Skip to main content
CVE-2026-39641 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre theme versions up to 2.5.4 allows unauthenticated remote attackers to perform unauthorized actions on behalf of authenticated users through maliciously crafted requests. The vulnerability requires user interaction (clicking a malicious link) but carries a high integrity impact (CVSS 6.5). Despite a high CVSS score, the extremely low EPSS score (0.01%) suggests minimal real-world exploitation probability at time of analysis.

CSRF Blackfyre
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-39633 MEDIUM This Month

Cross-site request forgery (CSRF) in ThemeGoods Grand Car Rental WordPress theme versions up to 3.6.9 allows authenticated attackers to perform unauthorized actions on behalf of users through malicious web pages. The vulnerability requires user interaction (UI:R) and affects confidentiality, integrity, and availability with low impact. EPSS exploitation probability is 0.01% (1st percentile), indicating minimal real-world exploitation likelihood despite the moderate CVSS score of 6.5.

CSRF Grand Car Rental
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-39632 MEDIUM This Month

Cross-Site Request Forgery (CSRF) in ThemeGoods Grand Blog theme through version 3.1 allows unauthenticated remote attackers to perform unauthorized actions on behalf of authenticated users via specially crafted requests. The vulnerability requires user interaction (clicking a malicious link or visiting a compromised page) but carries a high integrity impact, enabling attackers to modify site content, settings, or user accounts without the victim's knowledge.

CSRF Grand Blog
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3618 MEDIUM This Month

Stored Cross-Site Scripting in Columns by BestWebSoft WordPress plugin (versions up to 1.0.3) allows authenticated contributors and above to inject arbitrary JavaScript via the 'id' shortcode attribute of [print_clmns], which is embedded unsanitized into HTML id attributes and inline CSS. The vulnerability requires at least one column to exist in the plugin database but affects any user viewing a page containing the injected shortcode, with a CVSS score of 6.4 reflecting moderate impact across confidentiality and integrity. No public exploit code or active exploitation has been identified at time of analysis.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2026-4025 MEDIUM This Month

Stored Cross-Site Scripting in PrivateContent Free WordPress plugin versions up to 1.2.0 allows authenticated contributors and above to inject arbitrary JavaScript through the 'align' shortcode attribute in [pc-login-form], which executes when any user visits an affected page. The vulnerability stems from the 'align' parameter being concatenated directly into an HTML class attribute without proper escaping (esc_attr), enabling persistent XSS attacks. No public exploit code or active exploitation has been identified at the time of analysis.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4303 MEDIUM This Month

Stored Cross-Site Scripting in WP Visitor Statistics plugin versions up to 8.4 allows authenticated contributors and higher-privileged users to inject arbitrary JavaScript through the 'wsm_showDayStatsGraph' shortcode due to insufficient input sanitization and output escaping. Injected scripts execute in the context of any user accessing the affected page, potentially compromising site visitors and enabling account takeover or malware distribution. No public exploit code or active exploitation has been confirmed at this time.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-3142 MEDIUM This Month

Stored Cross-Site Scripting in Pinterest Site Verification Plugin Using Meta Tag for WordPress up to version 1.8 allows authenticated attackers with subscriber-level access to inject arbitrary JavaScript via the 'post_var' parameter due to insufficient input sanitization and output escaping. The vulnerability has a CVSS score of 6.4 with cross-site scope, enabling persistent script injection that executes in the browsers of any user visiting affected pages. No public exploit code or active exploitation has been confirmed at the time of analysis.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4300 MEDIUM This Month

Stored cross-site scripting in Robo Gallery for WordPress up to version 5.1.3 allows authenticated Author-level users to inject arbitrary JavaScript via the Loading Label gallery setting. The vulnerability exploits a custom marker pattern (`|***...***|`) in the `fixJsFunction()` method that converts JSON-wrapped strings into raw JavaScript code; input validation with `sanitize_text_field()` fails to strip the markers, enabling script injection that executes whenever the gallery shortcode is rendered. No public exploit code or active exploitation has been confirmed at time of analysis.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-5451 MEDIUM This Month

Stored Cross-Site Scripting in Extensions for Leaflet Map plugin for WordPress allows authenticated attackers with Contributor-level access to inject arbitrary web scripts via the 'elevation-track' shortcode due to insufficient input sanitization and output escaping, enabling arbitrary script execution whenever users access injected pages. The vulnerability affects all versions up to and including 4.14, with a CVSS score of 6.4 reflecting the moderate but significant impact across multiple users of the same WordPress installation.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4073 MEDIUM This Month

Stored cross-site scripting (XSS) in the pdfl.io WordPress plugin allows authenticated contributors and above to inject arbitrary JavaScript into pages via the 'text' attribute of the 'pdflio' shortcode, which is executed in the browsers of all site visitors due to missing output escaping. All versions up to and including 1.0.5 are affected, and the vulnerability requires Contributor-level WordPress access but no user interaction beyond page access. No public exploit code or active exploitation has been confirmed; the attack relies on insufficient input sanitization in the output_shortcode() function.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-3600 MEDIUM This Month

Stored Cross-Site Scripting in Investi WordPress plugin versions up to 1.0.26 allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript through the 'maximum-num-years' attribute of the 'investi-announcements-accordion' shortcode. The vulnerability stems from insufficient input sanitization and output escaping, enabling persistent XSS payloads that execute when users access affected pages. No public exploit code or active exploitation has been confirmed at this time.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4785 MEDIUM This Month

Stored Cross-Site Scripting in LatePoint Calendar Booking Plugin for WordPress up to version 5.3.0 allows authenticated contributors and above to inject arbitrary JavaScript via the 'button_caption' parameter in the [latepoint_resources] shortcode when 'items' is set to 'bundles'. The injected scripts execute for all users viewing the affected page. No public exploit code or active exploitation has been identified, though the vulnerability requires only contributor-level access and automatic exploitation is feasible.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4341 MEDIUM This Month

Stored Cross-Site Scripting in Prime Slider - Addons for Elementor plugin allows authenticated users with Author-level access to inject arbitrary JavaScript through the 'follow_us_text' setting in the Mount widget. The vulnerability exists in all versions up to 4.1.10 due to missing output escaping in the render_social_link() function, enabling attackers to execute malicious scripts whenever pages containing the injected widget are viewed. No public exploit code or active exploitation has been confirmed at this time.

WordPress PHP XSS Elementor
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-3513 MEDIUM This Month

Stored Cross-Site Scripting in TableOn - WordPress Posts Table Filterable plugin versions up to 1.0.4.4 allows authenticated attackers with Contributor-level access or above to inject arbitrary JavaScript via unescaped shortcode attributes ('class', 'help_link', 'popup_title', 'help_title') in the 'tableon_button' shortcode. The vulnerability results from the do_shortcode_button() function extracting attributes without sanitization and the TABLEON_HELPER::draw_html_item() function concatenating these values directly into HTML output without escaping, enabling malicious scripts to execute in the browsers of users viewing affected pages. No public exploit code or active exploitation has been reported at this time.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4333 MEDIUM This Month

Stored Cross-Site Scripting in LearnPress WordPress LMS Plugin up to version 4.3.3 allows authenticated contributors to inject malicious scripts via the 'skin' attribute of the learn_press_courses shortcode, which lacks proper output escaping. The injected scripts execute whenever any user visits a page containing the malicious shortcode, affecting all sites using vulnerable versions. No evidence of active exploitation exists at time of analysis.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4655 MEDIUM This Month

Stored cross-site scripting in Element Pack Addons for Elementor plugin versions up to 8.4.2 allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript via malicious SVG files through the SVG Image Widget. The vulnerability exists in the render_svg() function, which fetches remote SVG content and echoes it directly to pages without proper sanitization, enabling persistent XSS attacks affecting all users who view pages containing the compromised widget. No public exploit code or active exploitation has been identified at the time of analysis.

WordPress XSS Elementor
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-5711 MEDIUM This Month

Stored Cross-Site Scripting in Post Blocks & Tools WordPress plugin versions up to 1.3.0 allows authenticated attackers with author-level access to inject arbitrary JavaScript through the 'sliderStyle' block attribute in the Posts Slider block, which executes in the browsers of all users viewing affected pages. The vulnerability stems from insufficient input sanitization and output escaping, enabling persistent payload injection that affects any site administrator or editor visiting a compromised post.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-5506 MEDIUM This Month

Stored Cross-Site Scripting in Wavr WordPress plugin up to version 0.2.6 allows authenticated contributors and above to inject arbitrary JavaScript via insufficiently sanitized shortcode attributes, with malicious scripts executing for all users who view affected pages. CVSS 6.4 reflects moderate severity with network-accessible attack vector and cross-site impact; no public exploit code or active exploitation confirmed at time of analysis.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-1396 MEDIUM This Month

Stored Cross-Site Scripting (XSS) in Magic Conversation For Gravity Forms plugin allows authenticated attackers with contributor-level access to inject arbitrary JavaScript via unsanitized shortcode attributes, executing malicious scripts in pages viewed by any visitor. The vulnerability affects all versions up to and including 3.0.97 and requires no user interaction from the victim. With an EPSS score context of 6.4 CVSS and confirmed patch availability, this represents a moderate-to-significant risk to WordPress sites with untrusted contributor accounts.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-2481 MEDIUM PATCH This Month

Stored Cross-Site Scripting in Beaver Builder Page Builder plugin for WordPress up to version 2.10.1.1 allows authenticated attackers with author-level access or higher to inject arbitrary JavaScript through the 'settings[js]' parameter due to insufficient input sanitization and output escaping. When injected pages are accessed by other users, the malicious scripts execute in their browsers, potentially compromising site integrity and user accounts. No public exploit code or active CISA KEV status reported at analysis time.

WordPress XSS
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-5508 MEDIUM This Month

Stored Cross-Site Scripting in WowPress plugin for WordPress (all versions up to 1.0.0) allows authenticated attackers with contributor-level access and above to inject arbitrary JavaScript through insufficiently sanitized shortcode attributes, enabling malicious script execution in pages viewed by other users. CVSS 6.4 reflects moderate severity with network-accessible attack vector but requires authenticated access; no public exploit code or active exploitation confirmed at time of analysis.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4871 MEDIUM This Month

Stored Cross-Site Scripting in Sports Club Management WordPress plugin versions up to 1.12.9 allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript into shortcode attributes, which executes when other users view affected pages. The vulnerability stems from insufficient input sanitization and output escaping in the `scm_member_data` shortcode's 'before' and 'after' parameters, requiring only basic WordPress login privileges but affecting all site visitors who access injected content. No public exploit code or active exploitation has been identified at this time.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-3311 MEDIUM This Month

Stored Cross-Site Scripting in The Plus Addons for Elementor plugin for WordPress (all versions up to 6.4.9) allows authenticated attackers with contributor-level access and above to inject arbitrary JavaScript into pages via the Progress Bar shortcode due to insufficient input sanitization and output escaping. When other users access affected pages, the injected scripts execute in their browsers, enabling session hijacking, credential theft, or malware distribution. No public exploit code or active exploitation has been confirmed at time of analysis.

WordPress XSS Elementor
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-3239 MEDIUM This Month

Stored cross-site scripting in Strong Testimonials WordPress plugin up to version 3.2.21 allows authenticated contributors and above to inject arbitrary JavaScript via the testimonial_view shortcode due to insufficient input sanitization and output escaping. Injected scripts execute in the context of any user viewing the affected page, enabling session hijacking, credential theft, or malware distribution. No public exploit code or active exploitation has been identified at time of analysis.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-57175 MEDIUM This Month

Siklu EtherHaul 8010 wireless backhaul devices contain a static root password that enables physical attackers or those with local console access to gain complete administrative control without authentication. The vulnerability affects firmware version 10.6.2-18707 and potentially other versions of the EtherHaul 8010 product line, allowing credential-based authentication bypass with high confidentiality and integrity impact. No public exploit code or active exploitation has been confirmed at this time, though the CVSS:3.1 physical attack vector (AV:P) reflects that an attacker must have direct physical access to the device's console interfaces.

Authentication Bypass Etherhaul 8010
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-39630 MEDIUM This Month

Server-Side Request Forgery (SSRF) in Getty Images WordPress plugin through version 4.1.0 allows authenticated attackers to make arbitrary HTTP requests from the server, potentially accessing internal services or metadata endpoints. The vulnerability requires valid WordPress user credentials and affects the plugin across all versions up to 4.1.0. This has a moderate real-world risk profile with low EPSS exploitation probability (0.02%) despite moderate CVSS impact, suggesting limited practical weaponization despite theoretical exploitability.

SSRF Getty Images
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-2509 MEDIUM This Month

Stored Cross-Site Scripting in Page Builder: Pagelayer WordPress plugin versions up to 2.0.8 allows authenticated attackers with Contributor-level or higher privileges to inject arbitrary JavaScript into page content via the Button widget's Custom Attributes field. The vulnerability bypasses an incomplete XSS filter that blocks common event handlers but fails to block all variants, enabling persistent script execution whenever affected pages are viewed. No public exploit code or active exploitation has been confirmed; however, the low attack complexity and broad applicability to WordPress sites using this popular page builder plugin present meaningful risk.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-2988 MEDIUM This Month

Stored cross-site scripting in Blubrry PowerPress plugin versions up to 11.15.15 allows authenticated contributors and above to inject arbitrary scripts via the 'powerpress' and 'podcast' shortcodes, executing malicious code whenever users access affected pages. The vulnerability stems from insufficient input sanitization and output escaping in shortcode processing. EPSS score of 6.4 reflects moderate risk; exploitation requires contributor-level WordPress access but no public exploit code has been identified at the time of analysis.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4379 MEDIUM This Month

LightPress Lightbox plugin for WordPress allows authenticated attackers with Contributor-level access and above to inject arbitrary JavaScript via the unescaped `group` attribute in the `[gallery]` shortcode, resulting in stored cross-site scripting that executes for all users viewing affected pages. The vulnerability affects all versions up to 2.3.4 and has been addressed in version 2.3.5.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-14732 MEDIUM This Month

Stored Cross-Site Scripting in Elementor Website Builder plugin for WordPress allows authenticated attackers with Contributor-level access or above to inject arbitrary JavaScript into page content via insufficiently sanitized widget parameters. The injected scripts execute in the browsers of all users accessing affected pages, potentially enabling account hijacking, malware distribution, or defacement. CVSS 6.4 reflects the requirement for authenticated access but the broad scope of impact across all site visitors.

WordPress XSS Elementor
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-32282 MEDIUM PATCH This Month

Time-of-check-time-of-use (TOCTOU) race condition in Go's internal/syscall/unix Root.Chmod allows local privileged attackers to modify file permissions on targets outside the intended root filesystem boundary. By replacing the target with a symlink between the permission check and the actual chmod operation, attackers can exploit the Linux fchmodat syscall's behavior of silently ignoring AT_SYMLINK_NOFOLLOW to modify arbitrary files outside the restricted root. Exploitation requires high privileges and precise timing; EPSS score of 0.01% indicates minimal real-world exploitation probability despite moderate CVSS severity.

Information Disclosure Red Hat Suse
NVD VulDB HeroDevs
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-57851 MEDIUM This Month

Container privilege escalation in Red Hat Multicluster Engine for Kubernetes allows authenticated local attackers to escalate from non-root container execution to full root privileges by exploiting group-writable permissions on the /etc/passwd file created during container image build time, enabling arbitrary UID assignment including UID 0.

Privilege Escalation Kubernetes
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-58713 MEDIUM This Month

Red Hat Process Automation Manager container images allow local privilege escalation when the /etc/passwd file is created with group-writable permissions during the build process. An attacker with non-root command execution capability who is a member of the root group can modify /etc/passwd to create a new user with UID 0, gaining full root privileges within the container. This requires high privileges (membership in root group) and challenging conditions (AC:H), but affects all versions of Red Hat Process Automation 7 distributed as container images. No public exploit code has been identified at the time of analysis.

Red Hat Privilege Escalation
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-57853 MEDIUM This Month

Container privilege escalation in Red Hat Web Terminal allows local attackers with group membership to modify the /etc/passwd file and create arbitrary user accounts including root. The vulnerability stems from overly permissive group-writable permissions on /etc/passwd during image build, enabling privilege escalation from non-root container users to full root access within the container. Red Hat Web Terminal across multiple versions is affected; no public exploit code or active exploitation has been reported at the time of analysis.

Privilege Escalation Red Hat Web Terminal
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-57854 MEDIUM This Month

Privilege escalation in OpenShift Update Service (OSUS) container images allows local attackers with high privileges to gain root access by modifying the group-writable /etc/passwd file created during build time. An attacker executing commands within an affected container can leverage root group membership to inject a new user with UID 0, achieving full container root privileges. No public exploit code or active exploitation has been identified at the time of analysis.

Privilege Escalation Red Hat Openshift Update Service
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-57847 MEDIUM This Month

Container privilege escalation in Red Hat Ansible Automation Platform 2 allows non-root users within affected container images to gain root privileges by modifying the group-writable /etc/passwd file. During the container build process, /etc/passwd is created with overly permissive group-write permissions, enabling any user in the root group to add arbitrary entries including a UID 0 account. This vulnerability requires local container execution access and elevated group membership, but results in complete container compromise when exploited.

Privilege Escalation Red Hat Ansible Automation Platform 2
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-39862 MEDIUM PATCH This Month

Remote code execution in Tophat mobile testing harness prior to 2.5.1 allows authenticated network attackers to execute arbitrary commands on a developer's macOS workstation via unsanitized URL query parameters passed directly to bash. The vulnerability affects any developer with Tophat installed, with commands executing under the user's permissions and no confirmation dialog for previously trusted build hosts. This was fixed in version 2.5.1.

RCE Apple Command Injection
NVD GitHub
CVSS 4.0
6.3
EPSS
0.5%
CVE-2026-39859 MEDIUM PATCH GHSA This Month

Path traversal in liquidjs 10.25.0 allows local file disclosure when renderFile() or parseFile() receives absolute paths or traversal sequences, despite the root parameter being documented as a sandbox boundary. An attacker controlling template filenames passed to these APIs can read arbitrary files accessible to the Node.js process, such as /etc/hosts or sensitive configuration files. The vulnerability affects liquidjs versions prior to 10.25.5; a vendor-released patch is available. No public exploit code or active exploitation has been identified at the time of analysis.

Node.js Path Traversal
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-5302 MEDIUM PATCH This Month

CORS misconfiguration in CoolerControl coolercontrold versions 2.0.0 through 3.x allows unauthenticated remote attackers to read sensitive data and send control commands to the service by exploiting browser-based cross-origin requests from malicious websites. The vulnerability requires user interaction (UI:R) but grants attackers capability to leak information and manipulate daemon operations with a CVSS score of 6.3 (medium).

Cors Misconfiguration Information Disclosure Suse
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-33458 MEDIUM This Month

Server-Side Request Forgery in Kibana One Workflow allows authenticated users with workflow privileges to bypass host allowlist restrictions in the Workflows Execution Engine, enabling unauthorized access to sensitive internal endpoints and data disclosure. Affects Kibana versions 9.3.0 through 9.3.2. No public exploit code or active exploitation has been confirmed at time of analysis.

Elastic Information Disclosure SSRF
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-39409 MEDIUM PATCH GHSA This Month

IPv4 access control bypass in Hono middleware allows IPv4-mapped IPv6 addresses (e.g., ::ffff:127.0.0.1) to bypass IPv4-based ipRestriction() rules due to failure to canonicalize addresses before matching. Denied IPv4 clients can circumvent access restrictions in Node.js dual-stack environments by presenting as IPv6-formatted addresses, and legitimate IPv4 clients may be incorrectly rejected when allowlists are used. No public exploit code identified at time of analysis, but the vulnerability enables straightforward authentication bypass with minimal complexity.

Node.js Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-34985 MEDIUM PATCH This Month

LORIS (Longitudinal Online Research and Imaging System) versions 16.1.0 through 27.0.2 and 28.0.0 allow authenticated users to bypass backend access controls in the media module and access files they should not have permission to view, provided they know the filename. The vulnerability stems from missing server-side authorization checks that should prevent unauthorized file access, enabling confidentiality and integrity compromise of sensitive neuroimaging research data. The issue is fixed in versions 27.0.3 and 28.0.1.

Authentication Bypass Loris
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-35165 MEDIUM PATCH This Month

LORIS versions 21.0.0 through 27.0.2 and 28.0.0 suffer from broken access control in the document_repository backend endpoint, allowing authenticated users to bypass frontend restrictions and download files they should not have access to by knowing or brute-forcing filenames. CVSS 6.3 (medium severity) with confirmed patch availability in versions 27.0.3 and 28.0.1. No public exploit code or active exploitation confirmed.

Authentication Bypass Loris
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-33753 MEDIUM PATCH GHSA This Month

Authorization bypass in rfc3161-client's TimeStamp Authority (TSA) verification allows remote attackers to impersonate any trusted TSA by exploiting a naive leaf certificate selection algorithm in the PKCS#7 certificate chain. The vulnerability enables an attacker to inject a forged certificate with a target TSA's common name and timeStamping EKU into an authentic timestamp response, causing the library to validate authorization checks against the fake certificate while the cryptographic signatu

Authentication Bypass OpenSSL Python
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-5899 MEDIUM PATCH This Month

Insufficient policy enforcement in History Navigation in Google Chrome prior to version 147.0.7727.55 enables cross-site scripting (UXSS) attacks when users perform specific UI gestures on attacker-controlled pages, allowing injection of arbitrary scripts or HTML with potential impact on user data confidentiality and integrity. The vulnerability affects all Chrome versions before 147.0.7727.55 across all platforms, requires user interaction with specific UI gestures but no authentication, and carries a low Chromium severity rating despite a moderate CVSS score. No public exploit code has been identified at the time of analysis, though the vulnerability was tracked via Chromium issue tracking.

Google Code Injection Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-5896 MEDIUM PATCH This Month

Google Chrome prior to version 147.0.7727.55 contains a sandbox bypass vulnerability in the Audio subsystem that allows remote attackers to circumvent download policy restrictions by convincing users to perform specific UI gestures on a crafted HTML page. The vulnerability has low practical exploitability (EPSS 0.02%) and requires active user interaction, limiting real-world risk despite cross-origin scope impact.

Authentication Bypass Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-32289 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Go's html/template package allows incorrect escaping of template actions within JavaScript template literals, enabling attackers to inject malicious scripts when template branches and brace-depth tracking are mishandled. Affects html/template versions prior to 1.26.2 and 1.25.9. The vulnerability requires user interaction (UI:R) and is not actively exploited based on available intelligence, though the low EPSS score (0.01%) indicates minimal real-world exploitation likelihood despite the network-accessible attack vector.

XSS Red Hat Suse
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-39670 MEDIUM This Month

Server-Side Request Forgery (SSRF) in Brecht Visual Link Preview WordPress plugin versions through 2.3.0 allows authenticated attackers with low privileges to make arbitrary network requests from the affected server, potentially accessing internal resources, metadata services, or performing actions on behalf of the server. No public exploit code identified at time of analysis, though the vulnerability carries low real-world exploitation probability (EPSS 0.02%) despite moderate CVSS scoring.

SSRF Visual Link Preview
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-39844 MEDIUM PATCH GHSA This Month

Path traversal via backslash bypass in NiceGUI file upload sanitization allows arbitrary file write on Windows systems. The vulnerability exploits a cross-platform path handling inconsistency where PurePosixPath fails to strip backslash-based path traversal sequences, enabling attackers to write files outside the intended upload directory when applications construct paths using the sanitized filename. Windows deployments are exclusively affected; potential remote code execution is possible if executables or application files can be overwritten. No public exploit code identified at time of analysis, though the vulnerability is confirmed in NiceGUI versions prior to 3.10.0.

Python Path Traversal Apple RCE Microsoft
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-35407 MEDIUM PATCH This Month

Saleor e-commerce platform (versions 2.10.0 through 3.23.0a2) contains an authentication bypass vulnerability in the account email change workflow that allows authenticated attackers to change another user's email address by replaying a valid email-change confirmation token issued for a different account. The flaw stems from the confirmation flow's failure to verify that the token was issued for the requesting user, enabling token reuse across accounts with low attack complexity. The vulnerability affects millions of potential e-commerce deployments and is fixed in versions 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118; no public exploit code or active exploitation in the wild has been identified at the time of analysis.

Authentication Bypass Saleor
NVD GitHub
CVSS 4.0
5.9
EPSS
0.0%
Prev Page 2 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy