Skip to main content
CVE-2026-4795 MEDIUM This Month

Missing authorization in Zyxel GS1200v3-series managed switches allows a LAN-based, unauthenticated attacker to read system configuration data from a log file by sending a crafted HTTP request to the device's web interface. All five GS1200v3 models are affected across their current firmware versions. No public exploit has been identified at time of analysis, and both EPSS (0.03%, 11th percentile) and SSVC exploitation status ('none') confirm no observed in-the-wild exploitation, placing this in the category of a real but low-urgency information disclosure risk confined to the local network segment.

Authentication Bypass Zyxel Gs1200 5V3 Firmware Gs1200 8V3 Firmware Gs1200 5Hpv3 Firmware +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27427 MEDIUM This Month

Stored XSS in the Geo Mashup WordPress plugin (versions through 1.13.18) allows authenticated low-privileged users to persistently inject malicious JavaScript into pages served by the affected site. When a higher-privileged user - such as an administrator - views the content containing the stored payload, the script executes in their browser under a changed scope, enabling session hijacking, credential theft, or unauthorized administrative actions. No public exploit has been identified at time of analysis, and an EPSS of 0.03% (10th percentile) combined with SSVC exploitation status of 'none' confirms very low current real-world exploitation activity.

XSS Geo Mashup
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-48684 MEDIUM This Month

Out-of-bounds read in FastNetMon Community Edition through 1.2.9 exposes network monitoring infrastructure to unauthenticated remote attack via malformed NetFlow v9 UDP packets. The vulnerability resides in the options template parser (process_netflow_v9_options_template()), where attacker-controlled length fields - option_scope_length and option_length - drive iteration loops with no bounds validation, enabling reads past the end of the UDP packet buffer. With a CVSS vector of AV:N/AC:L/PR:N/UI:N and SSVC automatable:yes, mass exploitation is technically feasible, though EPSS sits at 0.03% (9th percentile) and no public exploit or KEV listing has been identified at time of analysis.

Information Disclosure Buffer Overflow N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-43934 MEDIUM PATCH This Month

Broken access control in e107 CMS prior to version 2.3.4 permits any low-privileged authenticated user to overwrite comments authored by other users, including administrators. The server-side updateComment() function in comment_class.php accepted a comment_id from the request and issued an UPDATE SQL query filtered only by that identifier, never verifying that the requesting user owned the targeted comment. A proof-of-concept exploit exists per SSVC data, though EPSS stands at a low 0.03% (8th percentile) and no active exploitation is confirmed in CISA KEV, indicating currently limited in-the-wild activity.

Authentication Bypass E107
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-47672 MEDIUM GHSA This Month

Unauthenticated write access to patient electronic health records in epa4all-client 1.2.4 and earlier exposes German Telematik Infrastruktur (ePA 3.0) deployments to unauthorized data manipulation. The REST adapter component ships with no authentication or authorization controls, allowing any adjacent-network caller to write arbitrary documents to any patient EHR accessible via the institution's SMC-B card. No public exploit code has been identified at time of analysis, but the CVSS vector (AV:A/AC:L/PR:N/UI:N) confirms exploitation requires no credentials and minimal technical complexity once network-adjacent.

Authentication Bypass Docker Java
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-46620 MEDIUM PATCH NEWS This Month

CSRF protection bypass in e107 CMS prior to 2.3.5 allows unauthenticated remote attackers to perform unauthorized comment moderation actions by tricking an authenticated user into visiting a malicious page. The root flaw is in session_handler::check(), which skips CSRF token validation entirely when no token is submitted, rather than rejecting the tokenless request - effectively making CSRF protection opt-in from the attacker's perspective. A proof-of-concept exists per SSVC data; the vulnerability is not listed in CISA KEV and carries a very low EPSS score of 0.01% (3rd percentile), indicating limited observed exploitation in the wild.

CSRF Authentication Bypass E107
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-40564 MEDIUM PATCH This Month

Unvalidated jarURI handling in Apache Flink Kubernetes Operator exposes authenticated low-privilege users to server-side request forgery and arbitrary file read primitives against the operator pod. Any Kubernetes principal holding Custom Resource create permissions can submit a malicious FlinkSessionJob CR with a crafted jarURI - pointing to local filesystem paths, internal cloud metadata endpoints, link-local addresses, or any backing store reachable through Flink's pluggable filesystem layer - and retrieve that content via the submitted job. No public exploit has been identified at time of analysis, and EPSS sits at 0.01% (3rd percentile), but the confidentiality impact is rated High by NVD given the breadth of accessible internal resources.

Apache Information Disclosure Kubernetes SSRF Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24197 MEDIUM PATCH This Month

NVIDIA Display Driver for Linux exposes a denial-of-service condition in the Multi-Instance GPU (MIG) partition management subsystem, rooted in insecure default initialization of memory subsystem routing resources (CWE-1188). A local authenticated user - with low privileges on a Linux system running MIG-enabled Tesla, GeForce, RTX/Quadro/NVS, or Virtual GPU Manager driver branches - can trigger a hang or data corruption during partition reconfiguration, potentially disrupting all GPU workloads sharing the affected physical GPU. No public exploit code exists and this vulnerability is not in CISA KEV; EPSS sits at 0.01% (2nd percentile), indicating no observed mass exploitation at time of analysis.

Denial Of Service Nvidia
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24182 MEDIUM PATCH This Month

Denial of service in NVIDIA Display Driver for Windows and Linux stems from improper lock management (CWE-667), where an attacker with local low-privilege access can leak held driver locks, potentially crashing or hanging the driver stack and denying GPU availability system-wide. Scope is changed (S:C), meaning the impact extends beyond the vulnerable component to the broader kernel or hypervisor layer. No public exploit identified at time of analysis and no CISA KEV listing; EPSS at 0.01% (1st percentile) and SSVC exploitation status of 'none' consistently signal low near-term exploitation likelihood.

Denial Of Service Nvidia Microsoft
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-48683 MEDIUM This Month

Out-of-bounds memory read in FastNetMon Community Edition through 1.2.9 exposes sensitive process memory and can crash the collector when processing crafted NetFlow v9 packets. The NetFlow v9 data flowset parser in src/netflow_plugin/netflow_v9_collector.cpp omits the per-iteration boundary check present in the sibling Options template branch, allowing a network-adjacent attacker who can deliver UDP NetFlow v9 packets to the collector to supply malicious template definitions that drive the parser past the end of the packet buffer. No public exploit code or confirmed active exploitation has been identified at time of analysis, but a security researcher blog post at lorikeetsecurity.com documents the code-level flaw, raising the disclosure surface.

Information Disclosure Buffer Overflow N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36126 MEDIUM PATCH This Month

Stored cross-site scripting in IBM Cognos Analytics and Cognos Transformer's Administration interface allows an authenticated low-privileged user to inject persistent JavaScript payloads into the Web UI, which then execute in the browser sessions of other users - including higher-privileged administrators - potentially leading to credential theft or session hijacking. Affected are Cognos Analytics versions 11.2.0, 12.0, and 12.1.0, and Cognos Transformer versions 11.2.4, 12.0, and 12.1.0. No public exploit identified at time of analysis, and the EPSS score of 0.03% (8th percentile) combined with SSVC exploitation status of 'none' indicates very low observed exploitation pressure.

XSS IBM Cognos Analytics Cognos Transformer
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-7310 MEDIUM PATCH CISA This Month

Heap-based buffer overflow in Hitachi Energy MACH HiDraw's XML parser allows a low-privileged, locally authenticated attacker to corrupt heap memory by inducing a victim to open a specially crafted XML file, with a primary impact of high availability loss (application crash) and limited confidentiality and integrity compromise. Affected versions span MACH HiDraw 9.0 through versions prior to 9.22 per EUVD-2026-31812. No public exploit identified at time of analysis, and an EPSS score of 0.01% (3rd percentile) combined with an SSVC exploitation status of 'none' confirm minimal current real-world exploitation activity.

Denial Of Service Heap Overflow Buffer Overflow RCE Mach Hidraw
NVD
CVSS 4.0
4.4
EPSS
0.0%
CVE-2026-48900 MEDIUM This Month

Improper access control in Joomla! CMS com_scheduler component permits low-privileged authenticated backend users to modify the task types of existing scheduler tasks, an operation that should be restricted to higher-privileged administrators. Affected versions span Joomla! 4.1.0 through 5.4.5 and 6.0.0 through 6.1.0. While no public exploit code exists and CISA KEV has not confirmed active exploitation, the high subsequent-system impact scores (SC:H/SI:H/SA:H) in the CVSS 4.0 vector indicate that tampering with scheduler task types can produce significant integrity and availability consequences beyond the immediately vulnerable component.

Authentication Bypass Joomla Cms
NVD VulDB
CVSS 4.0
6.4
EPSS
0.0%
CVE-2026-42335 MEDIUM PATCH This Month

Server-side request forgery in MaxKB v2.8.0 and earlier allows authenticated low-privilege users to reach internal network services by exploiting an URL parsing inconsistency at the OSS file fetch endpoint. The discrepancy between Python's urlparse validation logic and the requests HTTP client means a crafted URL can pass security checks yet still route to internal infrastructure when executed by the server. No public exploit or KEV listing exists at time of analysis; the vendor has confirmed and patched the issue in 2.8.1.

SSRF Maxkb
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-45412 MEDIUM PATCH This Month

Server-Side Request Forgery in MaxKB before 2.9.1 allows authenticated users to pivot into internal network infrastructure by supplying arbitrary URLs to the work_flow_template import endpoint. The server fetches attacker-controlled URLs without validation or internal IP filtering, enabling reconnaissance of internal services, cloud metadata endpoints, or other resources unreachable from the public internet. The CVSS 4.0 score of 6.3 is driven primarily by high subsequent-system confidentiality impact (SC:H), reflecting the lateral reach into backend infrastructure that SSRF typically enables. No public exploit code or active exploitation has been identified at time of analysis.

SSRF Maxkb
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-27331 MEDIUM This Month

Missing authorization controls in the WpTravelly WordPress plugin (versions through 2.1.5) allow any authenticated low-privileged user to exploit incorrectly configured access control security levels, gaining unauthorized access to functionality or data beyond their intended permissions. The flaw is network-accessible, requires no user interaction, and carries a balanced Low-CIA-triad impact per CVSS. No public exploit has been identified at time of analysis, and the EPSS score (0.03%, 10th percentile) suggests very low real-world exploitation probability despite the network-exposed attack surface.

Authentication Bypass Wptravelly
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-9565 LOW POC Monitor

OS command injection in haojing8312 WorkClaw up to version 0.6.4 allows a low-privileged remote attacker to bypass the application's blacklist-based command filter and execute arbitrary operating system commands. The flaw resides in the `is_dangerous` function within the Rust/Tauri agent's bash tool (`apps/runtime/src-tauri/src/agent/tools/bash.rs`), where an incomplete blacklist fails to block crafted payloads. A publicly available proof-of-concept exploit exists via a GitHub issue report; no vendor patch has been released as the project has not responded to the disclosure.

Command Injection Workclaw
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.9%
CVE-2026-8852 MEDIUM PATCH This Month

Denial of service in IBM HTTP Server 8.5 and 9.0 is achievable by a local, unprivileged attacker through the optional mod_fastcgi module, which triggers a reachable assertion (CWE-617) causing the server process to abort. Affected versions span IBM HTTP Server 9.0 and IBM HTTP Server 8.5.0 through Interim Fix 002. No public exploit exists and CISA has not listed this in the KEV catalog; EPSS exploitation probability is extremely low at 0.03% (9th percentile), indicating minimal real-world threat at present.

Denial Of Service IBM Http Server
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-48696 MEDIUM This Month

Buffer overflow in FastNetMon Community Edition through 1.2.9 allows a local attacker with no privileges to crash the FastNetMon process, disabling DDoS detection and network monitoring capabilities. The vulnerability is specifically tied to a sprintf-based overflow in the ExaBGP integration component, as documented in the Lorikeetsecurity advisory. This is one of at least three distinct buffer overflow vulnerabilities (alongside CVE-2026-48686 and CVE-2026-48689) identified in the same product version, suggesting a broader audit surfaced a class of unsafe string-handling bugs. No public exploit identified at time of analysis, and the impact is limited to availability (denial of service) with no confidentiality or integrity exposure.

Buffer Overflow N A
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-9566 LOW POC PATCH Monitor

Cross-site scripting in Teable's authentication redirect flow (versions 1.0-1.9.x) allows a remote unauthenticated attacker to inject and execute arbitrary JavaScript in a victim's browser by crafting a login URL with a malicious `redirect` parameter using javascript: or data: URI schemes. The vulnerable component is LoginPage.tsx in the Next.js frontend and the social auth controller adapter in the NestJS backend, neither of which validated the redirect destination before navigating. Publicly available exploit code exists (GitHub gist), but the vulnerability is not listed in CISA KEV and EPSS probability is very low at 0.04% (11th percentile), indicating no confirmed widespread exploitation.

XSS Teable
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9527 LOW POC Monitor

Reflected cross-site scripting in itsourcecode Electronic Judging System 1.0 allows unauthenticated remote attackers to inject malicious scripts via the `fname` parameter of `/admin/judges.php`, executing arbitrary JavaScript in the context of a victim's browser session. The CVSS 4.0 score of 2.1 reflects the low integrity impact and mandatory user interaction, consistent with a reflected XSS that requires a victim to follow a crafted URL. No public exploit identified at time of analysis as KEV-listed, but a publicly available proof-of-concept exists on GitHub, slightly elevating practical risk despite the EPSS score of 0.03% (10th percentile).

PHP XSS Electronic Judging System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9518 LOW POC Monitor

Stored cross-site scripting in hemant6488's CodeIgniter-StudentManagementSystem allows remote unauthenticated attackers to inject arbitrary JavaScript via the Name argument of the addStudent function in view_students.php. When a victim user views the student listing, the injected script executes in their browser context, enabling session hijacking, credential theft, or defacement. A publicly available proof-of-concept exists via GitHub issue report; however, this vulnerability is not listed in CISA KEV, and EPSS scoring places exploitation probability at 0.03%, indicating low real-world exploitation activity despite POC availability.

PHP XSS Codeigniter Studentmanagementsystem
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9583 LOW POC Monitor

Information exposure via verbose SQL error messages in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 enables authenticated remote attackers to harvest internal database details by manipulating the /index.php SQL Handler endpoint. The application returns raw SQL error output rather than sanitized application-level messages, leaking schema structure, table names, or query internals. A public proof-of-concept exploit is available on GitHub; this CVE is not listed in the CISA KEV catalog, and the CVSS 4.0 score of 2.1 reflects the low-severity, confidentiality-only impact.

Information Disclosure PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9520 LOW POC Monitor

Cross-site scripting in blitz-js blitz (versions 3.0.0-3.0.2) allows remote attackers to inject malicious scripts via the 'Next' redirect parameter in the LoginForm component's Sign-in flow. The vulnerability requires passive user interaction (a victim must follow a crafted link) and is limited to low-integrity impact on the vulnerable system per CVSS 4.0 scoring. Publicly available exploit code exists (GitHub Gist), though EPSS stands at 0.03% (9th percentile) indicating low observed exploitation probability, and it is not listed in CISA KEV. The vendor did not respond to responsible disclosure, meaning no patch has been released.

XSS Blitz
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9519 LOW POC Monitor

Reflected cross-site scripting in pingvin-share's sign-in auto-redirect feature allows remote unauthenticated attackers to inject and execute arbitrary JavaScript in a victim's browser by manipulating the `redirect` query parameter. All releases from 1.0 through 1.13.0 (the full release history) are affected. A publicly available proof-of-concept exploit exists on GitHub, and the vendor has not responded to responsible disclosure — meaning no patch has been issued and no vendor advisory exists.

XSS Pingvin Share
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9542 LOW POC Monitor

SQL injection in CodeAstro Leave Management System 1.0 allows authenticated remote attackers to manipulate the `email_id` parameter in `/admin/add_staff.php`, enabling arbitrary SQL query manipulation against the underlying database. The CVSS 4.0 score of 2.1 (Low) reflects constrained impact scope - confidentiality, integrity, and availability are each rated Low with no lateral impact to subsequent systems - and EPSS at 0.03% (8th percentile) indicates negligible real-world exploitation probability despite a publicly available proof-of-concept on GitHub. No active exploitation has been confirmed and this CVE is not listed in the CISA KEV catalog.

PHP SQLi Leave Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9604 LOW POC PATCH Monitor

Improper access control in JeecgBoot's AiragModelController (versions up to 3.9.1) permits any authenticated low-privilege user to invoke the list and queryById API endpoints without proper authorization checks, exposing AI RAG model configuration data restricted to higher-privileged roles. The CVSS vector (PR:L, C:L) confirms this is an authorization bypass rather than a full authentication bypass, limiting impact to confidentiality of AI model metadata. Publicly available exploit code exists (GitHub issue #9599, referenced in the exploit tag), though no CISA KEV listing indicates confirmed widespread active exploitation at time of analysis.

Authentication Bypass Jeecgboot
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9582 LOW POC Monitor

Cross-site request forgery in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 enables remote attackers to perform unauthorized state-changing actions by tricking an authenticated user into visiting a malicious page. The CVSS 4.0 vector (VI:L, SC:N/SI:N/SA:N) confirms impact is limited to low-level integrity degradation on the vulnerable system with no confidentiality or availability consequence. A publicly available exploit (PoC HTML page and advisory) has been released to GitHub by researcher NARKHEDE-VAIBHAV; no public exploit identified at time of analysis as confirmed actively exploited (CISA KEV).

CSRF
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9579 LOW POC PATCH Monitor

Improper access control in JeecgBoot versions up to 3.9.1 allows authenticated low-privileged remote attackers to bypass authorization checks by manipulating the `userIdentity` argument in the SysUser component's `user.getUsername` function at the `/sys/user/login/setting/userEdit` endpoint. A publicly available proof-of-concept exploit exists via GitHub issue #9596, increasing practical risk for any multi-user JeecgBoot deployment where adversaries hold a low-privileged account. Vendor-released patch v3.9.2 is available and explicitly remediates this access control failure alongside several other high-severity issues including RCE and SSRF, indicating a broad security hardening effort in this release cycle.

Authentication Bypass Jeecgboot
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-44176 MEDIUM PATCH GHSA This Month

Kirby CMS's path resolver fails to enforce `pages.access` permission checks when rendering page drafts, allowing authenticated users who lack access to specific page models to view those drafts by knowing the full URL path. Affected installations are those explicitly configured to restrict certain user roles from accessing pages via `pages.access: false` in user or model blueprints - sites where all users may access all pages are unaffected. No public exploit or CISA KEV listing exists at time of analysis, but the impact is information disclosure of unpublished content such as pre-launch product pages or embargoed posts.

Authentication Bypass
NVD GitHub
CVSS 4.0
6.0
EPSS
0.0%
CVE-2025-33221 MEDIUM PATCH This Month

Incorrect permission assignment in the NVIDIA Display Driver kernel module on Windows and Linux allows a highly privileged local user to corrupt critical resource permissions, leading to denial of service and potentially data tampering. Affected product lines span GeForce (limited to Maxwell, Volta, and Pascal architectures on some branches), RTX/Quadro/NVS, Tesla, and Guest (vGPU) drivers across multiple version branches. No public exploit exists and no active exploitation has been identified; SSVC assessment rates exploitation as none and impact as partial, consistent with the moderate CVSS score of 4.4.

Denial Of Service Nvidia Microsoft Linux
NVD VulDB
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-48593 MEDIUM POC PATCH GHSA This Month

Memory exhaustion in Oban Web's cron expression rendering engine allows a low-privileged attacker who can schedule jobs to crash the BEAM VM node. By submitting a cron expression with an astronomically large range such as '0 0 1-100000000 * *', the attacker causes Elixir.Oban.Web.CronExpr.describe/1 to eagerly materialize the range into a list via Enum.to_list/1, allocating approximately 2.4 GB of memory and stalling or crashing the node when a dashboard user views the cron job list. No public exploit identified at time of analysis, but the attack requires no specialized tooling - the malicious expression is trivial to craft given knowledge of the unguarded parse path.

Denial Of Service Oban Web
NVD GitHub VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-44776 MEDIUM PATCH This Month

Kavita reading server versions prior to 0.9.0 expose seven download and metadata API endpoints without enforcing library-level access controls, enabling authenticated users to retrieve file contents, file sizes, and chapter metadata from libraries they have not been granted access to. The affected endpoints - /api/Download/volume, /api/Download/chapter, /api/Download/series, /api/Chapter, and corresponding size-check variants - accept resource identifiers (chapterId, volumeId, seriesId) without verifying the requesting user's library membership. A proof-of-concept exists per SSVC classification, though EPSS at 0.04% (11th percentile) reflects minimal observed exploitation activity; the CVE is not listed in CISA KEV.

Authentication Bypass Kavita
NVD GitHub
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-9564 LOW POC Monitor

Stored cross-site scripting in SourceCodester Hospitals Patient Records Management System 1.0 allows a remote, high-privileged attacker to inject malicious script via the Remarks argument on the /admin/?page=patients/view_patient endpoint, resulting in low-integrity impact when a victim administrator views the affected patient record. A public proof-of-concept exploit exists (GitHub issue), though the CVSS 4.0 base score of 1.9 and EPSS of 0.03% (8th percentile) indicate low real-world exploitation likelihood. This is not listed in the CISA KEV catalog and SSVC classifies it as non-automatable with partial technical impact.

XSS Hospitals Patient Records Management System
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-40384 MEDIUM This Month

Path traversal in Joomla! CMS com_media web service endpoint allows authenticated high-privilege attackers to read arbitrary files outside the intended web root via a manipulated search parameter. Affected versions span two major release trains: 4.0.0 through 5.4.5 and 6.0.0 through 6.1.0. No public exploit code exists and no active exploitation has been confirmed, but the vulnerability results in full confidentiality loss of the vulnerable system's filesystem contents accessible to the web process.

Path Traversal Joomla Cms
NVD VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-9572 LOW POC PATCH Monitor

Memory leak in GPAC MP4Box up to version 2.4.0 allows a local, low-privileged attacker to exhaust process memory by supplying a crafted MP4 file that triggers the vulnerable `Media_GetSample` function in `src/isomedia/media.c`. The root cause is a missing zero-size guard before memory allocation when the `cat` argument is manipulated to produce a zero-sum of `data_size` and `padding_bytes`. A publicly available proof-of-concept exploit (poc.zip) exists, but the CVSS 4.0 score of 1.9, EPSS of 0.01% (2nd percentile), and strictly local attack vector collectively indicate very low real-world risk; no active exploitation has been identified.

Information Disclosure Gpac
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-9567 LOW POC Monitor

Null pointer dereference in GPAC's MP4Box tool (versions 2.0 through 2.4.0) allows a local, low-privileged attacker to crash the application by supplying a crafted MP4 file with a malformed Protection System Header Box (PSSH). The vulnerability resides in the MergeFragment function, which fails to validate the private_data pointer before passing it to memmove, resulting in a denial-of-service impact limited to the MP4Box process. A public proof-of-concept exploit exists (hosted on GitHub), though EPSS sits at 0.01% (2nd percentile) and the flaw is not listed in the CISA Known Exploited Vulnerabilities catalog, consistent with the low-severity, local-only nature of the issue.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-9541 LOW POC Monitor

Heap-based buffer overflow in Squirrel versions 3.0 through 3.2 allows a locally authenticated low-privilege attacker to corrupt heap memory by supplying a malicious Cnut file to the ReadObject function in sqobject.cpp. The impact is limited to partial confidentiality, integrity, and availability effects with no scope change, as confirmed by the CVSS 4.0 score of 1.9. A public proof-of-concept exploit exists on GitHub, but this vulnerability has not been confirmed actively exploited by CISA KEV, and EPSS places exploitation probability at just 0.01% (2nd percentile), indicating very low real-world exploitation activity.

Heap Overflow Buffer Overflow Squirrel
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-9530 LOW POC PATCH Monitor

Out-of-bounds read in GNU LibreDWG's read_2004_compressed_section function (src/decode.c) affects all versions through 0.14, allowing a local low-privileged attacker to crash the dwgbmp utility or any LibreDWG-based application by supplying a crafted DWG 2004 file with manipulated section address or size fields. Impact is limited to availability (application crash) with no confirmed confidentiality or integrity exposure per the CVSS 4.0 vector. A publicly available proof-of-concept DWG file exists on GitHub, but EPSS at 0.01% (2nd percentile) and no CISA KEV listing confirm this is not currently subject to widespread exploitation.

Information Disclosure Buffer Overflow Libredwg
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-9529 LOW POC Monitor

Null pointer dereference in GNU LibreDWG's dwggrep utility crashes the application when processing a maliciously crafted DWG file. The vulnerability resides in the match_BLOCK_HEADER function within dwggrep.c and affects all tracked releases from version 0.1 through 0.14. A local authenticated attacker can exploit this to cause denial of service against the dwggrep utility; no publicly available exploit code exists for confidentiality or integrity compromise, consistent with the CVSS impact scores of VC:N/VI:N/VA:L. Publicly available exploit code exists (no KEV listing), though EPSS at 0.01% reflects negligible widespread exploitation probability.

Denial Of Service Null Pointer Dereference Libredwg
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-24201 MEDIUM This Month

Out-of-bounds write in NVIDIA Virtual GPU Manager exposes virtualized GPU deployments to denial of service, data tampering, and information disclosure. A local, low-privileged attacker operating within a virtualized environment can trigger the memory corruption flaw in the host-side vGPU manager component across multiple affected driver branches (vGPU 16.x through 20.x). No public exploit code exists at time of analysis, and EPSS probability is at the 2nd percentile, but the high availability impact (A:H in CVSS) and the prevalence of vGPU in enterprise virtualization infrastructure warrant prompt patching.

Nvidia Memory Corruption Information Disclosure Buffer Overflow Denial Of Service +1
NVD VulDB
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-8174 MEDIUM PATCH This Month

Cross-site request forgery in the Zoho Mail WordPress plugin (all versions before 1.6.2) enables a remote attacker to perform unauthorized, integrity-impacting actions on behalf of an authenticated WordPress user without their knowledge. The CVSS 5.7 medium score reflects high integrity impact with no confidentiality or availability exposure, requiring low-privilege victim authentication and user interaction. No public exploit code exists and no active exploitation has been identified; EPSS sits at the 1st percentile and SSVC classifies exploitation status as none.

CSRF Zoho WordPress Zoho Mail Wordpress Plugin
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-48134 MEDIUM This Month

SQL injection in Check Point Quantum Security Gateway's UserCheck Web Portal allows a remote unauthenticated attacker who can reach the UserCheck Ask page to manipulate the Security Gateway's stored DLP incident database when the DLP blade is active. Successful exploitation can cause loss of stored incident entries, disruption of pending approval workflows, or resource exhaustion through repeated abuse - all of which could undermine the integrity of an organization's data loss prevention audit trail. No public exploit code has been identified and EPSS is very low at 0.06% (18th percentile), with no CISA KEV listing at time of analysis.

SQLi Quantum Security Gateway
NVD VulDB
CVSS 3.1
5.6
EPSS
0.1%
CVE-2026-24198 MEDIUM PATCH This Month

Race condition in NVIDIA GPU Display Driver for Linux allows a high-privileged local attacker to leak sensitive kernel or process memory, producing limited information disclosure alongside potential data tampering and denial of service. Affected product lines span GeForce, RTX/Quadro/NVS, and Tesla GPU families running Linux driver branches prior to 580.159.03 or 595.71.05. No public exploit code exists and this vulnerability is absent from the CISA KEV catalog; an EPSS of 0.01% (1st percentile) and SSVC classification of Exploitation: none together place it at the lowest tier of real-world exploitation priority.

Denial Of Service Information Disclosure Nvidia Geforce Rtx Quadro Nvs +1
NVD
CVSS 3.1
5.6
EPSS
0.0%
CVE-2026-9495 MEDIUM PATCH This Month

{ prefix: '/:category' })`), enabling complete bypass of whatever protection that middleware was intended to enforce - authentication, authorization, rate limiting, or input sanitization. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms this is remotely exploitable with no authentication or user interaction required, and SSVC classifies it as automatable. Publicly available exploit code exists per SSVC classification; EPSS is low at 0.09% (25th percentile), suggesting limited widespread exploitation at time of analysis.

Authentication Bypass Koa Router
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-45836 MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel's Bluetooth L2CAP socket layer crashes the kernel when `l2cap_sock_get_sndtimeo_cb()` is invoked with a NULL socket context, resulting in a local denial-of-service (kernel panic). The flaw stems from an oversight where sibling callbacks `l2cap_sock_resume_cb()` and `l2cap_sock_ready_cb()` already carry the required NULL guard, but `l2cap_sock_get_sndtimeo_cb()` does not. With EPSS at 0.02% (5th percentile), no public exploit identified, and no CISA KEV listing, real-world exploitation risk is low - but the vulnerability has persisted since Linux 3.13 and affects every major stable branch until patched versions were released.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45835 MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel's Bluetooth L2CAP socket layer crashes the kernel when `l2cap_sock_new_connection_cb()` is invoked without the NULL guard present in sibling callbacks. Local unprivileged users on systems with Bluetooth enabled can trigger a kernel oops or panic, resulting in a denial of service. No public exploit or CISA KEV listing exists; EPSS probability is near zero at 0.02% (5th percentile), indicating minimal active exploitation interest at time of analysis.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45834 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel Bluetooth L2CAP subsystem causes a local denial-of-service via kernel panic when `l2cap_sock_state_change_cb()` is invoked with a NULL socket pointer. A local low-privileged user with access to the Bluetooth socket API can trigger a system crash by exercising the L2CAP state change callback path that lacked the NULL guard already applied to sibling callbacks `l2cap_sock_resume_cb()` and `l2cap_sock_ready_cb()`. No active exploitation is confirmed (not in CISA KEV) and EPSS stands at 0.02% (5th percentile), indicating minimal real-world adversarial interest at time of analysis.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-48693 MEDIUM This Month

Local symlink exploitation in FastNetMon Community Edition through 1.2.9 allows a low-privileged local attacker to overwrite arbitrary files as the process user, which is typically root. The statistics output path is hardcoded to the predictable world-accessible location /tmp/fastnetmon.dat, written via std::ios::trunc without O_NOFOLLOW or symlink validation, and the daemon sets umask to 0 at startup making all created files world-writable. A secondary chmod() bug further misapplies permissions to the wrong path. No public exploit has been identified at time of analysis and EPSS sits at the 4th percentile, but the typical root execution context makes this a reliable local privilege escalation primitive despite the moderate CVSS score.

Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-24195 MEDIUM PATCH This Month

Denial of service in the NVIDIA Display Driver for Linux (UVM kernel module) allows a local user to crash or render the GPU subsystem unavailable through improper input validation. The flaw affects NVIDIA Guest drivers used in vGPU deployments (versions 580.126.09 and 595.58.03 across vGPU 19.4 and 20.0 branches) and carries a CVSS 7.1 with high availability impact and scope change. There is no public exploit identified at time of analysis, and EPSS is very low (0.01%, 2nd percentile), consistent with the local attack vector and DoS-only impact.

Denial Of Service Nvidia
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
Prev Page 4 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy