Skip to main content
CVE-2026-42641 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in ILLID Share This Image share-this-image allows Server Side Request Forgery.This issue affects Share This Image: from n/a through <= 2.14.

SSRF Share This Image
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-6915 MEDIUM PATCH This Month

An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account.

Information Disclosure Red Hat
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-22745 MEDIUM PATCH This Month

Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: * the application is using Spring MVC or Spring WebFlux * the application is serving static resources from the file system * the application is running on a Windows platform When all the conditions above are met, the attacker can send malicious requests that are slow to resolve and that can keep HTTP connections in use. This can cause a Denial of Service on the application.

Microsoft Java Denial Of Service Red Hat
NVD HeroDevs VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-42229 MEDIUM PATCH GHSA This Month

SQL injection in n8n's SeaTable node allows remote unauthenticated attackers to bypass row-level access controls and retrieve unintended data from SeaTable databases when workflows accept user-controlled input via expressions in search or row retrieval parameters. The vulnerability affects n8n versions before 1.123.32, 2.17.4, and 2.18.1, and requires specific workflow configuration combining the SeaTable node with external user input passed through expressions. No public exploit code or active exploitation has been confirmed at time of analysis.

SQLi
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-42233 MEDIUM PATCH GHSA This Month

SQL injection in n8n's Oracle Database node allows attackers to inject arbitrary SQL commands through the Limit field when user-controlled input is passed via expressions, enabling data exfiltration from connected Oracle databases. Exploitation requires a specific workflow configuration where external input (e.g., from webhooks) reaches the Limit field; authentication depends on the webhook's access controls. The vulnerability affects n8n versions prior to 1.123.32, 2.17.4, and 2.18.1, and vendor-released patches are available.

Oracle Code Injection
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-4019 MEDIUM This Month

The Complianz - GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/{post_id}/{block_id} using __return_true as the permission_callback, allowing any unauthenticated user to access it. The cmplz_rest_consented_content() function retrieves a post by ID via get_post() and returns the consentedContent attribute of any complianz/consent-area block found in it, without checking if the post is published or if the user has permission to read it. This makes it possible for unauthenticated attackers to read the consent area block content from private, draft, or unpublished posts.

WordPress Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-42237 MEDIUM PATCH GHSA This Month

SQL injection in n8n Snowflake and legacy MySQL v1 nodes allows authenticated users with workflow creation permissions to execute arbitrary SQL against connected databases by injecting malicious table names, column names, or update keys via expression inputs. This vulnerability affects n8n versions before 1.123.32, 2.17.4, and 2.18.1; successful exploitation enables data exfiltration, modification, or deletion. The flaw represents an incomplete fix to a prior SQL injection vulnerability (GHSA-f3f2-mcxc-pwjx) that already patched MySQL, PostgreSQL, and SQL Server nodes but overlooked the Snowflake node and legacy MySQL v1 implementation.

SQLi
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-42644 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through <= 4.3.10.

Information Disclosure Betterdocs
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-42642 MEDIUM This Month

Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through <= 4.14.5.

Authentication Bypass Givewp
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-41484 MEDIUM PATCH GHSA This Month

### Summary When exporting telemetry to a back-end/collector over HTTP using the OpenTelemetry.Exporter.OneCollector exporter, if the request results in a unsuccessful request (i.e. HTTP 4xx or 5xx), the response is read into memory with no upper-bound on the number of bytes consumed. This could cause memory exhaustion in the consuming application if the configured back-end/collector endpoint is attacker-controlled (or a network attacker can MitM the connection) and an extremely large body is returned by the response. ### Details The [`HttpJsonPostTransport`](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/blob/171c6b81f88831641b56b470e6f92862e605013d/src/OpenTelemetry.Exporter.OneCollector/Internal/Transports/HttpJsonPostTransport.cs) class reads the response body when a non-200 HTTP status code is received when exporting telemetry to aid debugging by operators so that the error response is included in the logs emitted by the exporter. An attacker who controls the configured endpoint, or who can intercept traffic to them (MiTM), can return an arbitrarily large response body. This causes unbounded heap allocation in the consuming process, leading to high transient memory pressure, garbage-collection stalls, or an OutOfMemoryException that terminates the process. ### Impact If an application using the OneCollector exporter is configured to use a back-end/collector endpoint that is attacker-controlled (or a network attacker can MitM the connection) and an extremely large body is returned by the response the application could have its memory exhausted and create a denial-of-service condition. ### Mitigation The application's configured back-end/collector endpoint needs to behave maliciously. If the collector/back-end is a well-behaved implementation response bodies should not be excessively large if a request error occurs. ### Workarounds Use network-level controls (firewall rules, mTLS, service mesh) to prevent Man-in-the-Middle (MitM) attacks on the configured back-end/collector endpoint. ### Remediation [#4117](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/pull/4117) updates the OneCollector exporter to limit the number of bytes read from the response body in an error condition to 4MiB. ### Resources - [#4117](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/pull/4117)

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-41662 MEDIUM PATCH GHSA This Month

Admidio 5.0.8 and earlier allows authenticated administrators to remove all other administrators from the system via Role::stopMembership(), which lacks a minimum-administrator-count validation check. Two colluding or compromised admin accounts can sequentially remove each other, leaving zero administrators and locking administrative access. The vulnerability requires high privileges (PR:H) and user interaction (UI:R) but results in complete denial of administrative access once exploited.

PHP Authentication Bypass Python
NVD GitHub
CVSS 3.1
5.2
EPSS
0.0%
CVE-2026-42230 MEDIUM PATCH GHSA This Month

Open redirect vulnerability in n8n's MCP OAuth consent flow allows unauthenticated attackers to register arbitrary redirect URIs and silently redirect users to attacker-controlled URLs when they deny OAuth consent. The `/mcp-oauth/register` endpoint lacks authentication and the `handleDeny` handler does not validate redirect destinations, enabling phishing attacks via crafted links. CVSS 4.7 (network-accessible, requires user interaction). Patches available: versions 1.123.32, 2.17.4, and 2.18.1 or later.

Open Redirect
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2026-40229 MEDIUM This Month

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML notification emails sent to other users.This issue affects helpy: 2.8.0.

XSS Helpy
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-0206 MEDIUM This Month

A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.

Buffer Overflow Stack Overflow Sonicos
NVD VulDB
CVSS 3.1
4.9
EPSS
0.1%
CVE-2026-41657 MEDIUM PATCH GHSA This Month

Admidio 5.0.8 and earlier allows user managers with rol_edit_user permission to bypass multi-tenant organization isolation and retrieve complete member directories across all organizations by directly calling the contacts_data.php endpoint with mem_show_filter=3, exploiting a permission check mismatch between the frontend UI (which correctly requires isAdministrator() and contacts_show_all setting) and the backend API endpoint (which only requires the weaker isAdministratorUsers() check). Affected data includes full names, email addresses, login names, UUIDs, and all configured profile fields from unauthorized organizations. This is confirmed actively exploited vulnerability with patch available in version 5.0.9.

Authentication Bypass PHP
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-40230 MEDIUM This Month

Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0.

XSS Helpy
NVD GitHub
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-41686 MEDIUM PATCH GHSA This Month

The `BetaLocalFilesystemMemoryTool` in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes (`0o666` for files, `0o777` for directories), leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask such as many Docker base images. A local attacker on a shared host could read persisted agent state, and in containerized deployments could modify memory files to influence subsequent model behavior. Users on the affected versions are advised to update to the latest version. Claude SDK thanks `lucasfutures` for the report.

Docker Information Disclosure Node.js
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-1858 MEDIUM PATCH This Month

GNU wget2 incorrectly validates TLS server certificates, accepting certificates with improper Key Usage (KU) or Extended Key Usage (EKU) attributes. This allows attackers who have compromised certificates issued for non-server purposes to impersonate legitimate servers in TLS connections, enabling man-in-the-middle attacks that leak sensitive information such as authentication credentials or request/response data.

Information Disclosure Wget2
NVD VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-7439 MEDIUM PATCH This Month

AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement on sensitive operations. Attackers can exploit this content-type validation weakness through browser-driven or local cross-origin requests to abuse the localhost API and enable attack chains against the local control plane.

Information Disclosure Agentflow
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-41656 MEDIUM PATCH GHSA This Month

Path traversal in Admidio's document add mode allows authenticated attackers to register arbitrary server files into document folders via unvalidated `name` parameter, enabling arbitrary file read when combined with CSRF. A low-privileged user can trick a documents administrator into clicking a malicious link to register sensitive files like `install/config.php` (containing database credentials) into a publicly accessible documents folder, then download those files using the attacker's own session. The vulnerability chains insufficient input validation (accepts `../` sequences), missing CSRF protection on the `add` action, and `SameSite=Lax` cookies that permit cross-site GET requests from administrators.

PHP CSRF Path Traversal
NVD GitHub
CVSS 3.1
4.5
EPSS
0.0%
CVE-2026-26204 MEDIUM PATCH This Month

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, resulting in writing a NULL byte exactly 1 byte before the start of the buffer allocated by strdup. Due to unsigned integer underflow and pointer arithmetic wrapping, the write lands at offset -1 from the buffer, corrupting heap metadata. A malicious actor can potentially leverage this issue through a compromised agent to cause denial of service or heap corruption by injecting a specially crafted alert into the alerts log file monitored by wazuh-logcollector. This issue has been patched in version 4.14.4.

Buffer Overflow Denial Of Service Wazuh
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-42525 MEDIUM PATCH This Month

Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.

Jenkins Microsoft Open Redirect
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-42522 MEDIUM PATCH This Month

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials.

Jenkins Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-42519 MEDIUM PATCH This Month

A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths.

Jenkins Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-42648 MEDIUM This Month

Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through <= 2.19.22.

Authentication Bypass Spectra
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-42645 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Cross Site Request Forgery.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.11.0.

CSRF Barcode Scanner With Inventory Order Manager
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-23773 MEDIUM PATCH This Month

Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.

SSRF Dell
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy