Skip to main content
CVE-2026-41312 MEDIUM PATCH This Month

Memory exhaustion in pypdf prior to 6.10.2 allows local attackers to craft malicious PDF files that exhaust system RAM when processed. The vulnerability requires user interaction to open a specially crafted PDF containing a /FlateDecode stream with a /Predictor value other than 1 and large predictor parameters. Vendor-released patch available in version 6.10.2.

Information Disclosure Python Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-33598 MEDIUM PATCH This Month

Out-of-bounds memory read in dnsdist allows remote attackers to trigger information disclosure or denial of service when custom Lua code invokes getDomainListByAddress() or getAddressListByDomain() functions on a crafted packet cache entry. The vulnerability requires network access but has high attack complexity, limiting real-world exploitation despite the remote attack vector.

Buffer Overflow Information Disclosure Suse
NVD VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-31523 MEDIUM PATCH This Month

Double completions in NVMe-PCI polled queue handling occur when a high-priority task attempts to poll a queue during kernel reset before block layer queue maps are updated, causing race conditions between interrupt-driven and polled I/O paths. Affects Linux kernel versions before 5.10.253, 5.15.203, 6.1.168, 6.6.131, 6.12.80, 6.18.21, 6.19.11, and 7.0-rc2, requiring local authentication and high attack complexity to trigger. No public exploit identified, but vendor-released patches are available across all affected stable and development branches.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-31466 MEDIUM PATCH This Month

A race condition in Linux kernel memory management causes folio objects to be accessed without proper locking during concurrent mega-transparent huge page (mTHP) splitting and zap operations on arm64, triggering a denial-of-service condition via VM_WARN_ON_ONCE() panic when the missing memory barrier allows CPU reordering to expose unlocked folio state. The vulnerability affects Linux kernel versions before 5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.21, 6.19.11, and 7.0 with EPSS score of 0.02% indicating low real-world exploitation likelihood despite moderate CVSS impact rating.

Huawei Race Condition Information Disclosure Linux
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-31456 MEDIUM PATCH This Month

A race condition in the Linux kernel's page table walking code (mm/pagewalk) allows local authenticated attackers to trigger a kernel panic (denial of service) by concurrent PUD splitting and refaulting operations. The vulnerability occurs when one thread is reading proc/[pid]/numa_maps while another thread (e.g., VFIO-PCI DMA setup) modifies the page table hierarchy, causing walk_pmd_range() to attempt walking a PMD range that no longer exists. The condition requires local access and a privileged operation (VFIO DMA pinning), but can reliably crash the kernel, affecting system availability.

Race Condition Information Disclosure Linux
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-35359 MEDIUM This Month

Time-of-Check to Time-of-Use (TOCTOU) vulnerability in uutils coreutils cp utility allows local attackers with write access to bypass no-dereference protections and read arbitrary sensitive files. The cp command checks symbolic link status via metadata but opens files without O_NOFOLLOW, permitting race condition exploitation where an attacker swaps a regular file for a symbolic link between check and use, causing a privileged cp process to copy sensitive file contents to attacker-controlled destinations. Publicly available exploit code exists; SSVC framework indicates partial technical impact with non-automatable exploitation.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-35354 MEDIUM This Month

Time-of-check-time-of-use (TOCTOU) vulnerability in uutils coreutils mv utility during cross-device file moves allows local attackers with directory write access to manipulate extended attributes (xattrs) on destination files by swapping files between sequential path-based system calls, potentially causing security labels like SELinux attributes or file capabilities to be applied inconsistently. CVSS 4.7 (local, high complexity) with confirmed vulnerability reported by Canonical; CISA SSVC assessment indicates non-automatable exploitation with partial technical impact.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-35357 MEDIUM This Month

The cp utility in uutils coreutils exposes sensitive file contents through a race condition where destination files are created with overly permissive umask-derived permissions before being restricted to their final restrictive mode. A local authenticated attacker can open the file during this narrow window to obtain a valid file descriptor that remains readable even after permissions are tightened, bypassing intended access controls. CVSS 4.7 with high confidentiality impact but limited exploitability due to high attack complexity and moderate SSVC rating.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-3837 MEDIUM This Month

Stored cross-site scripting (XSS) in Frappe 16.10.0 allows authenticated attackers with high privileges to inject malicious scripts into document fields, which execute in the browser of any user who subsequently opens the affected document in Desk. The vulnerability stems from unsafe HTML interpolation in multiple formatter implementations that fail to escape user-supplied values, enabling persistent client-side code execution with limited scope (low integrity/availability impact). CVSS 4.6 reflects the requirement for authenticated high-privilege access and user interaction, but the XSS vector represents a significant persistence and social engineering risk in collaborative document environments.

XSS Frappe
NVD GitHub VulDB
CVSS 4.0
4.6
EPSS
0.1%
CVE-2026-3673 MEDIUM This Month

Stored cross-site scripting (XSS) in Frappe 16.10.10 allows authenticated attackers with high privileges to inject malicious JavaScript via crafted tag values in the _user_tags field, which execute when victims open list or report views. The vulnerability stems from unescaped interpolation of tag content into HTML attributes and element content. Exploitation requires user interaction (victim must open affected view) and high-level authentication, but results in session hijacking or data theft with partial technical impact; CISA SSVC framework rates this as exploitable via proof-of-concept with partial technical impact.

XSS Frappe
NVD GitHub
CVSS 4.0
4.6
EPSS
0.1%
CVE-2026-35376 MEDIUM PATCH This Month

Time-of-Check to Time-of-Use (TOCTOU) race condition in the chcon utility of uutils coreutils allows local attackers with directory write access to redirect recursive security label operations to unintended files or directories via symbolic link or rename races, potentially compromising SELinux security controls. The vulnerability affects versions prior to 0.8.0 and requires low privileges and high attack complexity to exploit, making it a moderate-severity issue with partial technical impact.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
4.5
EPSS
0.0%
CVE-2026-35347 MEDIUM PATCH GHSA This Month

The comm utility in uutils coreutils drains FIFO and pipe streams before performing file comparison due to premature data consumption in the are_files_identical function, causing silent data loss and potential indefinite hangs on infinite streams. Local authenticated users can trigger this vulnerability to corrupt or lose data in piped workflows, affecting the integrity of command-line data processing chains.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-4142 MEDIUM This Month

Stored cross-site scripting in the Sentence To SEO WordPress plugin (versions up to 1.0) allows authenticated administrators to inject arbitrary JavaScript into the plugin settings page via the 'Permanent keywords' field. The vulnerability stems from insufficient input sanitization and output escaping, enabling attackers to break out of a textarea element and inject malicious scripts that execute when other users access the settings page. This requires administrator-level privileges and does not affect unauthenticated users.

XSS WordPress PHP
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-33601 MEDIUM PATCH This Month

Denial of service in PowerDNS Recursor via null pointer dereference in the zoneToCache function when processing zone data from a malicious authoritative server. Affects Recursor 5.2.0 through 5.4.0 and requires high privileges and non-standard network conditions to exploit, resulting in service availability impact but not data compromise. Patch available from vendor.

Denial Of Service Null Pointer Dereference Suse
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-33600 MEDIUM PATCH This Month

Denial of service in PowerDNS Recursor occurs when processing a malicious Response Policy Zone (RPZ) from an authoritative server, triggering a null pointer dereference due to missing validation logic. Versions 5.2.0-5.2.8, 5.3.0-5.3.5, and 5.4.0 are affected. An authenticated remote attacker controlling an authoritative nameserver can crash the Recursor service by sending a specially crafted RPZ response, requiring high privilege level (PR:H) and complex attack conditions (AC:H) as mitigating factors.

Denial Of Service Null Pointer Dereference Suse
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-3362 MEDIUM This Month

Stored Cross-Site Scripting in Short Comment Filter WordPress plugin up to version 2.2 allows authenticated administrators to inject arbitrary JavaScript through the 'Minimum Count' settings field due to missing input sanitization and output escaping. The vulnerability affects all versions through 2.2 and has particular impact in WordPress multisite environments or when DISALLOW_UNFILTERED_HTML is configured, where administrators lack unfiltered_html capabilities. No public exploit code or active exploitation has been identified at the time of analysis.

XSS WordPress
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-35370 MEDIUM PATCH GHSA This Month

The id utility in uutils coreutils miscalculates group membership by using real GID instead of effective GID, causing output divergence from GNU coreutils and potentially enabling unauthorized access when scripts rely on id output for access-control decisions. Affects local users with privileges to execute the id command. Proof-of-concept code exists but no active exploitation in the wild has been confirmed.

Authentication Bypass Coreutils
NVD GitHub
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-35358 MEDIUM PATCH GHSA This Month

The cp utility in uutils coreutils versions before 0.7.0 incorrectly handles recursive copy operations (-R flag) by converting character and block device nodes into regular files instead of preserving them via mknod, destroying device semantics and enabling denial of service through disk exhaustion or process hangs when unbounded device nodes are copied.

Denial Of Service Coreutils
NVD GitHub
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-35366 MEDIUM POC PATCH GHSA This Month

The printenv utility in uutils coreutils versions before 0.6.0 silently omits environment variables containing invalid UTF-8 byte sequences, allowing adversarial environment variables such as malicious LD_PRELOAD values to evade inspection by administrators and security auditing tools. This evasion capability enables library injection and other environment-based attacks to bypass detection, affecting systems that rely on printenv for security auditing or environment validation. The vulnerability requires local access with unprivileged user privileges (PR:L) to exploit and carries a CVSS score of 4.4 with confirmed proof-of-concept availability.

Code Injection Coreutils
NVD GitHub
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-2719 MEDIUM This Month

Stored cross-site scripting in Private WP Suite plugin for WordPress through version 0.4.1 allows authenticated administrators to inject arbitrary JavaScript via the Exceptions setting, which executes in the browsers of any user accessing affected pages. The vulnerability requires high-privilege authenticated access and only manifests in multi-site installations or those with unfiltered_html disabled, limiting real-world exposure despite network-accessible attack vector.

XSS WordPress
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-2714 MEDIUM This Month

Stored Cross-Site Scripting in Institute Management plugin for WordPress up to version 5.5 allows authenticated administrators to inject arbitrary JavaScript via the 'Enquiry Form Title' setting, which executes when users access affected pages. The vulnerability is limited to multi-site WordPress installations or sites with unfiltered_html disabled. CVSS 4.4 reflects high privilege requirements (PR:H) and conditional scope (multi-site only), but the stored XSS nature and administrator access requirement make this a targeted insider threat rather than a broad attack surface.

XSS WordPress
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-6041 MEDIUM This Month

Stored cross-site scripting in the Buzz Comments WordPress plugin (all versions up to 0.9.4) allows authenticated administrators to inject arbitrary JavaScript via the 'Custom Buzz Avatar' setting, with the malicious script executing whenever any user accesses the plugin settings page. The vulnerability requires high-privilege administrative access and manual interaction with the settings interface, limiting its practical exploitability to insider threats or compromised administrator accounts.

XSS WordPress
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-1379 MEDIUM This Month

Stored cross-site scripting in HTTP Headers plugin for WordPress up to version 1.19.2 allows authenticated administrators to inject arbitrary scripts into admin settings that execute when users access affected pages. This vulnerability is limited to multi-site installations or sites where the unfiltered_html capability has been disabled, significantly reducing real-world exposure. No active exploitation has been publicly reported, and the high privilege requirement (administrator role) narrows the practical attack surface.

XSS WordPress
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-1930 MEDIUM This Month

Emailchef WordPress plugin versions up to 3.5.1 allow authenticated attackers with Subscriber-level access to delete plugin settings via an unprotected AJAX action due to missing capability checks. The vulnerability enables unauthorized modification of plugin configuration without administrative privileges, affecting any WordPress site using the affected plugin versions. No public exploit code or active exploitation has been identified at time of analysis.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-41126 MEDIUM This Month

Open redirect vulnerability in BigBlueButton prior to version 3.0.24 allows unauthenticated remote attackers to redirect users to arbitrary external URLs via manipulation of the logoutURL parameter in the /api/join endpoint. The vulnerability requires user interaction (clicking a malicious link) but has low technical complexity and could facilitate phishing attacks by redirecting authenticated users away from the legitimate logout flow to attacker-controlled domains. Version 3.0.24 mitigates this by enforcing checksum validation and defaulting to the legitimate logoutURL when validation fails.

Open Redirect
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-4126 MEDIUM This Month

Table Manager plugin for WordPress versions up to 1.0.0 allows authenticated Contributor-level users and above to extract sensitive data from arbitrary WordPress database tables via the 'table_manager' shortcode. The vulnerability stems from insufficient input validation on the table name parameter-the plugin uses only sanitize_key() without an allowlist check, enabling attackers to enumerate and read data from any accessible database table by manipulating the shortcode attribute. No public exploit code has been identified, but the attack requires only valid WordPress credentials at Contributor level or higher.

Information Disclosure WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-4138 MEDIUM This Month

Cross-Site Request Forgery (CSRF) in the DX Unanswered Comments WordPress plugin versions up to 1.7 allows unauthenticated attackers to modify critical plugin settings (authors list and comment count) by tricking a site administrator into clicking a malicious link, due to missing nonce validation in the settings form handler. The CVSS 4.3 score reflects low severity with integrity impact limited to plugin configuration rather than data or code execution, but successful exploitation could alter site functionality if an attacker controls which comments are flagged as unanswered.

PHP CSRF WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-4118 MEDIUM This Month

Call To Action Plugin for WordPress versions up to 3.1.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the settings page that allows unauthenticated attackers to modify plugin configuration via forged requests. The vulnerability exists because the cbox_options_page() function lacks nonce validation (missing wp_nonce_field() and wp_verify_nonce() checks), enabling attackers to trick site administrators into clicking malicious links that alter call-to-action box settings including title, content, URL, colors, and other options. No public exploit code has been identified, but the attack requires minimal complexity (AC:L) and relies on user interaction (UI:R) to succeed.

CSRF WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-6294 MEDIUM This Month

Cross-Site Request Forgery in Google PageRank Display plugin for WordPress (versions up to 1.4) allows unauthenticated attackers to trick logged-in administrators into changing plugin settings via a crafted request, due to missing nonce validation in the settings form handler. The vulnerability has a CVSS score of 4.3 (network-based, low complexity, requires user interaction) and enables modification of plugin configuration such as display style without administrator knowledge.

CSRF WordPress Google
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-4128 MEDIUM This Month

TP Restore Categories And Taxonomies WordPress plugin versions up to 1.0.1 lack capability checks in the delete_term() AJAX handler, allowing authenticated Subscriber-level users to permanently delete taxonomy terms from backup tables by reusing a nonce exposed to all authenticated users. The vulnerability bypasses authorization despite nonce validation, enabling low-privileged attackers to cause data loss via a simple crafted AJAX request.

PHP Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-4121 MEDIUM This Month

The Kcaptcha WordPress plugin versions up to 1.0.1 fails to validate nonces on the settings page, allowing unauthenticated attackers to modify CAPTCHA configuration (enable/disable on login, registration, lost password, and comment forms) via cross-site request forgery if a site administrator can be tricked into clicking a malicious link. The vulnerability requires user interaction (administrator click) but carries a CVSS score of 4.3 with integrity impact; no public exploit code or active exploitation has been identified at the time of analysis.

PHP CSRF WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-4139 MEDIUM This Month

Cross-site request forgery in mCatFilter WordPress plugin up to version 0.5.2 allows unauthenticated attackers to modify all plugin settings including category exclusion rules, feed exclusion flags, and tag page exclusion flags by tricking site administrators into clicking a malicious link. The vulnerability exists because the compute_post() function processes $_POST data without nonce verification or capability checks, executing on every page load via the plugins_loaded hook.

CSRF WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-6396 MEDIUM This Month

Cross-Site Request Forgery in Fast & Fancy Filter - 3F WordPress plugin up to version 1.2.2 allows unauthenticated attackers to modify plugin filter settings, update arbitrary site options, or create filter posts by tricking site administrators into clicking a malicious link. The vulnerability exists in the saveFields() function which handles the fff_save_settins AJAX action without nonce verification, enabling attackers to forge requests that execute administrative actions on behalf of logged-in administrators.

CSRF WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-4140 MEDIUM This Month

Cross-Site Request Forgery in Ni WooCommerce Order Export plugin for WordPress allows unauthenticated attackers to modify plugin settings by tricking an administrator into clicking a malicious link, due to missing nonce validation in the AJAX settings handler. Affected versions through 3.1.6 accept direct $_REQUEST input to update_option() without any CSRF protection or capability checks, enabling unauthorized configuration changes.

CSRF WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-4133 MEDIUM This Month

Cross-site request forgery in TextP2P Texting Widget plugin for WordPress up to version 1.7 allows unauthenticated attackers to modify all plugin settings including API credentials and widget configuration by tricking site administrators into clicking a malicious link. The vulnerability stems from missing nonce validation in the settings update handler, enabling attackers to change chat titles, messages, colors, reCAPTCHA configuration, and other sensitive options without authentication or authorization verification. This requires user interaction (admin must click attacker-controlled link) but affects any WordPress site running the vulnerable plugin with an active administrator.

CSRF WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-58922 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada theme allows unauthenticated remote attackers to perform unauthorized actions on behalf of authenticated users through malicious web pages, affecting versions before 7.13.2. The vulnerability requires user interaction (clicking a malicious link or visiting a crafted page) but carries low overall risk due to SSVC assessment indicating none-automatable exploitation with partial technical impact. No active exploitation has been confirmed in CISA KEV at time of analysis.

CSRF Avada
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-35351 MEDIUM This Month

The mv utility in uutils coreutils fails to preserve file ownership when moving files across filesystem boundaries, causing moved files to be reassigned to the caller's UID/GID instead of retaining the source file's ownership metadata. When invoked by privileged users (such as root), this results in unexpected ownership changes that can lead to information disclosure or access restrictions for legitimate file owners. Exploitation requires local access and high privileges; a public proof-of-concept exists but active exploitation has not been confirmed in the wild.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-22746 LOW PATCH Monitor

Spring Security's DaoAuthenticationProvider can leak timing information about user account status when applications rely on UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked attributes for user validation. This allows remote attackers to enumerate disabled, expired, or locked accounts through timing analysis of authentication responses across affected versions 5.7.0-5.7.22, 5.8.0-5.8.24, 6.3.0-6.3.15, 6.5.0-6.5.9, and 7.0.0-7.0.4. No public exploit code or active exploitation has been identified at this time.

Authentication Bypass Java
NVD VulDB HeroDevs
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-33597 LOW PATCH Monitor

Denial of service in dnsdist via crafted PRSD (PowerDNS Response Detection) queries causes assertion failure and service disruption on remote DNS resolvers. The vulnerability requires specific network conditions and crafted packet construction (AC:H) but affects default configurations without authentication. CVSS 3.7 reflects low availability impact with non-trivial exploitation complexity.

Denial Of Service Dnsdist
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-35362 LOW PATCH GHSA Monitor

Time-of-Check to Time-of-Use (TOCTOU) symlink race condition vulnerability in uutils coreutils affects directory traversal operations on macOS and FreeBSD because the safe_traversal module's file-descriptor-relative syscall protections are incorrectly limited to Linux targets only. Local authenticated attackers with limited privileges can exploit this race condition to read or modify files via symlink manipulation, though exploitation requires specific timing conditions and is not automatable. EPSS and CISA SSVC assessment indicate partial technical impact with no evidence of active exploitation.

Apple Path Traversal
NVD GitHub
CVSS 3.1
3.6
EPSS
0.0%
CVE-2026-35361 LOW POC PATCH GHSA Monitor

The mknod utility in uutils coreutils creates device nodes before atomically applying SELinux security labels, and fails to properly clean up mislabeled nodes if labeling operations fail. This leaves device nodes with incorrect default SELinux contexts, potentially bypassing mandatory access control restrictions on systems where SELinux is enforcing. Affects coreutils versions prior to 0.6.0; exploitation requires local root or elevated privileges and is not currently publicly exploited, though cleanup failures are guaranteed on labeling failure.

Authentication Bypass Coreutils
NVD GitHub VulDB
CVSS 3.1
3.4
EPSS
0.0%
CVE-2026-35377 LOW PATCH Monitor

The env utility in uutils coreutils incorrectly rejects valid backslash escape sequences in single-quoted strings when using the -S (split-string) option, terminating with exit status 125 and causing local denial of service for scripts relying on GNU env compatibility. The implementation performs overly strict validation that diverges from GNU behavior, where backslashes outside of \\ and \' are treated literally rather than invalid, breaking automated administrative workflows.

Denial Of Service Coreutils
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35378 LOW PATCH Monitor

Logic error in uutils coreutils expr utility evaluates parenthesized subexpressions during parsing rather than execution, breaking short-circuit evaluation for logical OR and AND operations. This causes arithmetic errors in dead code branches (e.g., division by zero) to trigger fatal errors instead of being safely ignored, breaking shell script control flow and diverging from GNU expr compatibility. Affects uutils coreutils versions prior to 0.8.0; publicly available exploit code exists per SSVC data.

Information Disclosure Coreutils
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35342 LOW PATCH GHSA Monitor

mktemp utility in uutils coreutils mishandles empty TMPDIR environment variables by creating temporary files in the current working directory instead of falling back to /tmp, potentially exposing sensitive data if the CWD has overly permissive access controls. Affects uutils coreutils versions prior to 0.6.0 and requires local attacker with limited privileges to manipulate the environment or exploit overly accessible working directories; CVSS 3.3 reflects low severity (local access, limited confidentiality impact) despite information disclosure risk.

Information Disclosure Authentication Bypass Coreutils
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35373 LOW POC PATCH GHSA Monitor

The ln utility in uutils coreutils fails to process source paths containing non-UTF-8 filename bytes when using target-directory forms, rejecting valid filenames that GNU ln handles correctly. This logic error affects automated scripts and system tasks on Unix filesystems where non-UTF-8 filenames are common, causing denial of service for those specific operations. SSVC classifies exploitation as possible (POC available) but not automatable, with partial technical impact.

Denial Of Service Coreutils
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35381 LOW POC PATCH GHSA Monitor

Logic error in uutils coreutils cut utility causes incorrect behavior when combining the -s (only-delimited), -z (null-terminated), and -d '' (empty delimiter) flags, resulting in unfiltered records being emitted instead of suppressed. This breaks data integrity for automated pipelines relying on cut -s to exclude records without delimiters, affecting local users with limited privileges. The vulnerability has low exploitability (CVSS 3.3, SSVC indicates no exploitation status and non-automatable attack), but poses information disclosure and data corruption risks in security-sensitive data processing workflows.

Information Disclosure Coreutils
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35379 LOW PATCH Monitor

uutils coreutils tr utility misdefines POSIX character classes [:graph:] and [:print:], incorrectly including ASCII space (0x20) in [:graph:] and excluding it from [:print:] - the opposite of standard behavior. This logic error causes unintended data modification or loss when tr is used in automated scripts or data pipelines that depend on correct character class semantics, such as deletion of graphical characters inadvertently removing all spaces and corrupting structured data. Affects coreutils versions prior to 0.8.0; patch is available from vendor.

Information Disclosure Coreutils
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35375 LOW PATCH Monitor

The split utility in uutils coreutils corrupts output filenames when processing non-UTF-8 prefix or suffix inputs by converting invalid byte sequences to UTF-8 replacement characters, causing filename mismatches, collisions, and potential data misdirection. Affected versions prior to 0.8.0 on all platforms exhibit this behavior, which deviates from GNU split's byte-preservation semantics. Local authenticated users can trigger the vulnerability through crafted non-UTF-8 input, leading to integrity issues in automated workflows relying on predictable filename generation.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35344 LOW Monitor

Silent data corruption in uutils coreutils dd utility results from unconditionally suppressing truncation errors on regular files and directories, allowing backup and migration scripts to report successful operations while destination files contain old or corrupted data when disk space is exhausted or file systems are read-only.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35343 LOW PATCH GHSA Monitor

The cut utility in uutils coreutils fails to suppress non-delimited lines when the -s (only-delimited) option is used with a newline character as the delimiter, causing unfiltered data to be passed to downstream processes. Affected versions prior to 0.8.0 exhibit this logic error, which has low real-world impact due to local-only attack vector and partial technical scope, though it violates strict data filtering contracts that scripts may depend upon.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
Prev Page 7 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy