Skip to main content
CVE-2026-23467 MEDIUM PATCH This Month

NULL pointer dereference in Linux kernel DRM i915 GPU driver allows local denial of service during system probe when DMC firmware initialization has not yet completed but hardware has DC6 power state enabled. The vulnerability occurs in intel_dmc_update_dc6_allowed_count() when called from gen9_set_dc_state() during intel_power_domains_init_hw(), which executes before DMC initialization, causing kernel oops if DC6 is unexpectedly enabled by BIOS firmware. No public exploit code identified; this is a kernel crash vulnerability requiring local system access triggered by atypical BIOS behavior.

Linux Null Pointer Dereference Denial Of Service Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23436 MEDIUM PATCH This Month

Linux kernel net shaper subsystem susceptible to race condition during hierarchy creation allows unauthenticated local attackers to leak kernel memory or trigger use-after-free conditions. The vulnerability arises when a netdev is unregistered between reference acquisition during Netlink operation preparation and subsequent lock acquisition, permitting hierarchy allocation after flush operations have completed. Fixed via upstream commits that consolidate locking to pre-callback phase, preventing concurrent write races with flush operations.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23435 MEDIUM PATCH This Month

Linux kernel NULL pointer dereference in the x86 PMU NMI handler on AMD EPYC systems causes denial of service when perf event unthrottling races with PMU rescheduling. The vulnerability stems from commit 7e772a93eb61 moving event pointer initialization later in x86_pmu_enable(), allowing the unthrottle path to set active_mask bits without populating the corresponding events[] array entries, leading to NULL pointer dereference when subsequent PMC overflow interrupts fire. No public exploit code identified at time of analysis; patch fixes are available in upstream Linux kernel stable branches.

Linux Null Pointer Dereference Denial Of Service Amd Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23431 MEDIUM PATCH This Month

Memory leak in the Linux kernel's Amlogic SPI controller driver (aml_spisg_probe) fails to release SPI controller resources in multiple error paths during probe, allowing local attackers to exhaust kernel memory through repeated driver load/unload cycles or failed probe attempts. The vulnerability has been resolved in the upstream kernel by converting to device-managed SPI allocation functions.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23430 MEDIUM PATCH This Month

Memory leak in Linux kernel drm/vmwgfx driver caused by overwriting KMS surface dirty tracker without proper cleanup. The vulnerability affects the VMware graphics driver subsystem in the kernel, allowing local attackers to trigger memory exhaustion through repeated surface operations. No CVSS score, EPSS data, or KEV status available; fix commits exist in upstream stable kernel branches.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23423 MEDIUM PATCH This Month

Linux kernel btrfs subsystem fails to free allocated pages in btrfs_uring_read_extent() when error conditions occur before asynchronous I/O completion, leading to memory leaks. The vulnerability affects all Linux kernel versions with the vulnerable btrfs implementation; while tagged as Information Disclosure, the primary impact is denial of service through memory exhaustion rather than data exposure. No public exploit code or active exploitation has been identified; this is a defensive fix addressing a code path that may never execute under normal conditions but represents a resource management defect.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23421 MEDIUM PATCH This Month

Memory leak in Linux kernel DRM/XE configfs device release allows information disclosure through unfreed ctx_restore_mid_bb allocation. The xe_config_device_release() function fails to deallocate ctx_restore_mid_bb[0].cs memory that was previously allocated by wa_bb_store(), leaving sensitive kernel memory accessible when the configfs device is removed. Affected Linux kernel versions containing the vulnerable DRM/XE driver require patching to prevent potential information leakage.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23418 MEDIUM PATCH This Month

Memory leak in Linux kernel DRM/XE register save-restore (reg_sr) module fails to free allocated memory when xa_store() operation fails, potentially allowing local information disclosure or denial of service through repeated trigger of the error path. The vulnerability affects all Linux kernel versions containing the affected drm/xe/reg_sr code prior to the fix commits referenced. No CVSS score or exploit data provided; patch commits are available in upstream Linux repository.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-34933 MEDIUM PATCH This Month

Denial of service in Avahi prior to version 0.9-rc4 allows local unprivileged users to crash avahi-daemon by sending a D-Bus method call with conflicting publish flags. The vulnerability requires local access and low privileges but causes immediate service unavailability. No public exploit code or active exploitation has been confirmed; however, the attack is trivial to execute given the low complexity barrier.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-34753 MEDIUM PATCH GHSA This Month

Server-side request forgery (SSRF) in vLLM batch runner allows authenticated attackers to make arbitrary HTTP/HTTPS requests from the vLLM server by controlling the file_url field in batch input JSON, enabling targeting of internal services such as cloud metadata endpoints without URL validation or domain restrictions. The vulnerability affects vLLM's audio transcription and translation batch endpoints and is confirmed to have an upstream fix available via GitHub PR #38482 and commit 57861ae48d3493fa48b4d7d830b7ec9f995783e7. CVSS score is 5.4 (moderate); no public exploit code or confirmed active exploitation has been identified at time of analysis.

SSRF
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-35540 MEDIUM PATCH GHSA This Month

Roundcube Webmail 1.6.0 through 1.6.13 allows Server-Side Request Forgery (SSRF) and Information Disclosure through insufficient CSS sanitization in HTML email messages, enabling attackers to craft malicious stylesheets that reference local network hosts. The vulnerability affects all instances processing HTML emails with external stylesheet links, and does not require authentication due to the unauthenticated attack vector (AV:N, PR:N in CVSS). Vendor-released patch: versions 1.6.14, 1.7-rc5, and later.

Information Disclosure SSRF Suse
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-35508 MEDIUM PATCH This Month

Cross-site scripting (XSS) in Shynet before version 0.14.0 allows unauthenticated remote attackers to inject arbitrary scripts through the urldisplay and iconify template filters, potentially compromising user sessions and data integrity with medium attack complexity and cross-site scope. The vulnerability affects the analytics platform's template rendering layer and has been patched in version 0.14.0 with no confirmed active exploitation reported.

XSS Shynet
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-34777 MEDIUM PATCH GHSA This Month

Electron versions prior to 38.8.6, 39.8.1, 40.8.1, and 41.0.0 pass the top-level page origin instead of the requesting iframe's origin to permission request handlers for fullscreen, pointerLock, keyboardLock, openExternal, and media permissions, allowing attackers to trick applications into granting sensitive permissions to embedded third-party content via social engineering or malicious iframe injection. Unauthenticated remote attackers can exploit this via user interaction (iframe load), with CVSS 5.4 indicating moderate confidentiality and integrity impact; no public exploit code or active exploitation confirmed at time of analysis.

Information Disclosure
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-35052 MEDIUM PATCH GHSA This Month

Remote code execution in D-Tale allows unauthenticated attackers to execute arbitrary code on servers hosting D-Tale publicly when using Redis or Shelf storage backends. The vulnerability stems from improper input validation in the storage layer, affecting D-Tale versions prior to 3.22.0. Vendor-released patch version 3.22.0 is available.

Redis RCE XSS
NVD GitHub
CVSS 4.0
5.3
EPSS
0.4%
CVE-2026-35166 MEDIUM PATCH GHSA This Month

Cross-site scripting (XSS) vulnerability in Hugo's default markdown to HTML renderer fails to properly escape links and image links, allowing injection of malicious scripts through markdown content. Hugo v0.159.2 and earlier are affected. Users who employ custom render hooks for links and images, or who trust all markdown content sources, are not vulnerable. Vendor-released patch: v0.159.2.

XSS
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-35468 MEDIUM This Month

Denial of service in Nimiq Core RS Albatross prior to version 1.3.0 allows remote attackers to crash full nodes by sending specially crafted consensus requests (RequestTransactionsProof or RequestTransactionReceiptsByAddress) when the node is operating without a history index. The vulnerability stems from unsafe unwrap() calls that panic when encountering a valid but unindexed state, affecting nodes during synchronization or when intentionally configured without history indexing.

Information Disclosure Core Rs Albatross
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-34979 MEDIUM PATCH This Month

Heap-based buffer overflow in OpenPrinting CUPS scheduler versions 2.4.16 and prior allows unauthenticated remote attackers to trigger a denial of service condition by crafting malicious job attributes that overflow buffers during filter option string construction. With a CVSS score of 5.3 and network accessibility, this vulnerability impacts availability on exposed CUPS instances; no public exploit code or vendor patch has been released as of publication.

Heap Overflow Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-35179 MEDIUM GHSA This Month

Unauthenticated proxy access in AVideo's SocialMediaPublisher plugin allows any user to make arbitrary Facebook/Instagram Graph API calls through the `publishInstagram.json.php` endpoint without authentication or authorization checks. By sending crafted requests with stolen or leaked access tokens, attackers can publish, modify, or delete content on the platform's Instagram account and potentially bypass rate limits using the server's IP address. CVSS 5.3 (medium integrity impact); no active exploitation confirmed but proof-of-concept is publicly available.

PHP Authentication Bypass
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-25043 MEDIUM PATCH This Month

Email flooding denial of service in Budibase prior to version 3.23.25 allows unauthenticated remote attackers to overwhelm user inboxes by repeatedly triggering password reset requests without rate limiting, CAPTCHA, or abuse prevention controls. An attacker can send hundreds of password reset emails to a target address in a short time window, causing user harassment, inbox denial of service, and potential reputational damage. This vulnerability has been patched in version 3.23.25.

Denial Of Service Budibase
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-35545 MEDIUM PATCH GHSA This Month

Roundcube Webmail before versions 1.5.15 and 1.6.15 fails to properly sanitize SVG content in email messages, allowing the remote image blocking feature to be bypassed via SVG animate elements with malicious attributeName values. This vulnerability enables unauthenticated attackers to bypass access controls and potentially disclose information through image loading, affecting all Roundcube installations using vulnerable versions.

Information Disclosure Webmail
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-35544 MEDIUM PATCH GHSA This Month

Roundcube Webmail before versions 1.5.14 and 1.6.14 allows unauthenticated remote attackers to bypass CSS-based security mitigations in HTML email rendering by injecting !important declarations, enabling potential integrity attacks such as phishing or UI redressing. The vulnerability stems from insufficient CSS sanitization when processing HTML email messages, with no authentication required and minimal attack complexity.

Authentication Bypass Webmail
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-35543 MEDIUM PATCH GHSA This Month

Roundcube Webmail before versions 1.5.14 and 1.6.14 allows unauthenticated remote attackers to bypass the remote image blocking feature via SVG content containing animate attributes in email messages, leading to information disclosure or access control bypass. The vulnerability has a CVSS score of 5.3 (moderate severity) with low attack complexity and no authentication required, though the confidentiality impact is limited.

Information Disclosure Webmail
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-35542 MEDIUM PATCH GHSA This Month

Roundcube Webmail before versions 1.5.14 and 1.6.14 allows unauthenticated remote attackers to bypass the remote image blocking security feature through a crafted background attribute in a BODY element of an email message, enabling information disclosure via tracking pixels or other image-based reconnaissance. The vulnerability affects all versions prior to 1.5.14 and 1.6.x versions before 1.6.14, with CVSS 5.3 (medium severity) reflecting the low confidentiality impact but lack of authentication requirements.

Information Disclosure Webmail
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-25742 MEDIUM PATCH This Month

Zulip versions 1.4.0 through 11.5 allow unauthenticated retrieval of attachments and topic history from web-public streams even after spectator access is disabled, due to incomplete access control on attachment serving and the /users/me/<stream_id>/topics endpoint. An attacker can bypass intended access restrictions to read file contents and stream metadata after public access is supposed to be revoked. The vulnerability affects all Zulip deployments that previously enabled spectator access and then disabled it. Vendor-released patch: version 11.6.

Authentication Bypass Zulip
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22662 MEDIUM PATCH This Month

Blind server-side request forgery in prompts.chat media generator allows authenticated users to manipulate the inputImageUrl parameter in /api/media-generate POST requests to perform arbitrary server-side HTTP fetches, enabling internal network reconnaissance, access to internal services, and potential data exfiltration through the upstream Wiro service without receiving direct response bodies. The vulnerability affects prompts.chat prior to commit 1464475 and requires valid user authentication; patch availability has been confirmed through vendor repository.

SSRF Prompts Chat
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-5474 MEDIUM This Month

Heap-based buffer overflow in NASA cFS up to version 7.0.0 exists in the CFE_MSG_GetSize function within the CCSDS Packet Header Handler component (apps/to_lab/fsw/src/to_lab_passthru_encode.c), allowing attackers on the local network to cause memory corruption with limited confidentiality, integrity, and availability impact. The vulnerability requires network adjacency but no authentication or user interaction; no public exploit code has been identified, and the project has not yet released a patch despite early notification through GitHub issue tracking.

Buffer Overflow Core Flight System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-34776 MEDIUM PATCH GHSA This Month

Out-of-bounds heap read in Electron's single-instance lock mechanism on macOS and Linux allows local attackers with same-user privileges to leak sensitive application memory through crafted second-instance messages. Affected Electron versions prior to 41.0.0, 40.8.1, 39.8.1, and 38.8.6 are vulnerable only if applications explicitly call app.requestSingleInstanceLock(); no public exploit code is currently identified, but the CVSS 5.3 score reflects moderate confidentiality impact combined with local attack complexity requirements.

Information Disclosure Buffer Overflow Microsoft Apple
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2017-20233 MEDIUM This Month

Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 contains a firewall filtering vulnerability that fails to correctly filter IPv4 multicast and broadcast traffic when management IP address. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hirschmann Hilcos Openbat Bat450 Wlc Hirschmann Hilcos Bat867
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-33709 MEDIUM PATCH GHSA This Month

Open redirect vulnerability in JupyterHub prior to version 5.4.4 allows unauthenticated remote attackers to craft malicious links that bypass JupyterHub's redirect validation, redirecting users through the legitimate login page to arbitrary attacker-controlled sites. This enables phishing attacks and credential harvesting by leveraging JupyterHub's trusted domain to establish credibility. The vulnerability requires user interaction (clicking a link) and has been patched in version 5.4.4.

Open Redirect
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-5469 MEDIUM This Month

Server-side request forgery in Casdoor 2.356.0 webhook URL handler allows authenticated remote attackers with high privileges to trigger SSRF attacks through webhook URL manipulation, enabling potential access to internal network resources. No public exploit code or active exploitation has been identified; CVSS 5.1 reflects limited confidentiality and integrity impact despite remote network accessibility.

SSRF Casdoor
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-5475 MEDIUM This Month

Memory corruption in NASA cFS up to version 7.0.0 via manipulation of the CFE_SB_TransmitMsg function in the CCSDS Header Size Handler component allows local attackers with low privileges to corrupt memory, potentially leading to denial of service or information disclosure. No public exploit code or active exploitation has been confirmed; the vendor was notified early but has not yet released a patch as of analysis time.

Buffer Overflow Cfs
NVD VulDB GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-34990 MEDIUM PATCH This Month

Local privilege escalation in OpenPrinting CUPS 2.4.16 and prior allows unprivileged users to bypass authentication and create arbitrary file overwrites as root by coercing cupsd into issuing reusable Authorization tokens and leveraging printer-sharing policies to persist file:// URIs that bypass FileDevice restrictions. A proof-of-concept demonstrates root command execution via sudoers file modification, and the vulnerability is confirmed by the presence of public exploit code.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.0
EPSS
0.0%
CVE-2026-34061 MEDIUM This Month

Elected validator proposers in nimiq/core-rs-albatross before version 1.3.0 can submit election macro blocks with malformed interlink headers that bypass proposal validation but are rejected during block finalization, causing denial of service by halting consensus after Tendermint voting completes. The vulnerability requires high privileges (validator proposer role) and results in network availability impact but no data compromise, affecting the Nimiq Proof-of-Stake network's consensus reliability.

Information Disclosure Canonical
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-27447 MEDIUM PATCH This Month

CUPS daemon (cupsd) versions 2.4.16 and earlier authenticate users via case-insensitive username comparison, allowing an authenticated high-privileged user to bypass authorization controls by submitting requests under a username that differs only in case from an authorized user, gaining access to restricted printing operations. No public exploit code has been identified, and patches were not available at the time of initial disclosure, though a upstream commit indicates a fix may have been prepared.

Authentication Bypass Cups
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-34773 MEDIUM PATCH GHSA This Month

Electron's setAsDefaultProtocolClient() on Windows fails to validate protocol names before writing to the Windows registry, allowing local authenticated attackers to hijack protocol handlers by writing to arbitrary HKCU\Software\Classes\ subkeys when apps pass untrusted input as the protocol parameter. The vulnerability affects Electron versions prior to 38.8.6, 39.8.1, 40.8.1, and 41.0.0, and requires local access and low privileges; no public exploit has been identified at time of analysis.

RCE Microsoft
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-23463 MEDIUM PATCH This Month

Race condition in Linux kernel QMan driver allows concurrent queue frame descriptor allocation and deallocation to corrupt internal state, causing WARN_ON triggers and potential information disclosure via stale fq_table entries. The vulnerability affects systems using Freescale/NXP QBMan queue management with dynamic FQID allocation enabled (QMAN_FQ_FLAG_DYNAMIC_FQID). No public exploit code or active exploitation confirmed; upstream fix merged via memory barrier enforcement to serialize table cleanup before FQID pool deallocation.

Linux Race Condition Information Disclosure
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-23452 MEDIUM PATCH This Month

Linux kernel runtime PM subsystem contains a use-after-free race condition in pm_runtime_work() where the dev->parent pointer may be dereferenced after the parent device has been freed during device removal. This results in a KASAN-detectable memory safety violation that can trigger kernel panics or arbitrary memory access. The vulnerability affects all Linux kernel versions and is resolved by adding a flush_work() call to pm_runtime_remove() to serialize device removal with pending runtime PM work.

Linux Race Condition Information Disclosure
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-23441 MEDIUM PATCH This Month

Race condition in Linux kernel net/mlx5e IPSec offload driver allows concurrent access to a shared DMA-mapped ASO context, potentially causing information disclosure or incorrect IPSec processing results. The vulnerability affects systems using Mellanox MLX5 network adapters with IPSec offload functionality. An attacker with local access to initiate multiple IPSec operations in rapid succession can trigger the race condition, corrupting the shared context and causing subsequent operations to read invalid data, compromising confidentiality and integrity of IPSec-protected traffic.

Linux Race Condition Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-23469 MEDIUM PATCH This Month

Linux kernel drm/imagination driver crashes when the GPU runtime PM suspend callback executes concurrently with an IRQ handler attempting to access GPU registers, causing kernel panics with SError interrupts on ARM64 platforms. The vulnerability affects the imagination GPU driver across Linux kernel versions and is triggered when power management suspend operations race with interrupt handling without proper synchronization. The fix adds synchronize_irq() calls to ensure IRQ handlers complete before GPU suspension and removes problematic runtime PM resume calls from the IRQ handler that could cause deadlocks.

Linux Denial Of Service Race Condition
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-27456 MEDIUM PATCH This Month

Unauthorized read access to root-owned files via TOCTOU race condition in util-linux mount binary (versions prior to 2.41.4) allows local users with existing fstab entries to replace loop device source files with symlinks pointing to sensitive files or block devices, bypassing intended access controls. The vulnerability requires moderate exploitation effort (AC:H) and authenticated user access (PR:L) but grants disclosure of confidential data including filesystem backups and disk volumes. No public exploit code or active CISA KEV status identified at time of analysis.

Authentication Bypass Util Linux
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-26477 MEDIUM This Month

Denial of service in Dokuwiki version 2025-05-14b 'Librarian' release allows remote attackers to crash or disable the application through improper input handling in the media_upload_xhr() function within media.php. The vulnerability requires network access to the media upload endpoint but does not require authentication. No public exploit code, CVSS scoring, or active exploitation has been confirmed at the time of analysis.

Denial Of Service PHP
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-35181 MEDIUM GHSA This Month

Cross-site request forgery (CSRF) in AVideo's player skin configuration endpoint allows unauthenticated remote attackers to modify the video player appearance platform-wide when an authenticated administrator visits a malicious webpage. The vulnerability stems from missing CSRF token validation combined with disabled ORM-level domain security checks and SameSite=None cookie configuration; a proof-of-concept demonstrates silent modification of player skin settings without admin consent.

CSRF PHP
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-28736 MEDIUM GHSA Monitor

Focalboard 8.0 fails to validate file ownership during file serving, allowing authenticated attackers to read arbitrary uploaded files if they know the target fileID. The vulnerability affects all versions of the standalone Focalboard product, which is no longer maintained by Mattermost and will not receive security patches. An attacker with valid credentials can exploit this authorization bypass with no additional user interaction to access sensitive file contents.

Authentication Bypass Focalboard
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-35541 MEDIUM PATCH GHSA This Month

Type confusion in Roundcube Webmail's password plugin allows authenticated users to change passwords without knowing the old password, affecting versions before 1.5.14 and 1.6.14. The vulnerability stems from incorrect password comparison logic that enables privilege escalation within an authenticated session. While the CVSS score of 4.2 reflects moderate severity and the requirement for prior authentication, the impact is direct account compromise for any authenticated user.

Information Disclosure Memory Corruption Webmail
NVD GitHub VulDB
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-2625 MEDIUM This Month

Denial of service in rust-rpm-sequoia allows local attackers to crash RPM signature verification by submitting specially crafted RPM files that trigger unhandled errors in OpenPGP parsing, preventing legitimate package management operations. CVSS 4.0 (low severity), local attack vector, non-authenticating. No public exploit code or active exploitation confirmed.

Denial Of Service Red Hat Jwt Attack
NVD VulDB
CVSS 3.1
4.0
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy