Skip to main content
CVE-2026-33185 MEDIUM PATCH This Month

Server-side request forgery (SSRF) in Discourse group email settings test endpoint allows authenticated non-staff group owners to initiate outbound connections to arbitrary hosts and ports, enabling internal network reconnaissance. Affects Discourse 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0-rc versions. Patched in 2026.1.3, 2026.2.2, and 2026.3.0. No public exploit code or active exploitation confirmed at time of analysis.

SSRF Discourse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-32615 MEDIUM PATCH This Month

Category group moderators in Discourse versions 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0-pre can perform privileged actions (such as topic moderation) on content within private categories to which they lack read access, bypassing intended access controls. This authenticated privilege escalation affects self-hosted and managed Discourse instances and has been resolved in versions 2026.1.3, 2026.2.2, and 2026.3.0+. No public exploit code or active exploitation has been reported at this time.

Authentication Bypass Discourse
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-1797 MEDIUM This Month

Unauthenticated attackers can directly access view PHP files in the Truebooker WordPress plugin (versions up to 1.1.4) to disclose sensitive information, such as user data or system configuration details exposed in those templates. The vulnerability requires only network access and no authentication, making it trivially exploitable via simple HTTP requests to exposed PHP files. No public exploit code or active exploitation has been confirmed at this time.

WordPress Information Disclosure Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-30280 MEDIUM This Month

Arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 enables remote attackers to overwrite critical internal files during the file import process, resulting in arbitrary code execution or information disclosure. No CVSS score, exploitation data, or vendor patch information is currently available; the vulnerability was disclosed via academic research channels rather than coordinated vendor notification.

File Upload RCE Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-24030 MEDIUM PATCH This Month

Memory exhaustion in DNSdist allows remote, unauthenticated attackers to trigger denial of service by crafting malicious DNS over QUIC or DNS over HTTP/3 payloads that force excessive memory allocation. The attack causes the QUIC connection to close abnormally, and in systems with limited memory reserves, can force out-of-memory conditions that terminate the DNSdist process entirely.

Denial Of Service Dnsdist
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-24028 MEDIUM PATCH This Month

Out-of-bounds read in PowerDNS dnsdist allows unauthenticated remote attackers to trigger denial of service or potential information disclosure by sending a crafted DNS response packet when custom Lua code uses the newDNSPacketOverlay function to parse packets. CVSS 5.3 indicates moderate severity with network-accessible attack surface and no privilege or user interaction required.

Denial Of Service Information Disclosure Buffer Overflow Dnsdist
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33578 MEDIUM PATCH GHSA This Month

Authorization policy bypass in OpenClaw messaging extensions allows unauthenticated remote attackers to circumvent sender allowlist restrictions and interact with bots without authorization. The vulnerability affects OpenClaw versions prior to 2026.3.28, specifically impacting Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy during resolution. With CVSS 9.8 (critical severity, network-accessible, no authentication required) and EPSS data unavailable, this represents a significant access control failure. No public exploit identified at time of analysis, though the attack complexity is low and requires no user interaction.

Authentication Bypass Google
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-24153 MEDIUM This Month

Information disclosure in NVIDIA Jetson Linux affects Xavier, Orin, and Thor series devices due to the nvluks trusted application remaining enabled in initrd. A local attacker with physical access and low-level privileges can exploit this to read sensitive data from the device, as confirmed by CWE-501 (CLS: Malicious Code Not Included in Executable) indicating improper access control to privileged components. CVSS 5.2 reflects the high confidentiality impact but requires physical attack vector and authenticated access; no public exploit or CISA KEV status reported.

Information Disclosure Nvidia
NVD VulDB
CVSS 3.1
5.2
EPSS
0.0%
CVE-2025-41357 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) in Anon Proxy Server v0.104 allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser via a malicious URL targeting the 'host' parameter of the /diagdns.php endpoint. An attacker can exploit this to steal session cookies, perform unauthorized actions, or redirect users to malicious content. No public exploit code or active exploitation has been confirmed at time of analysis.

XSS PHP
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41356 MEDIUM This Month

Reflected XSS in Anon Proxy Server v0.104 allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser via a malicious URL targeting the 'host' parameter in /diagconnect.php, potentially enabling session hijacking or unauthorized user actions. The vulnerability requires user interaction (clicking a malicious link) and has a CVSS score of 5.1 (medium severity). No public exploit code or active exploitation has been confirmed at the time of analysis.

XSS PHP
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41355 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) in Anon Proxy Server v0.104 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim browsers via malicious URLs targeting the 'port' and 'proxyPort' parameters in the /anon.php endpoint. Successful exploitation enables theft of session cookies and unauthorized actions on behalf of the victim. No public exploit code or active exploitation has been confirmed at time of analysis.

XSS PHP
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-32113 MEDIUM PATCH This Month

Open redirect vulnerability in Discourse versions 2026.1.0 through 2026.3.0 allows unauthenticated remote attackers to redirect users to arbitrary destinations via a malicious sso_destination_url cookie, exploiting a lack of URL validation in the StaticController enter action. While the cookie is normally set during legitimate DiscourseConnect Provider flows with cryptographic validation, attackers can directly set client-controlled cookies to bypass validation logic. The vulnerability requires user interaction (clicking a crafted link) and persistence of attacker-controlled cookies to exploit, but successful exploitation can be used for credential harvesting or phishing attacks. No public exploit code or active exploitation has been confirmed at time of analysis. Patched versions 2026.1.3, 2026.2.2, and 2026.3.0 are available.

Open Redirect
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-33415 MEDIUM PATCH This Month

Discourse versions 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0-beta allow authenticated moderators to bypass category permission controls and retrieve post content, topic titles, and usernames from categories they lack authorization to access via a sentiment analytics endpoint. Patches are available (2026.1.3, 2026.2.2, 2026.3.0); no public exploit code or active exploitation has been identified.

Authentication Bypass Discourse
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-34881 MEDIUM PATCH This Month

Server-Side Request Forgery in OpenStack Glance image import allows authenticated users to bypass URL validation via HTTP redirects and reach internal services. Affected versions include Glance prior to 29.1.1, 30.0.0 through 30.1.0, and 31.0.0. The vulnerability impacts web-download and glance-download import methods, plus the optional ovf_process plugin. An authenticated attacker can craft a redirect chain to access restricted internal endpoints, though the CVSS vector indicates no confidentiality impact and limited integrity risk (CVSS 5.0). No public exploit code or active exploitation has been confirmed at time of analysis.

SSRF Glance
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-4819 MEDIUM This Month

Search Guard FLX versions 1.0.0 through 4.0.1 leak user credentials into audit logs when users authenticate through Kibana, exposing plaintext authentication material to any system administrator or user with log access. The vulnerability requires high-privilege access to exploit and affects only confidentiality, but the presence of credentials in audit logs creates a persistent information disclosure risk that persists across backup and archival systems.

Information Disclosure Elastic
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-3468 MEDIUM This Month

Stored Cross-Site Scripting (XSS) in SonicWall Email Security allows authenticated admin users to inject and execute arbitrary JavaScript code through improper input sanitization during web page generation. The vulnerability affects all versions of SonicWall Email Security appliance and requires admin-level authentication to exploit, limiting immediate exposure but posing significant risk to organizations where admin accounts are compromised or insider threats exist.

Sonicwall XSS
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-62184 MEDIUM This Month

Stored cross-site scripting (XSS) in Pega Platform versions 8.1.0 through 25.1.0 allows authenticated administrative users with extensive access rights to inject malicious scripts into user interface components, potentially compromising the confidentiality of other users who interact with affected UI elements. The vulnerability requires high-privilege administrative access and user interaction to exploit, resulting in a CVSS 4.8 (low severity) with no integrity or availability impact. No public exploit code or active exploitation has been identified at time of analysis.

XSS Pega Infinity
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-34441 MEDIUM PATCH This Month

HTTP Request Smuggling in cpp-httplib prior to 0.40.0 allows remote attackers to inject arbitrary HTTP requests on HTTP/1.1 keep-alive connections by embedding malicious request data in the body of GET requests that the static file handler does not consume. The unread body bytes remain on the TCP stream and are interpreted as a new request, enabling information disclosure and request manipulation without authentication or user interaction.

Request Smuggling Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-34450 MEDIUM PATCH GHSA This Month

Anthropic Python SDK versions 0.86.0 to before 0.87.0 create memory files with overly permissive file permissions (0o666), allowing local attackers to read persisted agent state or modify memory files to influence model behavior on shared hosts and Docker environments. The vulnerability affects both synchronous and asynchronous memory tool implementations and has been patched in version 0.87.0; no public exploit code or active exploitation has been identified at the time of analysis.

Python Privilege Escalation Docker
NVD GitHub
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-27854 MEDIUM PATCH This Month

DNSdist instances using custom Lua code can be crashed via denial of service when the DNSQuestion:getEDNSOptions method accesses a modified DNS packet, triggering a use-after-free condition. This affects DNSdist across all versions and requires network access to send crafted DNS queries, but the attack demands specific Lua code patterns and high attack complexity; no public exploit or active exploitation has been confirmed, and the real-world impact is limited to environments where custom Lua DNS query handlers reference EDNS options.

Use After Free Denial Of Service Memory Corruption Dnsdist
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-22561 MEDIUM PATCH This Month

DLL search-order hijacking in Anthropic Claude for Windows installer (Claude Setup.exe) versions before 1.1.3363 enables local privilege escalation to system context. An attacker with low privileges and physical or local access can plant a malicious DLL (such as profapi.dll) in the installer directory; when an elevated user runs the installer, the uncontrolled search path causes the malicious DLL to be loaded and executed with system privileges, achieving arbitrary code execution. No public exploit code or active exploitation has been confirmed at the time of analysis.

Privilege Escalation RCE Microsoft
NVD
CVSS 4.0
4.7
EPSS
0.0%
CVE-2026-34382 MEDIUM PATCH GHSA This Month

Admidio 5.0.0 through 5.0.7 allows authenticated users to permanently delete list configurations via CSRF attacks in the mylist_function.php delete handler, lacking CSRF token validation. An attacker can craft a malicious page to silently destroy a victim's shared list configurations, including organization-wide lists if the victim holds administrator rights. No public exploit code has been identified at time of analysis. Vendor-released patch: version 5.0.8.

PHP CSRF
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-34384 MEDIUM PATCH GHSA This Month

Admidio prior to version 5.0.8 allows attackers with pending registration status to bypass CSRF protections and trick administrators with approval rights into automatically approving registrations via malicious URLs, enabling unauthorized account activation without manual review. The vulnerability affects the create_user, assign_member, and assign_user action modes in modules/registration.php, which process GET requests without token validation unlike the delete_user mode in the same file. An attacker extracts their user UUID from a registration confirmation email, crafts a URL targeting administrators, and gains illicit account approval through social engineering rather than technical compromise.

PHP CSRF
NVD GitHub
CVSS 3.1
4.5
EPSS
0.0%
CVE-2026-32951 MEDIUM PATCH This Month

Discourse versions 2026.1.0 through 2026.1.2, 2026.2.0 through 2026.2.1, and 2026.3.0 prior to patching allow authenticated users to disclose shared draft topic titles via specially crafted inline onebox requests that reference the shared drafts category. An attacker with valid Discourse credentials can enumerate and read draft titles not intended for their access, violating information confidentiality. The vulnerability has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0; EPSS and KEV data indicate no current active exploitation, though the fix is available and should be deployed promptly given the low barrier to exploitation.

Information Disclosure Discourse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-32618 MEDIUM PATCH This Month

Discourse chat user search functionality discloses channel membership information to authenticated users without proper authorization checks, allowing users to infer private channel membership across versions 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0-rc1, affecting community administrators and organizations relying on channel privacy. The vulnerability requires authenticated access but carries low confidentiality impact (CVSS 4.3); patches are available in versions 2026.1.3, 2026.2.2, and 2026.3.0.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-4799 MEDIUM This Month

Open redirect in Search Guard FLX up to version 4.0.1 allows unauthenticated remote attackers to craft malicious requests that redirect users to untrusted URLs, enabling phishing and credential theft attacks. The vulnerability requires user interaction (clicking a redirected link) and affects all versions through 4.0.1. No public exploit code or active exploitation has been confirmed at time of analysis.

Open Redirect
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3139 MEDIUM This Month

User Profile Builder plugin for WordPress up to version 3.15.5 allows authenticated subscribers and above to reassign ownership of arbitrary posts and attachments through insecure direct object reference (IDOR) in the wppb_save_avatar_value() function. The vulnerability lacks validation on user-controlled keys, enabling privilege escalation where low-privileged users can modify post_author fields to take control of content created by other users. No public exploit code or active exploitation has been identified at time of analysis.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-34738 MEDIUM PATCH GHSA This Month

WWBN AVideo versions 26.0 and prior allow authenticated uploaders to bypass content moderation by directly setting video status to active via an unvalidated overrideStatus parameter, circumventing admin-controlled review workflows. The vulnerability affects any user with upload permissions and has a CVSS score of 4.3 (low-to-moderate severity) with no public exploit code identified at time of analysis.

Authentication Bypass Avideo
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-34383 MEDIUM PATCH GHSA This Month

Admidio versions prior to 5.0.8 allow authenticated users to bypass CSRF token validation and server-side form validation in the inventory module's item_save endpoint by setting the imported POST parameter to true, enabling unauthorized modification of inventory item data without proper security checks. The vulnerability requires valid authentication but carries moderate impact due to the complete circumvention of two independent security controls.

CSRF Admidio
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-34553 MEDIUM This Month

Local integrity modification in iccDEV prior to version 2.3.1.6 affects the CIccCLUT::Iterate() function and CLUT dumping output in CIccMBB::Describe(), allowing local attackers without privileges to alter ICC color profile data integrity. The vulnerability requires local access and produces incorrect LUT (Look-Up Table) dump output that could compromise color management workflows relying on accurate profile representation.

Information Disclosure Iccdev
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-3470 LOW Monitor

Database corruption in SonicWall Email Security appliance via improper input sanitization allows authenticated admin users to corrupt the application database by submitting crafted input. The vulnerability requires valid administrative credentials and affects all versions of SonicWall Email Security as indicated by the CPE wildcard matching. No CVSS scoring, public exploit code, or CISA KEV status is available at this time, limiting precise risk quantification.

Sonicwall Information Disclosure
NVD
CVSS 3.1
3.8
EPSS
0.1%
CVE-2026-5115 LOW PATCH Monitor

PaperCut NG/MF embedded application on Konica Minolta multifunction devices transmits sensitive session data over an insecure communication channel, enabling session hijacking and potential credential theft or phishing attacks against end users. The vulnerability affects all versions of the embedded application and was discovered internally by PaperCut; no public exploit code or active exploitation has been confirmed at this time.

Information Disclosure Papercut Ng Mf
NVD
CVSS 4.0
3.6
EPSS
0.0%
CVE-2026-0397 LOW PATCH Monitor

Cross-Origin Resource Sharing (CORS) misconfiguration in PowerDNS dnsdist's internal webserver allows remote attackers to extract sensitive configuration information from the dashboard through a social engineering attack targeting authenticated administrators. An attacker can trick an admin into visiting a malicious website, which then leverages the misconfigured CORS policy to read dashboard API responses containing running configuration details. The vulnerability requires the internal webserver to be enabled (disabled by default) and user interaction, resulting in limited confidentiality impact with no integrity or availability risk.

Cors Misconfiguration Information Disclosure
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-0396 LOW PATCH Monitor

HTML injection in DNSdist internal web dashboard allows remote unauthenticated attackers to inject malicious content via crafted DNS queries when domain-based dynamic rules are enabled, requiring user interaction to exploit. This affects all DNSdist versions with vulnerable rule functionality and carries low integrity impact with no confidentiality or availability consequences.

XSS Dnsdist
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-3469 LOW Monitor

SonicWall Email Security appliance becomes unresponsive due to improper input validation when an authenticated administrator submits malformed input, causing a denial of service. The vulnerability affects all versions of SonicWall Email Security and requires valid admin credentials to exploit. While CVSS scoring is unavailable, the attack vector is remote and authenticated, limiting exposure to insider threats or compromised admin accounts.

Sonicwall Information Disclosure
NVD
CVSS 3.1
2.7
EPSS
0.1%
CVE-2026-34203 LOW PATCH GHSA Monitor

Nautobot REST API user creation and modification endpoints bypass Django's configured password validation rules, allowing authenticated administrators to set or modify user passwords that fail to meet organizational security standards. Versions prior to 2.4.30 and 3.0.10 are affected; an authenticated admin with high privileges can create accounts with weak passwords despite configured AUTH_PASSWORD_VALIDATORS rules. CVSS score is 2.7 (low severity) due to requirement for authenticated administrative access; however, organizations with strict password policies relying on Nautobot's config-driven enforcement face integrity risk.

Python Brute Force Information Disclosure
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-34509 LOW PATCH Monitor

Authorization bypass in OpenClaw's Microsoft Teams plugin allows unauthenticated remote attackers to circumvent sender allowlists and trigger replies in restricted Teams routes. Affecting OpenClaw versions before 2026.3.8, the flaw manifests when team/channel route allowlists contain empty groupAllowFrom parameters, causing the message handler to synthesize wildcard sender authorization instead of enforcing intended restrictions. No public exploit identified at time of analysis, though CVSS 7.5 reflects network-accessible exploitation with low complexity requiring no authentication. Vendor-released patch available in version 2026.3.8 with upstream commit 88aee916.

Authentication Bypass Microsoft
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-34506 LOW PATCH Monitor

Authorization bypass in OpenClaw Microsoft Teams plugin (versions before 2026.3.8) permits unauthenticated attackers to circumvent sender allowlists when team/channel routes are configured with empty groupAllowFrom parameters. Remote attackers can exploit this network-accessible flaw with low complexity to trigger unauthorized message replies and access sensitive information in allowlisted Teams routes. EPSS and KEV data not available for this recent CVE; no public exploit identified at time of analysis.

Microsoft Authentication Bypass
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-32607 LOW PATCH Monitor

Stored cross-site scripting (XSS) in Discourse assignment UI allows authenticated users with assign permission to inject arbitrary HTML/JavaScript into user and group display names when the hidden prioritize_full_name_in_ux site setting is enabled, affecting versions 2026.1.0–2026.1.2, 2026.2.0–2026.2.1, and 2026.3.0. The injected payload executes in the browser of any user viewing an affected topic, enabling session hijacking, credential theft, or malware distribution. No active exploitation confirmed; however, the requirement for console access to enable the vulnerable setting and assign permission to exploit limits real-world impact, though the low CVSS score (2.1) reflects these constraints rather than severity of XSS itself.

XSS Discourse
NVD GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4794 LOW PATCH Monitor

Stored cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF versions before 25.0.10 allow authenticated administrator users to inject malicious scripts via multiple UI fields, potentially compromising other administrators' sessions and enabling unauthorized actions within the administrator context. The vulnerability requires valid administrator credentials and an active login session to exploit, limiting exposure to trusted administrative users but creating significant insider risk.

XSS Papercut Ng Mf
NVD
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5205 LOW Monitor

Server-side request forgery (SSRF) in Chatwoot up to version 4.11.2 allows authenticated remote attackers to manipulate the URL argument in the Webhooks::Trigger function, enabling arbitrary HTTP requests from the server. Publicly available exploit code exists, and the vendor has not responded to disclosure efforts. While CVSS is moderate (5.3), the presence of public POC and authenticated attack vector creates a meaningful exploitation risk for deployed instances.

SSRF Chatwoot
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-33073 LOW PATCH Monitor

Discourse versions 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0 leak Stripe API keys across sites in multisite cluster deployments due to improper credential isolation in the discourse-subscriptions plugin, allowing authenticated users with UI access on one site to view payment credentials belonging to other sites within the same cluster. CVSS 2.0 reflects low severity (information disclosure only, requires authentication and user interaction), but the exposure of payment processor credentials carries material business risk. Patches are available in versions 2026.1.3, 2026.2.2, and 2026.3.0.

Information Disclosure Discourse
NVD GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-32970 LOW PATCH Monitor

OpenClaw before version 2026.3.11 allows local authenticated users to bypass local authentication boundaries through a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretRefs are incorrectly treated as unset, enabling fallback to remote credentials in local-only mode. The vulnerability requires local access and specific misconfiguration of auth references but can result in information disclosure if an attacker selects incorrect credential sources via CLI and helper paths. No public exploit code or active exploitation has been identified.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-5186 LOW Monitor

Double free vulnerability in Nothings stb library (up to version 2.30) in the multi-frame GIF file handler function stbi__load_gif_main allows local authenticated attackers to cause information disclosure and memory corruption. Public exploit code is available. The vendor did not respond to early disclosure notification, leaving affected users without an official patch.

Information Disclosure Stb
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-5185 LOW PATCH Monitor

Heap-based buffer overflow in Nothings stb_image library up to version 2.30 in the stbi__gif_load_next function allows local authenticated attackers to cause memory corruption with limited confidentiality, integrity, and availability impact. Public exploit code is available; however, the vulnerability requires local access and authenticated privilege level, significantly limiting real-world exploitation scope. The vendor has not responded to early disclosure attempts.

Heap Overflow Buffer Overflow Stb Image
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-5236 LOW Monitor

Heap-based buffer overflow in Axiomatic Bento4 up to version 1.6.0-641 allows local authenticated attackers to cause a denial of service or potentially corrupt memory via the AP4_BitReader::SkipBits function in the DSI v1 Parser component when processing a maliciously crafted n_presentations argument. Public exploit code is available; vendor has not responded to early disclosure.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy