Skip to main content
CVE-2026-8115 MEDIUM POC This Month

Path traversal vulnerability in gyoridavid short-video-maker up to version 1.3.4 allows remote unauthenticated attackers to read arbitrary files on the server by manipulating the tmpFile parameter in REST API requests. The vulnerability exists in the REST API endpoint src/server/routers/rest.ts and has a publicly available proof-of-concept, though it is not currently confirmed as actively exploited in the wild. With a CVSS score of 5.3 (low/moderate), the vulnerability impacts confidentiality only, enabling information disclosure without requiring authentication or user interaction.

Path Traversal Short Video Maker
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8098 MEDIUM POC This Month

SQL injection in code-projects Feedback System 1.0 admin login panel allows remote unauthenticated attackers to bypass authentication and access administrative functions via crafted email parameter. Publicly available proof-of-concept exploit code exists on GitHub. CVSS 7.3 (High) with network vector and low complexity indicates straightforward exploitation requiring no special configuration. EPSS data not provided, but public POC significantly lowers exploitation barrier for opportunistic attacks against internet-exposed instances.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8083 MEDIUM POC This Month

SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows remote unauthenticated attackers to execute arbitrary SQL queries via the ID parameter in /ajax.php?action=save_user. The vulnerability has a publicly available exploit and CVSS 5.5 score reflecting limited confidentiality, integrity, and availability impact on the vulnerable component.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-41928 MEDIUM PATCH This Month

Vvveb before 1.0.8.2 exposes the application's secret cron key through an unauthenticated cron controller endpoint, allowing remote attackers to retrieve this sensitive credential and trigger scheduled tasks outside their intended execution windows. The vulnerability affects all deployments with the vulnerable cron controller accessible over the network, with CVSS 5.3 reflecting confidentiality impact from information disclosure without authentication requirements.

Information Disclosure Vvveb
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-32686 MEDIUM POC PATCH GHSA This Month

Uncontrolled resource consumption in ericmj decimal library (versions 0.1.0 before 3.0.0) allows remote denial of service via maliciously crafted decimal values with extremely large exponents. When applications parse user-supplied decimal input and subsequently perform arithmetic operations, string formatting, rounding, or comparison, the library allocates memory proportional to the exponent magnitude without bounds, exhausting available memory and crashing the BEAM virtual machine. A single malicious request is sufficient to trigger an out-of-memory crash.

Denial Of Service Decimal
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-6805 MEDIUM This Month

Cryptobox external sharing feature leaks information via sharing link URLs that enables offline brute-force attacks against access codes. Remote unauthenticated attackers with knowledge of a sharing link can retrieve sufficient data from the server to conduct offline enumeration of the associated access code, compromising the confidentiality of shared content. No public exploit code has been identified, but the low attack complexity and network accessibility make this a practical vulnerability.

Information Disclosure Cryptobox
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-8080 MEDIUM PATCH This Month

Stored cross-site scripting in MISP before 2.5.37 allows authenticated users with template modification permissions to inject arbitrary JavaScript via unvalidated type and category fields in template element attributes. The vulnerability exploits insufficient input validation in the template element attribute handling logic, enabling attackers to store malicious payloads that execute in the browsers of other users viewing the affected templates. No public exploit code identified at time of analysis.

XSS Misp
NVD GitHub VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-42586 MEDIUM PATCH GHSA This Month

CRLF injection in Netty's RedisEncoder allows remote command injection and response poisoning by injecting carriage return and line feed characters into InlineCommandRedisMessage, SimpleStringRedisMessage, and ErrorRedisMessage objects. Attackers can inject arbitrary Redis commands (such as CONFIG SET, FLUSHALL, or authentication bypass) or forge fake responses when user-controlled input is placed into these message types without sanitization. The vulnerability affects Netty 4.2.12.Final and all prior versions with the codec-redis module; no active exploitation has been reported in CISA KEV, but publicly available proof-of-concept code demonstrates the vulnerability.

Redis Command Injection Java Authentication Bypass Suse +1
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-4397 MEDIUM This Month

Medtronic MyCareLink Patient Monitor stores per-product credentials in a recoverable (non-hashed or weakly encrypted) format, allowing physical attackers with device access to extract these credentials and modify encrypted drive data without authentication. Affected models include the 24950 and 24952 monitors. The vulnerability requires physical access to the device (CVSS AV:P) but grants full confidentiality, integrity, and availability impact to stored patient data.

Information Disclosure Mycarelink Patient Monitor 24950 Mycarelink Patient Monitor 24952
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-4386 MEDIUM This Month

Medtronic MyCareLink Patient Monitor models 24950 and 24952 expose an unauthenticated UART login prompt via an internal serial interface, allowing attackers with physical access to potentially gain administrative control without authentication. The vulnerability achieves high confidentiality, integrity, and availability impact (CVSS 6.8) but requires direct physical access to internal hardware connections, limiting real-world exploitation to scenarios involving device tampering or insider threats.

Information Disclosure Mycarelink Patient Monitor 24950 Mycarelink Patient Monitor 24952
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-36387 MEDIUM This Month

Remote code execution in CODEASTRO Membership Management System v1.0 allows unauthenticated attackers to upload and execute arbitrary files via the /add_members.php endpoint due to improper file sanitization. The vulnerability enables confidentiality and integrity compromise with CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N), indicating network-accessible exploitation with no authentication or user interaction required. Public exploit code is available on GitHub.

PHP RCE File Upload N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-41691 MEDIUM PATCH This Month

Path traversal and URL injection in i18next-http-backend prior to version 3.0.5 allows remote attackers to manipulate request URLs by injecting unsanitized language (lng) and namespace (ns) parameters, potentially leading to server-side request forgery (SSRF), path-based authorization bypass, or arbitrary file reads in SSR deployments. The vulnerability affects all applications using the library with user-controlled language selection via query parameters, cookies, localStorage, or request headers-the default configuration. Vendor-released patch: version 3.0.5.

Path Traversal I18Next Http Backend
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-42580 MEDIUM PATCH GHSA This Month

HTTP request smuggling in Netty's chunk size parser allows remote unauthenticated attackers to inject arbitrary HTTP requests by exploiting integer overflow in the hexadecimal chunk size parsing logic. The HttpObjectDecoder.getChunkSize method accumulates the chunk size without proper overflow validation, enabling an attacker to craft a malicious chunk size header that wraps around to a valid size, causing Netty to misinterpret the request boundary and parse injected requests as separate legitimate requests. Publicly available proof-of-concept demonstrates successful parsing of an injected GET request within a chunked POST body, with CVSS score 6.5 (network-accessible, low complexity, no authentication required).

Request Smuggling RCE Java Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-44426 MEDIUM PATCH GHSA This Month

ShellHub Community v0.24.1 and earlier allows authenticated API Key holders to enumerate any tenant namespace and retrieve sensitive membership data (user IDs, emails, roles), settings, and device counts via GET /api/namespaces/:tenant due to a bypassed authorization check. The vulnerability exploits API Key authentication flows that fail to set the user ID header, causing the membership verification to be skipped entirely. Publicly available proof-of-concept code demonstrates validated exploitation against v0.24.1, with complete disclosure of cross-tenant namespace configuration including member lists suitable for targeted phishing campaigns.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-44000 MEDIUM PATCH GHSA This Month

Host object identity crosses the vm2 sandbox boundary when Promise resolution delivers objects to sandbox callbacks, allowing sandboxed code to mutate host objects and perform identity checks via WeakMap. The vulnerability stems from Promise.prototype.then wrapping that uses ensureThis() for conversion instead of stronger cross-realm proxying; when no prototype mapping exists, ensureThis() returns the original host object unmodified. This sandbox escape affects vm2 versions up to 3.10.5 and is fixed in 3.11.0.

Oracle Information Disclosure Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27421 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in WProyal Royal Elementor Addons before version 1.7.1053 allows authenticated users with limited privileges to inject malicious scripts into web pages, which execute in the browsers of site visitors. The vulnerability requires user interaction (UI:R in CVSS) and is limited to users with login credentials (PR:L), but once stored, affects all visitors regardless of their privileges. An attacker with contributor or editor access can compromise website visitors, steal session cookies, or perform actions on their behalf.

XSS Royal Elementor Addons Elementor
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27892 MEDIUM GHSA This Month

FacturaScripts fails to strip EXIF and metadata from user-uploaded images in the Library module, allowing any authenticated user with download access to extract GPS coordinates, device information, timestamps, author names, and other personally identifiable information from downloaded files. An employee uploading a photo taken at their home inadvertently discloses their precise home address to all users with Library access. This affects all image uploads retroactively, with no patched version currently available.

Microsoft PHP File Upload Python Apple +2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-42585 MEDIUM PATCH GHSA This Month

HTTP request smuggling in Netty's HttpRequestDecoder allows remote unauthenticated attackers to inject arbitrary HTTP requests by sending malformed Transfer-Encoding headers (specifically 'Transfer-Encoding: chunked, identity'). When Netty is deployed behind a proxy that forwards such requests without rejection, an attacker can smuggle a second request inside the body of the first, bypassing security controls and accessing unintended resources. The vulnerability is confirmed by public proof-of-concept code demonstrating successful parsing of injected requests.

Request Smuggling RCE Java Suse Red Hat
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-6214 MEDIUM This Month

Forminator Forms plugin for WordPress versions up to 1.53.0 allows authenticated subscribers to configure scheduled exports without authorization checks, enabling attackers to exfiltrate all form submissions by redirecting them to attacker-controlled email addresses. The vulnerability exists in the listen_for_saving_export_schedule() function which lacks the capability verification present in the parallel listen_for_csv_export() function, creating a direct authorization bypass for authenticated low-privilege users to access sensitive data collection and delivery mechanisms.

Authentication Bypass PHP Information Disclosure WordPress
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-4807 MEDIUM This Month

{id}/delete and /wp-json/ssa/v1/appointments/bulk) accept requests with this public nonce even when standard WordPress nonce validation fails, bypassing authorization entirely. Attackers can enumerate and delete appointment records, disclose sensitive booking data, and disrupt services without any authentication.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-8142 MEDIUM This Month

VINCE versions 3.0.38 and earlier fail to properly verify sender address authenticity due to encoding confusion, allowing unauthenticated remote attackers to forge email From addresses and trigger automated actions such as ticket creation or updates. The vulnerability combines information disclosure with integrity impact, affecting the reliability of ticket management workflows that depend on sender validation.

Information Disclosure Vince
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-5791 MEDIUM PATCH This Month

Cross-Site Request Forgery in DivvyDrive 4.8.2.9 through 4.8.3.1 allows remote attackers to execute unauthorized actions with high integrity and confidentiality impact when authenticated users interact with malicious content. The CVSS 9.6 (Critical) score reflects scope change and full CIA triad compromise, though EPSS data and KEV status are unavailable. No public exploit code identified at time of analysis, but CSRF vulnerabilities are well-understood and easily weaponized once identified.

CSRF Divvydrive
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-44514 MEDIUM PATCH GHSA This Month

Kubetail Dashboard prior to version 0.14.0 fails to validate the Origin header on WebSocket connection upgrades, enabling Cross-Site WebSocket Hijacking (CSWSH) attacks. An authenticated user visiting a malicious web page can be exploited to stream their Kubernetes container logs-including credentials, tokens, and PII often present in logs-to an attacker-controlled server. The vulnerability affects both desktop deployments at localhost:7500 and cluster deployments behind HTTP basic auth, with browser ambient credentials automatically attached to the WebSocket handshake.

Kubernetes Microsoft Docker Information Disclosure Google +1
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-6736 MEDIUM This Month

GitHub Enterprise Server versions prior to 3.21 contain an authentication bypass vulnerability that allows unauthenticated attackers to create local user accounts and establish sessions without validation by the configured external identity provider. The vulnerability affects instances with external authentication enabled, permitting account creation via the signup endpoint with default base permissions. Attack requires only network access and affects all affected versions across the 3.16-3.20 branch.

Authentication Bypass Enterprise Server
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-7541 MEDIUM This Month

Denial of service in GitHub Enterprise Server allows unauthenticated remote attackers to disrupt service by sending deeply nested JSON payloads to an unprotected API endpoint, causing excessive CPU and memory consumption. Affected versions prior to 3.21 (specifically 3.16.0-3.20.1) lack request size and depth validation. Vendor-released patches available for all affected branches: 3.20.2, 3.19.6, 3.18.9, 3.17.15, and 3.16.18.

Denial Of Service Enterprise Server
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-7261 MEDIUM PATCH This Month

Use-after-free memory corruption in PHP 8.2 prior to version 8.2.31 allows remote attackers to cause information disclosure or denial of service via network requests with low attack complexity. The vulnerability is addressed in PHP 8.2.31, released as a security update bundling fixes for eight CVEs including CVE-2026-7261. Patch availability is confirmed from the PHP development team.

Microsoft PHP Use After Free Memory Corruption Information Disclosure +2
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-7568 MEDIUM PATCH This Month

PHP 8.2.31 addresses a buffer overflow vulnerability (CVE-2026-7568) affecting PHP 8.2.x versions that results in information disclosure through out-of-bounds memory reads. The vulnerability requires specific attack preconditions (CVSS AC:H/AT:P) and unauthenticated remote access; exploitation impact is limited to partial disclosure of memory contents. No public exploit code or active exploitation has been identified at the time of analysis.

Microsoft Information Disclosure Buffer Overflow PHP
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-42217 MEDIUM PATCH This Month

OpenEXR versions 3.0.0-3.2.8, 3.3.0-3.3.10, and 3.4.0-3.4.10 suffer from unbounded shift operations in the readVariableLengthInteger() function when parsing variable-length integers from untrusted EXR files. Attackers can craft malicious EXR files with excessive continuation bytes to trigger left shifts exceeding 64 bits on a 64-bit integer, causing undefined behavior that may lead to information disclosure or denial of service. The vulnerability is remotely exploitable without authentication or user interaction against any application processing untrusted EXR input; no public exploit code has been identified at the time of analysis.

Integer Overflow Information Disclosure Suse Red Hat
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-40214 MEDIUM PATCH This Month

OpenStack Cyborg before 16.0.1 fails to enforce project ownership in the Accelerator Request (ARQ) API, allowing any authenticated non-admin user to delete, modify, or access ARQs bound to other projects' instances across tenant boundaries. The vulnerability stems from a combination of unpopulated project_id columns, missing database-layer filtering, and self-referential authorization checks, enabling cross-tenant denial of service and potential information disclosure. EPSS risk is moderate (6.3 CVSS), and the vulnerability requires valid authentication but no special privileges or interaction, making it exploitable by any tenant user in multi-tenant OpenStack deployments.

Denial Of Service
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-7258 MEDIUM PATCH This Month

A buffer over-read vulnerability in PHP 8.2 prior to version 8.2.31 allows remote attackers to disclose sensitive information through a network vector with high attack complexity and partial attack time requirements. The vulnerability (CWE-125) affects information availability and system availability, with CVSS 6.3 indicating moderate risk. Vendor-released patch available in PHP 8.2.31.

Microsoft Information Disclosure Buffer Overflow PHP Suse +1
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-42879 MEDIUM GHSA This Month

Remote code execution in FacturaScripts through authenticated file upload allows attackers with valid credentials to bypass MIME type validation by prepending GIF89a magic bytes to PHP files, resulting in executable files stored in a web-accessible directory. An attacker can upload a malicious PHP file disguised as a GIF image via the product image upload functionality, then directly execute arbitrary commands on the server. The vulnerability affects versions 2025.81 and earlier; publicly available proof-of-concept code exists demonstrating end-to-end exploitation.

PHP CSRF File Upload RCE Code Injection
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-44308 MEDIUM PATCH GHSA This Month

Spring Cloud AWS SNS HTTP/HTTPS endpoint handlers (@NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping) in versions 3.0.0-3.4.2, 4.0.0, and 4.0.1 fail to verify the cryptographic signature of incoming SNS messages, allowing unauthenticated attackers who know the endpoint URL to send forged SNS notifications, subscription confirmations, or unsubscribe requests. This enables attackers to trigger arbitrary message processing, auto-confirm malicious topic subscriptions, or force unsubscription from legitimate topics. Fixed in Spring Cloud AWS 4.0.2 with signature verification enabled by default; 3.x line receives no patch and must use workarounds.

Information Disclosure Java
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-42328 MEDIUM PATCH GHSA This Month

Denial of service in go-ipld-prime's DAG-CBOR and DAG-JSON decoders via unbounded recursion depth allows remote attackers to exhaust goroutine stack memory by sending deeply nested collection payloads, causing the Go runtime to terminate with a fatal stack overflow. A ~2 MB DAG-CBOR payload with 2 million nested arrays reliably triggers the condition. Affected versions before 0.23.0 have no depth limit; the existing allocation budget cannot prevent stack exhaustion because each nested header consumes only a few budget units.

RCE
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-42081 MEDIUM PATCH GHSA This Month

Free5GC Access and Mobility Management Function (AMF) v4.2.1 and earlier fails to verify UE Security Capabilities in NGAP PathSwitchRequest messages, allowing a malicious gNB to overwrite the AMF's stored security algorithm preferences with arbitrary values. These corrupted capabilities are then propagated in PathSwitchRequestAcknowledge and subsequent HandoverRequest messages, causing all inter-gNB handovers for affected UEs to fail due to algorithm mismatches. This results in persistent handover denial-of-service until UE re-registration. The vulnerability is directly contrary to 3GPP TS 33.501 §6.7.3.1 verification requirements and has been demonstrated with a public proof-of-concept using Free5GC v4.2.1 and UERANSIM.

Docker Information Disclosure
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-39826 MEDIUM PATCH This Month

Go's html/template library incorrectly escapes data passed into <script> tags when the tag contains an empty or whitespace-only 'type' attribute, allowing a trusted template author to inadvertently expose sensitive information to client-side scripts. Affects html/template versions prior to 1.26.3 and 1.25.10. CVSS 6.1 with user interaction required; EPSS 0.01% indicates minimal real-world exploitation likelihood despite moderate base score.

Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-39823 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Go's html/template library allows attackers to bypass URL escaping in meta tag content attributes by inserting ASCII whitespaces around the equals sign, enabling injection of malicious scripts into web applications. Affects Go 1.25.x before 1.25.10 and 1.26.x before 1.26.3. This is a regression from CVE-2026-27142 where the fix was incomplete, and exploitation requires user interaction (UI:R) but operates across security boundaries (S:C).

XSS Html Template Red Hat
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-67202 MEDIUM PATCH This Month

Sidekiq-cron thru 2.3.1, an open-source scheduling add-on for Sidekiq, is vulnerable to a cross-site scripting (xss) vulnerability via crafted URL being rended from cron.erb.

XSS N A Red Hat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-41689 MEDIUM This Month

Wallos versions 4.8.4 and prior allow authenticated users to bypass webhook URL restrictions and send server-side requests to administrator-allowlisted internal targets by reusing the global allowlist for individual user webhooks. This enables Server-Side Request Forgery (SSRF) to internal automation services that may expose deployment or execution APIs, potentially leading to remote code execution on downstream systems. No public exploit code identified at time of analysis, and no vendor-released patch is available.

Authentication Bypass Wallos
NVD GitHub
CVSS 3.1
6.0
EPSS
0.1%
CVE-2026-8106 MEDIUM This Month

Reflected HTML injection in GitHub Enterprise Server Management Console login page allows credential theft when administrators click crafted links. The /setup/unlock endpoint reflects the redirect_to query parameter into an HTML attribute without sanitization, enabling attackers to inject malicious form elements that capture credentials. Affects versions 3.19.1-3.19.5 and 3.20.0-3.20.1; fixed in 3.19.6 and 3.20.2. Exploitation requires user interaction (administrator clicking a link), limiting real-world impact despite network-accessible attack surface.

XSS Enterprise Server
NVD GitHub VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-44216 MEDIUM PATCH GHSA This Month

Wasmtime's on-demand instance allocator panics when attempting to allocate a WebAssembly table with an extremely large size, triggering arithmetic overflow in checked allocation logic. This denial-of-service condition is exploitable only when the memory64 WebAssembly proposal is enabled (default configuration) and affects versions 30.0.0 through 36.0.7, 37.0.0 through 43.0.1, and unpatched 44.x versions. No public exploit code or active exploitation has been identified; vendor-released patches are available in versions 36.0.8, 43.0.2, and 44.0.1.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-42597 MEDIUM PATCH GHSA This Month

Gotenberg versions 8.31.0 and earlier allow unauthenticated remote attackers to enumerate and read arbitrary files under /tmp/ via the /forms/chromium/convert/url and /forms/chromium/screenshot/url endpoints using file:// scheme URLs. An attacker can discover in-flight conversion request directories and exfiltrate source files (HTML, Markdown, Office documents, staged PDFs) from other users' concurrent conversion requests by timing attacks to coincide with long-running conversion operations. The vulnerability exploits a logic flaw where the URL routes fail to set per-request scope guards that HTML/Markdown routes correctly apply, causing file:// access control enforcement to silently skip for URL-based conversions.

Microsoft Python RCE Docker Google
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-62127 MEDIUM This Month

DOM-based cross-site scripting (XSS) in WEN Logo Slider WordPress plugin through version 3.4.0 allows authenticated high-privilege users to inject malicious scripts that execute in the browsers of other site visitors when the UI redirects the page, potentially compromising site integrity and user data. The vulnerability requires high-privilege administrator access and user interaction (page redirect), limiting its practical scope to insider threats or compromised admin accounts.

XSS Wen Logo Slider
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-39817 MEDIUM PATCH This Month

The Go toolchain's 'go tool pack' subcommand fails to sanitize output filenames when extracting archive files, allowing local attackers with user privileges and user interaction to write files to arbitrary filesystem locations. Affected versions include Go 1.26.0 through 1.26.2 and all versions before 1.25.10. This vulnerability requires local access and user interaction to trigger, with a vendor-released patch available.

Buffer Overflow Memory Corruption Cmd Go
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-44002 MEDIUM PATCH GHSA This Month

Information disclosure in vm2 allows sandboxed code to extract host absolute file paths, library locations, and internal function names via stack trace inspection, enabling attackers to map the host server's directory structure and architecture without authentication or user interaction. The vulnerability affects all versions up to 3.10.5 and is triggered through either default error.stack formatting or custom Error.prepareStackTrace handlers; vendor-released patch available in version 3.11.0.

Information Disclosure Node.js Red Hat
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-44312 MEDIUM PATCH GHSA This Month

CSS Parser gem disables HTTPS certificate validation by setting OpenSSL::SSL::VERIFY_NONE, allowing man-in-the-middle attackers to inject or modify CSS content loaded via HTTPS. Any application using CSS Parser versions prior to 2.1.0 to fetch external stylesheets over HTTPS can be exploited by network-positioned attackers without authentication. A proof-of-concept using mitmproxy or Burp Suite demonstrates practical exploitation; CVSS 5.8 reflects the network attack vector and integrity impact, but real-world risk depends on whether the application loads stylesheets from untrusted or attacker-controllable URLs and whether the attacker can intercept network traffic.

Code Injection OpenSSL Suse
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-44406 MEDIUM This Month

DLL hijacking in ZTE Cloud PC client uSmartView allows unauthenticated local attackers to achieve arbitrary code execution and privilege escalation by planting a malicious DLL that is loaded by uSmartViewServiceAgent.exe running with SYSTEM privileges. The vulnerability requires local access but no authentication and affects multiple ZXCloud IRAI product versions. No public exploit code or active exploitation has been confirmed at this time.

Zte Privilege Escalation RCE Buffer Overflow
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-44520 MEDIUM PATCH GHSA This Month

Server-Side Request Forgery in docling-graph versions up to 1.5.0 allows authenticated attackers with user interaction to bypass IP validation and reach private, loopback, and cloud metadata endpoints by supplying arbitrary URLs to the URLInputHandler class or via the --source CLI argument. The vulnerability combines missing internal IP address validation with unrestricted HTTP redirects (allow_redirects=True), enabling theft of cloud IAM credentials and access to internal services on 127.0.0.1, 10.x, 172.16.x, 192.168.x, and 169.254.169.254 address ranges. Vendor-released patch: v1.5.1.

SSRF Open Redirect
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-40004 MEDIUM This Month

ZTE Cloud PC client uSmartview contains an OpenSSL configuration file privilege escalation vulnerability (CVE-2026-40004) that allows authenticated local attackers with user-level privileges to execute arbitrary code and escalate to higher privilege levels through a malicious openssl.cnf file. This requires physical access or local system access combined with user interaction, and affects ZTE's virtualized desktop infrastructure product. The CVSS score of 5.5 reflects the physical attack vector and additional user interaction requirement, despite the severity of code execution and cross-system scope impact.

Zte Privilege Escalation RCE OpenSSL
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-44479 MEDIUM PATCH GHSA This Month

Vercel CLI leaks authentication tokens in JSON output when running in non-interactive mode with credentials passed via command-line arguments. Affected versions 50.16.0 through 52.0.0 expose plaintext tokens in suggested follow-up commands when operations cannot complete autonomously, allowing token capture in CI/CD logs and automation transcripts. Information disclosure risk is elevated in automated deployment pipelines where CLI output is logged.

Information Disclosure Vercel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-40610 MEDIUM PATCH GHSA This Month

BentoML's `bentoml build` command dereferences symlinks within the build context and copies their target file contents into the generated Bento artifact, allowing attackers to exfiltrate sensitive files from the build host. An attacker who controls a repository or build context can place symlinks pointing to sensitive local files (credentials, SSH keys, API tokens), and when a developer or CI system runs `bentoml build`, the referenced file contents are packaged into the Bento, which may then be exported, pushed, or containerized, spreading the leaked data. Publicly available exploit code demonstrates successful extraction of files outside the build directory. Affected versions through BentoML 1.4.38; patch released in 1.4.39.

Python Path Traversal
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy