Skip to main content
CVE-2026-0248 MEDIUM PATCH This Month

Improper certificate validation in Palo Alto Networks Prisma Access Agent versions below 26.2.1 on Android and Chrome OS exposes VPN sessions to man-in-the-middle interception by adjacent-network attackers. An attacker co-located on the same network segment can present any certificate for any domain issued by a trusted Certificate Authority - bypassing domain-specific validation - to intercept VPN tunnel traffic and capture sensitive device information. No public exploit code exists and no active exploitation has been confirmed (EPSS 0.00%, not in CISA KEV); however, a vendor patch is available at version 26.2.1 and should be prioritized for mobile and Chrome OS deployments.

Apple Information Disclosure Google Microsoft Prisma Access Agent
NVD
CVSS 4.0
6.2
EPSS
0.0%
CVE-2026-0261 MEDIUM PATCH This Month

Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS allow an authenticated administrator to escape system restrictions and execute arbitrary commands with root-level privileges on affected firewalls and Panorama management platforms. Affected deployments include PA-Series and VM-Series firewalls and Panorama (virtual and M-Series appliances) across PAN-OS versions 10.2, 11.1, 11.2, and 12.1. An attacker who already holds administrative credentials and can reach the CLI or Web UI can leverage these flaws to fully compromise the underlying OS. No public exploit code exists and no KEV listing is present at time of analysis, consistent with the very low EPSS score of 0.08% (24th percentile).

Paloalto Command Injection Cloud Ngfw Pan Os Prisma Access
NVD VulDB
CVSS 4.0
6.1
EPSS
0.1%
CVE-2026-8496 MEDIUM PATCH This Month

Stored XSS in Alinto SOGo's ICS calendar invitation viewer enables a remote unauthenticated attacker to execute arbitrary JavaScript within an authenticated victim's SOGo webmail session. Affected versions span all releases prior to 5.12.8; the root cause is an incomplete blocklist sanitizer in NSString+Utilities.m that explicitly blocked only 'onload' and 'onmouseover' event handlers, leaving the SVG animation event 'onrepeat' unfiltered when SVG content appears in an ICS DESCRIPTION field. No public exploit has been identified at time of analysis and CISA SSVC confirms no active exploitation, but the CVSS Scope:Changed rating reflects that successful execution grants the attacker full access to the victim's authenticated session context, enabling mailbox access, contact theft, and session hijacking.

XSS Sogo
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-44681 MEDIUM PATCH GHSA This Month

Unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoints allows remote attackers to redirect users to attacker-controlled URLs by submitting authorization requests that omit the openid scope. The vulnerability occurs because scope validation happens before redirect_uri validation, allowing the error handler to return an HTTP 302 with an unvalidated attacker-supplied redirect_uri. A proof-of-concept GET request demonstrates the flaw trivially; no authentication, valid client_id, or user interaction beyond clicking the link is required, though the CVSS score of 6.1 reflects the requirement for user interaction (UI:R) to click the phishing link. Actively exploited in the wild (KEV status), this is a Medium-severity open redirect enabling credential harvesting attacks.

Python CSRF Open Redirect
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-8201 MEDIUM PATCH This Month

Use-after-free in MongoDB Server's Field-Level Encryption query analysis component allows authenticated remote attackers with control over FLE query structure to cause information disclosure and denial of service. The vulnerability affects mongocryptd and crypt_shared in versions 7.0 prior to 7.0.34, 8.0 prior to 8.0.23, 8.2 prior to 8.2.9, and 8.3 prior to 8.3.2. No public exploit code identified at time of analysis.

Information Disclosure Use After Free Memory Corruption Mongodb Server
NVD VulDB
CVSS 4.0
6.1
EPSS
0.0%
CVE-2026-0242 MEDIUM PATCH This Month

SQL injection in Palo Alto Networks Trust Protection Foundation exposes the platform database to arbitrary command execution by authenticated attackers on an adjacent network. Affected versions span four active release trains (24.1.x, 24.3.x, 25.1.x, 25.3.x), with successful exploitation enabling full database read/write access and privilege escalation to administrative control. No public exploit code exists and no active exploitation has been identified; EPSS sits at 0.01% and SSVC exploitation status is 'none', but the SSVC technical impact rating of 'total' underscores the severity of a successful attack.

Information Disclosure SQLi Trust Protection Foundation
NVD
CVSS 4.0
6.1
EPSS
0.0%
CVE-2026-22677 MEDIUM PATCH This Month

Path traversal in Hermes WebUI's session import endpoint allows authenticated low-privileged attackers to read arbitrary files accessible to the WebUI process. By importing a crafted session JSON with an unrestricted workspace value such as '/', an attacker bypasses the workspace boundary controls that govern every other workspace-bearing endpoint, then leverages the file API to exfiltrate any file readable by the WebUI process user. No active exploitation is confirmed (absent from CISA KEV), EPSS sits at 0.04% in the 12th percentile, and SSVC rates exploitation as none - but the CVSS 4.0 confidentiality impact is rated High, making this a meaningful risk for network-exposed deployments with authenticated user populations.

Path Traversal Hermes Webui
NVD GitHub
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-2725 MEDIUM This Month

Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" tag of an unapproved change.

Authentication Bypass Gerrit
NVD VulDB
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-8369 MEDIUM This Month

Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before commit 26a882d on all platforms allows an attacker on the adjacent IPv4 network to inject corrupted IPv6 packets into the Thread mesh or bypass security checks via crafted IPv4 packets with options.

Authentication Bypass Openthread
NVD GitHub
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-8328 MEDIUM PATCH This Month

Server-Side Request Forgery in CPython's ftplib module allows a malicious FTP source server to redirect a target FTP server's data connection to an arbitrary internal host by supplying an attacker-controlled IP address and port in its PASV response. The ftpcp() function - used to copy files directly between two FTP servers - was inadvertently excluded from the CVE-2021-4189 fix that already hardened FTP.makepasv() against this class of SSRF. Affecting CPython versions prior to 3.15.0, no public exploit has been identified at time of analysis, and EPSS at 0.04% (12th percentile) signals low exploitation probability; the vulnerability is not listed in CISA KEV.

SSRF Cpython
NVD GitHub VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-44448 MEDIUM PATCH This Month

Insufficient authorization enforcement on specific ERPNext endpoints allows authenticated low-privilege users to read sensitive data beyond their permitted role and make limited unauthorized data modifications. Affecting all ERPNext deployments prior to 15.102.0 (v15 branch) and prior to 16.11.0 (v16 branch), an attacker holding any valid user account can invoke unprotected server-side endpoints to access restricted records or alter data outside their role scope. No public exploit code exists and SSVC confirms no active exploitation, but the high confidentiality impact (CVSS C:H) warrants prompt patching - particularly on internet-exposed ERPNext instances where low-privilege accounts may be broadly distributed.

Authentication Bypass Erpnext
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-61971 MEDIUM This Month

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity.

Information Disclosure Amd Epyc 9004 Series Processors Amd Epyc 7003 Series Processors Amd Epyc 9005 Series Processors Amd Epyc 8004 Series Processors +7
NVD VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-0247 MEDIUM PATCH This Month

Authorization bypass in Palo Alto Networks Prisma Access Agent's Endpoint DLP component permits a locally authenticated attacker with low privileges to circumvent authentication controls and invoke privileged operations. Affected are all Prisma Access Agent versions prior to 26.2.1, with full confidentiality, integrity, and availability impact on the vulnerable component confirmed by the CVSS:4.0 vector (VC:H/VI:H/VA:H). No active exploitation has been identified - SSVC marks exploitation as 'none', EPSS sits at the 1st percentile, and the CVSS exploit maturity is rated 'Unreported' (E:U).

Authentication Bypass Prisma Access Agent
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-0251 MEDIUM PATCH This Month

Local privilege escalation vulnerabilities in Palo Alto Networks GlobalProtect App on Windows, macOS, and Linux allow a low-privileged local user to elevate to NT AUTHORITY\SYSTEM (Windows) or root (macOS/Linux), enabling full OS-level command execution. The root cause is CWE-426 (Untrusted Search Path), where the application resolves executables or libraries from attacker-controllable locations. No public exploit has been identified and CISA SSVC confirms exploitation status as none; however, SSVC rates technical impact as total, reflecting the complete privilege gain achievable upon successful exploitation.

Privilege Escalation Google Apple Microsoft Paloalto +2
NVD VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-0246 MEDIUM PATCH This Month

Local privilege escalation in Palo Alto Networks Prisma Access Agent (all versions prior to 26.2.1) allows any locally authenticated non-administrative user to elevate to root on macOS and Linux, or NT AUTHORITY\SYSTEM on Windows, by exploiting a flawed privilege management mechanism. Successful exploitation grants full control of the affected endpoint, enabling arbitrary code execution and unauthorized access to data restricted to privileged accounts. No public exploit exists and the vulnerability is absent from CISA KEV; however, SSVC rates technical impact as total, making patching a meaningful priority for multi-user and enterprise endpoint environments.

Google RCE Apple Paloalto Microsoft +2
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-0235 MEDIUM PATCH This Month

Policy bypass in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to circumvent access and data control policies via a race condition, potentially exposing restricted data with high confidentiality impact to the vulnerable system. Affected versions span all releases prior to 146.16.6.165, per EUVD-2026-30087 and vendor advisory. No active exploitation is confirmed - the vulnerability is absent from CISA KEV, EPSS sits at 0.01% (3rd percentile), and SSVC assessment categorizes exploitation status as none - indicating this is a low-urgency but architecturally meaningful trust boundary weakness in an enterprise browser control product.

Paloalto Authentication Bypass Prisma Browser
NVD VulDB
CVSS 4.0
5.8
EPSS
0.0%
CVE-2024-36315 MEDIUM This Month

Improper enforcement of the LFENCE serialization property may allow an attacker to bypass speculation barriers and potentially disclose sensitive information, potentially resulting in loss of. Rated medium severity (CVSS 5.7). No vendor patch available.

Information Disclosure Amd Epyc Series 9004 Processors Amd Epyc Series 4004 Processors Amd Epyc 8004 Series Processors Amd Instinct Mi300A Series Processors +13
NVD VulDB
CVSS 4.0
5.7
EPSS
0.0%
CVE-2025-29338 MEDIUM This Month

Buffer overflow in NXP moal.ko Wi-Fi driver versions 5.1.7.10 with firmware v17.92.1.p149.43 through v17.92.1.p149.157 allows local privileged attackers to cause denial of service and potentially corrupt memory via the mod_para parameter in the woal_init_module_param function. The vulnerability requires high-privilege access and cannot be triggered remotely, but public exploit code exists and SSVC analysis indicates non-automatable exploitation with partial technical impact.

Buffer Overflow N A
NVD GitHub
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-14767 MEDIUM This Month

Stored Cross-Site Scripting in WPC Badge Management for WooCommerce plugin versions up to 3.1.6 allows authenticated attackers with Shop Manager-level access to inject arbitrary JavaScript via the 'text' attribute of the wpcbm_best_seller shortcode. The injected scripts execute in the browsers of any user visiting the affected page, enabling credential theft, session hijacking, or defacement. The vulnerability stems from insufficient input sanitization and output escaping in shortcode processing.

XSS WordPress
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43484 MEDIUM PATCH This Month

Concurrent bitfield RMW (Read-Modify-Write) corruption in the Linux kernel MMC core subsystem allows a local authenticated user to trigger spurious WARN_ON panics or system instability on MMC-enabled devices. The root cause is that host->claimed and retune control flags shared a single bitfield word; under concurrent access from __mmc_claim_host() and mmc_mq_queue_rq(), non-atomic RMW operations allow one thread's write to silently overwrite bits modified by another, corrupting MMC host state. No public exploit has been identified at time of analysis, and EPSS sits at 0.02% (7th percentile), reflecting the narrow, race-window-dependent trigger and low attacker leverage on commodity systems.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43483 MEDIUM PATCH This Month

CR8 write interception mismanagement in KVM's AMD SVM implementation crashes Windows guests on AMD hypervisors with AVIC enabled. When KVM emulates INIT→WFS sequences while AVIC is temporarily deactivated, the CR8 write intercept flag is not cleared upon AVIC reactivation, leaving it permanently enabled. In isolation this is a performance regression, but combined with the TPR synchronization flaw addressed by commit d02e48830e3f, the divergence between hardware-visible and guest-visible TPR values becomes fatal to Windows guests. No public exploit identified at time of analysis; EPSS is 0.02% (7th percentile) and no CISA KEV listing exists.

Linux Microsoft Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43480 MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel's AMD ASoC ACP3x audio driver (acp3x-rt5682-max9836) allows a local low-privileged user on affected hardware to crash the kernel. The flaw originates in acp3x_5682_init(), which failed to validate the return value of clk_get() before passing it to rt5682_clk_enable(), meaning an error pointer could be dereferenced directly. No public exploit identified at time of analysis and the EPSS score of 0.02% (7th percentile) reflects extremely low exploitation interest; this vulnerability is not listed in the CISA KEV catalog.

Linux Amd Denial Of Service Null Pointer Dereference Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43489 MEDIUM PATCH This Month

State management failure in the Linux kernel liveupdate subsystem allows a local low-privileged user to trigger a use-after-free or double-free condition by retrying a failed LIVEUPDATE_SESSION_RETRIEVE_FD ioctl, resulting in kernel crash or WARN and full availability loss. The luo_file struct's retrieve status is never recorded on failure, leaving the kernel's serialization state machine inconsistent; a retry re-enters retrieve logic against partially freed data structures such as kho folio mappings. No public exploit exists and EPSS is 0.02%, placing this firmly in low-priority territory absent active use of the liveupdate feature.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43488 MEDIUM PATCH This Month

Interrupt storm vulnerability in the Linux kernel xHCI USB host controller driver allows a local user to cause a complete system availability loss by triggering a Host Controller Error (HCE) via UAS storage device hotplug events. Affected kernel versions prior to 6.6.130, 6.12.78, 6.18.19, 6.19.9, and 7.0 fail to invoke xhci_halt() when HCE is detected in xhci_irq(), leaving the interrupt uncleared and the controller running - resulting in a continuous interrupt storm. No public exploit has been identified and EPSS is 0.02% (5th percentile), consistent with the hardware-interaction-dependent trigger, but availability impact is high on affected hosts where USB ports are physically accessible.

Linux Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43487 MEDIUM PATCH This Month

Random system freeze vulnerability in the Linux kernel's libata-core subsystem affects any Linux host physically equipped with a Seagate ST1000DM010-2EP102 BarraCuda hard drive, where the kernel's default enablement of SATA Link Power Management (LPM) causes the drive to fail its wake sequence and hang the system irrecoverably. The ST1000DM010-2EP102 belongs to the same BarraCuda family as the ST2000DM008-2FR102, for which an LPM quirk already exists in libata - the fix extends that quirk to cover this model. No active exploitation has been identified (absent from CISA KEV), and EPSS at 0.02% reflects negligible adversarial interest, consistent with this being a hardware compatibility defect rather than a traditional security flaw.

Linux Barracuda Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43486 MEDIUM PATCH This Month

Infinite fault loop in the Linux kernel's arm64 contiguous PTE (contpte) subsystem exposes systems using SMMU or CPU configurations without hardware dirty-bit management support to a local denial of service. The defect in `contpte_ptep_set_access_flags()` causes a gathered AF/dirty-bit view across contiguous sub-PTEs to produce false no-ops, leaving individual target sub-PTEs in a stale hardware state that triggers perpetual page faults on non-FEAT_HAFDBS-aware walkers such as SMMMUs without HTTU or CPUs with HA/HD disabled in CD.TCR. No confirmed active exploitation exists; EPSS is 0.02% at the 5th percentile, consistent with the hardware-specific, local-only attack surface.

Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43482 MEDIUM PATCH This Month

A race condition in the Linux kernel's sched_ext BPF scheduler subsystem allows a local low-privileged user to permanently hang the system when sched_ext is actively loaded. Between scx_claim_exit() atomically marking error exit and the subsequent kick of the helper kthread, a preemption window exists where the BPF scheduler - now with error handling disabled - may fail to reschedule the calling task, leaving the helper work permanently unqueued. The result is bypass mode never activating, task dispatching halting, and a complete system wedge. No public exploit has been identified and EPSS sits at 0.02% (5th percentile), but the availability impact is total for affected systems running a custom BPF scheduler.

Authentication Bypass Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43478 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's RT1011 ASoC codec driver allows a local, low-privileged user to crash the kernel on systems equipped with Realtek RT1011 smart speaker amplifier hardware. The flaw in rt1011_recv_spk_mode_put() uses an incorrect helper to retrieve the DAPM (Dynamic Audio Power Management) context from a kcontrol object, yielding a NULL pointer that is subsequently dereferenced, triggering a kernel oops or panic. No public exploit is identified and EPSS of 0.02% (5th percentile) reflects negligible real-world exploitation probability, though vendor-confirmed patches are available in Linux 6.19.9 and 7.0.

Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43485 MEDIUM PATCH This Month

Spurious WARN_ON assertions in the Linux kernel's nouveau/gsp ACPI probe routines trigger frequently during normal NVIDIA GPU initialization, creating an availability risk on affected systems. On kernels configured with panic_on_warn=1, each triggered WARN_ON escalates to a full kernel panic, while on default configurations it produces excessive kernel log noise that degrades observability. Affected kernel versions range from the introduction of commit 176fdcbddfd2 through stable branches fixed in 6.18.19, 6.19.9, and 7.0; no active exploitation is identified (EPSS 0.02%, not in CISA KEV).

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43479 MEDIUM PATCH This Month

Kernel availability disruption in the Linux lan78xx USB-to-Ethernet driver allows a local user with low privileges to trigger a kernel WARN in __netif_napi_del_locked() by disconnecting an affected USB Ethernet adapter. The root cause is a redundant netif_napi_del() call in the driver's disconnect path while NAPI processing is still active, conflicting with the teardown that unregister_netdev() performs automatically. No public exploit exists and EPSS is 0.02% (4th percentile), indicating very low real-world exploitation interest; this is primarily a stability and denial-of-service concern on embedded and desktop Linux systems using the SMSC/Microchip LAN78xx adapter family.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43477 MEDIUM PATCH This Month

System hang via Machine Check Error (MCE) in the Linux kernel's Intel i915 DRM driver affects ICL (Ice Lake) generation GPU hardware when VRR timing registers are written before TRANS_DDI_FUNC_CTL is enabled, violating Intel BSpec 22243. Local low-privilege users on ICL systems - particularly those with external displays connected through USB-C docks experiencing link training failure - can trigger an unrecoverable system hang. No public exploit exists and EPSS is 0.02%, consistent with the hardware-specific, condition-dependent nature of the bug; no active exploitation is confirmed.

Linux Dell Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-51394 MEDIUM This Month

Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_MSP::loop, AP_MSP, AP_MSP.cpp. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-7051 MEDIUM This Month

Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress versions up to 8.9.0 allows authenticated attackers to delete any user's published and scheduled social media post records due to missing ownership verification in the deleteUserPublishPost() and deleteUserSchedPost() functions. Attackers can supply arbitrary sequential post IDs to permanently soft-delete other users' B2S post records, disrupting content publishing workflows across multiuser WordPress installations. This vulnerability requires valid WordPress user authentication but no elevated privileges.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-44794 MEDIUM PATCH GHSA This Month

Nautobot's REST API fails to enforce user 'view' permissions when resolving GenericForeignKey references during object creation or update, allowing authenticated users to create cross-object associations to records they are explicitly denied access to view. Any Nautobot user holding write access to an affected model - including ImageAttachment, Cable, Note, ContactAssociation, and over a dozen others - can link those records to restricted objects (e.g., Devices) if they know the target's UUID through any side channel. No public exploit has been identified and this vulnerability is not listed in CISA KEV; EPSS of 0.02% (6th percentile) reflects low probability of automated exploitation, though the authorization bypass is straightforward once credentials and a target UUID are in hand.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-44379 MEDIUM PATCH This Month

Insufficient input validation in MISP's Collections model allows authenticated low-privileged users to inject malformed UUID values into Collection records, potentially causing data integrity issues or unexpected behavior in downstream code paths that assume RFC 4122-compliant UUIDs. Affected deployments are all MISP instances prior to version 2.5.37. No public exploit code exists and CISA's SSVC framework rates exploitation as none, making this a low-urgency integrity issue rather than an active threat, though integrity of Collection relationships and UUID-dependent logic is at risk until patched.

Information Disclosure Misp
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-44445 MEDIUM PATCH This Month

XML External Entity (XXE) injection in ERPNext's EDI Module allows authenticated low-privilege attackers to read arbitrary files from the server's local filesystem, including sensitive configuration files that may contain database credentials or API keys. Affected are all ERPNext installations on the v15 branch prior to 15.104.3 and on the v16 branch prior to 16.12.0 (cpe:2.3:a:frappe:erpnext:*). No public exploit identified at time of analysis, EPSS exploitation probability sits at 0.06% (18th percentile), and CISA SSVC assesses exploitation as none and the attack as non-automatable - collectively placing this at lower operational priority despite its network-accessible attack vector.

XXE Erpnext
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-14033 MEDIUM This Month

Unauthenticated attackers can retrieve any support ticket content from the ilGhera Support System for WooCommerce plugin (versions up to 1.3.0) by exploiting a missing capability check in the 'get_ticket_content_callback' function, exposing sensitive customer data and private communications without authentication. The vulnerability requires only a valid ticket ID and network access, with no active public exploitation confirmed at time of analysis, but the low attack complexity and unauthenticated nature make it practically exploitable against any WordPress site running the affected plugin.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-6965 MEDIUM This Month

Authenticated instructors in Tutor LMS versions up to 3.9.9 can manipulate course ownership logic via an attacker-controlled GET parameter to perform unauthorized operations on other instructors' courses, including deleting lessons, quizzes, assignments, and student data, or modifying course content and grades. The vulnerability stems from the `get_course_id_by()` function unconditionally trusting user-supplied input instead of validating course ownership, bypassing the plugin's primary authorization gate. No public exploit code or active exploitation has been identified at time of analysis.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-42058 MEDIUM PATCH This Month

F5 BIG-IP iControl REST API allows authenticated attackers to enumerate local user account names through undisclosed requests, leading to information disclosure of administrative user identities. The vulnerability requires valid authentication credentials and network access to the iControl REST interface, affecting systems with BIG-IP versions that have not reached End of Technical Support. CVSS 4.3 (low) reflects the requirement for prior authentication and confidentiality-only impact, though the enumeration of administrative accounts could facilitate downstream attacks.

Information Disclosure Big Ip
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-44195 MEDIUM PATCH This Month

Brute-force lockout bypass in OPNsense prior to 26.1.7 allows unauthenticated remote attackers to indefinitely circumvent the authentication failure counter, enabling unlimited credential guessing against any network-accessible login endpoint. The flaw resides in the lockout_handler logic, which interprets attacker-controlled username strings containing the keywords 'Accepted' or 'Successful login' as success signals and resets the IP-based failure counter. A publicly available proof-of-concept exploit exists (SSVC exploitation: poc), the attack is classified as automatable with no prerequisites beyond network reach, and no active exploitation is confirmed in CISA KEV. EPSS is low at 0.03% (10th percentile), suggesting limited observed exploitation at time of analysis.

Information Disclosure Opnsense
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-14755 MEDIUM This Month

Unauthenticated attackers can manipulate product prices in WooCommerce carts via an unprotected AJAX action in the Cost Calculator Builder plugin for WordPress (versions up to 4.0.1) when used with Cost Calculator Builder PRO. The vulnerability stems from the ccb_woocommerce_payment AJAX endpoint being registered without authentication requirements (wp_ajax_nopriv) and failing to validate user input before passing it to checkout initialization, allowing price modification without authorization. This is an Insecure Direct Object Reference (IDOR) flaw with moderate CVSS score (5.3) that enables integrity violations but not confidentiality breaches or availability impact.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-8202 MEDIUM PATCH This Month

Denial of service in MongoDB Server v7.0 through v8.3 allows authenticated users with aggregation permissions to exhaust CPU resources via densely populated character masks in $trim, $ltrim, and $rtrim aggregation operators. An attacker can pin CPU utilization at 100% for extended periods by crafting malicious aggregation queries with large input strings and computationally expensive mask patterns. No public exploit code or active exploitation has been reported at time of analysis.

Denial Of Service Mongodb Server
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-8463 MEDIUM PATCH This Month

Heap out-of-bounds read in Crypt::Argon2 for Perl (versions 0.017 through 0.030) exposes applications to process crash or heap memory leakage when argon2_verify is called with an empty encoded hash string. The defect is a size_t integer underflow: the auto-detect variant of argon2_verify subtracts 1 from encoded_len without a zero-check, wrapping to SIZE_MAX and causing memchr to scan up to SIZE_MAX bytes of adjacent heap memory. No public exploit has been identified and no CISA KEV listing exists; EPSS is 0.03% (9th percentile), consistent with the SSVC assessment of exploitation status 'none'.

Buffer Overflow Crypt
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-9987 MEDIUM This Month

The Broadstreet WordPress plugin versions up to 1.53.1 exposes sensitive business information through an unauthenticated AJAX endpoint (get_sponsored_meta), allowing attackers to extract password-protected and private business details. Despite the CVSS vector indicating PR:N, the vulnerability requires subscriber-level or higher WordPress access, making authenticated users the primary attack vector. The exposure is limited to confidentiality impact with no integrity or availability compromise.

Information Disclosure WordPress
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-40703 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) in F5 BIG-IP Configuration utility dashboard allows unauthenticated remote attackers to perform unauthorized actions (integrity and availability impact) against authenticated users through malicious web pages, requiring user interaction to click a crafted link. Patch is available from F5. No public exploit code or active exploitation confirmed at time of analysis.

CSRF Big Ip
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-2515 MEDIUM This Month

Authenticated attackers with Subscriber-level access can modify the API key stored in the Hostinger Reach WordPress plugin (versions up to 1.3.8) due to missing capability checks in the AJAX handler, but only when the plugin is not yet connected to a site and the database contains no existing API key. The vulnerability allows unauthorized data modification via the 'hostinger_reach_connection_notice_action' action with CVSS 5.3 (network-accessible, high integrity impact, but requiring low-privilege authentication and non-standard conditions).

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33584 MEDIUM PATCH This Month

Unauthenticated access to an exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform allows remote attackers to read sensitive operational data including application metrics and health status without any credentials. All versions of the platform prior to 26.03 are affected. The CVSS vector (PR:N/AC:L) confirms no authentication is required and exploitation is straightforward; however, EPSS at 0.01% (1st percentile) and SSVC exploitation status of 'none' indicate no public exploit or active targeting observed at time of analysis.

Authentication Bypass Symmetric Key Agreement Platform
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-45740 MEDIUM POC PATCH GHSA This Month

Uncontrolled recursion in protobufjs versions prior to 7.5.8 and 8.2.0 allows remote attackers to exhaust the JavaScript call stack by providing crafted JSON descriptors with deeply nested namespace definitions to Root.fromJSON() or Namespace.addJSON(), causing a denial of service. The vulnerability requires only network access and no authentication, though exploitation depends on the application parsing untrusted protobuf JSON descriptors.

Information Disclosure Protobuf Js
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-47091 MEDIUM PATCH This Month

Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity.

Microsoft RCE Privilege Escalation
NVD VulDB
CVSS 4.0
5.2
EPSS
0.0%
CVE-2026-0250 MEDIUM PATCH This Month

Buffer overflow in Palo Alto Networks GlobalProtect App (versions 6.0 through 6.3) allows an adjacent-network attacker positioned as a man-in-the-middle to corrupt memory during Portal/Gateway message processing, potentially executing arbitrary code with SYSTEM privileges on affected endpoints. Affected platforms include Windows (including the UWP variant), macOS, and other non-iOS clients; iOS is explicitly excluded by the vendor. No public exploit identified at time of analysis - EPSS stands at 0.01% and SSVC confirms no current exploitation - however the SSVC technical impact rating of 'total' and potential for full SYSTEM-level compromise justify prioritized patching for endpoints connecting from untrusted networks.

Memory Corruption RCE Apple Buffer Overflow Paloalto +2
NVD VulDB
CVSS 4.0
5.2
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy