Skip to main content
CVE-2026-5165 MEDIUM This Month

VirtIO Block device driver in virtio-win fails to properly release memory during device reset, enabling a use-after-free vulnerability that allows high-privileged local attackers to corrupt kernel memory and cause system instability or denial of service. Affected versions span Red Hat Enterprise Linux 8, 9, and 10; no public exploit code or active exploitation has been identified at time of analysis, though upstream fix is available via GitHub PR.

Information Disclosure Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-5164 MEDIUM This Month

Buffer overflow in virtio-win's RhelDoUnMap() function allows local privileged users to trigger a denial of service by supplying an excessive number of descriptors during unmap operations, causing system crashes. Affects Red Hat Enterprise Linux 8, 9, and 10 across multiple architectures. The vulnerability requires high-level privilege (PR:H) but offers no confidentiality or integrity protections beyond the immediate DoS impact, with a CVSS score of 6.7 reflecting the local attack requirement and high-privilege barrier.

Buffer Overflow Denial Of Service Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-5105 LOW POC Monitor

Command injection in Totolink A3300R firmware version 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary commands via manipulation of the pptpPassThru parameter in the setVpnPassCfg function of /cgi-bin/cstecgi.cgi. The vulnerability has a CVSS score of 6.3 (medium severity) with network-accessible attack vector and low complexity; publicly available exploit code exists, making this an actionable threat for affected deployments.

Command Injection A3300R
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-5104 LOW POC Monitor

Command injection in Totolink A3300R router firmware version 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary commands via a crafted ip parameter in the setStaticRoute function of /cgi-bin/cstecgi.cgi. The vulnerability carries a CVSS score of 6.3 (medium severity) with public exploit code available, enabling potential compromise of router configuration and data integrity.

Command Injection A3300R
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-5103 LOW POC Monitor

Remote command injection in Totolink A3300R firmware 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary commands via the enable parameter in the setUPnPCfg function at /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the vulnerability has a CVSS score of 6.3 with confirmed proof-of-concept demonstrated on GitHub.

Command Injection A3300R
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-5102 LOW POC Monitor

Command injection in Totolink A3300R 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary system commands via the qos_up_bw parameter in the setSmartQosCfg function of /cgi-bin/cstecgi.cgi. The vulnerability has a CVSS score of 6.3 (medium severity) with low attack complexity, and publicly available exploit code exists, though no active exploitation via CISA KEV has been confirmed at time of analysis.

Command Injection A3300R
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-5153 LOW POC Monitor

Command injection in Tenda CH22 1.0.0.1 via the FormWriteFacMac function allows authenticated remote attackers to execute arbitrary commands by manipulating the mac parameter in the /goform/WriteFacMac endpoint. Publicly available exploit code exists for this vulnerability, which carries a CVSS score of 6.3 and requires low-privilege authentication to trigger.

Tenda Command Injection
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.7%
CVE-2026-33983 MEDIUM PATCH This Month

FreeRDP versions prior to 3.24.2 contain an integer overflow vulnerability in the progressive_decompress_tile_upgrade() function that allows unauthenticated remote attackers to cause a denial of service through CPU exhaustion. When processing malformed Remote Desktop Protocol (RDP) streams, a wrapped integer value (247) is incorrectly used as a bit-shift exponent, triggering undefined behavior and creating an approximately 80 billion iteration loop that consumes CPU resources. The vulnerability requires user interaction (UI:R) to trigger, and no public exploit code has been identified at the time of analysis.

Integer Overflow Information Disclosure Freerdp
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-29597 MEDIUM This Month

Incorrect access control in the file_details.asp endpoint of DDSN Interactive Acora CMS version 10.7.1 permits authenticated users with editor privileges to access sensitive files through crafted requests, resulting in information disclosure. This vulnerability requires valid editor-level credentials and direct knowledge of the vulnerable endpoint, limiting but not eliminating real-world risk. No active exploitation or public proof-of-concept code has been independently confirmed at this time.

Authentication Bypass N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25627 MEDIUM PATCH This Month

NanoMQ MQTT Broker versions prior to 0.24.8 can be remotely crashed via MQTT-over-WebSocket by sending a packet with a maliciously inflated Remaining Length field in the fixed header while providing a shorter actual payload, triggering an out-of-bounds read that causes denial of service. Authenticated attackers can exploit this condition over the WebSocket listener with low attack complexity. Vendor-released patch available in version 0.24.8.

Buffer Overflow Information Disclosure Nanomq
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-5123 MEDIUM PATCH This Month

Denial of service in osrg GoBGP up to version 4.3.0 via off-by-one error in the DecodeFromBytes function allows remote, unauthenticated attackers to crash the BGP daemon through manipulation of packet data, resulting in availability impact. The vulnerability requires high attack complexity and has difficult exploitability; no public exploit code or active exploitation is currently confirmed, though a patch is available from the vendor.

Information Disclosure Gobgp
NVD VulDB GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-5124 MEDIUM PATCH This Month

Improper access controls in osrg GoBGP up to version 4.3.0 allow remote attackers to bypass authentication via manipulation of the BGP Header Handler's DecodeFromBytes function. The vulnerability affects the BGP packet parsing mechanism and enables unauthorized modifications to BGP protocol state without requiring authentication. With a CVSS score of 3.7 and high attack complexity, exploitation is difficult but possible over the network; no public exploit code or active exploitation has been confirmed.

Authentication Bypass Gobgp
NVD VulDB GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-5122 MEDIUM PATCH This Month

Improper access control in osrg GoBGP up to 4.3.0 allows remote attackers to manipulate the domainNameLen parameter in BGP OPEN Message processing, resulting in integrity compromise through the DecodeFromBytes function. The vulnerability requires high attack complexity and has low real-world risk despite network-accessible attack vector; no public exploit code or confirmed active exploitation has been identified. A vendor patch is available via upstream commit 2b09db390a3d455808363c53e409afe6b1b86d2d.

Authentication Bypass Gobgp
NVD VulDB GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-5157 LOW POC Monitor

Reflected cross-site scripting (XSS) in code-projects Online Food Ordering System 1.0 allows unauthenticated remote attackers to inject malicious scripts via the cust_id parameter in /form/order.php, exploitable through user interaction (UI required). Publicly available exploit code exists; the vulnerability carries CVSS 4.3 (low severity) but poses reputational and user session hijacking risks typical of XSS attacks in e-commerce contexts.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-34231 MEDIUM PATCH GHSA This Month

Cross-site scripting (XSS) in the slippers Django package's {% attrs %} template tag allows unauthenticated remote attackers to inject arbitrary HTML and JavaScript by passing untrusted context variables containing quote characters and event handler attributes. The vulnerability affects templates that pass user-supplied or database-derived values to {% attrs %} without prior escaping. Vendor-released patch version 0.6.3 is available.

Python XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-30082 MEDIUM This Month

Stored cross-site scripting (XSS) vulnerabilities in IngEstate Server v11.14.0 allow remote attackers to execute arbitrary web scripts or HTML by injecting malicious payloads into the About application, What's news, or Release note parameters within the Software Package List edit feature. The vulnerabilities affect the stored XSS class, meaning injected payloads persist and execute for all users accessing the affected page. Public exploit code is available on GitHub, and the vendor (IngEstate/Ingenico) has not released a confirmed patched version as of this analysis.

XSS N A
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-34237 MEDIUM PATCH GHSA This Month

Hardcoded wildcard CORS headers (Access-Control-Allow-Origin: *) in the Model Context Protocol Java SDK transport layer enable cross-origin session hijacking, allowing attackers to extract session IDs from victim browsers and relay authenticated requests back to internal MCP servers. The vulnerability affects the HttpServletSseServerTransportProvider and HttpServletStreamableServerTransportProvider classes in mcp-core; no public exploit code has been identified, though the attack requires user interaction (victim visiting attacker-controlled page). CVSS 6.1 reflects the combination of network-accessible vector, low attack complexity, and cross-origin impact, though practical exploitation depends on MCP server deployment architecture.

Java Cors Misconfiguration Information Disclosure Python
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-5126 LOW POC Monitor

Server-side request forgery in SourceCodester RSS Feed Parser 1.0 via the file_get_contents function allows authenticated remote attackers to perform arbitrary HTTP requests from the vulnerable server. The vulnerability has a CVSS score of 5.3 with low impact across confidentiality, integrity, and availability, and publicly available exploit code exists.

SSRF Rss Feed Parser
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-33952 MEDIUM PATCH This Month

FreeRDP clients before version 3.24.2 crash with SIGABRT when connecting through a malicious RDP Gateway due to an unvalidated auth_length field triggering a WINPR_ASSERT() failure in rts_read_auth_verifier_no_checks(). This pre-authentication denial of service affects all FreeRDP clients using RPC-over-HTTP gateway transport, regardless of user authentication status. The vulnerability has been patched in version 3.24.2.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.1%
CVE-2026-5170 MEDIUM PATCH This Month

Denial of service in MongoDB Server allows authenticated users with limited cluster privileges to crash a mongod process during replica set to sharded cluster promotion, causing potential primary failure. Affects MongoDB 8.2 before 8.2.2, 8.0.18+, and 7.0.31+. No public exploit code or active exploitation confirmed; CVSS 5.3 reflects the narrow attack window and authentication requirement.

Denial Of Service Mongodb Server
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-5125 LOW POC PATCH Monitor

OS command injection in raine consult-llm-mcp up to version 2.5.3 allows local authenticated users to execute arbitrary system commands via manipulation of git_diff.base_ref or git_diff.files arguments passed to child_process.execSync in src/server.ts. The vulnerability requires local access and valid credentials (privilege level L), has a CVSS score of 5.3 with medium impact on confidentiality, integrity, and availability, and publicly available exploit code exists. Vendor-released patch addresses the issue in version 2.5.4.

Command Injection Consult Llm Mcp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.2%
CVE-2026-33985 MEDIUM PATCH This Month

FreeRDP versions prior to 3.24.2 leak sensitive heap data to the screen during pixel rendering in remote desktop sessions, allowing unauthenticated remote attackers to obtain confidential information through a man-in-the-middle position or compromised RDP server. The vulnerability requires user interaction (UI:R) and involves out-of-bounds memory read (CWE-125), with CVSS 5.9 reflecting moderate confidentiality impact and low availability degradation. No public exploit code or active exploitation has been confirmed at time of analysis.

Information Disclosure Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-5106 LOW POC Monitor

Reflected cross-site scripting (XSS) in code-projects Exam Form Submission 1.0 allows authenticated remote attackers to inject malicious scripts via the sname parameter in /admin/update_fst.php, affecting user sessions with administrator privileges. The vulnerability requires user interaction (UI:R) and carries a low CVSS score of 2.4 due to the requirement for prior administrative authentication (PR:H), but publicly available exploit code exists and may be actively used. The attack vector is network-based (AV:N) with low complexity (AC:L), creating an insider threat scenario where compromised or malicious administrators can deface content or steal session tokens of other administrators.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-32883 MEDIUM PATCH This Month

Botan cryptography library versions 3.0.0 through 3.10.x fail to verify OCSP response signatures during X.509 certificate path validation, allowing attackers to forge certificate status responses and potentially bypass revocation checks. This integrity bypass affects any application using Botan for TLS or certificate validation and requires network positioning but not authentication. The vulnerability was patched in version 3.11.0.

Information Disclosure Jwt Attack Red Hat
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-5119 MEDIUM PATCH This Month

Libsoup transmits sensitive session cookies in cleartext within HTTP CONNECT requests when establishing HTTPS tunnels through configured HTTP proxies, allowing network-positioned attackers or malicious proxies to intercept and hijack user sessions. The vulnerability affects Red Hat Enterprise Linux versions 6 through 10 and carries a CVSS 5.9 score with high confidentiality impact; no public exploit code or confirmed active exploitation has been identified at the time of analysis.

Information Disclosure Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +1
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-21717 MEDIUM PATCH This Month

Denial of service in Node.js 20.x, 22.x, 24.x, and 25.x via predictable hash collisions in V8's string hashing mechanism allows unauthenticated remote attackers to degrade process performance by crafting requests with specially-crafted JSON payloads that trigger collision cascades in the internal string table. CVSS 5.9 (moderate severity, high attack complexity). No public exploit code or active exploitation confirmed at time of analysis.

Node.js Information Disclosure
NVD VulDB HeroDevs
CVSS 3.0
5.9
EPSS
0.0%
CVE-2026-32884 MEDIUM PATCH This Month

Botan cryptography library versions prior to 3.11.0 fail to properly validate X.509 certificate DNS name constraints due to case-sensitive comparison of the Common Name field, allowing attackers to present certificates with mixed-case Common Names that bypass name constraint restrictions and potentially establish unauthorized secure connections to restricted domains.

Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-21713 MEDIUM PATCH This Month

Node.js versions 20.x, 22.x, 24.x, and 25.x use non-constant-time comparison for HMAC signature verification, allowing remote attackers to infer valid HMAC values through timing oracle attacks. The vulnerability leaks information proportional to matching bytes and requires high-resolution timing measurement capability, making exploitation feasible in controlled network conditions. CVSS 5.9 (confidentiality impact only); no public exploit identified at time of analysis.

Node.js Information Disclosure Oracle
NVD
CVSS 3.0
5.9
EPSS
0.0%
CVE-2026-34360 MEDIUM PATCH GHSA This Month

Server-side request forgery (SSRF) in FHIR Validator HTTP service allows unauthenticated remote attackers to probe internal network services and cloud metadata endpoints via the /loadIG endpoint, which accepts arbitrary URLs without hostname or domain validation. The vulnerability defaults to allowing all outbound requests, and redirect following bypasses even configured domain restrictions. With the explore=true default setting, each request amplifies reconnaissance capability through multiple outbound HTTP calls, enabling blind network topology mapping and metadata service access.

SSRF Java Microsoft
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-25704 MEDIUM This Month

Cosmic-greeter before PR #426 contains a privilege dropping race condition vulnerability (CWE-271) that allows local attackers to regain dropped privileges through TOCTOU timing manipulation during privilege validation checks. The vulnerability affects the Pop!_OS greeter application and could enable privilege escalation to perform actions with elevated permissions that should have been restricted.

Information Disclosure Cosmic Greeter
NVD VulDB
CVSS 4.0
5.8
EPSS
0.0%
CVE-2026-21712 MEDIUM PATCH This Month

Denial of service in Node.js url.format() function allows authenticated remote attackers to crash Node.js processes by supplying malformed internationalized domain names (IDNs) with invalid characters, triggering an assertion failure in native code. CVSS 5.7 (medium severity) with EPSS exploitation probability not independently confirmed. No public exploit code or CISA KEV status identified at time of analysis, but the simplicity of triggering the crash via a standard library function poses moderate real-world risk to production Node.js applications handling untrusted URL input.

Node.js Denial Of Service
NVD VulDB
CVSS 3.0
5.7
EPSS
0.0%
CVE-2026-5150 MEDIUM This Month

Remote SQL injection in code-projects Accounting System 1.0 allows unauthenticated attackers to execute arbitrary SQL queries via the cos_id parameter in the /viewin_costumer.php file. The vulnerability has a CVSS score of 6.9 with a public exploit available, enabling attackers to read sensitive data from the database with minimal attack complexity. This is a network-accessible PHP application flaw affecting confidentiality with confirmed public disclosure.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-33995 MEDIUM PATCH This Month

FreeRDP prior to version 3.24.2 contains a double-free vulnerability in Kerberos authentication handling that crashes FreeRDP clients during NLA connection teardown following failed authentication attempts on systems with Kerberos configured. The vulnerability affects all versions before 3.24.2 across multiple Linux distributions (Debian, Ubuntu) and requires network access but no authentication credentials, presenting a denial-of-service vector against RDP clients in enterprise environments using Kerberos or Kerberos U2U authentication. No public exploit code has been identified, and the impact is limited to availability (denial of service) rather than confidentiality or integrity.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-34372 MEDIUM PATCH GHSA This Month

Information disclosure in Sulu admin API allows users with any Sulu Admin role to access contact sub-entities without explicit contact permissions, bypassing authorization controls. Affects Sulu versions prior to 2.6.22 and 3.0.x prior to 3.0.5. No CVSS or EPSS data available; no active exploitation confirmed, but the vulnerability enables unauthorized data exposure through a widely-accessible admin interface.

Information Disclosure
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-34373 MEDIUM PATCH GHSA This Month

Parse Server's GraphQL API endpoint bypasses the configured allowOrigin CORS restriction, allowing cross-origin requests from any website while the REST API correctly enforces the policy. This authentication bypass affects Parse Server instances where operators have configured origin restrictions to limit API access, enabling attackers from arbitrary websites to interact with the GraphQL endpoint without respecting these security controls. The vulnerability has been patched in Parse Server 8 and 9 via upstream fixes, and no public exploit code or active exploitation has been confirmed.

Authentication Bypass
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-29909 MEDIUM This Month

Unauthenticated directory enumeration in MRCMS V3.1.2 allows remote attackers to list and discover directory contents through the /admin/file/list.do endpoint without credentials. The vulnerability stems from missing authentication controls and input validation in the file management module, enabling information disclosure that can facilitate reconnaissance for follow-on attacks.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-3716 MEDIUM This Month

ESET Protect (on-premises) allows user enumeration through response timing analysis, enabling remote attackers to determine whether specific usernames exist in the system without authentication. This information disclosure vulnerability (CWE-204) exploits timing differences in authentication responses to distinguish valid users from invalid ones, potentially facilitating targeted attacks against known accounts.

Information Disclosure Eset Protect On Prem
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-21714 MEDIUM PATCH This Month

Memory leak in Node.js HTTP/2 servers allows remote unauthenticated attackers to exhaust server memory by sending crafted WINDOW_UPDATE frames on stream 0 that exceed the maximum flow control window value. Affected versions include Node.js 20, 22, 24, and 25. While the server correctly responds with a GOAWAY frame, the Http2Session object fails to be cleaned up, leading to denial of service through resource exhaustion. No public exploit code identified at time of analysis.

Node.js Information Disclosure Red Hat
NVD VulDB
CVSS 3.0
5.3
EPSS
0.0%
CVE-2026-21711 MEDIUM PATCH This Month

Unix Domain Socket operations in Node.js 25.x bypass permission model enforcement, allowing local processes to create IPC endpoints and communicate with other processes when run with --permission flag but without --allow-net. An authenticated local attacker can establish inter-process communication channels that circumvent the intended network isolation boundary, resulting in information disclosure and potential privilege escalation within the same host. No public exploit code identified at time of analysis, though the vulnerability affects an experimental permission enforcement feature.

Node.js Authentication Bypass Red Hat
NVD
CVSS 3.0
5.3
EPSS
0.0%
CVE-2026-27508 MEDIUM PATCH This Month

Reflected cross-site scripting (XSS) in Smoothwall Express versions before 3.1 Update 13 allows unauthenticated remote attackers to execute arbitrary JavaScript in users' browsers by crafting malicious URLs with javascript: schemes and delivering them through the unsanitized /redirect.cgi endpoint. The vulnerability requires user interaction (clicking a malicious link) and results in limited scope impact affecting user confidentiality and integrity. No public exploit code or active exploitation has been identified at time of analysis.

XSS Express
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-26352 MEDIUM PATCH This Month

Stored cross-site scripting in Smoothwall Express prior to version 3.1 Update 13 allows authenticated attackers to inject arbitrary JavaScript through the VPN_IP parameter in /cgi-bin/vpnmain.cgi, which executes when other users view affected VPN configuration pages. The vulnerability requires user interaction (page view) and authenticated access, limiting immediate risk but enabling persistent session hijacking or credential theft against administrative users. No public exploit code or active exploitation has been confirmed at the time of analysis.

XSS Express
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-34165 MEDIUM PATCH GHSA This Month

Maliciously crafted `.idx` files in go-git v5 cause asymmetric memory consumption leading to Denial of Service through integer overflow vulnerabilities. Exploitation requires local write access to the `.git` directory, limiting attack surface to scenarios where an attacker has already compromised repository access or can inject files into a shared repository. No public exploit code or active exploitation has been confirmed; however, the low CVSS complexity and requirement for only low-privilege local access make this a moderate operational concern for development environments and CI/CD systems that process untrusted repositories.

Denial Of Service Integer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-31799 MEDIUM PATCH This Month

SQL injection in Tautulli's /api/v2?cmd=get_home_stats endpoint allows authenticated administrators to exfiltrate sensitive data from the SQLite database via boolean-blind SQL inference. Affected versions include 2.14.2-2.16.x for the 'before' and 'after' parameters, and 2.1.0-beta-2.16.x for 'section_id' and 'user_id' parameters. The vulnerability requires possession of the admin API key and results in confidentiality compromise without code execution. Patch is available in version 2.17.0.

Python Code Injection
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-32794 MEDIUM PATCH This Month

Improper certificate validation in Apache Airflow Provider for Databricks versions 1.10.0 through 1.11.x allows unauthenticated attackers to intercept and manipulate traffic between Airflow and Databricks backends via man-in-the-middle attacks, potentially exfiltrating credentials and sensitive workflow data. The provider did not validate SSL/TLS certificates when establishing connections to Databricks, creating a critical trust boundary weakness. Vendor-released patch available in version 1.12.0; no public exploit code or active exploitation confirmed at time of analysis.

Information Disclosure Apache
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-27599 MEDIUM PATCH GHSA This Month

Stored DOM-based cross-site scripting (XSS) in CI4 CMS-ERP Mail Settings allows authenticated administrators to inject arbitrary JavaScript via unsanitized configuration fields (Mail Server, Port, Email Address, Password, Protocol, TLS settings), with payloads executing immediately on the same settings page upon save. Attack requires high-privilege access (PR:H) but enables full account takeover and platform compromise. Publicly available proof-of-concept video demonstrates attribute breakout technique.

XSS PHP Privilege Escalation CSRF
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-31804 MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) in Tautulli prior to version 2.17.0 allows remote attackers to forge outbound HTTP requests from the Plex Media Server process via the unauthenticated /pms_image_proxy endpoint, potentially exposing internal services on RFC-1918 address space and enabling reconnaissance or attacks against systems accessible from the Plex server's network context.

Python SSRF
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-66038 LOW PATCH Monitor

OpenSC before version 0.27.0 contains an out-of-bounds buffer read vulnerability in the sc_compacttlv_find_tag function that can return pointers beyond the allocated buffer bounds, leading to potential memory corruption when downstream code dereferences the returned pointer. The vulnerability affects OpenSC when processing untrusted compact-TLV data from smart cards or files, where a maliciously crafted single-byte element can claim a length exceeding the remaining buffer size without validation. While the CVSS score of 3.9 reflects the physical attack vector requirement (smartcard interaction) and high attack complexity, the memory corruption potential poses a notable risk in environments where OpenSC processes untrusted card data.

Buffer Overflow Opensc
NVD GitHub VulDB
CVSS 3.1
3.9
EPSS
0.0%
CVE-2025-66037 LOW PATCH Monitor

Out-of-bounds heap read in OpenSC prior to version 0.27.0 allows local attackers with physical access to smart card interfaces to trigger information disclosure and potential denial of service via crafted X.509/SPKI input to the pkcs15_reader function. The vulnerability stems from sc_pkcs15_pubkey_from_spki_fields() allocating a zero-length buffer and reading one byte beyond its bounds. No public exploit code or active exploitation has been identified; patch is available in version 0.27.0.

Information Disclosure Buffer Overflow Opensc
NVD GitHub VulDB
CVSS 3.1
3.9
EPSS
0.0%
CVE-2025-66215 LOW PATCH Monitor

Stack-buffer overflow in OpenSC's card-oberthur module (versions prior to 0.27.0) allows local attackers with physical access to trigger memory corruption via specially crafted APDU responses from a malicious USB device or smart card, potentially causing denial of service or limited information disclosure. The attack requires the user or administrator to actively use a token during the compromise window, and the vulnerability has been patched in version 0.27.0. No public exploit code or active exploitation has been confirmed at the time of analysis.

Buffer Overflow Stack Overflow Opensc
NVD GitHub VulDB
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-49010 LOW PATCH Monitor

Stack buffer overflow in OpenSC's GET RESPONSE handler prior to version 0.27.0 allows local attackers with physical access to trigger memory corruption via specially crafted smart card or USB device responses to APDUs. The vulnerability requires user interaction and physical proximity, limiting its practical exploitability; however, it could enable local privilege escalation or information disclosure when an authorized user or administrator actively uses a token. No public exploit code or active exploitation has been confirmed.

Buffer Overflow Stack Overflow Opensc
NVD GitHub VulDB
CVSS 3.1
3.8
EPSS
0.0%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy