Skip to main content
CVE-2025-15480 LOW PATCH Monitor

ubuntu-desktop-provision version 24.04.4 leaks user password hashes in crash report logs submitted to Launchpad during installation failures. An unauthenticated remote attacker can obtain sensitive credentials if a user opts to report the installation failure, requiring user interaction to trigger the vulnerability but resulting in direct exposure of authentication material. Patch available from Canonical via GitHub pull requests; EPSS and KEV status not actively exploited at time of analysis.

Denial Of Service Ubuntu
NVD GitHub
CVSS 4.0
2.7
EPSS
0.0%
CVE-2026-35624 LOW PATCH Monitor

OpenClaw before version 2026.3.22 uses room names instead of stable tokens for Nextcloud Talk room authorization, allowing authenticated attackers to bypass allowlist policies by creating similarly named rooms and gaining unauthorized access to protected conversations. The vulnerability requires low privileges and high attack complexity but poses a direct confidentiality and integrity risk to room access controls. No public exploit code or active exploitation has been reported.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2026-35617 LOW PATCH Monitor

OpenClaw before version 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement where attackers with authenticated access can manipulate space display names to rebind group policies and gain unauthorized access to protected resources. The vulnerability requires authenticated access and high attack complexity but affects confidentiality and integrity of protected data. A vendor patch has been released.

Google Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-5187 LOW Monitor

Heap out-of-bounds write in wolfSSL's DecodeObjectId() function in wolfcrypt/src/asn.c allows authenticated remote attackers to trigger memory corruption through two distinct mechanisms: insufficient bounds checking when outSz equals 1, and confusion between buffer byte size and element count across multiple callers, permitting crafted OIDs with 33+ arcs to overflow a 32-arc buffer. CVSS 2.3 reflects low impact (data modification only, no confidentiality loss), but the vulnerability affects cryptographic certificate and message parsing across all wolfSSL versions up to 5.9.0. No public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-39957 LOW PATCH Monitor

SQL operator-precedence bug in Lychee prior to 7.5.4 allows authenticated users with upload permission to bypass ownership filters and retrieve all user-group-based sharing permissions across the instance, including private albums owned by other users. The vulnerability exists in SharingController::listAll() where an orWhereNotNull clause escapes the ownership filter applied by a when() block. This affects any non-admin user who owns at least one album, creating an information disclosure risk that exposes sharing metadata for the entire Lychee instance.

Authentication Bypass Lychee
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-5448 LOW PATCH Monitor

wolfSSL versions before 5.9.1 contain a heap buffer overflow in the X.509 date parsing functions wolfSSL_X509_notAfter and wolfSSL_X509_notBefore when processing crafted certificates through the compatibility layer API. The vulnerability has a CVSS score of 2.3 with attack vector requiring adjacent network access and persistence, affecting only direct API calls and not standard TLS or certificate verification operations. No public exploit code or active exploitation has been identified at the time of analysis.

Heap Overflow Buffer Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-5392 LOW PATCH Monitor

Heap out-of-bounds read in wolfSSL versions prior to 5.9.1 allows unauthenticated attackers on an adjacent network to trigger information disclosure via a crafted PKCS7 message that bypasses bounds checking in the indefinite-length end-of-content verification loop. The vulnerability has a low CVSS score of 2.3 due to restricted attack vector (adjacent network only) and limited integrity impact, with no public exploit code identified at time of analysis.

Information Disclosure Buffer Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-34945 LOW PATCH GHSA Monitor

Wasmtime's Winch compiler in versions 25.0.0 through 36.0.6, 42.0.1, and 43.0.0 incorrectly translates the WebAssembly table.size instruction for 64-bit tables under the memory64 proposal, allowing WebAssembly guests to read sensitive data from the host's stack. The vulnerability stems from static typing the return value as 32-bit instead of consulting the table's actual index type, which when combined with Winch's multi-value return ABI mechanics enables stack data disclosure. This is fixed in Wasmtime 36.0.7, 42.0.2, and 43.0.1; no public exploit code or active exploitation has been identified at time of analysis, but the low CVSS score (2.3) reflects limited real-world impact due to authentication requirements and limited technical scope.

Information Disclosure Wasmtime
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-34988 LOW PATCH GHSA Monitor

Wasmtime's pooling allocator leaks linear memory contents between WebAssembly instances when configured with specific non-default settings (memory_guard_size=0, memory_reservation<4GiB, max_memory_size=memory_reservation). Affected versions 28.0.0 through 36.0.6, 42.0.0-42.0.1, and 43.0.0 allow authenticated local attackers with high attack complexity to read sensitive data from previously-mapped memory due to incorrect virtual memory permission reset logic. Vendor-released patches: 36.0.7, 42.0.2, and 43.0.1. No public exploit identified at time of analysis.

Buffer Overflow Wasmtime
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-5778 LOW Monitor

Integer underflow in wolfSSL's packet sniffer (versions up to 5.9.0) allows remote attackers to crash applications during AEAD decryption by sending malformed TLS Application Data records with insufficient length for the explicit IV and authentication tag. The vulnerability wraps a 16-bit length value to an unexpectedly large integer, triggering an out-of-bounds read in decryption routines. While the CVSS score is low (2.1) due to limited practical impact (availability only), the attack requires no victim interaction beyond network exposure and affects any system passively inspecting encrypted TLS traffic through wolfSSL's ssl_DecodePacket function.

Buffer Overflow Integer Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-5772 LOW Monitor

Stack buffer over-read in wolfSSL's MatchDomainName function allows authenticated remote attackers to cause denial of service through a crafted wildcard hostname during TLS certificate validation when the LEFT_MOST_WILDCARD_ONLY flag is enabled. The vulnerability reads one byte past the allocated buffer when a wildcard character exhausts the entire hostname string, triggering a potential crash with very low real-world exploitation probability (EPSS and CVSS indicate limited practical risk).

Buffer Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5823 LOW Monitor

SQL injection in itsourcecode Construction Management System 1.0 via the Home parameter in /borrowed_tool_report.php allows authenticated remote attackers to execute arbitrary SQL queries with limited impact on confidentiality, integrity, and availability. The vulnerability has a public exploit and CVSS score of 5.3, making it a moderate-severity issue requiring authentication but presenting real exploitation risk given POC availability.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5987 LOW Monitor

Improper neutralization of special elements in FreeMarker template processing within Sanluan PublicCMS up to version 6.202506.d allows high-privileged remote attackers to cause information disclosure through manipulation of the AbstractFreemarkerView.doRender function. The vulnerability has a CVSS score of 5.1 with publicly available exploit code, though exploitation requires administrative privileges (PR:H). CISA KEV status not confirmed; however, the disclosure of exploit code and vendor non-response indicate moderate real-world risk despite the high privilege requirement.

Information Disclosure Java
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-40072 LOW PATCH Monitor

Server-Side Request Forgery in web3.py 6.0.0b3 through 7.14.x and 8.0.0b1 enables malicious smart contracts to force the library to issue HTTP requests to arbitrary destinations via CCIP Read (EIP-3668) URL templates without destination validation. The vulnerability affects all applications using web3.py's .call() method against untrusted contract addresses, as CCIP Read is enabled by default, allowing attackers to target internal network services and cloud metadata endpoints. The issue is remedied in versions 7.15.0 and 8.0.0b2.

SSRF Python
NVD GitHub VulDB
CVSS 4.0
1.7
EPSS
0.0%
CVE-2026-34983 LOW PATCH GHSA Monitor

Wasmtime 43.0.0 contains a use-after-free vulnerability in the Linker cloning mechanism that allows host embedders to trigger memory corruption through a specific sequence of API calls: cloning a wasmtime::Linker, dropping the original instance, and then using the cloned instance. This vulnerability is not exploitable by guest WebAssembly programs and requires deliberate misuse of the host API. The flaw is fixed in Wasmtime 43.0.1. Despite the use-after-free nature (CWE-416), the CVSS 4.0 score of 1.0 reflects the extremely limited attack surface: physical or local access is required (AV:P), attack complexity is high (AC:H), high privilege level is needed (PR:H), and user interaction is required (UI:A), resulting in minimal confidentiality, integrity, and availability impact.

Memory Corruption Information Disclosure Use After Free Wasmtime
NVD GitHub VulDB
CVSS 4.0
1.0
EPSS
0.0%
Prev Page 6 of 6

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy