Skip to main content
CVE-2026-9608 LOW Monitor

Cross-site scripting in QianFox FoxCMS versions 1.2.0 through 1.2.6 allows a high-privileged attacker to inject malicious JavaScript via the /Tag/edit endpoint in the Administrator Backend, executing in the context of another user's browser session upon interaction. A proof-of-concept exploit has been publicly disclosed via a GitHub issue report, though the vendor has not yet acknowledged or responded to the disclosure. The CVSS 4.0 score of 1.9 and EPSS of 0.03% (9th percentile) reflect the severe prerequisite constraints - administrator-level authentication and passive user interaction - which sharply limit real-world exploitability.

XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-45725 HIGH PATCH GHSA This Week

Arbitrary file write in the compliance-trestle Python library (versions 4.0.0-4.0.2 and any release below 3.12.2) lets an attacker who controls a referenced OSCAL artifact plant attacker-supplied content anywhere the trestle process can write. The HTTPSFetcher and SFTPFetcher cache layer builds the local cache file path directly from the URL path component, so when trestle imports a remote OSCAL profile whose href contains `../` traversal the fetched HTTP/SFTP response body escapes the .trestle cache directory; overwriting files such as /etc/cron.d entries, ~/.ssh/authorized_keys, or a module on sys.path turns the primitive into code execution. A reproducible public proof-of-concept exists in the GHSA advisory (GHSA-g3vg-vx23-3858); the flaw is not listed in CISA KEV and no CVSS or EPSS scoring is provided, but the maintainers have shipped fixes in 4.0.3 and 3.12.2.

IBM RCE Python Nginx Path Traversal
NVD GitHub
EPSS
0.0%
CVE-2026-47243 PATCH GHSA Awaiting Data

Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/05/21. he.org>) Linux kernel: Dirty Frag variants — fix merged into netdev (Hyunwoo Kim <imv4bel@...il.com>) Re: Linux kernel: Dirty Frag variants — fix merged into netdev (Solar Designer <solar@...nwall.com>) Re: Linux kernel: Dirty Frag variants — fix merged into netdev (Hyunwoo Kim <imv4bel@...il.com>) CVE-2026-47243: Kata Containers runtime-rs 3.30: virtiofsd symlink escape (Aurelien Bombo <aurelien.bombo@...rosoft.com>) CVE-2026-46473: Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand (Robert Rothenberg <rrwo@...nsec.org>) Re: On the issue of MIME handlers that execute arbitrary code (e.

Linux RCE
NVD
EPSS
0.1%
CVE-2026-45992 PATCH Awaiting Data

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path The previous fix for handling the error from setup_card() missed that an internal URB cdev->ep1_in_urb might have been already submitted beforehand. In the normal case, this URB gets killed at the disconnection, but in the error path, we didn't do it, hence there can be a potential leak. Fix it in the error path for setup_card(), too.

Information Disclosure Linux
NVD VulDB
EPSS
0.0%
CVE-2026-44979 MEDIUM PATCH GHSA This Month

Proxy-Authorization header leakage in @hapi/wreck exposes forward-proxy credentials when redirect following is enabled and a 3xx response targets a different hostname. Prior to version 18.1.1, only Authorization and Cookie headers were stripped on cross-hostname redirects; the Proxy-Authorization header was forwarded intact to the redirect target, which may be an untrusted host outside the original trust boundary. No public exploit has been identified at time of analysis, but the impact is concrete credential exposure for any Node.js application using @hapi/wreck with redirect following explicitly enabled.

Information Disclosure
NVD GitHub
EPSS
0.1%
Prev Page 15 of 15

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy