Skip to main content
CVE-2025-14545 MEDIUM POC PATCH This Month

Remote code execution in YML for Yandex Market WordPress plugin versions before 5.0.26 allows unauthenticated remote attackers to execute arbitrary code through the feed generation process. The vulnerability has a CVSS score of 6.5 and publicly available exploit code exists. Exploitation requires only network access with no user interaction, making it relatively straightforward to weaponize despite the low EPSS score (0.09%), suggesting limited real-world exploitation activity at the time of analysis.

RCE WordPress
NVD WPScan
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-4432 MEDIUM POC PATCH This Month

Unauthenticated attackers can rename arbitrary wishlists on WordPress sites running YITH WooCommerce Wishlist before version 4.13.0 due to insufficient ownership validation in the save_title() AJAX handler. The vulnerability exploits a publicly exposed nonce in the wishlist page source, allowing attackers to modify wishlist names for any user without authentication. While the CVSS score of 6.5 reflects moderate integrity and confidentiality impact, the EPSS score of 0.02% (percentile 6%) and low real-world exploitation probability suggest this is a niche risk affecting only sites using this specific plugin, though publicly available exploit code exists.

Information Disclosure WordPress
NVD WPScan
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-6024 MEDIUM POC This Month

Path traversal in Tenda i6 router firmware 1.0.0.7(2204) allows unauthenticated remote attackers to read, write, or delete arbitrary files via malicious HTTP requests to the R7WebsSecurityHandlerfunction component. CVSS 7.3 (High) reflects network-accessible exploitation without authentication. Publicly available exploit code exists, documented in a GitHub repository demonstrating attack vectors. Affects Tenda i6 wireless router deployments running vulnerable firmware version.

Path Traversal Tenda
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-5998 MEDIUM POC PATCH This Month

Path traversal in zhayujie chatgpt-on-wechat CowAgent up to version 2.0.4 allows unauthenticated remote attackers to read arbitrary files via the filename parameter in the API Memory Content Endpoint (agent/memory/service.py). The vulnerability has a publicly available exploit, carries a moderate CVSS score of 5.3 reflecting limited confidentiality impact, and has been patched by the vendor in version 2.0.5 with patch commit 174ee0cafc9e8e9d97a23c305418251485b8aa89.

Path Traversal Chatgpt On Wechat Cowagent
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-6038 MEDIUM POC This Month

SQL injection in code-projects Vehicle Showroom Management System 1.0 via the BRANCH_ID parameter in /util/RegisterCustomerFunction.php allows unauthenticated remote attackers to manipulate database queries with low complexity, affecting data confidentiality and integrity. Publicly available exploit code exists, increasing real-world exploitation risk despite the moderate CVSS 6.9 score.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-6037 MEDIUM POC This Month

A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function of the file /util/AddVehicleFunction.php. This manipulation of the argument BRANCH_ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-6036 MEDIUM POC This Month

A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown function of the file /util/VehicleDetailsFunction.php. The manipulation of the argument VEHICLE_ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-6031 MEDIUM POC This Month

SQL injection in code-projects Simple IT Discussion Forum 1.0 allows unauthenticated remote attackers to execute arbitrary SQL commands via the Category parameter in /add-category-function.php. Attackers can read, modify, or delete database contents without authentication. Publicly available exploit code exists. CVSS 7.3 (High) reflects network-accessible attack vector with low complexity and no user interaction required. Impacts confidentiality, integrity, and availability at low levels.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-6004 MEDIUM POC This Month

SQL injection in Simple IT Discussion Forum 1.0 by code-projects allows unauthenticated remote attackers to execute arbitrary SQL commands via the cat_id parameter in /delete-category.php, enabling unauthorized data access, modification, or deletion. Publicly available exploit code exists. CVSS 7.3 (High) reflects network-accessible attack surface with low complexity and no authentication requirement, permitting compromise of confidentiality, integrity, and availability.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-39922 MEDIUM POC PATCH GHSA This Month

GeoNode 4.0 before 4.4.5 and 5.0 before 5.0.2 contains a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to probe internal networks, including loopback addresses, RFC1918 private IP ranges, link-local addresses, and cloud metadata services by submitting a crafted WMS service URL during form validation. The vulnerability exploits insufficient URL validation without private IP filtering or allowlist enforcement. No public exploit code has been identified at the time of analysis.

SSRF Geonode
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-34478 MEDIUM PATCH This Month

Apache Log4j Core 2.21.0 through 2.25.3 allows remote log injection via CRLF sequences in Rfc5424Layout due to undocumented renaming of security-relevant configuration attributes (newLineEscape and useTlsMessageFormat). Attackers can inject malicious log entries or downgrade TLS-framed syslog to unframed TCP, compromising log integrity for stream-based syslog services. SyslogAppender users are not affected. CVSS 6.9 indicates medium-to-high severity; EPSS and exploitation signals not available at time of analysis.

Apache Code Injection
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-34480 MEDIUM PATCH GHSA This Month

Apache Log4j Core's XmlLayout in versions up to 2.25.3 fails to sanitize XML-forbidden characters, producing malformed XML output when log messages or MDC values contain such characters. The impact varies by StAX implementation: JRE's built-in StAX silently writes invalid XML that conforming parsers reject, potentially causing downstream log-processing systems to drop records; alternative StAX implementations like Woodstox throw exceptions during logging calls, preventing event delivery to the intended appender. No public exploit code or active exploitation has been identified; this is a data integrity and log availability issue rather than a confidentiality or authentication bypass. Patch version 2.25.4 is available from Apache.

Apache Information Disclosure
NVD GitHub VulDB HeroDevs
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-34479 MEDIUM PATCH This Month

Log4j1XmlLayout in Apache Log4j 1-to-Log4j 2 bridge fails to escape XML 1.0-forbidden characters, causing malformed XML output that conforming XML parsers reject with fatal errors. This impacts downstream log processing systems that may drop or fail to index affected log records, affecting organizations using either Log4j1XmlLayout directly in Log4j Core 2 configurations or the deprecated Log4j 1 compatibility layer with XMLLayout. While no active exploitation has been confirmed, the vulnerability has a notable EPSS score and affects information disclosure integrity. Vendor-released patch version 2.25.4 is available.

Apache Information Disclosure
NVD GitHub VulDB HeroDevs
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-40178 MEDIUM PATCH GHSA This Month

Remote authentication bypass in Ajenti prior to version 0.112 allows unauthenticated network attackers to circumvent two-factor authentication during a brief post-authentication window with high attack complexity. The vulnerability affects the core authentication mechanism in ajenti.plugin.core and permits attackers to gain high-confidence access to protected resources; the vendor released patched version 0.112 to resolve this issue.

Authentication Bypass Ajenti
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-35664 MEDIUM PATCH This Month

OpenClaw before version 2026.3.25 contains an authentication bypass vulnerability in the raw card send surface that allows unauthenticated remote attackers to send malformed card commands, bypassing DM pairing restrictions and reaching callback handlers without proper authorization. This enables unpaired recipients to mint legacy callback payloads, resulting in integrity compromise of the messaging protocol. No public exploit code or active exploitation has been confirmed, but the low attack complexity and network accessibility make this a practical vulnerability.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-40260 MEDIUM PATCH GHSA This Month

Memory exhaustion in pypdf library allows remote attackers to cause denial of service by crafting malicious PDF files with specially crafted XMP metadata that triggers excessive memory consumption during parsing. Affected versions prior to pypdf 6.10.0 are vulnerable; vendor-released patch is available. No active exploitation confirmed, but the attack requires only a crafted PDF file and no special privileges.

Information Disclosure Red Hat
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-35665 MEDIUM PATCH This Month

OpenClaw before version 2026.3.24 allows unauthenticated remote denial of service via the Feishu webhook handler, which accepts request bodies up to 1MB with a 30-second timeout before verifying the request signature. An attacker can exhaust server connection resources by sending concurrent slow HTTP POST requests, blocking legitimate webhook deliveries and degrading service availability. This is an incomplete remediation of the earlier CVE-2026-32011.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-35661 MEDIUM PATCH This Month

OpenClaw before 2026.3.25 allows remote attackers to bypass Telegram direct message pairing requirements and mutate session state through weaker callback-only authorization mechanisms. An unauthenticated attacker can craft malicious Telegram callback queries in direct messages to modify session state without satisfying the normal DM pairing security controls, resulting in unauthorized state modification with CVSS 5.3 (medium severity).

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-35652 MEDIUM PATCH This Month

OpenClaw before version 2026.3.22 suffers from an authorization bypass in its interactive callback dispatch mechanism that permits unauthenticated remote attackers to execute action handlers without sender allowlist validation. The vulnerability exploits a race condition or timing gap where callbacks are processed before security checks complete, enabling unauthorized state modification and availability impact. No public exploit code or active exploitation has been confirmed at time of analysis, but the low attack complexity and lack of authentication requirements make this a practical threat to exposed OpenClaw deployments.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-35655 MEDIUM PATCH This Month

OpenClaw before version 2026.3.22 allows authenticated remote attackers to spoof tool identities through rawInput parameters, bypassing ACP permission resolution and suppressing dangerous-tool prompting via identity hint conflicts between rawInput and metadata. This authentication bypass with high integrity impact affects all versions prior to the fixed release, enabling attackers to circumvent security restrictions intended to prevent execution of dangerous operations.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-35654 MEDIUM PATCH This Month

OpenClaw before version 2026.3.25 allows unauthenticated remote attackers to bypass sender allowlist checks in Microsoft Teams feedback invoke endpoints, enabling unauthorized recording of session feedback. The vulnerability exploits improper authorization logic in feedback processing, granting attackers the ability to trigger feedback recording or reflection operations that should be restricted to authorized senders. No public exploit code has been identified at the time of analysis.

Authentication Bypass Microsoft
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-35647 MEDIUM PATCH This Month

OpenClaw before version 2026.3.25 allows unauthenticated remote attackers to bypass direct message policy controls by sending verification notices to users outside configured allowed peer lists. The vulnerability stems from insufficient access validation checks applied to verification notice transmission, enabling attackers to contact users who have restricted direct messaging policies in place. CVSS score of 5.3 reflects moderate integrity impact with low attack complexity and no authentication requirements.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-35667 MEDIUM PATCH This Month

OpenClaw before version 2026.3.24 permits authenticated local attackers to trigger improper process termination via the !stop chat command, which uses an unpatched killProcessTree function that sends SIGKILL without graceful SIGTERM shutdown. This incomplete fix for CVE-2026-27486 enables attackers to corrupt data, leak resources, and skip security-sensitive cleanup operations, resulting in integrity compromise and denial of service.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-40175 MEDIUM PATCH CISA NEWS GHSA This Month

Remote code execution affects Axios HTTP client library versions prior to 1.15.0 via gadget chain escalation of prototype pollution vulnerabilities in third-party dependencies. Unauthenticated network attackers can exploit this chaining mechanism to achieve full remote code execution or cloud compromise through AWS IMDSv2 bypass. Critical severity (CVSS 10.0) with scope change indicates containment boundary violation. No public exploit identified at time of analysis.

RCE Node.js Axios
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.2%
CVE-2026-40191 MEDIUM PATCH This Month

ClearanceKit for macOS prior to version 5.0.4-beta-1f46165 fails to validate destination paths in dual-path file operations (rename, link, copyfile, exchangedata, clone), allowing authenticated local processes to bypass file-access protection and place or replace files in protected directories. The vulnerability affects all versions before 5.0.4-beta-1f46165 and has been patched; no public exploit code or active exploitation has been identified at the time of analysis.

Apple Authentication Bypass
NVD GitHub
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-4482 MEDIUM PATCH This Month

Improperly restricted file permissions on Rapid7 Insight Agent installer certificate files on Windows systems allow locally authenticated standard users to read the agent's private key (client.key), enabling identity material disclosure and potential lateral movement or agent impersonation. CVSS 6.8 (CVSS:4.0 LOCAL/LOW complexity, PR:L) reflects local authentication requirement; CISA KEV status not confirmed. Rapid7 released patched version 4.1.0.2 addressing this permission misconfiguration.

Information Disclosure Microsoft
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-40224 MEDIUM PATCH This Month

Local privilege escalation in systemd 259 before 260 allows authenticated local users to gain root-level access via varlink communication to systemd-machined, exploiting improper namespace isolation. The vulnerability requires low privileges, high attack complexity, and user interaction, affecting the systemd init system across Linux distributions. No public exploit code or active exploitation has been confirmed at time of analysis.

Privilege Escalation Authentication Bypass Systemd
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-35599 MEDIUM PATCH GHSA This Month

Denial of service in Vikunja via algorithmic complexity attack in the addRepeatIntervalToTime function allows authenticated users to exhaust server CPU and database connections by creating repeating tasks with 1-second intervals and dates far in the past (e.g., 1900), triggering billions of loop iterations that hang requests for 60+ seconds and exhaust the default 100-connection pool. CVSS 6.5 with authenticated attack vector; confirmed patched in v2.3.0.

Python Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27460 MEDIUM PATCH This Month

Tandoor Recipes versions prior to 2.6.5 suffer from a denial-of-service vulnerability in the recipe import functionality that allows authenticated users to crash the application server or severely degrade performance by uploading a specially crafted ZIP bomb file. The vulnerability affects recipe management and meal planning features accessible to authenticated users and has been patched in version 2.6.5.

Denial Of Service Recipes
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-35594 MEDIUM PATCH GHSA This Month

Vikunja prior to version 2.3.0 fails to validate link share permissions against server state during JWT authentication, allowing attackers with revoked or downgraded JWT tokens to maintain the original access level for up to 72 hours. This affects self-hosted task management deployments where link shares are used for collaboration, enabling unauthorized information disclosure and modification of shared projects even after a project owner explicitly revokes or restricts access.

Information Disclosure Vikunja
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33736 MEDIUM PATCH This Month

Chamilo LMS versions prior to 2.0.0-RC.3 allow authenticated students and lower-privileged users to enumerate all platform users and extract sensitive personal information (email addresses, phone numbers, role assignments) through an unauthenticated API endpoint (GET /api/users), enabling reconnaissance of administrator accounts and organizational structure. The vulnerability affects any installation with user accounts below administrative level and is fixed in version 2.0.0-RC.3.

Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33708 MEDIUM PATCH This Month

Chamilo LMS REST API endpoint get_user_info_from_username fails to authorize requests, exposing personal information (email, names, user ID, active status) to any authenticated user regardless of role prior to version 1.11.38. An attacker with valid login credentials, including a student account, can enumerate and retrieve sensitive user data for any account in the system.

Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2021-47960 MEDIUM PATCH This Month

A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Synology Path Traversal Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-40199 MEDIUM PATCH This Month

Net::CIDR::Lite before version 0.23 for Perl incorrectly handles RFC 4291 IPv4-mapped IPv6 addresses (::ffff:x.x.x.x) by including an extra sentinel byte during packing, resulting in 18-byte instead of 17-byte representations. This misalignment causes the find() and bin_find() functions to return incorrect matching results during IP address lookup operations, enabling attackers to bypass IP-based access control lists by crafting addresses that fall outside intended CIDR ranges. No active exploitation has been identified, but the low EPSS score (0.02%) masks the authentication bypass tag, suggesting limited real-world triggering conditions despite the 6.5 CVSS score.

Authentication Bypass Net
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33141 MEDIUM PATCH This Month

Insecure Direct Object Reference in Chamilo LMS REST API stats endpoint allows authenticated low-privilege users to read unauthorized access to any user's learning progress, certificates, and gradebook scores across all courses prior to version 2.0.0-RC.3. The vulnerability requires only valid user credentials (accessible to students with ROLE_USER) and network access, enabling horizontal privilege escalation without administrative intervention or system compromise. No public exploit code or active exploitation has been identified at time of analysis.

Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-2305 MEDIUM This Month

Stored cross-site scripting (XSS) in AddFunc Head & Footer Code plugin for WordPress versions up to 2.3 allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript via custom post meta fields that execute when administrators preview or view posts. The vulnerability exists because the plugin outputs user-supplied code from `aFhfc_head_code`, `aFhfc_body_code`, and `aFhfc_footer_code` meta values without sanitization or escaping, and fails to restrict meta key access via WordPress `register_meta()` authentication callbacks despite restricting its own admin interface. No public exploit code or active exploitation has been confirmed at time of analysis.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-1263 MEDIUM This Month

Stored Cross-Site Scripting (XSS) in the Webling WordPress plugin versions up to 3.9.0 allows authenticated attackers with Subscriber-level access to inject malicious scripts into forms and memberlists that execute when administrators view the admin interface. The vulnerability stems from insufficient input sanitization and output escaping in the 'webling_admin_save_form' and 'webling_admin_save_memberlist' functions, combined with missing capability checks. No public exploit code or active exploitation has been reported at time of analysis.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-40225 MEDIUM PATCH This Month

Local root code execution in systemd's udev subsystem before version 260 allows attackers with physical access to craft malicious hardware devices that exploit unsanitized kernel output, achieving privilege escalation from local user context to root. The attack requires physical device insertion but no user interaction; CVSS 6.4 reflects the physical attack vector constraint, though successful exploitation grants complete system compromise. No public exploit code or active exploitation has been confirmed at time of analysis.

Information Disclosure Systemd
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-40226 MEDIUM PATCH This Month

Escape-to-host vulnerability in systemd nspawn (versions 233-259) allows local privileged users to break container isolation via a crafted optional config file, enabling arbitrary code execution on the host system. CVSS 6.4 reflects high integrity and confidentiality impact but requires high privilege and difficult attack conditions. No public exploit code or active exploitation has been confirmed at the time of analysis.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-40023 MEDIUM PATCH This Month

Apache Log4cxx XMLLayout before version 1.7.0 fails to sanitize XML-forbidden characters in log messages, NDC (Nested Diagnostic Context), and MDC (Mapped Diagnostic Context) properties, producing malformed XML that conforming parsers reject with fatal errors. Attackers who can influence logged data can exploit this to suppress individual log records, degrading audit trails and impairing detection of malicious activity. The vulnerability affects all versions prior to 1.7.0 across multiple distri

Apache Information Disclosure
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-40021 MEDIUM PATCH This Month

Apache Log4net versions before 3.3.0 fail to sanitize XML 1.0-forbidden characters in MDC property keys and values, as well as identity fields, causing serialization exceptions that silently drop log events when XmlLayout or XmlLayoutSchemaLog4J are in use. An attacker who can influence these fields can suppress individual audit log records, impairing detection of malicious activity. No public exploit code or active exploitation has been confirmed; patch is available from the vendor.

Apache Information Disclosure
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-34481 MEDIUM PATCH GHSA This Month

Apache Log4j JsonTemplateLayout versions up to 2.25.3 generate invalid JSON when logging non-finite floating-point values (NaN, Infinity, -Infinity), violating RFC 8259 and causing downstream log processing systems to fail indexing or reject records. An unauthenticated remote attacker can trigger this by controlling floating-point values in MapMessages logged by vulnerable applications, resulting in data loss or processing failures in log aggregation pipelines. Vendor-released patch: version 2.25.4.

Apache Information Disclosure Apache Log4J Json Template Layout
NVD GitHub VulDB HeroDevs
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-34477 MEDIUM POC PATCH This Month

Man-in-the-middle attacks are possible in Apache Log4j Core through 2.25.3 when SMTP, Socket, or Syslog appenders use TLS with the verifyHostName attribute configured in the <Ssl> element, because the attribute was silently ignored despite being available since version 2.12.0. This is a regression from an incomplete fix to CVE-2025-68161 that only addressed hostname verification via system property. An attacker with a certificate from a trusted CA can intercept TLS connections. Apache has released patched version 2.25.4 to correct this issue.

Apache Java Information Disclosure
NVD GitHub VulDB HeroDevs
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-35656 MEDIUM PATCH This Month

OpenClaw before version 2026.3.22 contains an authentication bypass vulnerability in X-Forwarded-For header processing when trustedProxies is configured, allowing unauthenticated remote attackers to spoof loopback client addresses and bypass canvas authentication and rate-limiting protections. The vulnerability exploits improper validation of forwarding headers to masquerade as local loopback connections, with a CVSS score of 6.5 reflecting moderate confidentiality and integrity impact but no direct availability impact.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-5724 MEDIUM PATCH GHSA This Month

Temporal's frontend gRPC server fails to enforce authentication and authorization on the StreamWorkflowReplicationMessages endpoint, allowing unauthenticated network attackers to establish replication streams and potentially exfiltrate workflow data when replication targets are configured. The vulnerability affects Temporal versions prior to 1.28.4, 1.29.6, and 1.30.4; Temporal Cloud deployments are unaffected. While exploitation requires knowledge of cluster configuration and correctly configured replication targets, the authentication bypass on a network-accessible service combined with a moderate CVSS score (6.3) reflects the practical risk of unauthorized data access in multi-tenant or sensitive workflow environments.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-5460 MEDIUM PATCH This Month

Heap use-after-free in wolfSSL's TLS 1.3 post-quantum cryptography hybrid KeyShare processing allows unauthenticated remote attackers to corrupt heap memory and potentially disclose information. The vulnerability occurs when TLSX_KeyShare_ProcessPqcHybridClient() error handling prematurely frees a KyberKey object in src/tls.c, and the caller's subsequent TLSX_KeyShare_FreeAll() invocation writes zero bytes to already-freed memory. CVSS 6.3 reflects low integrity and availability impact; exploitation requires precise network timing (AT:P). No public exploit identified at time of analysis, but the underlying use-after-free pattern is a known attack vector in memory-unsafe code.

Use After Free Memory Corruption Information Disclosure Wolfssl
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-40074 MEDIUM PATCH GHSA This Month

SvelteKit versions prior to 2.57.1 are vulnerable to denial of service when the redirect() function is called from the handle server hook with HTTP header-invalid characters in the location parameter. An unauthenticated remote attacker can trigger an unhandled TypeError by supplying unsanitized user input to the redirect location, potentially causing application crashes on certain platforms. The vulnerability is fixed in version 2.57.1.

Information Disclosure Kit
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-35649 MEDIUM PATCH This Month

OpenClaw before version 2026.3.22 allows unauthenticated remote attackers to bypass access control denials by exploiting improper handling of empty allowlists during settings reconciliation, silently restoring previously revoked permissions. The vulnerability treats explicitly empty allowlists as unset rather than as explicit deny-all configurations, enabling attackers to undo intended access revocations without authentication. With a CVSS score of 6.5 and network-accessible attack vector, this represents a moderate-severity logic flaw affecting access control enforcement.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-40227 MEDIUM PATCH This Month

Denial of service in systemd 260 allows local unprivileged users to crash the systemd daemon by triggering an assert via IPC API calls containing arrays or maps with null elements. The vulnerability affects systemd versions 260 through 260, with no public exploit code identified at time of analysis. EPSS score of 6.2 reflects moderate real-world risk due to local-only attack vector and non-privileged requirements.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-31262 MEDIUM This Month

Reflected cross-site scripting (XSS) in Altenar Sportsbook Software Platform (SB2) v.2.0 allows remote attackers to inject malicious scripts via URL parameters, enabling information disclosure and potential arbitrary code execution when users interact with crafted links. The vulnerability requires user interaction (click a malicious link) but affects all users regardless of authentication status, with EPSS score of 0.06% indicating very low real-world exploitation probability despite the moderate CVSS rating of 6.1. No confirmed active exploitation or public proof-of-concept code availability has been documented.

Information Disclosure RCE XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy