Skip to main content
CVE-2026-41648 MEDIUM GHSA This Month

Incus versions up to 6.23.0 allow authenticated users to trigger denial of service by uploading crafted image or backup tarballs containing oversized YAML metadata files that consume excessive server memory during parsing. When metadata.yaml or backup/index.yaml entries declare large sizes in the tar header, the YAML decoder reads and allocates 5-6x the input size without limits, potentially exhausting memory on constrained daemons; a 200 MB YAML entry may trigger 1.2 GB of heap allocations. Vendor-released patch available in v7.0.0.

Denial Of Service Suse
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-42077 MEDIUM PATCH This Month

Prototype pollution in EvoMap Evolver versions prior to 1.69.3 allows local attackers with high privileges to inject malicious properties into Object.prototype via unfiltered Object.assign() calls in the mailbox store module, potentially modifying the behavior of all JavaScript objects and causing information disclosure or denial of service. The vulnerability requires file system write access to the messages.jsonl persistence file and high privileges, limiting real-world exploitability to insider or local compromise scenarios.

Prototype Pollution Code Injection
NVD GitHub
CVSS 3.1
5.2
EPSS
0.0%
CVE-2026-42310 MEDIUM PATCH GHSA This Month

Pillow's PDF parser enters an infinite loop when processing maliciously crafted PDF files with circular Prev pointer references in trailer sections, causing 100% CPU consumption and application hang. All versions from 4.2.0 through 12.1.x are affected. The vulnerability is a denial-of-service condition affecting any application using Pillow to parse untrusted PDFs. Vendor-released patch: version 12.2.0.

Denial Of Service Python Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-42308 MEDIUM PATCH GHSA This Month

Integer overflow in Pillow's font glyph processing allows remote code execution or denial of service when handling maliciously crafted fonts with extremely large glyph advance values. Pillow versions before 12.2.0 are affected. The vulnerability is triggered during font rendering operations where position tracking accumulates glyph advances without proper bounds checking, leading to wraparound arithmetic that can corrupt memory or crash the interpreter.

Integer Overflow Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-42309 MEDIUM PATCH GHSA This Month

Heap buffer overflow in Pillow 11.2.1 through 12.1.x allows local attackers to cause denial of service or potentially execute arbitrary code by passing deeply nested list structures as coordinates to ImagePath.Path, ImageDraw.polygon, or ImageDraw.line APIs, which recursively unpack coordinates beyond allocated buffer boundaries.

Heap Overflow Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-6948 MEDIUM PATCH This Month

Velociraptor server versions before 0.76.4 are vulnerable to denial of service via resource exhaustion when a compromised or rogue client sends specially crafted messages through the agent control channel, causing out-of-memory conditions and server crashes. The vulnerability requires authenticated client access but can be triggered by any authenticated agent, making it a realistic threat in environments where client integrity cannot be guaranteed. CVSS score of 4.9 reflects high privileges required (PR:H) but complete availability impact.

Denial Of Service Suse
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-33006 MEDIUM PATCH This Month

Timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows remote unauthenticated attackers to bypass Digest authentication with high attack complexity. The vulnerability exploits measurable timing differences in digest credential validation, enabling credential compromise without valid authentication. Apache has released patched version 2.4.67; no active exploitation has been confirmed, but CISA SSVC framework indicates automatable exploitation is not feasible due to the timing attack's sensitivity requirements.

Suse Authentication Bypass Apache Red Hat Apache HTTP Server
NVD VulDB
CVSS 3.1
4.8
EPSS
0.1%
CVE-2026-6500 MEDIUM This Month

ILM Informatique OpenConcerto 1.7.5 stores sensitive passwords in plaintext, allowing authenticated local users to retrieve embedded credentials with low complexity. The vulnerability enables information disclosure of authentication data accessible via local file access, confirmed by CISA SSVC framework as having partial technical impact but no evidence of active exploitation.

Information Disclosure Openconcerto
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-42078 MEDIUM PATCH GHSA This Month

PPTAgent prior to commit 418491a allows authenticated users to write arbitrary files and create directories outside intended workspace boundaries via path traversal in the markdown_table_to_image function. An attacker with login access can supply crafted file paths containing directory traversal sequences to escape the configured workspace and write malicious files to arbitrary locations on the system. The vulnerability requires user interaction (UI:R in CVSS vector) and affects confidentiality and availability, with no public exploit code identified at time of analysis.

Path Traversal Pptagent
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-42086 MEDIUM PATCH This Month

Self-XSS in OpenC3 COSMOS Command Sender UI prior to version 7.0.0 allows authenticated users to execute arbitrary JavaScript in their own browser session via unsafe eval() processing of array parameters. An attacker can exploit this through phishing or by convincing a victim to send a malicious command, potentially stealing session tokens or modifying authenticated data. Patch available in version 7.0.0.

XSS Cosmos
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-42140 MEDIUM PATCH GHSA This Month

Server-Side Request Forgery (SSRF) in PlantUML Macro for XWiki prior to version 2.4.1 allows authenticated users with UI interaction to specify arbitrary PlantUML servers via the server parameter without validation. An attacker can redirect the XWiki server to connect to internal IP addresses or malicious external URLs, enabling reconnaissance of internal infrastructure or attacks on internal services. The vulnerability requires authenticated access and user interaction but operates across scope boundaries (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C). Vendor-released patch available in version 2.4.1.

SSRF Macro Plantuml
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-42085 MEDIUM PATCH This Month

OpenC3 COSMOS before versions 6.10.5 and 7.0.0-rc3 allows authenticated users to write arbitrary files to the shared /plugins directory via path traversal sequences in tool configuration filenames, potentially overwriting other plugins' configuration files. The vulnerability exists in the save_tool_config() function which canonicalizes filenames but does not restrict writes to plugin-specific subdirectories, enabling lateral movement between plugins. CVSS 4.3 reflects low severity due to authentication requirement and limited scope (integrity only), though real-world impact depends on whether plugin configurations contain sensitive data.

Path Traversal Cosmos
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-41685 MEDIUM GHSA This Month

Incus before version 7.0.0 allows authenticated users to exhaust host disk space through unbounded uploads via instance backup import, storage bucket import, storage volume backup import, and storage volume ISO import endpoints. The daemon streams HTTP request bodies directly into temporary files using io.Copy without enforcing maximum request size limits, enabling denial of service on the host system or shared storage in multi-tenant deployments. Public proof-of-concept code demonstrates sustained disk exhaustion by streaming null bytes through application/octet-stream endpoints.

Denial Of Service Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-43863 LOW PATCH Monitor

Mutt before version 2.3.2 contains an infinite loop in the data_object_to_stream function within crypt-gpgme.c that can be triggered during GPG encryption operations, leading to denial of service. The vulnerability affects remote attackers under high-complexity conditions (requiring specific GPG-encrypted message handling), and is publicly documented via a GitHub commit but has no active exploitation confirmed. The fix changes the loop condition from checking non-zero read results to explicitly checking for positive read values (> 0), preventing infinite iteration when gpgme_data_read returns zero or negative values.

Denial Of Service Mutt
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-43862 LOW PATCH Monitor

Mutt before 2.3.2 mishandles the IMAP GSS security level due to improper integer casting and insufficient bounds checking, allowing remote attackers to trigger memory corruption and information disclosure via a crafted IMAP server response during GSS-API authentication. The vulnerability requires high attack complexity (malicious IMAP server) but affects all versions prior to 2.3.2.

Information Disclosure Memory Corruption Mutt
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-43861 LOW PATCH Monitor

mutt before version 2.3.2 fails to validate null bytes during URL percent-decoding, allowing remote attackers to inject embedded null characters into decoded URLs, potentially causing information disclosure through truncation of validation checks or bypassing of security filters that rely on string length.

Information Disclosure Mutt
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-43860 LOW PATCH Monitor

mutt before version 2.3.2 truncates the IMAP CRAM-MD5 authentication hash by one byte due to incorrect use of strfcpy instead of memcpy, potentially allowing attackers to bypass or weaken authentication on IMAP connections through off-by-one string handling errors.

Information Disclosure Mutt
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-43859 LOW PATCH Monitor

Mutt before 2.3.2 uses an unsafe string copy function (strfcpy) instead of memcpy when handling MD5 digest data in IMAP CRAM authentication, allowing attackers to potentially forge IMAP credentials by triggering buffer manipulation during the authentication handshake. The vulnerability requires manual connection attempt to a malicious IMAP server and affects network IMAP authentication flows, though the low CVSS score (3.7) reflects high attack complexity and integrity impact only.

Information Disclosure Mutt
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-43864 LOW PATCH Monitor

Mutt mail client before version 2.3.2 crashes due to a null pointer dereference in the show_sig_summary function when processing GPG signatures, causing denial of service. The vulnerability requires local access and user interaction to trigger (viewing a malicious email with a crafted signature), resulting in application termination with minimal real-world impact. CVSS score of 2.5 reflects low severity; no public exploit or active exploitation confirmed.

Null Pointer Dereference Denial Of Service Mutt
NVD GitHub VulDB
CVSS 3.1
2.5
EPSS
0.0%
CVE-2026-6499 LOW Monitor

Incorrect permission assignment in OpenConcerto 1.7.5 enables local authenticated users with UI interaction to modify critical binary files, potentially allowing privilege escalation or persistent code execution through binary replacement. CVSS score of 2.4 (Low) reflects the local-only attack vector and requirement for user interaction, though the vulnerability creates a persistent integrity risk for affected deployments.

Information Disclosure Openconcerto
NVD VulDB
CVSS 4.0
2.4
EPSS
0.0%
CVE-2026-42245 LOW PATCH GHSA Monitor

net-imap ResponseReader exhibits quadratic time complexity O(n²) when parsing IMAP responses containing multiple string literals, allowing hostile IMAP servers to exhaust client CPU and block other threads via denial of service. A maliciously crafted response can consume 100-200ms per regex scan repeated hundreds of thousands of times per megabyte, holding the Global VM lock and starving concurrent threads despite staying within max_response_size limits. Vendor-released patches available in versions 0.4.24, 0.5.14, and 0.6.4.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2026-42183 LOW PATCH GHSA Monitor

Denial of service via nil pointer dereference in Argo Workflows 4.0.0-4.0.4 affects SSO users with RBAC namespace delegation enabled when their identity claims match a namespace-level RBAC rule but not an SSO-namespace rule. The gatekeeper.go rbacAuthorization() function unconditionally dereferences a nil serviceAccount pointer when comparing rule precedence, causing an HTTP 500 panic on every API request from the affected user. Live-tested exploit confirmed on v4.0.4 with Dex OIDC provider; vendor patch released as v4.0.5.

Denial Of Service Null Pointer Dereference
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-40243 LOW PATCH GHSA Monitor

Broken TLS certificate verification in Incus OVN database connections accepts peer-supplied certificate roots instead of anchoring trust in the configured CA certificate, allowing an attacker positioned on the management network to impersonate the OVN northbound or southbound database. While mTLS prevents full man-in-the-middle attacks and OVN control planes typically run on the same servers as Incus (limiting network attack surface), the flaw collapses the intended CA-based authentication boundary on critical control-plane database connections. Affected versions below 7.0.0 are vulnerable; no active exploitation confirmed in CISA KEV at time of analysis.

Authentication Bypass
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-7713 LOW Monitor

Improper authorization in Calibre-Web-Automated versions up to 4.0.6 allows authenticated remote attackers to generate or revoke Kobo authentication tokens for arbitrary users via an Insecure Direct Object Reference (IDOR) vulnerability in the kobo_auth.py component. An attacker with valid login credentials can request /kobo_auth/generate_auth_token/<victim_user_id> to obtain tokens authorizing Kobo sync as any other user, or revoke their tokens to deny service. Publicly available exploit code exists and the vulnerability is confirmed patched in version 4.0.7.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-7712 LOW Monitor

Unsafe deserialization in MindsDB pickle.loads function allows authenticated remote attackers to achieve limited information disclosure and integrity compromise via crafted serialized objects. The vulnerability affects MindsDB up to version 26.01, requires valid credentials (PR:L), and has publicly available exploit code; however, the low CVSS score (2.1) and limited scope indicate restricted real-world impact despite network accessibility.

Deserialization
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy