Skip to main content
CVE-2026-5790 MEDIUM This Month

Stored cross-site scripting (XSS) in Stel Order v3.25.1 and earlier allows unauthenticated remote attackers to inject persistent malicious JavaScript via the 'legalName' and 'employeeID' parameters at the '/app/FrontController' endpoint. When administrators or other users access affected sections, injected code executes in their browsers with user interaction, enabling session hijacking and account takeover. SSVC framework rates this as automatable but only partial technical impact with no confirmed active exploitation.

XSS Stel Order
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-44899 MEDIUM PATCH GHSA This Month

CSS injection in mistune's Image directive plugin allows unauthenticated remote attackers to inject arbitrary CSS properties via the :width: or :height: options in fenced image directives, enabling full-page phishing overlays and UI redressing attacks. The vulnerability stems from a prefix-only regex validation (_num_re.match() with no end-of-string anchor) that accepts values like '100vw;position:fixed;background-color:#e11d48;...' and renders them unescaped into style= attributes. Confirmed fixed in v3.2.1; publicly available proof-of-concept demonstrates full-viewport colored overlay generation from a single malicious :width: directive.

XSS Apple Python Red Hat
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-45366 MEDIUM PATCH GHSA This Month

Server-Side Request Forgery in @utcp/http <= 1.1.1 allows remote attackers to redirect tool invocations to internal services via malicious OpenAPI specs. An attacker hosting a malicious OpenAPI specification on a legitimate HTTPS endpoint can declare internal server URLs (e.g., http://127.0.0.1:9090 or http://169.254.169.254) in the servers array; the OpenApiConverter blindly trusts these URLs without revalidation during tool invocation, enabling access to cloud metadata endpoints, internal databases, and loopback services. Additionally, a prefix-bypass in hostname validation (startsWith check) allows URLs like http://localhost.evil.com to bypass discovery-time restrictions. Patch version 1.1.2 is available.

Redis SSRF Python Node.js Elastic +1
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-8565 MEDIUM PATCH This Month

Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-45317 MEDIUM PATCH GHSA This Month

Cross-Site Request Forgery via image URL manipulation in Open WebUI allows authenticated users to perform unauthorized actions on behalf of victims by embedding malicious image URLs in profile pictures, model images, shared chats, and notes. When any user (including admins) views these compromised images, their browser sends GET requests to attacker-controlled servers, enabling cookie theft, denial of service, or execution of sensitive operations. Publicly available proof-of-concept code demonstrates exploitation across multiple attack vectors. The vulnerability affects all versions up to and including v0.9.2, with a vendor-released patch available in v0.9.3.

Denial Of Service Information Disclosure CSRF
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-8576 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome on Linux and ChromeOS allows remote attackers to read sensitive data from other origins via malicious HTML pages exploiting flawed CORS implementation. Affects versions prior to 148.0.7778.168. Google released a patch in their May 2026 stable channel update. EPSS score of 0.03% (10th percentile) indicates low observed exploitation probability. No active exploitation confirmed (not in CISA KEV). SSVC assessment indicates no current exploitation, non-automatable attack requiring user interaction, with partial technical impact limited to confidentiality breach.

Google Cors Misconfiguration Information Disclosure Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8562 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome versions prior to 148.0.7778.168 enables remote attackers to extract sensitive information from other origins through side-channel attacks in the Navigation component. The vulnerability requires user interaction with a malicious HTML page and exploits timing or behavioral characteristics to bypass same-origin policy protections. EPSS score of 0.03% (10th percentile) indicates low observed exploitation probability, and no active exploitation or public proof-of-concept has been identified at time of analysis. Google has released a patch in Chrome 148.0.7778.168.

Google Information Disclosure Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8537 MEDIUM PATCH This Month

Google Chrome versions prior to 148.0.7778.168 leak cross-origin data through insufficient policy enforcement in the ViewTransitions API when users interact with specially crafted HTML pages. The vulnerability enables remote attackers to bypass same-origin policy protections and extract sensitive information from other origins without authentication, though exploitation requires user interaction (clicking a link or visiting a malicious page). With EPSS at 0.03% (10th percentile) and no confirmed active exploitation, this represents a moderate information disclosure risk primarily affecting organizations where targeted phishing could deliver malicious pages to Chrome users.

Google Cors Misconfiguration Information Disclosure Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-6575 MEDIUM PATCH This Month

Buffer over-read in PostgreSQL 18.0 through 18.3 allows authenticated table maintainers to infer sensitive memory contents by exploiting mismatched array lengths in the pg_restore_attribute_stats() function during query planning. The vulnerability requires authenticated database access and table maintenance privileges but enables information disclosure without modifying data or causing service disruption.

PostgreSQL Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-6474 MEDIUM PATCH This Month

Format string vulnerability in PostgreSQL timeofday() function allows authenticated remote attackers to read arbitrary server memory by supplying crafted timezone values. Affects PostgreSQL versions 14.x before 14.23, 15.x before 15.18, 16.x before 16.14, 17.x before 17.10, and 18.x before 18.4. The vulnerability enables information disclosure of sensitive data stored in process memory without code execution or data modification capabilities.

Information Disclosure PostgreSQL Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-45386 MEDIUM PATCH GHSA This Month

Open WebUI versions 0.9.4 and earlier allow read-only users to pin and unpin messages in standard channels due to insufficient permission checks in the pin_channel_message API endpoint. The endpoint verifies only read access when it should enforce write access, enabling authenticated users with read-only permission to modify message pin status (is_pinned, pinned_by, pinned_at fields) without authorization. This permission bypass undermines channel information hierarchy and access control models. Vendor-released patch: version 0.9.5.

Authentication Bypass
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-45385 MEDIUM PATCH GHSA This Month

Modify messages from any channel member in Open WebUI v0.8.12 through v0.9.4 via Insecure Direct Object Reference (IDOR) in the message update API endpoint. Any authenticated user with group or direct message channel membership can tamper with messages sent by other members, including administrators, by bypassing message ownership verification. Publicly available exploit code exists demonstrating the vulnerability; patch available in v0.9.5.

Authentication Bypass Python
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-45347 MEDIUM PATCH GHSA This Month

Blind server-side request forgery (SSRF) in Open WebUI versions prior to 0.5.11 allows authenticated users to force arbitrary GET requests from the server via malicious HTML image tags embedded in the PDF export function. The vulnerability exists because user-supplied input (title, content, role, model, and date fields) is interpreted as HTML before being passed to the PDF generator without proper sanitization, enabling attackers to enumerate internal assets and trigger outbound requests despite response content not being readable.

SSRF
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8567 MEDIUM PATCH This Month

Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)

Microsoft Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8559 MEDIUM PATCH This Month

Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Microsoft Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8552 MEDIUM PATCH This Month

Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Heap Overflow Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8560 MEDIUM PATCH This Month

Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Heap Overflow Google Apple Buffer Overflow Suse +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-5365 MEDIUM This Month

Cross-Site Request Forgery in the LatePoint WordPress booking plugin (all versions ≤ 5.3.2) allows unauthenticated attackers to cancel a logged-in customer's appointments without consent by delivering a forged HTTP request. The root cause is missing nonce verification in the request_cancellation() function within the customer cabinet controller. EPSS is negligible at 0.02% (7th percentile), SSVC classifies exploitation as none, and no public exploit code or active exploitation has been identified at time of analysis.

CSRF WordPress Latepoint Calendar Booking Plugin For Appointments And Events
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-45387 MEDIUM PATCH GHSA This Month

Open WebUI versions 0.9.4 and earlier expose model system prompts to users with read-only group permissions through inconsistent API permission checks. The /api/v1/models/model endpoint returns full model details including system prompts when accessed by authenticated users with read access, while the list endpoint correctly restricts visibility, creating a permission bypass that leaks confidential prompt engineering data. This affects collaborative environments where model sharing is intended for execution only, not inspection.

Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8528 MEDIUM PATCH This Month

Site Isolation bypass in Google Chrome versions prior to 148.0.7778.168 enables attackers who have already compromised the renderer process to break out of security sandboxes via specially crafted HTML pages. This represents an escalation path within Chrome's multi-process architecture, allowing cross-origin data access after initial renderer compromise. Vendor patch available as of May 2026 stable channel update. EPSS score of 0.02% (6th percentile) indicates minimal observed exploitation activity, and no CISA KEV listing or public POC exists at time of analysis, suggesting lower immediate priority despite the architectural significance of Site Isolation failures.

Google Authentication Bypass Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-44501 MEDIUM PATCH This Month

DataHub frontend versions prior to 1.5.0.3 deserialize untrusted Java objects from the REDIRECT_URL HTTP cookie during OIDC callback flow without integrity protection, allowing authenticated attackers to read sensitive information. The vulnerability affects the GET /callback/oidc endpoint and requires a valid OIDC identity provider account to exploit. A vendor-released patch is available in version 1.5.0.3.

Java Deserialization
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3074 MEDIUM PATCH This Month

Unauthorized debug symbol exposure in GitLab CE/EE allows access to private debugging artifacts from projects the requester should not be able to reach, due to improper authorization controls (CWE-639: Authorization Bypass Through User-Controlled Key). Affected instances span all GitLab CE and EE deployments running versions from 16.7 up through the patched releases 18.9.7, 18.10.6, and 18.11.3 - a broad version window of roughly two years of releases. No public exploit has been identified at time of analysis, EPSS is 0.02% (5th percentile), and CISA SSVC rates exploitation status as none, collectively indicating low near-term exploitation probability despite the wide version exposure.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8566 MEDIUM PATCH This Month

Insufficient policy enforcement in Google Chrome's Android payment implementation allows remote attackers to bypass access control restrictions through specially crafted HTML pages, affecting Chrome versions prior to 148.0.7778.168 on Android. The vulnerability requires user interaction (visiting a malicious page) but can be exploited remotely without authentication. EPSS exploitation probability is low (0.02%, 4th percentile), and a vendor-released patch is available. While tagged as an authentication bypass, the CVSS impact indicates only low integrity compromise with no confidentiality or availability impact.

Google Authentication Bypass Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8563 MEDIUM PATCH This Month

Navigation restrictions can be bypassed in Google Chrome for Windows versions prior to 148.0.7778.168 when attackers craft malicious HTML pages that exploit insufficient sandbox policy enforcement in iframe elements. User interaction (opening/visiting the crafted page) is required for exploitation. Google released a patched version addressing this medium-severity flaw. With EPSS exploitation probability at 0.02% (4th percentile) and no KEV listing, this represents a moderate-priority issue primarily affecting organizations running outdated Chrome versions on Windows systems.

Google Authentication Bypass Microsoft Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7525 MEDIUM This Month

Authorization bypass in the My Calendar - Accessible Event Manager WordPress plugin (all versions through 3.7.9) allows authenticated attackers with custom-level access or higher to circumvent the moderation and approval workflow by directly manipulating the POST body. The plugin's server-side PHP code in my-calendar-event-editor.php accepted the client-supplied event_approved parameter and used it to override the server-calculated event status, despite UI-level restrictions ostensibly limiting low-privilege users to draft-only submissions. Exploitation enables unauthorized event publishing, cancellation, or marking events private - integrity impacts limited to the event management workflow. No public exploit identified at time of analysis; EPSS (0.02%, 4th percentile) and SSVC (exploitation: none) both indicate negligible current exploitation interest.

Authentication Bypass WordPress My Calendar Accessible Event Manager
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7648 MEDIUM This Month

Payment bypass in LearnPress WordPress LMS Plugin (all versions ≤ 4.3.5) allows authenticated subscribers to enroll in any paid course at zero cost by manipulating a REST API parameter. The flaw stems from improper input handling in the add_to_cart() REST API endpoint where PHP's array_merge() permits attacker-supplied values to silently overwrite hardcoded order defaults - specifically the quantity field - causing the order total to resolve to $0 and bypassing all configured payment gateway enforcement. No public exploit code has been identified at time of analysis, and CISA KEV does not list this vulnerability; SSVC and EPSS both signal low current exploitation pressure, though the low-friction exploit path warrants prompt remediation on revenue-generating LMS deployments.

Authentication Bypass WordPress Learnpress Wordpress Lms Plugin For Create And Sell Online Courses
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8144 MEDIUM PATCH This Month

Private group member enumeration in GitLab CE/EE affects all versions from 15.1 through unfixed releases 18.9.6, 18.10.5, and 18.11.2, permitting any authenticated user holding project membership to discover the member list of an otherwise private group due to a missing authorization check (CWE-862). The flaw collapses GitLab's tiered permission boundary between project-level and group-level access, leaking organizational membership data to users who have no entitlement to view it. No public exploit has been identified at time of analysis, and an EPSS score of 0.01% (2nd percentile) reflects near-zero observed exploitation probability.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-6063 MEDIUM PATCH This Month

Improper access control in GitLab Enterprise Edition allows authenticated users holding only developer-role permissions to remove code owner approval rules from merge requests, effectively bypassing a critical gatekeeping control in the software development lifecycle. Affected are all GitLab EE versions from 11.10 up to (but not including) 18.9.7, 18.10.6, and 18.11.3. No public exploit or active exploitation has been identified at time of analysis; EPSS is 0.01% and CISA SSVC rates exploitation as none, indicating this is a low-urgency but organizationally meaningful integrity issue for teams relying on code owner rules for compliance or security enforcement.

Authentication Bypass Gitlab
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3607 MEDIUM PATCH This Month

Package protection rule bypass in GitLab CE/EE allows authenticated users holding developer-role permissions to circumvent registry protections that should restrict their write or publish actions. Affecting all GitLab Community and Enterprise Edition instances running versions 18.3 through 18.9.6, 18.10 through 18.10.5, and 18.11 through 18.11.2, an attacker with a legitimately provisioned developer account can undermine the integrity controls placed on protected packages. No public exploit code exists and no active exploitation has been identified at time of analysis; the EPSS score of 0.01% (1st percentile) and SSVC exploitation rating of 'none' confirm this is a low-urgency finding.

Authentication Bypass Gitlab
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3073 MEDIUM PATCH This Month

Authenticated developers in GitLab CE/EE versions before 18.9.7, 18.10.6, and 18.11.3 can bypass PyPI package protection rules and upload restricted packages due to improper authorization checks. Despite CVSS 4.3 rating, the 0.01% EPSS score and CISA SSVC assessment (exploitation: none, automatable: no, technical impact: partial) indicate minimal real-world exploitation risk, with no confirmed active exploitation or public exploits identified at time of analysis.

Authentication Bypass Gitlab
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-1338 MEDIUM PATCH This Month

Authenticated developers in GitLab CE/EE can bypass container registry tag protection policies and delete protected tags due to improper server-side authorization checks (CWE-639), affecting all versions from 17.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3. The vulnerability was privately disclosed via HackerOne (report 3480620) and remediated in the May 2026 patch release cycle. No public exploit identified at time of analysis, and an EPSS of 0.01% (1st percentile) combined with SSVC exploitation status of 'none' indicate minimal current real-world exploitation risk.

Authentication Bypass Gitlab
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13874 MEDIUM PATCH This Month

Unauthorized issue disclosure in GitLab CE/EE exposes confidential project data to authenticated Guest-level users who lack explicit project membership. By exploiting an object-level authorization flaw (CWE-639), a Guest user can retrieve issues belonging to projects they have no sanctioned access to, bypassing GitLab's project-level visibility controls. No public exploit exists and EPSS sits at 0.01%, but the broad version range - spanning GitLab 15.1 all the way through 18.11.2 - means a large install base requires patching, and the confidentiality risk is real for organizations using issues to track sensitive engineering or security work.

Authentication Bypass Gitlab
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-45448 MEDIUM This Month

Open redirect vulnerability in ntopng allows remote attackers to redirect users to arbitrary external websites via a crafted URL parameter. The vulnerability requires user interaction (clicking a malicious link) but affects all versions of ntopng with no authentication barrier, exposing users to phishing and credential harvesting attacks when they trust the legitimacy of the ntopng domain.

Open Redirect
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-62311 MEDIUM This Month

HCL AION transmits backend service details over unencrypted HTTP channels under certain conditions, allowing authenticated local or adjacent-network attackers with limited privileges to intercept and read sensitive configuration data through man-in-the-middle attacks. The vulnerability requires user interaction and non-default network positioning, resulting in a CVSS score of 4.3 (low severity) with confirmed vendor awareness and advisory availability.

Authentication Bypass Aion
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8584 MEDIUM PATCH This Month

Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Apple Google Information Disclosure Suse Chrome
NVD VulDB
CVSS 3.1
4.2
EPSS
0.1%
CVE-2026-8564 MEDIUM PATCH This Month

Incorrect security UI in Downloads in Google Chrome on Android and Mac prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.2
EPSS
0.1%
CVE-2026-46470 MEDIUM PATCH This Month

Integer division by zero in GStreamer gst-plugins-good before version 1.28.2 allows local attackers to cause denial of service by supplying a maliciously crafted MP4 file with invalid atom data in audio tracks, triggering a crash in the qtdemux_audio_caps parser function without requiring user interaction or elevated privileges.

Denial Of Service Suse
NVD VulDB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-46469 MEDIUM PATCH This Month

Integer division by zero in GStreamer gst-plugins-good before version 1.28.2 allows local attackers to cause denial of service by crafting malicious MP4 audio files. The isomp4 plugin's qtdemux_parse_trak function fails to validate atom data before performing division operations, causing application crash when parsing specially crafted audio tracks. No authentication required; exploitation requires only local file access and media playback.

Denial Of Service Suse
NVD VulDB
CVSS 3.1
4.0
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy