Skip to main content
CVE-2026-34542 MEDIUM This Month

Stack buffer overflow in iccDEV library versions prior to 2.3.1.6 allows local attackers to trigger a denial of service by crafting a malicious ICC color profile that overflows a 4-byte stack buffer in the CIccCalculatorFunc::Apply() function during profile processing. The vulnerability requires local access and no user interaction, with CVSS 6.2 reflecting high availability impact but no direct code execution path; vendor-released patch is available in version 2.3.1.6.

Stack Overflow Buffer Overflow Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34541 MEDIUM This Month

Denial of service in iccDEV prior to version 2.3.1.6 allows local attackers to crash the iccApplyNamedCmm tool by supplying a malformed ICC color profile that triggers a null-pointer dereference in the CIccCombinedConnectionConditions constructor. The vulnerability requires local file system access to provide the crafted profile and causes application termination with no code execution or data corruption, affecting users processing untrusted ICC profiles through the -PCC flag.

Null Pointer Dereference Denial Of Service Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34540 MEDIUM This Month

Heap buffer overflow in iccDEV prior to version 2.3.1.6 allows denial of service via a crafted ICC color profile that triggers out-of-bounds heap read in icMemDump() when iccDumpProfile processes malformed tag contents. The vulnerability affects local attackers without authentication or user interaction, though the practical attack surface depends on how iccDumpProfile is invoked in consuming applications. No public exploit code or active exploitation has been identified; the issue was discovered through code analysis and AddressSanitizer instrumentation.

Heap Overflow Buffer Overflow Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34539 MEDIUM This Month

Heap buffer overflow in iccDEV's CTiffImg::WriteLine() function allows local attackers to crash the iccSpecSepToTiff tool via specially crafted ICC color profile and TIFF file pairs. Versions prior to 2.3.1.6 are vulnerable; the attack requires no authentication or user interaction beyond processing a malicious file. While the current impact is limited to denial of service, heap overflows can potentially enable memory corruption exploitation depending on heap layout and attacker sophistication.

Heap Overflow Buffer Overflow Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34537 MEDIUM This Month

Local denial of service in iccDEV prior to version 2.3.1.6 allows unauthenticated local attackers to crash applications processing ICC color profiles by crafting malicious profiles that trigger undefined behavior through invalid enum values in CIccOpDefEnvVar::Exec(). The vulnerability requires local file access but no privilege escalation, with an EPSS score of 6.2 reflecting moderate real-world risk. No public exploit code or active exploitation has been identified at the time of analysis.

Information Disclosure Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34536 MEDIUM This Month

Stack overflow in iccDEV's SIccCalcOp::ArgsUsed() function allows local attackers to trigger a denial of service by supplying a crafted ICC color profile to iccApplyProfiles. The vulnerability affects iccDEV versions prior to 2.3.1.6 and requires no authentication or user interaction; exploitation manifests as application crash during calculator argument computation. No public exploit code or active exploitation has been identified at time of analysis.

Denial Of Service Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34535 MEDIUM This Month

Malformed ICC color profile files trigger a heap buffer overflow in iccDEV versions prior to 2.3.1.6, causing denial of service through segmentation fault in the CIccTagArray::Cleanup() function. Local attackers can exploit this vulnerability by crafting a malicious ICC profile that, when processed by iccRoundTrip or similar tools, crashes the application due to misaligned pointer access. No public exploit code has been identified, and this vulnerability is not confirmed as actively exploited in the wild.

Heap Overflow Buffer Overflow Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34534 MEDIUM This Month

Heap buffer overflow in iccDEV prior to version 2.3.1.6 allows local attackers to trigger a denial of service via a malicious ICC color profile, causing out-of-bounds heap reads in the CIccMpeSpectralMatrix::Describe() function when processing profiles with iccDumpProfile. The vulnerability requires local file access but no user interaction or authentication, with confirmed patch availability in version 2.3.1.6.

Heap Overflow Buffer Overflow Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34533 MEDIUM This Month

Undefined Behavior in iccDEV prior to version 2.3.1.6 allows local attackers to cause a denial of service by supplying a crafted ICC color profile containing invalid enum values for icChannelFuncSignature, which triggers an application crash during profile processing in CIccCalculatorFunc::ApplySequence(). The vulnerability requires local file access or the ability to provide a malicious ICC profile to an application using the library; no public exploit code has been identified.

Information Disclosure Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34552 MEDIUM This Month

Null pointer dereference in iccDEV versions prior to 2.3.1.6 causes denial of service when processing ICC color management profiles with malformed lookup table (LUT) structures. The vulnerability exists in IccTagLut.cpp where CIccApplyCLUT member access occurs without null validation, allowing local attackers to crash applications that parse untrusted color profiles. No public exploit code or active exploitation has been confirmed at time of analysis.

Null Pointer Dereference Denial Of Service Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34551 MEDIUM This Month

Denial of service via null-pointer dereference in iccDEV prior to version 2.3.1.6 allows local attackers to crash the application by processing a crafted ICC color profile embedded in a TIFF file. The vulnerability exists in the CIccTagLut16::Write() function and requires local file system access but no authentication or user interaction. No public exploit code or active exploitation has been confirmed; the issue is considered moderate severity due to denial-of-service impact only (no code execution or data compromise).

Null Pointer Dereference Denial Of Service Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34550 MEDIUM This Month

Denial of service in iccDEV prior to version 2.3.1.6 caused by undefined behavior from unsafe implicit conversion of negative signed integers to unsigned size_t in IccProfLib/IccIO.cpp. Local attackers can exploit this condition to crash applications using vulnerable iccDEV libraries by providing specially crafted ICC color profile files, resulting in high availability impact with no authentication required.

Information Disclosure Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34549 MEDIUM This Month

Denial of service via crafted ICC color profile in iccDEV library prior to version 2.3.1.6 triggers undefined behavior through invalid left shift operations on 32-bit unsigned integers, causing application crashes. The vulnerability affects all iccDEV versions before 2.3.1.6 and requires only local file access to exploit (no authentication or user interaction required beyond opening a malicious profile). No public exploit code or active exploitation has been identified at time of analysis.

Information Disclosure Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34548 MEDIUM This Month

Denial of service in iccDEV prior to version 2.3.1.6 allows local attackers to crash the iccToXml XML conversion tool via undefined behavior caused by implicit conversion of negative signed integers to unsigned 32-bit values. The vulnerability has CVSS 6.2 (medium severity) and affects all versions before the patched release; no public exploit code has been identified, but the issue is straightforward to trigger with malformed ICC color profiles containing negative integer values.

Information Disclosure Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34547 MEDIUM This Month

Denial of service via undefined behavior in iccDEV versions prior to 2.3.1.6 allows local attackers to crash the iccDumpProfile tool by supplying a crafted ICC color profile. The vulnerability exploits an unsafe memory operation in IccUtil.cpp triggered during profile parsing, resulting in application termination with no authentication required. No public exploit code or active exploitation has been reported at time of analysis.

Information Disclosure Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34546 MEDIUM This Month

Denial of service via division by zero in iccDEV prior to version 2.3.1.6 allows local attackers to crash the iccTiffDump utility by supplying a crafted TIFF file, resulting in undefined behavior and availability impact. The vulnerability requires local file access and no authentication, but exploitation is limited to denial of service rather than code execution or information disclosure. CVSS 6.2 reflects medium severity with high availability impact; no public exploitation or CISA KEV status reported.

Information Disclosure Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-4146 MEDIUM This Month

Reflected Cross-Site Scripting in Loco Translate WordPress plugin versions up to 2.8.2 allows unauthenticated attackers to inject arbitrary web scripts via the 'update_href' parameter due to insufficient input sanitization and output escaping. The vulnerability requires user interaction (clicking a malicious link) to execute, affecting WordPress sites with the plugin installed. CVSS 6.1 reflects moderate severity with network-accessible attack vector and cross-site scope impact on confidentiality and integrity.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-5181 LOW POC Monitor

Unrestricted file upload in SourceCodester Simple Doctors Appointment System up to version 1.0 allows authenticated remote attackers to upload arbitrary files via the img parameter in /doctors_appointment/admin/ajax.php?action=save_category, potentially leading to remote code execution. The vulnerability has publicly available exploit code and carries a CVSS score of 5.3 with limited impact scope, though it requires valid login credentials to exploit.

PHP File Upload
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-1877 MEDIUM This Month

Cross-site request forgery in Auto Post Scheduler WordPress plugin versions up to 1.84 allows unauthenticated attackers to modify plugin settings and inject malicious scripts by tricking site administrators into clicking a malicious link, due to missing nonce validation in the aps_options_page function. The vulnerability combines CSRF with stored XSS capability, affecting any WordPress site running the vulnerable plugin. CVSS 6.1 reflects the requirement for user interaction and the limited direct impact, though the ability to inject web scripts poses a meaningful risk to site integrity and user security.

WordPress CSRF XSS
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-5215 LOW POC Monitor

Improper access controls in D-Link DNS and DNR network-attached storage devices allow unauthenticated remote attackers on adjacent networks to access IPv6 configuration functions via the cgi_get_ipv6 function in /cgi-bin/network_mgr.cgi, potentially disclosing sensitive network configuration information. The vulnerability affects multiple D-Link models up to firmware version 20260205, publicly available exploit code exists, and the attack requires only network adjacency with low complexity.

D-Link Authentication Bypass
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-34405 MEDIUM PATCH GHSA This Month

Nuxt OG Image versions prior to 6.2.5 allow cross-site scripting (XSS) attacks via arbitrary HTML attribute injection in the image-generation endpoint at /_og/d/, affecting any unauthenticated remote user who can craft a malicious URI. An attacker can inject attributes into the HTML page body to execute JavaScript in the context of users' browsers, compromising confidentiality and integrity without service disruption. No public exploit code or active exploitation has been confirmed at the time of analysis.

XSS Og Image
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-34739 MEDIUM PATCH GHSA This Month

Stored cross-site scripting (XSS) via unencoded HTML reflection in WWBN AVideo's User_Location plugin testIP.php endpoint allows authenticated attackers to execute arbitrary JavaScript in admin sessions. Affecting AVideo 26.0 and earlier, the vulnerability exploits SameSite=None cookie configuration to enable cross-origin exploitation, permitting unauthenticated attackers to lure admins to malicious links that hijack their authenticated context. No public exploit code or vendor patch has been released at time of analysis.

PHP XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-34396 MEDIUM GHSA This Month

Stored cross-site scripting (XSS) in WWBN AVideo 26.0 and prior allows unauthenticated attackers to inject malicious JavaScript into plugin configuration values via CSRF, or authenticated admins to directly inject code that executes in administrator browsers when accessing plugin configuration pages. The vulnerability exploits missing output encoding in the jsonToFormElements() function, enabling arbitrary JavaScript execution within the admin panel with impact to confidentiality and integrity.

XSS PHP CSRF
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-34206 MEDIUM PATCH This Month

Reflected cross-site scripting (XSS) in Captcha Protect versions prior to 1.12.2 allows unauthenticated remote attackers to inject arbitrary script into the anti-bot challenge page by supplying a crafted destination parameter. The vulnerability exploits unsafe use of Go's text/template library, which does not perform contextual HTML escaping, enabling attackers to break out of HTML attributes and execute malicious code in the context of users viewing the challenge page. This affects all Traefik middleware deployments using vulnerable versions of libops/captcha-protect.

XSS Captcha Protect
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-5206 LOW POC Monitor

SQL injection in code-projects Simple Gym Management System 1.0 Payment Handler allows authenticated remote attackers to manipulate Payment_id, Amount, customer_id, payment_type, and customer_name parameters to execute arbitrary SQL queries, potentially leading to unauthorized data access or modification. Publicly available exploit code exists for this vulnerability; patch status from vendor remains unconfirmed.

SQLi Simple Gym Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5197 LOW POC Monitor

SQL injection in code-projects Student Membership System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /delete_user.php, enabling unauthorized data exfiltration or manipulation. The vulnerability has CVSS score 5.3 (medium severity) with publicly available exploit code, though it requires authenticated access (PR:L) and carries low confidentiality, integrity, and availability impact per CVSS v4.0 assessment.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5196 LOW POC Monitor

SQL injection in code-projects Student Membership System 1.0 allows authenticated remote attackers to execute arbitrary SQL commands via the ID parameter in /delete_member.php, resulting in limited confidentiality and integrity impact. Publicly available exploit code exists, and the vulnerability has been disclosed; however, active exploitation has not been confirmed by CISA. The attack requires valid authentication credentials but can be initiated over the network with minimal complexity.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5203 LOW POC Monitor

Path traversal in CMS Made Simple UserGuide Module XML Import functionality allows authenticated high-privilege attackers to manipulate file operations in the _copyFilesToFolder function, enabling arbitrary file placement on the server with limited confidentiality and integrity impact. The vulnerability affects CMS Made Simple up to version 2.2.22, requires high-level privileges to exploit remotely, and vendor has confirmed a fix for a future release; publicly available exploit code exists but real-world risk remains moderate due to privilege requirements.

PHP Path Traversal
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-5209 LOW POC Monitor

Stored cross-site scripting (XSS) in SourceCodester Leave Application System 1.0 User Management Handler allows authenticated remote attackers with high privileges to inject malicious scripts via the component, requiring user interaction to execute. The vulnerability carries a CVSS 4.8 score with publicly available exploit code; however, real-world risk is constrained by high privilege requirement (PR:H) and necessary user interaction (UI:P), limiting opportunistic exploitation.

XSS Leave Application System
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-27853 MEDIUM PATCH This Month

DNSdist fails to validate packet size bounds when rewriting DNS questions or responses via Lua methods (DNSQuestion:changeName, DNSResponse:changeName), allowing unauthenticated remote attackers to craft DNS responses that trigger out-of-bounds writes and exceed the 65535-byte DNS packet size limit, resulting in denial of service via crash. CVSS 5.9 (high availability impact); no public exploit code identified at time of analysis.

Buffer Overflow Denial Of Service Memory Corruption Dnsdist
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-34227 MEDIUM PATCH GHSA This Month

Unauthenticated attackers can hijack all active Sliver C2 sessions and beacons through a single malicious link clicked by an operator, gaining immediate silent control to exfiltrate collected intelligence or destroy compromised infrastructure, prior to version 1.7.4. The vulnerability exploits browser-based interaction with the custom Wireguard netstack, bypassing authentication entirely via a user-interaction attack vector. This is a critical supply-chain risk for red teams and penetration testers relying on Sliver for command-and-control operations.

Authentication Bypass Sliver
NVD GitHub
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-5235 LOW POC Monitor

Heap-based buffer overflow in Axiomatic Bento4 up to version 1.6.0-641 affects the AP4_BitReader::ReadCache function in the MP4 file parser component, allowing local attackers with limited privileges to cause information disclosure, integrity violation, and denial of service. Publicly available exploit code exists, and the vendor has not yet responded to the early disclosure despite project notification through GitHub issue tracking.

Heap Overflow Buffer Overflow Bento4
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-34452 MEDIUM PATCH GHSA This Month

Symlink race condition in Anthropic Python SDK async filesystem memory tool (versions 0.86.0-0.86.x) allows local authenticated attackers to escape sandbox restrictions and read or write arbitrary files outside the designated memory directory. The vulnerability exploits a time-of-check-time-of-use (TOCTOU) flaw where path validation occurs before symlink resolution, enabling an attacker with memory directory write access to redirect file operations via symlink manipulation. The synchronous implementation is unaffected. Vendor-released patch: version 0.87.0.

Python Information Disclosure
NVD GitHub
CVSS 4.0
5.8
EPSS
0.0%
CVE-2026-32988 MEDIUM PATCH This Month

Sandbox escape in OpenClaw (before version 2026.3.11) allows local authenticated users to write arbitrary files outside validated directories via a TOCTOU race condition during staged file writes. The fs-bridge component fails to anchor temporary file operations to verified parent directories, enabling attackers to manipulate path aliases between validation and execution phases. CVSS 7.5 (High) reflects the local attack vector with high complexity, but scope change (S:C) indicates potential container/sandbox breakout. No public exploit identified at time of analysis, though the race condition vulnerability class (CWE-367) is well-understood by attackers.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
5.8
EPSS
0.0%
CVE-2026-32977 MEDIUM PATCH This Month

OpenClaw before 2026.3.11 allows authenticated local attackers to bypass sandbox boundaries and write files outside validated paths via a time-of-check-time-of-use race condition in the fs-bridge writeFile commit operation. An attacker with local access and sufficient privileges can exploit unanchored container paths during file move operations to redirect committed files outside the sandbox, achieving arbitrary file write capabilities within the container mount namespace. No public exploit code or active exploitation has been confirmed.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
5.8
EPSS
0.0%
CVE-2026-5237 MEDIUM This Month

SQL injection in itsourcecode Payroll Management System 1.0 allows remote unauthenticated attackers to manipulate the ID parameter in /manage_user.php, enabling arbitrary SQL query execution with confidentiality and integrity impact. The vulnerability has a publicly available exploit, making it immediately actionable for threat actors despite the moderate CVSS score.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-32629 MEDIUM PATCH GHSA This Month

Stored cross-site scripting (XSS) in phpMyFAQ 4.2.0-alpha allows unauthenticated attackers to inject malicious JavaScript via RFC 5321-compliant quoted email addresses in guest FAQ submissions. The injected payload is stored without sanitization and rendered using Twig's |raw filter in the admin FAQ editor, executing in administrator browsers and enabling session hijacking, admin account takeover, and arbitrary site manipulation. A publicly available proof-of-concept demonstrates successful JavaScript execution when administrators review pending FAQs.

PHP RCE Nginx Docker
NVD GitHub
CVSS 4.0
5.4
EPSS
0.2%
CVE-2026-22569 MEDIUM PATCH This Month

Zscaler Client Connector on Windows contains an incorrect startup configuration that permits limited traffic to bypass inspection under rare circumstances, resulting in potential information disclosure and integrity compromise. The vulnerability affects all versions of the product and requires user interaction to exploit, with a CVSS score of 5.4 reflecting the combination of network-based attack vector, low complexity, and low impact on confidentiality and integrity. No evidence of active exploitation or public exploit code has been identified.

Information Disclosure Microsoft
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-34442 MEDIUM PATCH This Month

Host header manipulation in FreeScout prior to version 1.8.211 allows unauthenticated remote attackers to inject arbitrary domains into application-generated absolute URLs, enabling open redirects and external resource loading attacks. The vulnerability exploits unvalidated Host header values to construct malicious links and asset references, potentially redirecting users to attacker-controlled domains or loading external resources from compromised servers. CVSS 5.4 reflects low-to-moderate real-world risk given the requirement for user interaction (UI:R), though no active exploitation has been publicly confirmed.

Open Redirect
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-32273 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in Discourse category description API endpoints allows authenticated users with category management privileges to inject malicious scripts that execute in the browsers of other users viewing the category. The vulnerability affects Discourse versions 2026.1.0 through 2026.1.2, 2026.2.0 through 2026.2.1, and 2026.3.0-pre-release due to missing input sanitization on category description updates. Vendor-released patches address this in versions 2026.1.3, 2026.2.2, and 2026.3.0; no public exploit code has been identified at time of analysis.

XSS Discourse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-3191 MEDIUM This Month

The Minify HTML WordPress plugin (versions up to 2.1.12) contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'minify_html_menu_options' function due to missing nonce validation, allowing unauthenticated attackers to modify plugin settings if a site administrator is tricked into clicking a malicious link. The attack requires user interaction (UI:R) but can degrade site availability or integrity by altering minification behavior. No public exploit code or active exploitation has been confirmed, though the vulnerability is tracked by CISA-recognized security researchers.

WordPress CSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-32921 MEDIUM PATCH This Month

OpenClaw before 2026.3.8 allows authenticated remote attackers to bypass approval controls in the system.run function by obtaining approval for a script, modifying the approved script file before execution, and executing malicious content while preserving the approved command structure. This approval-execution window vulnerability enables privilege escalation and code execution with low complexity and no user interaction required. No public exploit code or active exploitation has been confirmed at the time of analysis.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-32243 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in Discourse allows authenticated users with conversation creation privileges to inject arbitrary HTML and JavaScript via crafted AI conversation titles, executing malicious payloads in the browsers of users viewing onebox previews and potentially enabling session hijacking or unauthorized actions. Affects Discourse versions 2026.1.0 through 2026.1.2, 2026.2.0 through 2026.2.1, and 2026.3.0-beta; patched versions 2026.1.3, 2026.2.2, and 2026.3.0 are available. No public exploit code or active exploitation has been confirmed at time of analysis.

XSS Discourse
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-30878 MEDIUM PATCH GHSA This Month

baserCMS versions prior to 5.2.3 allow unauthenticated remote attackers to bypass administrative form submission controls via a public mail API, enabling arbitrary form submissions even when the form is configured to reject new entries. This authentication bypass has a CVSS score of 5.3 and permits attackers to inject spam or abuse content without authorization, circumventing intended intake restrictions. Vendor-released patch available in version 5.2.3.

Authentication Bypass Basercms
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-34732 MEDIUM PATCH GHSA This Month

WWBN AVideo 26.0 and prior exposes sensitive user data through 21 unauthenticated API endpoints via the CreatePlugin template generator. The list.json.php template lacks authentication checks present in its companion add.json.php and delete.json.php templates, allowing remote attackers to enumerate and retrieve user PII, payment logs, IP addresses, user agents, and internal system records without authentication. No vendor patch exists at time of analysis.

Authentication Bypass Information Disclosure PHP
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-34595 MEDIUM PATCH GHSA This Month

Parse Server versions prior to 8.6.70 and 9.7.0-alpha.18 allow authenticated users with find class-level permissions to bypass protectedFields restrictions on LiveQuery subscriptions by submitting array-like objects with numeric keys instead of proper arrays in $or, $and, or $nor operators. This enables information disclosure through a binary oracle attack that reveals whether protected fields match attacker-supplied values. The vulnerability requires prior authentication and find-level access but no user interaction, affecting all deployments of vulnerable Parse Server versions.

Node.js Authentication Bypass Memory Corruption Oracle
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-34574 MEDIUM PATCH GHSA This Month

Authenticated users in Parse Server prior to versions 8.6.69 and 9.7.0-alpha.14 can bypass immutability protections on session fields by submitting null values in PUT requests to the session update endpoint, allowing indefinite session validity and circumventing configured session expiration policies. The vulnerability requires valid authentication credentials to exploit and has been patched in the specified versions.

Node.js Authentication Bypass
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-33300 MEDIUM PATCH This Month

Discourse 2026.1.0 through 2026.3.0-beta allows authenticated moderators to bypass authorization controls in the Category Chatables Controller, disclosing sensitive information about hidden group names and user counts. The vulnerability affects multiple release branches and has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0. With a CVSS score of 5.3 and low attack complexity, this represents a meaningful information disclosure risk requiring prompt patching.

Information Disclosure Discourse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-32620 MEDIUM PATCH This Month

Discourse versions 2026.1.0 through 2026.1.2, 2026.2.0 through 2026.2.1, and 2026.3.0 leak read receipt metadata (who read staff-only posts and when) to non-staff users who should not have access to that information. While no post content is exposed, the metadata disclosure violates intended access controls. Patches are available in versions 2026.1.3, 2026.2.2, and 2026.3.0.

Information Disclosure Discourse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-32143 MEDIUM PATCH This Month

Discourse moderators can export CSV data from admin-restricted reports in versions 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0-beta, circumventing role-based access controls and exposing sensitive operational data intended exclusively for administrators. The vulnerability requires authenticated moderator access but carries low confidentiality impact (CVSS 5.3). Vendor-released patches are available in Discourse 2026.1.3, 2026.2.2, and 2026.3.0.

Information Disclosure Discourse
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy