Skip to main content
CVE-2026-6811 MEDIUM This Month

Stack exhaustion in MongoDB PHP driver allows remote denial of service when processing deeply nested BSON documents from untrusted sources. Unauthenticated attackers can crash applications by sending maliciously crafted BSON payloads with excessive nesting levels, affecting all versions of the PHP driver that parse BSON without depth limits. The vulnerability requires high attack complexity but results in complete availability loss.

Denial Of Service PHP
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-44884 MEDIUM PATCH GHSA This Month

Portainer's custom template file endpoint (GET /api/custom_templates/{id}/file) exposes template file contents to any authenticated user due to a completely absent authorization check in the customTemplateFile handler - a check that every other custom template endpoint correctly implements. Authenticated users at any privilege level can enumerate sequential integer template IDs to read Docker Compose files belonging to templates they have no explicit access to, potentially harvesting embedded secrets such as database connection strings, API tokens, and registry credentials. No public exploit or CISA KEV listing has been identified at time of analysis; however, exploitation requires only a valid session and sequential ID guessing, making it trivially scriptable against any unpatched multi-tenant Portainer instance.

Authentication Bypass Docker
NVD GitHub
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-45787 MEDIUM PATCH GHSA This Month

electerm's sync encryption uses deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no message authentication code, allowing attackers to crack common passwords across multiple installations and perform undetected bit-flip attacks on synced bookmark and profile data. Affects electerm versions prior to 3.9.5. No public exploit code identified at time of analysis, but the cryptographic weaknesses are fundamental and exploitable without specialized tooling.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.0%
CVE-2025-62625 MEDIUM This Month

Improper privilege management in AMD's KVM key download component allows authenticated local attackers to swap tokens and exfiltrate sensitive cryptographic keys due to insufficient access controls, potentially enabling unauthorized access to privileged resources and compromising system confidentiality. The vulnerability requires authenticated access (PR:L) but carries high confidentiality impact (VC:H), making it a significant risk in multi-tenant or shared-access environments.

Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-42567 MEDIUM PATCH GHSA This Month

Regular expression denial of service (ReDoS) in Svelte 5.51.5 through 5.55.6 allows attackers to cause application hang or crash by passing unconstrained-length tag names to the `<svelte:element>` component, triggering exponential regex evaluation time in the runtime tag validation logic. The vulnerability requires applications to accept user-controlled tag input without length or content restrictions.

Denial Of Service Red Hat
NVD GitHub VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-3160 MEDIUM PATCH This Month

GitLab's Jira integration exposes out-of-scope Jira issues to authenticated GitLab users across all editions (CE and EE) from version 13.7 through the patched releases, due to the integration's project-scope filter operating only as a UI display control rather than an enforced access boundary. The Changed scope (S:C) in the CVSS vector reflects that impact crosses into Atlassian Jira - a component outside GitLab's own trust domain - allowing confidential Jira issue data to leak beyond intended project boundaries. No public exploit exists and no active exploitation has been confirmed; EPSS is negligible at 0.01% (3rd percentile), placing this firmly in low-exploitation-probability territory despite a broad version range spanning over five years of releases.

Atlassian Information Disclosure Gitlab
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-44885 MEDIUM PATCH GHSA This Month

Path traversal in Portainer's backup restore feature allows arbitrary file write to the server filesystem via crafted tar.gz archives. Versions prior to 2.39.0 (and 2.33.8 in the LTS branch) use unsafe path joining in the ExtractTarGz function, permitting entries like `../../etc/cron.d/evil` to escape the extraction root. An authenticated administrator who restores a malicious archive or whose credentials are compromised can write files to any path accessible to the Portainer process, potentially establishing persistence on the host. Exploitation requires administrative privileges within Portainer, reducing practical impact.

Path Traversal
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-43996 MEDIUM PATCH This Month

Integer overflow in OpenImageIO TGA image decoder allows local attackers to trigger out-of-bounds buffer read and denial of service. When processing TGA image files, the bounds check in TGAInput::decode_pixel computes k + palbytespp using unsigned 32-bit arithmetic; specifically, when k equals 0xFFFFFFFC and palbytespp equals 4, the sum wraps to zero, bypassing the palette size validation. The subsequent palette access then uses the unwrapped value as an array index, reading approximately 4 GB past the palette buffer start, causing a segmentation fault. Affects OpenImageIO versions prior to 3.0.18.0 and 3.1.13.0; requires local file access and user interaction to open a malicious TGA file. CVSS score of 5.5 reflects local-only attack vector with high availability impact but no confidentiality or integrity impact.

Information Disclosure Buffer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-8586 MEDIUM PATCH This Month

Discretionary access control bypass in Chrome Remote Desktop (Chromoting) allows adjacent network attackers to achieve limited confidentiality, integrity, and availability impact through a malicious file requiring user interaction. Google released Chrome 148.0.7778.168 to address this medium-severity flaw. EPSS score of 0.01% (1st percentile) and CISA SSVC assessment indicate low real-world exploitation probability with no observed exploitation activity. The adjacent network attack vector (AV:A) significantly constrains attacker positioning compared to typical remote vulnerabilities.

Google Authentication Bypass Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-8561 MEDIUM PATCH This Month

Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-45396 MEDIUM PATCH GHSA This Month

Mass assignment vulnerability in Open WebUI v0.9.2 allows authenticated attackers to spoof user identities and manipulate model evaluation data by injecting a `user_id` field into feedback requests. The `POST /api/v1/evaluations/feedback` endpoint fails to properly validate and segregate server-set values from user-supplied input, enabling attackers to create feedback records attributed to arbitrary users and corrupt Elo-based model leaderboard rankings. Patch available in v0.9.5.

Python RCE
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-45318 MEDIUM PATCH GHSA This Month

Stored cross-site scripting (XSS) in Open WebUI versions up to 0.9.2 allows authenticated users to upload malicious Office files (Excel, DOCX, PPT) that execute arbitrary JavaScript in the browsers of any user previewing the file. The vulnerability stems from rendering user-supplied HTML from file-preview components using Svelte's `{@html}` directive without DOMPurify sanitization, despite DOMPurify being available and correctly applied in 39% of the codebase's other rendering locations. This is a regression of a previously patched vulnerability (GHSA-jwf8-pv5p-vhmc) that was fixed in v0.8.0 but reintroduced after that release.

XSS Microsoft File Upload
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-45299 MEDIUM PATCH GHSA This Month

Stored cross-site scripting in Open WebUI versions before 0.8.0 allows authenticated users to inject malicious data URIs into the profile_image_url field, enabling JavaScript execution in the application origin. The most critical attack path involves uploading a base64-encoded SVG data URI that, when loaded via the /api/v1/users/{user_id}/profile/image endpoint, executes scripts with access to localStorage and enables full account takeover of any user viewing the malicious profile image, including administrators. Two independent reporters demonstrated distinct vectors: one via HTML data URIs in new tabs (limited scope), and one via SVG data URIs served by the application origin (account takeover). No public exploit code or active exploitation has been confirmed, but the vulnerability requires only authenticated access and user interaction (viewing a profile image).

XSS Python
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-8539 MEDIUM PATCH This Month

Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)

Code Injection Google RCE Red Hat Suse +1
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-20210 MEDIUM This Month

Cisco Catalyst SD-WAN Manager web UI fails to properly redact sensitive information in device configurations and templates, allowing authenticated users with read-only permissions to extract and leverage privileged credentials to escalate their access and modify system configurations. The vulnerability affects all versions of the product and requires only network access and valid (albeit minimal) read-only credentials; successful exploitation grants attackers high-privileged administrative capability over the SD-WAN fabric.

Information Disclosure Cisco Cisco Catalyst Sd Wan Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-20209 MEDIUM This Month

Privilege escalation in Cisco Catalyst SD-WAN Manager allows authenticated users with read-only permissions to elevate privileges to high-privileged user level through exposure of sensitive session information in audit logs. An attacker with initial read-only access can extract high-privilege session credentials from audit logs and impersonate an administrator, bypassing intended access controls. CVSS score 5.4 (medium) reflects the requirement for initial authentication, though the ease of escalation (AC:L) and direct path to administrative capability represent significant risk in multi-tenant or shared SD-WAN deployments.

Information Disclosure Cisco Cisco Catalyst Sd Wan Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-45365 MEDIUM PATCH GHSA This Month

Open WebUI versions 0.8.10 and earlier allow authenticated users to bypass model access control by appending ?bypass_filter=true to POST requests to /openai/chat/completions or /ollama/api/chat endpoints. The vulnerability exposes an internal-only FastAPI function parameter to external HTTP clients via query string binding, permitting any authenticated user to invoke admin-restricted models regardless of their assigned access grants. Vendor-released patch: v0.8.11 (March 2026). No public exploit code identified beyond the PoC in the advisory, but exploitation is trivial for any authenticated user.

Authentication Bypass Python
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-6472 MEDIUM PATCH This Month

Missing authorization in PostgreSQL CREATE TYPE allows authenticated users to hijack search_path resolution and force other database users to execute arbitrary SQL functions chosen by the attacker. An authenticated attacker can create a malicious user-defined type in a schema that appears earlier in a victim's search_path than legitimate extension or system types, causing the victim's queries to execute attacker-controlled functions instead of intended ones. This affects PostgreSQL versions 14.x before 14.23, 15.x before 15.18, 16.x before 16.14, 17.x before 17.10, and 18.x before 18.4. While CVSS 5.4 is moderate, the attack requires authenticated database access and carries real risk in multi-tenant or shared PostgreSQL environments where privilege escalation or lateral movement is the goal.

Authentication Bypass PostgreSQL Suse Red Hat
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-3829 MEDIUM This Month

Missing authorization controls in the WP Encryption WordPress plugin (all versions through 7.8.5.10) allow any authenticated subscriber-level user to invoke the `wple_basic_get_requests` function and tamper with SSL lifecycle configuration - resetting SSL setup state, falsely marking SSL as complete, and altering plan selection options. The affected plugin automates Let's Encrypt certificate provisioning for WordPress sites, meaning successful exploitation can silently break or misrepresent a site's HTTPS posture. No public exploit code exists and no active exploitation is confirmed (not in CISA KEV); EPSS at 0.02% and SSVC exploitation rating of 'none' place this firmly in the low-urgency tier despite the low privilege bar.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-6335 MEDIUM PATCH This Month

Cross-site scripting in GitLab CE/EE 18.11.x (before 18.11.3) enables an authenticated low-privilege attacker to inject unsanitized content that executes arbitrary JavaScript within another user's browser session. The CVSS Scope Changed (S:C) flag reflects the cross-user impact boundary: the vulnerability allows one GitLab principal to affect a distinct security context belonging to a different user, including potentially higher-privileged accounts such as project owners or instance administrators. No public exploit code exists and no active exploitation has been identified - EPSS at 0.02% (5th percentile) and SSVC exploitation status of 'none' both confirm low immediate urgency - though GitLab's wide enterprise deployment makes patching to 18.11.3 advisable.

XSS Gitlab RCE
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-12669 MEDIUM PATCH This Month

HTML and JavaScript injection via email notifications in GitLab CE/EE (versions 15.11 through 18.11.2) allows an authenticated low-privileged user to deliver malicious content to other users' inboxes by embedding unsanitized markup into platform-generated notifications. The attack crosses a scope boundary (S:C in CVSS) because the injected code executes in the recipient's email client or browser context rather than GitLab itself, enabling phishing, credential harvesting, or session theft against targeted users. No public exploit has been identified at time of analysis and SSVC signals no active exploitation, though the broad version range - spanning over three years of releases - expands the exposed population significantly.

Code Injection Gitlab RCE
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-62313 MEDIUM This Month

HCL AION lacks adequate brute-force protections on authentication mechanisms, allowing repeated login attempts that could lead to account compromise or unauthorized access. The vulnerability requires adjacent network access and affects all versions of the product. No public exploit code has been identified, but the weak authentication controls represent a significant credential-stuffing and password-guessing risk in multi-tenant or shared-network environments.

Authentication Bypass Aion
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-62310 MEDIUM This Month

HCL AION fails to enforce encryption for certain data transmissions or operations, potentially exposing sensitive information to interception or unauthorized access. The vulnerability requires adjacent network access, high attack complexity, and user interaction, limiting real-world exploitation scope. No active exploitation has been confirmed at time of analysis.

Authentication Bypass Aion
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-21730 MEDIUM PATCH This Month

Verba is affected by a Stored Cross-Site Scripting (XSS) vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of input sanitization, an attacker can inject a malicious XSS payload into the username field. This payload will be executed in the context of the administrator’s browser when the admin accesses the web application's log viewer. The vendor was notified early about this vulnerability, but didn't respond to our messages. This issue was fixed in version 10.0.6

XSS Verba
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-42159 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in Flowsint prior to version 1.2.3 allows remote attackers to inject arbitrary HTML into node descriptions within sketches, which is executed when the node is selected by a user. This requires user interaction to view the malicious node but can compromise investigation integrity and potentially lead to credential theft or malware delivery within the OSINT analysis workflow.

XSS Flowsint
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-6145 MEDIUM This Month

The User Registration & Membership WordPress plugin through version 5.1.5 allows unauthenticated attackers to bypass admin approval requirements and register accounts directly by sending a crafted request with action=createuser parameter, exploiting missing authorization checks in the account creation process. The vulnerability affects all installations of the plugin with default or custom configurations where the admin approval feature is enabled. CVSS 5.3 reflects limited confidentiality impact but integrity compromise through unauthorized account creation.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-8538 MEDIUM PATCH This Month

Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform a denial of service via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-22707 MEDIUM PATCH GHSA This Month

Strapi Upload plugin versions 5.33.2 and earlier bypass administrator-configured MIME type restrictions on Content API upload endpoints, allowing authenticated users to upload executable file types (HTML, SVG, JavaScript) that the admin explicitly denies. When uploaded files are served from the same origin as the admin panel (default configuration), an attacker can upload malicious HTML or SVG that executes JavaScript in the admin's browser session, enabling session hijacking and unauthorized administrative actions. Vendor-released patch: Strapi 5.33.3.

File Upload
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-42573 MEDIUM PATCH GHSA This Month

Cross-site scripting (XSS) via DOM clobbering in Svelte versions 5.55.6 and earlier allows attackers to inject malicious code when attribute spreading is used simultaneously on both form elements and their child input/button elements with user-controllable name attributes. The vulnerability requires specific markup patterns where both the form and nested input/button use spread syntax with attacker-controlled values, enabling manipulation of Svelte's internal framework state. Vendor-released patch: version 5.55.7.

XSS
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-8583 MEDIUM PATCH This Month

Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-45292 MEDIUM PATCH GHSA This Month

Unbounded memory allocation and CPU exhaustion in OpenTelemetry Java SDK's baggage propagation allows remote unauthenticated attackers to degrade or deny service by sending oversized baggage headers. Affected components - W3CBaggagePropagator, JaegerPropagator, and OtTracePropagator - all lacked enforcement of the W3C Baggage specification's recommended size and entry limits, causing character-by-character parsing of arbitrarily large inputs. A distinctive amplification risk exists: baggage is automatically re-injected into all outgoing requests, meaning a single malicious inbound payload can fan out DoS effects to downstream services that never directly received the original request. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Tomcat Java Denial Of Service
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-6206 MEDIUM This Month

MW WP Form plugin for WordPress allows unauthenticated attackers to extract data from password-protected, private, and draft posts via the _get_post_property_from_querystring() function due to insufficient access control checks on post retrieval. The vulnerability affects all versions up to 5.1.2 and requires only network access with no user interaction, enabling confidential content disclosure to unauthorized users.

Authentication Bypass Information Disclosure WordPress
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-41932 MEDIUM PATCH This Month

Stored cross-site scripting in Vvveb before 1.0.8.3 allows unauthenticated attackers to inject arbitrary HTML and JavaScript via the username field during customer signup, which persists in the display_name column and executes when rendered without encoding in vulnerable views. The vulnerability requires user interaction (visiting a page displaying the attacker's injected display_name) and affects confidentiality and integrity with CVSS 5.3. No public exploit code or active exploitation has been reported at time of analysis.

XSS
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-8582 MEDIUM PATCH This Month

Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-8546 MEDIUM PATCH This Month

Out of bounds read in GPU in Google Chrome on Mac and Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Microsoft Information Disclosure Buffer Overflow Red Hat +2
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-8543 MEDIUM PATCH This Month

Out of bounds read in FileSystem in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-8541 MEDIUM PATCH This Month

Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-8535 MEDIUM PATCH This Month

Out of bounds read in Media in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted JPEG file. (Chromium security severity: High)

Google Information Disclosure Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-8516 MEDIUM PATCH This Month

Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-45205 MEDIUM PATCH This Month

Uncontrolled recursion in Apache Commons Configuration 2.2 through 2.14.x allows remote attackers to trigger a denial of service via StackOverflowError when processing YAML configuration files containing cyclic object references. The vulnerability affects any application using the library to parse untrusted YAML input without validation, with CVSS 5.3 (network-accessible, no authentication required) but exceptionally low exploitation probability (EPSS 0.02%, percentile 5%), indicating this is primarily a defensive hardening fix rather than an actively exploited threat.

Apache Buffer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-38740 MEDIUM This Month

Cleartext transmission in Foscam VD1 Video Doorbell (firmware before V5.3.13_1072) exposes Session Description Protocol (SDP) credentials and ICE candidates over unencrypted network channels, enabling on-path attackers to intercept media stream authentication tokens, hijack real-time video/audio feeds, and abuse Foscam's TURN relay infrastructure for unauthorized traffic routing. EPSS score of 0.02% (5th percentile) suggests low widespread exploitation likelihood, though the network-accessible attack vector (AV:N) with no authentication requirement (PR:N) and low complexity (AC:L) creates risk in residential deployment scenarios where LAN or ISP-level interception is feasible.

Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-24711 MEDIUM This Month

Unauthenticated remote information disclosure in CFEngine Enterprise (versions before 3.21.8, 3.24.3, and 3.27.0) allows network attackers to access sensitive data via incorrect access control implementation. The CVSS vector indicates network-accessible exploitation without authentication (AV:N/PR:N) with low attack complexity, enabling automated scanning and exploitation. EPSS probability is low (0.02%, 5th percentile), suggesting limited attacker interest to date, though the authentication bypass tag indicates the vulnerability could expose sensitive configuration or operational data. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-44371 MEDIUM PATCH This Month

Cross-site scripting (XSS) in Open OnDemand prior to versions 4.0.11, 4.1.5, and 4.2.2 allows unauthenticated remote attackers to execute arbitrary JavaScript in users' browsers via specially crafted filenames displayed in the file browser interface. The vulnerability requires user interaction (clicking or viewing the malicious filename) and results in limited scope impact affecting only the confidentiality and integrity of the user's session. No public exploit code has been identified at time of analysis.

XSS
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-45076 MEDIUM PATCH GHSA This Month

Malicious homeservers in federated Matrix rooms can craft room events that prevent Synapse from delivering complete message history to paginating clients, causing clients to fail displaying room history. This affects Synapse versions prior to 1.152.1 and represents an information disclosure vulnerability where room history may be withheld from legitimate users due to adversarial event construction by a remote federated homeserver.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2026-45346 MEDIUM PATCH GHSA This Month

Stored cross-site scripting (XSS) in Open WebUI's SVG renderer allows authenticated users to permanently inject malicious HTML and JavaScript code into conversation threads by editing SVG content, which executes in the browser context of any user viewing the shared thread. The vulnerability affects npm package open-webui versions prior to 0.6.31 and enables account takeover, data theft, and DOM manipulation. Publicly available proof-of-concept demonstrates code execution via img tag onerror handler embedded in SVG markup.

XSS Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-42599 MEDIUM PATCH GHSA This Month

Cross-site scripting in Svelte versions up to 5.55.6 allows remote attackers to inject malicious event handlers via spread syntax when rendering untrusted data as element attributes. The vulnerability executes in victims' browsers only when JavaScript is enabled and Svelte's hydration mechanism does not process the vulnerable element before the injected event fires. Vendor-released patch: version 5.55.7.

XSS Red Hat
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-45021 MEDIUM PATCH GHSA This Month

Kuma Control Plane with default configuration leaks admin bootstrap tokens and signing keys to any website an operator visits if the control plane is reachable from their browser. The vulnerability combines default CORS settings allowing all origins (CorsAllowedDomains: [".*"]) with LocalhostIsAdmin: true, which grants admin privileges to any request from 127.0.0.1 without validating whether it originates from a trusted same-origin context. An attacker's JavaScript on a visited webpage can cross-origin fetch the admin token and cryptographic material via browser requests to localhost:5681. This is not actively exploited in the wild but represents a realistic threat in developer and testing environments where control planes run on workstations with web browsers.

Kubernetes Docker Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-62305 MEDIUM This Month

HCL AION allows exposure of sensitive information through out-of-band interactions triggered by certain operations, affecting confidentiality and integrity under specific conditions. The vulnerability requires adjacent network access, low privilege authentication, and user interaction to exploit, making it suitable for targeted attacks within trusted environments rather than widespread remote exploitation.

Information Disclosure Aion
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-62308 MEDIUM This Month

HCL AION exposes sensitive backend infrastructure details through an information disclosure vulnerability affecting authenticated users with local network access and specific user interaction. The exposure reveals internal system architecture and configuration information that could enable reconnaissance for targeted attacks, with limited confidentiality, integrity, and availability impact (CVSS 5.1, CWE-201). No public exploit code or confirmed active exploitation has been identified at time of analysis.

Information Disclosure Aion
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2026-1630 MEDIUM PATCH This Month

Reflected XSS in WEBCON BPS via the '/openinmobileapp' endpoint allows unauthenticated attackers to inject arbitrary JavaScript that executes in authenticated users' browsers when a crafted URL is opened. The vulnerability requires user interaction (clicking a link) but impacts session confidentiality and integrity. Vendor-released patches are available for versions 2026.1.3.109 and 2025.2.1.293.

XSS Webcon Bps
NVD
CVSS 4.0
5.1
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy