Skip to main content
CVE-2026-42034 MEDIUM POC PATCH GHSA This Month

Axios versions prior to 1.15.1 and 0.31.1 allow remote attackers to bypass maxBodyLength restrictions on stream request bodies when maxRedirects is set to 0, enabling denial of service through oversized uploads that consume unbounded server resources. The vulnerability affects the native http/https transport path in Node.js environments and enables attackers to send streamed payloads that exceed configured size limits, potentially exhausting memory or bandwidth on the target application.

Node.js Denial Of Service Red Hat
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-2028 MEDIUM This Month

MaxiBlocks Builder plugin for WordPress up to version 2.1.8 allows authenticated attackers with Author-level access to delete arbitrary files in the wp-content/uploads directory via the 'maxi_remove_custom_image_size' AJAX action due to insufficient file ownership validation. This enables deletion of media uploaded by other users and administrators without proper authorization checks, violating file integrity despite the CVSS 5.3 score reflecting limited direct impact.

WordPress Authentication Bypass
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-5488 MEDIUM This Month

ExactMetrics Google Analytics Dashboard for WordPress versions up to 9.1.2 allow authenticated subscribers to retrieve Google Ads access tokens and reset Google Ads integration settings through missing authorization checks in AJAX handlers. Although a nonce is verified, two AJAX endpoints (get_ads_access_token and reset_experience) lack the capability checks present in similar endpoints, enabling attackers with subscriber-level access to perform administrative actions. The CVSS vector (AV:N/AC:L/PR:N/UI:N) reflects network-accessible unauthenticated exploitation, but the description indicates authenticated subscriber access is required, creating a discrepancy between reported CVSS and actual attack prerequisites.

PHP Google Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-41418 MEDIUM PATCH This Month

4ga Boards prior to version 3.3.5 leaks valid usernames and email addresses through response timing analysis on the login endpoint. An unauthenticated attacker can distinguish between invalid credentials (where the username/email does not exist) and valid credentials with an incorrect password by measuring response times, with a ~4.4× timing difference detectable in a single request over the network. This enables user enumeration attacks without brute-force constraints, allowing reconnaissance for subsequent account takeover attempts.

Information Disclosure 4Gaboards
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3569 MEDIUM This Month

Liaison Site Prober plugin for WordPress allows unauthenticated attackers to retrieve sensitive audit log data including IP addresses, user IDs, usernames, and login events through an improperly secured REST API endpoint (/wp-json/site-prober/v1/logs) in all versions up to 1.2.1. The vulnerability stems from a permission callback that unconditionally returns true without validating user capabilities, enabling information disclosure with network-level access and no authentication required. No public exploit code or active exploitation has been identified at time of analysis.

Information Disclosure WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-5347 MEDIUM This Month

Unauthenticated attackers can modify the custom post type slug for the HM Books Gallery plugin in WordPress versions up to 4.8.0 by submitting a crafted POST request to the admin_init hook, bypassing all capability and nonce checks. This vulnerability allows modification of the 'wbg_cpt_slug' option without authentication, changing the URL structure for all book entries, breaking existing links, and degrading SEO rankings. No public exploit code or active exploitation has been identified at the time of analysis.

PHP WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-6810 MEDIUM This Month

Insecure Direct Object Reference in Booking Calendar Contact Form plugin for WordPress (all versions up to 1.2.63) allows authenticated attackers with Subscriber-level privileges to hijack other users' calendars and access associated user data by exploiting missing validation on user-controlled keys in the dex_bccf_admin_int_calendar_list.inc.php file. The CVSS score of 5.3 reflects network-accessible exploitation without user interaction, though the vulnerability requires valid WordPress authentication at Subscriber level or higher.

PHP WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-31052 MEDIUM This Month

Denial of service in Hostbill versions 2025-11-24 and 2025-12-01 allows remote unauthenticated attackers to degrade service availability through the Checkout Authentication Flow component via uncontrolled resource consumption (likely improper rate limiting). The vulnerability has a low-to-moderate CVSS score (5.3) reflecting limited impact scope, but exploitation requires no authentication or user interaction and can be triggered over the network.

Denial Of Service
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-31955 MEDIUM PATCH This Month

Server-Side Request Forgery in Xibo CMS prior to version 4.4.1 allows high-privilege authenticated users with DataSet permissions to make arbitrary HTTP requests from the CMS server to internal or external resources, enabling infrastructure reconnaissance, cloud metadata access (e.g., AWS IMDS), and potential data exfiltration. Exploitation requires both 'Add DataSet' privilege and DataSet management capabilities, which are not default non-admin permissions, limiting the attack surface to trusted insiders or compromised administrative accounts.

Microsoft SSRF
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-31050 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Hostbill versions 2025-11-24 and 2025-12-01 allows high-privilege remote attackers to execute arbitrary code in admin and client interface contexts without user interaction. The CVSS score of 4.9 reflects the requirement for authenticated high-privilege access, but the presence of publicly available exploit code and the vulnerability's presence in both admin and client interfaces increase real-world risk beyond the base score. The discrepancy between the CWE-79 classification (XSS) and tags indicating RCE capability suggests stored XSS enabling indirect code execution or privilege escalation within the application.

XSS RCE
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%
CVE-2026-41174 MEDIUM PATCH GHSA This Month

Traefik versions prior to 2.11.43, 3.6.14, and 3.7.0-rc.2 fail to enforce cross-namespace isolation for middleware references nested inside Chain middlewares, allowing actors with permission to create CRDs in their own namespace to bypass the allowCrossNamespace=false restriction and apply middleware from arbitrary namespaces. This authorization bypass affects Kubernetes clusters relying on namespace isolation controls and can enable unauthorized reuse of security-sensitive middleware policies across namespace boundaries.

Kubernetes Information Disclosure RCE Red Hat Suse
NVD GitHub
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-31572 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: i2c: designware: amdisp: Fix resume-probe race condition issue Identified resume-probe race condition in kernel v7.0 with the commit 38fa29b01a6a ("i2c: designware: Combine the init functions"),but this issue existed from the beginning though not detected. The amdisp i2c device requires ISP to be in power-on state for probe to succeed. To meet this requirement, this device is added to genpd to control ISP power using runtime PM. The pm_runtime_get_sync() called before i2c_dw_probe() triggers PM resume, which powers on ISP and also invokes the amdisp i2c runtime resume before the probe completes resulting in this race condition and a NULL dereferencing issue in v7.0 Fix this race condition by using the genpd APIs directly during probe: - Call dev_pm_genpd_resume() to Power ON ISP before probe - Call dev_pm_genpd_suspend() to Power OFF ISP after probe - Set the device to suspended state with pm_runtime_set_suspended() - Enable runtime PM only after the device is fully initialized

Information Disclosure Race Condition Linux Red Hat Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-31535 MEDIUM PATCH This Month

A race condition in the Linux kernel SMB client's recv_io credit management allows local authenticated users to cause a denial of service through timing-sensitive credit accounting between incoming data reception and completion processing. The vulnerability affects SMBDirect socket credit handling where credits may be granted to peers before corresponding recv buffers are actually posted, creating a window where credit accounting becomes inconsistent. Exploitation requires local access and moderate complexity but is not confirmed as actively exploited (not listed in CISA KEV).

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-41244 MEDIUM PATCH This Month

Mojic prior to version 2.1.4 allows attackers to bypass HMAC-SHA256 file integrity verification through a timing attack against the CipherEngine's comparison function. The vulnerability stems from use of a standard equality operator (!=== in JavaScript) instead of constant-time comparison during decryption, enabling an attacker with local file access to forge or tamper with emoji-encoded files. While CVSS score is moderate (4.7), the attack requires user interaction and local access, limiting real-world exploitability.

Authentication Bypass Mojic
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-59308 MEDIUM This Month

Institution administrators with Site staff role in Mahara can impersonate institution members in other institutions where they lack administrative privileges, bypassing intended access controls on multi-tenanted deployments. Affects Mahara versions before 24.04.10 and 25.x before 25.04.1. This requires high-privilege authentication (Site staff role) and does not involve network exploitation of unauthenticated services, limiting real-world attack surface to insider threats within organizations running affected versions.

Authentication Bypass N A
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-31620 MEDIUM PATCH This Month

Null pointer dereference in the ALSA TASCAM US-144MKII USB audio driver allows local attackers with physical access to a malicious USB device to cause a kernel panic and denial of service. The vulnerability exists because the driver fails to validate that USB interface 0 exists before dereferencing it, and attackers can craft a malicious USB configuration that includes only interface 1, triggering the crash when the device is connected.

Null Pointer Dereference Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-38743 MEDIUM PATCH This Month

Apache Airflow versions prior to 3.2.1 fail to enforce per-DAG access control on the /ui/dags endpoint, allowing authenticated users with read access to at least one DAG to retrieve Human-in-the-Loop prompts and full TaskInstance details for DAGs outside their authorized scope. This information disclosure bypasses the intended per-DAG RBAC boundary, exposing operator parameters and task context data to all authenticated users regardless of their assigned DAG permissions.

Information Disclosure Airflow
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-11762 MEDIUM This Month

HubSpot All-In-One Marketing plugin for WordPress (versions up to 11.3.32) exposes sensitive information via the class-adminconstants.php file, allowing authenticated users with Contributor-level access or higher to retrieve a complete list of installed plugins and their versions. This information disclosure enables reconnaissance for follow-on attacks targeting vulnerable plugins, though exploitation requires valid WordPress authentication and contributor-level privileges.

Information Disclosure PHP WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-31956 MEDIUM PATCH This Month

Xibo CMS before version 4.4.1 allows authenticated users to bypass access controls and view campaigns, regions, and reports belonging to other users by manually constructing preview URLs. The vulnerability affects any authenticated user with Layout Management, Campaign Management, or Report viewing privileges and results in unauthorized information disclosure with no impact on data integrity or availability.

Microsoft Authentication Bypass
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-6393 MEDIUM This Month

BetterDocs plugin for WordPress versions up to 4.3.11 allows authenticated subscribers and higher to trigger arbitrary OpenAI API calls using the site's configured API key due to missing capability checks in the generate_openai_content_callback() function. An attacker with subscriber-level access can supply arbitrary prompts to exhaust the site owner's paid AI API quota without authorization, resulting in unauthorized financial impact and service degradation. No public exploit code or active exploitation has been identified at time of analysis.

WordPress Authentication Bypass Elementor
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-40690 MEDIUM PATCH This Month

Apache Airflow versions prior to 3.2.1 allow authenticated users with read access to at least one directed acyclic graph (DAG) to enumerate and discover the names and existence of all other DAGs and assets in the deployment, regardless of their assigned permissions. This information disclosure vulnerability enables privilege escalation reconnaissance by revealing the complete asset topology to users with limited scope authorization. The vulnerability requires valid user credentials but no elevated privileges, and has no known public exploit code at time of analysis.

Information Disclosure Airflow
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3565 MEDIUM This Month

Cross-Site Request Forgery (CSRF) in Taqnix WordPress plugin versions up to 1.0.3 allows unauthenticated attackers to trick logged-in users into deleting their own accounts via a forged request. The vulnerability stems from a commented-out nonce verification check in the taqnix_delete_my_account() function, making account deletion unprotected against CSRF attacks. No public exploit code or active exploitation has been identified, though the attack requires user interaction (clicking a malicious link or visiting a compromised page).

WordPress CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-41079 MEDIUM PATCH This Month

OpenPrinting CUPS before version 2.4.17 allows network-adjacent attackers to read up to 176 bytes of stack memory via a crafted SNMP response sent to the CUPS SNMP backend, with leaked data visible to authenticated users through IPP Get-Printer-Attributes responses and the web interface. The vulnerability requires adjacency on the network but no authentication, making it a low-severity information disclosure risk in environments where SNMP-enabled printers are accessible from untrusted networks.

Buffer Overflow Information Disclosure Suse Red Hat
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-40254 MEDIUM PATCH This Month

FreeRDP versions prior to 3.25.0 allow path traversal attacks through an off-by-one error in the drive redirection filter, enabling rogue RDP servers to read, list, or write files one directory above the client's shared folder via RDPDR requests. Exploitation requires the victim to connect with drive redirection enabled and interact with a malicious RDP server, making this a user-interaction-dependent remote attack with moderate CVSS score (4.2) but real-world impact limited by connection and configuration requirements.

Path Traversal Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-42095 MEDIUM PATCH This Month

KDE Arianna's bookserver before version 26.04.1 allows local attackers to read arbitrary files over socket connections by guessing URLs without authentication, exploiting missing input validation on the bookserver endpoint. The vulnerability requires local access and does not affect confidentiality of other system components; no public exploit code or active exploitation has been identified.

Authentication Bypass Suse
NVD GitHub VulDB
CVSS 3.1
4.0
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy