Skip to main content
CVE-2026-21916 HIGH PATCH This Week

Symbolic link manipulation in Juniper Networks Junos OS CLI enables authenticated local attackers with low privileges to escalate to root access. Exploitation requires two users: the first performs a 'file link ...' CLI operation, then after the second user commits unrelated configuration changes, the first user can authenticate as root, achieving full system compromise. Affects Junos OS versions across 23.2, 23.4, 24.2, 24.4, and 25.2 release trains prior to specified patch levels. No public exploit identified at time of analysis.

Privilege Escalation Juniper
NVD VulDB
CVSS 4.0
7.0
EPSS
0.0%
CVE-2026-4878 HIGH PATCH This Week

Local privilege escalation in libcap's cap_set_file() function affects Red Hat Enterprise Linux 6 through 10 and OpenShift Container Platform 4, where a TOCTOU race condition allows an unprivileged user with write access to a parent directory to redirect file capability updates onto an attacker-controlled file. Successful exploitation can inject or strip Linux file capabilities on arbitrary executables, yielding full privilege escalation on the host. No public exploit identified at time of analysis and EPSS is 0.01%, but a vendor patch is available.

Privilege Escalation Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +2
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-35633 MEDIUM PATCH GHSA This Month

OpenClaw before version 2026.3.22 allows remote attackers to trigger denial of service through unbounded memory allocation in HTTP error handling for remote media endpoints. By sending specially crafted HTTP error responses with large bodies, unauthenticated attackers can exhaust application memory, causing availability degradation. The vulnerability requires only network access and no user interaction, making it a practical attack vector for service disruption.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2026-35627 MEDIUM PATCH GHSA This Month

OpenClaw before 2026.3.22 processes cryptographic operations on inbound Nostr direct messages prior to validating sender identity and pairing status, allowing unauthenticated remote attackers to trigger denial of service through resource exhaustion by sending crafted messages. CVSS 6.9 reflects moderate impact with low integrity and availability degradation; no public exploit code or active exploitation has been confirmed.

Denial Of Service Openclaw
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-35626 MEDIUM PATCH This Month

Unauthenticated resource exhaustion in OpenClaw before 2026.3.22 allows remote attackers to cause denial of service by sending large or malicious webhook requests to the voice call handler, which buffers request bodies before validating provider signatures. The vulnerability requires only network access (AV:N, PR:N) and can be exploited with low complexity, making it a practical attack vector for disrupting service availability.

Denial Of Service Openclaw
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-35632 MEDIUM This Month

OpenClaw through version 2026.2.22 allows authenticated local attackers to execute arbitrary code or manipulate system files via symlink traversal in the agents.create and agents.update handlers. The vulnerability stems from unsafe use of fs.appendFile on IDENTITY.md without validating symlink targets, permitting attackers with workspace access to plant symlinks pointing to sensitive files like crontab or SSH configuration directories and inject malicious content through the agent creation/update process.

RCE Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-35640 MEDIUM PATCH This Month

OpenClaw before version 2026.3.25 processes JSON webhook request bodies before validating cryptographic signatures, allowing unauthenticated remote attackers to trigger denial of service by submitting malicious webhook payloads that force computationally expensive JSON parsing operations. The vulnerability exploits a logic-ordering defect where signature validation occurs after resource-intensive parsing, enabling attackers to exhaust server resources without valid credentials. No public exploit code has been identified at the time of analysis, though the attack requires only network access and is trivially exploitable.

Denial Of Service Openclaw
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-5503 MEDIUM This Month

Buffer overflow in WolfSSL's TLSX_SNI_Write function allows remote unauthenticated attackers to corrupt memory by sending a specially crafted TLS ClientHello with ECH (Encrypted Client Hello) and SNI extension data. The vulnerability occurs when TLSX_EchChangeSNI unconditionally sets extensions even when no inner SNI is configured, causing attacker-controlled SNI data to be written 255 bytes beyond the allocated buffer boundary during ClientHello serialization. CVSS 6.9 indicates moderate integrity and availability impact with low attack complexity.

Memory Corruption Buffer Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-35637 MEDIUM PATCH This Month

OpenClaw before version 2026.3.22 performs cite expansion before completing channel and direct message authorization checks, allowing unauthenticated remote attackers to access or manipulate content prior to authorization validation. This timing vulnerability exposes information disclosure and potential content tampering risks due to premature processing of cite operations that bypass security boundaries.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-4901 MEDIUM PATCH This Month

Hydrosystem Control System versions prior to 9.8.5 log user credentials in plaintext to accessible log files, enabling authenticated attackers with administrative privileges to extract valid credentials for lateral movement and privilege escalation. This vulnerability is particularly critical when chained with CVE-2026-34184, which may enable unauthorized access to those logged credentials. CVSS score of 6.9 reflects the high confidentiality impact restricted to authenticated administrative users; no public exploit code or active exploitation has been confirmed.

Information Disclosure Control System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-33773 MEDIUM PATCH This Month

Packet forwarding engine (pfe) in Juniper Networks Junos OS on EX4100, EX4400, EX4650, and QFX5120 devices fails to correctly initialize egress filters on IRB and physical interfaces, allowing unauthenticated network-based attackers to bypass security policies and cause integrity impact by forwarding traffic that should be blocked. The vulnerability affects Junos OS versions 23.4R2-S6 and 24.2R2-S3. EPSS score of 6.9 reflects moderate exploitation probability; no active exploitation confirmed (non-KEV status).

Information Disclosure Juniper
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-33774 MEDIUM PATCH This Month

Firewall filter bypass in Juniper Networks Junos OS on MX Series allows unauthenticated network-based attackers to access the control plane by exploiting improper exception handling in the packet forwarding engine when firewall filters are applied to non-zero loopback interfaces in the default routing instance. Affected MX platforms with MPC10, MPC11, LC4800, LC9600 line cards and MX304 models running Junos OS versions before 23.2R2-S6, 23.4R2-S7, 24.2R2, or 24.4R2 fail to enforce configured lo0.n ingress filters, allowing bypass of access controls designed to protect critical infrastructure management interfaces. No public exploit identified at time of analysis, but the vulnerability requires only network access and no authentication to trigger.

Authentication Bypass Juniper Junos
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-34941 MEDIUM PATCH GHSA This Month

Wasmtime runtime versions prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1 incorrectly validate UTF-16 string byte lengths during component-model encoding transcoding, causing out-of-bounds memory reads that trigger process termination via segfault in default configurations or potentially expose host memory when guard pages are disabled. Authenticated users with UI interaction can trigger this denial-of-service vulnerability; reading beyond linear memory requires non-standard Wasmtime configuration without guard pages. No public exploit code has been identified at time of analysis.

Information Disclosure Buffer Overflow Wasmtime
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-39961 MEDIUM PATCH GHSA This Month

Aiven Operator versions 0.31.0 through 0.36.x allow developers with ClickhouseUser CRD creation permissions in their own namespace to exfiltrate secrets from arbitrary namespaces by exploiting a confused deputy vulnerability in the operator's ClusterRole. An attacker can craft a malicious ClickhouseUser resource that causes the operator to read privileged credentials (database passwords, API keys, service tokens) from production namespaces and write them into the attacker's namespace with a single kubectl apply command. The vulnerability is fixed in version 0.37.0.

Kubernetes Privilege Escalation
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-35577 MEDIUM PATCH This Month

Apollo MCP Server versions prior to 1.7.0 fail to validate HTTP Host headers on StreamableHTTP transport, allowing unauthenticated remote attackers with user interaction to bypass same-origin policy via DNS rebinding attacks and invoke GraphQL tools or access resources on behalf of a local user. The vulnerability is limited to HTTP-based deployments without network-level controls and does not affect stdio transport configurations. Vendor-released patch: version 1.7.0.

Authentication Bypass Apollo Mcp Server
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-33787 MEDIUM PATCH This Month

Denial of service in Juniper Networks Junos OS chassis control daemon (chassisd) on SRX1500, SRX4100, SRX4200, and SRX4600 allows local attackers with low privileges to crash the daemon via a specific 'show chassis' CLI command, causing complete traffic disruption until modules restart. The vulnerability affects Junos OS versions 23.2 before 23.2R2-S6, 23.4 before 23.4R2-S7, 24.2 before 24.2R2-S2, 24.4 before 24.4R2, and 25.2 before 25.2R1-S1 or 25.2R2. No public exploit code or active exploitation has been identified at time of analysis.

Juniper Denial Of Service
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-33786 MEDIUM PATCH This Month

Denial of service in Juniper Junos OS chassis control daemon (chassisd) on SRX1600, SRX2300, and SRX4300 devices allows local attackers with low privileges to trigger a complete crash via a specific 'show chassis' CLI command, causing temporary traffic disruption until module recovery. Junos OS 24.4 versions before 24.4R1-S3 and 24.4R2 are affected; no public exploit code identified at time of analysis.

Juniper Denial Of Service
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-33776 MEDIUM PATCH This Month

Missing authorization in Juniper Networks Junos OS and Junos OS Evolved CLI allows local users with low privileges to execute the 'show mgd' command with specific arguments to read sensitive information. The vulnerability affects multiple version branches of both Junos OS (22.4, 23.2, 23.4, 24.2, 24.4, 25.2) and Junos OS Evolved (23.2, 23.4, 24.2, 24.4, 25.2), with patches available for all affected versions. CVSS score is 6.8 with high confidentiality impact but no public exploit identified at time of analysis.

Authentication Bypass Juniper
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-4114 MEDIUM NEWS This Month

Remote authenticated SonicWall SMA1000 SSLVPN administrators can bypass AMC TOTP (Time-based One-Time Password) authentication via improper handling of Unicode encoding, allowing high-privileged attackers to achieve authentication bypass on affected appliances. CVSS 6.6 reflects high-privileged requirement (PR:H) and high attack complexity (AC:H), limiting real-world exploitation despite total technical impact. EPSS score of 0.03% (10th percentile) indicates this vulnerability is unlikely to be exploited in widespread automated attacks, suggesting it requires specific attacker knowledge of Unicode encoding techniques and admin-level access.

Authentication Bypass Sonicwall
NVD VulDB
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-39943 MEDIUM PATCH This Month

Directus before 11.17.0 stores sensitive authentication and credential data in plaintext within revision records due to incomplete sanitization of revision snapshots, allowing authenticated users with database access to retrieve user tokens, 2FA secrets, external auth identifiers, and API keys from the directus_revisions table. The vulnerability affects all versions before 11.17.0 and requires low-privilege authenticated access to exploit; no public exploit code or active exploitation has been identified at time of analysis.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34500 MEDIUM PATCH This Month

CLIENT_CERT authentication bypass in Apache Tomcat allows unauthenticated remote attackers to bypass certificate-based authentication when soft fail is disabled and Foreign Function Memory (FFM) is enabled, affecting Tomcat 9.0.92-9.0.116, 10.1.22-10.1.53, and 11.0.0-M14-11.0.20. The vulnerability has a CVSS score of 6.5 with high confidentiality impact and partial integrity impact; however, the EPSS score of 0.04% (11th percentile) indicates very low real-world exploitation probability, and no public exploit code or confirmed active exploitation has been identified.

Apache Tomcat Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-40148 MEDIUM PATCH GHSA This Month

Disk exhaustion in PraisonAI prior to 4.5.128 allows remote attackers to consume arbitrary disk space by publishing malicious recipe bundles containing highly compressible data that expand dramatically during extraction. The vulnerability exists in the _safe_extractall() function, which validates only path traversal attacks but lacks checks on individual member sizes, cumulative extracted size, or member count before tar extraction, enabling an unauthenticated attacker to trigger denial of service via LocalRegistry.pull() or HttpRegistry.pull() with minimal user interaction.

Path Traversal Praisonai
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34538 MEDIUM PATCH This Month

Apache Airflow 3.0.0 through 3.1.8 discloses XCom result values to users with only DAG Run read permissions (such as Viewer role), violating the FAB RBAC model that treats XCom as a protected resource. This information disclosure affects authenticated users and allows them to access sensitive execution results they should not be able to view. The vulnerability is not confirmed as actively exploited, and a patch is available in Apache Airflow 3.2.0.

Information Disclosure Apache
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-5742 MEDIUM This Month

Stored Cross-Site Scripting in UsersWP WordPress plugin up to version 1.2.60 allows authenticated subscribers and above to inject arbitrary JavaScript into user profile badge widgets via insufficiently sanitized URL fields, executing malicious scripts for all site visitors viewing affected pages. The vulnerability affects the badge widget rendering component due to improper output escaping in the wp-ayecode-ui library integration. No public exploit code or active exploitation has been identified, though the low attack complexity and subscriber-level access requirement make this a realistic threat in multi-user WordPress environments.

WordPress XSS
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2026-4429 MEDIUM This Month

Stored Cross-Site Scripting in OSM - OpenStreetMap WordPress plugin versions up to 6.1.15 allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript through insufficiently sanitized 'marker_name' and 'file_color_list' shortcode attributes in [osm_map_v3], executing malicious scripts whenever users access affected pages. CVSS 6.4 reflects moderate severity with cross-site impact; exploitation requires valid WordPress user credentials but no user interaction beyond page access.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2026-4336 MEDIUM This Month

Stored cross-site scripting in Ultimate FAQ Accordion plugin for WordPress (all versions up to 2.4.7) allows authenticated Author-level users to inject arbitrary web scripts into FAQ pages. The vulnerability exploits a double-encoding bypass: the plugin calls html_entity_decode() on FAQ content during rendering, converting entity-encoded payloads (e.g., <img src=x onerror=alert()>) back into executable HTML, which then bypasses WordPress output escaping in the faq-answer.php template. The ufaq custom post type is REST API-enabled with default post capabilities, allowing Authors to create and publish malicious FAQs via REST API. No public exploit code has been identified at time of analysis, but the vulnerability has a moderate CVSS 6.4 score reflecting its authenticated requirement and cross-site impact.

WordPress PHP XSS
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-5357 MEDIUM This Month

Stored cross-site scripting in Download Manager for WordPress up to version 3.3.52 allows authenticated contributors and above to inject arbitrary JavaScript through the 'sid' parameter of the 'wpdm_members' shortcode, which is stored in post metadata and executed when users access the affected page. The vulnerability stems from missing input sanitization in the members() function and absent output escaping (esc_attr()) when the 'sid' value is rendered directly into HTML id attributes. EPSS score indicates moderate-to-high exploitation probability; no active exploitation in CISA KEV has been confirmed at time of analysis.

WordPress PHP XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-3005 MEDIUM This Month

Stored cross-site scripting in List Category Posts plugin for WordPress (all versions up to 0.94.0) allows authenticated contributors and above to inject arbitrary JavaScript via insufficiently sanitized shortcode attributes, enabling persistent payload execution whenever affected pages are accessed. CVSS 6.4 reflects moderate confidentiality and integrity impact with network-level access; exploitation requires contributor-level WordPress account.

WordPress XSS
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-35646 MEDIUM PATCH This Month

OpenClaw before version 2026.3.25 allows unauthenticated remote attackers to bypass pre-authentication rate limiting on webhook token validation, enabling brute-force attacks against weak webhook secrets through rapid successive requests. The vulnerability stems from absent throttling on invalid token rejection attempts, permitting attackers to enumerate valid tokens without login credentials or triggering defensive rate-limiting mechanisms.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-35623 MEDIUM PATCH This Month

OpenClaw before version 2026.3.25 allows unauthenticated remote attackers to brute-force webhook authentication credentials due to missing rate limiting on password validation attempts. The vulnerability enables attackers to perform repeated authentication guesses against the webhook endpoint without throttling, potentially compromising webhook security and gaining unauthorized access to webhook functionality.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-35628 MEDIUM PATCH This Month

OpenClaw before version 2026.3.25 lacks rate limiting on Telegram webhook authentication, enabling unauthenticated remote attackers to brute-force weak webhook secrets through repeated guesses without throttling. This vulnerability permits systematic credential enumeration, potentially allowing attackers to forge webhook messages and intercept or manipulate Telegram-based communications processed by affected OpenClaw deployments. No public exploit code or active exploitation has been confirmed at this time.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-5393 MEDIUM PATCH This Month

Out-of-bounds read in wolfSSL's dual-algorithm CertificateVerify processing allows remote attackers to trigger information disclosure and data integrity violations through crafted input, but only when the library is compiled with both --enable-experimental and --enable-dual-alg-certs flags. The vulnerability affects wolfSSL versions before 5.9.1 and requires network access with low attack complexity, though the attack triggering mechanism involves a passive timing or state condition (AT:P). No public exploit code or active exploitation has been identified.

Information Disclosure Buffer Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-5447 MEDIUM PATCH This Month

Heap buffer overflow in wolfSSL's CertFromX509 function allows remote attackers to cause information disclosure through malformed X.509 certificates containing oversized AuthorityKeyIdentifier extensions. The vulnerability requires a persistent attacker (AT:P per CVSS 4.0) but no authentication, affecting wolfSSL across all versions until patched. EPSS exploitation probability and active exploitation status cannot be determined from available data; no public exploit code has been independently confirmed.

Heap Overflow Buffer Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-35635 MEDIUM PATCH This Month

OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in its Synology Chat extension that allows unauthenticated remote attackers to bypass per-account direct message access controls by collapsing multi-account configurations onto shared webhook paths. Attackers can exploit inherited or duplicate webhook paths to replace route ownership across accounts, potentially gaining unauthorized access to account-specific resources. No public exploit code or active exploitation has been confirmed at the time of analysis.

Authentication Bypass Synology
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-5504 MEDIUM This Month

Padding oracle vulnerability in wolfSSL's PKCS7 CBC decryption allows unauthenticated remote attackers to recover plaintext through repeated decryption queries with modified ciphertext, exploiting insufficient validation of interior padding bytes. The vulnerability requires high attack complexity and persistent attacker interaction but presents practical risk to systems using affected wolfSSL versions for PKCS7-encrypted communications.

Information Disclosure Oracle
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-33785 MEDIUM PATCH This Month

Juniper Networks Junos OS on MX Series allows authenticated local users with low privileges to execute 'request csds' CLI commands intended only for high-privileged administrators or CSDS operators, enabling complete compromise of managed devices. The vulnerability affects Junos OS 24.4 releases before 24.4R2-S3 and 25.2 releases before 25.2R2. No public exploit code or active exploitation has been identified at time of analysis, though the CVSS score of 6.3 reflects moderate severity with high system impact.

Authentication Bypass Juniper
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-40115 MEDIUM PATCH GHSA This Month

Memory exhaustion denial of service in PraisonAI's WSGI-based recipe registry server (server.py) affects versions prior to 4.5.128. The vulnerability allows unauthenticated local processes to send arbitrarily large POST requests by spoofing the Content-Length header, causing the server to allocate unbounded memory and crash. Authentication is disabled by default, eliminating any access control barrier. The Starlette-based alternative server (serve.py) includes a 10MB request size limit, but the WSGI implementation lacks equivalent protection. Vendor-released patch: version 4.5.128 or later.

Denial Of Service Praisonai
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-40117 MEDIUM PATCH GHSA This Month

PraisonAIAgents versions prior to 1.5.128 allow unauthenticated local attackers to read arbitrary files from the filesystem via the read_skill_file() function in skill_tools.py, which lacks the workspace boundary protections and approval requirements enforced by comparable file access functions. An agent subjected to prompt injection can exfiltrate sensitive files without user awareness or approval prompts, enabling confidentiality compromise with CVSS 6.2 (local attack vector, high confidentiality impact). No public exploit code or active exploitation has been reported at the time of analysis.

Authentication Bypass Praisonaiagents
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-70797 MEDIUM This Month

Cross-site scripting (XSS) in LimeSurvey 6.15.20+251021 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim browsers via malicious Box[title] and box[url] parameters. The vulnerability requires user interaction (clicking a crafted link) but achieves stored or reflected XSS with cross-origin impact, affecting confidentiality and integrity. A public proof-of-concept is available, and an upstream fix has been merged into the LimeSurvey repository.

RCE XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-39315 MEDIUM PATCH GHSA This Month

Unhead's useHeadSafe() composable, explicitly recommended by Nuxt documentation for safely rendering user-supplied content in document head, can be bypassed via padded HTML numeric character references that exceed regex digit limits. The hasDangerousProtocol() function silently fails to decode these entities, allowing blocked URI schemes (javascript:, data:, vbscript:) to pass validation; browsers then natively decode the padded entity during HTML parsing, enabling cross-site scripting (XSS) attacks. This affects Unhead versions prior to 2.1.13, with no confirmed active exploitation or public exploit code identified at time of analysis.

Information Disclosure Unhead
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-35186 MEDIUM PATCH GHSA This Month

Wasmtime versions 25.0.0 through 36.0.6, 42.0.0-42.0.1, and 43.0.0 contain a compiler type-checking bug in the Winch backend where the table.grow operator returns incorrectly typed 64-bit values instead of 32-bit values for 32-bit tables, enabling read/write access to 16 bytes of host memory preceding linear memory and resulting in denial of service when Wasmtime detects the unauthorized access. The vulnerability requires explicit selection of the non-default Winch compiler backend and either disabled guard pages or modified memory layout to achieve information disclosure; default Wasmtime configurations using the Cranelift compiler and standard guard page placement are unaffected. No public exploit code or active exploitation has been identified, though the attack vector is remote and requires low-privilege authenticated access.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.1
EPSS
0.0%
CVE-2026-35645 MEDIUM PATCH This Month

OpenClaw before version 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that improperly uses a synthetic operator.admin runtime scope, allowing authenticated attackers to execute privileged operations with unintended administrative access by triggering session deletion without a request-scoped client. CVSS score of 6.1 reflects the requirement for low-level user authentication (PR:L) and network accessibility; patch availability is confirmed.

Privilege Escalation Openclaw
NVD GitHub
CVSS 4.0
6.1
EPSS
0.0%
CVE-2026-5960 LOW POC Monitor

Information disclosure in code-projects Patient Record Management System 1.0 allows unauthenticated remote attackers to access sensitive patient data via manipulation of the SQL database backup file (/db/hcpms.sql), with publicly available exploit code and user interaction required. The vulnerability affects the SQL Database Backup File Handler component and has moderate CVSS impact (4.3) but is elevated by public exploit availability and the sensitivity of healthcare data exposure.

Information Disclosure Patient Record Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5847 LOW POC Monitor

Code-Projects Movie Ticketing System 1.0 exposes sensitive database information through an unprotected SQL backup file at /db/moviedb.sql, allowing remote unauthenticated attackers to download and read the entire database via simple HTTP request. The vulnerability requires user interaction (UI:P per CVSS4.0) and has a publicly available exploit demonstrating the disclosure technique, though the very low CVSS score of 2.1 reflects limited confidentiality impact in typical deployments.

Information Disclosure Movie Ticketing System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-45806 MEDIUM PATCH This Month

rrweb-snapshot before v2.0.0-alpha.18 contains a reflected cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript or HTML in a victim's browser context through a crafted payload. The vulnerability requires user interaction (clicking a malicious link) and affects client-side snapshot capture functionality. Publicly available exploit code exists according to CISA SSVC assessment, though active exploitation has not been confirmed at time of analysis.

XSS Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-63238 MEDIUM This Month

Reflected cross-site scripting in LimeSurvey prior to version 6.15.11+250909 allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser via a malicious URL containing an unsanitized gid parameter passed to the getInstance() function in QuestionCreate.php. The vulnerability requires user interaction (clicking a crafted link) but affects logged-in users and can lead to session hijacking, credential theft, or malicious actions performed on behalf of the victim. No public exploitation has been confirmed at time of analysis, though proof-of-concept code is publicly available.

XSS PHP
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-35195 MEDIUM PATCH GHSA This Month

Wasmtime prior to versions 24.0.7, 36.0.7, 42.0.2, and 43.0.1 allows authenticated remote attackers to corrupt memory by providing malicious realloc return values during string transcoding between WebAssembly components, enabling writes to arbitrary memory locations up to 4GiB away from linear memory base. On default configurations with 4GiB virtual memory reservation and guard pages, exploitation typically triggers process abort via unmapped memory access; however, configurations with reduced memory reservation and disabled guard pages risk corruption of host data structures or other guest linear memories.

Memory Corruption Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.1
EPSS
0.0%
CVE-2026-5826 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in code-projects Simple IT Discussion Forum 1.0 allows remote attackers to inject malicious scripts via the Category parameter in /edit-category.php. The vulnerability requires user interaction (reflected XSS) but has a low CVSS base score of 4.3; however, publicly available exploit code exists, increasing practical risk for unpatched installations.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5825 LOW POC Monitor

Stored or reflected cross-site scripting (XSS) in code-projects Simple Laundry System 1.0 allows remote attackers to inject malicious scripts via the userid parameter in /delmemberinfo.php, compromising user session integrity and enabling credential theft or malware distribution. The vulnerability requires user interaction (CVSS UI:R) but carries a CVSS score of 4.3 (low severity). Publicly available exploit code exists and the attack vector is network-accessible with no authentication required (AV:N, PR:N).

PHP XSS
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-25854 MEDIUM PATCH This Month

Open redirect vulnerability in Apache Tomcat's LoadBalancerDrainingValve allows unauthenticated remote attackers to redirect users to untrusted sites via crafted URLs. Affects Tomcat 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M23 through 9.0.115, and 8.5.30 through 8.5.100. The vulnerability requires user interaction (clicking a malicious link) and has low real-world exploitation probability (EPSS 0.01%), with no public exploit code or confirmed active exploitation identified at the time of analysis.

Apache Open Redirect Tomcat Red Hat Suse
NVD VulDB HeroDevs
CVSS 3.1
6.1
EPSS
0.0%
Prev Page 4 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy