Skip to main content
CVE-2026-6409 HIGH PATCH GHSA This Week

A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages-specifically those containing negative varints or deep recursion-can be used to crash the application, impacting service availability.

PHP Denial Of Service
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-40503 HIGH PATCH This Week

Path traversal in OpenHarness allows authenticated gateway users with chat access to read arbitrary files on the server via the '/memory show' slash command. Affecting all versions prior to commit dd1d235, attackers can inject directory traversal sequences to escape the project memory directory and access any file readable by the OpenHarness process. CVSS 7.1 reflects high confidentiality impact with low-privilege network access. Vendor patch available via GitHub commit dd1d235450dd987b20bff01b7bfb02fe8620a0af. No public exploit identified at time of analysis, EPSS data unavailable.

Path Traversal Openharness
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-30459 HIGH This Week

An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message.

Information Disclosure N A
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-54502 HIGH This Week

Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.

Privilege Escalation Information Disclosure RCE Amd Amd Epyc 9004 Series Processors +56
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-3861 HIGH PATCH This Week

LINE for iOS versions before 26.3.0 suffer from dialog-based denial-of-service through the in-app browser. A remote attacker can render an iOS device temporarily inoperable by crafting a malicious web page that triggers infinite OS-level dialog loops when opened in LINE's browser, requiring only that a user click a malicious link. EPSS exploitation probability is minimal (0.01%, 1st percentile) with no active exploitation confirmed. Vendor patch released in version 26.3.0, addressing CWE-451 (user interface misrepresentation).

Information Disclosure Apple Line Client For Ios
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy