Skip to main content
CVE-2026-21022 MEDIUM This Month

Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.

Information Disclosure Samsung Mobile Devices
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-25107 MEDIUM This Month

ELECOM wireless LAN access point devices WRC-X1800GS-B, WRC-X3000GS2 series, WRC-X6000QS series, and related models use a hard-coded cryptographic key to encrypt configuration file backups. An attacker who obtains a backup file can decrypt and modify the configuration using the publicly known key, then trick a network administrator into restoring the malicious configuration, enabling complete compromise of network settings. This requires user interaction (administrator deploying a crafted backup) but no authentication, making it a practical attack vector for supply-chain compromise or insider threats. CVSS 6.5 (Medium) reflects the high integrity impact balanced against the requirement for administrator interaction.

Information Disclosure Wrc X1800Gs B Wrc X3000Gs2 B Wrc X3000Gs2 W Wrc X3000Gs2A B +9
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-36738 MEDIUM This Month

U-SPEED AC1200 Gigabit Wi-Fi Router Model T18-21K V1.0 exposes an unauthenticated UART serial interface that grants unrestricted access to device functionality upon physical connection. An attacker with physical access to the exposed UART pins can bypass all authentication and authorization controls to gain full device compromise. EPSS exploitation probability is low (0.03%), reflecting the physical access requirement, though the impact of successful exploitation is severe (confidentiality, integrity, and availability compromise).

Authentication Bypass T18 21K Firmware
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-21018 MEDIUM This Month

Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.

RCE Buffer Overflow Memory Corruption Samsung Mobile Devices
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-21015 MEDIUM This Month

Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier.

Privilege Escalation Samsung Mobile Devices
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-36742 MEDIUM This Month

Hiseeu C90 v5.7.15 exposes a UART bootloader in debug mode when the device battery is disconnected, allowing unauthenticated physical attackers with direct hardware access to achieve privilege escalation and potentially execute arbitrary code with full device control. This vulnerability requires physical tampering to trigger but bypasses all software-based security controls once activated.

Privilege Escalation
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-42408 MEDIUM PATCH This Month

F5 BIG-IP DNS when provisioned contains an undisclosed TMOS Shell (tmsh) command vulnerability allowing highly privileged authenticated attackers to view sensitive information. The vulnerability requires high-privilege account access and local shell access (AV:L, PR:H), limiting real-world exploitation to insider threats or post-compromise scenarios where an attacker has already obtained administrative credentials on the management interface.

Information Disclosure Big Ip
NVD VulDB
CVSS 4.0
6.7
EPSS
0.0%
CVE-2026-28758 MEDIUM PATCH This Month

BIG-IP DNS provisioning exposes SSH passwords in cleartext within iControl REST API responses and audit logs when using the gtm_add and bigip_add commands, allowing highly privileged authenticated attackers with audit log access to retrieve sensitive credentials. The vulnerability affects all supported BIG-IP DNS versions and carries a CVSS score of 4.4 with low real-world exploitation risk due to the requirement for local access and high privilege level.

Information Disclosure Big Ip
NVD VulDB
CVSS 4.0
6.7
EPSS
0.0%
CVE-2026-0262 MEDIUM PATCH This Month

Multiple denial-of-service conditions in Palo Alto Networks PAN-OS allow unauthenticated remote attackers to crash or degrade firewall availability by sending specially crafted network traffic, with a high availability impact (VA:H) on the vulnerable system. Affected deployments span PAN-OS 10.2, 11.1, 11.2, and 12.1 branches as well as Prisma Access; vendor explicitly states Panorama and Cloud NGFW are not impacted, though Cloud NGFW appears in CPE strings - a discrepancy worth verifying. No public exploit identified at time of analysis, EPSS is very low (0.05%, 16th percentile), and SSVC classifies exploitation as none with non-automatable attack patterns, collectively suggesting a patch-cycle priority rather than an emergency response.

Denial Of Service Paloalto Cloud Ngfw Pan Os Prisma Access
NVD VulDB
CVSS 4.0
6.6
EPSS
0.1%
CVE-2026-44796 MEDIUM PATCH GHSA This Month

Nautobot's UI object bulk-rename endpoints (e.g., /dcim/interfaces/rename/) allow authenticated low-privilege users to trigger application-wide denial of service by submitting a maliciously crafted regular expression in the `find` field with the `use_regex` flag enabled, causing Python's re.sub() to enter catastrophic backtracking that stalls worker processes indefinitely. All Nautobot installations running versions prior to 2.4.33 (v2.x branch) or prior to 3.1.2 (v3.x branch, from 3.0.0a2) are affected. No active exploitation has been confirmed (not in CISA KEV), no public exploit code has been identified, and EPSS is 0.04% (14th percentile); vendor-released patches are available.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-44440 MEDIUM PATCH This Month

Path traversal in ERPNext exposes arbitrary server files to authenticated low-privileged users via a vulnerable endpoint that fails to restrict directory access. Affected versions are ERPNext prior to 15.101.1 and the 16.x beta line prior to 16.10.0, packaged under CPE cpe:2.3:a:frappe:erpnext. An attacker with a valid account can craft a request to read sensitive files outside the intended directory scope, resulting in full confidentiality compromise of the host filesystem. No public exploit identified at time of analysis, and CISA SSVC signals no active exploitation.

Path Traversal Erpnext
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33378 MEDIUM PATCH This Month

Uncontrolled resource consumption in Grafana OSS allows authenticated low-privilege users to trigger an out-of-memory (OOM) crash by exploiting the $__timeGroup macro against a configured SQL datasource. The attack is slow by nature - requiring upwards of 30 minutes to exhaust server memory - and affects Grafana OSS versions spanning from 8.0.0 through 13.0.1. Grafana reported this vulnerability directly, a vendor patch is available across all affected release branches, and no public exploit code or active exploitation has been identified at time of analysis.

Denial Of Service Grafana Oss
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28376 MEDIUM PATCH This Month

Unbounded memory allocation in Grafana OSS's Live push endpoint allows any authenticated user to exhaust server memory by submitting a large or streaming HTTP request body, resulting in an out-of-memory condition and denial of service. Confirmed affected branches span Grafana OSS 8.0.0 through 13.0.1 across five actively maintained release lines, with vendor-released security patches available for each. No public exploit code exists and CISA has not listed this in KEV; the EPSS score of 0.04% (12th percentile) and SSVC exploitation status of 'none' collectively indicate low current real-world exploitation activity.

Denial Of Service Grafana Grafana Oss
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28379 MEDIUM PATCH This Month

Grafana Live's concurrent request handling exposes authenticated Viewer-role users as a denial-of-service vector: sending concurrent requests triggers a fatal map access error that crashes the entire Grafana server, requiring a manual restart to restore service. All Grafana OSS releases from 8.2.0 through 13.0.1 are affected across multiple maintained branches, making the exposure surface exceptionally broad. No public exploit identified at time of analysis and EPSS sits at 0.04% (12th percentile), but the low privilege bar - any Viewer account - and reliable triggering (AC:L) mean insider threats and compromised low-privilege accounts represent a realistic DoS risk for organizations without guest/anonymous access controls.

Denial Of Service Grafana Race Condition Grafana Oss
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-4782 MEDIUM This Month

Arbitrary file read in Avada Builder plugin for WordPress versions up to 3.15.2 allows authenticated attackers with Subscriber-level access to read arbitrary files on the server via the 'fusion_get_svg_from_file' function in the 'fusion_section_separator' shortcode. Sensitive information including configuration files, database credentials, and private keys can be exposed. The vulnerability was partially patched in 3.15.2 and fully patched in version 3.15.3.

RCE WordPress
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28383 MEDIUM PATCH This Month

Unbounded memory allocation in Grafana OSS's plugin resources endpoint allows any authenticated low-privileged user to trigger an out-of-memory condition by sending a sufficiently large HTTP request body, resulting in denial of service against the Grafana instance. Affected versions span a wide range from 6.7.0 through 13.0.1, with vendor-released security patches available across all supported branches. No public exploit exists and CISA has not added this to the KEV catalog; the EPSS score of 0.04% (12th percentile) reflects very low observed exploitation probability.

Denial Of Service Grafana Grafana Oss
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-7619 MEDIUM This Month

SQL injection in Charitable - Donation Plugin for WordPress versions up to 1.8.10.4 allows authenticated users with donation management admin privileges to inject malicious SQL via the 's' search parameter, enabling extraction of sensitive database information. The vulnerability stems from insufficient escaping and lack of prepared statement usage in the donation search functionality. Attack requires administrator-level access to the donation management area (edit_others_donations capability), limiting scope to internal threats but carrying high confidentiality impact.

SQLi WordPress
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33380 MEDIUM PATCH This Month

Arbitrary file read in Grafana OSS exposes server filesystem contents to authenticated low-privilege users when the sqlExpressions feature toggle is enabled. Affected versions span the 11.6.x, 12.x, and 13.0.x release trains, with fixed security builds available across all affected branches. No public exploit code exists and CISA has not added this to the Known Exploited Vulnerabilities catalog; however, the confidentiality impact is rated High by CVSS due to the potential for unrestricted file disclosure from the Grafana server's filesystem.

Information Disclosure Grafana Path Traversal Grafana Oss
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-37429 MEDIUM This Month

SQL injection in qihang-wms (commit 75c15a) exposes sensitive database contents, including user PII, to unauthenticated remote attackers via the `datascope` parameter in `SysUserMapper.xml`. The vulnerability requires no authentication, no user interaction, and is reachable over the network, making automated exploitation feasible. SSVC assessment confirms exploitation has not been observed and EPSS sits at 0.03% (9th percentile), indicating low current exploitation interest despite the permissive attack surface.

SQLi N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-37428 MEDIUM This Month

SQL injection in qihang-wms (commit 75c15a) via the unsanitized `datascope` parameter in `SysDeptMapper.xml` allows remote database access without authentication. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms unauthenticated, network-accessible, low-complexity exploitation yielding partial confidentiality and integrity impact, including exposure of users' PII from the backend database. Publicly available exploit code exists via GitHub-hosted writeups and proof-of-concept scripts, though EPSS sits at 0.03% (9th percentile) and SSVC reports no confirmed active exploitation at time of analysis.

SQLi N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28380 MEDIUM PATCH This Month

Missing authorization in Grafana OSS's snapshot deletion endpoint allows any authenticated Editor-role user to delete arbitrary snapshots across the platform, regardless of whether they hold read or write access to those snapshots. Affected versions span a wide release range from 9.4.0 through 13.0.1 across multiple major branches (CPE: cpe:2.3:a:grafana:grafana_oss). With EPSS at 0.03% (8th percentile), SSVC exploitation rated none, and no public exploit identified at time of analysis, the practical threat is primarily insider abuse or compromised Editor credentials being used to destroy monitoring data outside an attacker's legitimate scope.

Authentication Bypass Grafana Oss
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-31156 MEDIUM This Month

Path traversal in OpenPLC v3 allows authenticated remote attackers to read arbitrary files via unvalidated file path parameters passed to the glue_generator binary. The vulnerability affects command-line input handling in the compiled binary derived from glue_generator.cpp, where user-controlled paths are passed directly to file operation functions (fopen, ifstream, ofstream) without validation. Exploitation requires authentication but no user interaction, and no public exploit code has been identified at the time of analysis.

Path Traversal N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-44740 MEDIUM PATCH GHSA This Month

go-billy versions prior to v5.9.0 and v6.0.0-alpha.1 lack proper depth and cycle detection in symlink resolution, allowing authenticated remote attackers to trigger infinite loops, uncontrolled recursion, or excessive resource consumption through crafted or malformed repository data and filesystem structures. The vulnerability stems from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states. CVSS 6.5 (availability impact) reflects the authenticated requirement (PR:L) and network attack vector, with no public exploit currently identified.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-4608 MEDIUM This Month

ProfileGrid User Profiles plugin for WordPress versions up to 5.9.8.4 allow authenticated attackers with Subscriber-level access to execute blind SQL injection attacks via the 'rid' parameter due to insufficient input escaping and lack of prepared statement use. The vulnerability enables extraction of sensitive database information without user interaction. No public exploit code or active exploitation has been confirmed at this time.

SQLi WordPress
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-6828 MEDIUM This Month

Stored Cross-Site Scripting (XSS) in Fluent Forms WordPress plugin versions up to 6.2.1 allows authenticated contributors and above to inject arbitrary JavaScript into pages via the 'permission_message' parameter, which executes when any user views the affected page. The vulnerability stems from insufficient input sanitization and output escaping in the Component module. No active exploitation or public proof-of-concept has been reported, but the low attack complexity and network accessibility make this a practical risk for WordPress sites with contributor-level user accounts.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-6962 MEDIUM This Month

Stored cross-site scripting in Cost of Goods: Product Cost & Profit Calculator for WooCommerce plugin (all versions up to 4.1.0) allows authenticated attackers with contributor-level access to inject arbitrary JavaScript via unsanitized shortcode attributes 'alg_wc_cog_product_cost' and 'alg_wc_cog_product_profit', which executes in the browsers of all users viewing the affected pages. The vulnerability requires prior account access but no user interaction for execution, making it a persistent attack vector for privilege escalation or malicious content injection on WordPress sites.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-3004 MEDIUM This Month

Stored Cross-Site Scripting in Snow Monkey Blocks WordPress plugin up to version 24.1.11 allows authenticated attackers with Contributor-level or higher privileges to inject arbitrary JavaScript via the 'data-slick' attribute, which executes in the browsers of all users who view the affected pages. The vulnerability stems from insufficient input sanitization and output escaping in block rendering functionality. CVSS 6.4 reflects the moderate severity; exploitation requires prior authentication and contributor access, limiting the attack surface to trusted WordPress users or accounts obtained through compromise.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-44774 MEDIUM PATCH GHSA This Month

Unauthorized write access to Traefik's live dynamic configuration is achievable by a low-privileged Kubernetes tenant in shared Gateway deployments, because the Gateway API provider's `isInternalService()` check accepts any `TraefikService` name ending in `@internal` - not exclusively the intended `api@internal`. This allows a tenant with `HTTPRoute` creation rights to route external traffic to `rest@internal`, fully bypassing the `providers.rest.insecure=false` safeguard and gaining `PUT /api/providers/rest` write access. No active exploitation is confirmed (not in CISA KEV, EPSS at 0.01%), but a detailed proof-of-concept is published in the GHSA advisory and the SSVC framework marks the attack as automatable for tenants meeting the prerequisites.

Denial Of Service Authentication Bypass Kubernetes
NVD GitHub VulDB
CVSS 4.0
6.4
EPSS
0.0%
CVE-2026-2695 MEDIUM PATCH This Month

Command injection in TeamViewer DEX Platform On-Premises (formerly 1E DEX Platform On-Premises) prior to version 9.2 allows authenticated low-privileged users to execute elevated commands on endpoints managed by the platform. The vulnerability stems from improper input validation (CWE-20) within specific platform instructions, enabling a user holding only 'questioner' privileges to escalate their effective impact to arbitrary command execution on connected devices. No public exploit exists and EPSS is low (0.08%), though SSVC rates Technical Impact as 'total', reflecting the downstream risk to managed endpoints despite the bounded CVSS partial-impact scores.

Code Injection
NVD VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-34019 MEDIUM PATCH This Month

Denial of service in F5 BIG-IP affects the Traffic Management Microkernel (TMM) when Bidirectional Forwarding Detection (BFD) is configured with static or dynamic routing protocols. Undisclosed traffic patterns cause TMM to stop processing BFD packets, triggering unintended failover of the configured routing protocol. Remote unauthenticated attackers can trigger this condition over the network with low complexity, resulting in availability loss for BFD-dependent routing operations.

Information Disclosure Big Ip
NVD VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-42934 MEDIUM PATCH This Month

Heap buffer over-read in NGINX's ngx_http_charset_module allows unauthenticated remote attackers to leak sensitive memory or crash worker processes when specific configuration directives (charset, source_charset, charset_map, and proxy_pass with buffering disabled) are combined. The vulnerability requires attacker-controlled conditions that depend on factors outside the attacker's control, limiting exploitability but creating real risk for affected deployments. CVSS 4.8 reflects the conditional nature of exploitation and limited scope of impact (information disclosure or availability).

Information Disclosure Buffer Overflow Nginx Nginx Plus Nginx Open Source
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-40701 MEDIUM PATCH This Month

Heap-use-after-free in NGINX Plus and NGINX Open Source allows unauthenticated remote attackers to trigger memory corruption in the worker process when ssl_verify_client is set to 'on' or 'optional' and ssl_ocsp is configured with a resolver. Exploitation can cause limited information disclosure or worker process restart, with CVSS 4.8 reflecting moderate impact constrained by high attack complexity. No public exploit code or active exploitation has been identified at time of analysis.

Information Disclosure Use After Free Memory Corruption Nginx Nginx Plus +1
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-42926 MEDIUM PATCH This Month

NGINX Open Source configured to proxy HTTP/2 traffic with proxy_http_version set to 2 combined with proxy_set_body allows remote unauthenticated attackers to inject frame headers and payload bytes to upstream peers, enabling potential header injection or request manipulation attacks. The vulnerability affects default configurations without requiring authentication or user interaction, with CVSS 5.8 indicating moderate integrity impact across networked systems. No public exploit code or active exploitation has been confirmed at this time.

Code Injection Nginx Nginx Open Source
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-21024 MEDIUM This Month

Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions.

Information Disclosure Samsung
NVD
CVSS 4.0
6.3
EPSS
0.0%
CVE-2024-48519 MEDIUM This Month

Buffer Overflow vulnerability in Ardupilot rover commit v.c56439b045162058df0ff136afea3081fcd06d38 allows a local attacker to cause a denial of service via the AP_InertialSensor_ADIS1647x.cpp,. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2024-51395 MEDIUM This Month

Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_SmartAudio::loop,. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Stack Overflow
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-0248 MEDIUM PATCH This Month

Improper certificate validation in Palo Alto Networks Prisma Access Agent versions below 26.2.1 on Android and Chrome OS exposes VPN sessions to man-in-the-middle interception by adjacent-network attackers. An attacker co-located on the same network segment can present any certificate for any domain issued by a trusted Certificate Authority - bypassing domain-specific validation - to intercept VPN tunnel traffic and capture sensitive device information. No public exploit code exists and no active exploitation has been confirmed (EPSS 0.00%, not in CISA KEV); however, a vendor patch is available at version 26.2.1 and should be prioritized for mobile and Chrome OS deployments.

Apple Information Disclosure Google Microsoft Prisma Access Agent
NVD
CVSS 4.0
6.2
EPSS
0.0%
CVE-2026-0261 MEDIUM PATCH This Month

Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS allow an authenticated administrator to escape system restrictions and execute arbitrary commands with root-level privileges on affected firewalls and Panorama management platforms. Affected deployments include PA-Series and VM-Series firewalls and Panorama (virtual and M-Series appliances) across PAN-OS versions 10.2, 11.1, 11.2, and 12.1. An attacker who already holds administrative credentials and can reach the CLI or Web UI can leverage these flaws to fully compromise the underlying OS. No public exploit code exists and no KEV listing is present at time of analysis, consistent with the very low EPSS score of 0.08% (24th percentile).

Paloalto Command Injection Cloud Ngfw Pan Os Prisma Access
NVD VulDB
CVSS 4.0
6.1
EPSS
0.1%
CVE-2026-8496 MEDIUM PATCH This Month

Stored XSS in Alinto SOGo's ICS calendar invitation viewer enables a remote unauthenticated attacker to execute arbitrary JavaScript within an authenticated victim's SOGo webmail session. Affected versions span all releases prior to 5.12.8; the root cause is an incomplete blocklist sanitizer in NSString+Utilities.m that explicitly blocked only 'onload' and 'onmouseover' event handlers, leaving the SVG animation event 'onrepeat' unfiltered when SVG content appears in an ICS DESCRIPTION field. No public exploit has been identified at time of analysis and CISA SSVC confirms no active exploitation, but the CVSS Scope:Changed rating reflects that successful execution grants the attacker full access to the victim's authenticated session context, enabling mailbox access, contact theft, and session hijacking.

XSS Sogo
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-44681 MEDIUM PATCH GHSA This Month

Unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoints allows remote attackers to redirect users to attacker-controlled URLs by submitting authorization requests that omit the openid scope. The vulnerability occurs because scope validation happens before redirect_uri validation, allowing the error handler to return an HTTP 302 with an unvalidated attacker-supplied redirect_uri. A proof-of-concept GET request demonstrates the flaw trivially; no authentication, valid client_id, or user interaction beyond clicking the link is required, though the CVSS score of 6.1 reflects the requirement for user interaction (UI:R) to click the phishing link. Actively exploited in the wild (KEV status), this is a Medium-severity open redirect enabling credential harvesting attacks.

Python CSRF Open Redirect
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-8201 MEDIUM PATCH This Month

Use-after-free in MongoDB Server's Field-Level Encryption query analysis component allows authenticated remote attackers with control over FLE query structure to cause information disclosure and denial of service. The vulnerability affects mongocryptd and crypt_shared in versions 7.0 prior to 7.0.34, 8.0 prior to 8.0.23, 8.2 prior to 8.2.9, and 8.3 prior to 8.3.2. No public exploit code identified at time of analysis.

Information Disclosure Use After Free Memory Corruption Mongodb Server
NVD VulDB
CVSS 4.0
6.1
EPSS
0.0%
CVE-2026-0242 MEDIUM PATCH This Month

SQL injection in Palo Alto Networks Trust Protection Foundation exposes the platform database to arbitrary command execution by authenticated attackers on an adjacent network. Affected versions span four active release trains (24.1.x, 24.3.x, 25.1.x, 25.3.x), with successful exploitation enabling full database read/write access and privilege escalation to administrative control. No public exploit code exists and no active exploitation has been identified; EPSS sits at 0.01% and SSVC exploitation status is 'none', but the SSVC technical impact rating of 'total' underscores the severity of a successful attack.

Information Disclosure SQLi Trust Protection Foundation
NVD
CVSS 4.0
6.1
EPSS
0.0%
CVE-2026-22677 MEDIUM PATCH This Month

Path traversal in Hermes WebUI's session import endpoint allows authenticated low-privileged attackers to read arbitrary files accessible to the WebUI process. By importing a crafted session JSON with an unrestricted workspace value such as '/', an attacker bypasses the workspace boundary controls that govern every other workspace-bearing endpoint, then leverages the file API to exfiltrate any file readable by the WebUI process user. No active exploitation is confirmed (absent from CISA KEV), EPSS sits at 0.04% in the 12th percentile, and SSVC rates exploitation as none - but the CVSS 4.0 confidentiality impact is rated High, making this a meaningful risk for network-exposed deployments with authenticated user populations.

Path Traversal Hermes Webui
NVD GitHub
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-2725 MEDIUM This Month

Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" tag of an unapproved change.

Authentication Bypass Gerrit
NVD VulDB
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-8369 MEDIUM This Month

Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before commit 26a882d on all platforms allows an attacker on the adjacent IPv4 network to inject corrupted IPv6 packets into the Thread mesh or bypass security checks via crafted IPv4 packets with options.

Authentication Bypass Openthread
NVD GitHub
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-8328 MEDIUM PATCH This Month

Server-Side Request Forgery in CPython's ftplib module allows a malicious FTP source server to redirect a target FTP server's data connection to an arbitrary internal host by supplying an attacker-controlled IP address and port in its PASV response. The ftpcp() function - used to copy files directly between two FTP servers - was inadvertently excluded from the CVE-2021-4189 fix that already hardened FTP.makepasv() against this class of SSRF. Affecting CPython versions prior to 3.15.0, no public exploit has been identified at time of analysis, and EPSS at 0.04% (12th percentile) signals low exploitation probability; the vulnerability is not listed in CISA KEV.

SSRF Cpython
NVD GitHub VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-44448 MEDIUM PATCH This Month

Insufficient authorization enforcement on specific ERPNext endpoints allows authenticated low-privilege users to read sensitive data beyond their permitted role and make limited unauthorized data modifications. Affecting all ERPNext deployments prior to 15.102.0 (v15 branch) and prior to 16.11.0 (v16 branch), an attacker holding any valid user account can invoke unprotected server-side endpoints to access restricted records or alter data outside their role scope. No public exploit code exists and SSVC confirms no active exploitation, but the high confidentiality impact (CVSS C:H) warrants prompt patching - particularly on internet-exposed ERPNext instances where low-privilege accounts may be broadly distributed.

Authentication Bypass Erpnext
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-61971 MEDIUM This Month

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity.

Information Disclosure Amd Epyc 9004 Series Processors Amd Epyc 7003 Series Processors Amd Epyc 9005 Series Processors Amd Epyc 8004 Series Processors +7
NVD VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-0247 MEDIUM PATCH This Month

Authorization bypass in Palo Alto Networks Prisma Access Agent's Endpoint DLP component permits a locally authenticated attacker with low privileges to circumvent authentication controls and invoke privileged operations. Affected are all Prisma Access Agent versions prior to 26.2.1, with full confidentiality, integrity, and availability impact on the vulnerable component confirmed by the CVSS:4.0 vector (VC:H/VI:H/VA:H). No active exploitation has been identified - SSVC marks exploitation as 'none', EPSS sits at the 1st percentile, and the CVSS exploit maturity is rated 'Unreported' (E:U).

Authentication Bypass Prisma Access Agent
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-0251 MEDIUM PATCH This Month

Local privilege escalation vulnerabilities in Palo Alto Networks GlobalProtect App on Windows, macOS, and Linux allow a low-privileged local user to elevate to NT AUTHORITY\SYSTEM (Windows) or root (macOS/Linux), enabling full OS-level command execution. The root cause is CWE-426 (Untrusted Search Path), where the application resolves executables or libraries from attacker-controllable locations. No public exploit has been identified and CISA SSVC confirms exploitation status as none; however, SSVC rates technical impact as total, reflecting the complete privilege gain achievable upon successful exploitation.

Privilege Escalation Google Apple Microsoft Paloalto +2
NVD VulDB
CVSS 4.0
5.9
EPSS
0.0%
Prev Page 4 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy