Skip to main content
CVE-2019-25655 MEDIUM POC This Month

Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Device Monitoring Studio
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25653 MEDIUM POC This Month

Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Oracle
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25235 MEDIUM POC This Month

NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Networkactiv Web Server
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25234 MEDIUM POC This Month

SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Smartftp Client
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25233 MEDIUM POC This Month

WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Webdrive
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25231 MEDIUM POC This Month

HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long file path in the logging preferences. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service LFI PHP
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25228 MEDIUM POC This Month

NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgroup feature that allows local attackers to crash the application by supplying oversized input. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Netsetman
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25227 MEDIUM POC This Month

Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Valentina Studio
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25226 MEDIUM POC This Month

FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Ftpshell Server
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25232 MEDIUM POC This Month

Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Softros Lan Messenger
NVD Exploit-DB VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2018-25230 MEDIUM POC This Month

Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Computer Name field. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Free Ip Switcher
NVD Exploit-DB VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2018-25229 MEDIUM POC This Month

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the SMTP configuration interface that allows local attackers to crash the application by supplying an oversized. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bulletproof Ftp Server
NVD Exploit-DB VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-30556 MEDIUM POC This Month

Reflected cross-site scripting (XSS) in SourceCodester Sales and Inventory System 1.0 allows remote attackers to inject arbitrary JavaScript or HTML through the 'msg' parameter in index.php. Publicly available proof-of-concept code exists, enabling attackers to craft malicious URLs that execute scripts in victim browsers when clicked. No CVSS vector or patch information is available; the vulnerability appears limited in scope to a single PHP parameter.

XSS PHP
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-30559 MEDIUM POC This Month

Reflected XSS in SourceCodester Sales and Inventory System 1.0 allows remote attackers to inject arbitrary JavaScript or HTML through the msg parameter in add_sales.php, enabling session hijacking, credential theft, or malware distribution via crafted URLs. Publicly available exploit code exists.

XSS PHP
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-30557 MEDIUM POC This Month

Reflected cross-site scripting (XSS) in SourceCodester Sales and Inventory System 1.0 allows remote attackers to inject arbitrary JavaScript or HTML through an unsanitized 'msg' parameter in add_category.php, enabling session hijacking, credential theft, or malware distribution via malicious URLs. Publicly available exploit code exists, increasing real-world attack likelihood despite the absence of formal CVSS scoring or CVE severity data.

XSS PHP
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-30560 MEDIUM POC This Month

Reflected XSS in SourceCodester Sales and Inventory System 1.0 allows remote attackers to inject arbitrary JavaScript or HTML through the msg parameter in add_supplier.php, enabling session hijacking, credential theft, or malware distribution without authentication. The vulnerability has publicly available proof-of-concept code demonstrating the attack vector.

XSS PHP
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-30561 MEDIUM POC This Month

Reflected XSS in SourceCodester Sales and Inventory System 1.0 allows remote attackers to inject arbitrary JavaScript or HTML through an unsanitized 'msg' parameter in add_purchase.php, enabling session hijacking, credential theft, or malware distribution via crafted URLs. The vulnerability has publicly available exploit code but lacks CVSS scoring and is not confirmed as actively exploited.

XSS PHP
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-30558 MEDIUM POC This Month

Reflected cross-site scripting in SourceCodester Sales and Inventory System 1.0 allows remote attackers to inject arbitrary JavaScript or HTML through an unsanitized 'msg' parameter in add_customer.php, enabling session hijacking, credential theft, or malware distribution via crafted URLs. Publicly available exploit code exists demonstrating the vulnerability.

XSS PHP
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-30564 MEDIUM POC This Month

Reflected Cross-Site Scripting (XSS) in SourceCodester Sales and Inventory System 1.0 allows remote attackers to inject arbitrary web scripts or HTML through the 'limit' parameter in view_payments.php due to insufficient input sanitization. Publicly available exploit code exists, enabling attackers to craft malicious URLs that execute JavaScript in victims' browsers when visited, potentially leading to session hijacking, credential theft, or defacement.

XSS PHP
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-30565 MEDIUM POC This Month

Reflected Cross-Site Scripting (XSS) in SourceCodester Sales and Inventory System 1.0 allows remote attackers to inject arbitrary JavaScript or HTML through the 'limit' parameter in view_supplier.php due to insufficient input sanitization. The vulnerability is accessible without authentication via crafted URLs, and publicly available exploit code exists demonstrating the attack vector.

XSS PHP
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-30566 MEDIUM POC This Month

Reflected cross-site scripting in SourceCodester Sales and Inventory System 1.0 allows remote attackers to inject arbitrary JavaScript or HTML via the unvalidated "limit" parameter in view_customers.php, affecting unauthenticated users who click malicious links. Publicly available exploit code exists demonstrating the vulnerability, though no CVSS score is available to quantify severity.

XSS PHP
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-30563 MEDIUM POC This Month

Stored cross-site scripting (XSS) in SourceCodester Sales and Inventory System 1.0 allows authenticated attackers to inject malicious scripts via the unvalidated website parameter in update_details.php, which are persisted in the database and executed whenever the store details page is accessed by any user. Publicly available exploit code exists, though the vulnerability requires prior authentication and affects primarily self-hosted instances of this open-source inventory management application.

XSS PHP
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-5147 MEDIUM POC This Month

Remote SQL injection in YunaiV yudao-cloud up to version 2026.01 allows unauthenticated attackers to execute arbitrary SQL queries via the Website parameter in the /admin-api/system/tenant/get-by-website endpoint. The vulnerability has a CVSS score of 6.9 with public exploit code available, enabling remote compromise of database confidentiality and integrity without authentication or user interaction. The vendor has not responded to early disclosure notification.

SQLi Yudao Cloud
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-33029 MEDIUM PATCH GHSA This Month

Authenticated denial of service in nginx-ui 2.3.3 and earlier allows any user with settings access to submit a negative integer for the logrotate.interval parameter, triggering an infinite loop in the backend that exhausts CPU resources and renders the web interface unresponsive. Vendor-released patch available in v2.3.4. No public exploit code identified beyond proof-of-concept documentation; not confirmed as actively exploited.

Nginx Denial Of Service Docker Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-33027 MEDIUM PATCH GHSA This Month

Authenticated users in nginx-ui v2.3.3 and earlier can delete the entire `/etc/nginx` configuration directory via path traversal using double-encoded sequences (..%252F), causing immediate Nginx service failure and denial of service. The vulnerability exploits improper URL canonicalization combined with unsafe recursive deletion logic that resolves malicious paths to the base configuration directory instead of rejecting them.

Nginx Path Traversal Denial Of Service Docker Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-33977 MEDIUM PATCH This Month

Denial of service in FreeRDP prior to version 3.24.2 allows remote attackers to crash the client via a malicious RDP server sending IMA ADPCM audio data with an invalid step index value (≥89). The unvalidated network-supplied index causes an out-of-bounds access into an 89-entry lookup table, triggering a WINPR_ASSERT() failure and process abort. This affects all FreeRDP clients with audio redirection enabled (the default configuration), requiring user interaction to establish an RDP connection but no authentication. No public exploit code identified at time of analysis.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-1612 MEDIUM This Month

Hard-coded AWS credentials in AL-KO Robolinho Update Software allow unauthenticated attackers to directly access AL-KO's AWS S3 bucket with read permissions and potentially escalated privileges beyond the application's intended access model. Version 8.0.21.0610 is confirmed vulnerable; the full affected version range is unknown due to lack of vendor cooperation. No public exploit code or active exploitation has been reported, but the credentials are trivially extractable from the application binary.

Authentication Bypass Robolinho Update Software
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-33990 MEDIUM PATCH GHSA This Month

Server-side request forgery in Docker Model Runner allows unprivileged containers or malicious OCI registries to make arbitrary GET requests to internal services by exploiting unvalidated realm URLs in the OCI registry token exchange flow. Affected versions prior to 1.1.25 (Docker Desktop prior to 4.67.0) permit attackers to access host-local services and reflect response bodies back to the caller, potentially exfiltrating sensitive data from internal endpoints. No public exploit code or active exploitation has been reported at time of analysis.

Docker SSRF Microsoft Suse
NVD GitHub
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-5165 MEDIUM This Month

VirtIO Block device driver in virtio-win fails to properly release memory during device reset, enabling a use-after-free vulnerability that allows high-privileged local attackers to corrupt kernel memory and cause system instability or denial of service. Affected versions span Red Hat Enterprise Linux 8, 9, and 10; no public exploit code or active exploitation has been identified at time of analysis, though upstream fix is available via GitHub PR.

Information Disclosure Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-5164 MEDIUM This Month

Buffer overflow in virtio-win's RhelDoUnMap() function allows local privileged users to trigger a denial of service by supplying an excessive number of descriptors during unmap operations, causing system crashes. Affects Red Hat Enterprise Linux 8, 9, and 10 across multiple architectures. The vulnerability requires high-level privilege (PR:H) but offers no confidentiality or integrity protections beyond the immediate DoS impact, with a CVSS score of 6.7 reflecting the local attack requirement and high-privilege barrier.

Buffer Overflow Denial Of Service Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-33983 MEDIUM PATCH This Month

FreeRDP versions prior to 3.24.2 contain an integer overflow vulnerability in the progressive_decompress_tile_upgrade() function that allows unauthenticated remote attackers to cause a denial of service through CPU exhaustion. When processing malformed Remote Desktop Protocol (RDP) streams, a wrapped integer value (247) is incorrectly used as a bit-shift exponent, triggering undefined behavior and creating an approximately 80 billion iteration loop that consumes CPU resources. The vulnerability requires user interaction (UI:R) to trigger, and no public exploit code has been identified at the time of analysis.

Integer Overflow Information Disclosure Freerdp
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-29597 MEDIUM This Month

Incorrect access control in the file_details.asp endpoint of DDSN Interactive Acora CMS version 10.7.1 permits authenticated users with editor privileges to access sensitive files through crafted requests, resulting in information disclosure. This vulnerability requires valid editor-level credentials and direct knowledge of the vulnerable endpoint, limiting but not eliminating real-world risk. No active exploitation or public proof-of-concept code has been independently confirmed at this time.

Authentication Bypass N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25627 MEDIUM PATCH This Month

NanoMQ MQTT Broker versions prior to 0.24.8 can be remotely crashed via MQTT-over-WebSocket by sending a packet with a maliciously inflated Remaining Length field in the fixed header while providing a shorter actual payload, triggering an out-of-bounds read that causes denial of service. Authenticated attackers can exploit this condition over the WebSocket listener with low attack complexity. Vendor-released patch available in version 0.24.8.

Buffer Overflow Information Disclosure Nanomq
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-5123 MEDIUM PATCH This Month

Denial of service in osrg GoBGP up to version 4.3.0 via off-by-one error in the DecodeFromBytes function allows remote, unauthenticated attackers to crash the BGP daemon through manipulation of packet data, resulting in availability impact. The vulnerability requires high attack complexity and has difficult exploitability; no public exploit code or active exploitation is currently confirmed, though a patch is available from the vendor.

Information Disclosure Gobgp
NVD VulDB GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-5124 MEDIUM PATCH This Month

Improper access controls in osrg GoBGP up to version 4.3.0 allow remote attackers to bypass authentication via manipulation of the BGP Header Handler's DecodeFromBytes function. The vulnerability affects the BGP packet parsing mechanism and enables unauthorized modifications to BGP protocol state without requiring authentication. With a CVSS score of 3.7 and high attack complexity, exploitation is difficult but possible over the network; no public exploit code or active exploitation has been confirmed.

Authentication Bypass Gobgp
NVD VulDB GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-5122 MEDIUM PATCH This Month

Improper access control in osrg GoBGP up to 4.3.0 allows remote attackers to manipulate the domainNameLen parameter in BGP OPEN Message processing, resulting in integrity compromise through the DecodeFromBytes function. The vulnerability requires high attack complexity and has low real-world risk despite network-accessible attack vector; no public exploit code or confirmed active exploitation has been identified. A vendor patch is available via upstream commit 2b09db390a3d455808363c53e409afe6b1b86d2d.

Authentication Bypass Gobgp
NVD VulDB GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-34231 MEDIUM PATCH GHSA This Month

{% attrs %} template tag allows unauthenticated remote attackers to inject arbitrary HTML and JavaScript by passing untrusted context variables containing quote characters and event handler attributes. The vulnerability affects templates that pass user-supplied or database-derived values to {% attrs %} without prior escaping. Vendor-released patch version 0.6.3 is available.

Python XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-30082 MEDIUM This Month

Stored cross-site scripting (XSS) vulnerabilities in IngEstate Server v11.14.0 allow remote attackers to execute arbitrary web scripts or HTML by injecting malicious payloads into the About application, What's news, or Release note parameters within the Software Package List edit feature. The vulnerabilities affect the stored XSS class, meaning injected payloads persist and execute for all users accessing the affected page. Public exploit code is available on GitHub, and the vendor (IngEstate/Ingenico) has not released a confirmed patched version as of this analysis.

XSS N A
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-34237 MEDIUM PATCH GHSA This Month

Hardcoded wildcard CORS headers (Access-Control-Allow-Origin: *) in the Model Context Protocol Java SDK transport layer enable cross-origin session hijacking, allowing attackers to extract session IDs from victim browsers and relay authenticated requests back to internal MCP servers. The vulnerability affects the HttpServletSseServerTransportProvider and HttpServletStreamableServerTransportProvider classes in mcp-core; no public exploit code has been identified, though the attack requires user interaction (victim visiting attacker-controlled page). CVSS 6.1 reflects the combination of network-accessible vector, low attack complexity, and cross-origin impact, though practical exploitation depends on MCP server deployment architecture.

Java Cors Misconfiguration Information Disclosure Python
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-33952 MEDIUM PATCH This Month

FreeRDP clients before version 3.24.2 crash with SIGABRT when connecting through a malicious RDP Gateway due to an unvalidated auth_length field triggering a WINPR_ASSERT() failure in rts_read_auth_verifier_no_checks(). This pre-authentication denial of service affects all FreeRDP clients using RPC-over-HTTP gateway transport, regardless of user authentication status. The vulnerability has been patched in version 3.24.2.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.1%
CVE-2026-5170 MEDIUM PATCH This Month

Denial of service in MongoDB Server allows authenticated users with limited cluster privileges to crash a mongod process during replica set to sharded cluster promotion, causing potential primary failure. Affects MongoDB 8.2 before 8.2.2, 8.0.18+, and 7.0.31+. No public exploit code or active exploitation confirmed; CVSS 5.3 reflects the narrow attack window and authentication requirement.

Denial Of Service Mongodb Server
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-33985 MEDIUM PATCH This Month

FreeRDP versions prior to 3.24.2 leak sensitive heap data to the screen during pixel rendering in remote desktop sessions, allowing unauthenticated remote attackers to obtain confidential information through a man-in-the-middle position or compromised RDP server. The vulnerability requires user interaction (UI:R) and involves out-of-bounds memory read (CWE-125), with CVSS 5.9 reflecting moderate confidentiality impact and low availability degradation. No public exploit code or active exploitation has been confirmed at time of analysis.

Information Disclosure Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-32883 MEDIUM PATCH This Month

Botan cryptography library versions 3.0.0 through 3.10.x fail to verify OCSP response signatures during X.509 certificate path validation, allowing attackers to forge certificate status responses and potentially bypass revocation checks. This integrity bypass affects any application using Botan for TLS or certificate validation and requires network positioning but not authentication. The vulnerability was patched in version 3.11.0.

Information Disclosure Jwt Attack Red Hat
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-5119 MEDIUM PATCH This Month

Libsoup transmits sensitive session cookies in cleartext within HTTP CONNECT requests when establishing HTTPS tunnels through configured HTTP proxies, allowing network-positioned attackers or malicious proxies to intercept and hijack user sessions. The vulnerability affects Red Hat Enterprise Linux versions 6 through 10 and carries a CVSS 5.9 score with high confidentiality impact; no public exploit code or confirmed active exploitation has been identified at the time of analysis.

Information Disclosure Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +1
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-21717 MEDIUM PATCH This Month

Denial of service in Node.js 20.x, 22.x, 24.x, and 25.x via predictable hash collisions in V8's string hashing mechanism allows unauthenticated remote attackers to degrade process performance by crafting requests with specially-crafted JSON payloads that trigger collision cascades in the internal string table. CVSS 5.9 (moderate severity, high attack complexity). No public exploit code or active exploitation confirmed at time of analysis.

Node.js Information Disclosure
NVD VulDB HeroDevs
CVSS 3.0
5.9
EPSS
0.0%
CVE-2026-32884 MEDIUM PATCH This Month

Botan cryptography library versions prior to 3.11.0 fail to properly validate X.509 certificate DNS name constraints due to case-sensitive comparison of the Common Name field, allowing attackers to present certificates with mixed-case Common Names that bypass name constraint restrictions and potentially establish unauthorized secure connections to restricted domains.

Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-21713 MEDIUM PATCH This Month

Node.js versions 20.x, 22.x, 24.x, and 25.x use non-constant-time comparison for HMAC signature verification, allowing remote attackers to infer valid HMAC values through timing oracle attacks. The vulnerability leaks information proportional to matching bytes and requires high-resolution timing measurement capability, making exploitation feasible in controlled network conditions. CVSS 5.9 (confidentiality impact only); no public exploit identified at time of analysis.

Node.js Information Disclosure Oracle
NVD
CVSS 3.0
5.9
EPSS
0.0%
CVE-2026-34360 MEDIUM PATCH GHSA This Month

Server-side request forgery (SSRF) in FHIR Validator HTTP service allows unauthenticated remote attackers to probe internal network services and cloud metadata endpoints via the /loadIG endpoint, which accepts arbitrary URLs without hostname or domain validation. The vulnerability defaults to allowing all outbound requests, and redirect following bypasses even configured domain restrictions. With the explore=true default setting, each request amplifies reconnaissance capability through multiple outbound HTTP calls, enabling blind network topology mapping and metadata service access.

SSRF Java Microsoft
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-25704 MEDIUM This Month

Cosmic-greeter before PR #426 contains a privilege dropping race condition vulnerability (CWE-271) that allows local attackers to regain dropped privileges through TOCTOU timing manipulation during privilege validation checks. The vulnerability affects the Pop!_OS greeter application and could enable privilege escalation to perform actions with elevated permissions that should have been restricted.

Information Disclosure Cosmic Greeter
NVD VulDB
CVSS 4.0
5.8
EPSS
0.0%
CVE-2026-21712 MEDIUM PATCH This Month

Denial of service in Node.js url.format() function allows authenticated remote attackers to crash Node.js processes by supplying malformed internationalized domain names (IDNs) with invalid characters, triggering an assertion failure in native code. CVSS 5.7 (medium severity) with EPSS exploitation probability not independently confirmed. No public exploit code or CISA KEV status identified at time of analysis, but the simplicity of triggering the crash via a standard library function poses moderate real-world risk to production Node.js applications handling untrusted URL input.

Node.js Denial Of Service
NVD VulDB
CVSS 3.0
5.7
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy