Skip to main content
CVE-2026-39965 HIGH This Week

Server-side request forgery in Typebot versions 3.15.2 and prior allows authenticated users to bypass the validateHttpReqUrl() SSRF filter by chaining an attacker-controlled HTTP 302 redirect, since the underlying ky and fetch clients follow redirects without re-validating the destination. This enables reaching AWS instance metadata at 169.254.169.254, private subnets, and container-internal services from the Typebot server, with realistic impact including theft of cloud IAM credentials. No public exploit identified at time of analysis, and the issue is fixed in version 3.16.0.

Open Redirect SSRF Typebot Io
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-34207 HIGH This Week

Server-side request forgery in Typebot chatbot builder versions prior to 3.16.0 allows authenticated users to bypass SSRF protections in Webhook and HTTP Request blocks by supplying attacker-controlled hostnames that resolve via DNS to loopback (127.0.0.1), cloud metadata (169.254.169.254), or RFC1918 private addresses. The validation logic only inspected the URL string and literal IP formats without performing DNS resolution, so a benign-looking domain could route the backend HTTP client to internal targets. No public exploit identified at time of analysis, though the GitHub Security Advisory and fix commit are publicly visible.

SSRF Typebot Io
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-45145 HIGH This Week

Arbitrary file disclosure in Follett Software's Destiny Library Manager (version 22_0_2_rc1) lets remote unauthenticated attackers read system and application files by supplying directory-traversal sequences in the 'image' parameter. Publicly available exploit code exists (a Medium write-up documenting the unauthenticated LFI), and CISA's SSVC framework classifies exploitation as proof-of-concept and automatable, though EPSS remains modest at 0.46% (64th percentile). The flaw is fixed in v.22.5 AU1.

Path Traversal N A
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-44417 HIGH PATCH GHSA This Week

Remote code execution in Apache CXF (versions before 3.6.11, 4.0.0-4.1.5, and 4.2.0) arises because the fix for CVE-2025-48913 was incomplete, leaving a second code path through which untrusted JMS configuration can be abused to execute code. The flaw only matters where untrusted users are permitted to supply or influence JMS transport configuration for CXF endpoints. This is a remediation-regression issue carrying no public exploit identified at time of analysis, a very low EPSS (0.10%), and SSVC exploitation status of 'none', but the technical impact is rated total.

RCE Apache Apache Cxf
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-23663 HIGH PATCH NO ACTION HOSTED Monitor

Privilege elevation in Microsoft Entra ID (formerly Azure AD), specifically affecting Microsoft Global Secure Access (GSA), allows remote unauthenticated attackers to gain elevated privileges over the network. The CVSS 7.5 rating reflects high confidentiality impact with no required authentication or user interaction, though no public exploit has been identified at time of analysis. The vector points to a flaw in how identity or access tokens are evaluated, which is particularly sensitive given Entra ID's role as a primary IAM backbone for Microsoft 365 and Azure tenants.

Microsoft Privilege Escalation
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-46597 HIGH POC PATCH GHSA This Week

Denial of service in the Go golang.org/x/crypto/ssh package (versions prior to 0.52.0) allows remote unauthenticated attackers to crash SSH server processes by sending crafted AES-GCM encrypted packets. An incorrectly placed bytes-to-int cast in the AES-GCM packet decoder triggers a server-side panic when processing well-crafted inputs. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.02%.

Information Disclosure Golang Org X Crypto Ssh Suse
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-8671 HIGH PATCH This Week

Sensitive information disclosure in syslink software AG Avantra (versions before 25.3.0) on Linux and Windows allows an attacker with high privileges and adjacent network access to harvest data written into log files, with a scope-changed impact crossing trust boundaries. The flaw is tracked as CWE-532 and rated CVSS 7.5, but no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-5740 HIGH PATCH GHSA This Week

Denial of service in Mattermost server (versions 11.6.0, 11.5.0-11.5.3, 11.4.0-11.4.4, and 10.11.0-10.11.14) allows remote attackers to crash the server process by sending a crafted msgpack-encoded binary WebSocket frame to the public endpoint. The flaw stems from missing validation of frame sizes before memory allocation, enabling a full service outage for all users. No public exploit identified at time of analysis, and the CVSS 7.5 score reflects the unauthenticated network-reachable nature of the attack with high availability impact.

Denial Of Service Mattermost
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-9011 HIGH This Week

Unauthorized data disclosure in the Ditty - Responsive News Tickers, Sliders, and Lists WordPress plugin (versions 0 through 3.1.65) allows unauthenticated remote attackers to retrieve the full contents of non-public Ditty entries - including drafts, pending, scheduled, and disabled posts - by enumerating integer post IDs against the ditty_init AJAX endpoint. The flaw stems from the init_ajax() handler omitting the 'publish' post status check that its non-AJAX counterpart performs, exposing content administrators deliberately withheld from public view. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

WordPress Authentication Bypass Ditty Responsive News Tickers Sliders And Lists
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-4834 HIGH This Week

Unauthenticated SQL injection in the WP ERP Pro WordPress plugin (versions through 1.5.1) allows remote attackers to extract sensitive database contents by manipulating the 'search_key' parameter. The flaw stems from missing input escaping and unprepared SQL statements, enabling UNION-based or appended query attacks against any WordPress site running the affected plugin. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-36228 HIGH This Week

Remote code execution in Easy Chat Server 3.1 stems from a buffer overflow in the chat message handling functionality, letting remote attackers overwrite memory to leak sensitive data and run arbitrary code on the hosting Windows machine. The product is a small standalone web-based chat server historically used as an exploit-development target, and publicly available exploit code exists (GitHub PoC), though EPSS is low (0.18%, 39th percentile) and it is not on CISA KEV. No public evidence of active in-the-wild exploitation was identified at time of analysis.

Buffer Overflow RCE N A
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2026-37470 HIGH This Week

Clickjacking in ClipBucket v5 5.5.2 lets an attacker embed the application's login page in a hidden iframe due to missing HTTP response security headers, enabling UI-redressing attacks that can capture credentials or trick authenticated users into unintended actions. The flaw is classified CWE-1021 (Improper Restriction of Rendered UI Layers), not the 'arbitrary code execution' the raw description claims — the referenced technical writeup and the CVSS profile (UI:R) both point to a framing/credential-theft issue. EPSS is very low (0.05%, 14th percentile) and CISA SSVC scores exploitation as 'none', indicating no observed active exploitation.

XSS RCE N A
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-9291 HIGH PATCH GHSA This Week

Arbitrary code execution in Amazon Braket Python SDK versions prior to 1.117.0 allows an authenticated attacker with S3 write access to the job output bucket to compromise any client machine that processes those job results. The flaw stems from insecure pickle deserialization in the job results processing component, and while no public exploit has been identified at time of analysis, the impact extends to every downstream consumer of poisoned results. EPSS data is unavailable, but the supply-chain-style propagation across analyst workstations and CI systems materially raises real-world risk.

Deserialization RCE Amazon Braket Python Sdk
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2026-39968 HIGH This Week

Authorization bypass in Typebot chatbot builder versions 3.15.2 and prior allows any authenticated user to access credentials from arbitrary workspaces via the preview chat endpoint. The bot-engine's getCredentials() utility uses a falsy check on workspaceId, so supplying an empty string bypasses ownership validation entirely, enabling credential theft, external service abuse, and data breach. This is an incomplete fix for the prior advisory GHSA-4xc5-wfwc-jw47, and no public exploit has been identified at time of analysis though the patch commit is public.

Authentication Bypass Typebot Io
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-41074 HIGH This Week

Cross-site request forgery in Best Practical Request Tracker (RT) versions 6.0.0 through 6.0.2 allows remote attackers to perform arbitrary state-changing actions on behalf of an authenticated RT user who is lured to a malicious web page. The flaw carries a CVSS 7.1 (high integrity impact) and has been addressed in RT 6.0.3 released 2026-05-20, but no public exploit identified at time of analysis and the CVE is not present in CISA KEV.

CSRF Rt
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-9053 MEDIUM This Month

File disclosure via malicious HTML file upload default values in Mothra, the web browser bundled with the 9front Plan 9 fork, allows a remote unauthenticated attacker to exfiltrate arbitrary local files from a victim's filesystem. By crafting a webpage containing a hidden file input element with a pre-set malicious default path, the attacker can cause Mothra to silently submit a targeted local file to an attacker-controlled server upon user interaction. The CVSS 4.0 E:P supplemental metric indicates publicly available proof-of-concept exploit code exists; no CISA KEV listing is present, suggesting exploitation is not yet confirmed at scale.

File Upload 9Front
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2021-21508 MEDIUM PATCH This Month

Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Information Disclosure Dell Vxrail
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-36227 MEDIUM This Month

Directory traversal in Easy Chat Server 3.1 enables remote unauthenticated attackers to read arbitrary files and potentially execute arbitrary code by supplying path traversal sequences in the UserName parameter. The CVSS vector (PR:N/AV:N/AC:L) confirms exploitation requires no authentication and low complexity, and a public proof-of-concept repository is available on GitHub (NullByte8080/CVE-2026-36227). Despite the RCE tag and unauthenticated network vector, EPSS sits at just 0.14% (33rd percentile) and SSVC reports no active exploitation, suggesting this is not yet being leveraged at scale.

Path Traversal RCE N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-42827 MEDIUM PATCH NO ACTION HOSTED Monitor

Command injection in Microsoft 365 Copilot exposes sensitive information to unauthenticated remote attackers when a victim user interacts with attacker-controlled content, resulting in High confidentiality impact with no integrity or availability effect. The vulnerability carries a CVSS 6.5 (Medium) score, reflecting network accessibility and low attack complexity offset by a mandatory user interaction requirement. No public exploit code exists at time of analysis, and Microsoft has released an official patch documented via the Microsoft Security Response Center.

Command Injection Microsoft 365 Copilot
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-5072 MEDIUM This Month

Zephyr RTOS versions up to and including 4.3 expose a denial-of-service condition in the PTP (Precision Time Protocol) subsystem through improper validation of the log_announce_interval field. An unauthenticated attacker on an adjacent network can crash affected devices or induce resource starvation loops by sending a two-stage sequence of malformed PTP messages that provokes undefined behavior via an out-of-bounds bitwise shift on a 64-bit integer. No public exploit code has been identified at time of analysis, and EPSS scoring of 0.05% (17th percentile) combined with SSVC exploitation status of 'none' indicates low observed threat activity, though the deterministic crash path on certain architectures warrants patch prioritization on embedded IoT and industrial control deployments.

Denial Of Service Zephyr
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-25680 MEDIUM PATCH This Month

Excessive CPU consumption in the golang.org/x/net/html package's HTML parser allows remote attackers to cause denial of service by supplying crafted HTML input to any Go application that parses untrusted markup using this library. All versions before 0.55.0 are confirmed affected per EUVD-2026-31447 and the Go vulnerability database (GO-2026-5028). No active exploitation has been identified - CISA SSVC rates exploitation as 'none' and the EPSS score of 0.04% (13th percentile) indicates very low observed exploitation probability at time of analysis.

Denial Of Service Golang Org X Net Html Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-41069 MEDIUM PATCH This Month

Out-of-bounds read in libheif versions 1.21.2 and prior crashes any application that parses attacker-controlled HEIF sequence files, resulting in denial of service. The defect lives in the SampleAuxInfoReader constructor, which enters its processing loop when saiz.sample_count > 0 even though stco.entry_count == 0 left the chunks vector empty; dereferencing chunks[0] then triggers the crash. No public exploit code has been identified at time of analysis, but the attack requires only that a user open or process a specially crafted HEIF file, making it relevant wherever libheif is embedded in image-handling applications (browsers, media libraries, operating-system image stacks). Vendor-released patch v1.22.0 is available.

Information Disclosure Buffer Overflow Libheif
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2022-34363 MEDIUM PATCH This Month

Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the Unisphere for VMAX application running in vApp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Dell Authentication Bypass
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-39827 MEDIUM POC PATCH GHSA This Month

Unbounded memory growth in the golang.org/x/crypto/ssh package allows an authenticated remote attacker to crash the SSH server process by repeatedly opening channels that the server rejects. All versions of golang.org/x/crypto/ssh prior to 0.52.0 are affected, and a successful attack disrupts service for every user connected to that server instance. No public exploit has been identified at time of analysis, and EPSS probability sits at 0.02% (5th percentile), though the authentication barrier is low and the availability impact affects all concurrent sessions.

Denial Of Service Golang Org X Crypto Ssh
NVD VulDB GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-39969 MEDIUM This Month

Missing HMAC signature validation on Typebot's WhatsApp Cloud API webhook endpoint exposes versions 3.16.0 and prior to unauthenticated webhook spoofing by any network-accessible attacker. The endpoint POST /v1/workspaces/{workspaceId}/whatsapp/{credentialsId}/webhook ignores the x-hub-signature-256 header that Meta includes with every legitimate delivery, and because both path parameters are semi-public by design - appearing in web server access logs and Meta's webhook configuration dashboard - the attack surface is readily discoverable. Successful exploitation allows an attacker to trigger arbitrary bot automation flows, consume API resources, and abuse external service integrations using the workspace owner's stored credentials. No public exploit identified at time of analysis; vendor-released patch available in version 3.17.0.

Authentication Bypass Typebot Io
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-39966 MEDIUM This Month

Typebot 3.15.2 exposes complete private bot definitions across all workspaces to any authenticated platform user via a broken authorization check in the getLinkedTypebots API endpoint, constituting a classic IDOR. The root cause is a JavaScript async/await misuse: Array.filter() is synchronous, so passing it an async callback causes every bot to pass the filter - the isReadTypebotForbidden predicate is never actually evaluated. Sensitive data leaked includes embedded credentials, API keys, PII stored as variables, webhook URLs, and integration configurations from any other user's private workspace bots. No public exploit has been identified at time of analysis and this CVE is not listed in CISA KEV, but the exposure of hardcoded secrets elevates practical risk significantly beyond the 6.5 CVSS score suggests.

Authentication Bypass Typebot Io
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28444 MEDIUM This Month

Insecure Direct Object Reference (IDOR) in Typebot's getResultLogs API endpoint allows any authenticated user to read execution logs belonging to other workspaces by supplying an arbitrary victim resultId alongside their own authorized typebotId. The endpoint authorizes the caller by typebotId but fetches log records by resultId alone, skipping cross-ownership validation that all peer endpoints in the same router correctly enforce. Exploitation exposes sensitive runtime data including HTTP response bodies, AI model outputs, and webhook payloads. No public exploit or CISA KEV listing has been identified at time of analysis, but the straightforward nature of the IDOR - requiring only a valid session and a guessed or enumerated resultId - makes unauthorized data access realistic for any authenticated platform user.

Information Disclosure Authentication Bypass Typebot Io
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-4635 MEDIUM PATCH This Month

Server crash via race condition in Mattermost's persistent notification and channel archival subsystem allows any low-privileged authenticated user to bring down the server with no user interaction required. Affected branches span 10.11.x through 11.6.x across multiple maintenance lines. No public exploit code has been identified at time of analysis and the vulnerability is absent from CISA KEV, but the low authentication bar combined with network accessibility and low attack complexity makes this a credible insider threat or targeted denial-of-service vector against any exposed Mattermost deployment.

Denial Of Service Race Condition Mattermost
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-5755 MEDIUM PATCH This Month

Uncontrolled memory allocation in Mattermost's TIFF image processing allows authenticated users to trigger server-side out-of-memory (OOM) conditions, effectively taking down the collaboration platform. Affected are all Mattermost deployments running versions 10.11.x through 11.6.0. Any account holding file upload or URL-posting permissions can exploit this remotely without elevated privileges, making it a realistic insider or compromised-account threat. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low attack complexity and broad authentication base increase practical risk.

File Upload Denial Of Service Mattermost
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-7509 MEDIUM This Month

Stored Cross-Site Scripting in the KIA Subtitle WordPress plugin (all versions through 4.0.1) allows authenticated attackers with Contributor-level access to inject persistent malicious scripts via the `before` and `after` attributes of the `the-subtitle` shortcode. Any site visitor loading a page containing the injected shortcode will execute the attacker's script in their browser context. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low privilege bar (Contributor) and network-accessible attack vector make this a meaningful risk for multi-author WordPress sites.

WordPress XSS
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-9104 MEDIUM This Month

Stored Cross-Site Scripting in the Draft List WordPress plugin (versions up to and including 2.6.3) allows authenticated attackers with author-level access to inject arbitrary web scripts into draft post titles using attribute-breakout techniques. The critical aggravating factor is the changed scope (S:C in CVSS): the unescaped rendering path is specifically triggered for users who lack edit capabilities, meaning the payload executes against unauthenticated visitors and subscribers - not just privileged users. No public exploit has been identified at time of analysis, but Wordfence disclosure and the low privilege bar (author-level sufficient) make this a meaningful cross-user threat in any multi-author WordPress environment.

WordPress XSS
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2026-42627 MEDIUM This Month

Integer overflow in Arm ArmNN's TensorShape::GetNumElements() enables a crafted TFLite model to bypass buffer size validation and trigger a heap-based buffer over-read, resulting in a denial of service. Affected systems are those that load externally-supplied or untrusted TFLite model files using any ArmNN build through 2026-03-27. An attacker who controls a model file processed by an ArmNN-backed application can crash the host process during the optimization pass via BatchToSpaceNdLayer's InferOutputShapes() routine. No public exploit code and no active exploitation has been identified at time of analysis; EPSS sits at 0.02% (5th percentile), consistent with low real-world threat.

Integer Overflow Buffer Overflow N A
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-27136 MEDIUM PATCH This Month

Mutation XSS in golang.org/x/net/html allows attackers to bypass HTML sanitization by exploiting divergence between the parsed and rendered HTML tree. Applications that parse untrusted HTML using this library, sanitize the resulting tree, and then re-render it are vulnerable - the rendered output can differ structurally from the sanitized intermediate representation, reintroducing attacker-controlled script execution. No public exploit has been identified at time of analysis, and CISA KEV listing is absent, but the network-accessible, no-authentication attack path with changed scope makes this relevant to any Go application handling user-supplied HTML.

XSS Golang Org X Net Html Suse
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-25681 MEDIUM PATCH This Month

Parser-differential XSS in golang.org/x/net/html allows sanitization bypass when applications parse-sanitize-reserialize HTML before rendering. The Go HTML parser produces an unexpected tree structure for certain crafted inputs, meaning a sanitizer that walks the first-pass parse tree and deems content safe may produce output that, when re-parsed by a browser or downstream renderer, yields a structurally different - and dangerous - DOM. Affected are all applications using golang.org/x/net/html versions prior to 0.55.0 that rely on this library as part of an HTML sanitization pipeline; no confirmed active exploitation (CISA KEV) and EPSS is 0.03%, but the attack class (mutation XSS) is well-understood and high-value for targeted web application attacks.

XSS Golang Org X Net Html Suse
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-42502 MEDIUM PATCH This Month

Mutation XSS in Go's golang.org/x/net/html package allows attackers to bypass HTML sanitization by exploiting a discrepancy between how the html.Parse() function constructs an internal tree and how html.Render() serializes it back. Applications that rely on this package to sanitize untrusted HTML before display are vulnerable: maliciously crafted input can survive sanitization and execute JavaScript in victims' browsers when the rendered output is viewed. No public exploit exists at time of analysis, though the Go security team has issued a fix in version 0.55.0.

XSS Golang Org X Net Html Suse
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-42506 MEDIUM POC PATCH This Month

XSS sanitization bypass in Go's extended networking HTML parser (golang.org/x/net/html) allows remote unauthenticated attackers to execute cross-site scripting payloads against victims of Go web applications that rely on the library's parse-sanitize-render pipeline. The vulnerability arises because html.Render() can serialize a parsed and sanitized node tree into HTML output that structurally diverges from the sanitized intermediate representation, causing attacker-controlled content to re-materialize in rendered output. No active exploitation is confirmed (CISA KEV absent, EPSS 0.03%), but any Go application using this library as a sanitization layer is structurally exposed until upgraded to version 0.55.0.

XSS Golang Org X Net Html Suse
NVD VulDB GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-26483 MEDIUM PATCH This Month

Open redirect vulnerability in Dell PowerFlex Manager 4.6.2 and prior enables unauthenticated remote attackers to craft malicious application URLs that silently redirect targeted users to arbitrary attacker-controlled web destinations. Exploitation requires user interaction (CVSS UI:R) - a victim must follow a specially crafted link - but no authentication or special privileges are needed on the attacker's side. The primary risk is phishing: because the initial URL appears to point at a legitimate Dell infrastructure management portal, users are more likely to trust and follow it, making credential theft or sensitive data disclosure against PowerFlex administrators a realistic outcome. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog at time of analysis.

Open Redirect Dell Powerflex Manager Appliance Powerflex Manager Rack Powerflex Manager
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-3481 MEDIUM This Month

Reflected Cross-Site Scripting in WP Blockade - Visual Page Builder (all versions through 0.9.14) allows authenticated attackers holding at minimum a WordPress Subscriber-level account to inject arbitrary JavaScript into pages rendered in a victim's browser. The vulnerability exists in the render_shortcode_preview() function, which passes raw GET input through do_shortcode() without sanitization or output escaping - when the input is not a recognized shortcode, WordPress returns it verbatim, causing any embedded script to execute. Exploitation requires social engineering an authenticated user (e.g., an admin) into clicking a crafted link, but the low barrier to entry (Subscriber-level account) significantly widens the attacker pool on multi-user WordPress installations. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

WordPress XSS
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-6864 MEDIUM This Month

Reflected Cross-Site Scripting in the CBX 5 Star Rating & Review WordPress plugin (versions up to and including 1.0.7) allows unauthenticated remote attackers to inject arbitrary JavaScript via the unsanitized 'page' parameter rendered in administrative log templates. Successful exploitation requires social engineering an authenticated administrator into clicking a crafted URL, limiting automated mass exploitation while remaining a realistic threat in targeted phishing campaigns against WordPress site owners. No public exploit code or CISA KEV listing has been identified at time of analysis.

WordPress XSS
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2022-31231 MEDIUM PATCH This Month

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management (IAM) module. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Dell Authentication Bypass Ecs
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-8673 MEDIUM PATCH This Month

Unprotected credential transport in syslink software AG Avantra before version 25.3.0 exposes authentication material to network-layer interception on both Linux and Windows deployments. The vulnerability, classified under CWE-523, allows a suitably positioned network adversary to capture credentials in transit, with the CVSS vector indicating high confidentiality and integrity impact upon successful exploitation. No public exploit code and no CISA KEV listing have been identified at time of analysis, and the high attack complexity and high privilege prerequisite meaningfully constrain the realistic attacker population.

Microsoft Information Disclosure
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-3473 MEDIUM PATCH GHSA This Month

File ownership and access control enforcement is absent in the Boards API across four release branches of Mattermost, allowing any authenticated user to access and download files belonging to other users or teams by submitting crafted API requests containing valid file IDs. Affected deployments span versions 10.11.x through 11.6.x per EUVD-2026-31429 and vendor advisory MMSA-2026-00620. CVSS scores this at 5.9 (Medium) reflecting high attack complexity due to the file ID prerequisite; no public exploit has been identified and the vulnerability is not listed in CISA KEV at time of analysis.

Authentication Bypass Mattermost
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-44409 MEDIUM This Month

Unauthorized information disclosure in the ZTE MU5250 5G mobile router allows an adjacent-network attacker with low-privilege access to retrieve sensitive information due to misconfigured access control mechanisms. The vulnerability carries a CVSS 3.1 base score of 5.7 (Medium) with high confidentiality impact, confirmed by ZTE through their own security bulletin. No public exploit code or CISA KEV listing has been identified at time of analysis, limiting immediate mass-exploitation risk, though the high confidentiality impact (C:H) warrants timely remediation in network-sensitive deployments.

Information Disclosure Zte
NVD VulDB
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-47166 MEDIUM PATCH GHSA This Month

Heap buffer over-read in ImageMagick's distributed pixel cache server affects all Magick.NET NuGet package variants prior to version 14.12.0. An attacker with the ability to connect to a running `magick -distribute-cache` service can trigger an out-of-bounds read (CWE-125) in the server process, resulting in high-severity confidentiality impact (memory disclosure) and availability impact (potential crash). No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, and the CVSS score of 5.7 reflects meaningful mitigating constraints: high attack complexity and high privileges required per the vector.

Information Disclosure Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-25607 MEDIUM PATCH This Month

Weak password encoding in STER (all versions before 9.5) exposes stored credentials to local reverse-engineering by any low-privileged user on the system. The root cause (CWE-261) is use of a reversible or insufficiently one-way encoding scheme rather than a cryptographically strong hashing algorithm, enabling an attacker who can observe encoded password data to deduce plaintext values by analyzing patterns across known-value samples. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, the high confidentiality impact (VC:H in CVSS 4.0) confirms that successful exploitation fully exposes affected credentials. The issue was reported by CERT-PL and fixed by CIOP-PIB in version 9.5.

Information Disclosure Ster
NVD
CVSS 4.0
5.7
EPSS
0.0%
CVE-2025-32751 MEDIUM PATCH This Month

Dell PowerFlex Manager versions 4.6.2 and earlier improperly store sensitive information in a manner accessible to low-privileged local users, resulting in unauthorized disclosure of confidential data with high confidentiality impact per CVSS. Affected deployments span both the Appliance and Rack form factors of the platform. No public exploit code has been identified at time of analysis and CISA KEV does not list this vulnerability, though the CWE-922 root cause and the 'Authentication Bypass' tag suggest the exposed data may include credentials or tokens that could enable downstream privilege escalation or lateral movement.

Dell Authentication Bypass Powerflex Manager Appliance Powerflex Manager Rack Powerflex Manager
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-39964 MEDIUM PATCH GHSA This Month

Stored XSS in Typebot's JavaScript viewer embed (packages/embeds/js) allows any authenticated bot author - including free-tier users - to inject arbitrary JavaScript into a visitor's browser by setting a rich text bubble link URL to a javascript: URI. When a visitor clicks the malicious link within an embedded bot, the payload executes in the host page's origin (S:C scope change), enabling exfiltration of cookies and session tokens from the embedding third-party site. No public exploit code or active exploitation is confirmed at time of analysis; a vendor-released patch is available in v3.16.0.

XSS Typebot Io
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-28735 MEDIUM PATCH This Month

OAuth scope validation bypass in Mattermost's GitHub integration allows authenticated users to escalate repository access beyond what was originally authorized. By manipulating the scope parameter in the GitHub OAuth authorization URL before the callback is processed, a low-privileged Mattermost user can obtain a GitHub token with broader permissions - including access to private repositories - than the application intended to grant. Affecting versions across four active release branches (10.11.x through 11.6.x), this is no public exploit identified at time of analysis and is not listed in CISA KEV, but the low complexity and authentication-only barrier make it a realistic insider or compromised-account risk.

Authentication Bypass Mattermost
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-8381 MEDIUM PATCH This Month

Broken access control in TeamViewer DEX Platform (On-Premises) before version 9.2 allows authenticated low-privileged users to invoke administrative API endpoints and access sensitive resources outside their authorized scope. The root cause is CWE-862 (Missing Authorization) - backend API endpoints omit proper role-based authorization checks despite confirming user identity. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis, but the network-accessible attack vector and low complexity make exploitation straightforward for any user holding valid platform credentials.

Authentication Bypass Dex On Premises
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-46598 MEDIUM PATCH GHSA This Month

Panic-induced denial of service in the golang.org/x/crypto/ssh/agent package allows remote unauthenticated attackers to crash processes by submitting specially crafted SSH agent protocol messages containing malformed wire-format bytes that are unsafely cast into an ed25519.PrivateKey without sufficient validation. All versions of golang.org/x/crypto/ssh/agent prior to 0.52.0 are affected. No public exploit exists at time of analysis (EPSS 0.02%), though the SSVC framework flags the attack as automatable, and a vendor patch is available.

Information Disclosure Golang Org X Crypto Ssh Agent Suse Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy