Skip to main content
CVE-2026-0244 MEDIUM PATCH This Month

Improper certificate validation in Palo Alto Networks Prisma SD-WAN ION allows an adjacent-network attacker positioned as a man-in-the-middle to impersonate the SD-WAN controller, achieving high confidentiality, integrity, and availability impact against the vulnerable device. Affected versions span three active release trains (6.3.x, 6.4.x, and 6.5.x), with fixed builds now available from Palo Alto Networks. No public exploit identified at time of analysis, and EPSS sits at 0.00%, but SSVC rates technical impact as total given the controller-impersonation capability.

Paloalto Information Disclosure Prisma Sd Wan Ion
NVD
CVSS 4.0
5.2
EPSS
0.0%
CVE-2026-21021 MEDIUM This Month

Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity.

Information Disclosure Samsung Mobile Devices
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-45228 MEDIUM PATCH This Month

Stored cross-site scripting in Quark Drive (quark-auto-save) before version 0.8.5 allows an authenticated low-privileged user to inject persistent JavaScript payloads that execute in the browsers of all authenticated users who view the System Configuration page. The root cause is Vue.js's v-html directive rendering push_config key names as raw HTML without sanitization, with payloads written to disk via the POST /update endpoint. No public exploit code has been identified at time of analysis, and the EPSS score of 0.03% (10th percentile) signals very low current exploitation probability, but the persistent, multi-victim nature of the stored XSS elevates real-world impact in multi-user deployments.

XSS Quark Auto Save
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-32425 MEDIUM PATCH This Month

Disk exhaustion in AutoGPT Platform before version 0.6.32 enables denial of service through unbounded Docker container log accumulation under high user access volume. The platform writes execution activity to stdout/stderr without any rotation or size cap, and Docker captures these logs indefinitely to host disk - a CWE-770 resource allocation failure. No public exploit has been identified at time of analysis; SSVC confirms exploitation status of none, and EPSS is 0.01% (3rd percentile), indicating negligible observed exploitation probability.

Denial Of Service Docker Autogpt Platform
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-21020 MEDIUM This Month

Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions.

Information Disclosure Google
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-21016 MEDIUM This Month

Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.

Information Disclosure Samsung Mobile Devices
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-41051 MEDIUM PATCH This Month

csync2 compiled with C99 or later creates insecure temporary directories vulnerable to time-of-check-time-of-use (TOCTOU) attacks, allowing local authenticated users with user interaction to cause denial of service through symlink or directory manipulation. The vulnerability affects OpenSUSE Tumbleweed and requires local access with low privileges and user interaction to exploit.

Information Disclosure Suse
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-0241 MEDIUM PATCH This Month

Incorrect Authorization in Palo Alto Networks Trust Protection Foundation allows adjacent-network unauthenticated attackers to bypass access controls and perform unauthorized actions against restricted resources. Affected version branches include 24.1.x, 24.3.x, 25.1.x, and 25.3.x, with fixed builds available from Palo Alto Networks. No public exploit identified at time of analysis, EPSS sits at the 1st percentile (0.01%), and SSVC rates exploitation as none - but the high availability impact component (VA:H in CVSS 4.0) on vulnerable systems makes patching a priority for organizations with exposed deployments.

Authentication Bypass Trust Protection Foundation
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-42961 MEDIUM This Month

Cross-site request forgery (CSRF) in ELECOM wireless LAN access points (WAB-BE187-M, WAB-BE72-M, WAB-BE36-M, WAB-BE36-S) allows remote attackers to trick authenticated users into performing unintended administrative operations by viewing a malicious webpage. The vulnerability exists despite CSRF token implementation due to inadequate token validation, enabling integrity compromise of access point configuration without user knowledge.

CSRF Wab Be187 M Wab Be72 M Wab Be36 M Wab Be36 S
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-42950 MEDIUM This Month

ELECOM wireless LAN access point models WAB-BE187-M, WAB-BE72-M, WAB-BE36-M, and WAB-BE36-S fail to validate the language parameter in administrative pages, allowing remote attackers to break the admin interface for logged-in users via malicious web pages. The vulnerability requires user interaction (viewing a malicious page while authenticated to the access point) and results in denial of service of the administrative interface rather than data exposure or unauthorized access. No public exploit code has been identified at time of analysis.

Information Disclosure Wab Be187 M Wab Be72 M Wab Be36 M Wab Be36 S
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-0259 MEDIUM PATCH This Month

Authenticated file read and delete in Palo Alto Networks WildFire WF-500 and WF-500-B on-premise sandboxing appliances exposes sensitive system information and permits arbitrary file deletion by low-privileged network users. The root cause is CWE-73 (External Control of File Name or Path), where user-supplied input is insufficiently validated before being used to construct file system paths. Exploitation is constrained to appliances running in the default non-FIPS configuration mode; organizations relying solely on the WildFire Public cloud service are not impacted. No public exploit has been identified at time of analysis, consistent with EPSS at 0.05% (16th percentile) and SSVC exploitation status of 'none'.

Paloalto Information Disclosure Wildfire Wf 500 And Wf 500 B
NVD VulDB
CVSS 4.0
5.0
EPSS
0.1%
CVE-2026-44441 MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) in ERPNext allows an authenticated remote attacker to send a crafted request to a vulnerable endpoint, causing the ERPNext server to issue arbitrary outbound HTTP calls to attacker-controlled services. The CVSS Changed scope (S:C) indicates the impact extends beyond the application itself, enabling potential access to internal network resources, cloud metadata services, or other intranet endpoints not otherwise reachable by the attacker. Vendor-released patches exist in versions 15.106.0 and 16.16.0; no active exploitation has been confirmed (not listed in CISA KEV) and EPSS sits at a very low 0.02%.

SSRF Erpnext
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-27852 MEDIUM This Month

Reflected cross-site scripting (XSS) in Garmin WDU v1 1.4.6 and v2 5.0 allows local network attackers to execute arbitrary JavaScript with full administrator-level access to the device. Exploitation requires the victim to visit a malicious URL and click an element on the rendered page, making this a moderate-risk vulnerability primarily affecting users on trusted networks who may be socially engineered.

XSS
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-0243 MEDIUM PATCH This Month

Denial of service in Palo Alto Networks Prisma SD-WAN ION devices allows an unauthenticated attacker with adjacent network access to crash or disrupt the device by sending a specially crafted IPv6 packet. The vulnerability (CWE-606) exists across three active release branches of the ION software, with fixed versions available from Palo Alto Networks. No public exploit code exists and no active exploitation has been identified at time of analysis, with EPSS at 0.03% and SSVC confirming exploitation status as none.

Denial Of Service Paloalto Prisma Sd Wan Ion
NVD
CVSS 4.0
4.9
EPSS
0.0%
CVE-2026-45054 MEDIUM PATCH This Month

SQL injection in CubeCart v6 prior to 6.7.0 allows an authenticated administrator to execute arbitrary SQL against the store database via the unsanitized ORDER BY clause on the admin transactions listing page. The admin.php orders-transactions endpoint passes attacker-controlled GET parameters directly into a raw SQL fragment, bypassing the platform's sqlSafe() function which only escapes quote characters - none of which are required for ORDER BY injection. An attacker with at minimum CC_PERM_READ permission on orders can leverage time-based blind SQL injection to extract admin password hashes, customer PII, and integrated payment-gateway credentials. No public exploit identified at time of analysis, though SSVC data indicates POC code exists; the EPSS score of 0.03% (9th percentile) reflects limited observed exploitation interest.

PHP SQLi V6
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-0239 MEDIUM This Month

Unauthenticated information disclosure in Palo Alto Networks' Chronosphere Chronocollector exposes sensitive data to any attacker with adjacent network access to the collector service endpoint. All versions from 0.0.0 up to v0.116.0 are affected, with the fix released in v0.116.0. No public exploit code has been identified at time of analysis and CISA has not added this to the KEV catalog, but the CVSS 4.0 Value Density modifier of 'Concentrated' (V:C) suggests the data at risk may include high-value material such as credentials or configuration secrets.

Information Disclosure Chronosphere Chronocollector
NVD VulDB
CVSS 4.0
4.9
EPSS
0.0%
CVE-2026-0249 MEDIUM PATCH This Month

Improper certificate validation in Palo Alto Networks GlobalProtect App exposes macOS and Android users to adversary-in-the-middle attacks from locally adjacent network positions, enabling traffic interception and malicious software installation. The flaw allows an unauthenticated attacker on the same subnet - or a local non-administrative OS user - to redirect encrypted VPN communications to a rogue server by bypassing TLS certificate checks. No public exploit has been identified at time of analysis, EPSS is effectively zero, and CISA SSVC rates exploitation as none, though the high confidentiality and integrity impact on the vulnerable component warrants prompt patching on affected platforms.

Apple Paloalto Microsoft Authentication Bypass Globalprotect App
NVD VulDB
CVSS 4.0
4.9
EPSS
0.0%
CVE-2026-0258 MEDIUM PATCH This Month

Server-side request forgery in the IKEv2 implementation of Palo Alto Networks PAN-OS allows unauthenticated remote attackers to coerce the firewall into issuing outbound network requests to arbitrary destinations or to trigger a denial-of-service condition. Affected are PAN-OS 10.2, 11.1, 11.2, and 12.1 branch trains; Panorama, Cloud NGFW, and Prisma Access are explicitly confirmed unaffected. No public exploit code has been identified and SSVC assessment confirms no current exploitation, though a vendor-released patch is available across all impacted branches.

Denial Of Service Paloalto SSRF Cloud Ngfw Pan Os +1
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-39428 MEDIUM PATCH This Month

Stored Cross-Site Scripting in CubeCart v6.x (prior to 6.6.0) allows an authenticated administrator to inject persistent malicious JavaScript into product creation or modification fields, which then executes in the browsers of any user - customer or fellow administrator - who views the affected product pages. The attack requires high-privilege access (PR:H) and victim interaction (UI:R), limiting its realistic threat surface to compromised or malicious admin accounts. No public exploit identified at time of analysis via KEV, though SSVC data indicates proof-of-concept code exists; EPSS stands at 0.03% (8th percentile), reflecting low observed exploitation pressure.

XSS V6
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-8200 MEDIUM PATCH This Month

MongoDB Server fails to fully redact user data in local server log messages when schema validation is enabled and an update or insert operation violates the collection schema, allowing authenticated administrators to access sensitive information through log inspection. This information disclosure affects MongoDB Server 7.0 prior to 7.0.34, 8.0 prior to 8.0.23, 8.2 prior to 8.2.9, and 8.3 prior to 8.3.2. The vulnerability requires high-privilege administrative access and has a low CVSS score of 2.7, indicating limited real-world impact despite confirmed patch availability.

Information Disclosure Mongodb Server
NVD VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-8367 MEDIUM This Month

aria2c fails to properly validate Extended Key Usage (EKU) constraints in TLS server certificates, allowing attackers who possess a compromised certificate issued for a different purpose to impersonate legitimate servers. This undermines certificate-based authentication and enables man-in-the-middle attacks against aria2c downloads over HTTPS, potentially leading to delivery of malicious files or interception of sensitive data.

Information Disclosure Aria2C
NVD VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-42948 MEDIUM This Month

Stored cross-site scripting vulnerability in ELECOM wireless LAN access point devices (WAB-BE187-M, WAB-BE72-M, WAB-BE36-M, WAB-BE36-S) allows authenticated administrators to inject malicious scripts that execute in other administrators' web browsers when they access the device management interface. Exploitation requires high-privilege administrative credentials and user interaction (victim must visit the admin panel), limiting real-world risk despite network-accessible attack surface.

XSS Wab Be187 M Wab Be72 M Wab Be36 M Wab Be36 S
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-0240 MEDIUM PATCH This Month

Sensitive vault credential disclosure in Palo Alto Networks Trust Protection Foundation allows an authenticated, adjacent-network attacker with low privileges to read secrets from the server's underlying vault (indicated by the HashiCorp tag), then leverage those secrets to impersonate any user in the environment and arbitrarily modify platform configuration. Affected across four active release branches (24.1.x, 24.3.x, 25.1.x, 25.3.x), with fixed versions available from the vendor. No public exploit code exists and CISA has not listed this in KEV; EPSS exploitation probability is 0.01%, reflecting low current threat activity.

Information Disclosure Hashicorp Trust Protection Foundation
NVD VulDB
CVSS 4.0
4.5
EPSS
0.0%
CVE-2026-0256 MEDIUM PATCH This Month

Stored cross-site scripting in Palo Alto Networks PAN-OS® web interface allows a malicious authenticated administrator to inject persistent JavaScript payloads that execute in the browsers of other users who view the affected pages. Affected deployments include PA-Series and VM-Series firewalls and Panorama (virtual and M-Series) running PAN-OS 10.2.x, 11.1.x, 11.2.x, and 12.1.x branches. No active exploitation is confirmed - EPSS stands at 0.04% (13th percentile), SSVC exploitation status is 'none', and no public exploit code has been identified at time of analysis. Vendor-released patches are available for all affected branches.

Paloalto XSS Cloud Ngfw Pan Os Prisma Access
NVD VulDB
CVSS 4.0
4.4
EPSS
0.0%
CVE-2025-9989 MEDIUM This Month

Stored Cross-Site Scripting in Broadstreet plugin for WordPress versions up to 1.53.1 allows authenticated administrators to inject arbitrary JavaScript into admin settings that executes for all users viewing affected pages. The vulnerability requires administrator-level access, high attack complexity due to disabled unfiltered_html or multi-site configuration restrictions, and impacts confidentiality and integrity with limited scope. No active exploitation confirmed at time of analysis.

XSS WordPress
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-9988 MEDIUM This Month

Broadstreet WordPress plugin up to version 1.53.1 allows authenticated attackers with Subscriber-level access to create advertisers via missing capability checks on the create_advertiser AJAX action, enabling privilege escalation and unauthorized modification of advertising data.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-28374 MEDIUM PATCH This Month

Improper access control in Grafana OSS allows authenticated Editor-role users to delete any annotation instance-wide, regardless of whether they hold read or create permissions on that annotation. The flaw affects a broad version range from 8.5.0 through 13.0.1, exposing organizations to unauthorized data destruction by low-privileged internal users. No active exploitation has been identified at time of analysis (SSVC: none; EPSS: 0.03%, 8th percentile), and no public exploit code exists; real-world risk is constrained by the authentication prerequisite and partial integrity-only impact.

Authentication Bypass Grafana Oss
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-45147 MEDIUM PATCH GHSA This Month

Broken access control in SiYuan's `/api/tag/getTag` endpoint (versions prior to 3.7.0) allows any authenticated low-privilege user - including publish-service `RoleReader` accounts and `RoleEditor` accounts on read-only workspaces - to mutate the global `Conf.Tag.Sort` configuration value and trigger a full rewrite of the workspace `conf.json` file. The handler silently executes a privileged write operation (`model.Conf.Save()`) when a `sort` argument is present, despite the endpoint being registered with only `model.CheckAuth` middleware, omitting the `model.CheckAdminRole` and `model.CheckReadonly` guards that sibling write endpoints correctly enforce. Publicly available exploit code exists per SSVC assessment, though no active exploitation has been confirmed (not in CISA KEV; EPSS 0.03%).

Authentication Bypass Docker
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-45148 MEDIUM PATCH GHSA This Month

Broken access control in SiYuan's publish-service API allows authenticated RoleReader principals to enumerate workspace metadata from notebooks explicitly marked as private or publish-ignored. Four search endpoints - `/api/search/searchTag`, `/api/search/searchAsset`, `/api/search/searchWidget`, and `/api/search/searchTemplate` - pass the `CheckAuth` middleware that a publish-service RoleReader JWT satisfies, but never apply the `IsReadOnlyRoleContext` filtering logic that sibling endpoints in the same file correctly implement, returning unscoped global workspace results. A proof-of-concept exploit exists per SSVC assessment and is documented in the advisory; the vulnerability is not currently listed in CISA KEV.

Authentication Bypass
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-0245 MEDIUM PATCH This Month

Prisma Access Agent on Windows and macOS exposes sensitive configuration data and credentials to local low-privileged users through multiple information disclosure weaknesses. Palo Alto Networks has confirmed these vulnerabilities affect agent versions prior to 26.2.1; Linux, ChromeOS, Android, and iOS deployments are explicitly out of scope. No public exploit has been identified at time of analysis, and SSVC classifies exploitation status as none, making this a low-urgency but real credential-hygiene risk on affected desktop platforms.

Apple Information Disclosure Google Prisma Access Agent
NVD
CVSS 4.0
4.3
EPSS
0.0%
CVE-2026-4607 MEDIUM This Month

Authentication bypass in ProfileGrid - User Profiles, Groups and Communities WordPress plugin up to version 5.9.8.4 allows authenticated Subscriber-level users to modify site-wide group settings through unprotected AJAX actions (pm_set_group_order, pm_set_group_items, pm_set_field_order). Attackers can alter group menu order, list order, icon display, and field ordering without authorization checks. No public exploit code or active exploitation has been identified; CVSS 4.3 (low-moderate severity) reflects limited impact scope to integrity without confidentiality or availability impact.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3426 MEDIUM This Month

RTMKit Addons for Elementor plugin for WordPress allows authenticated attackers with Author-level access or higher to modify or reset site-wide widget configurations due to missing capability checks in the save_widget() and reset_all_widgets() functions. This privilege escalation vulnerability affects all versions up to 2.0.2 and enables unauthorized modification of widget data across the entire WordPress site, impacting site integrity and user experience.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy