Skip to main content
CVE-2026-5333 MEDIUM POC This Month

Remote command injection in DefaultFuction Content-Management-System 1.0 allows unauthenticated attackers to execute arbitrary OS commands via the host parameter in /admin/tools.php. The flaw has a publicly available exploit (POC published on GitHub) and is exploitable over the network with low attack complexity. EPSS data not available, not listed in CISA KEV. CVSS 7.3 reflects network-accessible, unauthenticated command injection with potential for confidentiality, integrity, and availability compromise.

Command Injection PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.8%
CVE-2026-5320 MEDIUM POC This Month

Missing authentication in vanna-ai vanna Chat API endpoint (/api/vanna/v2/) allows unauthenticated remote attackers to perform unauthorized operations with low-complexity attacks. Affects vanna-ai vanna versions up to 2.0.2. Publicly available exploit code exists (GitHub POC published), increasing immediate exploitation risk. CVSS 7.3 reflects network-accessible attack vector with no authentication required and impacts to confidentiality, integrity, and availability. Vendor did not respond to early disclosure notification.

Authentication Bypass Vanna
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-5342 MEDIUM POC PATCH This Month

Out-of-bounds read in LibRaw up to 0.22.0 allows remote unauthenticated attackers to cause denial of service via manipulation of load_flags or raw_width parameters in the TIFF/NEF decoder (nikon_load_padded_packed_raw function). Publicly available exploit code exists, and vendor-released patch version 0.22.1 is available. CVSS 5.3 with low availability impact and confirmed exploit publication indicates moderate real-world risk.

Buffer Overflow Information Disclosure Libraw
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5418 MEDIUM POC This Month

Server-side request forgery (SSRF) in Appsmith Dashboard component allows unauthenticated remote attackers to manipulate the computeDisallowedHosts function in WebClientUtils.java, enabling unauthorized server-side requests. Affecting all versions through 1.97, this vulnerability carries moderate real-world risk (CVSS 6.9, EPSS P) with publicly available exploit code. Vendor released patched version 1.99 and responded professionally to early disclosure.

Java SSRF
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5330 MEDIUM POC This Month

Improper access controls in SourceCodester Best Courier Management System 1.0 allow unauthenticated remote attackers to delete users by manipulating the ID parameter in the /ajax.php?action=delete_user endpoint, bypassing authentication requirements. The vulnerability has publicly available exploit code and impacts all versions of the affected software with a CVSS 6.9 score reflecting moderate integrity impact through an easily exploitable network vector.

PHP Authentication Bypass
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5326 MEDIUM POC This Month

Remote authentication bypass in SourceCodester Leave Application System 1.0 allows unauthenticated attackers to access user information via insecure direct object reference (IDOR) in the /index.php?page=manage_user endpoint by manipulating the ID parameter. The vulnerability has a publicly available exploit and CVSS 5.3 (low-moderate confidentiality impact), though actual risk depends on the sensitivity of exposed user data and system context.

Authentication Bypass PHP
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5414 MEDIUM POC This Month

Improper control of resource identifiers in Newgen OmniDocs up to version 12.0.00 allows unauthenticated remote attackers to access sensitive information via manipulation of the DocumentId parameter in the /omnidocs/WebApiRequestRedirection endpoint. The vulnerability has publicly available exploit code and a low CVSS score (5.5) reflecting confidentiality impact only, but the combination of network-based attack vector, no authentication requirement, and public exploit availability warrants immediate assessment. The vendor has not responded to disclosure attempts.

Information Disclosure Omnidocs
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5368 MEDIUM POC This Month

SQL injection in projectworlds Car Rental Project 1.0 login.php allows unauthenticated remote attackers to bypass authentication, extract sensitive database contents, and potentially modify or delete data via the 'uname' parameter. Publicly available exploit code exists (GitHub POC published), significantly lowering the barrier to exploitation. EPSS data not available, but the combination of network-accessible attack vector, no authentication requirement, and public exploit makes this a practical threat for internet-facing deployments of this vulnerable application.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5322 MEDIUM POC This Month

SQL injection in AlejandroArciniegas mcp-data-vis MCP Handler allows remote unauthenticated attackers to manipulate database queries via the Request function in src/servers/database/server.js. Publicly available exploit code exists. CVSS 7.3 (High) with low attack complexity enables unauthorized data access, modification, and partial availability disruption. The vendor did not respond to disclosure, and the product uses a rolling release model without fixed version tracking, complicating patch verification (EPSS data not provided).

SQLi Mcp Data Vis
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-34847 MEDIUM POC PATCH This Month

Hoppscotch prior to version 2026.3.0 contains a DOM-based open redirect vulnerability in the /enter page that allows unauthenticated remote attackers to redirect users to arbitrary external URLs through an unvalidated redirect query parameter. The vulnerability requires user interaction (clicking a malicious link) and has limited impact (integrity only), but poses a real phishing risk. Vendor-released patch available in version 2026.3.0.

Open Redirect
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-33951 MEDIUM PATCH GHSA This Month

SignalK Server prior to version 2.24.0-beta.1 allows unauthenticated remote attackers to modify navigation data source priorities through an unprotected PUT endpoint (/signalk/v1/api/sourcePriorities), enabling manipulation of which GPS, AIS, and sensor data sources are trusted by the maritime navigation system. The malicious configuration changes are immediately applied and persisted to disk, surviving server restarts and potentially causing the vessel to rely on attacker-controlled or spoofed navigation data. No public exploit code or active exploitation has been confirmed at this time.

Authentication Bypass Signalk Server
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-34606 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in Frappe Learning Management System versions 2.27.0 through 2.47.x allows unauthenticated remote attackers to inject and persist malicious scripts that execute in the browsers of other users. The vulnerability affects content structure functionality and has been patched in version 2.48.0. No public exploit code or active exploitation has been confirmed at time of analysis.

XSS Lms
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-34426 MEDIUM PATCH This Month

OpenClaw prior to commit b57b680 allows authenticated users to bypass the approval system by exploiting inconsistent environment variable normalization between approval validation and execution paths. An attacker with low privileges can inject non-portable environment variable keys that are filtered during operator review but accepted at runtime, potentially enabling execution of attacker-controlled binaries. This vulnerability has a CVSS score of 6.9 (medium-high impact) and requires user interaction but affects the integrity of the approval workflow.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-35383 MEDIUM PATCH This Month

Bentley Systems iTwin Platform exposed a Cesium ion access token in web page source code, allowing unauthenticated attackers to enumerate or delete assets managed through Cesium ion services. The token was present in all versions prior to 2026-03-27 and has since been removed and revoked; no further enumeration or deletion is possible with the exposed token. This is a credential disclosure vulnerability affecting iTwin Platform users who relied on the compromised token for asset management.

Information Disclosure Itwin Platform
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-33691 MEDIUM PATCH This Month

OWASP Core Rule Set (CRS) versions prior to 3.3.9 and 4.25.0 allow bypass of file upload restrictions through whitespace-padded filenames, enabling upload of dangerous executable file extensions (.php, .phar, .jsp, .jspx) that should be blocked. Remote attackers can exploit this vulnerability to upload malicious files with high confidence due to the simple nature of the bypass technique (inserting spaces before the file extension), potentially leading to remote code execution depending on web application firewall configuration and application behavior.

PHP Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.1%
CVE-2026-30603 MEDIUM This Month

Qianniao QN-L23PA0904 firmware v20250721.1640 contains an insecure firmware update mechanism that allows local attackers with SD card access to execute arbitrary code as root by supplying a crafted iu.sh script, enabling complete device compromise including backdoor installation and data exfiltration. No CVSS score is available; exploitation requires physical or logical access to the device's SD card interface. Public research documentation exists detailing the vulnerability.

Information Disclosure N A
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-27774 MEDIUM PATCH This Month

Local privilege escalation in Acronis True Image (Windows) before build 42902 allows authenticated users with low privileges to gain high-integrity access through DLL hijacking. An attacker with local user access can exploit unsafe DLL loading to execute arbitrary code with elevated permissions, requiring user interaction (e.g., triggering a specific application action). No public exploit code or active exploitation has been confirmed at the time of analysis.

Privilege Escalation Microsoft
NVD VulDB
CVSS 3.0
6.7
EPSS
0.0%
CVE-2026-28728 MEDIUM PATCH This Month

Local privilege escalation in Acronis True Image for Windows before build 42902 exploits DLL hijacking to allow authenticated users to escalate privileges. An attacker with local access and valid credentials can manipulate DLL load paths during application execution, requiring user interaction (such as opening a file or launching a feature), to gain elevated system privileges. This vulnerability has a CVSS score of 6.7 and affects all versions prior to the patched build.

Privilege Escalation Microsoft
NVD VulDB
CVSS 3.0
6.7
EPSS
0.0%
CVE-2026-33271 MEDIUM PATCH This Month

Local privilege escalation in Acronis True Image for Windows before build 42902 allows authenticated users with low privileges to escalate to higher privileges through insecure folder permissions. An attacker with local access and user-level privileges can exploit improper permission settings on critical directories to achieve full system compromise, requiring user interaction (file execution or folder navigation). This vulnerability has a CVSS score of 6.7 reflecting high confidentiality, integrity, and availability impact despite the elevated barriers to exploitation.

Privilege Escalation Microsoft
NVD VulDB
CVSS 3.0
6.7
EPSS
0.0%
CVE-2026-34832 MEDIUM PATCH This Month

{id}/delete endpoint. The vulnerability requires login but lacks object ownership verification, enabling lateral privilege escalation where any team member can destroy feedback created by colleagues or administrators. No public exploit code or active exploitation has been identified; the issue was discovered during code review and patched in version 1.66.1.

Authentication Bypass Scoold
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34890 MEDIUM This Month

DOM-based cross-site scripting (XSS) in MSTW League Manager WordPress plugin through version 2.10 allows authenticated attackers to inject malicious scripts that execute in the context of other users' browsers, potentially stealing session tokens, modifying league data, or performing actions on behalf of victims. The vulnerability requires user interaction (UI:R) and affects the plugin across all versions up to 2.10.

XSS Mstw League Manager
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-0688 MEDIUM This Month

Server-Side Request Forgery in Webmention plugin for WordPress (versions up to 5.6.2) allows authenticated attackers with Subscriber-level access to make arbitrary web requests from the affected server via the Tools::read function, enabling reconnaissance and potential modification of internal services. EPSS score of 6.4 reflects moderate real-world exploitability risk given the low privilege requirement and network-accessible attack vector, though exploitation requires valid WordPress authentication.

WordPress SSRF
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-29138 MEDIUM PATCH This Month

SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to impersonate other users by claiming their PGP signatures through a specially crafted email address, enabling signature forgery and identity spoofing in encrypted email communications. The vulnerability exploits LDAP injection mechanisms to manipulate signature verification, affecting all versions prior to 15.0.3. No CVSS score is available, and exploitation status remains unconfirmed from provided data.

Information Disclosure LDAP Code Injection
NVD
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-29132 MEDIUM PATCH This Month

SEPPmail Secure Email Gateway before version 15.0.3 allows authenticated attackers with access to a victim's GINA account to bypass secondary password verification and directly access protected emails, circumventing a multi-factor authentication mechanism intended to protect sensitive correspondence.

Authentication Bypass Secure Email Gateway
NVD
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-29142 MEDIUM PATCH This Month

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers to forge GINA-encrypted emails, compromising email authenticity and potentially enabling spoofing attacks. The vulnerability affects all versions prior to 15.0.3 and was reported by NCSC.ch. No CVSS score is available, and exploitation status has not been independently confirmed at time of analysis.

Information Disclosure Secure Email Gateway
NVD
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-43210 MEDIUM PATCH This Month

Out-of-bounds memory access in Apple media processing affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS, allowing remote attackers to trigger unexpected application termination or memory corruption through maliciously crafted media files. The vulnerability requires user interaction (opening/playing the malicious file) but no authentication. Apple has released patched versions for all affected platforms with CVSS 6.3 (moderate severity) and no public exploitation identified at time of analysis.

Apple Memory Corruption Buffer Overflow
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-43238 MEDIUM PATCH This Month

Integer overflow in macOS kernel allows local applications to trigger unexpected system termination (denial of service) on Sequoia, Sonoma, and Ventura systems. The vulnerability requires local execution (AV:L) with no authentication or user interaction, enabling any installed application to crash the system. Apple has released patches addressing this issue in macOS Sequoia 15.6, Sonoma 14.7.7, and Ventura 13.7.7. No public exploit code or active exploitation has been reported at the time of analysis.

Apple Integer Overflow Buffer Overflow
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-35466 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in CERT/CC cveClient cveInterface.js prior to version 1.0.24 allows injection of arbitrary HTML through untrusted CVE API service input. The vulnerability stems from insufficient input validation, enabling attackers to inject malicious scripts that execute in the context of users viewing CVE data. No CVSS score or exploitation data is available, limiting quantitative risk assessment; however, the attack vector is network-based and requires no authentication.

XSS Cveclient Cveinterface Js
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-30251 MEDIUM This Month

Reflected XSS in Interzen Consulting ZenShare Suite v17.0 login_newpwd.php endpoint allows unauthenticated remote attackers to execute arbitrary JavaScript in users' browsers by injecting malicious code into the codice_azienda parameter via a crafted URL. No public exploit code or active exploitation has been confirmed at the time of this analysis, though the vulnerability is straightforward to demonstrate and likely poses a practical risk to organizations using this product.

XSS PHP
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-30252 MEDIUM This Month

Reflected cross-site scripting (XSS) vulnerabilities in Interzen Consulting ZenShare Suite v17.0 login.php endpoint allow remote unauthenticated attackers to execute arbitrary JavaScript in a user's browser by injecting malicious payloads into the codice_azienda and red_url parameters. Attack requires user interaction (clicking a crafted link) and affects the authentication process; no public exploit code or active exploitation has been confirmed at time of analysis.

XSS PHP
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-34083 MEDIUM PATCH GHSA This Month

SignalK Server versions prior to 2.24.0 allow unauthenticated attackers to hijack OAuth2 sessions and steal authorization codes by spoofing the HTTP Host header in OIDC login and logout handlers. The vulnerability exploits the default-unset redirectUri configuration, causing the OIDC provider to send authorization codes to an attacker-controlled domain. EPSS score of 6.1 reflects moderate real-world risk despite the requirement for user interaction (UI:R) to initiate login.

Code Injection Signalk Server
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-34760 MEDIUM PATCH This Month

vLLM versions 0.5.5 through 0.17.x use incorrect mono audio downmixing via numpy.mean instead of the ITU-R BS.775-4 weighted standard, causing audio processed by AI models to diverge from human perception. An authenticated remote attacker with low privileges can exploit this inconsistency to manipulate audio-based model outputs or infer mismatches between expected and actual audio processing, affecting integrity of audio-driven inference pipelines. The vulnerability has been patched in vLLM 0.18.0.

Information Disclosure Vllm
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-34830 MEDIUM PATCH GHSA This Month

Rack::Sendfile in versions prior to 2.2.23, 3.1.21, and 3.2.6 allows remote attackers to inject regex metacharacters into X-Accel-Mapping request headers, enabling unescaped interpolation that manipulates the X-Accel-Redirect response header and causes nginx to serve unintended files from internal locations. No public exploit code or active exploitation has been confirmed; patch versions are available from the vendor.

Nginx Code Injection Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-34610 MEDIUM PATCH This Month

Leancrypto library prior to version 1.7.1 allows remote attackers to impersonate X.509 certificate identities by crafting certificates with padded Common Names that exploit integer overflow when casting size_t to uint8_t, enabling spoofing in PKCS#7 verification, certificate chain matching, and code signing scenarios. The vulnerability has a moderate CVSS score of 5.9 (network-accessible, high complexity attack) and is not confirmed in active exploitation, though the attack is technically straightforward once a malicious certificate is crafted.

Information Disclosure Leancrypto
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-30867 MEDIUM PATCH GHSA This Month

CocoaMQTT library versions prior to 2.2.2 allow remote denial of service when parsing malformed MQTT packets from a broker, causing immediate application crashes on iOS, macOS, and tvOS devices. An attacker or compromised MQTT broker can publish a 4-byte malformed payload with the RETAIN flag to persist it indefinitely, ensuring every vulnerable client that subscribes receives the crash-inducing packet, effectively bricking the application until manual intervention on the broker. The vulnerability requires an authenticated user context (PR:L in CVSS vector) but impacts application availability with high severity; patch version 2.2.2 is available.

Apple Denial Of Service
NVD GitHub VulDB
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-5244 MEDIUM PATCH This Month

Heap-based buffer overflow in Cesanta Mongoose versions up to 7.20 allows unauthenticated remote attackers to compromise confidentiality, integrity, and availability through malicious TLS 1.3 handshake manipulation. The vulnerability resides in mg_tls_recv_cert() function's improper handling of the pubkey argument during certificate processing. Publicly available exploit code exists (CVSS temporal E:P), and vendor-released patch is available in version 7.21. CVSS base score 7.3 reflects network-accessible, low-complexity attack requiring no privileges or user interaction.

Buffer Overflow Heap Overflow Mongoose
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-5346 MEDIUM This Month

Server-side request forgery in huimeicloud hm_editor up to version 2.2.3 allows remote attackers to manipulate the url parameter in the image-to-base64 endpoint (client.get function in src/mcp-server.js), enabling arbitrary HTTP requests from the server. The vulnerability carries a CVSS 6.9 score and publicly available exploit code exists; the vendor has not responded to early disclosure attempts.

SSRF
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5334 MEDIUM This Month

SQL injection in itsourcecode Online Enrollment System 1.0 allows remote unauthenticated attackers to execute arbitrary SQL queries via the deptid parameter in /enrollment/index.php?view=edit&id=3, potentially enabling unauthorized data access, modification, or deletion. Publicly available exploit code exists, increasing real-world exploitation risk despite the moderate CVSS score of 6.9. The vulnerability affects the Parameter Handler component's SQL query construction logic.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-23417 MEDIUM PATCH This Month

Unblinded BPF immediate values in PROBE_MEM32 stores bypass constant hardening in the Linux kernel BPF JIT compiler when bpf_jit_harden >= 1, allowing user-controlled 32-bit immediates to leak into native code. The vulnerability affects Linux kernel versions where convert_ctx_accesses() rewrites arena pointer stores to BPF_ST|BPF_PROBE_MEM32 before constant blinding runs, but bpf_jit_blind_insn() only handles BPF_ST|BPF_MEM instructions. No public exploit code or active exploitation has been ide

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23414 MEDIUM PATCH This Month

Linux kernel TLS subsystem leaks socket buffers (skbs) when asynchronous AEAD decryption operations fail during batch processing, allowing local attackers to exhaust kernel memory and potentially cause denial of service. The vulnerability exists in tls_decrypt_async_wait() and related functions that manage the async_hold queue, which pins encrypted input buffers for AEAD engine references; improper cleanup in failure paths leaves these buffers allocated indefinitely. This is a kernel memory leak affecting TLS decryption in the kernel's cryptographic stack, confirmed by multiple upstream patches across stable branches.

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23416 MEDIUM PATCH This Month

Memory sealing (mseal) in the Linux kernel incorrectly tracks virtual memory area (VMA) boundaries during merge operations, causing curr_end to become stale and resulting in incorrect iteration state. This flaw in mm/mseal.c affects Linux kernel versions where the mseal feature is present, allowing local attackers to potentially bypass memory sealing protections or trigger information disclosure by manipulating VMA merge behavior during seal operations.

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-34848 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in Hoppscotch prior to version 2026.3.0 allows authenticated users to inject malicious scripts via the team member display name field, which executes when other users view the overflow tooltip. The vulnerability requires user interaction (viewing the tooltip) and affects the confidentiality and integrity of affected sessions with a CVSS score of 5.4. No public exploit code or active exploitation has been identified at time of analysis.

XSS Hoppscotch
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-34584 MEDIUM PATCH This Month

Listmonk versions 4.1.0 through 6.0.x contain authorization bypass vulnerabilities in list permission checks that allow authenticated users in multi-user environments to access mailing lists they should not have access to. The vulnerability affects only self-hosted deployments with multiple untrusted users and has been patched in version 6.1.0. No public exploit code or active exploitation has been identified at this time.

Authentication Bypass Listmonk
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-34590 MEDIUM PATCH This Month

Server-side request forgery (SSRF) in Postiz prior to version 2.21.4 allows authenticated users to create webhooks pointing to internal or private network addresses, which are then fetched without runtime validation when posts are published, enabling blind SSRF attacks against internal services. The vulnerability stems from inconsistent input validation: the webhook creation endpoint (POST /webhooks/) uses only basic URL format checking, while the update and test endpoints correctly enforce strict URL validation. CVSS 5.4 with EPSS exploitation probability reflects the requirement for authentication and limited direct impact, though the ability to target internal infrastructure represents meaningful risk.

SSRF Postiz App
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-1243 MEDIUM PATCH This Month

Authenticated stored cross-site scripting (XSS) in IBM Content Navigator versions 3.0.15, 3.1.0, and 3.2.0 allows logged-in users to inject arbitrary JavaScript into the Web UI, potentially enabling credential theft or session hijacking within trusted browser contexts. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting exposure to insider threats and social engineering scenarios where victims click attacker-controlled links. No public exploit code or active exploitation has been confirmed; patch availability from IBM mitigates the risk for patched deployments.

IBM XSS
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-29137 MEDIUM PATCH This Month

SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to conceal security tags from end users by submitting emails with excessively long subject lines, enabling potential phishing and message spoofing attacks by bypassing visual security indicators. The vulnerability affects all versions prior to 15.0.3 across the product line and has been reported by Switzerland's National Cyber Security Centre (NCSC.ch). No active exploitation has been confirmed, and no public exploit code is currently available.

Information Disclosure Secure Email Gateway
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-29135 MEDIUM PATCH This Month

SEPPmail Secure Email Gateway before version 15.0.3 permits attackers to craft malicious password-tags that circumvent subject line sanitization controls, potentially enabling unauthorized email manipulation or information disclosure. The vulnerability affects all versions prior to 15.0.3 and was reported by NCSC.ch; no CVSS score or public exploit code has been published at the time of analysis.

Authentication Bypass Secure Email Gateway
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-29133 MEDIUM PATCH This Month

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers to upload PGP keys with mismatched User IDs and email addresses, enabling spoofing and potential information disclosure by circumventing email authentication controls. The vulnerability affects all versions prior to 15.0.3 and was reported by NCSC.ch. No public exploit code or active exploitation has been confirmed at the time of analysis.

Information Disclosure Secure Email Gateway
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-29134 MEDIUM PATCH This Month

SEPPmail Secure Email Gateway before version 15.0.3 allows unauthenticated external users to modify GINA webdomain metadata and bypass per-domain restrictions, enabling attackers to circumvent email security controls across isolated security domains. NCSC.ch reported this authentication bypass vulnerability affecting all versions prior to 15.0.3. The ability to modify domain-level metadata across organizational security boundaries represents a direct compromise of the gateway's core function to enforce per-domain policies.

Authentication Bypass Secure Email Gateway
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-34736 MEDIUM This Month

Open edX Platform from maple release through ulmo allows unauthenticated attackers to bypass email verification by exploiting an OAuth2 password grant that issues tokens to inactive users combined with exposure of activation keys in the REST API response at /api/user/v1/accounts/. This authentication bypass enables account takeover and unauthorized access to learning platforms. The vulnerability affects all deployments from maple to before ulmo release and has been patched in the ulmo release.

Authentication Bypass Openedx Platform
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy