Skip to main content
CVE-2026-45412 MEDIUM PATCH This Month

Server-Side Request Forgery in MaxKB before 2.9.1 allows authenticated users to pivot into internal network infrastructure by supplying arbitrary URLs to the work_flow_template import endpoint. The server fetches attacker-controlled URLs without validation or internal IP filtering, enabling reconnaissance of internal services, cloud metadata endpoints, or other resources unreachable from the public internet. The CVSS 4.0 score of 6.3 is driven primarily by high subsequent-system confidentiality impact (SC:H), reflecting the lateral reach into backend infrastructure that SSRF typically enables. No public exploit code or active exploitation has been identified at time of analysis.

SSRF Maxkb
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-27331 MEDIUM This Month

Missing authorization controls in the WpTravelly WordPress plugin (versions through 2.1.5) allow any authenticated low-privileged user to exploit incorrectly configured access control security levels, gaining unauthorized access to functionality or data beyond their intended permissions. The flaw is network-accessible, requires no user interaction, and carries a balanced Low-CIA-triad impact per CVSS. No public exploit has been identified at time of analysis, and the EPSS score (0.03%, 10th percentile) suggests very low real-world exploitation probability despite the network-exposed attack surface.

Authentication Bypass Wptravelly
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-8852 MEDIUM PATCH This Month

Denial of service in IBM HTTP Server 8.5 and 9.0 is achievable by a local, unprivileged attacker through the optional mod_fastcgi module, which triggers a reachable assertion (CWE-617) causing the server process to abort. Affected versions span IBM HTTP Server 9.0 and IBM HTTP Server 8.5.0 through Interim Fix 002. No public exploit exists and CISA has not listed this in the KEV catalog; EPSS exploitation probability is extremely low at 0.03% (9th percentile), indicating minimal real-world threat at present.

Denial Of Service IBM Http Server
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-48696 MEDIUM This Month

Buffer overflow in FastNetMon Community Edition through 1.2.9 allows a local attacker with no privileges to crash the FastNetMon process, disabling DDoS detection and network monitoring capabilities. The vulnerability is specifically tied to a sprintf-based overflow in the ExaBGP integration component, as documented in the Lorikeetsecurity advisory. This is one of at least three distinct buffer overflow vulnerabilities (alongside CVE-2026-48686 and CVE-2026-48689) identified in the same product version, suggesting a broader audit surfaced a class of unsafe string-handling bugs. No public exploit identified at time of analysis, and the impact is limited to availability (denial of service) with no confidentiality or integrity exposure.

Buffer Overflow N A
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-44176 MEDIUM PATCH GHSA This Month

Kirby CMS's path resolver fails to enforce `pages.access` permission checks when rendering page drafts, allowing authenticated users who lack access to specific page models to view those drafts by knowing the full URL path. Affected installations are those explicitly configured to restrict certain user roles from accessing pages via `pages.access: false` in user or model blueprints - sites where all users may access all pages are unaffected. No public exploit or CISA KEV listing exists at time of analysis, but the impact is information disclosure of unpublished content such as pre-launch product pages or embargoed posts.

Authentication Bypass
NVD GitHub
CVSS 4.0
6.0
EPSS
0.0%
CVE-2025-33221 MEDIUM PATCH This Month

Incorrect permission assignment in the NVIDIA Display Driver kernel module on Windows and Linux allows a highly privileged local user to corrupt critical resource permissions, leading to denial of service and potentially data tampering. Affected product lines span GeForce (limited to Maxwell, Volta, and Pascal architectures on some branches), RTX/Quadro/NVS, Tesla, and Guest (vGPU) drivers across multiple version branches. No public exploit exists and no active exploitation has been identified; SSVC assessment rates exploitation as none and impact as partial, consistent with the moderate CVSS score of 4.4.

Denial Of Service Nvidia Microsoft Linux
NVD VulDB
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-48593 MEDIUM POC PATCH GHSA This Month

Memory exhaustion in Oban Web's cron expression rendering engine allows a low-privileged attacker who can schedule jobs to crash the BEAM VM node. By submitting a cron expression with an astronomically large range such as '0 0 1-100000000 * *', the attacker causes Elixir.Oban.Web.CronExpr.describe/1 to eagerly materialize the range into a list via Enum.to_list/1, allocating approximately 2.4 GB of memory and stalling or crashing the node when a dashboard user views the cron job list. No public exploit identified at time of analysis, but the attack requires no specialized tooling - the malicious expression is trivial to craft given knowledge of the unguarded parse path.

Denial Of Service Oban Web
NVD GitHub VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-44776 MEDIUM PATCH This Month

Kavita reading server versions prior to 0.9.0 expose seven download and metadata API endpoints without enforcing library-level access controls, enabling authenticated users to retrieve file contents, file sizes, and chapter metadata from libraries they have not been granted access to. The affected endpoints - /api/Download/volume, /api/Download/chapter, /api/Download/series, /api/Chapter, and corresponding size-check variants - accept resource identifiers (chapterId, volumeId, seriesId) without verifying the requesting user's library membership. A proof-of-concept exists per SSVC classification, though EPSS at 0.04% (11th percentile) reflects minimal observed exploitation activity; the CVE is not listed in CISA KEV.

Authentication Bypass Kavita
NVD GitHub
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-40384 MEDIUM This Month

Path traversal in Joomla! CMS com_media web service endpoint allows authenticated high-privilege attackers to read arbitrary files outside the intended web root via a manipulated search parameter. Affected versions span two major release trains: 4.0.0 through 5.4.5 and 6.0.0 through 6.1.0. No public exploit code exists and no active exploitation has been confirmed, but the vulnerability results in full confidentiality loss of the vulnerable system's filesystem contents accessible to the web process.

Path Traversal Joomla Cms
NVD VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-24201 MEDIUM This Month

Out-of-bounds write in NVIDIA Virtual GPU Manager exposes virtualized GPU deployments to denial of service, data tampering, and information disclosure. A local, low-privileged attacker operating within a virtualized environment can trigger the memory corruption flaw in the host-side vGPU manager component across multiple affected driver branches (vGPU 16.x through 20.x). No public exploit code exists at time of analysis, and EPSS probability is at the 2nd percentile, but the high availability impact (A:H in CVSS) and the prevalence of vGPU in enterprise virtualization infrastructure warrant prompt patching.

Nvidia Memory Corruption Information Disclosure Buffer Overflow Denial Of Service +1
NVD VulDB
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-8174 MEDIUM PATCH This Month

Cross-site request forgery in the Zoho Mail WordPress plugin (all versions before 1.6.2) enables a remote attacker to perform unauthorized, integrity-impacting actions on behalf of an authenticated WordPress user without their knowledge. The CVSS 5.7 medium score reflects high integrity impact with no confidentiality or availability exposure, requiring low-privilege victim authentication and user interaction. No public exploit code exists and no active exploitation has been identified; EPSS sits at the 1st percentile and SSVC classifies exploitation status as none.

CSRF Zoho WordPress Zoho Mail Wordpress Plugin
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-48134 MEDIUM This Month

SQL injection in Check Point Quantum Security Gateway's UserCheck Web Portal allows a remote unauthenticated attacker who can reach the UserCheck Ask page to manipulate the Security Gateway's stored DLP incident database when the DLP blade is active. Successful exploitation can cause loss of stored incident entries, disruption of pending approval workflows, or resource exhaustion through repeated abuse - all of which could undermine the integrity of an organization's data loss prevention audit trail. No public exploit code has been identified and EPSS is very low at 0.06% (18th percentile), with no CISA KEV listing at time of analysis.

SQLi Quantum Security Gateway
NVD VulDB
CVSS 3.1
5.6
EPSS
0.1%
CVE-2026-24198 MEDIUM PATCH This Month

Race condition in NVIDIA GPU Display Driver for Linux allows a high-privileged local attacker to leak sensitive kernel or process memory, producing limited information disclosure alongside potential data tampering and denial of service. Affected product lines span GeForce, RTX/Quadro/NVS, and Tesla GPU families running Linux driver branches prior to 580.159.03 or 595.71.05. No public exploit code exists and this vulnerability is absent from the CISA KEV catalog; an EPSS of 0.01% (1st percentile) and SSVC classification of Exploitation: none together place it at the lowest tier of real-world exploitation priority.

Denial Of Service Information Disclosure Nvidia Geforce Rtx Quadro Nvs +1
NVD
CVSS 3.1
5.6
EPSS
0.0%
CVE-2026-9495 MEDIUM PATCH This Month

{ prefix: '/:category' })`), enabling complete bypass of whatever protection that middleware was intended to enforce - authentication, authorization, rate limiting, or input sanitization. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms this is remotely exploitable with no authentication or user interaction required, and SSVC classifies it as automatable. Publicly available exploit code exists per SSVC classification; EPSS is low at 0.09% (25th percentile), suggesting limited widespread exploitation at time of analysis.

Authentication Bypass Koa Router
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-45836 MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel's Bluetooth L2CAP socket layer crashes the kernel when `l2cap_sock_get_sndtimeo_cb()` is invoked with a NULL socket context, resulting in a local denial-of-service (kernel panic). The flaw stems from an oversight where sibling callbacks `l2cap_sock_resume_cb()` and `l2cap_sock_ready_cb()` already carry the required NULL guard, but `l2cap_sock_get_sndtimeo_cb()` does not. With EPSS at 0.02% (5th percentile), no public exploit identified, and no CISA KEV listing, real-world exploitation risk is low - but the vulnerability has persisted since Linux 3.13 and affects every major stable branch until patched versions were released.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45835 MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel's Bluetooth L2CAP socket layer crashes the kernel when `l2cap_sock_new_connection_cb()` is invoked without the NULL guard present in sibling callbacks. Local unprivileged users on systems with Bluetooth enabled can trigger a kernel oops or panic, resulting in a denial of service. No public exploit or CISA KEV listing exists; EPSS probability is near zero at 0.02% (5th percentile), indicating minimal active exploitation interest at time of analysis.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45834 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel Bluetooth L2CAP subsystem causes a local denial-of-service via kernel panic when `l2cap_sock_state_change_cb()` is invoked with a NULL socket pointer. A local low-privileged user with access to the Bluetooth socket API can trigger a system crash by exercising the L2CAP state change callback path that lacked the NULL guard already applied to sibling callbacks `l2cap_sock_resume_cb()` and `l2cap_sock_ready_cb()`. No active exploitation is confirmed (not in CISA KEV) and EPSS stands at 0.02% (5th percentile), indicating minimal real-world adversarial interest at time of analysis.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-48693 MEDIUM This Month

Local symlink exploitation in FastNetMon Community Edition through 1.2.9 allows a low-privileged local attacker to overwrite arbitrary files as the process user, which is typically root. The statistics output path is hardcoded to the predictable world-accessible location /tmp/fastnetmon.dat, written via std::ios::trunc without O_NOFOLLOW or symlink validation, and the daemon sets umask to 0 at startup making all created files world-writable. A secondary chmod() bug further misapplies permissions to the wrong path. No public exploit has been identified at time of analysis and EPSS sits at the 4th percentile, but the typical root execution context makes this a reliable local privilege escalation primitive despite the moderate CVSS score.

Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-24195 MEDIUM PATCH This Month

Denial of service in the NVIDIA Display Driver for Linux (UVM kernel module) allows a local user to crash or render the GPU subsystem unavailable through improper input validation. The flaw affects NVIDIA Guest drivers used in vGPU deployments (versions 580.126.09 and 595.58.03 across vGPU 19.4 and 20.0 branches) and carries a CVSS 7.1 with high availability impact and scope change. There is no public exploit identified at time of analysis, and EPSS is very low (0.01%, 2nd percentile), consistent with the local attack vector and DoS-only impact.

Denial Of Service Nvidia
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-13755 MEDIUM PATCH This Month

IBM Db2 on Linux, UNIX, and Windows - versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.4, including DB2 Connect Server - writes potentially sensitive information into log files readable by local OS users, creating an insider-threat-class confidentiality exposure. The CVSS confidentiality impact is rated High (C:H), but the attack is strictly local (AV:L) and requires only a standard low-privilege OS account (PR:L), making this a post-access or insider-threat scenario rather than an internet-facing risk. No public exploit has been identified at time of analysis, EPSS sits at the 2nd percentile (0.01%), and CISA SSVC records no active exploitation - IBM has released a patch addressed in advisory https://www.ibm.com/support/pages/node/7273554.

Information Disclosure Microsoft IBM Db2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-46307 MEDIUM PATCH This Month

Improper access control in Apple macOS allows a locally-executed app to read sensitive user data by exploiting a logic flaw in system-level restrictions. Affected are all macOS versions prior to Tahoe 26, per the CPE data and EUVD-2025-209943. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms exploitation requires no user interaction once an app is running under low privileges, and the confidentiality impact is rated High. No public exploit code exists and this vulnerability is not confirmed actively exploited (CISA KEV).

Apple Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-46280 MEDIUM PATCH This Month

Out-of-bounds read in Apple macOS (all versions prior to macOS Tahoe 26) allows a locally authenticated, low-privileged application to trigger unexpected system termination, constituting a local denial-of-service condition. The root cause is insufficient bounds checking in a macOS component, addressed by Apple in macOS Tahoe 26. No public exploit code exists and this vulnerability is not listed in CISA KEV, though a vendor-confirmed patch is available.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43289 MEDIUM PATCH This Month

Improper authorization in Apple macOS allows a locally-installed malicious application to access sensitive user data without proper entitlement checks. Affected releases span three macOS generations: Sequoia (prior to 15.7), Sonoma (prior to 14.8), and the forthcoming Tahoe (prior to 26). The flaw stems from a logic issue in access validation, meaning apps lacking legitimate permissions can bypass gating controls to read protected data. No public exploit code or CISA KEV listing has been identified at time of analysis.

Apple Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43451 MEDIUM PATCH This Month

Improper access control in Apple macOS (all versions before Tahoe 26) allows a locally installed application running with standard user privileges to access sensitive user data beyond its authorized scope. The root cause - a faulty permissions enforcement code path - was remediated by removing the vulnerable code entirely in macOS Tahoe 26. No public exploit identified at time of analysis, and the vulnerability has not been added to the CISA KEV catalog.

Apple Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43290 MEDIUM PATCH This Month

Incorrect permission assignment (CWE-732) in Apple macOS allows a locally-running app to modify protected parts of the file system without authorization. Affected are macOS Sonoma prior to 14.8, macOS Sequoia prior to 15.7, and macOS Tahoe prior to 26, covering three active macOS release trains simultaneously. The CVSS vector (AV:L/AC:L/PR:L/UI:N, I:H) confirms that a low-privileged local app can achieve high-integrity writes to restricted file system regions with no user interaction required; no public exploit has been identified at time of analysis.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-7453 MEDIUM PATCH This Month

Stack exhaustion in Autodesk 3ds Max 2026 and 2027 can be triggered by opening a maliciously crafted WRL (VRML) file, causing an application crash and denial-of-service condition for the affected user. Exploitation requires local access and deliberate user interaction - a victim must be socially engineered into opening the weaponized file. No active exploitation is identified; EPSS sits at 0.00% and SSVC exploitation status is confirmed none, placing real-world risk well below what the moderate CVSS score of 5.5 might initially suggest.

Information Disclosure 3ds Max
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-7450 MEDIUM PATCH This Month

NULL Pointer Dereference in Autodesk 3ds Max's PAR file parser allows a local attacker to crash the application by convincing a user to open a specially crafted PAR file, resulting in a denial-of-service condition. Affected versions span both the 2026 (prior to 2026.1) and 2027 (prior to 2027.1) release lines. No active exploitation has been identified - EPSS is 0.00% (0th percentile), SSVC exploitation status is 'none', and the vulnerability is not listed in CISA KEV - placing this squarely in a low-urgency, patch-and-monitor posture.

Denial Of Service Null Pointer Dereference 3ds Max
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-36148 MEDIUM PATCH This Month

Cross-site scripting in IBM Financial Transaction Manager for SWIFT Services for Multiplatforms versions 3.2.4.0 through 3.2.4.15 permits injection of arbitrary JavaScript into the Web UI, creating a pathway to credential disclosure within an authenticated operator's session. The Changed Scope (S:C) in the CVSS vector confirms the injected script executes in the victim's browser beyond the originating application boundary, elevating real-world impact in a SWIFT financial messaging context. No public exploit has been identified and EPSS stands at 0.05% (16th percentile), reflecting low immediate exploitation probability, though a discrepancy between the CVE description characterizing the attacker as unauthenticated and the CVSS PR:L vector warrants vendor clarification before finalizing risk posture.

XSS IBM Financial Transaction Manager For Swift Services For Multiplatforms
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36145 MEDIUM PATCH This Month

IBM watsonx.data (IBM Lakehouse) versions 2.2 through 2.3.1 fails to properly restrict inbound and outbound network connections, enabling authenticated low-privilege attackers to transfer or modify files without appropriate authorization controls. The vulnerability carries a CVSS score of 5.4 with network reachability and low attack complexity, though EPSS probability sits at just 0.02% (7th percentile) and SSVC assessment confirms no active exploitation. No public exploit code has been identified at time of analysis, and a vendor-released patch is available via IBM's support portal.

Information Disclosure IBM Watsonx Data
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-14290 MEDIUM PATCH This Month

Server-side request forgery (SSRF) in IBM webMethods Integration Server (on-premises) 10.15 through IS_11.1_Core_Fix10 allows authenticated remote attackers to coerce the server into issuing unauthorized outbound HTTP requests to arbitrary destinations. An attacker with low-privileged credentials can leverage this to map internal network topology, probe non-publicly-routable services, or use the Integration Server as a pivot point for follow-on attacks against adjacent systems. No public exploit identified at time of analysis, and EPSS at 0.02% (7th percentile) alongside SSVC exploitation status of 'none' indicate no observed active exploitation.

IBM SSRF Webmethods Integration On Prem Integration Server
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-42015 MEDIUM PATCH This Month

Memory corruption via an off-by-one error in GnuTLS PKCS#12 bag element handling exposes any application using GnuTLS to remote unauthenticated denial of service - and potentially unspecified further impact - when a crafted PKCS#12 structure is parsed. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms exploitation requires no authentication, no user interaction, and no elevated complexity, making internet-exposed services that parse client-supplied PKCS#12 inputs the primary risk surface. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog at time of analysis.

Buffer Overflow Denial Of Service Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +4
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-48135 MEDIUM This Month

Heap-based buffer overflow in Check Point Quantum Security Gateway's HTTP-based service allows unauthenticated remote attackers to cause availability disruption by sending crafted malformed HTTP requests requiring no authentication or user interaction. Affected deployments span all R81.10 releases and below, R81.20 through Jumbo Hotfix Take 127, R82 through Jumbo Hotfix Take 91, and R82.10 through Jumbo Hotfix Take 19. No public exploit identified at time of analysis, though SSVC classifies the attack as automatable with total technical impact - a meaningful tension with the CVSS A:L rating that security teams should scrutinize before deprioritizing.

Heap Overflow Checkpoint Buffer Overflow Quantum Security Gateway
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-48592 MEDIUM POC PATCH GHSA This Month

Unauthorized job worker substitution in oban_web 2.12.0-2.12.4 allows any authenticated low-privileged user to redirect background job execution to arbitrary existing worker modules. The server-side LiveView event handler for 'save-job' in Elixir.Oban.Web.Jobs.DetailComponent omits the can?/2 authorization check that all sibling handlers (cancel, delete, retry) correctly enforce, enabling a user granted only :read_only access to forge a WebSocket event and overwrite a queued job's worker field. No public exploit code exists and SSVC designates exploitation as none, but successful abuse causes Oban to invoke an attacker-chosen worker module on next execution, introducing real integrity risk to automated job pipelines.

Authentication Bypass Oban Web
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-39642 MEDIUM This Month

Basic XSS via arbitrary shortcode execution in the Nyla WordPress theme (versions through 1.7) allows unauthenticated remote attackers to inject script-bearing HTML tags into rendered web pages, resulting in limited confidentiality impact against site visitors. The vulnerability is classified under CWE-80 and was disclosed by Patchstack, who titled the finding 'Arbitrary Shortcode Execution' - indicating that the XSS payload is delivered through unsanitized shortcode rendering rather than a conventional input field. No public exploit code exists and no active exploitation has been confirmed at time of analysis.

XSS Nyla
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-42337 MEDIUM PATCH This Month

Broken access control in MaxKB 2.8.0 and earlier exposes the OSS file service URL fetch API (`chat/api/oss/get_url`) to cross-application data access by authenticated low-privilege users who supply arbitrary `application_id` values in the URL path. Because the endpoint performs no ownership validation against the requesting session, any authenticated user can retrieve OSS file URLs scoped to applications they do not own, violating multi-tenant isolation. No public exploit code exists and the issue is not listed in CISA KEV; a vendor-released patch is available in version 2.8.1.

Authentication Bypass Maxkb
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-36221 MEDIUM PATCH This Month

Default manufacturing credentials persisting through installation in IBM Cloud Pak for Data System Cyclops 11.3.0.2 through Interim Fix 002 allow unauthenticated network attackers to bypass authentication and perform unauthorized integrity-impacting actions. The root cause (CWE-1392) reflects a design-phase failure where credentials intended solely for factory/installation use are not forced to rotate before or immediately after deployment. EPSS sits at 0.03% and SSVC records no current exploitation, but the SSVC automatable flag indicates this class of attack is trivially scriptable, making exposed instances a realistic target for opportunistic credential-stuffing against known IBM default password sets. No public exploit identified at time of analysis.

Authentication Bypass IBM Cloud Pak For Data System Cyclops
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-44314 MEDIUM PATCH This Month

Incorrect authorization in Traccar's DeviceResource.uploadImage endpoint allows authenticated low-privilege users to overwrite device image files on the server, bypassing readonly and deviceReadonly access restrictions that all other device mutation paths correctly enforce. Traccar versions prior to 6.13.0 are affected, and the root cause is a missing permissionsService.checkEdit call in the image upload route that is present everywhere else in the mutation surface. A proof-of-concept exists per SSVC data, though EPSS sits at 0.03% (9th percentile), indicating limited real-world exploitation activity to date. The vendor-released fix is available in version 6.13.0.

Authentication Bypass Traccar
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-25426 MEDIUM This Month

Unauthenticated broken access control in Magepeople Inc.'s Taxi Booking Manager for WooCommerce plugin (versions up to and including 2.0.1) exposes limited information to remote attackers without requiring any credentials or user interaction. The plugin fails to enforce proper authorization checks on one or more endpoints, classified under CWE-862 (Missing Authorization), allowing unauthenticated network requests to access functionality or data that should be restricted. No active exploitation is confirmed (not in CISA KEV) and EPSS stands at 0.03%, indicating low observed exploitation probability at time of analysis.

Authentication Bypass WordPress Taxi Booking Manager For Woocommerce
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-24590 MEDIUM This Month

Unauthenticated access control bypass in VideoWhisper.Com's Paid Videochat Turnkey Site WordPress plugin (versions through 7.3.23) allows remote attackers to access restricted resources without authorization, resulting in partial information disclosure. The plugin (known by slug ppv-live-webcams) fails to enforce authorization checks on one or more endpoints, enabling any unauthenticated network actor to exploit incorrectly configured access control security levels. No public exploit code has been identified and CISA KEV does not list this vulnerability, though SSVC data confirms the attack is automatable, raising the potential for scripted mass scanning.

Authentication Bypass Paid Videochat Turnkey Site
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-39655 MEDIUM This Month

Missing authorization in the Mayosis Core WordPress plugin (versions through 5.4.7) by TeconceTheme allows unauthenticated remote attackers to exploit incorrectly configured access control security levels, resulting in unauthorized modification of data (integrity impact). The CVSS vector confirms no authentication or user interaction is required, and the vulnerability is network-exploitable against default configurations. No public exploit code exists and no active exploitation has been confirmed at time of analysis.

Authentication Bypass Mayosis Core
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-9524 MEDIUM This Month

SQL injection in xianrendzw EasyReport up to version 2.0.17.0522_Beta exposes authenticated remote attackers a path to query manipulation via the `reportParams` argument in the REST Endpoint's `execute` function. The CVSS 4.0 score of 5.3 reflects a low-privilege authenticated requirement with partial impact across confidentiality, integrity, and availability - meaning data exfiltration, record tampering, and limited availability disruption are all within scope. No public exploit has been confirmed and no vendor patch exists, as the vendor did not respond to coordinated disclosure; EPSS at 0.03% (8th percentile) corroborates low current exploitation interest.

SQLi Easyreport
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-46740 MEDIUM This Month

Metric injection in Mojolicious::Plugin::Statsd through version 0.04 for Perl allows remote unauthenticated attackers to inject arbitrary statsd metrics by supplying crafted values containing newlines, colons, or pipe characters - the delimiters of the statsd wire protocol. Applications that pass untrusted input directly into metric names or set values are affected. No public exploit exists and EPSS is 0.01% (1st percentile), placing this firmly in the low-priority tier despite network accessibility; exploitation requires attacker-controlled data to flow into metric collection paths.

Code Injection
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-48899 MEDIUM This Month

Privilege escalation in Joomla! CMS via the com_users batch task allows low-privileged authenticated users to bypass access controls and elevate their user group membership or permissions. Affected versions span two major release lines: 4.0.0 through 5.4.5 and 6.0.0 through 6.1.0, as confirmed by ENISA EUVD-2026-31880 and the Joomla Security Centre. No public exploit has been identified and EPSS is effectively zero; however, SSVC assesses the technical impact as total, meaning successful exploitation could yield full privilege takeover within the application.

Authentication Bypass Privilege Escalation Joomla Cms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-68709 MEDIUM This Month

Arbitrary JavaScript execution in SailingLab AppLock 4.3.8 for Android is triggered by a malicious co-installed app sending a crafted VIEW intent with a javascript: URI to the exposed BrowserMainActivity component. Because AppLock operates with elevated permissions by design (it restricts access to other apps), this unsafe WebView navigation path creates a changed-scope impact: script execution occurs within AppLock's privilege context, enabling UI spoofing and potential privilege escalation beyond what a normal app could achieve. No public exploit identified at time of analysis beyond the publicly available proof-of-concept published by the reporter on GitHub.

XSS Google Privilege Escalation N A
NVD GitHub
CVSS 3.1
5.2
EPSS
0.0%
CVE-2026-42336 MEDIUM PATCH This Month

Authenticated SSRF bypass in MaxKB's OSS file service URL fetch allows low-privilege users to reach internal network services by exploiting inconsistent DNS resolution between validation and request execution. MaxKB 2.8.0 and all prior versions are affected; the attacker causes the validation step to resolve a domain to a public IP, then swaps the DNS record so the actual HTTP fetch resolves to an internal address, bypassing the SSRF filter entirely. No public exploit has been identified and this CVE is not listed in CISA KEV; a vendor-released patch (2.8.1) is available.

SSRF Maxkb
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2026-44903 MEDIUM PATCH This Month

Stored cross-site scripting in Prometheus versions 2.49.0 through 3.5.2/3.11.2 allows a low-privileged attacker who can inject crafted histogram metrics to execute arbitrary JavaScript in the browser of any user who views the affected metric in the legacy heatmap chart UI. Exploitation requires the non-default `--enable-feature=old-ui` flag to be set and the victim to navigate to the specific heatmap view. No public exploit code has been identified at time of analysis, but the vulnerability is technically straightforward - a missing `escapeHTML()` call on `le` label values rendered as axis tick labels in Graph.tsx. This is the third stored DOM XSS in Prometheus's web UI in recent years, following CVE-2019-10215 and CVE-2026-40179.

XSS Prometheus
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-44723 MEDIUM PATCH This Month

{{ github.event.pull_request.title }} directly into bash double-quoted strings across four steps in four separate jobs, enabling shell escape via crafted PR title content. No public exploit has been identified and EPSS stands at 0.03% (10th percentile), though the supply-chain nature of this CI-targeting vulnerability means successful exploitation could expose repository secrets and runner tokens.

Python Command Injection Vowpal Wabbit
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-66407 MEDIUM PATCH GHSA This Month

Server-side request forgery in Weblate's Create Component feature allows authenticated users with component creation rights to make the Weblate server issue HTTP requests to arbitrary internal endpoints, including cloud metadata services, by supplying a crafted repository URL when the Mercurial VCS backend is selected. The Mercurial backend uniquely surfaces the full HTTP response body to the requesting user, enabling enumeration of internal services; file:// scheme requests additionally allow filesystem layout inference via error-message oracle behavior. No active exploitation has been confirmed (not in CISA KEV), but cloud-hosted deployments face elevated risk from IAM credential disclosure via instance metadata endpoints.

CSRF SSRF
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-44443 MEDIUM PATCH This Month

Lumiverse's sign-up nonce mechanism prior to version 0.9.7 allows unauthenticated remote attackers to register unauthorized accounts by exploiting a race condition in the `consumeNonce()` function. When an admin's user-creation request fails due to a duplicate email - causing BetterAuth to reject at the validation layer - the nonce is set but never consumed, leaving a 10-second window during which any POST to `/api/auth/sign-up/email` will succeed regardless of the sender. No public exploit code exists and no CISA KEV listing is present; exploitation requires precise timing and the ability to observe or predict an admin's failed duplicate-email attempt, consistent with the CVSS AC:H rating.

Race Condition Authentication Bypass Lumiverse
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-8647 MEDIUM This Month

Insecure PRNG fallback in Crypt::ScryptKDF for Perl (versions through 0.010) exposes applications to cryptographically weak random byte generation when none of five recognized CSPRNG modules are installed. The `random_bytes` function silently degrades to Perl's built-in `rand()`, which is not a cryptographically secure source, potentially weakening scrypt-derived salts or keys in password hashing and key derivation workflows. No public exploit is identified and EPSS is 0.02% (4th percentile), but the cryptographic impact in minimally-configured Perl environments could be severe, as predictable salts dramatically reduce the cost of offline attacks against derived key material.

Information Disclosure OpenSSL
NVD VulDB
CVSS 3.1
4.8
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy