Skip to main content
CVE-2026-8186 MEDIUM PATCH This Month

Out-of-bounds read in Open5GS up to version 2.7.7 allows remote attackers to trigger information disclosure via manipulation of the ogs_sbi_client_send_via_scp_or_sepp function in lib/sbi/client.c during Service-Based Interface (SBI) communication. The vulnerability exploits improper bounds checking when extracting paths from URIs, affecting the Network Function (NF) component. CVSS 6.9 (network-accessible, low complexity, no privileges required) with availability impact. Upstream patch commit d5bc487fcf9ea87d2b03f2ef95123af344773bfb available.

Information Disclosure Buffer Overflow Open5gs
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-8187 MEDIUM This Month

Denial of service in Open5GS User Plane Function (UPF) up to version 2.7.7 allows remote, unauthenticated attackers to exhaust server resources through manipulation of GTPv1-U packet handling in the _gtpv1_u_recv_cb function. The vulnerability enables resource consumption attacks against 5G core network infrastructure without requiring authentication or user interaction. Vendor notification occurred via GitHub issue #4492 but has not received developer response or a released patch.

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-8209 MEDIUM PATCH This Month

Denial of service in Gibbon versions before v30.0.01 via path traversal during ZIP file extraction allows authenticated users with Teacher or higher privileges to trigger file deletion and application unavailability. The vulnerability exploits improper handling of malicious ZIP archives, where failed extraction attempts result in unintended deletion of PHP application files. This requires elevated privileges within the application and network access to the vulnerable endpoint.

PHP Path Traversal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-1749 MEDIUM This Month

Unauthenticated attackers can bypass access controls in HikCentral Professional to obtain administrative permissions, enabling unauthorized management and configuration of security infrastructure. The vulnerability requires network access and non-trivial complexity but grants high-impact confidentiality and scope expansion across affected deployments. No public exploit code has been identified, though Hikvision has released a security advisory confirming the issue.

Authentication Bypass Hikcentral Professional
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-45184 MEDIUM PATCH This Month

Kdenlive before version 26.04.1 permits arbitrary command execution through dangerous proxy parameters embedded in attacker-controlled project files. When a victim opens a malicious .kdenlive project file, the application processes untrusted proxy settings without sufficient validation, enabling code execution with the privileges of the user running Kdenlive. This requires user interaction (opening a file) but poses significant risk in contexts where project files are shared or downloaded from untrusted sources.

Information Disclosure Kdenlive
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-45181 MEDIUM PATCH This Month

Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 allows local code injection through argument injection in Clang dependency-file generation, enabling attackers to place malicious code into the plugins directory when a victim opens an attacker-supplied .i64 file. The vulnerability requires local access and user interaction (opening a malicious file) but grants high integrity and confidentiality impact. No public exploit code or CISA KEV status has been confirmed at the time of analysis.

Code Injection
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-44897 MEDIUM PATCH GHSA This Month

Cross-site scripting (XSS) in mistune's HTMLRenderer.heading() allows injection of arbitrary HTML attributes when custom heading_id callbacks return unsanitized heading text. The vulnerability occurs because the id attribute value is concatenated directly into the HTML tag without escaping, enabling attackers who control heading content to break out of the id= attribute and inject event handlers or other malicious attributes. Exploitation requires a caller-supplied heading_id callback that derives IDs from heading text - the most common real-world pattern used by documentation generators like MkDocs, Sphinx, and Jekyll. Publicly available proof-of-concept demonstrates mouse-over triggered JavaScript execution via onmouseover attribute injection.

XSS Apple Python Red Hat
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-6666 MEDIUM PATCH This Month

PgBouncer before version 1.25.2 crashes when a backend PostgreSQL server sends an error response lacking an SQLSTATE field, enabling denial of service against connection pooling infrastructure. The vulnerability requires an attacker to control or compromise a PostgreSQL backend server or intercept server responses on the network, making exploitation conditional on non-default network topology or server compromise. CVSS score of 5.9 reflects high availability impact but limited attack surface due to medium complexity (AC:H).

Denial Of Service Null Pointer Dereference Pgbouncer
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-7652 MEDIUM This Month

LatePoint plugin for WordPress versions up to 5.5.0 allows unauthenticated attackers to perform account takeover of non-super-admin WordPress users by exploiting a weak password recovery mechanism in the guest booking flow. The vulnerability chains two flaws: the plugin's save_connected_wordpress_user() function updates WordPress user emails via wp_update_user() without ownership verification, and the guest booking flow permits email overwrites through phone-based customer merging without authentication. Attackers can overwrite a target user's email address and then trigger WordPress's standard password reset to gain full account access. No public exploit code has been identified at time of analysis, but exploitation requires only that the plugin be configured with WordPress user integration enabled, phone-based contact merging enabled, and customer authentication disabled.

Information Disclosure WordPress
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-8198 MEDIUM This Month

Unauthenticated attackers can bypass REST API authentication in the Logtivity plugin (versions up to 3.3.6) via a logic flaw in the verifyAuthorization method, allowing direct access to the /wp-json/logtivity/v1/options endpoint and disclosure of sensitive configuration including the logtivity_site_api_key. This key can be leveraged to impersonate the affected WordPress site in API calls to the Logtivity service. CVSS 5.3 (low confidentiality impact) reflects information disclosure severity; no active exploitation in CISA KEV at time of analysis.

Authentication Bypass Information Disclosure WordPress
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-15633 MEDIUM This Month

An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) and bypass privilege requirements via unprotected endpoints lacking adequate security headers.

Authentication Bypass Bigfix Webui
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-15634 MEDIUM This Month

A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page.

Authentication Bypass Bigfix Webui
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-8185 MEDIUM This Month

Missing authentication in UGREEN CM933 1.1.59.4319 administrative interface allows unauthenticated local network attackers to manipulate an unknown function, potentially gaining unauthorized access with limited confidentiality, integrity, and availability impact. No public exploit code has been identified, and the vendor has committed to a fix in late April.

Authentication Bypass Cm933
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-32683 MEDIUM This Month

EZVIZ App versions using legacy cloud feature modules with outdated API interfaces allow attackers to eavesdrop on network traffic and disclose sensitive video data. The vulnerability requires adjacent network access and high exploitation complexity, but affects all EZVIZ App versions until patched. Attackers can obtain video transmission data without authentication or user interaction by intercepting unencrypted or weakly encrypted API communications.

Information Disclosure Ezviz App
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-44457 MEDIUM PATCH GHSA This Month

Hono's Cache Middleware incorrectly caches responses marked with Vary: Authorization or Vary: Cookie headers, allowing cached responses intended for one authenticated user to be served to subsequent requests from different users. This information disclosure vulnerability affects Hono versions prior to 4.12.18 when the middleware is deployed on endpoints returning user-specific data without also setting Cache-Control: private. No special attack complexity is required - remote unauthenticated attackers can trigger the vulnerability through sequential requests to affected endpoints.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-6667 MEDIUM PATCH This Month

PgBouncer before version 1.25.2 fails to properly restrict the KILL_CLIENT admin command to authorized users, allowing any user with access to the administration console to terminate client connections. The vulnerability affects all PgBouncer versions before 1.25.2 and requires prior authentication to the admin console, limiting the real-world risk despite the authorization bypass. CVSS 4.3 reflects low availability impact but highlights a privilege escalation within authenticated contexts.

Authentication Bypass Pgbouncer
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-44458 MEDIUM PATCH GHSA This Month

CSS declaration injection in Hono's JSX server-side renderer allows remote attackers to inject arbitrary CSS declarations via untrusted `style` object values or property names, enabling visual manipulation, outbound CSS requests to attacker hosts, and UI hijacking. Affects Hono versions before 4.12.18 when rendering JSX server-side with user-controlled style object inputs. No JavaScript execution or HTML breakout possible; impact limited to CSS scope.

Code Injection
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy