current_active_user') rather than administrative privilege requirements, enabling authenticated attackers with low privileges to read complete application logs containing sensitive information. No public exploit code or active exploitation has been identified at the time of analysis, though the relatively low attack complexity (AC:L) and straightforward authentication bypass mechanism present moderate real-world risk.

Authentication Bypass Langflow
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-14028 MEDIUM PATCH This Month

Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service Smartlink Hw Dp Smartlink Hw Pn
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33954 MEDIUM PATCH This Month

LinkAce versions before 2.5.3 disclose private notes to authenticated users via the web interface when viewing shared links, despite the API correctly enforcing note visibility restrictions. An authenticated user can read another user's private notes attached to internal or public links by accessing the web link detail page, resulting in unauthorized information disclosure. Version 2.5.3 patches this authorization bypass.

Authentication Bypass Linkace
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3098 MEDIUM This Month

Smart Slider 3 plugin for WordPress allows authenticated attackers with Subscriber-level privileges to read arbitrary files on the server via improper access controls in the 'actionExportAll' function. Affected versions include all releases up to and including 3.5.1.33. The vulnerability exposes sensitive files such as configuration data, database credentials, and private keys to attackers with low-privilege WordPress accounts. No public exploit code or active exploitation has been identified at the time of analysis.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34036 MEDIUM PATCH This Month

Dolibarr Core versions up to 22.0.4 allow authenticated users with minimal privileges to read arbitrary non-PHP files from the server via a Local File Inclusion vulnerability in /core/ajax/selectobject.php. The flaw stems from dynamic file inclusion occurring before authorization checks and a fail-open logic in the access control function, enabling exfiltration of sensitive configuration files, environment variables, and logs. Publicly available exploit code exists, and a vendor patch has been released.

PHP LFI Information Disclosure CSRF Python
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33730 MEDIUM PATCH This Month

OpenSourcePOS versions prior to 3.4.2 contain an Insecure Direct Object Reference (IDOR) vulnerability allowing authenticated low-privileged users to modify password change settings for arbitrary users, including administrators, by manipulating the employee_id parameter without authorization checks. The vulnerability affects the web-based PHP/CodeIgniter point-of-sale application and enables account takeover of higher-privileged accounts. No public exploit code has been identified at the time of analysis, though the fix involves adding object-level authorization validation to the affected endpoint.

PHP Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-69988 MEDIUM This Month

BS Producten Petcam version 33.1.0.0818 fails to enforce access controls on its wireless network interface, allowing unauthenticated attackers within physical proximity to connect to the device's open network and directly access live video and audio streams without authentication. The vulnerability affects a consumer IP camera product and carries a CVSS score of 6.5 (medium severity) driven by high confidentiality impact despite requiring physical proximity. A proof-of-concept and technical analysis are publicly available via GitHub, though no confirmation of active exploitation in the wild has been identified.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27879 MEDIUM PATCH This Month

Grafana versions prior to patching are vulnerable to denial-of-service attacks via maliciously crafted resample queries that exhaust server memory and trigger out-of-memory crashes. Authenticated users with query execution privileges can exploit this low-complexity remote vulnerability to disrupt service availability. No public exploit code or confirmed active exploitation has been identified at the time of analysis, though the attack surface is broad given Grafana's widespread deployment in monitoring infrastructure.

Grafana Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28375 MEDIUM PATCH This Month

Grafana's testdata data-source plugin allows authenticated users to trigger out-of-memory (OOM) crashes, causing a denial of service affecting availability. The vulnerability requires low-privilege user authentication and network access to the affected Grafana instance, enabling local or remote attackers with valid credentials to exhaust server memory resources without user interaction. No public exploit code or active exploitation has been confirmed at the time of analysis.

Grafana Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33994 MEDIUM PATCH This Month

Prototype pollution in locutus npm package version 2.0.39 through 3.0.24 allows remote attackers to bypass `Object.prototype` pollution guards via a crafted query string passed to the `parse_str` function, enabling authentication bypass, denial of service, or remote code execution in chained attack scenarios where `RegExp.prototype.test` has been previously compromised. Publicly available exploit code exists demonstrating the vulnerability; vendor-released patch available in version 3.0.25.

PHP Denial Of Service Node.js Prototype Pollution Authentication Bypass +2
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-5022 MEDIUM This Month

{flow_id}/{file_name}' endpoint lacks authentication and authorization enforcement, permitting unauthenticated users to download arbitrary images associated with any flow by supplying or enumerating flow IDs and file names. This authentication bypass affects all versions of Langflow AI's langflow product and enables unauthorized disclosure of potentially sensitive image assets. No public exploit code or active exploitation has been confirmed at the time of analysis.

Authentication Bypass Langflow
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-4621 MEDIUM This Month

NEC Aterm wireless router series (including WG1200HP2, WG1900HP, WG1800HP3, WG1200HP4, and nine other models) contain hidden telnet functionality that can be remotely enabled by unauthenticated network attackers via unspecified means, classified as CWE-912 (Hidden Functionality). The vulnerability carries a CVSS 6.3 score reflecting network-accessible attack vector with high complexity requirements and limited confidentiality/integrity impact. No public exploit code or active exploitation via CISA KEV has been confirmed at analysis time, though the remote enablement of administrative telnet access represents a significant privilege escalation pathway for subsequent unauthorized system access.

Information Disclosure Aterm W1200Ex Ms Aterm Wg1200Hp2 Aterm Wg1900Hp Aterm Wg1200Hs2 +17
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-15612 MEDIUM This Month

Wazuh provisioning scripts and container build environments disable SSL/TLS certificate validation by invoking curl with the -k/--insecure flag, enabling man-in-the-middle attackers to intercept and modify downloaded dependencies during the build process and achieve remote code execution within the agent build infrastructure and supply chain. Unauthenticated network attackers with positioning on the network path can exploit this with moderate complexity to compromise the integrity of Wazuh agent builds, affecting all downstream deployments. No public exploit code or active exploitation has been confirmed at the time of analysis.

RCE Wazuh Provisioning Scripts Agent Build Environment
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-4309 MEDIUM This Month

NEC Aterm wireless router series (W1200Ex-MS, WG1200HP2, WG1900HP, WG1800HP3, WG1800HP4, WG1200HP3, WG1200HP4, WG1200HS2, WG1200HS3, WX1500HP, WX3000HP, WX3600HP, WG2600HS, WG2600HS2, WG2600HP4, WG2600HM4, WF1200CR, WG1200CR, and others) suffer from missing authorization controls that enable remote attackers to enumerate device configuration details and modify settings without proper access controls. The vulnerability stems from CWE-862 (Missing Authorization) in the device management interface, allowing unauthenticated or inadequately authenticated network-accessible requests to interact with sensitive administrative functions. No CVSS score, EPSS probability estimate, or public exploit code has been disclosed, and CISA KEV status is unknown.

Authentication Bypass Aterm W1200Ex Ms Aterm Wg1200Hp2 Aterm Wg1900Hp Aterm Wg1200Hs2 +16
NVD
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-34245 MEDIUM GHSA This Month

Broadcast schedule modification in WWBN AVideo versions up to 26.0 allows authenticated users with streaming permissions to hijack playlists and disrupt streams by creating or modifying schedules targeting any playlist regardless of ownership, with rebroadcasts executing under the victim's identity. The vulnerability affects the `plugin/PlayLists/View/Playlists_schedules/add.json.php` endpoint and stems from insufficient authorization checks. Upstream fix available via commit 1e6dc20172de986f60641eb4fdb4090f079ffdce; no public exploit identified at time of analysis.

PHP Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-34386 MEDIUM PATCH GHSA This Month

SQL injection in Fleet device management software versions prior to 4.81.0 allows authenticated Team Admin or Global Admin users to execute arbitrary SQL queries against the Fleet database via the MDM bootstrap package configuration API endpoint. Attackers with these privileges can exfiltrate sensitive data, modify arbitrary team configurations, and inject malicious content into team settings. The vulnerability requires authentication but poses significant risk to multi-tenant Fleet deployments where administrative credentials may be compromised or where insider threats exist.

SQLi Information Disclosure Suse
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-4980 MEDIUM PATCH This Month

Inkscape 1.1 before 1.3 contains a local file disclosure vulnerability in XInclude processing that allows unauthenticated remote attackers to read arbitrary files from an affected system by crafting malicious SVG files with xi:include tags. The vulnerability has a moderate CVSS score of 6.3 but carries high confidentiality impact; no public exploit code or active exploitation has been confirmed at the time of analysis. Upstream fixes are available via GitLab merge requests, and users should upgrade to version 1.3 or later.

XXE Inkscape
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-32695 MEDIUM PATCH This Month

Traefik's Knative provider fails to escape user-controlled values when interpolating host and header rules into backtick-delimited expressions, allowing attackers to inject rule syntax and bypass host restrictions in multi-tenant clusters. Versions prior to 3.6.11 and 3.7.0-ea.2 are affected. An attacker can craft malicious Knative ingress configurations to route traffic intended for one tenant to attacker-controlled hosts, enabling unauthorized cross-tenant traffic exposure and service impersonation.

Authentication Bypass Traefik
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-34385 MEDIUM PATCH GHSA This Month

SQL injection in Fleet's Apple MDM profile delivery pipeline before version 4.81.0 allows authenticated attackers with valid MDM enrollment certificates to exfiltrate or modify database contents, including user credentials, API tokens, and device enrollment secrets. This second-order SQL injection vulnerability affects the cpe:2.3:a:fleetdm:fleet product line and requires valid MDM enrollment credentials to exploit, limiting the attack surface to adversaries who have already established trust within the MDM enrollment process. No public exploit code or active exploitation has been identified at the time of this analysis.

SQLi Apple Suse
NVD GitHub
CVSS 4.0
6.2
EPSS
0.0%
CVE-2025-61190 MEDIUM This Month

DSpace JSPUI 6.5 contains a reflected cross-site scripting (XSS) vulnerability in the search/discover filtering functionality where the filter_type_1 parameter is not properly sanitized, allowing remote attackers to inject malicious scripts that execute in the context of other users' browsers. The vulnerability affects DSpace repository instances running version 6.5. A proof-of-concept has been publicly disclosed via GitHub (https://gist.github.com/MerttTuran/9cf7de549749fe3ef7ce08d65e3540bd), though no active exploitation via CISA KEV listing has been confirmed at the time of analysis.

XSS N A
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-4619 MEDIUM This Month

NEC Aterm WX3600HP routers contain a path traversal vulnerability enabling remote attackers to write arbitrary files to the device via network access, potentially compromising system integrity and enabling persistent attacks. The vulnerability (CVE-2026-4619) affects the Aterm WX3600HP model and exploits insufficient input validation in file handling mechanisms. No CVSS score or publicly available exploit has been identified at the time of analysis, though the CWE-22 classification confirms the path traversal root cause.

Path Traversal Aterm Wx3600Hp
NVD VulDB
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-26060 MEDIUM PATCH This Month

Fleet's password reset token invalidation logic fails to revoke previously issued tokens when a user changes their password, allowing attackers with a captured token to perform account takeover by resetting the password again within the token's 24-hour validity window. The vulnerability affects Fleet versions distributed via the Go package github.com/fleetdm/fleet/v4 and requires prior compromise of a valid password reset token to exploit, limiting real-world impact to scenarios where token interception has already occurred.

Authentication Bypass Suse
NVD GitHub
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-34043 MEDIUM PATCH This Month

The serialize-javascript npm library versions prior to 7.0.5 contain a CPU exhaustion denial-of-service vulnerability triggered when processing specially crafted array-like objects with artificially large length properties, causing the serialization process to hang indefinitely and consume 100% CPU. The vulnerability affects npm package serialize-javascript (pkg:npm/serialize-javascript) and impacts applications that serialize untrusted or user-controlled objects, particularly those also vulnerable to prototype pollution or YAML deserialization attacks that could inject malicious payloads. No public exploit code has been identified, but the attack vector is network-accessible with high complexity, posing a moderate real-world threat in supply-chain and backend service contexts.

Denial Of Service Deserialization Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-27856 MEDIUM PATCH This Month

OX Dovecot Pro's doveadm HTTP service is vulnerable to timing oracle attacks during credential verification, allowing remote unauthenticated attackers to enumerate valid credentials through timing analysis and gain full administrative access to the doveadm management interface. The vulnerability affects OX Dovecot Pro installations with exposed doveadm HTTP service ports, carries a CVSS score of 7.4, and has no public exploit identified at time of analysis.

Oracle Authentication Bypass Ox Dovecot Pro
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-34353 MEDIUM PATCH This Month

OCaml's Bigarray.reshape function contains an integer overflow vulnerability that permits unauthenticated local attackers to read arbitrary memory contents when processing untrusted input. Affected versions through 4.14.3 allow an attacker with local access to trigger the overflow condition, bypassing memory protections and potentially exposing sensitive data including cryptographic keys or process memory. No public exploit code or active exploitation has been confirmed at time of analysis.

Buffer Overflow Integer Overflow Ocaml
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-33996 MEDIUM This Month

LibJWT versions 3.0.0 through 3.2.x are vulnerable to denial of service through a NULL pointer dereference in RSA-PSS JWK parsing. When processing specially crafted JWK files that substitute integers for expected string values, the library fails to validate input types, causing a crash. This affects applications that import RSA-PSS keys from JWK files, particularly those handling untrusted key sources. No public exploit code has been identified; patch 3.3.0 resolves the issue.

Null Pointer Dereference Denial Of Service Red Hat
NVD GitHub VulDB
CVSS 4.0
5.8
EPSS
0.0%
CVE-2026-34387 MEDIUM PATCH This Month

Fleet device management software versions prior to 4.81.1 are vulnerable to command injection in the software installer pipeline, enabling remote attackers with high privileges to achieve arbitrary code execution as root on macOS/Linux or SYSTEM on Windows when triggering uninstall operations on crafted software packages. The vulnerability requires high privileges and user interaction but delivers complete system compromise on affected managed hosts. No public exploit code or active exploitation has been identified at time of analysis.

RCE Command Injection Apple Microsoft
NVD GitHub
CVSS 4.0
5.7
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy