Skip to main content
CVE-2026-23453 HIGH PATCH This Week

Memory leak in Linux kernel's TI ICSSG PRU Ethernet driver XDP_DROP path causes page pool exhaustion and out-of-memory conditions on systems using XDP packet dropping in non-zero-copy mode. The vulnerability affects all Linux kernel versions with the vulnerable icssg-prueth driver code; page recycling was incorrectly removed from the XDP_DROP handler to support AF_XDP zero-copy mode, but this created a resource leak in standard mode. No active exploitation identified; this is a kernel stability and denial-of-service issue affecting embedded and edge systems using TI PRU Ethernet hardware.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-23451 HIGH PATCH This Week

Infinite loop in Linux kernel bonding device header parsing allows local denial of service when two bonding devices are stacked. The bond_header_parse() function can recurse indefinitely because skb->dev always points to the top of the device hierarchy. The fix adds a bounded recursion parameter to the header_ops parse() method to ensure the leaf parse method is called and prevent endless loops. This vulnerability affects all Linux kernel versions with the vulnerable bonding code and requires local access to trigger.

Linux Denial Of Service
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-23440 HIGH PATCH This Week

Linux kernel net/mlx5e driver suffers a race condition during IPSec ESN (Extended Sequence Number) update handling that causes incorrect ESN high-order bit increments, leading to anti-replay failures and IPSec traffic halts. The vulnerability affects systems using Mellanox ConnectX adapters with IPSec full offload mode enabled. Attackers with local network access or the ability to trigger IPSec traffic patterns could exploit this to disrupt encrypted communications, though no public exploit code or active exploitation has been reported.

Linux Race Condition Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-23419 HIGH PATCH This Week

Linux kernel RDS TCP subsystem resolves circular locking dependency in rds_tcp_tune() function where socket lock contention with fs_reclaim memory allocation creates deadlock potential. The vulnerability affects all Linux kernel versions with the vulnerable code path in net/rds/tcp.c; the fix relocates sk_net_refcnt_upgrade() outside the socket lock critical section to eliminate the circular lock dependency without compromising synchronization semantics.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28815 HIGH PATCH GHSA This Week

Out-of-bounds read in Apple swift-crypto X-Wing HPKE decapsulation allows remote attackers to trigger memory disclosure or denial of service by supplying a malformed encapsulated key. The vulnerability affects swift-crypto versions prior to 4.3.1 and any macOS or downstream applications using vulnerable versions of the cryptographic library.

Information Disclosure Buffer Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-35042 HIGH GHSA This Week

JWT token validation bypass in fast-jwt npm library (all versions through 3.3.3) allows unauthenticated remote attackers to forge tokens with critical header parameters, achieving authentication bypass and security policy circumvention. The library violates RFC 7515 by accepting JWS tokens containing unrecognized 'crit' extensions that MUST be rejected per specification. No public exploit identified at time of analysis, though proof-of-concept code demonstrates trivial exploitation. CVSS 7.5 (Hi

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-35558 HIGH PATCH This Week

Command injection in Amazon Athena ODBC driver versions prior to 2.1.0.0 allows local attackers to execute arbitrary code or hijack authentication flows through malicious connection parameters during user-initiated database connections. With a CVSS 7.3 rating, the vulnerability requires user interaction but no authentication (CVSS:4.0 AV:L/PR:N/UI:P), enabling high impact to confidentiality, integrity, and availability on the local system. Vendor-released patches are available across all platforms (Windows, Linux, macOS). No public exploit or active exploitation confirmed at time of analysis, though EPSS data not available for risk calibration.

RCE Command Injection Amazon Athena Odbc Driver
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-4108 HIGH PATCH This Week

Stored cross-site scripting (XSS) in Zohocorp ManageEngine Exchange Reporter Plus versions prior to 5802 allows authenticated attackers to inject malicious scripts through the Non-Owner Mailbox Permission report, potentially compromising confidentiality and integrity of user sessions. With CVSS 7.3 (High) and EPSS data unavailable, exploitation requires low attack complexity and authenticated access with user interaction. No public exploit identified at time of analysis, and vendor has released patched version 5802.

XSS Microsoft
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-4107 HIGH PATCH This Week

Stored cross-site scripting in ManageEngine Exchange Reporter Plus before version 5802 allows authenticated attackers to inject malicious scripts via the Folder Message Count and Size report. With CVSS 7.3 (High severity) and requiring low-privilege authentication with user interaction, successful exploitation enables session hijacking and credential theft within the administrative interface. No public exploit identified at time of analysis, though CVSS vector indicates network-accessible attack surface with low complexity.

XSS Microsoft
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-3879 HIGH PATCH This Week

Stored cross-site scripting in ManageEngine Exchange Reporter Plus (versions prior to 5802) allows authenticated attackers with low privileges to inject malicious scripts into Equipment Mailbox Details reports, enabling session hijacking and credential theft against administrative users who view the poisoned reports. No active exploitation confirmed (not in CISA KEV), but the vulnerability affects organizations monitoring Microsoft Exchange environments through ManageEngine's reporting platform.

XSS Microsoft
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-28703 HIGH PATCH This Week

Stored cross-site scripting (XSS) in ManageEngine Exchange Reporter Plus before version 5802 allows authenticated attackers to inject malicious scripts into the 'Mails Exchanged Between Users' report. With CVSS 7.3 (High severity) and low attack complexity (AC:L), this vulnerability requires low-privilege authentication (PR:L) and user interaction (UI:R) to achieve high confidentiality and integrity impact. No public exploit identified at time of analysis, though authentication requirements lower the barrier for insider threats or compromised accounts.

XSS Microsoft
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-28754 HIGH PATCH This Week

Stored cross-site scripting (XSS) in ManageEngine Exchange Reporter Plus versions prior to 5802 allows authenticated attackers with low privileges to inject malicious scripts into Distribution Lists reports that execute when viewed by other users, potentially compromising session tokens and account credentials of administrators or other privileged users. The vulnerability requires user interaction (victim must view the malicious report) but enables high-impact attacks against confidentiality and integrity within the application scope. No public exploit code or active exploitation has been identified at time of analysis.

XSS Microsoft
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-5485 HIGH PATCH This Week

Local code execution via command injection in Amazon Athena ODBC driver for Linux (pre-2.0.5.1) allows unauthenticated local attackers to execute arbitrary commands by crafting malicious connection parameters processed during user-initiated database connections. Vendor-released patches available across all platforms (version 2.1.0.0). No active exploitation confirmed (not in CISA KEV); CVSS 7.3 reflects high impact but requires local access and user interaction, limiting remote attack surface.

RCE Command Injection Amazon Athena Odbc Driver
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-3880 HIGH PATCH This Week

Stored cross-site scripting in ManageEngine Exchange Reporter Plus (versions prior to 5802) allows authenticated attackers to inject malicious scripts through the Public Folder Client Permissions report, enabling session hijacking and credential theft with medium exploitation complexity. No active exploitation confirmed (not present in CISA KEV), though the network-accessible attack vector and stored nature of the XSS elevate real-world risk for organizations using this Exchange monitoring solution.

XSS Microsoft
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-28756 HIGH PATCH This Week

Stored cross-site scripting (XSS) in ManageEngine Exchange Reporter Plus before version 5802 allows authenticated attackers with low privileges to inject malicious scripts into the Permissions based on Distribution Groups report, potentially leading to session hijacking and account compromise of administrators viewing the report. No active exploitation confirmed (CISA KEV absent), but the network-accessible attack vector and low complexity make this exploitable with publicly documented vendor advisory details.

XSS Microsoft
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-27655 HIGH PATCH This Week

Stored cross-site scripting in Zohocorp ManageEngine Exchange Reporter Plus (pre-5802) allows authenticated attackers to inject malicious scripts via the Permissions Based on Mailboxes report, potentially compromising administrator sessions and stealing high-privilege credentials. Attack requires low complexity and user interaction from a victim administrator. CVSS 7.3 (High) reflects significant confidentiality and integrity impact. No public exploit identified at time of analysis, with EPSS data unavailable for this recently disclosed vulnerability.

XSS Microsoft
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-34607 HIGH This Week

Path traversal in Emlog CMS 2.6.2 and earlier enables authenticated administrators to achieve remote code execution by uploading malicious ZIP archives containing directory traversal sequences. The emUnZip() function fails to sanitize entry paths during plugin/template uploads and backup imports, allowing arbitrary file writes including PHP webshells. CVSS 7.2 (High) with network attack vector and low complexity. No vendor-released patch identified at time of analysis; publicly available exploit code exists via GitHub Security Advisory GHSA-2jg8-rmhm-xv9m.

RCE Path Traversal PHP
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2026-35175 HIGH PATCH GHSA This Week

Privilege escalation in Ajenti panel allows authenticated non-superuser accounts to install arbitrary Python packages, bypassing role-based access controls. Affects installations using the auth_users plugin authentication method. Vendor-released patch available in version 2.2.15. No public exploit identified at time of analysis, though the privilege bypass mechanism is straightforward for authenticated users to abuse.

Authentication Bypass
NVD GitHub
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-35536 HIGH PATCH GHSA This Week

Cookie attribute injection in Tornado web framework versions before 6.5.5 allows unauthenticated remote attackers to manipulate cookie security attributes through crafted characters in domain, path, and samesite parameters of RequestHandler.set_cookie. With CVSS 7.2 and EPSS data unavailable, this represents a moderate integrity and confidentiality risk for web applications using affected Tornado versions. No public exploit identified at time of analysis, though the vulnerability mechanism is straightforward for exploitation.

Code Injection Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-35037 HIGH PATCH GHSA This Week

Unauthenticated Server-Side Request Forgery (SSRF) in Ech0's /api/website/title endpoint allows remote attackers to access internal network services, cloud metadata endpoints (AWS IMDSv1 at 169.254.169.254), and localhost-bound resources without authentication. The vulnerability accepts arbitrary URLs via the website_url parameter with zero validation, enabling attackers to probe internal infrastructure and exfiltrate partial response data through HTML title tag extraction. CVSS 7.2 reflects the

SSRF Information Disclosure Microsoft Redis
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-27885 HIGH PATCH This Week

SQL injection in Piwigo's Activity List API endpoint allows authenticated administrators to extract sensitive database contents including user credentials and email addresses. This vulnerability affects Piwigo versions prior to 16.3.0 and requires high-level privileges (administrator access) to exploit. CVSS score of 7.2 reflects the network-accessible attack vector with low complexity, though exploitation requires prior administrative authentication. No public exploit code or active exploitation (CISA KEV) identified at time of analysis. The vendor has released version 16.3.0 addressing this issue.

SQLi Information Disclosure Piwigo
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-27834 HIGH PATCH This Week

SQL injection in Piwigo photo gallery application allows authenticated administrators to execute arbitrary SQL commands via the pwg.users.getList Web Service API method. Piwigo versions prior to 16.3.0 are affected due to improper sanitization of the filter parameter, which is directly concatenated into database queries. Vendor-released patch version 16.3.0 addresses this vulnerability. EPSS data not provided; no public exploit identified at time of analysis. Authentication requirements (PR:H) significantly limit attack surface to users with administrative privileges.

SQLi Piwigo
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-35167 HIGH PATCH GHSA This Week

Path traversal in Kedro's versioned dataset loader allows authenticated remote attackers to read arbitrary files outside intended data directories. Kedro versions before 1.3.0 fail to sanitize user-supplied version strings in catalog.load(), DataCatalog.from_config(), and CLI operations, enabling traversal sequences (../) to escape versioned dataset boundaries. Attackers with API or CLI access can exfiltrate sensitive files, poison training data, or access other tenants' data in multi-tenant ML pipelines. EPSS probability indicates moderate exploitation likelihood (specific score not provided), with publicly available exploit code exists via the referenced GitHub pull request demonstrating the vulnerability mechanics. Vendor-released patch available in Kedro 1.3.0.

Path Traversal
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-35559 HIGH PATCH This Week

Out-of-bounds write vulnerability in Amazon Athena ODBC driver (pre-2.1.0.0) allows remote attackers to crash the driver through specially crafted query data, requiring user interaction to process malicious queries. Affected versions include all Amazon Athena ODBC driver releases before 2.1.0.0 across Windows, Linux, and macOS platforms. CVSS 7.1 (High) reflects network-based attack with low complexity but requires user interaction (UI:P) and impacts only availability (VA:H). No public exploit identified at time of analysis. Vendor-released patch version 2.1.0.0 is available for all supported platforms with direct download links provided in AWS security bulletin 2026-013.

Buffer Overflow Memory Corruption Amazon Athena Odbc Driver
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-22664 HIGH PATCH This Week

Server-side request forgery (SSRF) in prompts.chat allows authenticated users to force the server to make arbitrary HTTP requests with the application's FAL_API_KEY exposed in Authorization headers. Attackers can exploit unvalidated URL parameters in Fal.ai media status polling to exfiltrate API credentials, probe internal networks, and abuse the victim's Fal.ai account resources. Patch available via GitHub commit 30a8f04. No public exploit identified at time of analysis, though CVSS vector indicates low attack complexity with network-based attack vector requiring only low privileges.

SSRF Prompts Chat
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-31395 HIGH PATCH This Week

Out-of-bounds read and write in the Broadcom bnxt_en network driver of the Linux kernel allows a malicious or compromised NIC to corrupt kernel heap memory or crash the system. The flaw resides in the DBG_BUF_PRODUCER async event handler, which uses a firmware-supplied 16-bit 'type' field as an unchecked index into the bp->bs_trace[] array. No public exploit identified at time of analysis and EPSS rates exploitation probability at just 0.02%, but the impact on confidentiality and availability is high where the trust boundary between NIC firmware and kernel is relevant.

Linux Buffer Overflow Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-23424 HIGH PATCH This Week

Linux kernel accel/amdxdna driver fails to validate command buffer payload count, allowing out-of-bounds reads in AMD XDNA accelerator command processing. The vulnerability affects the accel/amdxdna subsystem across unspecified Linux kernel versions and permits information disclosure through unvalidated payload size interpretation. No active exploitation, public proof-of-concept, or CVSS data currently available.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68153 HIGH PATCH GHSA This Week

Unauthorized resource modification in Juju application orchestration engine allows any authenticated controller user to tamper with application resources across the entire controller scope. Affects Juju 2.9.0-2.9.55 and 3.6.0-3.6.18. Patched in versions 2.9.56 and 3.6.19. EPSS score of 0.01% suggests low probability of mass exploitation. No active exploitation confirmed (not in CISA KEV). Authentication requirement (PR:L) limits attack surface to compromised credentials or malicious insiders.

Authentication Bypass Juju
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-34992 HIGH PATCH GHSA This Week

IPv6 Pod traffic in Antrea dual-stack Kubernetes clusters transmits in plaintext despite IPsec encryption configuration, exposing inter-node communication to network eavesdropping. Affects Antrea versions prior to 2.6.0, 2.5.2, and 2.4.5 when dual-stack networking is enabled with trafficEncryptionMode: ipsec. Vendor-released patches are available across multiple stable branches. No public exploit identified at time of analysis, though the vulnerability bypasses intended encryption controls and could enable passive network monitoring in multi-tenant or untrusted network environments.

Authentication Bypass
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2017-20238 HIGH This Week

Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hirschmann Industrial Hivision
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-23454 HIGH PATCH This Week

Use-after-free in Linux kernel MANA hardware channel teardown (net/mana driver) allows concurrent interrupt handlers to dereference freed memory in mana_hwc_destroy_channel(), potentially causing NULL pointer dereference or memory corruption. The vulnerability stems from improper teardown ordering where hwc->caller_ctx is freed before CQ/EQ IRQ handlers are fully synchronized, affecting all Linux kernel versions with the MANA driver. Fixes are available across stable kernel branches via upstream commit reordering.

Linux Use After Free Denial Of Service Memory Corruption
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-34770 HIGH PATCH GHSA This Week

Use-after-free in Electron's powerMonitor module allows local attackers to trigger memory corruption or application crashes through system power events. All Electron applications (versions <38.8.6, <39.8.1, <40.8.0, <41.0.0-beta.8) that subscribe to powerMonitor events (suspend, resume, lock-screen) are vulnerable when garbage collection frees the PowerMonitor object while OS-level event handlers retain dangling pointers. Exploitation requires local access and specific timing conditions (CVSS 7.0 HIGH, AC:H). No public exploit identified at time of analysis, though the technical details are publicly documented in the GitHub security advisory.

Use After Free Memory Corruption Microsoft Apple Buffer Overflow
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2022-4987 HIGH This Week

Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hirschmann Industrial Hivision
NVD VulDB
CVSS 4.0
7.0
EPSS
0.0%
CVE-2026-34217 MEDIUM PATCH GHSA This Month

SandboxJS versions 0.8.35 and below allow untrusted sandboxed code to leak internal interpreter scope objects through the `new` operator, exposing raw Prop wrappers that reference the host's global variable storage (scope.allVars). An attacker controlling code execution within the sandbox can extract this scope object and modify variables in the sandbox hierarchy, though prototype chain and code evaluation remain protected. Vendor-released patch available; no active KEV status or public exploit code confirmed.

Node.js Information Disclosure
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-28767 MEDIUM PATCH This Month

Unauthenticated attackers can access administrative endpoint notifications in Gardyn Cloud API without proper authentication, allowing information disclosure via an authentication bypass vulnerability. The CVSS 6.9 score reflects the network accessibility and lack of required privileges, though impact is limited to confidentiality. No public exploit code or active exploitation has been confirmed at time of analysis.

Authentication Bypass Cloud Api
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-34211 MEDIUM PATCH GHSA This Month

Denial of service in @nyariv/sandboxjs through unbounded recursion in the parser allows remote attackers to crash Node.js processes by submitting deeply nested expressions (approximately 2000 nested parentheses or brackets), triggering a RangeError that terminates the application. All public API methods (Sandbox.parse, Sandbox.compile, Sandbox.compileAsync, Sandbox.compileExpression, Sandbox.compileExpressionAsync) are vulnerable with no input validation or depth limiting. A proof-of-concept demonstrating the crash exists; no public active exploitation has been reported at the time of analysis.

Node.js Denial Of Service
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-32662 MEDIUM PATCH This Month

Gardyn Cloud API exposes development and test endpoints that mirror production functionality, allowing unauthenticated remote attackers to access sensitive information with low complexity. This information disclosure vulnerability (CVSS 6.9) affects all versions of Gardyn Cloud API and has been documented by CISA ICS in advisory ICSA-26-055-03; no public exploit code or active exploitation has been identified at the time of analysis.

Information Disclosure Cloud Api
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-68152 MEDIUM PATCH GHSA This Month

Juju application orchestration engine versions 2.9 to 2.9.55 and 3.6 to 3.6.18 allow a compromised workload machine to read arbitrary log files for any entity across any model without proper authorization checks. This authentication bypass (CWE-863) affects high-privilege scenarios where an attacker already controls a machine within a Juju-managed infrastructure, enabling lateral information disclosure to extract sensitive operational logs. The vulnerability has been patched in Juju 2.9.56 and 3.6.19.

Authentication Bypass Juju
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-59709 MEDIUM This Month

Biztalk360 through version 11.5 contains a directory traversal vulnerability allowing Super User attackers to read arbitrary files on the system and coerce authentication from the service through mishandled user input in file path parameters. The vulnerability enables local file access and potential credential extraction by authenticated administrators with Super User privileges.

Path Traversal
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2026-34775 MEDIUM PATCH GHSA This Month

Electron's nodeIntegrationInWorker webPreference fails to properly isolate Node.js integration in worker contexts across certain process-sharing configurations, allowing workers in frames explicitly configured with nodeIntegrationInWorker: false to unexpectedly gain Node.js capabilities. Only applications that explicitly enable nodeIntegrationInWorker are affected. The vulnerability carries a CVSS score of 6.8 and permits information disclosure and code execution in affected contexts, with no public exploit identified at time of analysis.

Node.js Information Disclosure Microsoft
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-34978 MEDIUM PATCH This Month

Path traversal in OpenPrinting CUPS RSS notifier (versions 2.4.16 and prior) allows unauthenticated remote IPP clients to write arbitrary files outside the intended CacheDir/rss directory via a crafted notify-recipient-uri parameter. By exploiting default group-writable permissions on CacheDir, attackers can overwrite critical state files such as job.cache, causing the CUPS scheduler to fail parsing job queues and resulting in loss of previously queued print jobs. No public exploit code or vendor patch is currently available, though the vulnerability is demonstrated with proof-of-concept exploitation.

Path Traversal Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-34787 MEDIUM This Month

Local file inclusion in Emlog admin/plugin.php allows authenticated attackers to execute arbitrary PHP code via unsanitized $plugin parameter in GET requests, provided CSRF token validation can be bypassed. Emlog versions 2.6.2 and prior are affected. An authenticated attacker with high privileges can include arbitrary files from the server filesystem, achieving remote code execution without requiring user interaction. No public exploit code or active exploitation has been confirmed at time of analysis.

LFI CSRF PHP RCE
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-35549 MEDIUM PATCH This Month

Denial of service in MariaDB Server through large packet crashes when the caching_sha2_password authentication plugin is enabled and accounts use it, due to unbounded stack allocation in sha256_crypt_r. Authenticated remote attackers can crash the server by sending a crafted large authentication packet. MariaDB versions before 11.4.10, 11.5.0 through 11.8.5, and 12.0.0 through 12.2.1 are affected. No public exploit code or confirmed active exploitation reported at time of analysis.

Denial Of Service MariaDB
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34755 MEDIUM PATCH GHSA This Month

Denial of service in vLLM's VideoMediaIO.load_base64() method allows authenticated remote attackers to crash the server via memory exhaustion by sending API requests with thousands of comma-separated base64-encoded JPEG frames. The vulnerability bypasses the default 32-frame limit enforced in other video loading code paths, allowing attackers to decode gigabytes of image data into memory (e.g., 5000 frames ≈ 4.6 GB for 640x480 RGB) with a small compressed payload. CVSS 6.5 (network-accessible, low complexity, requires authentication, high availability impact); no public exploit code identified at time of analysis.

Denial Of Service Python
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34756 MEDIUM PATCH GHSA This Month

Denial of Service in vLLM OpenAI-compatible API server allows unauthenticated remote attackers to crash the service via a single HTTP request containing an extremely large n parameter. The lack of upper bound validation causes the asyncio event loop to freeze while allocating millions of request object copies, leading to rapid Out-Of-Memory crashes. CVSS 6.5 with moderate real-world risk due to authentication requirement in the disclosed CVSS vector (PR:L), though the description indicates unauthenticated exploitability - a significant discrepancy warranting clarification from the vendor.

Denial Of Service Python
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34788 MEDIUM This Month

SQL injection in Emlog tag management allows authenticated administrators to execute arbitrary SQL queries through the updateTagName() function in include/model/tag_model.php. Versions 2.6.2 and prior are affected. An attacker with administrative privileges can exploit this via direct SQL manipulation to modify or exfiltrate database contents. No public exploit code or active exploitation has been confirmed; patch status remains unavailable as of publication.

SQLi PHP
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34779 MEDIUM PATCH GHSA This Month

Electron's moveToApplicationsFolder() API on macOS improperly sanitizes application bundle paths in AppleScript fallback code, allowing arbitrary AppleScript execution when a user accepts a move-to-Applications prompt on a system with a crafted path. Remote code execution is possible if an attacker can control the installation path or launch context of an Electron application; however, this requires user interaction (accepting the move prompt) and is limited to local attack surface. No public exploit code or active exploitation has been identified. CVSS 6.5 reflects moderate risk due to local-only attack vector and user interaction requirement, though the impact (code execution) is severe.

Apple Command Injection
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-35507 MEDIUM PATCH This Month

Host header injection in Shynet before 0.14.0 allows unauthenticated remote attackers to manipulate password reset functionality through crafted HTTP Host headers, enabling account hijacking and unauthorized access via email-based password reset flows. The vulnerability requires user interaction (clicking a reset link) and carries a CVSS score of 6.4 with confirmed patch availability in version 0.14.0.

Code Injection Shynet
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-25118 MEDIUM PATCH This Month

Immich prior to version 2.6.0 discloses shared album passwords in cleartext within URL query parameters during authentication to /api/shared-links/me, exposing credentials to browser history, proxy logs, server logs, and HTTP referrer headers. An unauthenticated attacker with access to these logs or referrer data can obtain album passwords and compromise shared album access, affecting all installations using shared albums with password protection before the patch.

Information Disclosure Immich
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-27481 MEDIUM PATCH This Month

Discourse versions 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0-pre allow unauthenticated users to enumerate and view hidden staff-only tags and associated metadata through an authorization bypass flaw. All instances with tagging enabled and staff-only tag groups configured are vulnerable. The issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0 final. No public exploit code or active exploitation has been confirmed at the time of analysis.

Information Disclosure Discourse
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
Prev Page 3 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy