Skip to main content
CVE-2026-40265 MEDIUM PATCH GHSA This Month

### Summary A broken access control vulnerability allows unauthenticated users to retrieve note assets directly from the asset download endpoint when they know both the note UUID and asset UUID. This exposes the full contents of private note assets without authentication, even when the associated book is not public. ### Details The issue is caused by the asset download route being registered without authentication middleware. Relevant route registration: - `handlers/assets.go`, line 40 ```go huma.Get(api, "/api/notes/{noteID}/assets/{assetID}", h.GetNoteAssetContentByID) ``` By contrast, other asset operations correctly apply authentication middleware. For example: ```go huma.Delete(api, "/api/notes/{noteID}/assets/{assetID}", h.DeleteNoteAsset, huma.WithMiddleware(h.authMiddleware.AuthRequiredMiddleware)) ``` The backend service for asset retrieval also does not enforce ownership or visibility checks. According to the provided code references, the lookup only queries the asset table by asset ID and note ID: ```sql SELECT * FROM note_assets WHERE id = ? AND note_id = ? ``` Because the retrieval path does not join against the related `notes` or `books` records, it does not verify: - whether the requester owns the parent book - whether the parent book is public or private - whether the related note has been deleted As a result, possession of a valid `noteID` and `assetID` is sufficient to retrieve the asset binary, regardless of whether the note belongs to a private book. The exploitability is constrained by identifier knowledge. Both `noteID` and `assetID` are UUIDv4 values, so blind guessing is impractical. However, the endpoint remains vulnerable whenever those identifiers are disclosed through another channel, such as leaked links, browser history, proxy logs, shared URLs, or other application behaviors that expose internal asset references. ### PoC The issue can be reproduced by creating a private note with an attached asset, then requesting the asset download endpoint without authentication using the valid `noteID` and `assetID`. The server returns the asset content even though the associated note is private. ### Impact - **Type:** Broken access control / unauthenticated information disclosure - **Who is impacted:** Any deployment exposing the affected asset download endpoint - **Security impact:** Full binary contents of private note assets can be disclosed to unauthenticated users who know the required identifiers - **Attack preconditions:** The attacker must know both the target `noteID` and `assetID`; no authentication is required - **Attack complexity:** High, because successful exploitation depends on prior disclosure of both UUIDs rather than feasible online guessing

Authentication Bypass Information Disclosure
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-33900 MEDIUM PATCH GHSA This Month

In viff encoder contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write that can result in a crash.

Denial Of Service Integer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-34859 MEDIUM This Month

Use-after-free vulnerability in Huawei HarmonyOS and EMUI kernel module allows local attackers without privileges to read sensitive memory, modify data, and crash the system (confidentiality, integrity, and availability impact). The vulnerability affects an unspecified range of HarmonyOS and EMUI versions; no public exploit code or active exploitation has been identified at the time of analysis. CVSS score of 5.9 reflects moderate local attack risk with low complexity.

Information Disclosure Use After Free Memory Corruption Emui
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-33555 MEDIUM PATCH This Month

HAProxy versions 2.6 through 3.3.5 fail to validate that received HTTP/3 message body lengths match the announced Content-Length header when streams close via empty-payload frames, enabling request smuggling and backend desynchronization attacks. An unauthenticated remote attacker can exploit this via network-level HTTP/3 traffic to cause integrity violations (integrity impact rated low by CVSS), though practical exploitation requires high attack complexity. No public exploit code or active CISA KEV designation has been confirmed; the moderate CVSS 4.0 and high attack complexity suggest this is a specialized HTTP/3 protocol abuse requiring precise crafting.

Information Disclosure Haproxy
NVD GitHub VulDB
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-34855 MEDIUM This Month

Out-of-bounds write vulnerability in Huawei HarmonyOS and EMUI kernel modules allows local privileged attackers to achieve arbitrary memory corruption, potentially compromising system confidentiality and availability. The vulnerability requires high privilege context and nontrivial user interaction to trigger, limiting real-world exploitation scope despite moderate CVSS scoring.

Buffer Overflow Emui
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-34854 MEDIUM This Month

Use-after-free vulnerability in HarmonyOS and EMUI kernel modules enables local attackers with high privileges to disclose sensitive information and cause denial of service through improper memory management. CVSS 5.7 reflects limited attack scope (local only, requires elevated privileges, high attack complexity), though the vulnerability impacts both confidentiality and availability. No public exploit code or active exploitation has been confirmed at time of analysis.

Information Disclosure Use After Free Memory Corruption Emui
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-34867 MEDIUM This Month

Double free vulnerability in Huawei HarmonyOS multi-mode input system allows local authenticated users with user interaction to cause information disclosure and denial of service. The vulnerability affects availability through memory corruption, with a CVSS score of 5.6 indicating moderate risk. No public exploit code or active exploitation has been confirmed at time of analysis.

Information Disclosure
NVD
CVSS 3.1
5.6
EPSS
0.0%
CVE-2026-31415 MEDIUM PATCH This Month

Integer overflow in the Linux kernel's IPv6 sendmsg ancillary-data path allows a local user with CAP_NET_RAW (or namespaced CAP_NET_RAW via unprivileged user namespaces) to crash the kernel via skb_under_panic(), constituting a local denial of service. The 16-bit opt_flen accumulator in ip6_datagram_send_ctl() wraps around when flooded with large IPV6_DSTOPTS cmsgs, causing the transmit path to underallocate sk_buff headroom while dst1opt still references a large destination-options header - the mismatch triggers BUG() on subsequent packet transmission. A proof-of-concept (poc.c) was submitted with the bug report; no public exploit identified at time of analysis as actively exploited (no CISA KEV listing), and EPSS is very low at 0.03%.

Linux Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31428 MEDIUM PATCH This Month

Uninitialized heap memory leaks to userspace via the Linux kernel's netfilter logging subsystem (nfnetlink_log), exposing 1-3 bytes of stale kernel heap content per logged packet through the NFULA_PAYLOAD netlink attribute. Affected systems are those running Linux kernel versions dating back to commit df6fb868d611 (circa 2.6.24) where NFLOG-based packet logging is configured. A low-privileged local attacker with access to an NFLOG netlink socket can passively harvest kernel memory fragments, potentially useful for defeating KASLR or reconstructing sensitive in-memory data. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%, 7th percentile), but the vulnerability class is well-understood by kernel exploit developers.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31427 MEDIUM PATCH This Month

Stack corruption in the Linux kernel's netfilter SIP connection tracking helper (`nf_conntrack_sip`) allows a local low-privileged attacker to disrupt SIP call establishment by triggering use of an uninitialized `rtp_addr` stack variable in `process_sdp()`. When SDP bodies contain no valid media sections, the uninitialized address is passed to `nf_nat_sdp_session()`, which rewrites SDP `o=` and `c=` lines with either zeroes (when `CONFIG_INIT_STACK_ALL_ZERO` is active) or arbitrary stack contents, corrupting session negotiation. No public exploit identified at time of analysis; EPSS is 0.02% (7th percentile), and this vulnerability is not listed in CISA KEV.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31425 MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel's RDS-over-InfiniBand (RDS/IB) subsystem allows a local low-privileged user to crash the kernel by sending an RDS_CMSG_RDMA_MAP control message before an IB connection is fully established. The impact is a complete denial of service (kernel panic) with no confidentiality or integrity exposure, scoring CVSS 5.5. No public exploit code has been identified at time of analysis, and EPSS exploitation probability is extremely low at 0.02%, consistent with the specialized InfiniBand hardware prerequisite.

Linux Null Pointer Dereference Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31424 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's netfilter x_tables subsystem allows a local attacker with CAP_NET_ADMIN privileges to crash the system by loading an NFPROTO_UNSPEC-registered xt_match or xt_target (e.g., xt_devgroup) into an ARP nftables chain via nft_compat, triggering a kernel panic and complete availability loss. CVSS 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) accurately reflects the local-only, availability-only impact, and EPSS at 0.02% (7th percentile) indicates very low real-world exploitation probability. No active exploitation confirmed (not in CISA KEV); vendor-released patches are available across multiple stable kernel branches.

Linux Null Pointer Dereference Denial Of Service Canonical
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31423 MEDIUM PATCH This Month

Divide-by-zero in the Linux kernel's HFSC traffic scheduler (net/sched/sch_hfsc.c) allows a local authenticated user to crash the kernel via a denial-of-service oops. The flaw is triggered by enqueueing packets through an HFSC qdisc configured with slope values that cause a u64-to-u32 arithmetic truncation to yield a zero divisor in rtsc_min(). With EPSS at 0.02% (7th percentile), no CISA KEV listing, and no public exploit code identified at time of analysis, real-world exploitation risk is currently low, though the crash path is deterministic and reproducible by anyone with HFSC configuration access.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31422 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's net/sched cls_flow traffic classifier allows a local low-privileged attacker to crash the kernel (denial of service) by creating a flow filter on a shared traffic control block without a fully qualified baseclass. The crash occurs in flow_change() at net/sched/cls_flow.c:508, confirmed by a KASAN trace showing null-ptr-deref when block->q is dereferenced on a shared block where it is intentionally NULL. No active exploitation confirmed - not listed in CISA KEV - and EPSS stands at 0.02% (7th percentile), indicating negligible real-world exploitation probability at time of analysis.

Linux Null Pointer Dereference Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31421 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's cls_fw traffic classifier (net/sched/cls_fw.c) crashes the kernel when authenticated local users configure an old-method cls_fw filter on a shared tc block and traffic with a nonzero major skb mark is processed. The flaw exists because the old classification path in fw_classify() calls tcf_block_q() and dereferences q->handle, but shared blocks hold a NULL block->q pointer. The impact is limited to local denial of service (kernel panic); no confidentiality or integrity compromise is possible. EPSS is 0.02% (7th percentile), this vulnerability is not in CISA KEV, and no public exploit has been identified at time of analysis.

Linux Null Pointer Dereference Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31418 MEDIUM PATCH This Month

Local denial-of-service via kernel memory leak in the Linux kernel's netfilter ipset subsystem affects multiple stable branches from Linux 5.6 through the fixed releases 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, and 7.0. The mtype_del() function contains a logic flaw that prevents proper bucket release when all live entries are deleted but the positional counter (n->pos) still references past-deleted slots, causing accumulated unreleased kernel memory across repeated ipset add/delete operations. No public exploit code exists and this CVE is not listed in the CISA KEV catalog; EPSS at 0.02% (7th percentile) reflects very low real-world exploitation probability.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31416 MEDIUM PATCH This Month

Local denial-of-service in the Linux kernel's netfilter nfnetlink_log subsystem allows a low-privileged local user to trigger a kernel WARN splat and cause netlink message drops. The root cause is an accounting error in NLMSG_DONE that omits the netlink header size, counting only the attribute size. With a CVSS score of 5.5 (AV:L/AC:L/PR:L) and EPSS at 0.02% (7th percentile), this has no public exploit code identified at time of analysis and is not listed in the CISA KEV catalog - impact is limited to netlink logging availability, with no code execution or data exposure.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31420 MEDIUM PATCH This Month

Uncontrolled resource exhaustion in the Linux kernel bridge MRP subsystem allows a locally authenticated attacker to trigger a kernel OOM panic by supplying a zero-value test interval via netlink. The br_mrp_start_test() and br_mrp_start_in_test() functions lack input validation for the interval parameter; when set to zero, usecs_to_jiffies(0) yields 0, causing delayed work items on system_percpu_wq to reschedule themselves at maximum rate while continuously allocating and transmitting MRP test frames until all system memory is exhausted. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (6th percentile) reflects low current exploitation probability, though the denial-of-service impact is severe - a full kernel panic.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-40311 MEDIUM PATCH GHSA This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash when reading and printing values from an invalid XMP profile. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.

Denial Of Service Use After Free Memory Corruption Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-40310 MEDIUM PATCH GHSA This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.

Heap Overflow Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-40183 MEDIUM PATCH GHSA This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats. This issue has been fixed in version 7.1.2-19.

Heap Overflow Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-33905 MEDIUM PATCH GHSA This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an specific offset is set through the `sample:offset` define that could lead to an out of bounds read. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.

Buffer Overflow Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-33902 MEDIUM PATCH GHSA This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-35565 MEDIUM PATCH This Month

Stored cross-site scripting in Apache Storm UI before 2.8.6 allows authenticated users with topology submission rights to inject malicious HTML/JavaScript via unsanitized component identifiers, stream names, and grouping values in the visualization component. The payload persists in Nimbus and executes in the browser of any administrator viewing the topology visualization, enabling privilege escalation in multi-tenant deployments. EPSS score of 0.04% and SSVC assessment of partial technical impact with no automated exploitation indicate relatively low real-world risk despite the concerning privilege-escalation scenario.

Apache Privilege Escalation XSS
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-21011 MEDIUM This Month

Bluetooth maintenance mode in Samsung Mobile devices prior to April 2026 SMR Release 1 permits physical attackers to bypass Extend Unlock authentication due to incorrect privilege assignment, enabling unauthorized device access without requiring prior authentication. The vulnerability requires physical proximity and user interaction but grants full confidentiality and integrity compromise of the device. No public exploit code has been identified at the time of analysis.

Authentication Bypass Samsung Mobile Devices
NVD VulDB
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-70936 MEDIUM This Month

Reflected cross-site scripting (XSS) in Vtiger CRM 8.4.0 MailManager module allows authenticated attackers to execute arbitrary JavaScript in a user's browser session via a specially crafted double URL-encoded payload in the _folder parameter. The vulnerability requires user interaction (UI:R) and affects confidentiality and integrity within the scope of the authenticated session. With an EPSS score of 0.02% (5th percentile), real-world exploitation risk is minimal despite public disclosure.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-63743 MEDIUM This Month

Stored cross-site scripting in Snipe-IT asset management system v8.3.0-8.3.1 allows authenticated users with basic login privileges to inject malicious JavaScript via Name and Surname fields, which executes when other users view Activity Reports or modified profiles. This vulnerability requires the victim's Display Name to be unset and affects all users with sufficient permissions to access those views. Patch available in v8.3.2; EPSS score is minimal (0.01%), indicating low empirical exploitation likelihood despite network-accessible attack vector.

XSS N A
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-6231 MEDIUM PATCH This Month

MongoDB C Driver bson_validate function returns early on specific inputs and incorrectly reports successful validation, allowing malformed or invalid UTF-8 sequences in BSON data to bypass validation checks. This affects MongoDB C Driver versions prior to 1.30.5, 2.0.0, and 2.0.1, and impacts applications that depend on this validation function to process untrusted BSON data. Authenticated remote attackers can exploit this to inject invalid BSON data, potentially causing integrity issues in downstream processing; EPSS 0.48 indicates this is a moderate-priority issue that warrants patching but is not among the highest-risk vulnerabilities.

Authentication Bypass C Driver
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-33899 MEDIUM PATCH GHSA This Month

When `Magick` parses an XML file it is possible that a single zero byte is written out of the bounds.

Heap Overflow Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-34069 MEDIUM PATCH GHSA This Month

Denial of service in Nimiq Core consensus peer handler allows unauthenticated remote attackers to crash the RequestMacroChain message handler by sending a crafted message where the first locator hash on the victim's main chain is a micro block instead of a macro block, triggering an unhandled panic via unwrap() on BlockIsNotMacro error. Vendor-released patch: v1.3.0. EPSS score of 0.04% (12th percentile) indicates low real-world exploitation probability despite network-accessible attack vector.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-39940 MEDIUM PATCH This Month

Open redirect vulnerability in ChurchCRM prior to 7.0.0 allows authenticated users to be redirected to arbitrary URLs via malicious 'linkBack' parameters across multiple application pages, including DonatedItemEditor.php. An attacker can craft a link embedding an attacker-controlled URL that executes when a victim clicks the 'Cancel' button, enabling phishing and credential harvesting attacks. EPSS scoring (0.04%, percentile 11%) indicates low real-world exploitation probability despite authenticated access requirement.

Open Redirect PHP
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-40179 MEDIUM PATCH GHSA This Month

Stored cross-site scripting (XSS) in Prometheus web UI allows remote code execution in user browsers when viewing metrics with injected HTML/JavaScript in metric names or label values. Attackers who can inject metrics via compromised scrape targets, remote write, or OTLP receivers can execute arbitrary JavaScript to exfiltrate configuration, delete time-series data, or shut down Prometheus if admin APIs are enabled. Prometheus 3.5.2 LTS and 3.11.2 patch this by escaping all user-controlled value

XSS
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-40041 MEDIUM This Month

Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload, milestone editing, and administrative functions to force logout, create accounts, modify roles, inject comments, or upload files when authenticated users visit attacker-controlled websites.

File Upload CSRF Pachno
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-21003 MEDIUM This Month

Improper input validation in Samsung Mobile devices prior to SMR April 2026 Release 1 allows physical attackers to bypass network restrictions without authentication. The vulnerability affects data handling related to network restriction policies, enabling unauthorized modification of network access controls. CVSS score of 5.2 reflects the physical attack requirement, though integrity and availability impacts are rated high for affected functions.

Authentication Bypass Samsung Mobile Devices
NVD
CVSS 4.0
5.2
EPSS
0.0%
CVE-2026-40038 MEDIUM This Month

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, comment_body, article_content, description, and message parameters across multiple controllers, which are stored in the database and executed in users' browser sessions due to improper sanitization via Request::getRawParameter() or Request::getParameter() calls.

XSS Pachno
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-21008 MEDIUM This Month

Samsung Mobile S Share application prior to the April 2026 SMR Release 1 exposes sensitive information to adjacent network attackers without requiring authentication, achieved through a low-complexity attack requiring only user interaction. The vulnerability has a CVSS 5.1 score reflecting limited confidentiality impact over an adjacent network, and is addressed in the April 2026 security patch release.

Information Disclosure Samsung Mobile Devices
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-40447 MEDIUM This Month

Integer overflow in Samsung Open Source Escargot causes undefined behavior and potential denial of service on local systems. The vulnerability affects the Escargot JavaScript engine (commit 97e8115ab1110bc502b4b5e4a0c689a71520d335 and related versions) and requires local access with low complexity to trigger. With CVSS 5.1 and EPSS not specified, the risk is moderate; no public exploit code or active exploitation has been confirmed at time of analysis.

Buffer Overflow Samsung Integer Overflow
NVD GitHub VulDB
CVSS 3.1
5.1
EPSS
0.0%
CVE-2026-21014 MEDIUM This Month

Samsung Camera prior to version 16.5.00.28 allows local attackers with limited privileges to access device location data through improper access control, requiring user interaction to trigger. This information disclosure vulnerability affects Samsung's mobile camera application and represents a localized privacy exposure on affected devices.

Samsung Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-34238 MEDIUM PATCH GHSA This Month

An integer overflow in the despeckle operation causes a heap buffer overflow on 32-bit builds that will result in an out of bounds write. ``` ==1551685==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xea2fb818 at pc 0x56cbc42a bp 0xffc4ce48 sp 0xffc4ce38 WRITE of size 8 at 0xea2fb818 thread T0 ```

Buffer Overflow Integer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.1
EPSS
0.0%
CVE-2026-34866 MEDIUM This Month

Out-of-bounds write in Huawei HarmonyOS WEB module allows local attackers without privileges to cause integrity and availability impact through a classic buffer overflow condition. CVSS 5.1 (moderate) reflects local-only attack vector and limited scope, though the vulnerability affects a core web rendering component. No active exploitation or public proof-of-concept confirmed at time of analysis.

Buffer Overflow
NVD VulDB
CVSS 3.1
5.1
EPSS
0.0%
CVE-2026-21006 MEDIUM This Month

Samsung DeX prior to the April 2026 Release 1 update contains improper access control that allows physical attackers to access hidden notification contents on affected Samsung mobile devices. The vulnerability requires direct physical access to the device but carries high scope and information integrity impact due to potential exposure of sensitive notification data. No public exploit code has been identified at the time of analysis.

Samsung Information Disclosure
NVD VulDB
CVSS 4.0
4.7
EPSS
0.0%
CVE-2026-34857 MEDIUM This Month

Use-after-free vulnerability in Huawei HarmonyOS communication module allows authenticated local attackers with high privileges to trigger denial of service and disclose limited information via a race condition. CVSS score 4.7 reflects the high privilege requirement and local attack vector, though the vulnerability impacts both availability and confidentiality. No public exploit code or active exploitation has been confirmed at this time.

Race Condition Information Disclosure
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-21007 MEDIUM This Month

Device Care in Samsung Mobile devices prior to the April 2026 SMR Release 1 contains an improper exception handling vulnerability that permits physical attackers to bypass Knox Guard authentication enforcement. With a CVSS score of 4.4 and attack vector requiring physical access, this vulnerability poses a localized but serious integrity and confidentiality risk to device security architecture, particularly for devices left unattended or in corporate environments where physical access controls may be compromised.

Authentication Bypass Samsung Mobile Devices
NVD VulDB
CVSS 4.0
4.4
EPSS
0.0%
CVE-2026-21009 MEDIUM This Month

Samsung Mobile's Recents application prior to SMR Apr-2026 Release 1 fails to properly validate exceptional conditions, allowing a physical attacker to bypass App Pinning security controls. The vulnerability requires physical device access and has a CVSS score of 4.1 reflecting the physical attack vector and confidentiality impact; no public exploit code or confirmed active exploitation has been identified.

Authentication Bypass Samsung Mobile Devices
NVD VulDB
CVSS 4.0
4.1
EPSS
0.0%
CVE-2026-34860 MEDIUM This Month

Improper access control in Huawei HarmonyOS memo module allows local, unauthenticated users to bypass authentication and read sensitive memo data, affecting confidentiality and system availability. The vulnerability requires user interaction (UI interaction flag set) and involves high attack complexity, resulting in a CVSS score of 4.1. No public exploit code or active exploitation has been confirmed at time of analysis.

Authentication Bypass
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2026-34858 MEDIUM This Month

Use-after-free vulnerability in Huawei HarmonyOS communication module allows authenticated local attackers with high privileges to cause denial of service through a race condition. CVSS score of 4.1 reflects low attack complexity and local-only vector, though availability impact is significant. No public exploit code or active exploitation confirmed at time of analysis.

Race Condition Information Disclosure
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2026-0232 MEDIUM PATCH This Month

Cortex XDR agent on Windows versions 7.9-CE through 9.0 allows authenticated local administrators to disable the agent through a protection mechanism bypass, enabling malware to operate undetected. The vulnerability requires high privileges and local access, but creates a critical detection evasion vector when exploited by administratively compromised systems or insider threats. No public exploit code or active exploitation has been reported at time of analysis.

Paloalto Information Disclosure Microsoft Cortex Xdr Agent
NVD VulDB
CVSS 4.0
4.0
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy