Skip to main content
CVE-2026-35000 HIGH PATCH This Week

Arbitrary local file disclosure in ChangeDetection.io versions before 0.54.7 allows authenticated attackers to read sensitive files from the server filesystem by exploiting incomplete XPath function blocklist. The vulnerability stems from unblocked XPath 3.0/3.1 functions like json-doc() that bypass SafeXPath3Parser protections. EPSS score of 0.05% indicates low likelihood of widespread exploitation. No public exploit identified at time of analysis, though the flaw was reported by VulnCheck with vendor patch released in version 0.54.7.

Information Disclosure Changedetection Io
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-4947 HIGH This Week

Insecure direct object reference in Foxit eSign's signing invitation acceptance process allows authenticated attackers to forge document signatures by manipulating object identifiers. Attackers with low-level privileges can access high-sensitivity resources and modify signing workflows without proper authorization, potentially compromising document integrity and authenticity in electronic signature workflows. EPSS score of 0.03% (8th percentile) indicates low observed exploitation probability, with no public exploit code or active exploitation confirmed at time of analysis.

Authentication Bypass Na1 Foxitesign Foxit Com
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-34828 HIGH PATCH GHSA This Week

Session fixation in listmonk v6.0.0 allows authenticated sessions to persist after password reset or password change, enabling attackers with stolen session cookies to maintain account access despite credential recovery by the victim. Authenticated remote attackers (PR:L) can exploit this to retain high confidentiality impact access. No public exploit code identified at time of analysis, though the vulnerability is trivially reproducible per the detailed proof-of-concept. EPSS data not available; vulnerability confirmed in production release v6.0.0 via GitHub Security Advisory.

Authentication Bypass XSS
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy