Skip to main content
CVE-2026-25088 MEDIUM This Month

SQL injection in Fortinet FortiNDR 7.0 through 7.6.2 allows authenticated attackers to execute unauthorized code or commands via crafted HTTP requests. The vulnerability affects multiple versions across the 7.x branch and has an EPSS exploitation probability indicator (E:P in CVSS), suggesting feasible attack conditions despite moderate CVSS score (5.1). Patch availability and active exploitation status require confirmation from vendor advisory.

Fortinet SQLi
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-30059 MEDIUM This Month

An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36515 MEDIUM This Month

Uncontrolled search path for some AI Playground software before version 3.0.0 alpha within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Privilege Escalation Ai Playground Software
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-35969 MEDIUM This Month

Uncontrolled search path for some Intel(R) Server Firmware Update Utility Software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2026-20772 MEDIUM This Month

Uncontrolled search path for some Intel(R) Connectivity Performance Suite software installers before version 50.25.1121.193 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2026-20718 MEDIUM This Month

Incorrect default permissions for some Intel(R) NPU Driver software installers before version 32.0.100.4511 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2026-40132 MEDIUM This Month

Missing authorization checks in SAP Strategic Enterprise Management's Scorecard Wizard (Business Server Pages application) allow authenticated users to access restricted information and modify risk evaluation settings without proper authorization. An attacker with valid credentials can view confidential data and alter default configuration values, artificially reducing assessed risk levels to deceive risk assessment processes. No patch availability or active exploitation has been confirmed.

Authentication Bypass SAP
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-0502 MEDIUM This Month

Cross-site request forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform allows unauthenticated attackers to trick authenticated users into sending unintended requests to the web server, resulting in low-impact modifications to application integrity and availability. The vulnerability requires user interaction (clicking a malicious link) and affects all versions of the platform due to insufficient CSRF token validation. No confidentiality impact is present, limiting the attack surface to state-changing operations.

CSRF SAP
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-67604 MEDIUM This Month

Denial-of-service attacks against Fortinet FortiAnalyzer and FortiManager 6.4 through 7.6.4 allow authenticated attackers to trigger system hangs via specially crafted HTTP requests that exploit a use of potentially dangerous function vulnerability (CWE-676). The crash occurs only when internal lock alignment conditions are met, making exploitation dependent on timing and system state rather than attacker control. CVSS 5.2 reflects medium severity with high attack complexity and low availability impact; active exploitation is not confirmed.

Denial Of Service Fortinet
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-6708 MEDIUM This Month

Unauthenticated attackers can delete any classroom record in the HEL Online Classroom WordPress plugin (versions up to 1.0.3) via a REST API endpoint that bypasses all WordPress authentication checks through a permission_callback set to '__return_true', resulting in permanent data loss. The vulnerability affects the plugin's core functionality and requires only network access with no user interaction, though the CVSS score of 5.3 reflects limited confidentiality impact (integrity modification only, no information disclosure).

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-34654 MEDIUM This Month

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Denial Of Service Adobe
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-23822 MEDIUM This Month

A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could allow an attacker to cause excessive resource consumption upon user interaction, leading to service disruption or reduced availability of the affected system. NOTE: This vulnerability only impacts Access Points running AOS Instant 8.x.x.x

Information Disclosure Arubaos Aos
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-4663 MEDIUM This Month

Unauthenticated attackers can modify critical payment gateway settings in the iPOSpays Gateways WC WordPress plugin through an exposed REST API endpoint lacking authorization checks, enabling them to overwrite live API keys, secret keys, and payment tokens. Affected versions up to 1.3.7 permit unrestricted access to the /wp-json/ipospays/v1/save_settings endpoint due to a permission_callback set to '__return_true' with no nonce verification, allowing complete compromise of payment processing credentials without authentication. This is a high-integrity attack vector against e-commerce sites using the plugin.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-7626 MEDIUM This Month

Slek Gateway for WooCommerce plugin version 1.0 exposes merchant API credentials (slek_key and slek_secret) to unauthenticated attackers through client-side HTML forms and plaintext GET parameters. An attacker who places an order on an affected WooCommerce store can extract the merchant's secret credentials by inspecting the HTML source or using browser developer tools on the order-pay page before JavaScript auto-submission occurs, compromising the merchant's Slek payment processing account.

Information Disclosure WordPress
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-31245 MEDIUM This Month

mem0 1.0.0 server accepts unauthenticated POST requests to the /memories endpoint, allowing remote attackers to inject arbitrary memory records without identity verification or authorization checks. This authentication bypass enables data pollution and unauthorized modification of the memory database with spoofed entries. EPSS exploitation probability is low (0.05th percentile), and no active exploitation has been confirmed, but the vulnerability is automatable and affects default configurations.

Authentication Bypass Mem0
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-40421 MEDIUM PATCH Exploit Unlikely This Month

External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-44341 MEDIUM This Month

GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. The endpoint lacks proper authentication and authorization checks, resulting in unauthorized access to job data.

Authentication Bypass Gojobs
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-45212 MEDIUM This Month

Unauthenticated remote attackers can trigger a denial-of-service condition against Asset CleanUp: Page Speed Booster (WordPress plugin) versions up to 1.4.0.3 by exploiting missing authorization controls that incorrectly configure access restrictions. The vulnerability allows attackers to perform actions intended for authenticated administrators without proper authentication, resulting in availability impact through the ability to modify or disable asset optimization features.

Authentication Bypass Asset Cleanup
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-44352 MEDIUM This Month

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Broken Access Control allows reading of sketch logs from any user. This vulnerability is fixed in 1.2.3.

Authentication Bypass
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-42177 MEDIUM PATCH This Month

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO_URL + "/*", i.e. "https://login.microsoftonline.com/*". Chrome's urlFilter without a | or || anchor is substring-matched against the full request URL. The same applied rule action is modifyHeaders that attaches the Entra ID Primary Refresh Token cookie. The Firefox adapter in platform/firefox/js/platform-firefox.js:53 performs a belt-and-braces startsWith(Platform.SSO_URL) check before injecting the header; the Chrome adapter does not. When the extension holds broad host permissions through the optional_host_permissions: ["https://*/*"] declared in platform/chrome/manifest.json:34, a main-frame navigation to a URL whose path embeds https://login.microsoftonline.com/ causes Chrome to attach the PRT cookie to the request to the attacker-controlled host. This vulnerability is fixed in 1.8.1.

Authentication Bypass Mozilla Microsoft Google Chrome
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-44288 MEDIUM PATCH GHSA This Month

protobufjs versions 7.5.5 and earlier, and 8.0.0-8.0.1 accept overlong UTF-8 byte sequences in the minimal UTF-8 decoder used by non-Node and fallback decoding paths, allowing attackers to bypass byte-level filtering and decode strings containing characters that were not present in the raw protobuf binary input. This integrity issue affects applications that rely on pre-decoding byte validation before using protobuf strings in security-sensitive contexts. Patch versions 7.5.6 and 8.0.2 are available; Node.js Buffer-backed paths are not directly affected.

Canonical Node.js Information Disclosure Red Hat
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-25431 MEDIUM This Month

WPMU DEV Hustle plugin versions through 7.8.10.1 allow unauthenticated remote attackers to modify sensitive data via missing authorization controls on access-restricted functionality. The vulnerability exploits incorrectly configured access control security levels, enabling attackers to bypass authentication mechanisms without user interaction. No public exploit code or active exploitation has been confirmed at the time of analysis.

Authentication Bypass Hustle
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-45215 MEDIUM This Month

WP EasyPay plugin through version 4.3.0 exposes sensitive information in sent data, allowing unauthenticated remote attackers to retrieve embedded data without user interaction. The vulnerability stems from improper handling of sensitive data during transmission, classified as an information disclosure issue with a CVSS score of 5.3 (network-accessible, low complexity). No active exploitation has been confirmed in CISA KEV at the time of analysis.

Information Disclosure Wp Easypay
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-5693 MEDIUM This Month

Unauthenticated attackers can cancel arbitrary bookings in the Smart Appointment & Booking WordPress plugin versions up to 1.0.8 due to a logic flaw in nonce validation that uses AND instead of OR, combined with a missing capability check in the saab_cancel_booking() function. By supplying any value for the security parameter and a predictable booking ID, attackers can modify or delete booking records without authentication or user interaction.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-8391 MEDIUM PATCH This Month

Information disclosure vulnerability in Firefox's JavaScript Engine allows remote unauthenticated attackers to leak sensitive memory contents over the network without user interaction. The vulnerability affects Firefox versions prior to 150.0.3 and has a low EPSS score (0.02%) despite the network-based attack vector, suggesting limited real-world exploitation pressure despite the modest CVSS score of 5.3.

Mozilla Information Disclosure
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-40016 MEDIUM PATCH This Month

OX Dovecot Pro allows authenticated users to upload malicious Sieve scripts via ManageSieve protocol or local access that bypass configured CPU time limits by up to 130 times, enabling denial of service through server performance degradation. The vulnerability requires low-privilege authenticated access and medium attack complexity, affecting availability without compromising confidentiality or integrity. No public exploit code has been identified at the time of analysis.

Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-44294 MEDIUM PATCH GHSA This Month

Denial of service in protobufjs allows remote attackers to crash runtime code generation by providing crafted protobuf schemas or JSON descriptors containing unescaped control characters in field names. When affected message types perform encode, decode, verify, or conversion operations, the generated JavaScript code fails to compile, rendering those types unusable. This affects applications that load untrusted schemas; those using only application-defined schemas are not impacted. No code execution is known to occur.

Denial Of Service RCE
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-44292 MEDIUM PATCH GHSA This Month

Prototype injection in protobufjs generated message constructors allows attackers controlling plain objects passed to message constructors to modify the prototype chain of individual message instances via an enumerable `__proto__` property. Affects protobufjs versions 7.5.5 and earlier, and 8.0.0-8.0.1. This is a per-instance prototype pollution issue (not global) with impact dependent on downstream application behavior such as inherited property reliance or `instanceof` checks. No active exploitation confirmed; no public exploit identified at time of analysis.

RCE Prototype Pollution
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-42157 MEDIUM This Month

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a map node with a malicious label that contains arbitrary HTML. When the map tab is selected and a map node marker is selected, it will render the arbitrary HTML, potentially triggering stored XSS. This vulnerability is fixed in 1.2.3.

XSS
NVD GitHub
CVSS 4.0
5.1
EPSS
0.2%
CVE-2026-41195 MEDIUM PATCH This Month

mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and does not restrict private or loopback destinations, this becomes a stored SSRF primitive that can be turned into an internal HTTP probing oracle. This vulnerability is fixed in 1.4.13.

SSRF Oracle
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-44874 MEDIUM This Month

A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system information, potentially enabling further attacks against the affected device.

Authentication Bypass Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-3604 MEDIUM This Month

Stored Cross-Site Scripting (XSS) in WP SEO Structured Data Schema plugin for WordPress versions up to 2.8.1 allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript via the `_kcseo_ative_tab` parameter, which executes in the browsers of users viewing affected pages. The vulnerability stems from insufficient input sanitization and output escaping in the plugin's metadata handling. No public exploit code or active exploitation has been identified at time of analysis.

XSS WordPress
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-6663 MEDIUM This Month

Unauthenticated remote code execution in GWD Connect WordPress plugin versions up to 2.9 allows attackers to execute arbitrary PHP code on unregistered installations via the update_agent action in standalone agent endpoints (gwd-backup.php and gwd-logs.php) when the API key is not configured. The vulnerability exploits a missing authorization check that occurs only when the authentication key has not been set up, affecting default installations. No public exploit code or active exploitation has been confirmed at this time.

Authentication Bypass PHP RCE WordPress
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2026-34655 MEDIUM This Month

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.

XSS Adobe
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2026-41513 MEDIUM This Month

Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects.

Open Redirect
NVD GitHub
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-34658 MEDIUM This Month

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.

XSS Adobe
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-20793 MEDIUM This Month

Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Denial Of Service Microsoft Intel
NVD VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-27682 MEDIUM This Month

Reflected cross-site scripting (XSS) in SAP NetWeaver Application Server ABAP (Business Server Pages) allows unauthenticated attackers to inject malicious scripts via unprotected URL parameters. Successful exploitation requires victim interaction (clicking a crafted link) and affects confidentiality and integrity of application data. No public exploit code or active exploitation reported at time of analysis.

XSS SAP
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-5061 MEDIUM PATCH This Month

Sandbox path bypass in consul-template before 0.42.0 allows local authenticated users to read files outside the intended sandbox via symlink attack in the file template helper. The vulnerability requires local access and elevated privileges but grants high confidentiality impact. Vendor-released patch available in version 0.42.0.

Authentication Bypass Tooling
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-34258 MEDIUM This Month

SAPUI5 Search UI allows unauthenticated attackers to manipulate URL parameters to inject malicious content, potentially deceiving users into accessing attacker-controlled pages. The vulnerability requires user interaction (clicking a crafted link) and has low confidentiality impact with no effect on integrity or availability. No active exploitation has been confirmed at the time of this analysis.

Information Disclosure Sapui5 Search Ui
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-44259 MEDIUM PATCH This Month

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security headers. Files with .html, .htm, or .svg extensions are served as text/html or image/svg+xml respectively, causing any embedded JavaScript to execute in the victim's browser within the application's origin. This vulnerability is fixed in 4.08.010.

XSS Efw4 X
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-41530 MEDIUM This Month

Path traversal vulnerability in Lhaz and Lhaz+ archive extraction allows local users to write files to unintended directories when the automatic folder creation feature is enabled and a crafted archive is extracted. The vulnerability requires user interaction (extracting a malicious archive) and affects only the integrity of file placement, not confidentiality or availability. CVSS score is 3.3 (low); no public exploit code or active exploitation has been identified.

Path Traversal Lhaz
NVD VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2026-32209 MEDIUM PATCH This Month

Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-41100 MEDIUM PATCH This Month

Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.

Authentication Bypass Microsoft 365 Copilot For Android
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-6813 MEDIUM This Month

Stored cross-site scripting (XSS) in the Continually WordPress plugin versions up to 4.3.1 allows authenticated administrators to inject arbitrary web scripts into admin settings that execute whenever users access affected pages. The vulnerability requires high-privilege administrator access and is limited to multisite WordPress installations or sites with unfiltered_html disabled, resulting in low CVSS impact (4.4) despite network accessibility. No public exploit code or active exploitation has been identified at this time.

XSS WordPress
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-6800 MEDIUM This Month

Stored Cross-Site Scripting in FastBots plugin for WordPress up to version 1.0.12 allows authenticated administrators to inject arbitrary JavaScript into admin settings that executes when any user accesses affected pages. The vulnerability requires high-privilege administrator access and affects only multi-site WordPress installations or single-site installations with the unfiltered_html capability disabled. No public exploit code or active exploitation has been identified at time of analysis.

XSS WordPress
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-44215 MEDIUM PATCH This Month

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of the write within a ~254-byte window past the heap allocation boundary. This vulnerability is fixed in 6.0.1698.0.

Memory Corruption Buffer Overflow Nanazip
NVD GitHub
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-42446 MEDIUM PATCH This Month

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in the ZealFS filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted ZealFS v1 filesystem image. An attacker-controlled BitmapSize field in the file header drives an unbounded loop that reads past the end of a stack-allocated ZEALFS_V1_HEADER structure. This vulnerability is fixed in 6.0.1698.0.

Information Disclosure Buffer Overflow Nanazip
NVD GitHub
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-7257 MEDIUM Monitor

Zyxel WRE6505 v2 firmware stores sensitive configuration data in an insecure manner, allowing local administrators to download and decrypt backup configuration files, leading to disclosure of confidential credentials and network settings. The vulnerability affects firmware version V1.00(ABDV.3)C0 and requires local access with administrative privileges. No public exploit code or active exploitation has been identified; however, the product is no longer supported by Zyxel, limiting patch availability.

Zyxel Information Disclosure
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-7431 MEDIUM This Month

Ivanti Secure Access Client before version 22.8R6 allows local authenticated users to read or modify sensitive log data through write access to a shared memory section due to incorrect permission assignments on a critical resource. With a CVSS score of 4.4 and a local attack vector requiring authentication, this vulnerability poses a moderate risk to users whose systems are accessed by multiple authenticated accounts. No active exploitation has been publicly confirmed, but the simplicity of the attack (local, low complexity) makes this a practical concern for multi-user systems.

Information Disclosure Ivanti
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy