Skip to main content
CVE-2026-3254 LOW POC PATCH Monitor

Cross-site scripting (XSS) in GitLab CE/EE 18.11 before 18.11.1 allows authenticated users to inject unauthorized content into other users' browsers through improper input validation in the Mermaid diagram sandbox. An attacker must have valid GitLab credentials and the victim must view a malicious diagram, limiting real-world impact despite the publicly available exploit code. SSVC analysis rates this as non-automatable with partial technical impact, consistent with the low CVSS 3.5 score.

Gitlab XSS
NVD VulDB
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-9957 LOW POC PATCH Monitor

Authenticated project owners in GitLab CE/EE versions 11.2-18.9.5, 18.10-18.10.3, and 18.11-18.11.0 can bypass group fork prevention settings due to improper authorization checks, allowing them to create forks when they should be restricted. The vulnerability requires authentication and high-privilege access (project owner role), resulting in low severity (CVSS 2.7). Publicly available exploit code exists and patch versions have been released by the vendor.

Authentication Bypass Gitlab
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-22746 LOW PATCH Monitor

Spring Security's DaoAuthenticationProvider can leak timing information about user account status when applications rely on UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked attributes for user validation. This allows remote attackers to enumerate disabled, expired, or locked accounts through timing analysis of authentication responses across affected versions 5.7.0-5.7.22, 5.8.0-5.8.24, 6.3.0-6.3.15, 6.5.0-6.5.9, and 7.0.0-7.0.4. No public exploit code or active exploitation has been identified at this time.

Authentication Bypass Java
NVD VulDB HeroDevs
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-33597 LOW PATCH Monitor

Denial of service in dnsdist via crafted PRSD (PowerDNS Response Detection) queries causes assertion failure and service disruption on remote DNS resolvers. The vulnerability requires specific network conditions and crafted packet construction (AC:H) but affects default configurations without authentication. CVSS 3.7 reflects low availability impact with non-trivial exploitation complexity.

Denial Of Service Dnsdist
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-35362 LOW PATCH GHSA Monitor

Time-of-Check to Time-of-Use (TOCTOU) symlink race condition vulnerability in uutils coreutils affects directory traversal operations on macOS and FreeBSD because the safe_traversal module's file-descriptor-relative syscall protections are incorrectly limited to Linux targets only. Local authenticated attackers with limited privileges can exploit this race condition to read or modify files via symlink manipulation, though exploitation requires specific timing conditions and is not automatable. EPSS and CISA SSVC assessment indicate partial technical impact with no evidence of active exploitation.

Apple Path Traversal
NVD GitHub
CVSS 3.1
3.6
EPSS
0.0%
CVE-2026-35361 LOW POC PATCH GHSA Monitor

The mknod utility in uutils coreutils creates device nodes before atomically applying SELinux security labels, and fails to properly clean up mislabeled nodes if labeling operations fail. This leaves device nodes with incorrect default SELinux contexts, potentially bypassing mandatory access control restrictions on systems where SELinux is enforcing. Affects coreutils versions prior to 0.6.0; exploitation requires local root or elevated privileges and is not currently publicly exploited, though cleanup failures are guaranteed on labeling failure.

Authentication Bypass Coreutils
NVD GitHub VulDB
CVSS 3.1
3.4
EPSS
0.0%
CVE-2026-35377 LOW PATCH Monitor

The env utility in uutils coreutils incorrectly rejects valid backslash escape sequences in single-quoted strings when using the -S (split-string) option, terminating with exit status 125 and causing local denial of service for scripts relying on GNU env compatibility. The implementation performs overly strict validation that diverges from GNU behavior, where backslashes outside of \\ and \' are treated literally rather than invalid, breaking automated administrative workflows.

Denial Of Service Coreutils
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35378 LOW PATCH Monitor

Logic error in uutils coreutils expr utility evaluates parenthesized subexpressions during parsing rather than execution, breaking short-circuit evaluation for logical OR and AND operations. This causes arithmetic errors in dead code branches (e.g., division by zero) to trigger fatal errors instead of being safely ignored, breaking shell script control flow and diverging from GNU expr compatibility. Affects uutils coreutils versions prior to 0.8.0; publicly available exploit code exists per SSVC data.

Information Disclosure Coreutils
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35342 LOW PATCH GHSA Monitor

mktemp utility in uutils coreutils mishandles empty TMPDIR environment variables by creating temporary files in the current working directory instead of falling back to /tmp, potentially exposing sensitive data if the CWD has overly permissive access controls. Affects uutils coreutils versions prior to 0.6.0 and requires local attacker with limited privileges to manipulate the environment or exploit overly accessible working directories; CVSS 3.3 reflects low severity (local access, limited confidentiality impact) despite information disclosure risk.

Information Disclosure Authentication Bypass Coreutils
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35373 LOW POC PATCH GHSA Monitor

The ln utility in uutils coreutils fails to process source paths containing non-UTF-8 filename bytes when using target-directory forms, rejecting valid filenames that GNU ln handles correctly. This logic error affects automated scripts and system tasks on Unix filesystems where non-UTF-8 filenames are common, causing denial of service for those specific operations. SSVC classifies exploitation as possible (POC available) but not automatable, with partial technical impact.

Denial Of Service Coreutils
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35381 LOW POC PATCH GHSA Monitor

Logic error in uutils coreutils cut utility causes incorrect behavior when combining the -s (only-delimited), -z (null-terminated), and -d '' (empty delimiter) flags, resulting in unfiltered records being emitted instead of suppressed. This breaks data integrity for automated pipelines relying on cut -s to exclude records without delimiters, affecting local users with limited privileges. The vulnerability has low exploitability (CVSS 3.3, SSVC indicates no exploitation status and non-automatable attack), but poses information disclosure and data corruption risks in security-sensitive data processing workflows.

Information Disclosure Coreutils
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35379 LOW PATCH Monitor

uutils coreutils tr utility misdefines POSIX character classes [:graph:] and [:print:], incorrectly including ASCII space (0x20) in [:graph:] and excluding it from [:print:] - the opposite of standard behavior. This logic error causes unintended data modification or loss when tr is used in automated scripts or data pipelines that depend on correct character class semantics, such as deletion of graphical characters inadvertently removing all spaces and corrupting structured data. Affects coreutils versions prior to 0.8.0; patch is available from vendor.

Information Disclosure Coreutils
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35375 LOW PATCH Monitor

The split utility in uutils coreutils corrupts output filenames when processing non-UTF-8 prefix or suffix inputs by converting invalid byte sequences to UTF-8 replacement characters, causing filename mismatches, collisions, and potential data misdirection. Affected versions prior to 0.8.0 on all platforms exhibit this behavior, which deviates from GNU split's byte-preservation semantics. Local authenticated users can trigger the vulnerability through crafted non-UTF-8 input, leading to integrity issues in automated workflows relying on predictable filename generation.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35344 LOW Monitor

Silent data corruption in uutils coreutils dd utility results from unconditionally suppressing truncation errors on regular files and directories, allowing backup and migration scripts to report successful operations while destination files contain old or corrupted data when disk space is exhausted or file systems are read-only.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35343 LOW PATCH GHSA Monitor

The cut utility in uutils coreutils fails to suppress non-delimited lines when the -s (only-delimited) option is used with a newline character as the delimiter, causing unfiltered data to be passed to downstream processes. Affected versions prior to 0.8.0 exhibit this logic error, which has low real-world impact due to local-only attack vector and partial technical scope, though it violates strict data filtering contracts that scripts may depend upon.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35346 LOW PATCH GHSA Monitor

The comm utility in uutils coreutils silently corrupts binary and non-UTF-8 encoded file output by replacing invalid UTF-8 byte sequences with the Unicode replacement character (U+FFFD), diverging from GNU comm's byte-preserving behavior. This affects any user comparing files with legacy encodings or binary content, resulting in data integrity loss. A proof-of-concept demonstrating the lossy conversion exists, and a patch is available.

Information Disclosure Coreutils
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35371 LOW POC PATCH GHSA Monitor

The id utility in uutils coreutils displays incorrect effective user information in its pretty-print output when real and effective UIDs differ, using the effective GID instead of effective UID for name lookup. This causes misleading diagnostic output that could lead system administrators or automated scripts to make incorrect access control decisions, though impact is limited to information disclosure with no direct code execution or system compromise.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35367 LOW Monitor

The nohup utility in uutils coreutils creates its default output file with world-readable permissions (0644) instead of owner-only (0600), allowing any local user to read captured stdout/stderr and access potentially sensitive information in multi-user systems. This information disclosure vulnerability affects all versions of uutils coreutils and diverges from the secure permission model implemented in GNU coreutils.

Information Disclosure Coreutils
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35353 LOW PATCH GHSA Monitor

The mkdir utility in uutils coreutils creates directories with default umask-derived permissions (0755) before applying the requested mode via chmod, creating a race condition window where a directory intended to be private becomes briefly accessible to other local users. This affects uutils coreutils versions prior to 0.6.0 and requires local authenticated access to exploit, limiting real-world impact despite the CVSS score of 3.3.

Authentication Bypass Coreutils
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-34067 LOW PATCH GHSA Monitor

Nimiq Core-rs-Albatross prior to v1.3.0 crashes when processing malformed transaction inclusion proofs with mismatched history and positions arrays. A remote attacker can trigger a denial of service by sending a crafted ResponseTransactionsProof with unequal array lengths, causing the HistoryTreeProof::verify function to panic. The vulnerability requires high attack complexity and user interaction, limiting real-world impact despite network accessibility.

Denial Of Service
NVD GitHub
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-33599 LOW PATCH Monitor

dnsdist's Discovery of Designated Resolvers (DDR) upgrade mechanism allows a rogue backend to send a crafted SVCB response that causes a denial of service via availability impact when DDR is explicitly enabled through the autoUpgrade (Lua) or auto_upgrade (YAML) configuration options. The vulnerability requires adjacent network access and high complexity exploitation conditions, affecting only deployments that have manually enabled DDR functionality-a non-default configuration.

Information Disclosure Buffer Overflow Dnsdist
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-33596 LOW PATCH Monitor

dnsdist can experience a denial-of-service condition through query-response mismatching when a client sends precisely timed floods of queries routed to TCP-only or DNS over TLS backends. An adjacent network attacker with high timing precision can cause limited availability impact by desynchronizing the query-response correlation on affected backends, though exploitation requires favorable network conditions and careful query timing. This issue carries a low CVSS score (3.1) reflecting the high attack complexity and adjacency requirement.

Information Disclosure Integer Overflow Dnsdist
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-6416 LOW PATCH Monitor

Uncontrolled resource consumption in Tanium Interact allows authenticated high-privilege administrators to trigger a denial of service condition through network-accessible endpoints. The vulnerability requires high-level administrative privileges (PR:H) and produces only availability impact with no confidentiality or integrity compromise. CVSS base score of 2.7 reflects the severe privilege barrier and limited impact scope.

Denial Of Service Interact
NVD VulDB
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-6392 LOW PATCH Monitor

Information disclosure vulnerability in Tanium Threat Response allows high-privileged authenticated users to access sensitive data via network requests. The vulnerability affects all versions of Threat Response and requires administrator-level privileges to exploit, resulting in confidentiality impact with no integrity or availability compromise. No active exploitation has been publicly identified.

Information Disclosure Threat Response
NVD VulDB
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-6408 LOW PATCH Monitor

Tanium Server allows high-privileged authenticated users to disclose sensitive information through an unspecified network-accessible mechanism. The vulnerability requires administrative or equivalent privileges and carries a low CVSS score (2.7) reflecting limited impact to confidentiality with no integrity or availability consequences. No active exploitation or public proof-of-concept has been identified.

Information Disclosure Tanium Server
NVD VulDB
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-6842 LOW PATCH Monitor

Nano text editor creates ~/.local directory with overly permissive 0777 permissions instead of 0700 in environments with permissive umask settings, allowing local authenticated users to inject malicious .desktop launcher files that could lead to information disclosure or unintended actions when processed. CVSS score 2.5 reflects local attack vector and low integrity impact, with active exploitation status unknown and no public exploit code identified at time of analysis.

Information Disclosure Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +2
NVD VulDB
CVSS 3.1
2.5
EPSS
0.0%
CVE-2026-6019 LOW PATCH Monitor

CPython's http.cookies.Morsel.js_output() method generates inline script snippets that fail to neutralize the HTML parser-sensitive sequence </script>, allowing attackers with high privilege levels to inject arbitrary JavaScript by crafting malicious cookie values. While the method escapes double quotes for JavaScript string context, it does not prevent premature termination of the script element through </script> injection, resulting in limited information disclosure. The vendor has released patches addressing this inadequate escaping mechanism through base64-encoding of cookie values.

Information Disclosure Cpython
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-41677 LOW PATCH GHSA Monitor

Buffer over-read in rust-openssl's password callback APIs allows information disclosure when a user-supplied callback returns a value larger than the provided buffer. The vulnerability affects rust-openssl bindings to OpenSSL 1.x and 2.x; OpenSSL 3.x implementations are not vulnerable. An attacker who controls the password callback can read sensitive data from adjacent memory regions.

Buffer Overflow Information Disclosure OpenSSL
NVD GitHub VulDB
CVSS 4.0
1.7
EPSS
0.1%
CVE-2026-41140 LOW PATCH GHSA Monitor

Path traversal vulnerability in Poetry's tar extraction function allows arbitrary file writes when processing untrusted source distributions on Python 3.10.0-3.10.12 and 3.11.0-3.11.4, where the tarfile.data_filter safety mechanism is absent or broken. The vulnerability is triggered during dependency resolution (poetry add --lock) or installation before the build backend executes, enabling attackers to write files outside the intended extraction directory via crafted tar member paths, symlinks, or hardlinks in malicious sdists.

Ubuntu RCE Python Path Traversal Debian
NVD GitHub VulDB
CVSS 4.0
0.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy