Skip to main content
CVE-2026-5942 MEDIUM This Month

Use-after-free vulnerability in Foxit PDF Editor and PDF Reader allows local attackers to crash the application by manipulating document page lifecycle events, causing internal component states to desynchronize and subsequent operations to reference invalidated memory objects. Attack requires user interaction to open a malicious PDF file and does not enable information disclosure or code execution; impact is denial of service with CVSS 5.5 (medium severity). No public exploit code or active exploitation confirmed at time of analysis.

Memory Corruption Use After Free Denial Of Service Foxit Pdf Editor Foxit Pdf Reader
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-15626 MEDIUM This Month

Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application

Apple Authentication Bypass
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-32655 MEDIUM PATCH This Month

Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Information Disclosure Dell
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-7145 MEDIUM This Month

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attack may be initiated remotely. The project was informed of the problem early through an issue report but has not responded yet.

PHP Authentication Bypass
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-6357 MEDIUM PATCH This Month

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.

Information Disclosure Python Suse Red Hat
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-33566 MEDIUM This Month

Cypher injection in LogonTracer prior to v2.0.0 allows remote attackers to alter database contents by submitting specially crafted Windows event log data. The vulnerability requires user interaction to load the malicious log data but results in integrity compromise of the underlying database due to improper input sanitization in Cypher query construction.

Microsoft Code Injection Nosql Injection
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-42371 MEDIUM PATCH This Month

uriparser before 1.0.1 suffers a numeric truncation vulnerability in text range comparison that causes denial of service when processing URIs with gigabyte-scale lengths. The flaw occurs because internal range comparisons truncate large numeric values, allowing maliciously crafted oversized URIs to bypass length validation and trigger memory exhaustion or processing failures. Local attackers can exploit this via specially constructed input, though practical exploitation requires an application to accept and process URIs of exceptional size.

Information Disclosure Uriparser
NVD GitHub VulDB
CVSS 3.1
5.1
EPSS
0.0%
CVE-2026-40971 MEDIUM PATCH This Month

When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0-4.0.5 (fix 4.0.6), 3.5.0-3.5.13 (fix 3.5.14) per vendor advisory.

Information Disclosure Java
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-40970 MEDIUM PATCH This Month

When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server. Affected: Spring Boot 4.0.0-4.0.5; upgrade to 4.0.6 or later per vendor advisory.

Java Information Disclosure Elastic
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-40557 MEDIUM PATCH This Month

Improper certificate validation in Apache Storm Prometheus Reporter versions 2.6.3 to 2.8.6 allows man-in-the-middle attacks across all TLS connections in the Storm daemon when the skip_tls_validation configuration option is enabled. Enabling this setting for Prometheus PushGateway connections inadvertently downgrades the JVM-wide SSL context, causing all subsequent HTTPS communications (ZooKeeper, Thrift, Netty, UI) to trust arbitrary certificates without validation, enabling interception of cluster state, topology submissions, and administrative credentials. No public exploit code identified at time of analysis, and EPSS scoring of 0.01% reflects the requirement for explicit administrator misconfiguration to trigger the vulnerability.

Apache Information Disclosure
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-5362 MEDIUM This Month

An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3.

XSS Pimcore
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-35901 MEDIUM This Month

A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the same media track within a single RTSP session. This causes the server to reset the RTSP connection, leading to a denial-of-service condition.

Denial Of Service
NVD GitHub
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-30462 MEDIUM This Month

A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal.

Path Traversal
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-30346 MEDIUM This Month

An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL.

Google Open Redirect N A
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy