Skip to main content
CVE-2026-6594 MEDIUM POC This Month

Prototype pollution in brikcss merge library versions 1.0 through 1.3.0 enables remote unauthenticated attackers to inject malicious properties into JavaScript Object prototypes via crafted __proto__, constructor.prototype, or prototype arguments, potentially leading to information disclosure, authentication bypass, or denial of service. Publicly available exploit code exists (GitHub PoC from sudo-secure). CVSS 7.3 with network vector and no authentication required. Vendor unresponsive to disclosure attempts.

Information Disclosure Prototype Pollution
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-6588 MEDIUM POC This Month

Missing authentication in serge-chat serge up to version 1.4TB allows unauthenticated remote attackers to manipulate the download_model and delete_model API endpoints, enabling unauthorized model file deletion and modification through the Model API Endpoint in api/src/serge/routers/model.py. The vulnerability is confirmed to have publicly available exploit code and represents a direct authentication bypass with integrity and availability impact. The vendor did not respond to early disclosure notification.

Authentication Bypass Serge
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-6615 MEDIUM POC This Month

Path traversal in TransformerOptimus SuperAGI versions up to 0.0.14 allows remote unauthenticated attackers to read, write, or delete arbitrary files via manipulated 'Name' parameter in multipart upload requests. Publicly available exploit code exists (GitHub Gist) demonstrating exploitation. EPSS data unavailable, not currently listed in CISA KEV. CVSS 7.3 reflects network-accessible attack with no authentication barrier, though impact is rated as 'Low' across confidentiality, integrity, and availability - likely indicating file system scope limitations rather than full system compromise.

Path Traversal Superagi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-6635 MEDIUM POC This Month

Improper authentication in rowboatlabs rowboat (versions up to 0.1.67) allows remote unauthenticated attackers to bypass authentication by manipulating the X-Tools-JWE header in the tools_webhook component. The vulnerability enables unauthorized access with low confidentiality, integrity, and availability impact. A public exploit exists (CVSS E:P). The vendor did not respond to early disclosure attempts. EPSS data unavailable; not listed in CISA KEV, suggesting limited widespread exploitation despite public POC.

Authentication Bypass Rowboat
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-6607 MEDIUM POC PATCH This Month

Resource exhaustion in lm-sys FastChat up to 0.2.36 allows remote attackers to trigger denial of service by sending manipulated requests to the Worker API Endpoint's api_generate function. The vulnerability has publicly available exploit code and is confirmed patched upstream, though the fix in commit c9e84b89c91d45191dc24466888de526fa04cf33 addresses only the primary entry point in base_model_worker.py while missing other vulnerable code paths. EPSS score of 5.5 (CVSS 4.0) indicates low to moderate real-world exploitation probability despite public exploit availability.

Denial Of Service Fastchat
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-6621 MEDIUM POC This Month

Prototype pollution in extend-deep npm package (up to 0.1.6) enables remote attackers to manipulate JavaScript object prototypes via crafted __proto__ payloads, achieving low-severity confidentiality, integrity, and availability impacts. Public exploit code exists on GitHub. CVSS 7.3 with network attack vector and no authentication required. Project repository inactive for years, making official patch unlikely. EPSS data unavailable, but prototype pollution attacks are well-understood and automatable. Not listed in CISA KEV, suggesting limited widespread exploitation despite public POC.

Information Disclosure Prototype Pollution
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-6603 MEDIUM POC This Month

Remote code execution in ModelScope AgentScope up to version 1.0.18 allows unauthenticated network attackers to inject and execute arbitrary Python code or shell commands through the execute_python_code and execute_shell_command functions in src/AgentScope/tool/_coding/_python.py. Publicly available exploit code exists, and the vendor has not responded to early disclosure notifications, leaving all versions up to 1.0.18 unpatched and actively exploitable.

Code Injection RCE Agentscope
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-6625 MEDIUM POC This Month

Server-side request forgery (SSRF) in Mogu Blog v2 up to version 5.2 allows unauthenticated remote attackers to initiate arbitrary HTTP requests from the affected server through the picture upload functionality. The vulnerability exists in the LocalFileServiceImpl.uploadPictureByUrl method within the Picture Storage Service component, enabling attackers to access internal services, scan internal networks, or exfiltrate sensitive data. Publicly available exploit code exists, and the vendor has not responded to early disclosure notifications.

SSRF Java
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-6606 MEDIUM POC This Month

Modelscope AgentScope versions up to 1.0.18 contain a server-side request forgery (SSRF) vulnerability in the _process_audio_block function that allows remote unauthenticated attackers to manipulate the 'url' argument and trigger arbitrary HTTP requests from the vulnerable server. Publicly available exploit code exists, and the vendor has not responded to disclosure attempts, leaving affected deployments without an official patch.

SSRF Agentscope
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-6605 MEDIUM POC This Month

Server-side request forgery in ModelScope AgentScope up to version 1.0.18 allows remote unauthenticated attackers to manipulate the _get_bytes_from_web_url function in src/agentscope/_utils/_common.py, enabling them to make arbitrary HTTP requests from the affected server. Publicly available exploit code exists, and the vendor has not responded to early disclosure attempts, leaving affected installations vulnerable to attackers probing internal networks and services.

SSRF Agentscope
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-6604 MEDIUM POC This Month

Server-side request forgery (SSRF) in ModelScope AgentScope up to version 1.0.18 allows remote unauthenticated attackers to manipulate image_url and audio_file_url parameters in the _parse_url, prepare_image, and openai_audio_to_text functions, enabling arbitrary HTTP requests from the affected server. The vulnerability has publicly available exploit code and affects the Cloud Metadata Endpoint component. The vendor has not responded to early disclosure attempts, and exploitation is confirmed to be possible with low attack complexity.

SSRF Agentscope
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-6602 MEDIUM POC This Month

Unrestricted file upload in rickxy Hospital Management System allows remote unauthenticated attackers to upload malicious files via the /backend/admin/his_admin_account.php endpoint, leading to potential remote code execution, data exfiltration, or system compromise. Public exploit code exists (GitHub), significantly lowering exploitation barrier. The product uses rolling releases with no fixed versioning, complicating patch tracking. CVSS 7.3 with EPSS not provided, but publicly available POC elevates real-world risk.

PHP File Upload
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-6596 MEDIUM POC PATCH This Month

Unrestricted file upload in Langflow (langflow-ai) versions up to 1.1.0 allows remote unauthenticated attackers to upload arbitrary files via the create_upload_file API endpoint, potentially leading to remote code execution, data manipulation, and service disruption. Publicly available exploit code exists (CVSS:3.1 E:P) with GIST-hosted POC, elevating immediate risk. Vendor unresponsive to disclosure at time of publication.

File Upload Langflow
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-6608 MEDIUM POC This Month

Information disclosure in lm-sys FastChat up to version 0.2.36 allows remote unauthenticated attackers to manipulate the add_text function in the Arena Side-by-Side View Handler, resulting in incorrect control flow that exposes sensitive data. The vulnerability has publicly available exploit code and affects the web-based arena comparison interface. A partial fix was applied in commit 34eca62 to gradio_block_arena_named.py, but three additional affected files remain unpatched.

Information Disclosure Fastchat
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-6629 MEDIUM POC This Month

SQL injection in Metasoft MetaCRM versions up to 6.4.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the 'sql' parameter in sql.jsp interface endpoint. Publicly available exploit code exists (disclosed via Feishu document), enabling attackers to read/modify database contents and potentially execute commands. CVSS 7.3 (High) with network vector and low complexity. Vendor non-responsive to disclosure, leaving patch status uncertain. EPSS data not provided but POC availability elevates practical exploitation risk.

SQLi Metacrm
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-6595 MEDIUM POC This Month

SQL injection in ProjectsAndPrograms School Management System allows remote unauthenticated attackers to compromise database confidentiality, integrity, and availability via the bus_id parameter in buslocation.php. The vulnerability affects all versions up to commit 6b6fae5, with publicly available exploit code (EPSS not provided). Vendor was notified but did not respond, leaving the product vulnerable at time of analysis. The rolling release model means no fixed version number exists.

PHP SQLi
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-6662 MEDIUM POC This Month

Permissive CORS policy in ericc-ch copilot-api up to version 0.7.0 allows remote attackers to access the Token Endpoint without authentication, enabling cross-domain requests from untrusted origins. The vulnerability exists in the cors function of src/server.ts and permits information disclosure with low confidentiality, integrity, and availability impact. Publicly available exploit code exists, elevating real-world risk despite the moderate CVSS 6.9 score.

Cors Misconfiguration Information Disclosure
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-34429 MEDIUM POC PATCH This Month

Stored cross-site scripting in Vvveb prior to 1.0.8.1 allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript in administrator browsers by bypassing MIME type validation with a GIF89a header prepend, renaming files to .html extensions, and injecting malicious payloads that can create backdoor accounts or upload remote code execution plugins. Publicly available exploit code exists and vendor-released patch 1.0.8.1 is available. Real-world risk is moderate due to authentication requirement and required user interaction (administrator must visit malicious page), but privilege escalation path to RCE via plugin upload makes this a critical persistence vector.

XSS RCE Vvveb
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-32957 MEDIUM CISA This Month

Unauthenticated arbitrary file upload in Silex Technology SD-330AC and AMC Manager firmware maintenance functions allows remote attackers to upload malicious files without credentials, potentially leading to device compromise or unauthorized firmware modification. The CVSS score of 5.3 reflects limited integrity impact in a network-accessible service with no authentication requirement, though the real-world risk depends on what actions an attacker can perform post-upload.

Authentication Bypass Sd 330Ac Amc Manager
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-32962 MEDIUM CISA This Month

SD-330AC and AMC Manager by Silex Technology lack authentication controls on critical configuration functions, allowing remote attackers to modify device settings without credentials. The CVSS score of 5.3 reflects network-accessible integrity impact with no complexity barrier, though confidentiality and availability are not directly affected. No active exploitation has been confirmed in CISA KEV or public exploit repositories at the time of analysis.

Authentication Bypass Sd 330Ac Amc Manager
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-32964 MEDIUM CISA This Month

CRLF injection in Silex Technology SD-330AC and AMC Manager allows unauthenticated remote attackers to inject arbitrary configuration entries via crafted input, degrading system integrity and availability. The vulnerability affects all versions of both products and requires no authentication or user interaction, with public disclosure through JPCERT and vendor advisories indicating elevated awareness in production environments.

Code Injection Sd 330Ac Amc Manager
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-32961 MEDIUM CISA This Month

Heap-based buffer overflow in Silex SD-330AC and AMC Manager packet processing allows remote unauthenticated attackers to trigger a temporary denial-of-service condition via crafted network packets to the sx_smpd service. CVSS score is 5.3 (moderate) with confirmed active reporting by JPCERT, though no public exploit code or CISA KEV listing is evident from available data. Attack requires only network access and no authentication or user interaction.

Heap Overflow Buffer Overflow Sd 330Ac Amc Manager
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-32958 MEDIUM CISA This Month

Hard-coded cryptographic keys in Silex Technology SD-330AC and AMC Manager enable attackers to forge firmware updates that administrative users may be tricked into applying via social engineering, allowing arbitrary firmware installation without detection. The vulnerability affects all versions of both products and exploits a fundamental key management flaw (CWE-321). While the CVSS score of 6.5 reflects network accessibility and high integrity impact, real-world exploitation requires user interaction (UI:R) to convince an administrator to install malicious firmware.

Information Disclosure Sd 330Ac Amc Manager
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-6623 MEDIUM POC This Month

Stored cross-site scripting (XSS) in BichitroGan ISP Billing Software 2025.3.20 allows authenticated high-privilege users to inject malicious scripts via the Profile Page Handler settings/users-view endpoint, affecting subsequent users who view the compromised profile. The vulnerability requires high-privilege authentication and user interaction (page viewing), limiting exploitation scope; however, publicly available proof-of-concept code exists and the vendor has not responded to disclosure attempts.

XSS Isp Billing Software
NVD VulDB GitHub
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-32963 MEDIUM CISA This Month

Reflected cross-site scripting (XSS) in Silex Technology SD-330AC and AMC Manager allows remote attackers to execute arbitrary JavaScript in users' browsers when they visit crafted web pages after authenticating to the affected device. The vulnerability requires user interaction and affects both products across all versions. No patch release or active exploitation status has been confirmed.

XSS Sd 330Ac Amc Manager
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-26942 MEDIUM PATCH This Month

OS command injection in Dell PowerProtect Data Domain versions 8.5 through 8.6 allows high-privileged remote attackers to execute arbitrary commands with root privileges by exploiting improper neutralization of special elements in OS command processing. This vulnerability requires high privilege level access but, once exploited, grants full system compromise. No active exploitation or public exploit code has been identified at time of analysis, but vendor has released patches addressing the issue.

Dell Command Injection
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-22761 MEDIUM PATCH This Month

Dell PowerProtect Data Domain versions 8.5 through 8.6 contain a local command injection vulnerability (CWE-78) allowing high-privileged remote attackers to execute arbitrary commands with root privileges. The attack requires local access and elevated privileges (CVSS PR:H) but results in complete system compromise through unauthenticated code execution. No public exploit code has been identified, and CVSS 6.7 reflects the significant privilege barrier despite high impact.

Dell Command Injection
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-26951 MEDIUM PATCH This Month

Stack-based buffer overflow in Dell PowerProtect Data Domain versions 7.7.1.0-8.6, LTS2025 8.3.1.0-8.3.1.20, and LTS2024 7.13.1.0-7.13.1.60 allows high-privileged local attackers to execute arbitrary commands as root. The vulnerability requires local access and elevated privileges, limiting exposure to insider threats or compromised administrative accounts rather than remote attackers. No public exploit has been identified at time of analysis.

Dell Stack Overflow Buffer Overflow
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-28684 MEDIUM PATCH GHSA This Month

Local privilege escalation in python-dotenv before version 1.2.2 allows authenticated users to overwrite arbitrary files via symlink following in the set_key() and unset_key() functions when a cross-device rename fallback is triggered. An attacker with local access and the ability to write to the filesystem can create malicious symlinks that python-dotenv will follow during .env file rewriting, leading to unintended file modification or deletion. The vulnerability requires user interaction (the application must call set_key() or unset_key()) but affects any system using vulnerable versions of the library. No public exploit code or active exploitation has been reported at time of analysis.

Information Disclosure Python Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-40896 MEDIUM PATCH This Month

OpenProject versions prior to 17.3.0 allow authenticated users with manage_agendas permission in any single project to inject malicious agenda items into meetings across all other projects on the instance, including projects to which the attacker has no access. The vulnerability requires only valid project membership with limited permissions and no knowledge of target meetings, enabling an attacker to systematically compromise meeting integrity across an entire OpenProject deployment. No public exploit code has been identified, and the vendor has released patched version 17.3.0 addressing this privilege escalation flaw.

Code Injection Openproject
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-29647 MEDIUM This Month

OpenXiangShan NEMU fails to properly enforce Smstateen permission controls, allowing authenticated local users to access IMSIC (Incoming Message Signal Interrupt Controller) state through stopei/vstopei CSRs despite mstateen0.IMSIC being cleared. This privilege escalation enables cross-context information disclosure of interrupt state and potential disruption of interrupt handling mechanisms in lower-privileged execution contexts.

Privilege Escalation N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-66954 MEDIUM This Month

Buffalo Link Station version 1.85-0.01 allows privilege escalation through username and role enumeration via parameter manipulation at the /nasapi endpoint. Authenticated or guest-level users can identify valid usernames and their associated privilege roles by modifying request parameters, enabling targeted privilege escalation attacks. While CVSS indicates a network vector, actual exploitation requires prior authentication or guest access, limiting immediate exposure but creating a stepping stone for further attacks.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23758 MEDIUM PATCH This Month

GFI HelpDesk before version 4.99.9 allows authenticated staff members to inject persistent JavaScript into ticket subject fields via inadequate sanitization in the editsubject POST parameter, enabling arbitrary script execution when other staff or administrators view affected tickets. The vulnerability impacts confidentiality and integrity within the application's scope, with exploitation confirmed possible but requiring valid staff credentials and user interaction (viewing the malicious ticket). Patch version 4.99.9 or later is available from the vendor.

XSS Helpdesk
NVD VulDB
CVSS 4.0
6.4
EPSS
0.0%
CVE-2026-4852 MEDIUM This Month

Stored XSS in Image Source Control Lite WordPress plugin versions up to 3.9.1 allows authenticated attackers with Author-level permissions or higher to inject malicious scripts via the 'Image Source' attachment field, executing arbitrary JavaScript in the browsers of any user viewing affected pages. The vulnerability stems from insufficient input sanitization and output escaping in the attachment metadata handler. No public exploit code or active exploitation has been confirmed at the time of analysis, but the low attack complexity and network accessibility make this a practical risk for multi-author WordPress installations.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-41389 MEDIUM PATCH This Month

OpenClaw versions 2026.4.7 through 2026.4.14 fail to enforce path containment on tool-result media references, enabling attackers to craft malicious tool-result inputs that trigger arbitrary local file reads or Windows UNC path access without authentication. An attacker can disclose sensitive files or extract credentials by exploiting this path-traversal weakness in the tool-result processing logic, requiring only network access and the ability to provide crafted tool-result media parameters to an exposed endpoint.

Information Disclosure Microsoft
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-35154 MEDIUM PATCH This Month

Dell PowerProtect Data Domain appliances versions 7.7.1.0-8.7.0.0, LTS2025 8.3.1.0-8.3.1.20, and LTS2024 7.13.1.0-7.13.1.60 contain an improper privilege management vulnerability in iDRAC that allows a high-privileged local attacker with user interaction to elevate privileges and perform unauthorized delete operations. The vulnerability requires high privileges and local access combined with user interaction, limiting real-world attack surface primarily to insider threats or physical facility access scenarios.

Privilege Escalation Dell
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-25883 MEDIUM PATCH This Month

Server-Side Request Forgery in Vexa meeting bot allows unauthenticated remote attackers to forge HTTP POST requests to arbitrary internal URLs (Redis, databases, cloud metadata endpoints) via unvalidated webhook configuration, enabling credential theft and lateral movement. CVSS 5.8 with network attack vector and no user interaction required. Fixed in version 0.10.0-260419-1910.

SSRF Redis
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-33431 MEDIUM PATCH This Month

Roxy-WI versions prior to 8.2.6.4 allow authenticated attackers to read arbitrary files via path traversal in the POST /config/<service>/show API endpoint. The configver parameter is directly concatenated into a file path without proper validation, permitting directory escape sequences (../) to bypass the existing path guard. An authenticated user can exploit this to access sensitive configuration files and other data readable by the web application process.

Apache Path Traversal Nginx
NVD GitHub
CVSS 4.0
5.7
EPSS
0.0%
CVE-2026-6369 MEDIUM PATCH This Month

Canonical Livepatch snap client prior to 10.15.0 allows local unprivileged users to obtain a root-level authentication token via an unauthenticated request to the livepatchd.sock Unix domain socket, enabling attackers to impersonate the victim and access Livepatch services on systems with an active Ubuntu Pro subscription.

Authentication Bypass Ubuntu Canonical
NVD VulDB
CVSS 4.0
5.7
EPSS
0.0%
CVE-2026-6550 MEDIUM PATCH GHSA This Month

Cryptographic algorithm downgrade in AWS Encryption SDK for Python's caching layer allows authenticated local attackers to bypass key commitment policy enforcement through a shared key cache, enabling decryption of single ciphertext to multiple different plaintexts. Affected versions include Python 2 up to 2.5.1, Python 3 up to 3.3.0, and Python 4 up to 4.0.4. AWS has released vendor patches (versions 3.3.1, 4.0.5, and later) to remediate the vulnerability, which requires local access and authenticated credentials but has no known public exploit.

Authentication Bypass Python
NVD GitHub VulDB
CVSS 4.0
5.7
EPSS
0.0%
CVE-2026-34403 MEDIUM PATCH GHSA This Month

nginx-ui before version 2.3.5 allows Cross-Site WebSocket Hijacking (CSWSH) attacks due to improper WebSocket origin validation and insecurely configured authentication cookies. An attacker can trick a logged-in administrator into visiting a malicious webpage that establishes authenticated WebSocket connections to the target nginx-ui instance, enabling information disclosure and administrative actions without explicit user consent. Version 2.3.5 patches the issue; no public exploit code or active exploitation confirmed at time of analysis.

Information Disclosure Nginx
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-31429 MEDIUM PATCH This Month

Cross-cache slab free in the Linux kernel's socket buffer (SKB) subsystem allows a local authenticated attacker to trigger a kernel panic and denial of service on systems where KFENCE is enabled. When KFENCE intercepts a kzalloc() call whose requested size exactly matches SKB_SMALL_HEAD_CACHE_SIZE, the computed skb_end_offset misleads skb_kfree_head() into freeing the object to skb_small_head_cache instead of the originating kmalloc cache, corrupting slab allocator state. No public exploit is identified at time of analysis and EPSS is 0.02% (4th percentile), placing this firmly in the low-urgency tier absent a KFENCE-enabled production environment.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-39112 MEDIUM This Month

Stored cross-site scripting (XSS) in Apartment Visitors Management System v1.1 allows authenticated attackers to inject malicious JavaScript via the visname parameter in visitors-form.php, which executes when other users view the injected data in manage-newvisitors.php or visitor-detail.php. The vulnerability requires user interaction (victim visiting affected pages) and valid authentication but can escalate privileges, steal session tokens, or perform actions on behalf of administrative users viewing visitor records.

XSS PHP
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-66335 MEDIUM PATCH This Month

SQL injection in Apache Doris MCP Server versions before 0.6.1 allows unauthenticated remote attackers to execute unintended SQL statements and bypass query validation and access restrictions via improper neutralization in the MCP query execution interface. The vulnerability has a CVSS score of 5.3 (network-accessible, low complexity, no authentication required) but is classified as partial impact (confidentiality only, no integrity or availability impact) and has not been confirmed as actively exploited. A vendor patch is available.

Apache SQLi
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-34082 MEDIUM This Month

Dify prior to version 1.13.1 allows any authenticated user to delete other users' chat histories via the DELETE /console/api/installed-apps/<appId>/conversations/<conversationId> endpoint due to insufficient authorization checks. An authenticated attacker can target any conversation ID to perform unauthorized deletion, resulting in data loss for other users. This vulnerability requires valid Dify authentication but no special privileges, affecting all vulnerable versions via network access.

Authentication Bypass Dify
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-40098 MEDIUM PATCH GHSA This Month

Magento LTS prior to version 20.17.0 allows authenticated attackers to access private wishlist items from other users via an authorization bypass in the shared wishlist add-to-cart endpoint. The vulnerability permits an attacker with a valid sharing code for one wishlist to import items from a different victim's wishlist into their cart by manipulating the wishlist_item_id parameter, potentially exposing private custom option data and enabling cross-user file disclosure when file upload custom options are present. CVSS 5.3 (AV:N/AC:L/PR:L) indicates network-accessible exploitation requiring low privileges; patch version 20.17.0 resolves the issue.

Authentication Bypass Adobe
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-6729 MEDIUM This Month

Session key derivation in HKUDS OpenHarness prior to PR #159 fails to verify sender identity in shared chat/thread scopes, allowing authenticated users to hijack other participants' sessions and disrupt their active tasks through collision attacks on the shared ohmo session key. The vulnerability requires prior authentication and network access but enables lateral privilege escalation within collaborative environments. No public exploit code has been identified, though the fix is available via upstream commit 3186851c.

Authentication Bypass Openharness
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-33558 MEDIUM PATCH This Month

Apache Kafka's NetworkClient component logs entire request and response payloads at DEBUG level, exposing sensitive authentication credentials, delegation tokens, and configuration data in plaintext logs. This affects Kafka versions 0.11.0 through 3.9.1 and 4.0.0 across the broker and client libraries. While DEBUG logging is not enabled by default (INFO is the standard), organizations that enable DEBUG logging for troubleshooting inadvertently create persistent records of authentication material and secrets that can be harvested by local log readers or accessed via log aggregation systems. CVSS 5.3 reflects low network attack surface (requires prior DEBUG enablement), but SSVC rates this as automatable with partial technical impact, suitable for prioritization in environments using centralized logging.

Apache Information Disclosure Suse
NVD VulDB HeroDevs
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-26399 MEDIUM This Month

A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function allocates a TIM_HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the function returns, interrupt service routines may dereference this dangling pointer, resulting in memory corruption.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-24468 MEDIUM PATCH This Month

User enumeration via timing/response code discrepancy in OpenAEV /api/reset endpoint allows unauthenticated remote attackers to reliably discover registered email addresses by observing HTTP 400 vs HTTP 200 responses. Affected versions 1.11.0 through 2.0.12 expose account lists without authentication; no active exploitation confirmed but the vulnerability requires trivial effort to exploit at scale. Fixed in version 2.0.13.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy