Skip to main content
CVE-2025-47401 MEDIUM This Month

Transient denial of service in Qualcomm Snapdragon occurs during target power rate table processing when configuring wireless channels, caused by a buffer over-read vulnerability. The vulnerability affects all Snapdragon versions and requires adjacent network access with no authentication or user interaction, resulting in service interruption but no data compromise or unauthorized access.

Buffer Overflow Snapdragon
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-47404 MEDIUM This Month

Memory corruption in Qualcomm Snapdragon occurs when dynamically resizing a previously allocated buffer while its contents are being concurrently modified, enabling local authenticated attackers with user-level privileges to achieve high confidentiality and integrity impact with CVSS 6.5. No active exploitation has been confirmed at the time of analysis, and patch availability details require verification against the May 2026 Qualcomm security bulletin.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-42091 MEDIUM PATCH This Month

goshs SimpleHTTPServer versions prior to 2.0.2 allow arbitrary file write via cross-origin PUT requests due to missing CSRF token validation on the PUT handler combined with permissive wildcard CORS headers. An attacker can trick a victim into visiting a malicious website which then writes arbitrary files to a goshs instance running on localhost or an internal network, bypassing network isolation protections. Publicly available exploit code exists, and the vulnerability affects all v2.x releases before 2.0.2 and all v1.x releases (no patch available for v1.x).

CSRF Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-41684 MEDIUM GHSA This Month

Denial of service in Incus daemon via nil pointer dereference when restoring backup archives with valid inline backup/index.yaml but malformed legacy backup/container/backup.yaml omitting the container section. An authenticated user with backup import permissions can crash the daemon by crafting a backup archive that passes preflight validation but triggers nil dereference during the restore phase after archive extraction. CVSS 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) - confirmed by 7asecurity with proof-of-concept test cases.

Denial Of Service Null Pointer Dereference Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-41647 MEDIUM GHSA This Month

Nil-pointer dereference in Incus daemon S3 storage bucket import allows authenticated users to crash the daemon by uploading a truncated or corrupted tar backup file. The TransferManager.UploadAllFiles function fails to handle non-EOF errors from tar parsing, causing a panic when hdr is nil. Vendor-released patch available in v7.0.0.

Denial Of Service Null Pointer Dereference Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-42333 MEDIUM PATCH GHSA This Month

Quarkus OpenAPI Generator versions before 2.16.0-lts and 2.16.0 (fixed in 2.17.0) send authentication credentials to unintended API endpoints due to overly broad path-parameter regex matching. The generated authentication filter treats OpenAPI path-template placeholders like {param} as .* patterns, allowing a single parameter to consume forward slashes and match multiple distinct operations. This causes bearer tokens, OAuth tokens, API keys, and basic credentials configured for one protected operation to be leaked to different, unprotected operations on the same service when a client invokes them through normal generated-code paths. No public exploit code has been identified, but the vulnerability is trivial to trigger and affects all authentication schemes relying on the shared path-matching logic.

Python Information Disclosure Apache Java
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-41888 MEDIUM PATCH GHSA This Month

Authorization bypass in Docker Distribution Registry allows remote clients to delete image tags via the DELETE /v2/<name>/manifests/<tag> endpoint even when the operator has explicitly configured storage.delete.enabled: false. The tag deletion code path in registry/handlers/manifests.go bypasses the deletion authorization check present in digest-based manifest deletion, enabling attackers with network access to cause denial of service by removing tags and disrupting supply chain integrity of registries intended to be immutable.

Authentication Bypass Denial Of Service Docker Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-7730 LOW POC Monitor

OS command injection in privsim mcp-test-runner 0.2.0 allows authenticated remote attackers to execute arbitrary operating system commands via manipulation of the command argument passed to child_process.spawn in the MCP Interface component. The vulnerability affects version 0.2.0 with CVSS 6.3 (network-exploitable, low attack complexity, low-privileged access required). Publicly available exploit code exists and the vendor has not yet responded to early disclosure notification.

Command Injection Mcp Test Runner
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.7%
CVE-2026-7779 LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 affects the authentication-subscription endpoint handler, allowing authenticated remote attackers to manipulate the udm_nudr_dr_handle_subscription_authentication function and cause service unavailability. Public exploit code exists and the vulnerability has been reported to the project without a confirmed vendor response or patch release.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-7738 LOW POC Monitor

Path traversal in puchunjie doc-tools-mcp 1.0.18 MCP Interface allows authenticated remote attackers to access arbitrary files on the system via manipulation of the filePath argument in create_document and open_document functions. The vulnerability has a low CVSS score (2.1) due to authentication requirements and limited confidentiality impact, but publicly available exploit code exists. The vendor has not responded to the early disclosure.

Path Traversal Doc Tools Mcp
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-7728 LOW POC PATCH Monitor

Path traversal in ryanjoachim mcp-rtfm 0.1.0 allows authenticated remote attackers to read, write, and delete arbitrary files by manipulating the docFile parameter in the get_doc_content, read_doc, update_doc, and related MCP interface functions. Publicly available exploit code exists, and the vulnerability affects all versions of the product without a patched release identifier provided. An authenticated user can exploit this with no user interaction required via network access to escape the intended .handoff_docs directory and access files outside the designated documentation scope.

Path Traversal Mcp Rtfm
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-7725 LOW POC PATCH Monitor

Argument injection in Prefect up to 3.6.25.dev6 allows authenticated attackers to execute arbitrary git commands via specially crafted commit_sha or directories parameters in the GitRepository Pull Handler (src/prefect/runner/storage.py). An attacker can inject git flags like --upload-pack or --config to achieve remote code execution with the privileges of the Prefect runner process. Publicly available exploit code exists, and the vendor has released a patched version (3.6.25.dev7) that validates commit SHA format and adds command-line argument separators to block injection.

Code Injection Prefect
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-7715 LOW POC Monitor

Path traversal in ravenwits mcp-server-arangodb up to version 0.4.7 allows authenticated remote attackers to manipulate the outputDir argument in the arango_backup function, enabling unauthorized file system access with limited confidentiality and integrity impact. The vulnerability affects the MCP Interface component and has publicly available exploit code; however, the low CVSS score (2.1) reflects constrained real-world risk due to the requirement for authenticated access and limited technical impact scope.

Path Traversal Mcp Server Arangodb
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-7729 LOW POC PATCH Monitor

Server-side request forgery (SSRF) in pixelsock directus-mcp 1.0.0 allows authenticated remote attackers to manipulate the fileUrl argument in the validateUrl function, enabling requests to internal resources including cloud metadata services and private networks. Publicly available exploit code exists and a patch awaiting acceptance is available on GitHub. CVSS 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) reflects moderate impact with authentication requirement.

SSRF Directus Mcp
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7781 LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 affects the AMF 3GPP access endpoint handler (udm_nudm_uecm_handle_amf_registration_update function), allowing authenticated remote attackers to crash the UDM service via malformed registration update messages. Publicly available exploit code exists, and the vendor was notified early but has not released a patch as of the analysis date.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7780 LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 affects the udm_state_operational function in the smf-registrations endpoint, allowing authenticated remote attackers to manipulate the function and cause service unavailability. The vulnerability has publicly available exploit code and carries a low CVSS score of 2.1 due to required authentication and limited availability impact, though the project has not yet responded to early disclosure.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7732 LOW POC Monitor

Unrestricted file upload in code-projects BloodBank Managing System 1.0 via request_blood.php allows authenticated remote attackers to upload arbitrary files with limited impact. The vulnerability requires valid user credentials (PR:L per CVSS vector) but has low confidentiality, integrity, and availability impact (VC:L/VI:L/VA:L). Publicly available exploit code exists; however, the low CVSS score (2.1) and confined impact scope suggest this poses minimal risk despite public disclosure.

PHP File Upload
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7782 LOW POC Monitor

Authorization bypass in CodeCanyon Perfex CRM up to 3.4.1 allows authenticated remote attackers to access projects belonging to other tenants via manipulation of the ID parameter in the Clients::project function. The vulnerability requires valid user credentials but grants access to cross-tenant data with low confidentiality, integrity, and availability impact. Publicly available exploit code exists for this flaw.

Authentication Bypass PHP
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-38669 MEDIUM This Month

Stored cross-site scripting (XSS) in wCMS v.1.4 allows remote attackers to inject malicious scripts when creating new blog entries, which are executed in the browsers of other users who view the affected blog. The vulnerability requires user interaction (victim visiting the compromised blog) and affects site confidentiality and integrity. No public exploit code or active exploitation has been confirmed at the time of analysis.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-7746 LOW POC Monitor

SQL injection in SourceCodester Web-based Pharmacy Product Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /product_expiry/edit-admin.php, enabling unauthorized data access, modification, and deletion. The vulnerability has a publicly available exploit and CVSS 6.3 base score reflects moderate impact with low attack complexity; however, authentication is required, limiting exposure to users with valid credentials.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7745 LOW POC Monitor

SQL injection in CodeAstro Online Classroom 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via a crafted deleteid parameter in the /OnlineClassroom/facultydetails endpoint, enabling data exfiltration and potential database manipulation. The vulnerability has public exploit code available and CVSS 6.3 (medium severity) reflects the requirement for prior authentication and limited scope, though the exploitation probability is rated probable by scoring metadata.

SQLi Online Classroom
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7744 LOW POC Monitor

SQL injection in CodeAstro Online Classroom 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the fname parameter in the /OnlineClassroom/addnewstudent endpoint, resulting in unauthorized data access, modification, and denial of service. Public exploit code is available and the vulnerability carries a CVSS score of 6.3 with proof-of-concept code confirmed accessible on GitHub.

SQLi Online Classroom
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7743 LOW POC Monitor

SQL injection in CodeAstro Online Classroom 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the deleteid parameter in the /OnlineClassroom/studentdetails endpoint, enabling unauthorized data access, modification, and potential denial of service. The vulnerability has publicly available exploit code and confirmed exploitation potential, affecting all versions up to 1.0.

SQLi Online Classroom
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7742 LOW POC Monitor

SQL injection in CodeAstro Online Classroom 1.0 allows authenticated remote attackers to manipulate the fid parameter in the /OnlineClassroom/facultylogin endpoint, leading to unauthorized data access, modification, and denial of service. The vulnerability has a publicly available proof-of-concept exploit and is likely to be actively exploited given the moderate CVSS score (6.3) and confirmed POC availability.

SQLi Online Classroom
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7741 LOW POC Monitor

SQL injection in CodeAstro Online Classroom 1.0 allows authenticated remote attackers to manipulate the sid parameter in the /OnlineClassroom/studentlogin endpoint, enabling data exfiltration and modification with low complexity exploitation. Public exploit code is available, increasing real-world risk despite the moderate CVSS score of 6.3.

SQLi Online Classroom
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7731 LOW POC Monitor

SQL injection in code-projects BloodBank Managing System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the G_STATE_ID parameter in get_state.php, potentially exfiltrating sensitive patient or blood bank data. The vulnerability has low confidentiality and integrity impact but carries exploitability risk (E:P in CVSS 4.0) and publicly available exploit code, making it a practical concern for deployed instances despite the low CVSS score of 2.1.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7716 LOW POC Monitor

SQL injection in code-projects Gym Management System in PHP allows authenticated remote attackers to manipulate the 'day' parameter in /index.php, enabling arbitrary SQL query execution with limited confidentiality and integrity impact. The vulnerability carries a CVSS score of 2.1 and requires prior authentication (PR:L); publicly available exploit code exists but active exploitation confirmation is absent from CISA KEV data.

Microsoft PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7783 LOW POC Monitor

SQL injection in CodeCanyon Perfex CRM up to version 3.4.1 allows authenticated remote attackers to execute arbitrary SQL queries via the Admin Kanban Endpoint's AbstractKanban::applySortQuery function. The vulnerability stems from improper sanitization of the sort query argument and can lead to unauthorized data access, modification, and potential system compromise. Publicly available exploit code exists, increasing real-world risk.

PHP SQLi
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-47406 MEDIUM This Month

Information disclosure in Qualcomm Snapdragon firmware allows local authenticated attackers to read sensitive kernel memory via malformed IOCTL handler callbacks that bypass buffer size validation. The vulnerability affects multiple Snapdragon chipset versions and requires local access with limited privileges; exploitation results in confidentiality breach without direct system compromise. No active exploitation has been confirmed at the time of analysis.

Information Disclosure Buffer Overflow Snapdragon
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-42144 MEDIUM PATCH This Month

Integer overflow in CImg Library's _load_pnm() function allows crafted PNM/PGM/PPM image files to bypass memory allocation guards via undersized buffer allocation, potentially triggering heap buffer overflow with local file access and user interaction. CVSS 6.1 (local, user-required interaction). Patch available in commit 4ca26bc and v.3.7.5.

Integer Overflow Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-42256 MEDIUM PATCH GHSA This Month

Denial of service in net-imap SCRAM-SHA1/SHA256 authentication allows a hostile IMAP server to freeze the entire Ruby VM by sending an arbitrarily large PBKDF2 iteration count, blocking all threads for several minutes due to the blocking nature of OpenSSL::KDF.pbkdf2_hmac and its retention of the Global VM Lock. Patched versions 0.4.24, 0.5.14, and 0.6.4 introduce a max_iterations parameter that users must explicitly configure to prevent exploitation.

Denial Of Service OpenSSL Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.1%
CVE-2025-70071 MEDIUM PATCH This Month

Denial of service in Assimp 6.0.2 allows remote attackers to crash the application by sending specially crafted FBX files that trigger memory exhaustion or infinite loops in the FBXParser ParseVectorDataArray() function. The vulnerability requires network access but involves high attack complexity, indicating the attacker must precisely craft malformed input. Public exploit code exists; CISA SSVC analysis indicates the vulnerability is not automatable and results in partial technical impact (availability loss only), suggesting targeted rather than mass-scale exploitation.

Denial Of Service N A
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-7740 LOW POC Monitor

Denial of service in tsMuxer up to version 2.7.0 via improper handling of the track_id argument in the VvcVpsUnit::setFPS function allows local authenticated attackers to trigger an availability impact. Publicly available exploit code exists; however, the vulnerability affects only unsupported legacy versions and requires local access with user-level privileges, limiting real-world exposure.

Denial Of Service Tsmuxer
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-7739 LOW POC Monitor

Denial of service in tsMuxer up to version 2.7.0 via improper input validation in the HevcVpsUnit::setFPS function allows local authenticated attackers to crash the application by manipulating the track_id argument. The vulnerability affects only unsupported product versions and carries a very low CVSS score (1.9), though publicly available exploit code exists.

Denial Of Service Tsmuxer
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-42258 MEDIUM PATCH GHSA This Month

Net::IMAP command injection via unvalidated Symbol arguments allows remote attackers to inject arbitrary IMAP commands by passing user-controlled input as Symbol flags, enabling attackers to append CRLF sequences followed by malicious commands like DELETE mailbox. The vulnerability affects Net::IMAP versions 0.4.23 and earlier, 0.5.0-0.5.13, and 0.6.0-0.6.3, and is remedied in versions 0.4.24, 0.5.14, and 0.6.4 respectively. No public exploit code or active exploitation has been reported at the time of analysis.

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.8
EPSS
0.1%
CVE-2026-42257 MEDIUM PATCH GHSA This Month

Command injection in net-imap library allows attackers to inject arbitrary IMAP commands by supplying unvalidated user input to multiple methods that send raw, unescaped strings to the IMAP server. The #search, #uid_search, #fetch, #uid_fetch, #store, #uid_store, and #setquota methods accept string arguments that bypass normal validation and encoding, enabling CRLF injection to break command context. Applications that dynamically construct search criteria, fetch attributes, or quota limits from user input are at significant risk; a developer passing unsanitized input could allow an attacker to append malicious IMAP commands such as DELETE or other state-modifying operations.

Authentication Bypass Command Injection CSRF Suse
NVD GitHub VulDB
CVSS 4.0
5.8
EPSS
0.0%
CVE-2026-31205 MEDIUM This Month

Stored cross-site scripting in Pluck CMS before v4.7.21dev allows authenticated high-privilege users to inject arbitrary JavaScript via the page editor, escalating privileges through the sanitizePageContent function in editpage.php. The vulnerability requires attacker authentication with administrative role and user interaction (UI:R), limiting spontaneous exploitation but enabling privilege escalation attacks within compromised admin accounts.

PHP XSS
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-7710 MEDIUM This Month

Authentication bypass in YunaiV yudao-cloud up to version 3.8.0 allows remote unauthenticated attackers to manipulate the mock-token argument in JwtAuthenticationTokenFilter.java, circumventing JWT authentication mechanisms and gaining unauthorized access. The vulnerability affects the Ruoyi-Vue-Pro component, has publicly available exploit code, and impacts confidentiality, integrity, and availability of protected resources with low severity per CVSS 4.0 scoring (CVSS:5.5, AV:N/AC:L/PR:N/UI:N, VC:L/VI:L/VA:L). The vendor has not responded to early disclosure notification.

Java Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-7711 MEDIUM This Month

MindsDB versions up to 26.01 allow remote unauthenticated attackers to bypass authentication and perform unrestricted file uploads via manipulation of the exec function in the BYOM (Bring Your Own Model) handler's proc_wrapper.py component. Publicly available exploit code exists, and the vendor has not responded to early disclosure, leaving deployed instances vulnerable to remote code execution through malicious model uploads.

Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-25266 MEDIUM This Month

Memory corruption in Qualcomm Snapdragon SDK occurs when processing IOCTL commands while the device is in power-save state, allowing local authenticated attackers to trigger a denial of service. The vulnerability affects all versions of Snapdragon and requires local access with user-level privileges; no authentication bypass or privilege escalation is possible, but successful exploitation causes system crash or hang. EPSS and KEV status not provided; no public exploit code has been identified at time of analysis.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-42146 MEDIUM This Month

Denial of service in CImg Library prior to version 3.7.5 allows local attackers to crash applications via crafted BMP files with oversized nb_colors header fields. The vulnerability stems from unchecked allocation of memory based on user-supplied file header data, causing out-of-memory conditions when loading untrusted BMP files. No authentication or network access required; user interaction (file opening) is the sole prerequisite.

Denial Of Service
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-33007 MEDIUM PATCH This Month

Null pointer dereference in mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows unauthenticated remote attackers to crash child processes in caching forward proxy configurations, resulting in denial of service. The vulnerability has CVSS 5.3 (medium) with network accessibility and no authentication required, but is limited to partial availability impact affecting only specific proxy deployments. Vendor-released patch: version 2.4.67.

Red Hat Suse Null Pointer Dereference Denial Of Service Apache +1
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-33857 MEDIUM PATCH This Month

Out-of-bounds read in mod_proxy_ajp of Apache HTTP Server through version 2.4.66 allows remote unauthenticated attackers to disclose sensitive information via a crafted AJP protocol request. The vulnerability has a CVSS score of 5.3 (moderate) with no active exploitation confirmed. Upgrade to version 2.4.67 to remediate.

Red Hat Suse Information Disclosure Apache Buffer Overflow +1
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-34032 MEDIUM PATCH This Month

Improper null termination and out-of-bounds read vulnerability in Apache HTTP Server through version 2.4.66 allows remote unauthenticated attackers to trigger information disclosure with low complexity exploitation. The vulnerability has a CVSS score of 5.3 (medium) with network-accessible attack vector and no user interaction required, though technical impact is limited to confidentiality (partial information disclosure). Vendor-released patch: version 2.4.67 addresses the issue.

Red Hat Suse Apache Buffer Overflow Apache HTTP Server
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-7724 LOW POC PATCH Monitor

Time-of-check time-of-use (TOCTOU) vulnerability in Prefect's validate_restricted_url function allows remote attackers with low privileges to bypass Server-Side Request Forgery (SSRF) protections via DNS rebinding attacks during webhook and notification delivery. Publicly available exploit code exists. The vulnerability affects Prefect versions up to 3.6.28.dev1 and is fixed in 3.6.28.dev2.

Information Disclosure Prefect
NVD VulDB GitHub
CVSS 4.0
1.3
EPSS
0.1%
CVE-2026-6501 MEDIUM This Month

XML external entity (XXE) injection in jOpenDocument 1.5 allows authenticated remote attackers to trigger denial of service through XML bomb attacks (billion laughs) by submitting specially crafted documents. The vulnerability affects document parsing functionality and requires valid user authentication, limiting but not eliminating real-world risk in multi-tenant or collaborative document processing environments. EPSS and KEV status not provided, but SSVC framework indicates automatable exploitation with partial technical impact.

XXE Jopendocument
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-41891 MEDIUM PATCH GHSA This Month

Deactivated user accounts in CI4MS retain full backend access until session expiration because the authentication filter fails to re-check the active status field for existing sessions. When an administrator sets a user's active field to 0, the user's session cookie remains valid and auth()->loggedIn() continues returning true, allowing the deactivated user to access protected resources for up to 7200 seconds (default session timeout). The vulnerability exists because code to enforce this check was commented out since the filter's initial commit and never activated.

Information Disclosure
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-35527 MEDIUM PATCH GHSA This Month

Blind server-side request forgery in Incus allows authenticated users to trigger arbitrary HEAD requests to internal or external endpoints during image import preflight validation, bypassing the restricted.images.servers project restriction. While the actual image download is blocked by project policies, the preflight HEAD request executes before validation occurs, enabling attackers to probe internal services, cloud metadata endpoints, or unroutable address space reachable from the Incus host. No public exploit code identified at time of analysis, though proof-of-concept reproduction is documented in the advisory.

Debian SSRF Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-42051 MEDIUM PATCH GHSA This Month

Missing authorization in Kirby CMS allows authenticated Panel users without access.system permission to retrieve sensitive system information including installed Kirby version and license data via the /api/system REST API endpoint. This information can be leveraged for reconnaissance during subsequent attacks. Vendor-released patches: Kirby 4.9.0 and 5.4.0.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-42174 MEDIUM PATCH GHSA This Month

Missing authorization in Kirby CMS allows authenticated users with file permissions to create, replace, or delete user avatars regardless of whether they hold the required user.update or users.update permissions. This authorization bypass affects Kirby versions up to 4.8.0 and 5.0.0 through 5.3.3, with patches available in Kirby 4.9.0 and 5.4.0. No public exploit code has been identified, and active exploitation is not confirmed.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy