Skip to main content
CVE-2026-42146 MEDIUM This Month

Denial of service in CImg Library prior to version 3.7.5 allows local attackers to crash applications via crafted BMP files with oversized nb_colors header fields. The vulnerability stems from unchecked allocation of memory based on user-supplied file header data, causing out-of-memory conditions when loading untrusted BMP files. No authentication or network access required; user interaction (file opening) is the sole prerequisite.

Denial Of Service
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-33007 MEDIUM PATCH This Month

Null pointer dereference in mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows unauthenticated remote attackers to crash child processes in caching forward proxy configurations, resulting in denial of service. The vulnerability has CVSS 5.3 (medium) with network accessibility and no authentication required, but is limited to partial availability impact affecting only specific proxy deployments. Vendor-released patch: version 2.4.67.

Red Hat Suse Null Pointer Dereference Denial Of Service Apache +1
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-33857 MEDIUM PATCH This Month

Out-of-bounds read in mod_proxy_ajp of Apache HTTP Server through version 2.4.66 allows remote unauthenticated attackers to disclose sensitive information via a crafted AJP protocol request. The vulnerability has a CVSS score of 5.3 (moderate) with no active exploitation confirmed. Upgrade to version 2.4.67 to remediate.

Red Hat Suse Information Disclosure Apache Buffer Overflow +1
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-34032 MEDIUM PATCH This Month

Improper null termination and out-of-bounds read vulnerability in Apache HTTP Server through version 2.4.66 allows remote unauthenticated attackers to trigger information disclosure with low complexity exploitation. The vulnerability has a CVSS score of 5.3 (medium) with network-accessible attack vector and no user interaction required, though technical impact is limited to confidentiality (partial information disclosure). Vendor-released patch: version 2.4.67 addresses the issue.

Red Hat Suse Apache Buffer Overflow Apache HTTP Server
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-6501 MEDIUM This Month

XML external entity (XXE) injection in jOpenDocument 1.5 allows authenticated remote attackers to trigger denial of service through XML bomb attacks (billion laughs) by submitting specially crafted documents. The vulnerability affects document parsing functionality and requires valid user authentication, limiting but not eliminating real-world risk in multi-tenant or collaborative document processing environments. EPSS and KEV status not provided, but SSVC framework indicates automatable exploitation with partial technical impact.

XXE Jopendocument
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-41891 MEDIUM PATCH GHSA This Month

Deactivated user accounts in CI4MS retain full backend access until session expiration because the authentication filter fails to re-check the active status field for existing sessions. When an administrator sets a user's active field to 0, the user's session cookie remains valid and auth()->loggedIn() continues returning true, allowing the deactivated user to access protected resources for up to 7200 seconds (default session timeout). The vulnerability exists because code to enforce this check was commented out since the filter's initial commit and never activated.

Information Disclosure
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-35527 MEDIUM PATCH GHSA This Month

Blind server-side request forgery in Incus allows authenticated users to trigger arbitrary HEAD requests to internal or external endpoints during image import preflight validation, bypassing the restricted.images.servers project restriction. While the actual image download is blocked by project policies, the preflight HEAD request executes before validation occurs, enabling attackers to probe internal services, cloud metadata endpoints, or unroutable address space reachable from the Incus host. No public exploit code identified at time of analysis, though proof-of-concept reproduction is documented in the advisory.

Debian SSRF Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-42051 MEDIUM PATCH GHSA This Month

Missing authorization in Kirby CMS allows authenticated Panel users without access.system permission to retrieve sensitive system information including installed Kirby version and license data via the /api/system REST API endpoint. This information can be leveraged for reconnaissance during subsequent attacks. Vendor-released patches: Kirby 4.9.0 and 5.4.0.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-42174 MEDIUM PATCH GHSA This Month

Missing authorization in Kirby CMS allows authenticated users with file permissions to create, replace, or delete user avatars regardless of whether they hold the required user.update or users.update permissions. This authorization bypass affects Kirby versions up to 4.8.0 and 5.0.0 through 5.3.3, with patches available in Kirby 4.9.0 and 5.4.0. No public exploit code has been identified, and active exploitation is not confirmed.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-41648 MEDIUM GHSA This Month

Incus versions up to 6.23.0 allow authenticated users to trigger denial of service by uploading crafted image or backup tarballs containing oversized YAML metadata files that consume excessive server memory during parsing. When metadata.yaml or backup/index.yaml entries declare large sizes in the tar header, the YAML decoder reads and allocates 5-6x the input size without limits, potentially exhausting memory on constrained daemons; a 200 MB YAML entry may trigger 1.2 GB of heap allocations. Vendor-released patch available in v7.0.0.

Denial Of Service Suse
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-42077 MEDIUM PATCH This Month

Prototype pollution in EvoMap Evolver versions prior to 1.69.3 allows local attackers with high privileges to inject malicious properties into Object.prototype via unfiltered Object.assign() calls in the mailbox store module, potentially modifying the behavior of all JavaScript objects and causing information disclosure or denial of service. The vulnerability requires file system write access to the messages.jsonl persistence file and high privileges, limiting real-world exploitability to insider or local compromise scenarios.

Prototype Pollution Code Injection
NVD GitHub
CVSS 3.1
5.2
EPSS
0.0%
CVE-2026-42310 MEDIUM PATCH GHSA This Month

Pillow's PDF parser enters an infinite loop when processing maliciously crafted PDF files with circular Prev pointer references in trailer sections, causing 100% CPU consumption and application hang. All versions from 4.2.0 through 12.1.x are affected. The vulnerability is a denial-of-service condition affecting any application using Pillow to parse untrusted PDFs. Vendor-released patch: version 12.2.0.

Denial Of Service Python Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-42308 MEDIUM PATCH GHSA This Month

Integer overflow in Pillow's font glyph processing allows remote code execution or denial of service when handling maliciously crafted fonts with extremely large glyph advance values. Pillow versions before 12.2.0 are affected. The vulnerability is triggered during font rendering operations where position tracking accumulates glyph advances without proper bounds checking, leading to wraparound arithmetic that can corrupt memory or crash the interpreter.

Integer Overflow Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-42309 MEDIUM PATCH GHSA This Month

Heap buffer overflow in Pillow 11.2.1 through 12.1.x allows local attackers to cause denial of service or potentially execute arbitrary code by passing deeply nested list structures as coordinates to ImagePath.Path, ImageDraw.polygon, or ImageDraw.line APIs, which recursively unpack coordinates beyond allocated buffer boundaries.

Heap Overflow Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-6948 MEDIUM PATCH This Month

Velociraptor server versions before 0.76.4 are vulnerable to denial of service via resource exhaustion when a compromised or rogue client sends specially crafted messages through the agent control channel, causing out-of-memory conditions and server crashes. The vulnerability requires authenticated client access but can be triggered by any authenticated agent, making it a realistic threat in environments where client integrity cannot be guaranteed. CVSS score of 4.9 reflects high privileges required (PR:H) but complete availability impact.

Denial Of Service Suse
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-33006 MEDIUM PATCH This Month

Timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows remote unauthenticated attackers to bypass Digest authentication with high attack complexity. The vulnerability exploits measurable timing differences in digest credential validation, enabling credential compromise without valid authentication. Apache has released patched version 2.4.67; no active exploitation has been confirmed, but CISA SSVC framework indicates automatable exploitation is not feasible due to the timing attack's sensitivity requirements.

Suse Authentication Bypass Apache Red Hat Apache HTTP Server
NVD VulDB
CVSS 3.1
4.8
EPSS
0.1%
CVE-2026-6500 MEDIUM This Month

ILM Informatique OpenConcerto 1.7.5 stores sensitive passwords in plaintext, allowing authenticated local users to retrieve embedded credentials with low complexity. The vulnerability enables information disclosure of authentication data accessible via local file access, confirmed by CISA SSVC framework as having partial technical impact but no evidence of active exploitation.

Information Disclosure Openconcerto
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-42078 MEDIUM PATCH GHSA This Month

PPTAgent prior to commit 418491a allows authenticated users to write arbitrary files and create directories outside intended workspace boundaries via path traversal in the markdown_table_to_image function. An attacker with login access can supply crafted file paths containing directory traversal sequences to escape the configured workspace and write malicious files to arbitrary locations on the system. The vulnerability requires user interaction (UI:R in CVSS vector) and affects confidentiality and availability, with no public exploit code identified at time of analysis.

Path Traversal Pptagent
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-42086 MEDIUM PATCH This Month

Self-XSS in OpenC3 COSMOS Command Sender UI prior to version 7.0.0 allows authenticated users to execute arbitrary JavaScript in their own browser session via unsafe eval() processing of array parameters. An attacker can exploit this through phishing or by convincing a victim to send a malicious command, potentially stealing session tokens or modifying authenticated data. Patch available in version 7.0.0.

XSS Cosmos
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-42140 MEDIUM PATCH GHSA This Month

Server-Side Request Forgery (SSRF) in PlantUML Macro for XWiki prior to version 2.4.1 allows authenticated users with UI interaction to specify arbitrary PlantUML servers via the server parameter without validation. An attacker can redirect the XWiki server to connect to internal IP addresses or malicious external URLs, enabling reconnaissance of internal infrastructure or attacks on internal services. The vulnerability requires authenticated access and user interaction but operates across scope boundaries (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C). Vendor-released patch available in version 2.4.1.

SSRF Macro Plantuml
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-42085 MEDIUM PATCH This Month

OpenC3 COSMOS before versions 6.10.5 and 7.0.0-rc3 allows authenticated users to write arbitrary files to the shared /plugins directory via path traversal sequences in tool configuration filenames, potentially overwriting other plugins' configuration files. The vulnerability exists in the save_tool_config() function which canonicalizes filenames but does not restrict writes to plugin-specific subdirectories, enabling lateral movement between plugins. CVSS 4.3 reflects low severity due to authentication requirement and limited scope (integrity only), though real-world impact depends on whether plugin configurations contain sensitive data.

Path Traversal Cosmos
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-41685 MEDIUM GHSA This Month

Incus before version 7.0.0 allows authenticated users to exhaust host disk space through unbounded uploads via instance backup import, storage bucket import, storage volume backup import, and storage volume ISO import endpoints. The daemon streams HTTP request bodies directly into temporary files using io.Copy without enforcing maximum request size limits, enabling denial of service on the host system or shared storage in multi-tenant deployments. Public proof-of-concept code demonstrates sustained disk exhaustion by streaming null bytes through application/octet-stream endpoints.

Denial Of Service Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy