Skip to main content
CVE-2026-24199 MEDIUM PATCH This Month

Race condition exploitation in NVIDIA Display Driver's Linux kernel module allows a local authenticated user to cause denial of service by manipulating compiler or processor memory instruction ordering. Affected product lines span GeForce, RTX/Quadro/NVS, Tesla, and vGPU Guest Driver across multiple driver branches up to the March 2026 release. No active exploitation has been confirmed - this is not listed in CISA KEV, EPSS is 0.01% (1st percentile), and SSVC assessment classifies exploitation status as none - placing this firmly in a patch-and-monitor category rather than emergency response.

Denial Of Service Nvidia Race Condition Linux Geforce +4
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-35220 MEDIUM This Month

CSRF token validation is absent on the admin user activation endpoint (com_users component) in Joomla! CMS 6.0.0 through 6.1.0, allowing a remote attacker to trigger unauthorized user activation actions by luring an authenticated administrator into visiting a crafted page. The CVSS 4.0 vector (PR:H/UI:A) confirms exploitation requires an active, logged-in administrator and deliberate user interaction, constraining real-world risk despite the network-accessible attack vector. No public exploit code exists and CISA has not added this to KEV; EPSS places exploitation probability at 0.02% (5th percentile), consistent with SSVC's 'none' exploitation status.

CSRF Joomla Cms
NVD VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2026-3314 MEDIUM PATCH This Month

Password field masking is absent in Hitachi Ops Center Analyzer, Ops Center Analyzer viewpoint, and Hitachi Infrastructure Analytics Advisor, exposing plaintext credentials to anyone with physical or visual access to the UI. Affected components include the detail view, probe modules, and Analytics probe modules across a wide version range. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects negligible automated exploitation probability.

Information Disclosure Hitachi Ops Center Analyzer Hitachi Ops Center Analyzer Viewpoint Hitachi Infrastructure Analytics Advisor
NVD VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-36220 MEDIUM PATCH This Month

SQL injection in IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 permits authenticated remote attackers to send specially crafted SQL statements that manipulate back-end database content - enabling unauthorized data reads, inserts, modifications, or deletions. The CVSS vector scores confidentiality impact as none (C:N), yet the vendor description explicitly states attackers may view data, a discrepancy that warrants direct verification against IBM's advisory. No public exploit has been identified at time of analysis, EPSS sits at 0.03% (9th percentile), and CISA SSVC rates exploitation as none, collectively indicating low near-term exploitation risk.

SQLi IBM Cloud Pak For Data System Cyclops
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24520 MEDIUM This Month

Broken access control in the bPlugins Tiktok Feed WordPress plugin (versions through 1.0.24) permits authenticated low-privileged users to perform actions that should be restricted to higher-privileged roles due to missing server-side authorization checks (CWE-862). Exploitation allows limited integrity impact - an attacker with a basic WordPress account could manipulate plugin-controlled data or settings without proper permission. No public exploit code exists and no active exploitation is confirmed at time of analysis; SSVC and EPSS signals both indicate low urgency.

Authentication Bypass Tiktok Feed
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-25444 MEDIUM This Month

Missing authorization checks in the WpBookingly WordPress plugin (versions through 1.2.9) allow authenticated low-privilege users to perform actions beyond their intended permission scope, resulting in unauthorized data modification. Reported by Patchstack and tracked as EUVD-2026-31964, this broken access control flaw (CWE-862) does not require elevated privileges or user interaction, but exploitation is constrained to authenticated sessions. No public exploit code exists and EPSS stands at 0.03% (8th percentile), with SSVC classifying exploitation status as none - making this a low-urgency but legitimate remediation target for WordPress environments with untrusted authenticated users.

Authentication Bypass Wpbookingly
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24638 MEDIUM This Month

Broken access control in the RepairBuddy WordPress plugin (versions through 4.1121) allows authenticated low-privileged users to perform unauthorized actions affecting data integrity. The flaw stems from missing server-side authorization checks (CWE-862), permitting requests to access or modify functionality beyond the caller's intended permission level. No public exploit identified at time of analysis, EPSS sits at the 8th percentile (0.03%), and SSVC marks exploitation as none - placing real-world risk well below what the medium CVSS score of 4.3 might initially suggest.

Authentication Bypass Repairbuddy
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-47728 MEDIUM PATCH GHSA This Month

Cross-project sourcemap and debug-file disclosure in Bugsink prior to 2.2.0 allows an authenticated user with access to one project to read source context or symbolication-derived data belonging to a separate project on the same instance. The root cause is a missing authorization scope check (CWE-862): debug IDs supplied by clients were resolved globally rather than constrained to the owning project, meaning a deliberate or accidental debug ID collision across projects leaks file metadata. No public exploit code exists and no active exploitation has been identified (CISA KEV: absent, EPSS: 0.03%, 7th percentile), making this a low-urgency but architecturally meaningful information disclosure for multi-project Bugsink deployments.

Authentication Bypass Bugsink
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-43936 MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) in e107 CMS versions prior to 2.3.4 allows authenticated administrators to reach internal network resources by supplying IPv4-mapped IPv6 addresses (e.g., ::ffff:127.0.0.1) in the Media Manager's remote URL fetch feature, bypassing PHP's private-range IP filter. The root cause is a normalization gap in file_class.php where PHP's filter_var with FILTER_FLAG_NO_PRIV_RANGE does not canonicalize IPv4-mapped IPv6 notation, leaving loopback and private ranges reachable. Publicly available exploit code exists per SSVC data, though EPSS sits at 0.03% (7th percentile) and the vulnerability is not listed in CISA KEV, indicating low observed exploitation volume.

SSRF E107
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-36239 MEDIUM This Month

Cross-site scripting (XSS) in PbootCMS v.3.2.11 allows a high-privileged authenticated attacker to inject malicious JavaScript into the site configuration functionality, which executes in the browser of any user who subsequently views the affected configuration page. Despite the description using the term 'code injection,' CWE-79 and the XSS tag confirm this is a stored or reflected XSS class vulnerability, not arbitrary server-side code execution. A GitHub-hosted proof-of-concept exists (TazmiDev/CVE-2026-36239), and no public patch has been identified at time of analysis; no active exploitation has been confirmed by CISA KEV.

XSS N A
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-44749 MEDIUM This Month

Content injection into SAP Gateway error messages exposes internal implementation details - specifically regex patterns and URI parsing logic - to authenticated remote attackers. Affecting SAP Gateway versions 750 through 758 and SAP_BASIS 795, the flaw allows an attacker with low-level network credentials to craft inputs that surface sensitive system internals via error responses. Confidentiality impact is rated low; integrity and availability are unaffected. No active exploitation is confirmed (CISA KEV absent), and EPSS sits at 0.01%, consistent with SSVC's 'exploitation: none' assessment.

Code Injection SAP Sap Gateway
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-38587 MEDIUM This Month

IDOR vulnerability across multiple REST API endpoints in ONLYOFFICE DocSpace before 3.2.1 allows authenticated low-privilege users (User or Guest roles) to exfiltrate owner account identifiers and profile data that should be restricted to administrators. The flaw stems from missing object-level authorization checks on API responses, meaning the server returns sensitive records without validating whether the requester holds sufficient privilege to view them. No public exploit code or active exploitation has been identified at time of analysis, and EPSS places this in the 1st percentile for exploitation probability.

Authentication Bypass N A
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-48136 MEDIUM This Month

Cross-domain RBAC bypass in Check Point Quantum Security Management allows an authenticated administrator with read-write access to one Management Domain (CMA) to modify Compliance Best Practices metadata stored in a separate Management Domain where they hold no permissions. The underlying root cause is SQL injection (CWE-89, corroborated by the 'SQLi' intelligence tag), suggesting the Compliance feature's metadata storage does not enforce domain-level query isolation. Affected releases span R81.10 and below, R81.20 up to Jumbo Hotfix Take 127, R82 up to Jumbo Hotfix Take 91, and R82.10 up to Jumbo Hotfix Take 19. No public exploit identified at time of analysis, and EPSS of 0.04% reflects low observed exploitation probability.

Checkpoint SQLi Quantum Security Management
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2026-44210 MEDIUM PATCH GHSA This Month

VM escape in Kata Containers allows any Kubernetes user with pod-creation rights to break out of the VM sandbox and gain full read/write access to the host filesystem. All Kata Containers installations prior to commit ffa59ce3aa78 are affected when using the default configuration.toml, which enables the `virtio_fs_extra_args` and `kernel_params` pod annotations out of the box. An attacker crafts a pod with two annotations: one to redirect virtiofsd to serve the host root filesystem (`/`) into the guest VM, and a second to enable the agent debug console - after which the entire host filesystem is accessible from inside the supposedly isolated VM. A fully working proof-of-concept with confirmed output against Kata Containers 3.28.0 on Ubuntu 24.04 has been publicly disclosed; no public exploit confirmed as actively exploited (CISA KEV) at time of analysis.

Ubuntu Kubernetes Gitlab Docker Code Injection +1
NVD GitHub
EPSS
0.1%
CVE-2026-48047 MEDIUM PATCH GHSA This Month

Path traversal in XWiki Platform's WebJars API enables a subwiki admin who can publish and install a malicious WebJar extension to write arbitrary files anywhere on the server filesystem. The affected Maven component `xwiki-platform-webjars-api` fails to validate that JAR entry paths extracted during extension installation remain within the intended export directory, allowing overwrite of configuration files or potential superadmin credential manipulation. No public exploit is identified and no CISA KEV listing exists; vendor-released patches are available across three version branches.

Atlassian Path Traversal
NVD GitHub
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy