Skip to main content
CVE-2026-32175 MEDIUM POC PATCH GHSA Exploit Unlikely This Month

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.

Information Disclosure Net 10 0 Net 8 0 Net 9 0 Microsoft Visual Studio 2017 Version 15 9 Includes 15 0 15 8 +4
NVD VulDB GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-6402 MEDIUM POC PATCH GHSA This Month

Cross-origin source code exposure in webpack-dev-server up to 5.2.3 allows attackers controlling a malicious website to steal bundled application source code when a developer runs the dev server over non-trustworthy HTTP origins. The vulnerability exploits the omission of Sec-Fetch-Mode and Sec-Fetch-Site headers on non-HTTPS connections, enabling script injection and cross-origin code exfiltration. Chromium-based browsers Chrome 142+ are exempt due to local network access restrictions. CVSS 5.3 (AC:H due to user requirement to visit attacker site; High confidentiality impact). Fix: upgrade to webpack-dev-server 5.2.4 or later.

Information Disclosure Google Red Hat Suse Chrome
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-54017 MEDIUM CISA This Month

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siprotec 5 6Md84 Cp300 Siprotec 5 6Md85 Cp200 Siprotec 5 6Md85 Cp300 Siprotec 5 6Md86 Cp200 +59
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-33570 MEDIUM CISA This Month

PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions.

Authentication Bypass Powersystem Center 2020
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-40948 MEDIUM CISA This Month

Authenticated remote attackers can read arbitrary files from the operating system filesystem with root privileges on affected RUGGEDCOM ROX devices due to improper input validation in the JSON-RPC web server interface. All versions of ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000 below V2.17.1 are affected. No public exploit code has been identified at time of analysis.

Information Disclosure Ruggedcom Rox Mx5000 Ruggedcom Rox Mx5000Re Ruggedcom Rox Rx1400 Ruggedcom Rox Rx1500 +7
NVD
CVSS 4.0
6.1
EPSS
0.0%
CVE-2026-40374 MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.

Information Disclosure Power Automate For Desktop
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-42830 MEDIUM PATCH Exploit Unlikely This Month

Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-41610 MEDIUM PATCH Exploit Unlikely This Month

Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

XSS Visual Studio Code
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-35504 MEDIUM CISA This Month

PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication.

Code Injection Powersystem Center 2020 Powersystem Center 2024 Powersystem Center 2026
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-20905 MEDIUM This Month

Improper input validation for some Intel(R) QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Denial Of Service Microsoft Intel
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-20717 MEDIUM This Month

Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Denial Of Service Microsoft Intel
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-20782 MEDIUM This Month

Buffer overflow for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Denial Of Service Microsoft Buffer Overflow Intel
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-20771 MEDIUM This Month

Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Denial Of Service Microsoft Intel Null Pointer Dereference
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-20754 MEDIUM This Month

Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Denial Of Service Intel
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-44652 MEDIUM PATCH GHSA This Month

## Resolution SillyTavern 1.18.0 added a generic server-side request filter (Private Request Whitelisting). Since we expect users to use the application in a trusted environment, the filter is disabled by default, however it is strongly advised to be enabled and properly configured when an instance is being hosted over a network, as suggested by a console warning message and an officially published security checklist for administrators. Documentation: - https://docs.sillytavern.app/administration/config-yaml/#private-address-whitelisting - https://docs.sillytavern.app/administration/#security-checklist ## Note on future SSRF findings Since the request filter applies to the entire application, no SSRF vulnerabilities against individual endpoints will be accepted, unless it has been proven that a properly configured and enabled filter can be bypassed in an undocumented way. Only advisories disclosed before the 1.18.0 release will be posted if their concern is SSRF. ## Overview - Vulnerability Type: SSRF - Affected Location: `src/middleware/corsProxy.js:31` - Trigger Scenario: SSRF in optional CORS proxy ## Root Cause `corsProxyMiddleware` forwards `req.params.url` directly into `fetch(url, ...)`. It only blocks circular requests to its own host and does not enforce destination allowlist or private/loopback restrictions, enabling SSRF. ## Source-to-Sink Chain 1. Source (user-controlled input) - Entry point: `GET /proxy/:url(*)` 2. Data flow - Code analysis shows concrete propagation into this sink: - vulnerability title: `SSRF in optional CORS proxy` - sink location reached by attacker-controlled input: `src/middleware/corsProxy.js:31` - The same sink behavior is confirmed by controlled execution observations. 3. Sink (dangerous operation) - Sink location: `src/middleware/corsProxy.js:31` - Vulnerable behavior: SSRF in optional CORS proxy ## Exploitation Preconditions 1. The attacker can control or influence a URL/endpoint parameter. 2. The server can access internal or sensitive network targets. 3. Outbound request validation or redirect controls are insufficient. ## Risk This issue can be used to pivot network access and reach unintended internal resources. ## Impact An attacker may access internal network services or metadata endpoints and exfiltrate sensitive responses. ## Remediation 1. Enforce strict destination allowlist for proxy targets. 2. Block loopback, link-local, RFC1918, and metadata address ranges. 3. Apply the same destination validation to redirects.

SSRF
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-44651 MEDIUM PATCH GHSA This Month

## Resolution Fixed in SillyTavern 1.18.0: a user-provided URL is no longer reflected in the HTTP response body. ## Overview - Vulnerability Type: XSS - Affected Location: `src/middleware/corsProxy.js:40` - Trigger Scenario: reflected XSS in CORS proxy error response ## Root Cause When `fetch(url)` throws, the code sends: `res.status(500).send('Error occurred while trying to proxy to: ' + url + ' ' + error)`. The `url` value is attacker-controlled (`req.params.url`) and is not HTML-escaped before rendering. ## Source-to-Sink Chain 1. Source (user-controlled input) - Entry point: `GET /proxy/:url(*)` 2. Data flow - Code analysis shows concrete propagation into this sink: - vulnerability title: `Reflected XSS in CORS proxy error response` - sink location reached by attacker-controlled input: `src/middleware/corsProxy.js:40` - The same sink behavior is confirmed by controlled execution observations. 3. Sink (dangerous operation) - Sink location: `src/middleware/corsProxy.js:40` - Vulnerable behavior: reflected XSS in CORS proxy error response ## Exploitation Preconditions 1. The attacker can inject controllable content into a rendered response. 2. The vulnerable rendering context does not apply strict output encoding/sanitization. 3. A victim user opens the affected page or response. ## Risk This issue enables script execution in the victim context and can compromise session or data integrity. ## Impact An attacker may run arbitrary JavaScript in the victim context, steal tokens, and manipulate user-visible behavior. ## Remediation 1. Never concatenate raw user input into HTML error responses. 2. If URL echo is required, HTML-escape it or force plain-text output. 3. Re-enable/strengthen CSP to reduce reflected injection impact.

XSS
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-35979 MEDIUM PATCH This Month

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (none) impacts.

Intel Information Disclosure Suse Red Hat
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-36510 MEDIUM This Month

Improper buffer restrictions for some Display Virtualization for Windows OS driver software within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Denial Of Service Microsoft Buffer Overflow
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-27723 MEDIUM This Month

Use after free for some Linux kernel driver for the Intel(R) Ethernet 800 series before version 2.3.14 within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts.

Denial Of Service Use After Free Memory Corruption Linux Intel
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-20914 MEDIUM This Month

Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Denial Of Service Microsoft Intel Null Pointer Dereference
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-20881 MEDIUM This Month

Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Denial Of Service Microsoft Intel
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-33603 MEDIUM PATCH This Month

Man-in-the-middle attackers positioned between OX Dovecot Pro and clients can forge SCRAM TLS channel binding via specially crafted base64 exchanges, allowing eavesdropping on encrypted communications. The attack requires network-level access and knowledge of channel binding mechanics but yields complete confidentiality compromise. No public exploit code is known, and patched versions are available from Open-Xchange.

Microsoft Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-41097 MEDIUM PATCH Exploit Unlikely This Month

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
6.7
EPSS
0.2%
CVE-2026-32170 MEDIUM PATCH Exploit Unlikely This Month

Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
6.7
EPSS
0.1%
CVE-2026-21530 MEDIUM PATCH Exploit Unlikely This Month

Double free vulnerability in Windows Rich Text Edit component allows local authenticated attackers to escalate privileges on Windows 10 and Windows 11 systems through a specially crafted interaction. The flaw requires local access with standard user privileges and user interaction, but enables full system compromise including code execution and privilege elevation. Microsoft has released a vendor patch to address this issue.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-53870 MEDIUM This Month

OS command injection in Fortinet FortiAP and FortiAP-W2 access points allows authenticated administrators to execute arbitrary code or commands via specially crafted CLI commands. Affected versions span FortiAP 6.4 through 7.6.2 and FortiAP-W2 7.0 through 7.4.4. The vulnerability requires high-privilege administrative access and does not require user interaction, making it exploitable by rogue administrators or accounts with compromised credentials. No public exploit code or active exploitation has been identified at time of analysis.

Fortinet Command Injection
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-53680 MEDIUM This Month

OS command injection in Fortinet FortiAP, FortiAP-U, and FortiAP-W2 allows authenticated privileged attackers to execute arbitrary code via maliciously crafted CLI requests. Affected versions span FortiAP 6.4 through 7.6.2, FortiAP-U 6.2 through 7.0.5, and FortiAP-W2 7.0 through 7.4.4. The vulnerability requires high-privilege administrative access and local CLI interaction, limiting exposure to trusted insider threats or compromised management interfaces. CVSS 6.1 reflects the high impact (code execution with full system privileges) constrained by authentication and local access requirements.

Fortinet Command Injection Fortiap Fortiap W2 Fortiap U
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2026-0804 MEDIUM PATCH This Month

Privilege escalation in Axis OS via path traversal in ACAP configuration files allows high-privileged local attackers to achieve code execution with elevated permissions. The vulnerability requires the device to be configured for unsigned ACAP application installation and the attacker to socially engineer a user into installing a malicious ACAP application. CVSS 6.7 reflects high confidentiality, integrity, and availability impact, but exploitation is constrained by high-privilege requirement and user interaction. No public exploit code or active exploitation has been identified at time of analysis.

Privilege Escalation Path Traversal Axis Os
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-0541 MEDIUM PATCH This Month

Axis OS allows privilege escalation via improper input validation during ACAP application installation when unsigned applications are permitted, enabling authenticated attackers with high privileges to gain elevated system access. The vulnerability requires explicit administrative configuration allowing unsigned ACAP installations and victim interaction to install a malicious application. No public exploit code or active exploitation has been confirmed at time of analysis.

Privilege Escalation Axis Os
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-40638 MEDIUM PATCH This Month

Local privilege escalation in Dell PowerScale InsightIQ versions 5.0.0 through 6.2.0 allows high-privileged attackers to execute code with unnecessary elevated privileges, potentially escalating to full system compromise. The vulnerability requires existing local access and high privilege level on the affected system; no public exploit has been identified at time of analysis.

Dell Privilege Escalation
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-40135 MEDIUM This Month

OS command injection in SAP NetWeaver Application Server for ABAP and ABAP Platform allows authenticated administrators to execute arbitrary shell commands on the server while bypassing audit logging. The vulnerability affects integrity and availability but not confidentiality, and requires high-privilege administrative access over the network with no user interaction. CVSS 6.5 reflects the high-privilege requirement despite severe impact potential.

Command Injection SAP
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-15463 MEDIUM This Month

The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Code Injection WordPress RCE Advanced Custom Fields
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-34350 MEDIUM PATCH This Month

Null pointer dereference in Windows Storport Miniport Driver allows remote attackers to trigger denial of service over a network with user interaction. The vulnerability affects Windows Server 2025 and exists in the storage port driver architecture, requiring the attacker to send a specially crafted network request that causes the driver to dereference a null pointer, resulting in service interruption or system instability. No public exploit code or active exploitation has been confirmed.

Denial Of Service Microsoft Null Pointer Dereference
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-31241 MEDIUM This Month

mem0 1.0.0 server exposes an unauthenticated memory deletion API endpoint (DELETE /memories) that allows remote attackers to delete arbitrary user memory records by specifying user identifiers in query parameters, resulting in unauthorized data loss and denial of service. No authentication or authorization validation is performed before processing deletion requests, enabling any network-accessible attacker to target any user's data without credentials.

Authentication Bypass Denial Of Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-35422 MEDIUM PATCH This Month

Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-31244 MEDIUM This Month

Unauthenticated deletion of arbitrary memory records in mem0 1.0.0 allows remote attackers to remove any database entry without credentials, causing unauthorized data loss and potential denial of service. The DELETE /memories/{memory_id} endpoint completely lacks authentication and authorization controls, exposing all memory records to deletion by any network-accessible attacker. No public exploit code has been identified, but the vulnerability is trivial to exploit given the straightforward API design.

Authentication Bypass Denial Of Service Mem0
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-42891 MEDIUM PATCH This Month

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Authentication Bypass Microsoft Google
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-32185 MEDIUM PATCH Exploit Unlikely This Month

Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.

Microsoft Information Disclosure Path Traversal
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-35440 MEDIUM PATCH Exploit Unlikely This Month

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Path Traversal
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-41612 MEDIUM PATCH Exploit Unlikely This Month

Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.

Path Traversal Visual Studio Code Live Preview Extension
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-44204 MEDIUM PATCH This Month

Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user (any role) to execute arbitrary SQL and read data from any table in the database, including data belonging to other organizations. This vulnerability is fixed in 1.20.1.

SQLi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-31243 MEDIUM This Month

mem0 1.0.0 server allows unauthenticated remote attackers to trigger memory reset and table re-creation via unprotected DELETE /memories endpoint, causing schema disruption, data loss, and denial of service. The vulnerability exploits missing authentication and authorization controls on a database management operation accessible over the network without credentials.

Authentication Bypass Denial Of Service Mem0
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-8388 MEDIUM PATCH This Month

Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.

Mozilla Buffer Overflow
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-5028 MEDIUM This Month

Time-based blind SQL injection in the Eight Day Week Print Workflow WordPress plugin (versions up to 1.2.6) via the 'title' parameter in the pp-get-articles AJAX action allows authenticated attackers with Subscriber-level access to extract sensitive database information. The vulnerability stems from insufficient escaping and lack of prepared statement usage, enabling attackers to append arbitrary SQL queries to extract confidential data with high confidentiality impact.

SQLi WordPress
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-42073 MEDIUM PATCH GHSA This Month

OpenClaude MCP's OAuth callback handler in Node.js can be shut down via CSRF attack by sending a request with any `error` query parameter, bypassing state validation entirely without knowledge of the CSRF token. The vulnerability allows unauthenticated remote attackers to terminate a user's active authentication session and force server shutdown due to a logic flaw where the `error` parameter check precedes and disables the state validation check. Vendor-released patch version 0.5.1 available.

Denial Of Service Node.js CSRF
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-7255 MEDIUM Monitor

Brute-force password attacks against the web management interface of Zyxel WRE6505 v2 firmware V1.00(ABDV.3)C0 succeed due to improper rate-limiting on authentication attempts, allowing adjacent LAN attackers to bypass authentication and gain administrative access without requiring valid credentials. The vulnerability affects a legacy wireless range extender model marked as end-of-life by Zyxel, with CVSS 6.5 reflecting high confidentiality impact but local network scope.

Authentication Bypass Zyxel
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-8368 MEDIUM PATCH This Month

Credential leakage in LWP::UserAgent before 6.83 (Perl) exposes Authorization and Proxy-Authorization headers to attacker-controlled redirect targets across cross-origin 3xx redirects. The library's redirect handler stripped only Host and Cookie on follow-up requests, leaving credential headers intact even when the redirect crossed a scheme, host, or port boundary. Authenticated Perl HTTP clients - including server-side applications, crawlers, API integrators, and automation tooling - are affected whenever caller-supplied credentials are passed to a UserAgent instance that can be redirected. No public exploit has been independently confirmed beyond the proof-of-concept submitted with the vulnerability report, and CISA KEV does not list this CVE; however, the exploitation pattern is straightforward and mirrors a well-documented class of credential-leakage flaws in HTTP client libraries.

Information Disclosure Lwp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-8109 MEDIUM This Month

Remote authenticated attackers can exploit an exposed dangerous method on the Core Server of Ivanti Endpoint Manager versions before 2024 SU6 to leak access credentials. The vulnerability requires valid authentication credentials to exploit and does not allow code execution or system modification, but compromises confidentiality by exposing sensitive authentication material that could facilitate lateral movement or account takeover.

Information Disclosure Ivanti
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-6913 MEDIUM This Month

Stored cross-site scripting in Shortcodely WordPress plugin versions up to 1.0.1 allows authenticated contributors and above to inject arbitrary JavaScript into pages via the 'widget_area' parameter, with scripts executing whenever users access affected pages. The vulnerability stems from insufficient input sanitization and output escaping, affecting all installations with vulnerable plugin versions active. CVSS 6.4 reflects the cross-site scope and information disclosure potential, though exploitation requires authenticated contributor-level access.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-2300 MEDIUM This Month

Stored Cross-Site Scripting in BJ Lazy Load plugin for WordPress versions up to 1.0.9 allows authenticated attackers with Contributor-level access to inject arbitrary web scripts via regex-based HTML attribute manipulation in the `filter_images()` function. The vulnerability exploits improper handling of HTML attribute boundaries during `src` attribute replacement, enabling attackers to promote malicious content from class attribute values into executable DOM attributes. When victims access injected pages, the injected scripts execute in their browsers with the privileges of the compromised site.

XSS WordPress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy