Skip to main content
CVE-2026-30521 MEDIUM POC This Month

SourceCodester Loan Management System v1.0 allows authenticated administrators to create loan plans with negative interest rates by submitting negative values in HTTP POST requests, bypassing client-side validation that lacks server-side enforcement. This business logic vulnerability enables attackers with administrative credentials to manipulate loan terms and potentially cause financial harm to the organization. Publicly available exploit code exists demonstrating the attack.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-5176 MEDIUM POC This Month

Command injection in Totolink A3300R router firmware 17.0.0cu.557_b20221024 allows unauthenticated remote attackers to execute arbitrary system commands via the setSyslogCfg function in /cgi-bin/cstecgi.cgi. Public exploit code is available on GitHub, significantly lowering the barrier to exploitation. The CVSS vector (AV:N/AC:L/PR:N) confirms network-accessible exploitation with low complexity and no authentication required, enabling pre-authentication remote code execution on affected routers.

Command Injection A3300R
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
2.4%
CVE-2026-3881 MEDIUM POC This Month

Unauthenticated Server-Side Request Forgery (SSRF) in Performance Monitor WordPress plugin through version 1.0.6 allows remote attackers to perform arbitrary HTTP requests by exploiting insufficient parameter validation. The vulnerability enables attackers without authentication to interact with internal network resources and services accessible from the WordPress server, potentially leading to information disclosure, lateral movement, or interaction with backend systems.

WordPress SSRF
NVD WPScan
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-5210 MEDIUM POC This Month

Remote file inclusion in SourceCodester Leave Application System 1.0 allows unauthenticated attackers to manipulate the page parameter and access arbitrary files, resulting in information disclosure. The CVSS 4.0 score of 6.9 reflects low confidentiality impact with network-based attack vector and no user interaction required. Publicly available exploit code exists, increasing practical risk despite the moderate CVSS rating.

Information Disclosure Leave Application System
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5198 MEDIUM POC This Month

SQL injection in code-projects Student Membership System 1.0 admin login allows unauthenticated remote attackers to bypass authentication and access sensitive data via crafted username/password parameters at /admin/index.php. Publicly available exploit code exists (VulDB 354296, GitHub POC), enabling trivial exploitation with no attack complexity. CVSS 7.3 reflects network-accessible attack with low confidentiality/integrity/availability impact. No vendor-released patch identified at time of analysis.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5182 MEDIUM POC This Month

SQL injection in SourceCodester Teacher Record System 1.0 allows unauthenticated remote attackers to execute arbitrary SQL commands via the 'searchteacher' parameter in the Parameter Handler component. The vulnerability has a publicly available exploit (GitHub POC published), enabling extraction of sensitive data, modification of database records, or potential system compromise. CVSS 7.3 (High severity) with low attack complexity and no authentication required indicates significant exploitation risk.

SQLi Teacher Record System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5180 MEDIUM POC This Month

SQL injection in SourceCodester Simple Doctors Appointment System 1.0 allows unauthenticated remote attackers to compromise confidentiality, integrity, and availability via the /admin/ajax.php login endpoint. Attackers manipulate the 'email' parameter to execute arbitrary SQL commands. Publicly available exploit code exists (GitHub POC published), significantly lowering the attack barrier. The CVSS score of 7.3 reflects network-based exploitation requiring low complexity and no privileges, with partial impact across all CIA triad elements. No CISA KEV listing at time of analysis, but the combination of public exploit and authentication bypass capability makes this a realistic threat to internet-facing instances.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5179 MEDIUM POC This Month

SQL injection in SourceCodester Simple Doctors Appointment System 1.0 allows remote unauthenticated attackers to extract, modify, or delete database contents via the Username parameter in /admin/login.php. Publicly available exploit code exists (GitHub POC), enabling trivial exploitation with no authentication required. CVSS 7.3 reflects low attack complexity and network accessibility. EPSS data unavailable, but public POC significantly elevates real-world risk for internet-facing installations.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-30520 MEDIUM POC This Month

Blind SQL injection in SourceCodester Loan Management System v1.0 allows authenticated attackers to inject malicious SQL commands via the borrower_id parameter in the ajax.php save_loan action. The vulnerability requires valid authentication to exploit and publicly available proof-of-concept code exists, making this a moderate-risk issue for organizations using this open-source application despite the lack of CVSS scoring.

SQLi PHP
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-34505 MEDIUM PATCH This Month

Webhook secret brute-forcing in OpenClaw before 2026.3.12 enables attackers to forge authenticated webhooks by exploiting pre-authentication rate limit bypass. Unauthenticated remote attackers can systematically guess webhook secrets without triggering rate limiting (which only applies post-authentication), then submit forged webhook payloads to compromise system integrity and confidentiality. CVSS 9.8 (Critical) with network attack vector and no authentication required. No public exploit identified at time of analysis, though exploitation requires only standard HTTP tooling. EPSS data not available; exploitation appears automatable given the straightforward nature of brute-force attacks against webhook endpoints.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-34530 MEDIUM PATCH GHSA This Month

Stored cross-site scripting in File Browser via admin-controlled branding fields allows injection of persistent JavaScript that executes for all visitors, including unauthenticated users. The vulnerability stems from use of Go's text/template (which performs no HTML escaping) instead of html/template when rendering the SPA index.html with branding data. An authenticated admin can inject malicious payloads into branding.name or branding.color fields that break out of their intended HTML context and execute arbitrary JavaScript in every user's browser without restriction, as no Content-Security-Policy header is set. Affected versions through v2.62.1 are vulnerable; vendor-released patches are available.

XSS Python Docker
NVD GitHub VulDB
CVSS 3.1
6.9
EPSS
0.1%
CVE-2026-30879 MEDIUM PATCH GHSA This Month

Cross-site scripting (XSS) vulnerability in baserCMS prior to version 5.2.3 allows attackers to inject malicious scripts into blog posts, potentially enabling session hijacking, credential theft, or malware distribution to site visitors. The vulnerability affects the blog post functionality and has been patched in version 5.2.3; no public exploit code or active exploitation has been confirmed at time of analysis.

XSS Basercms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-34404 MEDIUM PATCH GHSA This Month

Nuxt OG Image versions prior to 6.2.5 are vulnerable to denial of service through unbounded image dimension parameters in the /_og/d/ endpoint. Attackers can specify arbitrarily large width and height values, causing the image-generation component to consume excessive CPU and memory resources, resulting in application unavailability. No authentication is required to exploit this vulnerability.

Denial Of Service Og Image
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-34443 MEDIUM PATCH This Month

FreeScout prior to version 1.8.211 fails to validate Server-Side Request Forgery (SSRF) protections due to a flawed IP range check in checkIpByMask() that only accepts CIDR notation and rejects plain IP addresses, leaving the entire 10.0.0.0/8 and 172.16.0.0/12 private IP ranges unprotected from SSRF attacks. Remote attackers can exploit this logic error to access internal services and resources on private networks that the application can reach, potentially escalating to information disclosure or further lateral movement. The vulnerability is confirmed patched in version 1.8.211.

PHP SSRF
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-34235 MEDIUM PATCH This Month

Heap out-of-bounds read in PJSIP's VP9 RTP unpacketizer allows remote attackers to read memory beyond allocated buffer boundaries by sending crafted VP9 Scalability Structure data, potentially disclosing sensitive information. PJSIP versions prior to 2.17 are affected. The vulnerability requires network access but no authentication, authentication complexity, or user interaction, with CVSS score of 6.9 indicating moderate severity driven by availability impact. Vendor-released patch available in version 2.17.

Information Disclosure Buffer Overflow Pjproject
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-34504 MEDIUM PATCH This Month

Server-side request forgery in OpenClaw before 2026.3.28 allows unauthenticated remote attackers to fetch internal URLs through unguarded image download operations in the fal provider image-generation-provider.ts component, enabling exposure of internal service metadata and responses via the image pipeline. CVSS 5.3 indicates moderate integrity impact without authentication requirements. No public exploit code or active exploitation confirmed at time of analysis.

SSRF Openclaw
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-33576 MEDIUM PATCH GHSA This Month

Unauthenticated attackers can force OpenClaw versions before 2026.3.28 to download and store arbitrary media files through Zalo messaging channels, bypassing sender authorization checks. The flaw allows remote exploitation without authentication (CVSS 9.8 critical) to consume network bandwidth and storage resources. No public exploit identified at time of analysis, though the attack vector is straightforward given the lack of pre-validation authorization checks. Vendor-released patch available via commit 68ceaf7a5.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-5195 MEDIUM This Month

SQL injection in code-projects Student Membership System 1.0 allows unauthenticated remote attackers to extract, modify, or delete database contents via the User Registration Handler component. The vulnerability has a CVSS score of 7.3 with network-based attack vector and low complexity, requiring no privileges or user interaction. EPSS data not available; no CISA KEV listing indicates confirmed actively exploited status is unknown. Publicly available exploit code exists per researcher disclosure on GitHub, elevating real-world risk for organizations running this application.

SQLi Student Membership System
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-27697 MEDIUM PATCH GHSA This Month

SQL injection in baserCMS prior to version 5.2.3 allows unauthenticated remote attackers to execute arbitrary SQL queries through unvalidated input in blog post functionality. The vulnerability affects all versions before 5.2.3 and has been patched; no public exploit code or active exploitation has been confirmed at the time of analysis.

SQLi Basercms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-34400 MEDIUM PATCH GHSA This Month

SQL injection in Alerta's Query string search API (q= parameter) allows unauthenticated remote attackers to execute arbitrary SQL commands against the underlying PostgreSQL database. The vulnerability stems from unsafe f-string interpolation of user-supplied search terms directly into SQL WHERE clauses without parameterization. Alerta versions prior to 9.1.0 are affected; the vulnerability has been patched in version 9.1.0 with no public exploit code identified at time of analysis.

PostgreSQL SQLi
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-4818 MEDIUM This Month

Search Guard FLX versions 3.0.0 through 4.0.1 allow authenticated users with insufficient privileges to execute unauthorized management operations on data streams due to improper access control, enabling privilege escalation with high confidentiality and integrity impact. The CVSS score of 6.8 reflects network accessibility and moderate attack complexity, with active data stream manipulation possible after authentication. No public exploit code or confirmed active exploitation has been identified at this time.

Authentication Bypass Search Guard Flx
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-64340 MEDIUM PATCH GHSA This Month

Command injection in fastmcp install allows Windows users to execute arbitrary commands via shell metacharacters in server names. When installing a server with a name containing characters like `&` (e.g., `fastmcp install claude-code` with server name `test&calc`), the metacharacter is interpreted by cmd.exe during execution of .cmd wrapper scripts, leading to arbitrary command execution with user privileges. This affects Windows systems running claude or gemini CLI installations; macOS and Linux are unaffected. A patch is available via GitHub PR #3522.

Python Command Injection Apple Microsoft
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-34401 MEDIUM PATCH This Month

XML Notepad versions prior to 2.9.0.21 allow remote attackers to leak local file contents or capture NTLM credentials via crafted XML files with malicious DTDs, exploiting disabled-by-default DTD processing that automatically resolves external entities. The vulnerability requires user interaction (opening a malicious XML file) but poses significant confidentiality risk on Windows systems where NTLM credential interception is feasible. Microsoft released patched version 2.9.0.21 to address this XXE (XML External Entity) issue.

Microsoft XXE
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-34733 MEDIUM PATCH GHSA This Month

Unauthenticated remote attackers can bypass CLI-only access controls in WWBN AVideo versions 26.0 and prior via a PHP operator precedence bug in install/deleteSystemdPrivate.php, allowing HTTP access to delete server temp directory files and disclose their contents without authentication. The vulnerability stems from a logic error where !php_sapi_name() === 'cli' evaluates incorrectly due to operator binding precedence, causing the access guard to fail entirely. No public exploit code or active exploitation has been reported at the time of this analysis.

PHP Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-2950 MEDIUM PATCH GHSA This Month

Prototype pollution in Lodash 4.17.23 and earlier allows unauthenticated remote attackers to delete properties from built-in prototypes (Object.prototype, Number.prototype, String.prototype) via array-wrapped path segments in _.unset and _.omit functions, bypassing the incomplete fix for CVE-2025-13465. The vulnerability has a CVSS score of 6.5 with low integrity and availability impact; no public exploit code or active exploitation has been confirmed at time of analysis.

Prototype Pollution Authentication Bypass Red Hat
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-1710 MEDIUM This Month

Unauthenticated attackers can modify WooPayments plugin settings through a missing capability check in the 'save_upe_appearance_ajax' AJAX function, affecting all versions up to and including 10.5.1. This allows remote attackers to alter payment appearance configurations without authentication, potentially disrupting payment processing or customer experience. No public exploit code or active exploitation has been identified at time of analysis.

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34531 MEDIUM PATCH GHSA This Month

Flask-HTTPAuth versions prior to 4.8.1 allow authentication bypass when applications store empty string tokens in their user database, enabling unauthenticated attackers to authenticate as any user with an empty token set by submitting requests without a token or with an empty token value. This affects only token-based authentication mechanisms that verify tokens via database lookup rather than cryptographic means (e.g., JWTs). CVSS score 6.5 reflects moderate integrity impact with low computational attack complexity, and no public exploit code has been identified at the time of analysis.

Python Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34887 MEDIUM This Month

Stored cross-site scripting (XSS) in Extend Themes Kubio AI Page Builder through version 2.7.0 allows authenticated users to inject malicious scripts that execute in the browsers of other users viewing affected pages. An attacker with user account access can inject unescaped input during page generation, leading to session hijacking, credential theft, or malware distribution. No public exploit code has been identified at the time of analysis.

XSS Kubio Ai Page Builder
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34395 MEDIUM GHSA This Month

Information disclosure in WWBN AVideo versions 26.0 and prior allows authenticated users to enumerate and dump the complete user database including personal information and wallet balances via the /plugin/YPTWallet/view/users.json.php endpoint. The vulnerability stems from inadequate authorization checks that verify user login status but fail to enforce administrator-only access, enabling any registered account holder to retrieve sensitive data belonging to all platform users. No public exploit code or active exploitation has been confirmed at time of analysis, and vendor patches are not yet available.

Authentication Bypass PHP
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34586 MEDIUM PATCH This Month

PdfDing prior to version 1.7.1 permits authenticated users to bypass access controls on shared PDF documents by accessing content after expiration, view limits, or soft-deletion due to incomplete validation in the check_shared_access_allowed() function. The Serve and Download endpoints rely solely on session existence checks without verifying SharedPdf.inactive or SharedPdf.deleted flags, allowing previously-authorized users to retrieve sensitive content that should no longer be accessible. This authentication bypass affects all versions before 1.7.1 and requires valid authentication credentials to exploit.

Authentication Bypass Pdfding
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34737 MEDIUM PATCH GHSA This Month

Authenticated users in WWBN AVideo 26.0 and prior can cancel arbitrary Stripe subscriptions through an exposed test.php debug endpoint in the StripeYPT plugin, exploiting a logic error in the retrieveSubscriptions() method that performs cancellation instead of retrieval. The vulnerability requires valid login credentials but allows any authenticated user-not just administrators-to trigger subscription cancellations, causing integrity violations to payment operations. No public exploit code or active exploitation has been reported at time of analysis, and vendor patches are not yet available.

PHP Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34740 MEDIUM PATCH GHSA This Month

Stored server-side request forgery (SSRF) in WWBN AVideo 26.0 and prior allows authenticated users with upload permissions to inject arbitrary URLs into the EPG (Electronic Program Guide) link feature, which the server automatically fetches on each EPG page visit. This enables attackers to scan internal networks, access cloud metadata services, and interact with internal services without the authentication or complexity barriers normally present in network-based attacks. No public exploit code identified at time of analysis.

SSRF Avideo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34613 MEDIUM PATCH GHSA This Month

CSRF vulnerability in WWBN AVideo 26.0 and prior allows unauthenticated attackers to disable critical security plugins on admin accounts via malicious web pages, exploiting missing CSRF token validation combined with SameSite=None session cookies and ORM-level security bypass. An attacker can trick an authenticated administrator into visiting a crafted webpage that silently disables plugins such as LoginControl (2FA), subscription enforcement, or access control mechanisms, compromising the platform's security posture without the admin's knowledge or consent.

CSRF PHP
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34611 MEDIUM PATCH GHSA This Month

CSRF vulnerability in WWBN AVideo 26.0 and prior allows unauthenticated attackers to send arbitrary HTML emails to all platform users by luring administrators to a malicious webpage. The vulnerability exploits absent CSRF token validation on the emailAllUsers.json.php endpoint combined with SameSite=None session cookie configuration, enabling cross-origin POST requests to execute with the admin's session credentials. An attacker can impersonate the platform's legitimate SMTP sender to distribute phishing emails, spam, or malware links to the entire user base without any authentication requirement beyond initial admin compromise via social engineering.

PHP CSRF
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24029 MEDIUM PATCH This Month

PowerDNS dnsdist allows unauthenticated DNS over HTTPS (DoH) queries to bypass access control lists when the early_acl_drop option is disabled on nghttp2 frontends, exposing the DNS resolver to unauthorized query submission and potential information disclosure. Affected versions include dnsdist across multiple releases where this configuration weakness exists; the vulnerability has a CVSS score of 6.5 and exposes both confidentiality and integrity concerns despite not affecting availability.

Authentication Bypass Dnsdist
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34716 MEDIUM GHSA This Month

Stored cross-site scripting (XSS) in WWBN AVideo versions 26.0 and prior allows authenticated attackers to execute arbitrary JavaScript in the browsers of online users without any victim interaction. An attacker with a user account can set their display name to an XSS payload; when they initiate a call via the YPTSocket plugin, the caller notification rendered by the jQuery Toast Plugin executes the malicious script in every connected user's browser, enabling session hijacking, credential theft, or further compromise. CVSS 6.4 reflects moderate complexity due to authentication requirement and limited direct impact scope.

XSS RCE Avideo
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-1834 MEDIUM This Month

Stored cross-site scripting in Ibtana - WordPress Website Builder plugin up to version 1.2.5.7 allows authenticated contributors to inject arbitrary JavaScript via the 'ive' shortcode due to insufficient input sanitization and output escaping. When an injected page is accessed by any user, the malicious script executes in their browser with the privileges of their WordPress session, enabling session hijacking, credential theft, or administrative actions depending on victim privileges. No public exploit code or active exploitation has been confirmed at the time of analysis.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-2480 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in WP Shortcodes Plugin - Shortcodes Ultimate through version 7.4.10 allows authenticated contributors and above to inject arbitrary JavaScript via the 'max_width' attribute of the su_box shortcode due to insufficient input sanitization and output escaping. The injected scripts persist in page content and execute for all users viewing the affected page, enabling attackers with contributor-level WordPress access to compromise site visitors without additional user interaction.

WordPress XSS
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-33580 MEDIUM PATCH This Month

Brute-force attacks against OpenClaw webhook authentication allow unauthenticated remote attackers to forge Nextcloud Talk webhook events by exploiting missing rate limiting on shared secret validation. Affecting OpenClaw versions prior to 2026.3.28, attackers can repeatedly attempt authentication without throttling to compromise weak shared secrets and inject malicious webhook payloads. CVSS 9.8 critical severity reflects network-accessible attack surface requiring no authentication. No public exploit identified at time of analysis, though EPSS data not available. Vendor-released patch available via commit e403decb6e20091b5402780a7ccd2085f98aa3cd.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-34508 MEDIUM PATCH This Month

OpenClaw before version 2026.3.12 allows authenticated attackers to bypass rate limiting on webhook secret validation by exploiting a logic flaw that applies rate limits only after successful authentication, enabling brute-force attacks against webhook credentials and injection of forged Zalo webhook traffic. The vulnerability requires authenticated access but results in high-confidence credential compromise.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-34451 MEDIUM PATCH GHSA This Month

Path traversal vulnerability in Anthropic Claude SDK for TypeScript (versions 0.79.0-0.80.x) allows remote attackers to read and write files outside the intended sandboxed memory directory via prompt injection. The vulnerability exploits incomplete path validation in the local filesystem memory tool, where a model supplied with crafted input can reference sibling directories sharing the memory root's name prefix. Patch available in version 0.81.0; no public exploit code or active exploitation confirmed, but the attack surface is exposed to any application using the affected SDK versions with model-supplied file paths.

Path Traversal Claude Sdk For Typescript
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-33074 MEDIUM PATCH This Month

Discourse versions 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0-pre allow authenticated users to escalate their subscription tier by purchasing a lower-cost plan while obtaining benefits reserved for higher-tier subscriptions. The vulnerability has a CVSS 6.3 score reflecting the integrity impact, requires high attack complexity and partial timing conditions, but affects confidentiality minimally. Vendor-released patches address the flaw in versions 2026.1.3, 2026.2.2, and 2026.3.0, and the exploit likely requires knowledge of the subscription grant mechanism.

Privilege Escalation Discourse
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-32619 MEDIUM PATCH This Month

Discourse versions 2026.1.0 through 2026.1.2, 2026.2.0 through 2026.2.1, and 2026.3.0-beta retain unauthorized poll interaction capabilities for users who have lost access to private topics, allowing them to vote on and toggle poll status despite removal from category group membership. While no topic content is exposed, the vulnerability permits state modification in topics to which access should have been revoked, violating the intended access control model. Patched versions 2026.1.3, 2026.2.2, and 2026.3.0 are available, and no public exploit code has been identified.

Authentication Bypass Discourse
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-34218 MEDIUM PATCH This Month

ClearanceKit on macOS fails to enforce managed and user-defined file-access policies during startup, allowing local processes to bypass intended access controls until GUI interaction triggers policy reloading. The vulnerability affects ClearanceKit versions prior to 4.2.14, where two startup defects create a window in which only a hardcoded baseline rule is enforced, leaving the system vulnerable to privilege escalation and unauthorized file access. This issue is not confirmed actively exploited, but the trivial attack vector (local, no authentication) and high integrity/system impact make it a meaningful risk for systems relying on ClearanceKit for file-access enforcement.

Apple Privilege Escalation
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-34556 MEDIUM This Month

Heap buffer overflow in iccDEV's icAnsiToUtf8() function allows local attackers to cause denial of service via a crafted ICC color profile processed by the iccToXml tool. The vulnerability exists in versions prior to 2.3.1.6 and stems from unsafe string handling that treats non-null-terminated buffers as C-strings, triggering out-of-bounds memory reads. CVSS 6.2 with local attack vector and no authentication required; vendor-released patch available in version 2.3.1.6.

Buffer Overflow Information Disclosure Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34555 MEDIUM This Month

Stack buffer overflow in iccDEV library versions prior to 2.3.1.6 allows local attackers to cause denial of service by crafting malicious ICC color management profile files that trigger a 4-byte write overflow in CIccTagFixedNum<>::GetValues(). The vulnerability requires local access and no user interaction, with CVSS 6.2 reflecting the high availability impact. No public exploit code or active exploitation has been identified; vendor-released patch version 2.3.1.6 is available.

Buffer Overflow Stack Overflow Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34554 MEDIUM This Month

Heap buffer overflow in iccDEV's CIccApplyCmmSearch::costFunc() function allows local attackers to trigger an out-of-bounds memory read via malformed JSON configuration input to the iccApplySearch tool, resulting in denial of service. The vulnerability affects iccDEV versions prior to 2.3.1.6 and has been patched; no public exploit identified at time of analysis, though the issue is straightforward to trigger with crafted input.

Buffer Overflow Information Disclosure Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34542 MEDIUM This Month

Stack buffer overflow in iccDEV library versions prior to 2.3.1.6 allows local attackers to trigger a denial of service by crafting a malicious ICC color profile that overflows a 4-byte stack buffer in the CIccCalculatorFunc::Apply() function during profile processing. The vulnerability requires local access and no user interaction, with CVSS 6.2 reflecting high availability impact but no direct code execution path; vendor-released patch is available in version 2.3.1.6.

Stack Overflow Buffer Overflow Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34541 MEDIUM This Month

Denial of service in iccDEV prior to version 2.3.1.6 allows local attackers to crash the iccApplyNamedCmm tool by supplying a malformed ICC color profile that triggers a null-pointer dereference in the CIccCombinedConnectionConditions constructor. The vulnerability requires local file system access to provide the crafted profile and causes application termination with no code execution or data corruption, affecting users processing untrusted ICC profiles through the -PCC flag.

Null Pointer Dereference Denial Of Service Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34540 MEDIUM This Month

Heap buffer overflow in iccDEV prior to version 2.3.1.6 allows denial of service via a crafted ICC color profile that triggers out-of-bounds heap read in icMemDump() when iccDumpProfile processes malformed tag contents. The vulnerability affects local attackers without authentication or user interaction, though the practical attack surface depends on how iccDumpProfile is invoked in consuming applications. No public exploit code or active exploitation has been identified; the issue was discovered through code analysis and AddressSanitizer instrumentation.

Heap Overflow Buffer Overflow Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy