Skip to main content
CVE-2026-34800 MEDIUM This Month

Stored cross-site scripting in Endian Firewall 3.3.25 and earlier allows authenticated attackers to inject arbitrary JavaScript via the NAME parameter in /cgi-bin/uplinkeditor.cgi, which is executed when other users access the affected page. The vulnerability requires user interaction (UI:P) and low privileges (PR:L), limiting immediate automated exploitation but enabling account compromise and lateral privilege escalation within authenticated user populations. No public exploit code or active exploitation has been identified at time of analysis.

XSS Firewall Community
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-34799 MEDIUM This Month

Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary JavaScript via the remark parameter in the /manage/dnsmasq/hosts/ endpoint. The injected payload is stored server-side and executed in the browsers of any user who subsequently views the affected page, enabling session hijacking, credential theft, or malware distribution. CVSS 5.1 reflects the moderate impact and requirement for user interaction; no public exploit code or active exploitation has been confirmed at time of analysis.

XSS Firewall Community
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-34798 MEDIUM This Month

Stored cross-site scripting in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious JavaScript via the remark parameter in /cgi-bin/routing.cgi, which persists and executes when other users access the affected page. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), limiting its immediate blast radius, but enables session hijacking, credential theft, or administrative impersonation within the firewall management interface.

XSS Firewall Community
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-26927 MEDIUM This Month

Szafir SDK Web browser addon allows unauthenticated attackers to launch the SzafirHost application with arbitrary arguments by crafting malicious websites that spoof the HTTP origin via the document_base_url parameter. When a victim visits an attacker's site and confirms application execution (or has previously selected 'remember' for a spoofed origin), the application runs in the attacker's context, potentially downloading malicious files and libraries without further user interaction. The vulnerability was resolved in version 0.0.17.4. No public exploit code or active exploitation has been confirmed at time of analysis.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-34822 MEDIUM This Month

Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and earlier allows authenticated attackers to inject arbitrary JavaScript via the new_cert_name parameter in the /manage/ca/certificate/ endpoint. The injected payload is stored and executed when other users access the affected page, enabling session hijacking, credential theft, or malware distribution within the firewall management interface. No public exploit code or active exploitation has been confirmed at the time of this analysis.

XSS Firewall Community
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-5420 LOW POC Monitor

Hard-coded cryptographic keys in Shinrays Games Goods Triple App up to version 1.200 allow local authenticated users to decrypt sensitive data by manipulating AES_IV and AES_PASSWORD parameters in the jRwTX.java component. The vulnerability requires local access and elevated privileges but has low complexity once exploited; publicly available exploit code exists and the vendor has not responded to disclosure attempts.

Java Information Disclosure
NVD VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-34819 MEDIUM This Month

Stored cross-site scripting in Endian Firewall 3.3.25 and earlier allows authenticated attackers to inject arbitrary JavaScript via the REMARK parameter in /cgi-bin/openvpnclient.cgi, with the payload persisted and executed when other users access the affected page. CVSS 5.1 reflects low immediate impact due to user interaction requirement and limited scope, but the stored nature increases attack persistence; no public exploit code or CISA KEV confirmation identified at time of analysis.

XSS Firewall Community
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-29131 MEDIUM PATCH This Month

SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to read encrypted email contents intended for other users by crafting specially malformed email addresses that exploit LDAP injection in the recipient validation process. This information disclosure vulnerability affects all versions prior to 15.0.3 and requires only network access to send a specially crafted email, making it a practical attack vector against organizations using vulnerable SEPPmail deployments.

Information Disclosure LDAP Code Injection
NVD
CVSS 4.0
4.9
EPSS
0.0%
CVE-2026-34608 MEDIUM PATCH This Month

Out-of-bounds read in NanoMQ MQTT Broker webhook processing allows remote attackers with high privileges to trigger denial of service by sending malformed JSON payloads. Prior to version 0.24.10, the hook_work_cb() function in webhook_inproc.c passes unsanitized binary message buffers directly to cJSON_Parse(), which reads past buffer boundaries when payloads lack null terminators. The vulnerability is reliably exploitable when JSON payload length is a power-of-two >=1024 bytes, bypassing nng's allocation padding protection. No public exploit code or active exploitation has been identified.

Buffer Overflow Information Disclosure Nanomq
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-34835 MEDIUM PATCH GHSA This Month

Host header validation bypass in Rack 3.0.0.beta1-3.1.20 and 3.2.0-3.2.5 allows unauthenticated remote attackers to poison Host headers by injecting RFC-noncompliant characters (/, ?, #, @) that pass the AUTHORITY regex but are accepted by req.host, req.url, and req.base_url. Applications relying on naive prefix or suffix matching for host validation, link generation, or origin checks can be bypassed, enabling host header poisoning attacks. No public exploit code or active exploitation has been confirmed at the time of analysis.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-26962 MEDIUM PATCH GHSA This Month

Rack versions 3.2.0 through 3.2.5 fail to properly unfold folded multipart headers containing obs-fold sequences, preserving embedded CRLF characters in parsed parameter values like filename and name. This allows unauthenticated remote attackers with high request complexity to inject HTTP response headers or split responses when applications reuse these parsed values, leading to potential session hijacking, cache poisoning, or credential theft. The vulnerability carries a moderate CVSS score of

Code Injection Rack
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-34831 MEDIUM PATCH GHSA This Month

HTTP response desynchronization in Rack web server framework versions prior to 2.2.23, 3.1.21, and 3.2.6 allows remote attackers to cause Content-Length header mismatches by requesting non-existent paths with percent-encoded UTF-8 characters. The vulnerability stems from Rack::Files#fail using String#size instead of String#bytesize when setting Content-Length, causing declared header values to be smaller than actual bytes transmitted, potentially leading to response framing errors and information disclosure in deployments sensitive to Content-Length validation. No public exploit code or confirmed active exploitation identified at time of analysis.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-32762 MEDIUM PATCH GHSA This Month

Rack::Utils.forwarded_values in Rack 3.0.0.beta1 through 3.1.20 and 3.2.0 through 3.2.5 misparses RFC 7239 Forwarded headers by splitting on semicolons before processing quoted strings, allowing attackers to inject or smuggle host, proto, for, or by parameters when an upstream proxy or WAF interprets the same header differently. The vulnerability affects request routing and protocol detection logic, enabling potential cache poisoning, host header injection, or protocol confusion attacks in architectures where intermediaries validate quoted Forwarded values inconsistently. No public exploit code or active exploitation has been confirmed at the time of analysis.

Information Disclosure Rack
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-35414 MEDIUM PATCH This Month

OpenSSH before version 10.3 mishandles the authorized_keys principals option when a principals list is combined with a Certificate Authority that uses certain comma character patterns, allowing authenticated local or remote users to disclose sensitive authorization information or manipulate authentication decisions. This vulnerability affects all OpenSSH versions prior to 10.3p1 and requires authenticated access (PR:L) with non-trivial attack complexity (AC:H), resulting in partial confidentiality and integrity impact. No public exploit code or active exploitation has been identified at time of analysis.

SSH Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-21767 MEDIUM This Month

HCL BigFix Platform allows local attackers to bypass authentication and access sensitive application areas without credentials, affecting confidentiality of data. The vulnerability requires local access but no privileges or user interaction, and is classified as a moderate-risk authentication bypass (CVSS 4.0) with limited technical complexity. Patches are available through HCL vendor advisories.

Authentication Bypass Bigfix Platform
NVD VulDB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-26961 LOW PATCH GHSA Monitor

Rack's multipart form data parser uses a greedy regular expression that selects the last boundary parameter from a Content-Type header instead of the first, allowing request smuggling when upstream proxies or WAFs interpret the first boundary. This mismatch enables attackers to bypass upstream inspection by crafting multipart requests with duplicate boundary declarations, causing Rack to parse a different body structure than the intermediary validated. Affected versions are Rack prior to 2.2.23, 3.1.21, and 3.2.6; patches are available for all three release branches.

Information Disclosure Rack
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-43236 LOW PATCH Monitor

Type confusion in macOS memory handling allows local attackers to cause unexpected app termination through crafted user interaction, affecting macOS Sequoia before 15.6, Sonoma before 14.7.7, and Ventura before 13.7.7. With a CVSS score of 3.3 and SSVC exploitation status of 'none', this represents a low-severity local denial-of-service condition requiring user interaction; no public exploit code or active exploitation has been identified.

Apple Information Disclosure Memory Corruption
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35387 LOW PATCH Monitor

OpenSSH before 10.3 incorrectly interprets ECDSA algorithm specifications in PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms configuration options, allowing authenticated users to authenticate using unintended ECDSA variants. The vulnerability requires authenticated network access and high attack complexity, resulting in a low CVSS score of 3.1 with integrity impact but no confidentiality or availability loss. No public exploit code or active exploitation has been documented.

SSH Information Disclosure
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-5360 LOW Monitor

Type confusion in Free5GC 4.2.0's aper component allows remote attackers to trigger memory corruption and information disclosure with high attack complexity and without authentication. The vulnerability stems from improper type handling in ASN.1 parsing and has publicly available exploit code, though active exploitation at scale has not been confirmed. CVSS 6.3 with availability impact and exploit proof-of-concept disclosure warrant timely patching.

Information Disclosure Memory Corruption Free5gc
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.0%
CVE-2026-5246 LOW PATCH Monitor

Authorization bypass in Cesanta Mongoose up to version 7.20 allows remote, unauthenticated attackers to bypass TLS certificate signature verification in the P-384 public key handler (mg_tls_verify_cert_signature function in mongoose.c), potentially enabling man-in-the-middle attacks or unauthorized access. The attack is highly complex (CVSS AC:H) but publicly disclosed exploit code exists, with vendor-released patch available in version 7.21.

Authentication Bypass Mongoose
NVD VulDB GitHub
CVSS 4.0
2.9
EPSS
0.0%
CVE-2026-35388 LOW PATCH Monitor

OpenSSH before 10.3 fails to confirm connection multiplexing in proxy-mode sessions, allowing local attackers with user interaction to bypass intended access controls and potentially manipulate multiplexed connections. The vulnerability affects OpenSSH versions prior to 10.3p1 and requires local access with user interaction (UI:R) on the affected system; while the CVSS score is low (2.5) and integrity impact is limited, the omission of confirmation mechanisms in proxy-mode multiplexing creates a logic flaw that could enable unauthorized session hijacking or redirection in multi-user environments.

Information Disclosure SSH
NVD VulDB
CVSS 3.1
2.5
EPSS
0.0%
CVE-2026-5355 LOW Monitor

Remote authenticated OS command injection in TrendNet TEW-657BRM 1.00.1 router via the vpn_drop function in /setup.cgi allows low-privileged attackers to execute arbitrary commands with limited impact on system confidentiality, integrity, and availability. The vendor confirmed the product reached end-of-life on June 23, 2011, and will not provide support or patches. Public exploit code exists, but this vulnerability affects only discontinued hardware no longer receiving vendor maintenance.

Command Injection Tew 657Brm Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-35038 LOW PATCH GHSA Monitor

Signal K Server prior to version 2.24.0 permits low-privileged authenticated users to bypass prototype boundary filtering via a malformed `from` field, enabling arbitrary read access to internal functions and properties in the global prototype object. This confidentiality breach violates data isolation within the Signal K application and allows attackers to extract sensitive internal state they should not access. The vulnerability requires prior authentication and has been patched in version 2.24.0.

Authentication Bypass Signalk Server
NVD GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-5338 LOW Monitor

Command injection in Tenda G103 1.0.0.5 allows high-privileged remote attackers to execute arbitrary commands via the lanIp parameter in the action_set_system_settings function of system.lua. The vulnerability requires administrative credentials (PR:H) but has publicly available exploit code and impacts system confidentiality, integrity, and availability. CVSS score 5.1 reflects the elevated privilege requirement despite network-based attack vector.

Tenda Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.6%
CVE-2026-5315 LOW PATCH Monitor

Out-of-bounds read in Nothings stb library (stb_truetype.h) up to version 1.26 allows remote attackers to trigger memory access violations via malformed TTF font files, resulting in information disclosure. The vulnerability affects the stbtt__buf_get8 function in the TTF file handler and requires user interaction to exploit. Publicly available exploit code exists, though the vendor has not responded to disclosure notifications. CVSS 5.3 with EPSS probability of exploitation (E:P) indicates moderate real-world risk.

Buffer Overflow Stb Truetype H
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5344 LOW Monitor

Path traversal in Textpattern XML-RPC handler allows authenticated remote attackers to write arbitrary files via the file.name parameter in mt_uploadImage function, enabling potential code execution or sensitive file overwrite. Affects Textpattern up to version 4.9.1, with publicly available exploit code and vendor confirmation of the issue pending fix in an upcoming release.

PHP Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-34743 LOW PATCH Monitor

Buffer overflow in XZ Utils lzma_index_decoder() allows memory corruption when processing Index records with no data entries prior to version 5.8.3. Unauthenticated remote attackers can trigger a heap overflow via crafted compressed data, potentially causing denial of service or memory corruption. The vulnerability has a low CVSS score (1.7) due to attack time requirement and limited impact scope, with no confirmed active exploitation at time of analysis.

Buffer Overflow Heap Overflow Xz
NVD GitHub VulDB
CVSS 4.0
1.7
EPSS
0.0%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy