Skip to main content
CVE-2025-47405 HIGH This Week

Memory corruption in Qualcomm Snapdragon camera subsystem allows local authenticated users to execute arbitrary code with high privileges through crafted input/output control (ioctl) calls targeting camera sensor interfaces with malformed output buffers. CVSS score of 7.8 reflects local attack vector requiring low-privilege account access. No EPSS data or KEV listing at time of analysis, suggesting exploitation has not been publicly observed. Qualcomm security bulletin scheduled for May 2026 indicates vendor-coordinated disclosure with patches expected in that timeframe.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47407 HIGH This Week

Local privilege escalation in Qualcomm Snapdragon chipsets allows authenticated users to corrupt kernel memory during digital signal processor (DSP) process creation, leading to arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability exploits allocation failure handling at kernel level. Qualcomm has published a security bulletin with remediation details for the May 2026 bulletin cycle. No active exploitation or public exploit code identified at time of analysis, though EPSS data not available to assess probabilistic risk.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-42246 HIGH PATCH GHSA This Week

Man-in-the-middle attackers can strip TLS protection from Ruby net-imap STARTTLS connections by injecting a premature tagged OK response with a predictable tag. The vulnerability allows attackers to bypass TLS encryption, forcing the client to transmit credentials and email content in cleartext while the application believes the connection is secure. Vendor-released patches (net-imap 0.6.4, 0.5.14, 0.4.24, 0.3.10) are available. CVSS 7.6 severity reflects network-accessible attack with low complexity but requires man-in-the-middle positioning. No public exploit code identified at time of analysis, though the attack mechanism is well-documented in security research (NO STARTTLS project).

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.1%
CVE-2026-29169 HIGH PATCH This Week

Remote attackers can crash Apache HTTP Server 2.4.66 and earlier by sending malicious requests that trigger a NULL pointer dereference in mod_dav_lock, causing denial of service. The vulnerability affects only servers with mod_dav_lock enabled, a legacy module whose primary use-case (Apache Subversion < 1.2.0) is obsolete in modern deployments. CISA SSVC indicates no active exploitation, but the attack is automatable against susceptible configurations. CVSS 7.5 (High) reflects network-accessible, unauthenticated denial of service, though real-world impact is limited to the small subset of servers still running mod_dav_lock.

Null Pointer Dereference Denial Of Service Apache Red Hat Apache HTTP Server
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-70069 HIGH PATCH This Week

Assimp 6.0.2 crashes when processing malformed FBX files due to unchecked resource consumption in the FBX multi-material mesh converter. Remote attackers can trigger denial of service (application crash) via network-delivered malicious 3D model files without authentication, requiring no user interaction beyond normal file processing. EPSS data not available; no evidence of active exploitation (not in CISA KEV). Publicly documented proof-of-concept exists via GitHub Gist, enabling straightforward reproduction.

Denial Of Service N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-33846 HIGH PATCH This Week

Heap buffer overflow in GnuTLS DTLS handshake allows remote unauthenticated attackers to crash applications or corrupt memory. The vulnerability stems from inconsistent fragment validation in merge_handshake_packet(), where attackers can send crafted DTLS fragments with conflicting message_length values to trigger out-of-bounds writes. Red Hat reported this affecting RHEL 6-10 and OpenShift Container Platform 4. CVSS 7.5 (High) reflects network-accessible denial of service, though memory corruption may enable further exploitation. No EPSS data, KEV status, or POC availability reported at time of analysis, but the remote unauthenticated attack vector (AV:N/PR:N) and low complexity (AC:L) make this a priority for systems using DTLS.

Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42365 HIGH This Week

Authentication bypass in GeoVision LPC2011/LPC2211 license plate camera firmware version 1.10 allows remote unauthenticated attackers to brute-force predictable session cookies via the Web Interface and gain access to the device. The flaw stems from insufficient randomness in session token generation (CWE-341), enabling attackers to enumerate valid cookies through a crafted series of HTTP requests. No public exploit identified at time of analysis, and EPSS is low at 0.06%, but CISA SSVC rates technical impact as partial with no current exploitation observed.

Information Disclosure Gv Lpc2011 Lpc2211
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42574 HIGH PATCH GHSA This Week

Symlink-following path traversal in apko (versions 0.14.8 through <1.2.5) allows malicious APK archives to write arbitrary files to host paths during build operations. A crafted .apk can install a symlink entry pointing outside the build root, then traverse that symlink via subsequent file-write or directory-creation operations to reach any path writable by the build user. Affects disk-backed operations in apko build-cpio and downstream tools like melange; in-memory tarfs paths (apko build, apko publish) are not vulnerable. Vendor-released patch available in apko v1.2.5. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicates network-reachable unauthenticated exploitation, though practical attack requires convincing a target to process the malicious APK during a build. No EPSS or KEV data available; publicly available exploit code exists in the form of regression tests demonstrating each primitive.

Path Traversal
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-7768 HIGH PATCH GHSA This Week

Unbounded cache growth in @fastify/accepts-serializer versions ≤6.0.3 allows remote unauthenticated attackers to exhaust Node.js heap memory by sending numerous distinct Accept header variants, crashing the application. The plugin caches serializer selections keyed by Accept header without size limits, enabling trivial memory exhaustion attacks against any exposed Fastify endpoint. Fix available in version 6.0.4, which implements an LRU cache with 100-entry default limit. No public exploit code identified at time of analysis, but attack is straightforward to execute with basic HTTP tools.

Denial Of Service Node.js
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-37459 HIGH PATCH This Week

Denial of Service in FRRouting 10.0 through 10.6 allows remote unauthenticated attackers to crash the BGP daemon via a malformed BGP UPDATE message exploiting an integer underflow in next-hop capability processing. Upstream fix available in commit 693a2e0 but released patched version not independently confirmed. No public exploit identified at time of analysis, with EPSS score not provided suggesting low observed exploitation activity.

Denial Of Service N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-43964 HIGH PATCH This Week

Remote denial of service in the Postfix mail transfer agent (before 3.8.16, 3.9.x before 3.9.10, and 3.10.x before 3.10.9) lets attackers crash the process through a malformed enhanced status code that ends immediately after the third numeric component with no trailing text, triggering a buffer over-read. The flaw affects availability only - no data exposure or code execution - and has no public exploit identified at time of analysis. EPSS is very low (0.04%, 11th percentile) and CISA SSVC rates exploitation as none and non-automatable, consistent with a crash-only bug.

Denial Of Service Postfix
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-7776 HIGH PATCH GHSA This Week

Network-accessible denial-of-service in HashiCorp Boundary workers allows unauthenticated remote attackers to block legitimate worker connections by manipulating TLS handshake timing during node enrollment. Attackers can connect to the worker authentication listener and intentionally delay or withhold client certificates, causing connection handlers to block and preventing legitimate workers from enrolling or routing traffic. Both Community Edition and Enterprise versions prior to 0.21.3, 0.20.3, and 0.19.5 are vulnerable. EPSS data not provided; no CISA KEV listing indicating limited observed exploitation. Vendor-confirmed vulnerability with patches released across three active release branches.

Denial Of Service Boundary Boundary Enterprise
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42440 HIGH PATCH GHSA This Week

Remote denial of service in Apache OpenNLP versions before 2.5.9 and 3.0.0-M3 allows unauthenticated attackers to crash JVM processes by uploading malicious .bin model files that trigger OutOfMemoryError through unbounded array allocation. Exploitation requires no authentication (AV:N/AC:L/PR:N) and affects any code path deserializing binary model files from untrusted sources. EPSS score of 0.02% (5th percentile) suggests low widespread exploitation risk, and no active exploitation or public POC has been identified at time of analysis. Vendor-released patches are available with default safeguards limiting count fields to 10 million entries.

Denial Of Service Apache Deserialization Apache Opennlp
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-37461 HIGH PATCH GHSA This Week

Remote attackers can crash GoBGP v4.3.0 by sending a malformed BGP UPDATE message that triggers an out-of-bounds read in IPv6 extended community parsing. The flaw allows unauthenticated denial of service against default configurations with no authentication required (CVSS AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis, and EPSS score of 0.02% (4th percentile) indicates very low observed exploitation probability. Upstream fixes available via GitHub commits 362cce3e and 9ce8936.

Denial Of Service Information Disclosure Buffer Overflow Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42575 HIGH PATCH GHSA This Week

Package substitution in Chainguard apko allows network-positioned attackers to inject arbitrary APK packages into container images during build. apko verifies APKINDEX.tar.gz signatures but fails to validate individual downloaded .apk packages against signed index checksums, accepting mismatched packages silently. Attackers controlling download responses (compromised mirrors, HTTP repositories, poisoned CDN caches) can replace legitimate packages with malicious ones. Fixed in version 1.2.7. CVSS 7.5 with network vector and no authentication required. EPSS data not available; no CISA KEV listing indicates targeted rather than widespread exploitation at time of analysis.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-7371 HIGH This Week

Reflected cross-site scripting in GeoVision LPC2011/LPC2211 Web Interface enables remote attackers to execute arbitrary JavaScript in victim browsers via crafted URLs targeting the ssi.cgi error handler. The vulnerability chains through social engineering (requires user interaction) but achieves high confidentiality impact through changed scope (S:C), allowing session hijacking and credential theft from authenticated administrators. EPSS data not provided; no CISA KEV listing indicates this is not yet confirmed as actively exploited in the wild. Publicly available exploit code status unknown but detailed technical disclosure exists from Cisco Talos Intelligence.

RCE XSS Gv Lpc2011 Lpc2211
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-42366 HIGH This Week

Reflected cross-site scripting in GeoVision LPC2011/LPC2211 1.10 web interface (ssi.cgi) allows remote unauthenticated attackers to execute arbitrary JavaScript in victim browsers via crafted URLs. The vulnerability achieves scope change (S:C in CVSS), enabling access to high-confidentiality data across security contexts despite requiring user interaction. No public exploit code or CISA KEV listing identified at time of analysis, though vendor advisory confirms the flaw. EPSS data not available. The RCE tag appears to be a mislabeling - this is strictly client-side JavaScript execution (XSS), not server-side remote code execution.

RCE XSS Gv Lpc2011 Lpc2211
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-3120 HIGH PATCH This Week

Remote code execution in SambaBox 5.1-5.2 allows authenticated administrators to inject and execute arbitrary OS commands through improper input sanitization. Attackers with high-privilege access can achieve full system compromise with confidentiality, integrity, and availability impact. Reported by Turkish national CERT (TR-CERT/USOM), no CISA KEV listing or public exploit code identified at time of analysis, indicating limited observed exploitation activity.

RCE Command Injection Code Injection Sambabox
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-29004 HIGH PATCH This Week

Heap buffer overflow in BusyBox udhcpc6 (DHCPv6 client) allows network-adjacent attackers to achieve remote code execution or denial of service on embedded systems. The vulnerability stems from incorrect heap buffer allocation in option_to_env() when parsing D6_OPT_DNS_SERVERS options in DHCPv6 responses. Particularly dangerous on embedded devices lacking heap hardening protections. Fixed in commit 42202bf. No active exploitation confirmed (not in CISA KEV), but publicly available proof-of-concept from VulnCheck disclosure increases real-world risk for IoT and embedded deployments.

RCE Denial Of Service Buffer Overflow Heap Overflow
NVD GitHub VulDB
CVSS 4.0
7.2
EPSS
0.0%
CVE-2026-40197 HIGH PATCH GHSA This Week

Nil-pointer dereference in Incus daemon's custom volume backup import logic allows authenticated users to crash the service by supplying a malformed backup archive containing null entries in the volume_snapshots array, enabling repeated denial of service attacks. The vulnerability exists in the CreateCustomVolumeFromBackup function which fails to validate snapshot pointers before dereferencing them during import operations. CVSS 6.5 (authenticated network access, high availability impact); no public exploit code or active exploitation reported at analysis time, but proof-of-concept demonstration included in advisory.

Null Pointer Dereference Denial Of Service Suse
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-40195 HIGH PATCH GHSA This Week

Nil-pointer dereference in Incus daemon's storage bucket import logic allows authenticated users to crash the daemon by submitting a malformed bucket backup archive with a missing config section in index.yaml, enabling denial of service through repeated exploitation. The vulnerability affects Incus versions prior to 7.0.0 and requires valid storage bucket feature access but no special privileges beyond authenticated user status.

Null Pointer Dereference Denial Of Service Python Suse
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-40251 HIGH PATCH GHSA This Week

Denial of service in Incus prior to version 7.0.0 allows authenticated users to crash the Incus daemon by importing a maliciously crafted backup archive with physical snapshot directories but tampered metadata arrays. The vulnerability stems from an incorrect bounds check (len(slice) >= i-1 instead of len(slice) > i) in the backup restore and migration code paths, enabling out-of-bounds array access that triggers a runtime panic. Repeated exploitation keeps the Incus service offline, confirmed by a publicly available proof-of-concept.

Denial Of Service Information Disclosure Buffer Overflow Suse
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-42069 HIGH PATCH GHSA This Week

Missing authorization in Kirby CMS allows authenticated Panel users to access sensitive site configuration, user data, and role information regardless of configured permission restrictions. Authenticated attackers with low-privilege Panel accounts can enumerate all users, access the site model, and view role configurations including permission settings-even when site administrators explicitly disabled these capabilities via wildcard permission denial ('*': false). Vendor-released patches in versions 4.9.0 and 5.4.0 add missing permission gates for site.access, user.access/users.access, user.list/users.list, and role information. No public exploit identified at time of analysis, but exploitation requires only authenticated Panel access with network connectivity.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-42138 MEDIUM PATCH This Month

Unauthenticated users can upload SVG files containing XSS payloads via POST /api/files/upload in Dify prior to version 1.13.1, allowing cross-site scripting attacks against application users. The authenticated endpoint POST /v1/files/upload is similarly vulnerable. This vulnerability enables attackers to execute arbitrary JavaScript in the context of victim browsers, potentially compromising user sessions or stealing sensitive data without requiring any authentication or user interaction.

XSS Dify
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-41890 MEDIUM PATCH GHSA This Month

Arbitrary database table drop in CI4MS theme deletion allows authenticated administrators with theme.delete permission to craft malicious POST requests to the `/backend/themes/delete-process/` endpoint and drop any table in the database, including critical tables such as ci4ms_users and ci4ms_auth_identities. The vulnerability exists because the deleteProcess() action accepts user-supplied table names without validating them against the theme's own migration files, violating the principle of least privilege even within the admin trust model. Vendor-released patch 0.31.8.0 implements migration-based whitelist validation to restrict deletions to declared theme tables.

PHP RCE
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-7735 MEDIUM PATCH This Month

Buffer overflow in GoBGP's AIGP Attribute Parser allows remote unauthenticated attackers to manipulate the PathAttributeAigp.DecodeFromBytes function via malformed BGP UPDATE messages, potentially causing memory corruption. Versions up to 4.3.0 are affected. GoBGP 4.4.0 includes a vendor-released patch that adds proper bounds checking and validation of TLV length fields.

Buffer Overflow Gobgp
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-7734 MEDIUM PATCH This Month

Denial of service in osrg GoBGP up to version 4.3.0 allows remote attackers to trigger an infinite loop via malformed SRv6 L3 Service attributes in BGP packets. The vulnerability exists in the SRv6L3ServiceAttribute.DecodeFromBytes function, which incorrectly advances a loop variable when processing unknown sub-TLV types, causing the parser to never exit the loop and exhaust system resources. Vendor-released patch available in version 4.4.0.

Denial Of Service Suse
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-7737 MEDIUM PATCH This Month

Out-of-bounds read in GoBGP BMP parser allows remote attackers to trigger information disclosure via malformed BMP messages to the BMPPeerUpNotification.ParseBody and BMPStatisticsReport.ParseBody functions. Affected versions are up to 4.3.0; patch available in version 4.4.0. CVSS 6.9 reflects availability impact. No public exploit code or active exploitation has been identified.

Information Disclosure Buffer Overflow Red Hat Suse
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-7736 MEDIUM PATCH This Month

Integer underflow in osrg GoBGP up to version 4.3.0 allows remote attackers to trigger a crash or information disclosure via crafted MRT (Multi-Threaded Routing Toolkit) packet data in the parseRibEntry function. The vulnerability arises from improper bounds checking when processing RIB (Routing Information Base) entries, enabling network-based exploitation without authentication. Vendor-released patch version 4.4.0 addresses this issue; no active exploitation has been confirmed at time of analysis.

Integer Overflow Information Disclosure Red Hat
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-7727 MEDIUM PATCH This Month

SQL injection in Shandong Hoteam PDM Product Data Management System versions ≤8.3.9 allows remote unauthenticated attackers to execute arbitrary SQL commands via the SortOrder parameter in the GetQueryMachineGridOnePageData function of /Base/BaseService.asmx/DataService endpoint. The vulnerability enables unauthorized data access, modification, and potential service disruption (CVSS 7.3: C:L/I:L/A:L). Vendor-released patch available in version 8.3.10. EPSS data not available; no CISA KEV listing or public exploit code identified at time of analysis.

SQLi Pdm Product Data Management System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-41181 MEDIUM PATCH GHSA This Month

Traefik's errors middleware discloses sensitive HTTP headers including Authorization and Cookie to separate error page services when backends return configured error status codes. Affected versions are Traefik v2.11.43 and earlier, v3.6.14 and earlier, and v3.7.0-rc.0 through v3.7.0-rc.2. The vulnerability allows credentials meant only for backend services to be forwarded to distinct error page infrastructure, expanding exposure across service boundaries. Vendor-released patches are available; actively exploited status not confirmed.

Python Docker Information Disclosure Red Hat
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-43616 MEDIUM PATCH This Month

Path traversal in Detect-It-Easy archive extraction allows local attackers to write arbitrary files outside intended directories and achieve persistent code execution by overwriting user startup scripts. Affects all versions prior to 3.21. Exploitation requires user interaction to open a specially crafted archive file. Vendor-released patch available in version 3.21, with fixes applied across multiple repository components (DIE-engine, Formats, XArchive). No public exploit identified at time of analysis, though the vulnerability class is well-understood and exploitation techniques are documented.

Path Traversal RCE Die Engine
NVD GitHub VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-42312 MEDIUM PATCH GHSA This Month

Non-admin users holding the SETTINGS permission in pyload-ng can disable TLS peer and hostname verification by setting general.ssl_verify=off via the set_config_value() API, enabling man-in-the-middle attacks on all outbound HTTPS requests including downloads, captcha fetches, and plugin calls. This is an incomplete fix for a series of prior allowlist bypasses (CVE-2026-33509, CVE-2026-35463, CVE-2026-35464, CVE-2026-35586) in which security-sensitive configuration options were omitted from the ADMIN_ONLY_CORE_OPTIONS allowlist.

Python SSRF Privilege Escalation
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-20451 MEDIUM This Month

Out-of-bounds write in MediaTek's slbc (secure local buffer component) due to type confusion allows local privilege escalation to full system compromise when an attacker already holds System privilege. The vulnerability requires no user interaction and affects 32 MediaTek chipset models. CISA SSVC framework rates technical impact as total; however, EPSS score of 0.02% suggests limited real-world exploitation despite the high CVSS score of 6.7, likely due to the requirement for pre-existing System privilege.

Privilege Escalation Buffer Overflow Memory Corruption Mediatek Chipset
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20447 MEDIUM This Month

Local privilege escalation in MediaTek geniezone component due to missing bounds check allows System-privileged actors to achieve total system compromise across multiple chipset models. The vulnerability requires prior System-level access and affects 17 MediaTek chipset variants (MT6899, MT8791T, MT8786, MT6789, MT8367, MT6768, MT8766, MT6993, MT6991, MT6877, MT8788E, MT8781, MT8768, MT6989, MT8910, MT8196, MT8793). No public exploit code identified at time of analysis; exploitation remains unconfirmed in active systems despite SSVC indicating total technical impact potential.

Privilege Escalation Information Disclosure Buffer Overflow Mediatek Chipset
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20448 MEDIUM This Month

Local privilege escalation in MediaTek chipsets (MT6765, MT8893, MT8791T, and 19 others) due to missing permission checks in geniezone allows attackers with System privilege to escalate their access without user interaction. CVSS 6.7 reflects high confidentiality, integrity, and availability impact, but EPSS score of 0.02% (4th percentile) and SSVC 'none' exploitation status indicate this vulnerability has not been observed in active, widespread exploitation despite the low barrier to exploitation from privileged context.

Privilege Escalation Mediatek Chipset
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-7721 LOW POC Monitor

Command injection in Totolink WA300 firmware version 5.2cu.7112_B20190227 allows authenticated remote attackers to execute arbitrary commands via the hostTime parameter in the NTPSyncWithHost function accessible through /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, though actual real-world exploitation risk is mitigated by the requirement for authenticated access and the low impact scope (limited to confidentiality, integrity, and availability of the application itself, with no system-wide impact).

Command Injection Wa300
NVD VulDB
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-7720 LOW POC Monitor

Command injection in Totolink WA300 5.2cu.7112_B20190227 allows authenticated remote attackers to execute arbitrary commands via the langType parameter in the setLanguageCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, though the low CVSS 2.1 score reflects limited scope (only low confidentiality and integrity impact, no system integrity or availability impact) and authentication requirement, reducing real-world attack surface.

Command Injection Wa300
NVD VulDB
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-7718 LOW POC Monitor

Command injection in Totolink WA300 firmware version 5.2cu.7112_B20190227 allows authenticated remote attackers to execute arbitrary commands via the webWlanIdx parameter in the setWebWlanIdx function of /cgi-bin/cstecgi.cgi. The vulnerability requires valid user credentials but no user interaction, with publicly available exploit code demonstrating the attack.

Command Injection Wa300
NVD VulDB
CVSS 4.0
2.1
EPSS
2.3%
CVE-2026-33523 MEDIUM PATCH This Month

HTTP response splitting in Apache HTTP Server 2.4.0 through 2.4.66 allows remote attackers to inject arbitrary HTTP headers and content when the server acts as a proxy to untrusted or compromised backend servers, enabling cache poisoning, session fixation, and cross-site scripting attacks. CVSS 6.5 (moderate) with network attack vector, no authentication required, and confirmed automatable exploitation per CISA SSVC framework. Vendor-released patch: version 2.4.67.

Suse Apache Information Disclosure Red Hat Apache HTTP Server
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-70070 MEDIUM PATCH This Month

Denial of service vulnerability in Assimp 6.0.2 via null pointer dereference in FBXMeshGeometry.cpp MeshGeometry constructor allows remote attackers to crash applications processing malicious FBX files. Requires user interaction (opening/processing a crafted file) but affects any application using the vulnerable library version. Publicly available exploit code exists; CVSS 6.5 reflects network attack vector with user interaction requirement.

Null Pointer Dereference Denial Of Service N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-70072 MEDIUM PATCH This Month

Assimp version 6.0.2 is vulnerable to denial of service through improper buffer handling in the FBXConverter::ConvertMeshMultiMaterial() function when processing crafted FBX model files. A remote attacker can trigger a crash by supplying a malicious FBX file via network or local file access, causing the application to become unavailable. Publicly available exploit code exists, though the vulnerability requires user interaction to process the malicious file.

Denial Of Service Information Disclosure Buffer Overflow N A
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-20450 MEDIUM This Month

Remote denial of service in MediaTek modem firmware across 47+ chipset variants allows attackers to crash the modem via incorrect error handling when a user equipment device connects to a rogue base station, requiring no authentication or user interaction. The vulnerability affects a broad range of MediaTek cellular chipsets (MT6855, MT6985, MT8793, and others) and carries a CVSS 6.5 score reflecting network-adjacent attack vector and high availability impact. Patch MSV-6100 / MOLY01753620 is available from MediaTek.

Denial Of Service Mediatek Chipset
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-20449 MEDIUM This Month

Heap buffer overflow in MediaTek modem firmware allows remote denial of service when a device connects to an attacker-controlled base station. The vulnerability affects a wide range of MediaTek chipsets and can crash the modem without requiring user interaction or special privileges. No public exploit code has been identified, and CISA has not listed this in the Known Exploited Vulnerabilities catalog, though the low EPSS score (0.07%) suggests limited real-world exploitation likelihood despite the attack vector requiring only adjacent network access.

Denial Of Service Buffer Overflow Mediatek Chipset
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-42367 MEDIUM This Month

Privilege escalation in GeoVision LPC2011/LPC2211 Web Interface allows authenticated attackers to leak stored credentials via specially crafted HTTP requests to the ssi.cgi endpoint. The vulnerability affects firmware version 1.10 and requires low-privilege user access but no additional user interaction, enabling unauthenticated credential disclosure on affected devices.

Privilege Escalation Gv Lpc2011 Lpc2211
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-42576 MEDIUM PATCH GHSA This Month

Apko crashes via denial-of-service when a repository JWKS endpoint returns a non-RSA key due to an unchecked type assertion in the DiscoverKeys function. The vulnerability affects any workflow initializing the APK database and requires user interaction to trigger (e.g., running apko with a malicious repository), with CVSS 6.5 reflecting the availability impact. No patch is currently available, though the issue is confirmed and acknowledged by the apko maintainers.

Denial Of Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-42223 MEDIUM POC PATCH GHSA This Month

nginx-ui versions prior to 2.3.8 expose 40+ protected configuration fields through the GetSettings API to authenticated users, including JwtSecret (auth token forgery), NodeSecret (cluster impersonation), and OIDC ClientSecret (OAuth takeover). The protected tag is enforced only during writes but completely ignored during reads, allowing authenticated attackers to extract sensitive secrets and IP whitelist configurations without requiring additional privileges or user interaction.

Information Disclosure Nginx
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-42092 MEDIUM This Month

titra 0.99.52 leaks sensitive global configuration settings to any authenticated user via an unprotected Meteor DDP publication, exposing API keys and OAuth secrets without administrative checks. Authenticated attackers can subscribe to the globalsettings publication and retrieve plaintext credentials including google_secret, openai_apikey, and google_clientid. No public patch is available at time of publication.

Information Disclosure Titra
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-37458 MEDIUM PATCH This Month

Missing input validation in FRRouting stable/10.0 through 10.6 allows authenticated BGP peers to trigger a Denial of Service by sending a crafted UPDATE message with invalid martian addresses in the MP_REACH_NLRI component. An authenticated attacker can crash or severely degrade the BGP routing daemon by exploiting insufficient validation of next-hop addresses, with an EPSS score of 0.02% indicating low real-world exploitation probability despite moderate CVSS scoring.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-47403 MEDIUM This Month

Denial of service in Qualcomm Snapdragon wireless chipsets allows unauthenticated attackers in wireless range to crash the device by sending a malformed Fast Transition response frame during roaming operations. The vulnerability triggers a buffer overflow in the 802.11 frame parser when processing an invalid header structure, resulting in temporary denial of service. No authentication is required and exploitation requires only network adjacency.

Buffer Overflow Snapdragon
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy