Skip to main content
CVE-2026-23418 MEDIUM PATCH This Month

Memory leak in Linux kernel DRM/XE register save-restore (reg_sr) module fails to free allocated memory when xa_store() operation fails, potentially allowing local information disclosure or denial of service through repeated trigger of the error path. The vulnerability affects all Linux kernel versions containing the affected drm/xe/reg_sr code prior to the fix commits referenced. No CVSS score or exploit data provided; patch commits are available in upstream Linux repository.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-34933 MEDIUM PATCH This Month

Denial of service in Avahi prior to version 0.9-rc4 allows local unprivileged users to crash avahi-daemon by sending a D-Bus method call with conflicting publish flags. The vulnerability requires local access and low privileges but causes immediate service unavailability. No public exploit code or active exploitation has been confirmed; however, the attack is trivial to execute given the low complexity barrier.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-34753 MEDIUM PATCH GHSA This Month

Server-side request forgery (SSRF) in vLLM batch runner allows authenticated attackers to make arbitrary HTTP/HTTPS requests from the vLLM server by controlling the file_url field in batch input JSON, enabling targeting of internal services such as cloud metadata endpoints without URL validation or domain restrictions. The vulnerability affects vLLM's audio transcription and translation batch endpoints and is confirmed to have an upstream fix available via GitHub PR #38482 and commit 57861ae48d3493fa48b4d7d830b7ec9f995783e7. CVSS score is 5.4 (moderate); no public exploit code or confirmed active exploitation has been identified at time of analysis.

SSRF
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-35540 MEDIUM PATCH GHSA This Month

Roundcube Webmail 1.6.0 through 1.6.13 allows Server-Side Request Forgery (SSRF) and Information Disclosure through insufficient CSS sanitization in HTML email messages, enabling attackers to craft malicious stylesheets that reference local network hosts. The vulnerability affects all instances processing HTML emails with external stylesheet links, and does not require authentication due to the unauthenticated attack vector (AV:N, PR:N in CVSS). Vendor-released patch: versions 1.6.14, 1.7-rc5, and later.

Information Disclosure SSRF Suse
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-35508 MEDIUM PATCH This Month

Cross-site scripting (XSS) in Shynet before version 0.14.0 allows unauthenticated remote attackers to inject arbitrary scripts through the urldisplay and iconify template filters, potentially compromising user sessions and data integrity with medium attack complexity and cross-site scope. The vulnerability affects the analytics platform's template rendering layer and has been patched in version 0.14.0 with no confirmed active exploitation reported.

XSS Shynet
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-34777 MEDIUM PATCH GHSA This Month

Electron versions prior to 38.8.6, 39.8.1, 40.8.1, and 41.0.0 pass the top-level page origin instead of the requesting iframe's origin to permission request handlers for fullscreen, pointerLock, keyboardLock, openExternal, and media permissions, allowing attackers to trick applications into granting sensitive permissions to embedded third-party content via social engineering or malicious iframe injection. Unauthenticated remote attackers can exploit this via user interaction (iframe load), with CVSS 5.4 indicating moderate confidentiality and integrity impact; no public exploit code or active exploitation confirmed at time of analysis.

Information Disclosure
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-35052 MEDIUM PATCH GHSA This Month

Remote code execution in D-Tale allows unauthenticated attackers to execute arbitrary code on servers hosting D-Tale publicly when using Redis or Shelf storage backends. The vulnerability stems from improper input validation in the storage layer, affecting D-Tale versions prior to 3.22.0. Vendor-released patch version 3.22.0 is available.

Redis RCE XSS
NVD GitHub
CVSS 4.0
5.3
EPSS
0.4%
CVE-2026-35166 MEDIUM PATCH GHSA This Month

Cross-site scripting (XSS) vulnerability in Hugo's default markdown to HTML renderer fails to properly escape links and image links, allowing injection of malicious scripts through markdown content. Hugo v0.159.2 and earlier are affected. Users who employ custom render hooks for links and images, or who trust all markdown content sources, are not vulnerable. Vendor-released patch: v0.159.2.

XSS
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-35468 MEDIUM This Month

Denial of service in Nimiq Core RS Albatross prior to version 1.3.0 allows remote attackers to crash full nodes by sending specially crafted consensus requests (RequestTransactionsProof or RequestTransactionReceiptsByAddress) when the node is operating without a history index. The vulnerability stems from unsafe unwrap() calls that panic when encountering a valid but unindexed state, affecting nodes during synchronization or when intentionally configured without history indexing.

Information Disclosure Core Rs Albatross
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-34979 MEDIUM PATCH This Month

Heap-based buffer overflow in OpenPrinting CUPS scheduler versions 2.4.16 and prior allows unauthenticated remote attackers to trigger a denial of service condition by crafting malicious job attributes that overflow buffers during filter option string construction. With a CVSS score of 5.3 and network accessibility, this vulnerability impacts availability on exposed CUPS instances; no public exploit code or vendor patch has been released as of publication.

Heap Overflow Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-35179 MEDIUM GHSA This Month

Unauthenticated proxy access in AVideo's SocialMediaPublisher plugin allows any user to make arbitrary Facebook/Instagram Graph API calls through the `publishInstagram.json.php` endpoint without authentication or authorization checks. By sending crafted requests with stolen or leaked access tokens, attackers can publish, modify, or delete content on the platform's Instagram account and potentially bypass rate limits using the server's IP address. CVSS 5.3 (medium integrity impact); no active exploitation confirmed but proof-of-concept is publicly available.

PHP Authentication Bypass
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-25043 MEDIUM PATCH This Month

Email flooding denial of service in Budibase prior to version 3.23.25 allows unauthenticated remote attackers to overwhelm user inboxes by repeatedly triggering password reset requests without rate limiting, CAPTCHA, or abuse prevention controls. An attacker can send hundreds of password reset emails to a target address in a short time window, causing user harassment, inbox denial of service, and potential reputational damage. This vulnerability has been patched in version 3.23.25.

Denial Of Service Budibase
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-35545 MEDIUM PATCH GHSA This Month

Roundcube Webmail before versions 1.5.15 and 1.6.15 fails to properly sanitize SVG content in email messages, allowing the remote image blocking feature to be bypassed via SVG animate elements with malicious attributeName values. This vulnerability enables unauthenticated attackers to bypass access controls and potentially disclose information through image loading, affecting all Roundcube installations using vulnerable versions.

Information Disclosure Webmail
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-35544 MEDIUM PATCH GHSA This Month

Roundcube Webmail before versions 1.5.14 and 1.6.14 allows unauthenticated remote attackers to bypass CSS-based security mitigations in HTML email rendering by injecting !important declarations, enabling potential integrity attacks such as phishing or UI redressing. The vulnerability stems from insufficient CSS sanitization when processing HTML email messages, with no authentication required and minimal attack complexity.

Authentication Bypass Webmail
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-35543 MEDIUM PATCH GHSA This Month

Roundcube Webmail before versions 1.5.14 and 1.6.14 allows unauthenticated remote attackers to bypass the remote image blocking feature via SVG content containing animate attributes in email messages, leading to information disclosure or access control bypass. The vulnerability has a CVSS score of 5.3 (moderate severity) with low attack complexity and no authentication required, though the confidentiality impact is limited.

Information Disclosure Webmail
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-35542 MEDIUM PATCH GHSA This Month

Roundcube Webmail before versions 1.5.14 and 1.6.14 allows unauthenticated remote attackers to bypass the remote image blocking security feature through a crafted background attribute in a BODY element of an email message, enabling information disclosure via tracking pixels or other image-based reconnaissance. The vulnerability affects all versions prior to 1.5.14 and 1.6.x versions before 1.6.14, with CVSS 5.3 (medium severity) reflecting the low confidentiality impact but lack of authentication requirements.

Information Disclosure Webmail
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-25742 MEDIUM PATCH This Month

Zulip versions 1.4.0 through 11.5 allow unauthenticated retrieval of attachments and topic history from web-public streams even after spectator access is disabled, due to incomplete access control on attachment serving and the /users/me/<stream_id>/topics endpoint. An attacker can bypass intended access restrictions to read file contents and stream metadata after public access is supposed to be revoked. The vulnerability affects all Zulip deployments that previously enabled spectator access and then disabled it. Vendor-released patch: version 11.6.

Authentication Bypass Zulip
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22662 MEDIUM PATCH This Month

Blind server-side request forgery in prompts.chat media generator allows authenticated users to manipulate the inputImageUrl parameter in /api/media-generate POST requests to perform arbitrary server-side HTTP fetches, enabling internal network reconnaissance, access to internal services, and potential data exfiltration through the upstream Wiro service without receiving direct response bodies. The vulnerability affects prompts.chat prior to commit 1464475 and requires valid user authentication; patch availability has been confirmed through vendor repository.

SSRF Prompts Chat
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-5474 MEDIUM This Month

Heap-based buffer overflow in NASA cFS up to version 7.0.0 exists in the CFE_MSG_GetSize function within the CCSDS Packet Header Handler component (apps/to_lab/fsw/src/to_lab_passthru_encode.c), allowing attackers on the local network to cause memory corruption with limited confidentiality, integrity, and availability impact. The vulnerability requires network adjacency but no authentication or user interaction; no public exploit code has been identified, and the project has not yet released a patch despite early notification through GitHub issue tracking.

Buffer Overflow Core Flight System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-34776 MEDIUM PATCH GHSA This Month

Out-of-bounds heap read in Electron's single-instance lock mechanism on macOS and Linux allows local attackers with same-user privileges to leak sensitive application memory through crafted second-instance messages. Affected Electron versions prior to 41.0.0, 40.8.1, 39.8.1, and 38.8.6 are vulnerable only if applications explicitly call app.requestSingleInstanceLock(); no public exploit code is currently identified, but the CVSS 5.3 score reflects moderate confidentiality impact combined with local attack complexity requirements.

Information Disclosure Buffer Overflow Microsoft Apple
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2017-20233 MEDIUM This Month

Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 contains a firewall filtering vulnerability that fails to correctly filter IPv4 multicast and broadcast traffic when management IP address. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hirschmann Hilcos Openbat Bat450 Wlc Hirschmann Hilcos Bat867
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-33709 MEDIUM PATCH GHSA This Month

Open redirect vulnerability in JupyterHub prior to version 5.4.4 allows unauthenticated remote attackers to craft malicious links that bypass JupyterHub's redirect validation, redirecting users through the legitimate login page to arbitrary attacker-controlled sites. This enables phishing attacks and credential harvesting by leveraging JupyterHub's trusted domain to establish credibility. The vulnerability requires user interaction (clicking a link) and has been patched in version 5.4.4.

Open Redirect
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-5469 MEDIUM This Month

Server-side request forgery in Casdoor 2.356.0 webhook URL handler allows authenticated remote attackers with high privileges to trigger SSRF attacks through webhook URL manipulation, enabling potential access to internal network resources. No public exploit code or active exploitation has been identified; CVSS 5.1 reflects limited confidentiality and integrity impact despite remote network accessibility.

SSRF Casdoor
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-5475 MEDIUM This Month

Memory corruption in NASA cFS up to version 7.0.0 via manipulation of the CFE_SB_TransmitMsg function in the CCSDS Header Size Handler component allows local attackers with low privileges to corrupt memory, potentially leading to denial of service or information disclosure. No public exploit code or active exploitation has been confirmed; the vendor was notified early but has not yet released a patch as of analysis time.

Buffer Overflow Cfs
NVD VulDB GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-34990 MEDIUM PATCH This Month

Local privilege escalation in OpenPrinting CUPS 2.4.16 and prior allows unprivileged users to bypass authentication and create arbitrary file overwrites as root by coercing cupsd into issuing reusable Authorization tokens and leveraging printer-sharing policies to persist file:// URIs that bypass FileDevice restrictions. A proof-of-concept demonstrates root command execution via sudoers file modification, and the vulnerability is confirmed by the presence of public exploit code.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.0
EPSS
0.0%
CVE-2026-34061 MEDIUM This Month

Elected validator proposers in nimiq/core-rs-albatross before version 1.3.0 can submit election macro blocks with malformed interlink headers that bypass proposal validation but are rejected during block finalization, causing denial of service by halting consensus after Tendermint voting completes. The vulnerability requires high privileges (validator proposer role) and results in network availability impact but no data compromise, affecting the Nimiq Proof-of-Stake network's consensus reliability.

Information Disclosure Canonical
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-27447 MEDIUM PATCH This Month

CUPS daemon (cupsd) versions 2.4.16 and earlier authenticate users via case-insensitive username comparison, allowing an authenticated high-privileged user to bypass authorization controls by submitting requests under a username that differs only in case from an authorized user, gaining access to restricted printing operations. No public exploit code has been identified, and patches were not available at the time of initial disclosure, though a upstream commit indicates a fix may have been prepared.

Authentication Bypass Cups
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-34773 MEDIUM PATCH GHSA This Month

Electron's setAsDefaultProtocolClient() on Windows fails to validate protocol names before writing to the Windows registry, allowing local authenticated attackers to hijack protocol handlers by writing to arbitrary HKCU\Software\Classes\ subkeys when apps pass untrusted input as the protocol parameter. The vulnerability affects Electron versions prior to 38.8.6, 39.8.1, 40.8.1, and 41.0.0, and requires local access and low privileges; no public exploit has been identified at time of analysis.

RCE Microsoft
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-23463 MEDIUM PATCH This Month

Race condition in Linux kernel QMan driver allows concurrent queue frame descriptor allocation and deallocation to corrupt internal state, causing WARN_ON triggers and potential information disclosure via stale fq_table entries. The vulnerability affects systems using Freescale/NXP QBMan queue management with dynamic FQID allocation enabled (QMAN_FQ_FLAG_DYNAMIC_FQID). No public exploit code or active exploitation confirmed; upstream fix merged via memory barrier enforcement to serialize table cleanup before FQID pool deallocation.

Linux Race Condition Information Disclosure
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-23452 MEDIUM PATCH This Month

Linux kernel runtime PM subsystem contains a use-after-free race condition in pm_runtime_work() where the dev->parent pointer may be dereferenced after the parent device has been freed during device removal. This results in a KASAN-detectable memory safety violation that can trigger kernel panics or arbitrary memory access. The vulnerability affects all Linux kernel versions and is resolved by adding a flush_work() call to pm_runtime_remove() to serialize device removal with pending runtime PM work.

Linux Race Condition Information Disclosure
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-23441 MEDIUM PATCH This Month

Race condition in Linux kernel net/mlx5e IPSec offload driver allows concurrent access to a shared DMA-mapped ASO context, potentially causing information disclosure or incorrect IPSec processing results. The vulnerability affects systems using Mellanox MLX5 network adapters with IPSec offload functionality. An attacker with local access to initiate multiple IPSec operations in rapid succession can trigger the race condition, corrupting the shared context and causing subsequent operations to read invalid data, compromising confidentiality and integrity of IPSec-protected traffic.

Linux Race Condition Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-23469 MEDIUM PATCH This Month

Linux kernel drm/imagination driver crashes when the GPU runtime PM suspend callback executes concurrently with an IRQ handler attempting to access GPU registers, causing kernel panics with SError interrupts on ARM64 platforms. The vulnerability affects the imagination GPU driver across Linux kernel versions and is triggered when power management suspend operations race with interrupt handling without proper synchronization. The fix adds synchronize_irq() calls to ensure IRQ handlers complete before GPU suspension and removes problematic runtime PM resume calls from the IRQ handler that could cause deadlocks.

Linux Denial Of Service Race Condition
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-27456 MEDIUM PATCH This Month

Unauthorized read access to root-owned files via TOCTOU race condition in util-linux mount binary (versions prior to 2.41.4) allows local users with existing fstab entries to replace loop device source files with symlinks pointing to sensitive files or block devices, bypassing intended access controls. The vulnerability requires moderate exploitation effort (AC:H) and authenticated user access (PR:L) but grants disclosure of confidential data including filesystem backups and disk volumes. No public exploit code or active CISA KEV status identified at time of analysis.

Authentication Bypass Util Linux
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-26477 MEDIUM This Month

Denial of service in Dokuwiki version 2025-05-14b 'Librarian' release allows remote attackers to crash or disable the application through improper input handling in the media_upload_xhr() function within media.php. The vulnerability requires network access to the media upload endpoint but does not require authentication. No public exploit code, CVSS scoring, or active exploitation has been confirmed at the time of analysis.

Denial Of Service PHP
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-35181 MEDIUM GHSA This Month

Cross-site request forgery (CSRF) in AVideo's player skin configuration endpoint allows unauthenticated remote attackers to modify the video player appearance platform-wide when an authenticated administrator visits a malicious webpage. The vulnerability stems from missing CSRF token validation combined with disabled ORM-level domain security checks and SameSite=None cookie configuration; a proof-of-concept demonstrates silent modification of player skin settings without admin consent.

CSRF PHP
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-28736 MEDIUM GHSA Monitor

Focalboard 8.0 fails to validate file ownership during file serving, allowing authenticated attackers to read arbitrary uploaded files if they know the target fileID. The vulnerability affects all versions of the standalone Focalboard product, which is no longer maintained by Mattermost and will not receive security patches. An attacker with valid credentials can exploit this authorization bypass with no additional user interaction to access sensitive file contents.

Authentication Bypass Focalboard
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-35541 MEDIUM PATCH GHSA This Month

Type confusion in Roundcube Webmail's password plugin allows authenticated users to change passwords without knowing the old password, affecting versions before 1.5.14 and 1.6.14. The vulnerability stems from incorrect password comparison logic that enables privilege escalation within an authenticated session. While the CVSS score of 4.2 reflects moderate severity and the requirement for prior authentication, the impact is direct account compromise for any authenticated user.

Information Disclosure Memory Corruption Webmail
NVD GitHub VulDB
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-2625 MEDIUM This Month

Denial of service in rust-rpm-sequoia allows local attackers to crash RPM signature verification by submitting specially crafted RPM files that trigger unhandled errors in OpenPGP parsing, preventing legitimate package management operations. CVSS 4.0 (low severity), local attack vector, non-authenticating. No public exploit code or active exploitation confirmed.

Denial Of Service Red Hat Jwt Attack
NVD VulDB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-34768 LOW PATCH GHSA Monitor

Electron's setLoginItemSettings() function on Windows fails to quote executable paths in the Run registry key, allowing local attackers with write access to ancestor directories to execute arbitrary programs at login if the app is installed to a path containing spaces. The vulnerability affects Electron versions prior to 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, and requires high-privilege access and unfavorable conditions (non-standard install paths) to exploit, making real-world impact limited to non-default Windows configurations.

Microsoft Authentication Bypass
NVD GitHub
CVSS 3.1
3.9
EPSS
0.0%
CVE-2026-3184 LOW Monitor

Improper hostname canonicalization in util-linux login(1) utility with the -h option allows remote attackers to bypass host-based PAM access control rules by supplying specially crafted hostnames that are modified before being passed to PAM_RHOST, potentially leading to unauthorized access. The vulnerability affects Red Hat Enterprise Linux 7 through 10 and related products; exploitation requires high attack complexity but no authentication or user interaction. No public exploit code has been identified, and this is not currently confirmed as actively exploited.

Authentication Bypass Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9 +2
NVD VulDB
CVSS 3.1
3.7
EPSS
0.1%
CVE-2026-35537 LOW PATCH GHSA Monitor

Unsafe deserialization in Roundcube Webmail's Redis/Memcache session handler allows unauthenticated remote attackers to write arbitrary files by crafting malicious session data. Affected versions include all 1.6.x before 1.6.14 and all 1.5.x before 1.5.14. While the CVSS score of 3.7 is low and attack complexity is high, the integrity impact (arbitrary file write) poses a real risk to instances using Redis or Memcache for session storage.

Deserialization Redis
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-34766 LOW PATCH GHSA Monitor

Electron's WebUSB device selection handler fails to validate chosen device IDs against renderer-requested filters, allowing authenticated local users with UI interaction to bypass intended device access restrictions and gain access to unfiltered USB devices. The vulnerability affects Electron versions prior to 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, with CVSS 3.3 (low severity) due to local-only attack vector and UI interaction requirement; the WebUSB security blocklist remains enforced, limiting practical impact to applications with non-standard device selection logic.

Authentication Bypass
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35538 LOW PATCH GHSA Monitor

Roundcube Webmail before versions 1.5.14 and 1.6.14 allows authenticated remote attackers to conduct IMAP injection attacks or bypass CSRF protections via unsanitized IMAP SEARCH command arguments. The vulnerability requires user interaction (high complexity) and authenticated access, resulting in limited integrity impact without confidentiality or availability compromise. No public exploit code or active exploitation has been confirmed at time of analysis.

CSRF Webmail
NVD GitHub VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-34947 LOW PATCH Monitor

Discourse versions 2026.1.0 through 2026.1.2, 2026.2.0 through 2026.2.1, and 2026.3.0-beta expose staged user custom fields and usernames on public invite pages without requiring email verification. An unauthenticated remote attacker can enumerate user information and custom field data by accessing public invitation links, potentially gathering sensitive user attributes before account activation. The vulnerability has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0, with no public exploit code or active exploitation confirmed at time of analysis.

Information Disclosure Discourse
NVD GitHub
CVSS 4.0
2.7
EPSS
0.0%
CVE-2026-34764 LOW PATCH GHSA Monitor

Use-after-free in Electron's offscreen rendering with GPU shared textures allows local attackers with high privileges to cause memory corruption or application crashes by invoking the texture release callback after its backing native state has been freed. The vulnerability affects Electron versions before 42.0.0-alpha.5, 41.1.0, 40.8.5, and 39.8.5, and only impacts applications explicitly enabling shared-texture offscreen rendering via webPreferences.offscreen.useSharedTexture: true.

Use After Free Memory Corruption Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
2.3
EPSS
0.0%
CVE-2026-5467 LOW Monitor

Open redirect vulnerability in Casdoor 2.356.0 OAuth Authorization Request Handler allows remote attackers to manipulate the redirect_uri parameter and redirect users to arbitrary external sites. The vulnerability requires user interaction (UI:R) but has low CVSS severity (4.3); however, publicly available exploit code exists and the vendor has not responded to disclosure attempts, leaving deployed instances unpatched.

Open Redirect
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5476 LOW Monitor

Integer overflow in NASA cFS CFE_TBL_ValidateCodecLoadSize function (cfe_tbl_passthru_codec.c) on 32-bit systems allows authenticated local attackers with low privileges to cause limited integrity and availability impact, though exploitation requires high attack complexity and no public exploit code has been identified; a fix is planned for an upcoming release milestone.

Integer Overflow Buffer Overflow Cfs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5468 LOW Monitor

Stored cross-site scripting (XSS) in Casdoor 2.356.0 via the dangerouslySetInnerHTML function allows authenticated remote attackers to inject malicious scripts through the formCss, formCssMobile, or formSideHtml parameters. An attacker with authenticated access can craft payloads that execute arbitrary JavaScript in the context of other users' browsers when they view affected forms. Publicly available exploit code exists for this vulnerability, and the vendor has not responded to early disclosure attempts, indicating no coordinated patch timeline.

XSS Casdoor
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-5473 LOW Monitor

Unsafe deserialization in NASA cFS Pickle Module (versions up to 7.0.0) allows authenticated local attackers with low privileges to trigger remote code execution or information disclosure through the pickle.load() function. The vulnerability requires high attack complexity and local access, limiting its practical exploitation scope. Public exploit code is available, but the issue remains unpatched as of the last vendor update.

Deserialization Core Flight System
NVD GitHub VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-23473 PATCH Awaiting Data

Linux kernel io_uring/poll multishot recv can hang indefinitely when a socket shutdown occurs concurrently with data reception, due to a race condition where accumulated poll wakeups are drained without consuming the persistent HUP event. The vulnerability affects all Linux kernel versions with io_uring poll support and requires a fix to explicitly check for HUP conditions and re-loop when multiple poll activations are pending.

Linux Linux Kernel Denial Of Service
NVD VulDB
EPSS
0.0%
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy