Skip to main content
CVE-2025-62718 MEDIUM POC PATCH GHSA MAL This Month

Hostname normalization bypass in Axios (JavaScript HTTP client) versions prior to 1.15.0 allows unauthenticated remote attackers to circumvent NO_PROXY configuration rules and force HTTP requests through configured proxies. Attackers can exploit malformed loopback addresses (localhost. with trailing dot, [::1] IPv6 literals) to bypass proxy restrictions and conduct Server-Side Request Forgery (SSRF) attacks against protected internal services. Publicly available exploit code exists. Affects all Axios implementations in Node.js and browser environments with NO_PROXY configurations.

SSRF Node.js Axios
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-5973 MEDIUM POC PATCH GHSA This Month

Remote command injection in FoundationAgents MetaGPT versions 0.8.0 and 0.8.1 via the get_mime_type function in metagpt/utils/common.py allows unauthenticated attackers to execute arbitrary OS commands over the network with low complexity. Publicly available exploit code exists, and a patch pull request has been submitted but not yet merged by the vendor, creating an active vulnerability window for deployed instances.

Command Injection Metagpt
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.8%
CVE-2026-5972 MEDIUM POC PATCH This Month

Remote code execution in FoundationAgents MetaGPT up to version 0.8.1 allows unauthenticated attackers to execute arbitrary OS commands via improper input validation in the Terminal.run_command function. The vulnerability exploits command injection in metagpt/tools/libs/terminal.py and has publicly available exploit code; patch commit d04ffc8dc67903e8b327f78ec121df5e190ffc7b is available from the vendor.

Command Injection Metagpt
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.8%
CVE-2026-5849 MEDIUM POC This Month

Path traversal in Tenda i12 router firmware 1.0.0.11(3862) allows unauthenticated remote attackers to read, modify, or delete arbitrary files via malicious HTTP requests to an unidentified handler component. The vulnerability enables unauthorized access to the filesystem with low integrity and confidentiality impact. Publicly available exploit code exists, increasing the likelihood of opportunistic attacks against exposed devices.

Tenda Path Traversal
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-5841 MEDIUM POC This Month

Path traversal vulnerability in Tenda i3 router firmware version 1.0.0.6(2204) allows unauthenticated remote attackers to access arbitrary files via manipulation of the R7WebsSecurityHandler HTTP handler component. The vulnerability has a CVSS score of 6.9 (low confidentiality and integrity impact), publicly available exploit code exists, and exploitation requires only network access with no user interaction.

Tenda Path Traversal
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-5962 MEDIUM POC This Month

Remote path traversal in Tenda CH22 1.0.0.6(468) httpd component allows unauthenticated attackers to access arbitrary files via the R7WebsSecurityHandlerfunction, with publicly available exploit code and a CVSS score of 6.9 indicating moderate real-world risk despite the low scope of impact (information disclosure only).

Path Traversal Tenda
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-5971 MEDIUM POC This Month

Remote code injection in FoundationAgents MetaGPT up to version 0.8.1 allows unauthenticated attackers to execute arbitrary code via improper neutralization of directives in the ActionNode.xml_fill XML handler function. The vulnerability has publicly available exploit code and affects the dynamic code evaluation mechanism in metagpt/actions/action_node.py, enabling attackers to manipulate XML input for code injection with low complexity and no authentication required.

Information Disclosure Code Injection Metagpt
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-5970 MEDIUM POC PATCH This Month

Code injection in FoundationAgents MetaGPT versions up to 0.8.1 allows unauthenticated remote attackers to execute arbitrary code through the check_solution function in HumanEvalBenchmark and MBPPBenchmark components. The vulnerability requires no user interaction and enables unauthorized access, data modification, and service disruption. Publicly available exploit code exists, disclosed via GitHub issue #1942. Vendor has not responded to early disclosure via pull request #1988 at time of analysis.

RCE Code Injection Metagpt
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-5832 MEDIUM POC This Month

Server-Side Request Forgery (SSRF) in atototo api-lab-mcp versions up to 0.2.1 allows unauthenticated remote attackers to manipulate source/url parameters in analyze_api_spec, generate_test_scenarios, and test_http_endpoint functions within the HTTP interface (http-server.ts). Exploitation permits unauthorized requests to internal or external resources, potentially exposing sensitive data, bypassing access controls, or conducting port scanning. Publicly available exploit code exists. Vendor has not responded to early disclosure (GitHub issue #4).

SSRF Api Lab Mcp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5842 MEDIUM POC PATCH This Month

Remote authorization bypass in decolua 9router up to version 0.3.47 allows unauthenticated network attackers to access the Administrative API Endpoint (/api) without proper credentials, potentially exposing sensitive functionality. The vulnerability has publicly available exploit code and vendor-released patch version 0.3.75 is available, reducing real-world risk for patched deployments but creating urgency for unpatched instances given active public disclosures.

Authentication Bypass 9Router
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5985 MEDIUM POC This Month

SQL injection in code-projects Simple IT Discussion Forum 1.0 via /crud.php allows unauthenticated remote attackers to extract, modify, or delete database content through the user_Id parameter. The vulnerability permits unauthorized data access and integrity compromise with publicly available exploit code. No CISA KEV listing exists, but exploit code is publicly available.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5961 MEDIUM POC This Month

SQL injection in code-projects Simple IT Discussion Forum 1.0 allows unauthenticated remote attackers to execute arbitrary SQL queries via the post_id parameter in /topic-details.php. Successful exploitation enables unauthorized database access, data manipulation, and potential information disclosure. Publicly available exploit code exists. The CVSS vector indicates network-based attack with low complexity, no authentication required, enabling compromise of confidentiality, integrity, and availability at low impact levels across all vectors.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5837 MEDIUM POC This Month

SQL injection in PHPGurukul News Portal Project 4.1 allows unauthenticated remote attackers to extract, modify, or delete database contents through the Comment parameter in /news-details.php. CVSS 7.3 severity with network-accessible attack vector requiring no authentication or user interaction. Publicly available exploit code exists. Attackers can compromise confidentiality, integrity, and availability of application data through crafted SQL payloads in comment submission functionality.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5829 MEDIUM POC This Month

SQL injection in code-projects Simple IT Discussion Forum 1.0 allows unauthenticated remote attackers to extract, modify, or delete database records via the post_id parameter in /pages/content.php. Publicly available exploit code exists. The vulnerability enables unauthorized database access with low complexity, requiring no user interaction. Attack achieves limited confidentiality, integrity, and availability impact across the vulnerable application.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5828 MEDIUM POC This Month

SQL injection in Simple IT Discussion Forum 1.0 allows unauthenticated remote attackers to extract, modify, or delete database records via crafted postid parameter in /functions/addcomment.php. Publicly available exploit code exists. CVSS 7.3 indicates network-accessible attack requiring no user interaction, achieving partial confidentiality, integrity, and availability impact. Vulnerability disclosed with proof-of-concept on GitHub.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5827 MEDIUM POC This Month

SQL injection in Simple IT Discussion Forum 1.0 allows unauthenticated remote attackers to execute arbitrary SQL commands via the 'content' parameter in /question-function.php, enabling unauthorized database access, data exfiltration, and potential manipulation of stored records. Publicly available exploit code exists. CVSS 7.3 (High) reflects network-accessible attack vector with no authentication required, compromising confidentiality, integrity, and availability at low impact levels.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-40151 MEDIUM POC PATCH GHSA This Month

PraisonAI AgentOS prior to version 4.5.128 exposes agent metadata including names, roles, and system instruction snippets via an unauthenticated GET /api/agents endpoint accessible from any network origin due to missing authentication middleware and permissive CORS defaults. This information disclosure vulnerability allows remote attackers to enumerate agent configurations without credentials, potentially revealing sensitive operational details that could inform social engineering or reconnaissance attacks against multi-agent deployments.

Information Disclosure Praisonai
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2023-54358 MEDIUM POC This Month

WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the isMobile parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS WordPress
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2023-54364 MEDIUM POC This Month

Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2023-54363 MEDIUM POC This Month

Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2023-54361 MEDIUM POC This Month

Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filter_keyword parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2023-54362 MEDIUM POC This Month

Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2023-54360 MEDIUM POC This Month

Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the review_id URL parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-5974 MEDIUM PATCH GHSA This Month

Remote command injection in FoundationAgents MetaGPT versions up to 0.8.1 allows unauthenticated network attackers to execute arbitrary OS commands via the Bash.run function in metagpt/tools/libs/terminal.py. The vulnerability has a CVSS score of 6.9 with network-accessible attack vector and low complexity, and matches CISA SSVC criteria for partial technical impact with automatable exploitation; a proof-of-concept exists but no confirmed active exploitation has been reported.

Command Injection Metagpt
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.8%
CVE-2026-35633 MEDIUM PATCH GHSA This Month

OpenClaw before version 2026.3.22 allows remote attackers to trigger denial of service through unbounded memory allocation in HTTP error handling for remote media endpoints. By sending specially crafted HTTP error responses with large bodies, unauthenticated attackers can exhaust application memory, causing availability degradation. The vulnerability requires only network access and no user interaction, making it a practical attack vector for service disruption.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2026-35627 MEDIUM PATCH GHSA This Month

OpenClaw before 2026.3.22 processes cryptographic operations on inbound Nostr direct messages prior to validating sender identity and pairing status, allowing unauthenticated remote attackers to trigger denial of service through resource exhaustion by sending crafted messages. CVSS 6.9 reflects moderate impact with low integrity and availability degradation; no public exploit code or active exploitation has been confirmed.

Denial Of Service Openclaw
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-35626 MEDIUM PATCH This Month

Unauthenticated resource exhaustion in OpenClaw before 2026.3.22 allows remote attackers to cause denial of service by sending large or malicious webhook requests to the voice call handler, which buffers request bodies before validating provider signatures. The vulnerability requires only network access (AV:N, PR:N) and can be exploited with low complexity, making it a practical attack vector for disrupting service availability.

Denial Of Service Openclaw
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-35632 MEDIUM This Month

OpenClaw through version 2026.2.22 allows authenticated local attackers to execute arbitrary code or manipulate system files via symlink traversal in the agents.create and agents.update handlers. The vulnerability stems from unsafe use of fs.appendFile on IDENTITY.md without validating symlink targets, permitting attackers with workspace access to plant symlinks pointing to sensitive files like crontab or SSH configuration directories and inject malicious content through the agent creation/update process.

RCE Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-35640 MEDIUM PATCH This Month

OpenClaw before version 2026.3.25 processes JSON webhook request bodies before validating cryptographic signatures, allowing unauthenticated remote attackers to trigger denial of service by submitting malicious webhook payloads that force computationally expensive JSON parsing operations. The vulnerability exploits a logic-ordering defect where signature validation occurs after resource-intensive parsing, enabling attackers to exhaust server resources without valid credentials. No public exploit code has been identified at the time of analysis, though the attack requires only network access and is trivially exploitable.

Denial Of Service Openclaw
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-5503 MEDIUM This Month

Buffer overflow in WolfSSL's TLSX_SNI_Write function allows remote unauthenticated attackers to corrupt memory by sending a specially crafted TLS ClientHello with ECH (Encrypted Client Hello) and SNI extension data. The vulnerability occurs when TLSX_EchChangeSNI unconditionally sets extensions even when no inner SNI is configured, causing attacker-controlled SNI data to be written 255 bytes beyond the allocated buffer boundary during ClientHello serialization. CVSS 6.9 indicates moderate integrity and availability impact with low attack complexity.

Memory Corruption Buffer Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-35637 MEDIUM PATCH This Month

OpenClaw before version 2026.3.22 performs cite expansion before completing channel and direct message authorization checks, allowing unauthenticated remote attackers to access or manipulate content prior to authorization validation. This timing vulnerability exposes information disclosure and potential content tampering risks due to premature processing of cite operations that bypass security boundaries.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-4901 MEDIUM PATCH This Month

Hydrosystem Control System versions prior to 9.8.5 log user credentials in plaintext to accessible log files, enabling authenticated attackers with administrative privileges to extract valid credentials for lateral movement and privilege escalation. This vulnerability is particularly critical when chained with CVE-2026-34184, which may enable unauthorized access to those logged credentials. CVSS score of 6.9 reflects the high confidentiality impact restricted to authenticated administrative users; no public exploit code or active exploitation has been confirmed.

Information Disclosure Control System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-33773 MEDIUM PATCH This Month

Packet forwarding engine (pfe) in Juniper Networks Junos OS on EX4100, EX4400, EX4650, and QFX5120 devices fails to correctly initialize egress filters on IRB and physical interfaces, allowing unauthenticated network-based attackers to bypass security policies and cause integrity impact by forwarding traffic that should be blocked. The vulnerability affects Junos OS versions 23.4R2-S6 and 24.2R2-S3. EPSS score of 6.9 reflects moderate exploitation probability; no active exploitation confirmed (non-KEV status).

Information Disclosure Juniper
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-33774 MEDIUM PATCH This Month

Firewall filter bypass in Juniper Networks Junos OS on MX Series allows unauthenticated network-based attackers to access the control plane by exploiting improper exception handling in the packet forwarding engine when firewall filters are applied to non-zero loopback interfaces in the default routing instance. Affected MX platforms with MPC10, MPC11, LC4800, LC9600 line cards and MX304 models running Junos OS versions before 23.2R2-S6, 23.4R2-S7, 24.2R2, or 24.4R2 fail to enforce configured lo0.n ingress filters, allowing bypass of access controls designed to protect critical infrastructure management interfaces. No public exploit identified at time of analysis, but the vulnerability requires only network access and no authentication to trigger.

Authentication Bypass Juniper Junos
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-34941 MEDIUM PATCH GHSA This Month

Wasmtime runtime versions prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1 incorrectly validate UTF-16 string byte lengths during component-model encoding transcoding, causing out-of-bounds memory reads that trigger process termination via segfault in default configurations or potentially expose host memory when guard pages are disabled. Authenticated users with UI interaction can trigger this denial-of-service vulnerability; reading beyond linear memory requires non-standard Wasmtime configuration without guard pages. No public exploit code has been identified at time of analysis.

Information Disclosure Buffer Overflow Wasmtime
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-39961 MEDIUM PATCH GHSA This Month

Aiven Operator versions 0.31.0 through 0.36.x allow developers with ClickhouseUser CRD creation permissions in their own namespace to exfiltrate secrets from arbitrary namespaces by exploiting a confused deputy vulnerability in the operator's ClusterRole. An attacker can craft a malicious ClickhouseUser resource that causes the operator to read privileged credentials (database passwords, API keys, service tokens) from production namespaces and write them into the attacker's namespace with a single kubectl apply command. The vulnerability is fixed in version 0.37.0.

Kubernetes Privilege Escalation
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-35577 MEDIUM PATCH This Month

Apollo MCP Server versions prior to 1.7.0 fail to validate HTTP Host headers on StreamableHTTP transport, allowing unauthenticated remote attackers with user interaction to bypass same-origin policy via DNS rebinding attacks and invoke GraphQL tools or access resources on behalf of a local user. The vulnerability is limited to HTTP-based deployments without network-level controls and does not affect stdio transport configurations. Vendor-released patch: version 1.7.0.

Authentication Bypass Apollo Mcp Server
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-33787 MEDIUM PATCH This Month

Denial of service in Juniper Networks Junos OS chassis control daemon (chassisd) on SRX1500, SRX4100, SRX4200, and SRX4600 allows local attackers with low privileges to crash the daemon via a specific 'show chassis' CLI command, causing complete traffic disruption until modules restart. The vulnerability affects Junos OS versions 23.2 before 23.2R2-S6, 23.4 before 23.4R2-S7, 24.2 before 24.2R2-S2, 24.4 before 24.4R2, and 25.2 before 25.2R1-S1 or 25.2R2. No public exploit code or active exploitation has been identified at time of analysis.

Juniper Denial Of Service
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-33786 MEDIUM PATCH This Month

Denial of service in Juniper Junos OS chassis control daemon (chassisd) on SRX1600, SRX2300, and SRX4300 devices allows local attackers with low privileges to trigger a complete crash via a specific 'show chassis' CLI command, causing temporary traffic disruption until module recovery. Junos OS 24.4 versions before 24.4R1-S3 and 24.4R2 are affected; no public exploit code identified at time of analysis.

Juniper Denial Of Service
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-33776 MEDIUM PATCH This Month

Missing authorization in Juniper Networks Junos OS and Junos OS Evolved CLI allows local users with low privileges to execute the 'show mgd' command with specific arguments to read sensitive information. The vulnerability affects multiple version branches of both Junos OS (22.4, 23.2, 23.4, 24.2, 24.4, 25.2) and Junos OS Evolved (23.2, 23.4, 24.2, 24.4, 25.2), with patches available for all affected versions. CVSS score is 6.8 with high confidentiality impact but no public exploit identified at time of analysis.

Authentication Bypass Juniper
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-4114 MEDIUM NEWS This Month

Remote authenticated SonicWall SMA1000 SSLVPN administrators can bypass AMC TOTP (Time-based One-Time Password) authentication via improper handling of Unicode encoding, allowing high-privileged attackers to achieve authentication bypass on affected appliances. CVSS 6.6 reflects high-privileged requirement (PR:H) and high attack complexity (AC:H), limiting real-world exploitation despite total technical impact. EPSS score of 0.03% (10th percentile) indicates this vulnerability is unlikely to be exploited in widespread automated attacks, suggesting it requires specific attacker knowledge of Unicode encoding techniques and admin-level access.

Authentication Bypass Sonicwall
NVD VulDB
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-39943 MEDIUM PATCH This Month

Directus before 11.17.0 stores sensitive authentication and credential data in plaintext within revision records due to incomplete sanitization of revision snapshots, allowing authenticated users with database access to retrieve user tokens, 2FA secrets, external auth identifiers, and API keys from the directus_revisions table. The vulnerability affects all versions before 11.17.0 and requires low-privilege authenticated access to exploit; no public exploit code or active exploitation has been identified at time of analysis.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34500 MEDIUM PATCH This Month

CLIENT_CERT authentication bypass in Apache Tomcat allows unauthenticated remote attackers to bypass certificate-based authentication when soft fail is disabled and Foreign Function Memory (FFM) is enabled, affecting Tomcat 9.0.92-9.0.116, 10.1.22-10.1.53, and 11.0.0-M14-11.0.20. The vulnerability has a CVSS score of 6.5 with high confidentiality impact and partial integrity impact; however, the EPSS score of 0.04% (11th percentile) indicates very low real-world exploitation probability, and no public exploit code or confirmed active exploitation has been identified.

Apache Tomcat Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-40148 MEDIUM PATCH GHSA This Month

Disk exhaustion in PraisonAI prior to 4.5.128 allows remote attackers to consume arbitrary disk space by publishing malicious recipe bundles containing highly compressible data that expand dramatically during extraction. The vulnerability exists in the _safe_extractall() function, which validates only path traversal attacks but lacks checks on individual member sizes, cumulative extracted size, or member count before tar extraction, enabling an unauthenticated attacker to trigger denial of service via LocalRegistry.pull() or HttpRegistry.pull() with minimal user interaction.

Path Traversal Praisonai
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34538 MEDIUM PATCH This Month

Apache Airflow 3.0.0 through 3.1.8 discloses XCom result values to users with only DAG Run read permissions (such as Viewer role), violating the FAB RBAC model that treats XCom as a protected resource. This information disclosure affects authenticated users and allows them to access sensitive execution results they should not be able to view. The vulnerability is not confirmed as actively exploited, and a patch is available in Apache Airflow 3.2.0.

Information Disclosure Apache
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-5742 MEDIUM This Month

Stored Cross-Site Scripting in UsersWP WordPress plugin up to version 1.2.60 allows authenticated subscribers and above to inject arbitrary JavaScript into user profile badge widgets via insufficiently sanitized URL fields, executing malicious scripts for all site visitors viewing affected pages. The vulnerability affects the badge widget rendering component due to improper output escaping in the wp-ayecode-ui library integration. No public exploit code or active exploitation has been identified, though the low attack complexity and subscriber-level access requirement make this a realistic threat in multi-user WordPress environments.

WordPress XSS
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2026-4429 MEDIUM This Month

Stored Cross-Site Scripting in OSM - OpenStreetMap WordPress plugin versions up to 6.1.15 allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript through insufficiently sanitized 'marker_name' and 'file_color_list' shortcode attributes in [osm_map_v3], executing malicious scripts whenever users access affected pages. CVSS 6.4 reflects moderate severity with cross-site impact; exploitation requires valid WordPress user credentials but no user interaction beyond page access.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2026-4336 MEDIUM This Month

Stored cross-site scripting in Ultimate FAQ Accordion plugin for WordPress (all versions up to 2.4.7) allows authenticated Author-level users to inject arbitrary web scripts into FAQ pages. The vulnerability exploits a double-encoding bypass: the plugin calls html_entity_decode() on FAQ content during rendering, converting entity-encoded payloads (e.g., <img src=x onerror=alert()>) back into executable HTML, which then bypasses WordPress output escaping in the faq-answer.php template. The ufaq custom post type is REST API-enabled with default post capabilities, allowing Authors to create and publish malicious FAQs via REST API. No public exploit code has been identified at time of analysis, but the vulnerability has a moderate CVSS 6.4 score reflecting its authenticated requirement and cross-site impact.

WordPress PHP XSS
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-5357 MEDIUM This Month

Stored cross-site scripting in Download Manager for WordPress up to version 3.3.52 allows authenticated contributors and above to inject arbitrary JavaScript through the 'sid' parameter of the 'wpdm_members' shortcode, which is stored in post metadata and executed when users access the affected page. The vulnerability stems from missing input sanitization in the members() function and absent output escaping (esc_attr()) when the 'sid' value is rendered directly into HTML id attributes. EPSS score indicates moderate-to-high exploitation probability; no active exploitation in CISA KEV has been confirmed at time of analysis.

WordPress PHP XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-3005 MEDIUM This Month

Stored cross-site scripting in List Category Posts plugin for WordPress (all versions up to 0.94.0) allows authenticated contributors and above to inject arbitrary JavaScript via insufficiently sanitized shortcode attributes, enabling persistent payload execution whenever affected pages are accessed. CVSS 6.4 reflects moderate confidentiality and integrity impact with network-level access; exploitation requires contributor-level WordPress account.

WordPress XSS
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy