Skip to main content
CVE-2026-41168 MEDIUM PATCH This Month

Denial of service in pypdf prior to version 6.10.1 allows remote attackers to craft malicious PDF files with oversized cross-reference stream `/Size` values or object stream `/N` values, causing excessive processing time and long runtimes. No authentication is required; the vulnerability is triggered by parsing a specially crafted PDF file. Patch version 6.10.1 is available from the vendor.

Information Disclosure Python Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-41457 MEDIUM PATCH This Month

SQL injection in OwnTone Server 28.4 through 29.0 allows unauthenticated remote attackers to inject arbitrary SQL expressions via the query= and filter= parameters in DAAP requests, enabling bypass of access controls and unauthorized retrieval of media library data. The vulnerability stems from insufficient sanitization of integer-mapped DAAP field parameters and affects default network-accessible deployments without requiring user interaction.

Authentication Bypass SQLi Owntone Server
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-35058 MEDIUM PATCH This Month

Remote denial-of-service in OpenVPN server allows a low-privileged network attacker possessing a valid tls-crypt-v2 client key to crash the server daemon by sending a suitably malformed packet that passes cryptographic validation but triggers a fatal ASSERT() failure, terminating the server process and disconnecting all active VPN sessions. The vulnerability is limited to deployments with tls-crypt-v2 enabled and requires possession of a legitimate client key, constraining the attacker pool. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

Information Disclosure Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-41238 MEDIUM PATCH GHSA This Month

DOMPurify versions 3.0.1 through 3.3.3 fail to prevent prototype pollution-based XSS attacks when using default configurations. An attacker who can exploit a prototype pollution gadget elsewhere in the application can pollute Object.prototype with permissive regex values, causing DOMPurify to bypass sanitization and allow arbitrary custom elements with event handler attributes. The vulnerability affects the standard DOMPurify.sanitize(userInput) call without requiring special configuration.

Google XSS Red Hat Chrome
NVD GitHub VulDB
CVSS 3.1
6.9
EPSS
0.0%
CVE-2026-34068 MEDIUM PATCH GHSA This Month

The Nimiq staking contract accepts UpdateValidator transactions that omit proof-of-knowledge validation when updating voting keys, enabling rogue-key attacks against BLS signature aggregation used in Tendermint block justification. An attacker who can predict the next epoch's validator set could forge quorum-appearing block justifications with a single signature. Exploitation is constrained by the requirement to predict future validator set composition via VRF, making real-world attacks unlikely despite the critical cryptographic impact. Vendor-released patch v1.3.0 addresses the vulnerability.

Jwt Attack Information Disclosure
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-41239 MEDIUM PATCH GHSA This Month

Cross-site scripting (XSS) in DOMPurify when using SAFE_FOR_TEMPLATES with RETURN_DOM or RETURN_DOM_FRAGMENT modes allows remote attackers to execute arbitrary JavaScript by crafting malformed HTML that reassembles into template expressions after DOM normalization. The vulnerability affects DOMPurify from v1.0.10 through at least v3.3.3, exploitable when sanitized output is mounted into template-evaluating frameworks like Vue 2. A proof-of-concept demonstrates reliable exploitation with alert(1) execution.

Node.js XSS Red Hat
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-35349 MEDIUM PATCH GHSA This Month

Bypass of --preserve-root protection in uutils coreutils rm utility allows local users to recursively delete the root filesystem by supplying a symbolic link that resolves to the root directory, rather than relying on authentic root inode comparison. The vulnerability affects coreutils versions before 0.7.0 and requires local access with no special privileges, though successful exploitation is hindered by high complexity (AC:H). CISA exploitation status is none at time of analysis, and a vendor patch has been released.

Authentication Bypass Coreutils
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-9957 LOW POC PATCH Monitor

Authenticated project owners in GitLab CE/EE versions 11.2-18.9.5, 18.10-18.10.3, and 18.11-18.11.0 can bypass group fork prevention settings due to improper authorization checks, allowing them to create forks when they should be restricted. The vulnerability requires authentication and high-privilege access (project owner role), resulting in low severity (CVSS 2.7). Publicly available exploit code exists and patch versions have been released by the vendor.

Authentication Bypass Gitlab
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-6839 MEDIUM This Month

Improper validation of STRING tensor offsets in Samsung Open Source ONE prior to commit 1.30.0 allows local attackers with user interaction to trigger out-of-bounds memory access during constant tensor import, potentially causing information disclosure, data modification, or denial of service. The vulnerability affects the tensor metadata parsing logic when processing malformed string tensor definitions.

Samsung Information Disclosure
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-40450 MEDIUM This Month

Integer overflow in Samsung Open Source ONE's output tensor copy size calculation allows local attackers with user interaction to cause memory corruption and potential code execution through oversized tensor processing. The vulnerability affects versions prior to 1.30.0 and stems from improper integer arithmetic when computing copy lengths for tensor data, enabling an attacker to trigger buffer overflows by crafting malicious tensor inputs that bypass size validation.

Samsung Integer Overflow Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-35365 MEDIUM PATCH GHSA This Month

The mv utility in uutils coreutils improperly expands symbolic links instead of preserving them during moves across filesystem boundaries, allowing local authenticated users to trigger resource exhaustion via disk space consumption, disclose sensitive data through unexpected file duplication, or cause denial of service through infinite symlink loop recursion. Affected versions prior to 0.7.0 are vulnerable; a vendor-released patch is available.

Information Disclosure Denial Of Service Coreutils
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-35350 MEDIUM This Month

The cp utility in uutils coreutils improperly preserves setuid and setgid bits when the chown operation fails during file copying with the -p flag, potentially creating unprivileged user-owned files that retain elevated privilege bits and violate security policies. This behavior diverges from GNU cp, which strips these bits when ownership preservation fails. Local users with write access to directories can exploit this to create unexpected privileged executables.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-41667 MEDIUM This Month

Integer overflow in constant tensor data size calculation in Samsung Open Source ONE prior to version 1.30.0 allows local attackers with user interaction to cause incorrect buffer sizing for large constant nodes, leading to buffer overflow conditions that may result in information disclosure or denial of service. The vulnerability requires local access and user interaction but can trigger high-severity memory corruption due to incorrect buffer allocation for tensors exceeding integer size limits.

Samsung Integer Overflow Buffer Overflow
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-41666 MEDIUM This Month

Integer overflow in tensor copy size calculation within Samsung Open Source ONE enables out of bounds memory access during loop state propagation. Unauthenticated local attackers with user interaction can trigger the overflow to read sensitive data, modify memory, or cause denial of service on affected versions prior to 1.30.0. CVSS 6.6 indicates moderate severity with high availability impact.

Samsung Integer Overflow Buffer Overflow
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-41664 MEDIUM This Month

Integer overflow in memory copy size calculation in Samsung Open Source ONE prior to commit 1.30.0 allows local attackers with user privileges to trigger invalid memory operations by supplying tensors with large shapes, potentially causing information disclosure, data corruption, or denial of service. The vulnerability requires user interaction (UI:R) and operates with low attack complexity on local systems. No public exploit code or active exploitation has been identified.

Samsung Integer Overflow Buffer Overflow
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-40449 MEDIUM This Month

Integer overflow in tensor buffer size calculation in Samsung Open Source ONE prior to version 1.30.0 allows local attackers with user-level privileges to cause out-of-bounds memory access, leading to information disclosure and denial of service. The vulnerability requires user interaction to process specially crafted large tensor data. CVSS 6.6 indicates moderate severity with local attack vector and high availability impact.

Samsung Integer Overflow Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-4280 MEDIUM This Month

Local file inclusion in Breaking News WP plugin for WordPress (versions up to 1.3) allows authenticated attackers with Subscriber-level access to read arbitrary files on the server. The vulnerability stems from insufficient path validation in the brnwp_show_breaking_news_wp() shortcode handler, which passes unsanitized user input directly to PHP's include() function after stripping only text field characters but not directory traversal sequences. Attackers can exploit the unprotected brnwp_ajax_form AJAX endpoint to overwrite the brnwp_theme option with paths like ../../../../etc/passwd, then trigger file inclusion when the shortcode renders.

Path Traversal WordPress CSRF
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-31192 MEDIUM This Month

Raindrop.io Bookmark Manager Web App version 5.6.76.0 allows remote unauthenticated attackers to obtain sensitive user data through insufficient validation of Chrome extension identifiers in crafted requests. The vulnerability exploits improper input validation (CWE-20) to bypass security controls, enabling information disclosure with low integrity impact. No active exploitation has been confirmed in CISA KEV, but publicly available vulnerability research exists on GitHub.

Information Disclosure Google Chrome
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-6355 MEDIUM This Month

Insecure direct object references in Augmentt 1.0 allow unauthenticated remote attackers to access and modify sensitive tenant data across different organizational contexts, bypassing authentication mechanisms through direct manipulation of object identifiers. The vulnerability enables both unauthorized information disclosure and modification of tenant configuration with CVSS 6.5 (medium severity); no public exploit code has been identified at the time of analysis, though the attack is automatable and requires no user interaction.

Information Disclosure Authentication Bypass Augmentt
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-41127 MEDIUM This Month

BigBlueButton versions prior to 3.0.24 allow authenticated viewers to inject or overwrite captions due to missing authorization controls, enabling unauthorized modification of classroom content. The vulnerability requires an authenticated session but does not need user interaction, affecting the integrity of real-time collaboration in virtual classroom deployments. Version 3.0.24 restricts caption submission permissions to authorized roles only.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-32885 MEDIUM PATCH GHSA This Month

Path traversal in DDEV versions prior to 1.25.2 allows remote attackers to write files outside intended extraction directories when downloading and extracting archives from remote sources. The vulnerability affects the Untar() and Unzip() functions in pkg/archive/archive.go, which lack path validation during extraction. Exploitation requires user interaction (UI:R) to trigger archive extraction but can achieve high integrity impact through arbitrary file write. A proof-of-concept exists, and CISA SSVC framework rates this as exploitable with partial technical impact.

Node.js PHP Path Traversal
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33611 MEDIUM PATCH This Month

PowerDNS Authoritative server allows authenticated REST API operators to inject malformed HTTPS or SVCB record data, corrupting the LMDB backend database and causing service degradation or denial of availability. The vulnerability requires high-privilege REST API access and affects deployments using LMDB as the backend storage engine, with confirmed impact on data integrity and availability.

Information Disclosure Integer Overflow Authoritative
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33602 MEDIUM PATCH This Month

DNSdist is vulnerable to denial of service via out-of-bounds write when processing crafted UDP responses from a rogue backend server. An attacker controlling a backend DNS server can send a specially crafted UDP response with a query ID set off-by-one from the maximum configured value, triggering memory corruption that crashes the DNS forwarder. The CVSS score of 6.5 reflects network attack vector with high complexity and absence of confidentiality impact, though availability and integrity are affected.

Denial Of Service Buffer Overflow Heap Overflow Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-1395 MEDIUM This Month

Stored Cross-Site Scripting in the Gutentools WordPress plugin (versions up to 1.1.3) allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript into pages via the Post Slider block's block_id attribute. The vulnerability exploits insufficient input sanitization combined with a custom unescaping routine that reintroduces dangerous characters, enabling persistent payload execution whenever users access injected pages. This affects all installations using the plugin at or below version 1.1.3 and requires only low-privileged WordPress authentication.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-1913 MEDIUM This Month

Stored Cross-Site Scripting (XSS) in the Gallagher Website Design WordPress plugin through version 2.6.4 allows authenticated attackers with Contributor-level access or higher to inject arbitrary JavaScript into pages via the 'prefix' attribute of the login_link shortcode, bypassing input sanitization and output escaping controls. The injected scripts execute in the context of any user viewing the affected page, potentially enabling session hijacking, credential theft, or malicious redirection. Wordfence has documented the vulnerability with proof-of-concept references to the vulnerable code in the WordPress plugin repository.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-41591 MEDIUM PATCH GHSA This Month

Cross-site scripting in Marko template engine allows authenticated attackers to break out of script and style tags using mixed-case closing tags (e.g., </SCRIPT>, </Style>) and inject arbitrary HTML/JavaScript. The vulnerability affects any Marko template that interpolates untrusted user data inside <script> or <style> blocks, enabling stored XSS attacks against victim browsers with CVSS 6.4 (network-accessible, low complexity, requires low privileges). Vendor-released patch available.

XSS
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4088 MEDIUM This Month

Stored Cross-Site Scripting in Switch CTA Box WordPress plugin up to version 1.1 allows authenticated contributors and above to inject arbitrary JavaScript through unsanitized post meta fields including button link, button ID, button text, and description. The vulnerability arises from direct output of user-supplied data into HTML without escaping functions, enabling attackers to execute malicious scripts whenever pages containing injected shortcodes are accessed by any visitor.

XSS WordPress
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4074 MEDIUM This Month

Stored Cross-Site Scripting in the Quran Live Multilanguage WordPress plugin versions up to 1.0.3 allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript via unsanitized shortcode attributes ('cheikh' and 'lang'). The vulnerability exploits insufficient input validation in the quran_live_render() function and direct output of user-supplied values into inline <script> blocks without escaping, enabling injection of arbitrary web scripts that execute whenever a user accesses the compromised page.

XSS WordPress PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4076 MEDIUM This Month

Stored cross-site scripting in Slider Bootstrap Carousel WordPress plugin up to version 1.0.7 allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript via unsanitized 'category' and 'template' shortcode attributes, executing malicious scripts in pages viewed by any user. The vulnerability stems from improper use of extract() on shortcode attributes combined with missing output escaping (esc_attr()) on multiple HTML attributes, enabling persistent XSS injection that affects site security and user data.

XSS WordPress Bootstrap
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4085 MEDIUM This Month

Stored cross-site scripting (XSS) in Easy Social Photos Gallery - MIF plugin for WordPress (versions up to 3.1.2) allows authenticated attackers with contributor-level access to inject arbitrary HTML and JavaScript via the 'wrapper_class' shortcode attribute of the 'my-instagram-feed' shortcode. The vulnerability exists because the plugin uses sanitize_text_field() instead of esc_attr() when outputting the attribute inside HTML class tags, allowing attackers to break out of the attribute context and inject event handlers that execute in users' browsers when they visit affected pages.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4125 MEDIUM This Month

Stored Cross-Site Scripting in WPMK Block plugin for WordPress up to version 1.0.1 allows authenticated attackers with Contributor-level access to inject arbitrary web scripts via the 'class' shortcode attribute, which is directly concatenated into HTML without proper escaping. The vulnerability affects all versions through 1.0.1 due to insufficient input sanitization in the wpmk_block_shortcode() function, enabling persistent XSS attacks that execute whenever users access compromised pages.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4089 MEDIUM This Month

Stored cross-site scripting in Twittee Text Tweet WordPress plugin versions up to 1.0.8 allows authenticated users with Contributor-level access to inject arbitrary JavaScript via unsanitized shortcode attributes. The ttt_twittee_tweeter() function uses extract() to process shortcode parameters and concatenates them directly into HTML and inline JavaScript contexts without escaping, enabling attackers to break out of attribute contexts and inject event handlers that execute against site visitors. The vulnerability affects the 'id', 'tweet', 'content', 'balloon', and 'theme' parameters.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4082 MEDIUM This Month

Stored cross-site scripting in the ER Swiffy Insert WordPress plugin through version 1.0.0 allows authenticated users with Contributor access or higher to inject arbitrary JavaScript via unsanitized shortcode attributes that are directly interpolated into page output. The vulnerability affects all versions of the plugin and requires only contributor-level privileges to exploit, making it a persistence and privilege-escalation vector on WordPress sites with multiple user accounts.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4279 MEDIUM This Month

Stored cross-site scripting in Bread & Butter plugin for WordPress up to version 8.2.0.25 allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript via the 'event' attribute of the 'breadbutter-customevent-button' shortcode. The vulnerability arises from missing output escaping in the customEventShortCodeButton() function, which directly interpolates unsanitized user input into an onclick HTML attribute. Scripts execute in the context of any user viewing the affected page, enabling session hijacking, credential theft, or malicious content injection.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4353 MEDIUM This Month

Stored cross-site scripting in CI HUB Connector plugin for WordPress up to version 1.2.106 allows authenticated attackers with Contributor-level access or above to inject arbitrary JavaScript through the 'id' attribute of the cihub_metadata shortcode, which executes in the context of any user visiting the injected page. The vulnerability stems from insufficient input sanitization and output escaping in the shortcode handler, enabling persistent XSS attacks that can compromise site visitors and administrative accounts.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-6236 MEDIUM This Month

Stored Cross-Site Scripting in Posts Map plugin for WordPress up to version 0.1.3 allows authenticated contributors to inject arbitrary JavaScript via the 'name' shortcode attribute. When any user accesses a page containing the malicious shortcode, the injected script executes in their browser with the privileges of their WordPress session, potentially enabling account compromise, admin impersonation, or malware distribution. The vulnerability requires contributor-level or higher access and affects all versions through 0.1.3.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-5748 MEDIUM This Month

Stored cross-site scripting (XSS) in the Text Snippets plugin for WordPress up to version 0.0.1 allows authenticated attackers with contributor-level access to inject arbitrary JavaScript into pages via unsanitized shortcode attributes, which executes whenever any user visits the affected page. The vulnerability stems from insufficient input sanitization and output escaping on the `ts` shortcode, enabling persistent payload injection. No public exploit code or active exploitation has been identified at time of analysis.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-6246 MEDIUM This Month

Simple Random Posts Shortcode plugin for WordPress versions up to 0.3 contains stored cross-site scripting (XSS) via insufficient sanitization of the 'container_right_width' shortcode attribute, allowing authenticated contributors and above to inject arbitrary JavaScript that executes in browsers of all users accessing affected pages. No active exploitation has been confirmed, but the vulnerability requires only contributor-level access and carries network-based attack vector with low complexity.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-5767 MEDIUM This Month

Stored cross-site scripting (XSS) in SlideShowPro SC plugin for WordPress versions up to 1.0.2 allows authenticated attackers with contributor-level access to inject arbitrary JavaScript through the `slideShowProSC` shortcode attributes due to insufficient input sanitization and output escaping. The injected scripts execute in the context of any user viewing the affected page, potentially compromising session tokens, stealing credentials, or performing unauthorized actions on behalf of site visitors. No public exploit code or active exploitation has been confirmed at the time of analysis.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-5820 MEDIUM This Month

Stored cross-site scripting in Zypento Blocks plugin for WordPress up to version 1.0.6 allows authenticated attackers with Author-level privileges to inject arbitrary JavaScript into page content via the Table of Contents block. The vulnerability exists because the front-end rendering script reads heading text using innerText and renders it via innerHTML without sanitization, causing injected scripts to execute whenever users access the compromised page. No public exploit code or active exploitation has been reported at time of analysis.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-41455 MEDIUM PATCH This Month

Server-side request forgery in WeKan before 8.35 allows authenticated users to create or modify webhook integrations with arbitrary URLs, enabling the server to issue HTTP POST requests to internal network addresses and attacker-controlled targets. The vulnerability additionally permits unauthorized modification of comment text through response handling, affecting systems where users have integration management privileges. No active exploitation has been confirmed at time of analysis.

SSRF Wekan
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-35374 MEDIUM PATCH This Month

The split utility in uutils coreutils contains a time-of-check to time-of-use (TOCTOU) race condition that allows local attackers with directory write access to manipulate symbolic links between the initial path validation and file truncation, causing data loss to unintended target files including the input file or other sensitive files. CVSS 6.3 (local, high complexity, low privilege required); SSVC assesses as non-exploitable in automated attacks but partial technical impact due to manual race window exploitation requirements.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-35364 MEDIUM This Month

A time-of-check to time-of-use (TOCTOU) race condition in the mv utility of uutils coreutils during cross-device move operations allows local attackers with write access to the destination directory to exploit a window between file deletion and recreation, injecting a symbolic link to redirect privileged write operations and overwrite arbitrary files. Exploitation requires moderate attack complexity and local access with limited privileges, but grants the ability to corrupt or modify files beyond the attacker's normal permissions. Publicly available exploit code exists but the vulnerability has not been confirmed in active exploitation.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-35360 MEDIUM This Month

The touch utility in uutils coreutils suffers from a Time-of-Check to Time-of-Use (TOCTOU) race condition that allows local attackers with user-level privileges to truncate arbitrary files and cause permanent data loss. The vulnerability exists in the window between when touch checks for a missing file and when it attempts file creation with O_TRUNC flag; an attacker can inject a symlink or create a file at the target path during this interval, causing touch to truncate an existing file that the attacker controls. SSVC framework indicates exploitation is possible via proof-of-concept code, though automation is not feasible due to race condition complexity.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-35356 MEDIUM PATCH GHSA This Month

Privilege escalation via symlink attack in uutils coreutils install utility when using the -D flag allows local attackers with write access to redirect privileged file writes to arbitrary locations. The vulnerability exploits a Time-of-Check to Time-of-Use (TOCTOU) race condition between parent directory creation and target file creation, neither anchored to a directory file descriptor. CISA reports no active exploitation (SSVC: none), but the attack is non-automatable and requires specific concurrent write access conditions.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-35355 MEDIUM PATCH GHSA This Month

Time-of-Check to Time-of-Use (TOCTOU) race condition in uutils coreutils install utility allows local authenticated attackers to redirect privileged file writes to arbitrary system locations via symbolic link swapping. By exploiting the window between file unlinking and recreation, an attacker with local access and low privileges can overwrite critical system files when the install command runs with elevated privileges, achieving both integrity compromise and denial of service.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-28950 MEDIUM PATCH This Month

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2. Notifications marked for deletion could be unexpectedly retained on the device.

Apple Information Disclosure
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-6386 MEDIUM This Month

Unprivileged local users on FreeBSD can read sensitive kernel memory via a page table manipulation bug in pmap_pkru_update_range(). When applying protection keys to 1GB largepage mappings created through shm_create_largepage(3), the kernel incorrectly treats userspace memory as page table entries, enabling unauthorized information disclosure. This affects FreeBSD 13.5, 14.3, 14.4, and 15.0 releases and has been confirmed fixed by vendor patches.

Privilege Escalation Freebsd
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-41511 MEDIUM PATCH GHSA This Month

OpenMcdf fails to detect cycles in Compound File Binary (CFB) directory entry red-black trees, causing indefinite loops in Storage.EnumerateEntries() and Storage.OpenStream() when processing crafted CFB files with sibling ID cycles. This denial-of-service vulnerability consumes the calling thread permanently with no recovery path via exception handling, affecting any application opening untrusted CFB documents. Patch available in version 3.1.3.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-41650 MEDIUM PATCH GHSA This Month

fast-xml-parser XMLBuilder fails to escape comment and CDATA delimiters when building XML from JavaScript objects, allowing XML injection via unescaped `-->` and `]]>` sequences in user-controlled content. Attackers can inject malicious XML elements into comments or CDATA sections, enabling XSS attacks in browser contexts, SOAP message manipulation, RSS feed poisoning, or XML structure breakage. The vulnerability requires user interaction (UI:R) and affects only XMLBuilder output that includes user-controlled comments or CDATA; no public exploit code identified at time of analysis.

Node.js XSS Suse Red Hat
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
Prev Page 4 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy