Skip to main content
CVE-2026-31526 MEDIUM PATCH This Month

The Linux kernel BPF verifier fails to validate lock release on exception exits from static subprograms when bpf_throw() is invoked, potentially allowing denial of service or system instability through uncontrolled RCU and preemption lock retention. Affected versions span from 6.7 through 7.0-rc4; CVSS 5.5 (local privilege escalation path) but EPSS 0.02% suggests low real-world exploitation probability. Patch available in stable releases 6.18.21, 6.19.11, and 7.0.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31517 MEDIUM PATCH This Month

Denial of service via kernel panic in the Linux kernel xfrm_iptfs module when processing fragmented IP-TFS packets with mixed fast-path and slow-path reassembly conditions. The vulnerability triggers an invalid memory access (SKB_LINEAR_ASSERT) in skb_put() when attempting to append data to a non-linear socket buffer during packet reassembly, affecting systems using IP-TFS encapsulation over IPsec. Local attackers with network access to send crafted IPsec packets can crash the kernel; active exploitation not confirmed but patch is available.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31499 MEDIUM PATCH This Month

A deadlock condition in Linux kernel Bluetooth L2CAP connection deletion allows local authenticated users to trigger a denial of service by causing the l2cap_conn_del() function to deadlock when canceling delayed work timers while holding the connection lock. The vulnerability affects multiple Linux kernel versions across the 6.x and 7.0 release branches and has been resolved through upstream patch commits that reorganize lock acquisition and work cancellation order.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31491 MEDIUM PATCH This Month

Integer overflow in Linux kernel RDMA/irdma depth calculation functions allows local authenticated users to trigger a denial of service via improper handling of U32_MAX values passed for SQ/RQ/SRQ size parameters. The vulnerability stems from depth calculations performed in 32-bit integers rather than 64-bit, enabling truncation that bypasses validation and returns success when allocation should fail, potentially causing system instability or resource exhaustion.

Buffer Overflow Integer Overflow Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31472 MEDIUM PATCH This Month

Denial of service in Linux kernel IPTFS (IP Traffic Flow Security) subsystem allows local authenticated attackers to trigger an infinite loop via crafted ESP packets with malformed inner IPv4 headers containing tot_len=0. The vulnerability bypasses input validation in __input_process_payload() that should reject IPv4 packets where tot_len is less than the header length, causing the kernel to spin indefinitely in softirq context and hang the system.

Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31465 MEDIUM PATCH This Month

A denial-of-service condition in the Linux kernel writeback subsystem causes system hangs during suspend-to-RAM on filesystems with no data integrity guarantees (such as FUSE-based overlayfs). When the sync operation waits for flusher threads to complete writeback on these filesystems, the kernel can deadlock if the underlying filesystem daemon is frozen or unresponsive, particularly during system power management. The vulnerability affects Linux kernel versions prior to the fix and is resolved by introducing the SB_I_NO_DATA_INTEGRITY superblock flag to skip unnecessary writeback completion waits on filesystems that cannot guarantee data persistence.

Red Hat Suse Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31461 MEDIUM PATCH This Month

Memory leak in AMD display driver (amdgpu_dm) on Linux kernel allows local authenticated attackers to cause denial of service by exhausting kernel memory when display sinks are connected and the system resumes from sleep. The vulnerability arises from failure to free previously allocated drm_edid structures before overwriting them, and is confirmed in kernel versions up to 7.0 RC5 with EPSS exploitation probability of 0.02% indicating low real-world exploitation likelihood.

Red Hat Suse Amd Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31459 MEDIUM PATCH This Month

Memory leak in Linux kernel DAMON subsystem allows local authenticated users to exhaust system memory via failed allocation in damon_sysfs_new_test_ctx(), causing denial of service. The vulnerability affects kernel versions 6.17.6 through 7.0-rc1 when DAMON_SYSFS is enabled. A privileged user can trigger the leak by making specific control sequences that cause early function returns, bypassing cleanup code and leaving param_ctx unfreed.

Red Hat Suse Denial Of Service Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31457 MEDIUM PATCH This Month

Null pointer dereference in Linux kernel DAMON sysfs interface allows local authenticated users to cause denial of service by setting nr_contexts to zero while DAMON is running, triggering dereference of uninitialized context array pointers in damon_sysfs_repeat_call_fn(). The vulnerability requires local access and low-level privileges (non-root user with sysfs write access), with an EPSS exploitation probability of 0.02% indicating low real-world attack likelihood despite the straightforward trigger mechanism.

Denial Of Service Null Pointer Dereference Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31445 MEDIUM PATCH This Month

Null pointer dereference in Linux kernel DAMON subsystem allows local authenticated attackers to cause denial of service when memory allocation failures occur during online parameter updates. The vulnerability affects DAMON's context commit mechanism (damon_commit_ctx), which can partially corrupt kernel state if internal memory allocation fails, potentially leading to NULL pointer dereference in damos_commit_dests(). While real-world impact is rare due to the low probability of allocation failure, the severe consequence of kernel panic necessitates this fix.

Red Hat Suse Denial Of Service Null Pointer Dereference Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31443 MEDIUM PATCH This Month

Denial of service in the Linux kernel dmaengine idxd subsystem allows local attackers with low privileges to crash the system by triggering a Function Level Reset when the hardware does not support event log reporting. The vulnerability occurs when the driver attempts to restore or free an event log that was never allocated, resulting in a kernel crash with high availability impact.

Red Hat Suse Denial Of Service Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31437 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's netfs subsystem crashes the kernel when retrying unbuffered writes on filesystems that omit the prepare_write stream operation, such as 9P. A local low-privilege user who can write to such a mounted filesystem and induce a get_user_pages() -EFAULT failure can trigger a kernel panic, causing a denial of service. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects negligible observed exploitation probability; the vulnerability is not listed in CISA KEV.

Linux Null Pointer Dereference Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-2717 MEDIUM This Month

CRLF injection in HTTP Headers WordPress plugin up to version 1.19.2 allows authenticated administrators to inject arbitrary Apache directives into .htaccess files via unsanitized custom header fields, causing configuration parse errors and potential site-wide denial of service. Attack requires Administrator-level WordPress access and no user interaction. CVSS 5.5 reflects high availability impact (A:H) balanced against high privilege requirements (PR:H).

Apache Denial Of Service WordPress
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-35348 MEDIUM This Month

The sort utility in uutils coreutils crashes with a process panic when the --files0-from option processes inputs containing non-UTF-8 filenames, allowing local authenticated attackers to cause denial of service. Unlike GNU sort, which handles filenames as raw bytes, uutils enforces UTF-8 encoding via expect() calls that immediately panic on invalid sequences. A proof-of-concept exploit exists; SSVC analysis indicates partial technical impact with non-automatable exploitation.

Denial Of Service Coreutils
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-6862 MEDIUM PATCH This Month

Libefiboot in efivar fails to validate that EFI device path node length fields meet the 4-byte minimum requirement, allowing local users to trigger infinite recursion and stack exhaustion via crafted device paths. The vulnerability requires user interaction but causes denial of service by crashing affected processes, with no privilege escalation or data compromise. No active exploitation has been confirmed at the time of analysis.

Denial Of Service Libefiboot
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-6844 MEDIUM PATCH This Month

The readelf utility in binutils is vulnerable to denial of service through two distinct flaws triggered by maliciously crafted ELF files: a resource exhaustion vulnerability (CWE-400) causing out-of-memory conditions and a null pointer dereference (CWE-476) causing segmentation faults. Both vulnerabilities require local access and user interaction to open a malicious file, resulting in the readelf utility crashing or becoming unresponsive. No public exploit code or active exploitation has been identified at the time of analysis.

Denial Of Service Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9 +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-6843 MEDIUM PATCH This Month

Format string vulnerability in nano's statusline() function allows local users to trigger a segmentation fault via directory names containing printf specifiers, causing denial of service. Exploitation requires user interaction (opening a directory with the crafted name) on systems where nano is available to local users. No public exploit code identified at time of analysis.

Denial Of Service Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-6840 MEDIUM This Month

Denial of service via out-of-range operator-code lookup in Samsung ONE machine learning framework prior to version 1.30.0 allows local attackers with user interaction to crash the model loading process. Missing bounds validation during operator code indexing permits access to invalid memory locations, triggering application termination without authentication.

Information Disclosure One
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-41646 MEDIUM PATCH GHSA This Month

Nuclei v3.7.0 and earlier allow JavaScript templates to read arbitrary `.js` and `.json` files from the host filesystem via the `require()` function, bypassing the `allow-local-file-access` restriction. This enables unauthenticated local attackers or users running untrusted templates to extract sensitive data from configuration files, credential stores, and cloud credentials. The vulnerability is limited to these two file types but can expose secrets in `package.json`, environment configs, and similar files commonly present on developer or server systems.

Information Disclosure Authentication Bypass
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-35340 MEDIUM PATCH This Month

uutils coreutils chown and chgrp utilities return incorrect exit codes during recursive directory operations, masking ownership change failures and allowing administrative scripts to incorrectly assume successful permission transfers. When processing multiple files recursively, the final exit code reflects only the last file's result; if that file succeeds, the command returns 0 even if earlier operations failed due to permission errors. This integrity flaw affects local users with limited privileges on systems running affected versions below 0.6.0, creating risk of security misconfigurations in automated deployment and configuration management scripts.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-35339 MEDIUM POC PATCH GHSA This Month

The chmod utility in uutils coreutils versions prior to 0.6.0 incorrectly reports success (exit code 0) when recursively processing multiple files, even if permission changes fail on earlier files due to access restrictions or other errors. This causes scripts and automation to proceed under a false assumption that all files were modified correctly, potentially leaving sensitive files with unintended or restrictive permissions.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-1845 MEDIUM This Month

Stored Cross-Site Scripting in Real Estate Pro plugin for WordPress up to version 1.0.9 allows authenticated administrators to inject arbitrary JavaScript into admin settings that executes for all users viewing affected pages. The vulnerability is limited to multi-site installations or single-site instances with the unfiltered_html capability disabled. Attack requires administrator-level privileges and no user interaction, but scope is changed (cross-site impact), resulting in a moderate CVSS score of 5.5.

XSS WordPress
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-6848 MEDIUM This Month

Red Hat Quay 3 bypasses password re-verification for sensitive operations such as token generation and robot account creation, allowing users with timed-out or idle authenticated sessions to perform privileged actions without providing valid credentials. An attacker with access to an abandoned browser session can execute sensitive operations despite the UI displaying authentication errors, resulting in unauthorized token creation, robot account manipulation, and information disclosure. CVSS 5.4 reflects moderate risk with network attack vector and low privilege requirements.

Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-6515 MEDIUM PATCH This Month

GitLab CE/EE versions 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 allow authenticated users to access Virtual Registries using invalidated or incorrectly scoped credentials under certain conditions, resulting in unauthorized information disclosure and modification. The vulnerability requires valid user credentials and network access but no user interaction, affecting confidentiality and integrity with partial technical impact per SSVC. No public exploit code or active exploitation has been identified at time of analysis.

Information Disclosure Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-34066 MEDIUM PATCH GHSA This Month

Denial of service in Nimiq Core's history synchronization allows remote peers to trigger a panic in HistoryStore::put_historic_txns by submitting malformed transaction history with block numbers violating invariant constraints. During history sync, the panic occurs before validation checks compare the computed history root against the macro block header, causing affected nodes to crash. The CVSS score of 5.3 reflects high availability impact but requires user interaction and high attack complexity to exploit.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-41645 MEDIUM PATCH GHSA This Month

Expression injection in Nuclei's template evaluation engine allows malicious HTTP servers to inject and execute DSL expressions via response data reused in multi-step templates. When the `-env-vars` flag is enabled (off by default), attackers can exfiltrate host environment variables including API keys and credentials; without this flag, injected expressions may trigger helper functions with limited security impact. Nuclei v3.8.0+ patches the vulnerability by collecting expressions from template source before placeholder substitution, preventing response-derived data from being reinterpreted as executable DSL syntax.

Information Disclosure Code Injection RCE
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-34062 MEDIUM PATCH This Month

Denial of service in nimiq-libp2p prior to version 1.3.0 allows remote peers to exhaust node resources by sending partial frames on inbound substreams and keeping them open. The vulnerability combines unbounded stream reading via `read_to_end()` with a high concurrent stream limit of 1000, enabling attackers to accumulate stalled slots and degrade network availability without authentication or user interaction.

Denial Of Service Network Libp2P
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-41128 MEDIUM PATCH This Month

Craft CMS versions 5.6.0 through 5.9.14 allow authenticated users with only viewUsers permission to remove arbitrary users from all user groups via the actionSavePermissions() endpoint, bypassing per-group authorization controls that protect group additions. An attacker can submit an empty groups value to strip all group memberships from any user, degrading access control integrity. The vulnerability has been patched in version 5.9.15.

Authentication Bypass
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-34064 MEDIUM PATCH GHSA This Month

Denial of service in Nimiq's vesting contract allows remote unauthenticated attackers to crash nodes by crafting a vesting contract with `total_amount` exceeding the actual contract balance, then triggering a panic during error handling when `min_cap > balance`. The vulnerability exploits insufficient validation of vesting contract creation data and integer underflow in the `Coin::sub` operation, affecting all versions before 1.3.0. Active exploitation would require ability to broadcast transactions to the Nimiq network.

Integer Overflow Denial Of Service
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22748 MEDIUM PATCH This Month

JWT token validation bypass in Spring Security allows authenticated attackers to forge or manipulate JWT tokens when NimbusJwtDecoder or NimbusReactiveJwtDecoder is used without explicit OAuth2TokenValidator configuration, enabling unauthorized access to protected resources. The vulnerability affects Spring Security versions 6.3.0-6.3.14, 6.4.0-6.4.14, 6.5.0-6.5.9, and 7.0.0-7.0.4. CVSS 5.3 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N) reflects network-accessible exploitation requiring low-privilege authentication and high attack complexity.

Information Disclosure Java Red Hat
NVD VulDB HeroDevs
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-40448 MEDIUM This Month

Integer overflow in tensor allocation size calculation within Samsung Open Source ONE prior to version 1.30.0 allows local attackers with user interaction to cause denial of service or memory corruption. The vulnerability arises when processing large tensors, where insufficient memory allocation due to integer wraparound can lead to heap corruption. While CVSS indicates moderate severity (5.3), the high attack complexity and user interaction requirements limit practical exploitation.

Samsung Integer Overflow Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33260 MEDIUM PATCH This Month

Denial of service in PowerDNS Authoritative, Recursor, and dnsdist via unbounded memory allocation in their internal web servers when processing specially crafted web requests. Multiple product lines are affected across several version ranges. The internal web server is disabled by default, significantly limiting real-world exposure. A vendor-released patch is available. CVSS 5.3 (low severity) with network-accessible vector but no authentication required reflects the ease of exploitation offset by the availability limitation and DoS-only impact.

Denial Of Service Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33258 MEDIUM PATCH This Month

Denial of service in PowerDNS Recursor allows remote unauthenticated attackers to exhaust resolver memory by publishing and querying crafted DNS zones that trigger excessive allocation in the negative and aggressive NSEC(3) caches. The vulnerability affects Recursor versions 5.2.0-5.2.8, 5.3.0-5.3.5, and 5.4.0, with a CVSS score of 5.3 reflecting low severity due to availability impact only (no code execution or data breach). Vendor-released patches are available.

Denial Of Service Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33257 MEDIUM PATCH This Month

Unlimited memory allocation in PowerDNS internal web server allows remote denial of service via crafted web requests. The vulnerability affects multiple PowerDNS products (dnsdist, Authoritative, and Recursor) across multiple versions, though the internal web server is disabled by default, significantly limiting real-world exposure. CVSS 5.3 reflects low attack complexity and no authentication requirements, but the default-disabled state and requirement to enable the internal web server substantially reduce practical risk.

Denial Of Service Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33256 MEDIUM PATCH This Month

Denial of service via unlimited memory allocation in PowerDNS Recursor's internal web server affects versions 5.2.0-5.2.8, 5.3.0-5.3.5, and 5.4.0. An unauthenticated remote attacker can send a crafted web request to exhaust server memory when the internal web server is enabled, causing service unavailability. No public exploit code or active exploitation has been identified, but patch versions are available from the vendor.

Denial Of Service Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-35345 MEDIUM This Month

The tail utility in uutils coreutils discloses sensitive file contents through improper symlink handling when using the --follow=name option. Unlike GNU tail, uutils continues monitoring a file path after it has been replaced with a symbolic link, causing it to output the contents of the link's target. A local attacker with write access to a monitored directory can exploit this to exfiltrate sensitive system files such as /etc/shadow when a privileged user (e.g., root) runs tail in follow mode. Publicly available exploit code exists, and the vulnerability requires local access and specific deployment conditions (privileged tail process monitoring user-writable directories).

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-4117 MEDIUM This Month

Authenticated users with Subscriber-level access can modify the CalJ Shabbat Times plugin's API key and clear its cache due to missing authorization checks in the CalJSettingsPage class constructor. The vulnerability affects all versions up to and including 1.5, with no special network or interaction requirements beyond valid WordPress authentication. While CVSS 5.3 reflects moderate integrity impact, the practical risk depends on whether WordPress sites allow Subscriber-level registrations and whether the plugin's API key provides sensitive access to external services.

PHP Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33595 MEDIUM PATCH This Month

dnsdist allows remote denial-of-service attacks through memory exhaustion by generating numerous error responses on single DoQ (DNS-over-QUIC) and DoH3 (DNS-over-HTTPS/3) connections. An unauthenticated remote attacker can trigger excessive memory allocation by rapidly sending queries that produce error responses, with resources not properly released until connection termination. CVSS 5.3 (AV:N/AC:L/PR:N/UI:N) reflects network-accessible availability impact; no public exploit identified at time of analysis.

Denial Of Service Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33594 MEDIUM PATCH This Month

dnsdist can be forced into excessive memory allocation when a client generates high volumes of DNS queries routed to an overloaded DNS-over-HTTPS (DoH) backend, causing queries to accumulate in an unbounded buffer that persists until connection closure. This denial-of-service condition affects dnsdist deployments with DoH backends under load, allowing unauthenticated remote attackers to exhaust server memory with sustained query traffic.

Denial Of Service Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33254 MEDIUM PATCH This Month

DNSdist allows remote attackers to create unlimited concurrent DoQ (DNS over QUIC) or DoH3 (DNS over HTTPS/3) connections, triggering unbounded memory allocation and denial of service. The vulnerability affects configurations where these protocols are explicitly enabled, as both are disabled by default. No authentication is required for exploitation, and CVSS 5.3 (AC:L, AV:N) indicates straightforward network-based triggering under default conditions.

Denial Of Service Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33609 MEDIUM PATCH This Month

Incomplete LDAP query escaping in PowerDNS Authoritative with 8bit-dns enabled allows authenticated users to enumerate internal domain subtrees through LDAP injection, leading to information disclosure of sensitive DNS zone data. The vulnerability requires valid authentication, high attack complexity due to LDAP protocol constraints, and has been reported by the vendor security team. No active exploitation data is currently available.

Information Disclosure LDAP Code Injection Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-40451 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in DeepL Chrome browser extension versions 1.22.0 through 1.23.0 allows remote attackers to execute arbitrary JavaScript and inject malicious HTML into web pages viewed by users. The vulnerability requires user interaction with a malicious web page but can compromise the security context of all visited websites.

XSS Google Chrome Browser Extension
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-6835 MEDIUM This Month

Unauthenticated remote attackers can upload arbitrary files to any path in a+HCM developed by aEnrich, including executable HTML documents, enabling cross-site scripting and potential server-side impacts. The vulnerability requires user interaction (UI:A) but allows unrestricted file placement with low scope and integrity impact. No patch version or active exploitation data is currently available.

XSS File Upload A Hcm
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-41131 MEDIUM PATCH GHSA This Month

OpenFGA versions prior to 1.14.1 suffer from a cache key collision vulnerability in conditional authorization models that enables attackers to obtain unauthorized access to resources by forcing reuse of cached authorization decisions. When conditions are evaluated with caching enabled, different check requests can generate identical cache keys, causing OpenFGA to incorrectly return a previously cached authorization result for a subsequent request with different parameters. This affects deployments using relational models with condition evaluation where caching is active, allowing authenticated users to bypass intended access controls and disclose information about resources they should not access.

Information Disclosure Red Hat
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-35372 MEDIUM PATCH This Month

The ln utility in uutils coreutils fails to honor the --no-dereference flag when the --force flag is not simultaneously enabled, allowing local attackers with low privileges to redirect symbolic link operations into unintended directories. An attacker can manipulate existing symlinks to cause a privileged user or system script running ln -n to create files in sensitive directories, leading to unauthorized file creation or system misconfiguration. CVSS score of 5.0 reflects local attack vector and low complexity; SSVC framework indicates non-automatable exploitation with partial technical impact.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-33259 MEDIUM PATCH This Month

PowerDNS Recursor versions 5.2.0-5.2.8, 5.3.0-5.3.5, and 5.4.0 suffer denial of service and potential data corruption when a malfunctioning RPZ provider causes concurrent transfers of the same RPZ zone, leading to use-after-free conditions, inconsistent zone data, and recursor crashes. The vulnerability requires high privilege attacker control over an RPZ provider and non-standard network conditions, resulting in availability and integrity impact with a CVSS score of 5.0.

Denial Of Service Use After Free Memory Corruption Suse
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-6845 MEDIUM PATCH This Month

The readelf utility in binutils is vulnerable to denial of service through null pointer dereference when processing specially crafted ELF files. A local attacker with limited privileges can trigger excessive resource consumption or program crashes by convincing a user to process a malicious ELF binary, affecting Red Hat Enterprise Linux 6, 7, 8, and 10. No public exploit code or active exploitation has been confirmed at this time.

Null Pointer Dereference Denial Of Service Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +4
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-4919 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in IBM Guardium Data Protection 12.1 through 26.0.0.4 allows authenticated administrative users to inject arbitrary JavaScript into the Web UI, enabling credential theft and session hijacking of other administrators within a trusted session. The vulnerability requires administrative privileges and user interaction (clicking a malicious link or visiting a crafted page), limiting its scope but maintaining high impact for multi-admin environments. EPSS context and active exploitation status are not publicly confirmed at this time.

IBM XSS
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-41314 MEDIUM PATCH This Month

Denial of service via memory exhaustion in pypdf prior to 6.10.2 allows local attackers with user interaction to crash applications processing crafted PDF files containing FlateDecode-compressed images with inflated size values. The vulnerability exhausts available RAM during decompression, affecting any system using vulnerable pypdf versions to parse untrusted PDF documents.

Information Disclosure Python Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-41313 MEDIUM PATCH This Month

Denial of service via algorithmic complexity in pypdf versions prior to 6.10.2 allows local attackers to cause long runtimes by crafting a PDF with an excessively large trailer /Size value when loaded in incremental mode. The vulnerability requires user interaction to load the malicious PDF and results in availability degradation rather than data compromise. Patch version 6.10.2 is available from the vendor.

Information Disclosure Python Red Hat Suse
NVD GitHub
CVSS 4.0
4.8
EPSS
0.0%
Prev Page 6 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy