Skip to main content
CVE-2026-28946 MEDIUM PATCH This Month

Denial of service in Apple macOS prior to version 26.5 allows remote attackers to crash Safari via maliciously crafted web content that triggers a use-after-free memory condition. The vulnerability requires user interaction (opening a malicious webpage) but no authentication, affecting all macOS versions before 26.5. EPSS exploitation probability is very low at 0.02%, suggesting limited real-world attack incentive despite the crash capability.

Denial Of Service Apple Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28902 MEDIUM PATCH This Month

Web content processing across all major Apple platforms is vulnerable to a memory mismanagement flaw (CWE-119) that causes an unexpected process crash when a user visits or renders attacker-controlled web content. Affected platforms include iOS/iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS - all versions prior to the 26.5 release line. The impact is limited to availability (A:H), with no confidentiality or integrity exposure per the CVSS vector, and no active exploitation is confirmed - EPSS sits at 0.02% (5th percentile) and SSVC rates exploitation as none, making this a moderate-priority patch rather than an emergency response item.

Apple Buffer Overflow Ios And Ipados Tvos Visionos +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28922 MEDIUM PATCH This Month

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access private information.

Apple Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-41018 MEDIUM PATCH This Month

Apache Airflow Elasticsearch provider writes embedded credentials from the `[elasticsearch] host` configuration URL directly into task logs, allowing any user with task-log read permissions to harvest backend authentication credentials. The vulnerability affects Apache Airflow Providers Elasticsearch versions before 6.5.3 and has been patched by stripping userinfo from the host URL before logging. EPSS exploitation probability is low (0.02%, percentile 4%), indicating limited real-world exploitation despite the sensitive nature of credential exposure.

Apache Elastic Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-43826 MEDIUM PATCH This Month

Apache Airflow Providers OpenSearch versions before 1.9.1 leak backend credentials in task logs when the OpenSearch connection host URL embeds credentials in the format `https://user:password@server:9200`. Any user with task-log read permission can extract these credentials from log output. The vulnerability is confirmed patched in version 1.9.1 and later, with an EPSS score of 0.02% indicating low real-world exploitation probability despite the moderate CVSS score.

Apache Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28942 MEDIUM PATCH This Month

Safari on Apple platforms crashes when processing maliciously crafted web content due to a use-after-free vulnerability in memory management, resulting in denial of service. Affects iOS and iPadOS below 26.5, macOS Tahoe below 26.5, tvOS below 26.5, visionOS below 26.5, and watchOS below 26.5. Exploitation requires user interaction to visit a malicious webpage but does not allow code execution or information disclosure.

Denial Of Service Apple Use After Free Memory Corruption Ios And Ipados +3
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-5084 MEDIUM This Month

WebDyne::Session versions through 2.075 for Perl generate cryptographically weak session identifiers using MD5 hashing seeded with Perl's predictable rand() function, allowing attackers to forge valid session IDs and gain unauthorized access to systems. The vulnerability affects all versions from 0 through 2.075 and stems from reliance on a 32-bit-seeded random number generator unsuitable for cryptographic purposes, making session hijacking feasible without authentication.

Information Disclosure Webdyne
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-42870 MEDIUM PATCH This Month

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting (XSS) flaw was identified at the following endpoint: funcionario/profile_funcionario.php?id_funcionario=2. By injecting a malicious payload into the 'Description' (Descrição) field and saving the profile, the script becomes persistently stored. The payload is subsequently executed whenever the profile page is accessed. This vulnerability is fixed in 3.7.0.

XSS PHP
NVD GitHub
CVSS 4.0
6.4
EPSS
0.0%
CVE-2025-9973 MEDIUM PATCH This Month

WSO2 Identity Server in multi-organization deployments fails to validate organization context during adaptive authentication flow execution, allowing privileged users in one organization to trigger authentication logic on other organizations. An attacker with adaptive authentication configuration privileges can exploit this context validation gap to bypass authorization boundaries, escalate privileges, and gain unauthorized access to user accounts and resources across organizational boundaries.

Authentication Bypass Privilege Escalation Wso2 Identity Server Conditional Authentication User And Roles Related Functions
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-41257 MEDIUM PATCH This Month

Integer overflow in jq's bytecode VM data stack allocation tracking allows local attackers to corrupt heap memory and achieve arbitrary code execution or denial of service by crafting deeply nested JSON generator expressions that exceed ~1 GiB stack size. Affected versions: jq 1.8.1 and earlier. The vulnerability requires local file access and user interaction to trigger malicious jq expressions, but carries high impact potential due to memory corruption exploitability.

Integer Overflow Buffer Overflow Red Hat
NVD GitHub VulDB
CVSS 4.0
6.4
EPSS
0.0%
CVE-2026-44994 MEDIUM PATCH This Month

Authentication bypass in OpenClaw before version 2026.4.22 allows unauthenticated attackers to read sensitive bootstrap and configuration metadata from the Control UI config endpoint when Gateway authentication is enabled. The vulnerability exposes internal bootstrap information and configuration fields intended only for authenticated Control UI sessions via an unprotected HTTP GET request to the `/__openclaw/control-ui-config.json` endpoint, with no user interaction required.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-43968 MEDIUM PATCH This Month

Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cow_sse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefix_lines/2 function used for data and comment fields splits only on \n. Because the SSE specification requires decoders to treat \r\n, \r, and \n as equivalent line terminators, an attacker who controls any of these fields can inject additional SSE lines and forge a complete event with an arbitrary event type and data payload on the receiving end. In typical deployments where browser EventSource clients or other SSE consumers dispatch on event.type and render event.data, this enables event splitting, client-side logic manipulation, and stored-XSS-equivalent behaviour when event data is inserted into the DOM. This issue affects cowlib from 2.6.0.

XSS Cowlib
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-7210 MEDIUM PATCH This Month

XML parsers in CPython's xml.parsers.expat and xml.etree.ElementTree modules use insufficient entropy for Expat hash-flooding protection, allowing crafted XML documents to trigger algorithmic complexity attacks (hash flooding) that degrade parser performance. Remote attackers can exploit this with complex XML payloads to cause denial of service. Mitigation requires both updating libexpat to 2.8.0 or later and applying the CPython patch, as confirmed by Python Software Foundation security advisory.

Information Disclosure Cpython
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-44996 MEDIUM PATCH This Month

OpenClaw before version 2026.4.15 allows arbitrary local file read via the webchat audio embedding helper, which fails to enforce local media root containment checks. Attackers who can influence agent or tool-produced ReplyPayload.mediaUrl parameters can resolve absolute local paths or file:// URLs, read audio-like files, and embed them base64-encoded into webchat responses. The vulnerability is narrow in scope-files must be readable by the gateway process, have audio-like extensions, and fit within the webchat audio size cap-but crosses the security boundary between model/tool output and host filesystem access. No public exploit code or active exploitation has been identified, though the vulnerability is confirmed by vendor advisory.

Path Traversal Openclaw
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-65416 MEDIUM This Month

docuFORM Managed Print Service Client 11.11c allows authenticated remote attackers to upload arbitrary files via the pmupdate.php endpoint, enabling potential remote code execution or system compromise. The vulnerability requires valid user credentials (PR:L per CVSS) but no user interaction, and affects confidentiality, integrity, and availability. No public exploit code or active exploitation has been confirmed at time of analysis.

PHP File Upload
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-8325 MEDIUM PATCH This Month

Role-based access control bypass in WSO2 API Manager 3.x allows authenticated users with the 'Internal/Everyone' role to invoke Gateway and Internal Service APIs without proper permission enforcement, enabling unauthorized operations on sensitive REST API endpoints. The vulnerability affects multiple WSO2 products including API Control Plane, Universal Gateway, and Traffic Manager. CVSS 6.3 (network-accessible, low complexity, requires valid user credentials) indicates moderate severity with clear lateral privilege escalation potential in multi-tenant environments.

Information Disclosure Wso2 Api Control Plane Wso2 Universal Gateway Wso2 Traffic Manager Wso2 Api Manager +2
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-45002 MEDIUM PATCH This Month

OpenClaw before 2026.4.20 allows attackers to bypass the hooks.allowRequestSessionKey opt-in restriction via template-rendered session keys in hook mappings, circumventing webhook routing isolation controls. The vulnerability enables externally influenced session keys to be rendered through templated hook mappings even when the opt-in is disabled, affecting webhook routing isolation but not enabling host execution. Vendor-released patch available (version 2026.4.20); no public exploit code identified at time of analysis.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-44999 MEDIUM PATCH This Month

OpenClaw before version 2026.4.20 fails to preserve untrusted labels on webhook-triggered cron agent output, allowing events to be recorded as trusted system events instead of untrusted events. This trust-labeling issue can strengthen prompt-injection attacks by rendering attacker-controlled webhook data as legitimate system events, though it does not directly bypass authentication, tool policy, or sandboxing controls.

Code Injection Openclaw
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-28897 MEDIUM PATCH This Month

Buffer overflow in Apple operating systems allows local unauthenticated users to cause unexpected system termination or read kernel memory without requiring user interaction. The vulnerability affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS across multiple versions, with exploitation limited to local access. Vendor-released patches are available for all affected platforms, and EPSS scoring of 0.03% indicates exploitation remains unlikely despite the local attack vector.

Stack Overflow Apple Buffer Overflow
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-28977 MEDIUM PATCH This Month

Improper bounds checking in Apple operating systems allows processing of maliciously crafted files to cause unexpected application termination (denial of service) on iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability affects multiple major OS versions and requires local file processing without user interaction, but has extremely low real-world exploitation probability (EPSS 0.02%) despite moderate CVSS score.

Apple Buffer Overflow
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-43666 MEDIUM PATCH This Month

Out-of-bounds write in Apple operating systems allows local network attackers to cause denial-of-service via improved bounds checking bypass. Affects iOS/iPadOS (18.7.9+, 26.5+), macOS Sequoia (15.7.7+), Sonoma (14.8.7+), Tahoe (26.5+), tvOS (26.5+), visionOS (26.5+), and watchOS (26.5+). EPSS score of 0.02% indicates very low real-world exploitation probability despite local attack vector.

Apple Memory Corruption Buffer Overflow
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-43653 MEDIUM PATCH This Month

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5. An attacker on the local network may be able to cause a denial-of-service.

Denial Of Service Apple
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-28985 MEDIUM PATCH This Month

Null pointer dereference in Apple operating systems (iOS, iPadOS, macOS Tahoe, tvOS) allows local network attackers to cause denial of service by sending crafted input that bypasses validation. The vulnerability affects all versions prior to iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and tvOS 26.5. No code execution or data compromise is possible; impact is limited to availability disruption on affected devices.

Denial Of Service Apple Null Pointer Dereference
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-43896 MEDIUM PATCH This Month

Unbounded recursion in jq 1.8.1 and earlier causes denial of service via crafted jq programs using the * operator on nested objects, resulting in process crash with segmentation fault. Local attackers can exploit this vulnerability without authentication to crash jq processes, affecting any system processing untrusted jq filter logic.

Denial Of Service Red Hat
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-43894 MEDIUM PATCH This Month

Buffer overflow in jq 1.8.1 and earlier allows local attackers to cause denial of service by providing a crafted JSON number literal with INT_MAX-1 (2147483646) digits, triggering integer overflow in the D2U() macro that bypasses heap-allocation checks and writes approximately 1.4 GiB of attacker-controlled data to the stack, corrupting memory far below the stack frame.

Integer Overflow Buffer Overflow Jq
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-8346 LOW POC Monitor

A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command injection. The attack can be initiated remotely. The exploit is now public and may be used.

D-Link Command Injection
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.5%
CVE-2026-8345 LOW POC Monitor

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/singlePortForward. Such manipulation of the argument ip_address leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

D-Link Command Injection
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.5%
CVE-2026-8344 LOW POC Monitor

A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this vulnerability is the function sub_445E7C of the file /goform/formDMZ.cgi. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

D-Link Command Injection
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.5%
CVE-2026-8265 LOW POC Monitor

Remote command injection in Tenda AC6 version 15.03.06.23 allows authenticated remote attackers to execute arbitrary OS commands via the wans.flag parameter in the /goform/getLogFile endpoint. The vulnerability has publicly available exploit code and may be actively exploited. Attack complexity is low, requiring only network access and high-level authentication privileges, with potential for confidentiality, integrity, and authenticity impacts.

Tenda Command Injection
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.6%
CVE-2026-8259 LOW POC Monitor

OS command injection in Tenda AC6 2.0/15.03.06.23 httpd daemon allows authenticated remote attackers to execute arbitrary system commands via the lan.ip parameter in /goform/telnet endpoint. The vulnerability requires high-level administrative privileges and has publicly available exploit code; real-world risk is limited by authentication requirement despite network accessibility and low attack complexity.

Tenda Command Injection
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.6%
CVE-2026-8291 LOW POC PATCH Monitor

Denial of service in Open5GS NRF component up to version 2.7.7 allows remote authenticated attackers to exhaust the nf_service memory pool via the ogs_nnrf_nfm_handle_nf_profile function, causing the process to abort via failed assertion. Publicly available exploit code exists, and a vendor patch is available but awaits acceptance into the main branch.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-8288 LOW POC PATCH Monitor

Denial of service in Open5GS SMF (Session Management Function) via crafted PDU Session Modification messages allows remote authenticated attackers to trigger unvalidated parameter processing in gsm_handle_pdu_session_modification_qos_flow_descriptions(), causing service disruption. The vulnerability stems from insufficient pre-validation of QoS flow parameter identifiers and bitrate units before state mutation, potentially leaving the SMF in an inconsistent state. Publicly available exploit code exists, and a fix awaits upstream acceptance in PR #4513.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-36906 MEDIUM This Month

Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remote attacker to execute arbitrary code via the Log Record Function

XSS RCE N A
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-8349 LOW POC PATCH Monitor

Memory corruption in OMEC Project AMF up to version 2.1.1 occurs in the NGAP Message Handler when processing malformed mobile identity payloads, allowing authenticated remote attackers to cause denial of service through buffer overflow. Publicly available exploit code exists; vendor released patched version 2.2.0 via GitHub PR #666. CVSS 4.3 (low severity) reflects authentication requirement (PR:L) and availability-only impact, but real-world exploitation risk depends on deployment context.

Buffer Overflow Amf
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8292 LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 allows authenticated remote attackers to crash the NRF component by manipulating the hnrf-uri argument passed to the yuarel_parse function in /lib/sbi/conv.c. The vulnerability has a publicly available exploit and low CVSS score (4.3) due to authentication requirement and limited scope, but affects a critical 5G network function with potential operational impact.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8290 LOW POC Monitor

Denial of service in Open5GS through version 2.7.7 allows authenticated remote attackers to crash the Service Management Function (SMF) by manipulating the smf_nsmf_handle_update_data_in_vsmf function in nsmf-handler.c. Publicly available exploit code exists, and the project maintainers have not yet responded to the early disclosure notification despite awareness of the issue.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8289 LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 allows authenticated remote attackers to crash the Session Management Function (SMF) by manipulating the qosFlowProfile argument in the smf_nsmf_handle_update_data_in_vsmf function. Publicly available exploit code exists, and the vulnerability affects the 5G core network's ability to manage quality-of-service parameters, though the project maintainers have not yet responded to early disclosure.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8270 LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 allows authenticated remote attackers to crash the Session Management Function (SMF) via manipulation of QoS rule parsing in the ogs_nas_parse_qos_rules function. The vulnerability has a low CVSS score of 2.1 but public exploit code is available; however, exploitation requires prior authentication and causes only availability impact without confidentiality or integrity compromise.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8269 LOW POC Monitor

Denial of service vulnerability in Open5GS up to version 2.7.7 affects the SMF (Session Management Function) component's smf_nsmf_handle_create_sm_context function, allowing authenticated remote attackers to crash or degrade the 5G core network service through malformed session context creation requests. Public exploit code exists and the vulnerability has low real-world severity (CVSS 2.1) due to requirement for authenticated access and availability impact only, though active 5G infrastructure targeting remains a concern given the critical nature of SMF in telecom deployments.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8268 LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 affects the SMF component's OpenAPI_list_create function, allowing authenticated remote attackers to cause service unavailability through resource manipulation. The vulnerability has low to moderate severity (CVSS 4.3) with publicly disclosed proof-of-concept code, though the vendor has not yet responded to early disclosure notification.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8267 LOW POC Monitor

Remote authenticated denial of service in Open5GS up to version 2.7.7 affects the SMF (Session Management Function) component, specifically in the smf_nsmf_handle_created_data_in_vsmf function. An authenticated attacker can remotely trigger a denial of service condition by sending crafted requests. Public exploit code is available (CVE-2026-8267 GitHub issue #4448), though the vendor has not yet released a patched version despite early notification.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8266 LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 allows authenticated remote attackers to crash the Service Management Function (SMF) via manipulation of the PDU session establishment acceptance function, resulting in service unavailability. The CVSS score of 4.3 reflects low severity due to authentication requirements and availability-only impact, though publicly available exploit code exists and the vulnerability has been reported to the project without acknowledged response.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-42872 MEDIUM PATCH This Month

Reflected cross-site scripting (XSS) in WeGIA versions before 3.7.0 allows unauthenticated remote attackers to inject arbitrary JavaScript via the id_processo parameter in lista_arquivos_etapa.php, enabling session hijacking, credential theft, or malicious actions in victim browsers. User interaction (clicking a crafted link) is required. The vulnerability is fixed in version 3.7.0.

XSS PHP
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-65417 MEDIUM This Month

docuFORM Managed Print Service Client 11.11c is vulnerable to a reflected cross site scripting attack via the login page of the application.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-61310 MEDIUM This Month

Reflected XSS in docuForm v11.11c acc-menu_billings.php component allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious payloads into unfiltered variables, requiring user interaction to click a crafted link. CVSS 6.1 reflects limited confidentiality and integrity impact with required user interaction, but successful exploitation can lead to session hijacking, credential theft, or account takeover depending on application context.

XSS PHP
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-61309 MEDIUM This Month

Reflected cross-site scripting (XSS) in GmbH Mercury Managed Print Services docuForm v11.11c allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by injecting a malicious payload into an unfiltered variable in the dfm-menu_departments.php component. The vulnerability requires user interaction (clicking a crafted link) and affects confidentiality and integrity with limited scope. No public exploit code has been independently confirmed at this time, though the detailed nature of the component reference suggests proof-of-concept research exists.

XSS PHP
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-61305 MEDIUM This Month

Reflected XSS in docuForm v11.11c allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious payloads into the dfm-menu_firmware.php component, requiring the victim to click a crafted link. CVSS 6.1 reflects moderate impact (confidentiality and integrity compromise) with required user interaction. Exploit code is publicly available via GitHub.

XSS PHP
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-61306 MEDIUM This Month

Reflected cross-site scripting (XSS) in docuForm v11.11c allows unauthenticated remote attackers to execute arbitrary JavaScript in a user's browser by crafting a malicious URL containing a payload injected into an unfiltered variable in the dfm-menu_coveragealerts.php component. Successful exploitation requires user interaction (clicking a malicious link) and can lead to session hijacking, credential theft, or malware delivery. CVSS 6.1 reflects moderate impact with low attack complexity; no public patch version has been identified.

XSS PHP
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-61308 MEDIUM This Month

Reflected cross-site scripting (XSS) in GmbH Mercury docuForm v11.11c allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious payloads into an unfiltered variable in the dfm-menu_maintenance.php component. The vulnerability requires user interaction (clicking a crafted link) but affects all site visitors, making it suitable for credential theft, session hijacking, or malware delivery. No public active exploitation has been confirmed at time of analysis.

XSS PHP
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-61307 MEDIUM This Month

Reflected XSS in docuForm v11.11c allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious payloads into the acc-menu_papers.php component. The vulnerability requires user interaction (clicking a crafted link) and has limited scope (session-based impact), with a CVSS score of 6.1. No public exploit code availability or CISA KEV listing confirmed at time of analysis, though a reference repository exists.

XSS PHP
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
Prev Page 5 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy