Skip to main content
CVE-2026-44596 MEDIUM POC PATCH GHSA This Month

Unlimited credential brute-forcing is possible against Yamcs (yamcs-core < 5.12.7) because the POST /auth/token OAuth2 password-grant endpoint in AuthHandler.java enforces no rate limiting, account lockout, or failed-attempt throttling by default. Unauthenticated remote attackers can submit unlimited password guesses at machine speed - a publicly available proof-of-concept included in the advisory demonstrates 20 attempts completing in 0.07 seconds with zero HTTP 429 responses. CVSS signals AV:N/AC:L/PR:N/UI:N confirm this is trivially exploitable against any network-reachable Yamcs instance with no special prerequisites; in mission control contexts, a compromised account carries operational risk well beyond what the medium CVSS score alone conveys.

Java Information Disclosure
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-44595 MEDIUM POC PATCH GHSA This Month

Broken access control in Yamcs yamcs-core allows any authenticated user to enumerate all user accounts, superuser status, and group memberships via the IAM API. The four endpoints - listUsers, getUser, listGroups, and getGroup - in IamApi.java (lines 125, 180, 357, 372) fail to call ctx.checkSystemPrivilege(SystemPrivilege.ControlAccess), a guard that is correctly applied to write operations like createUser. Affected versions are all releases prior to 5.12.7; a proof-of-concept using a single bearer-token HTTP GET is publicly documented in the GitHub Security Advisory GHSA-p2rj-mrmc-9w29, and no active exploitation (CISA KEV) has been identified at time of analysis.

Java Authentication Bypass
NVD GitHub Exploit-DB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-70116 MEDIUM POC This Month

NULL pointer dereference in GPAC MP4Box crashes the application when parsing specially crafted truncated MP4 files, resulting in a denial-of-service condition. The vulnerability triggers in the gf_media_map_esd function (media_tools/isom_tools.c, line ~1364) when an invalid or unknown stsd (Sample Table Sample Description) entry leaves codec, mime, or profile descriptor fields uninitialized - the function then calls strlen() on a NULL pointer, producing a segmentation fault (SEGV). A publicly available exploit code exists demonstrating the crash, though EPSS at 0.02% (6th percentile) signals negligible widespread exploitation probability and the vulnerability is not listed in CISA KEV.

Null Pointer Dereference Denial Of Service
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-44378 MEDIUM PATCH This Month

Quadratic-complexity denial of service in Botan's BER parser affects all versions prior to 3.12.0, allowing unauthenticated remote attackers to exhaust CPU resources by submitting crafted ASN.1 data. The parser accepted indefinite-length encodings even in structures required to use DER (which explicitly prohibits them), and specific patterns of such encodings trigger O(n²) algorithmic behavior. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis.

Denial Of Service Botan
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-40826 MEDIUM This Month

SQL injection in the dsgvo_contracts view of mbCONNECT24 and related industrial remote access platforms (versions up to and including 2.20.0) enables a high-privileged remote attacker to exfiltrate confidential data from the underlying database without integrity or availability impact. The vulnerability (CWE-89, CVSS 4.0: 6.9) is constrained by the PR:H requirement - the attacker must already hold high-privileged credentials - which substantially limits realistic attack surface in well-managed deployments. No public exploit or active exploitation has been identified; CISA SSVC rates exploitation as none and EPSS stands at 0.03% (10th percentile).

SQLi
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-40822 MEDIUM This Month

SQL injection in the DevSerialReset function of MB Connect Line's mbCONNECT24, myREX24V2, mymbCONNECT24, and myREX24V2.virtual industrial remote access platforms allows a high-privileged remote attacker to read arbitrary database contents via a maliciously crafted SQL SELECT statement. All product variants at or below version 2.20.0 are confirmed affected per ENISA EUVD-2026-32126. No public exploit code exists and EPSS is 0.03% (10th percentile), indicating low observed exploitation pressure at time of analysis; however, the industrial/OT targeting profile warrants attention.

SQLi
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-40821 MEDIUM This Month

SQL injection in the getAccountByID function of MB connect line's mbCONNECT24, mymbCONNECT24, myREX24V2, and myREX24V2.virtual industrial remote-access platforms (all versions up to and including 2.20.0) allows a high-privileged remote attacker to extract data from the underlying database via a crafted SELECT statement. The vulnerability is classified under CWE-89 with confidentiality impact rated High on the vulnerable component, while integrity and availability remain unaffected. No public exploit code exists and no KEV listing has been issued; EPSS (0.03%, 10th percentile) and SSVC signals both indicate low current exploitation likelihood.

SQLi
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-23679 MEDIUM PATCH This Month

NULL pointer dereference in libusb's USB descriptor parser allows any attacker who can supply a crafted configuration descriptor to crash any application that uses libusb for USB device enumeration. Affected versions are all libusb releases before 1.0.30; the flaw resides in parse_interface() within descriptor.c and is reachable through the public APIs libusb_get_active_config_descriptor and libusb_get_config_descriptor. No public exploit code is identified at time of analysis and this CVE does not appear in the CISA KEV catalog, but the availability impact is confirmed high (CVSS 4.0 VA:H) and regression corpus files in the fix commit demonstrate reliable crash reproduction.

Information Disclosure Denial Of Service Buffer Overflow Libusb
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-4392 MEDIUM This Month

Reachable assertion in TeamSpeak 3 Server's client handshake handler allows remote unauthenticated attackers to crash the server by manipulating the 'proof' argument during connection setup, resulting in a denial of service. All versions from 3.13.0 through 3.13.7 are affected; the issue was independently researched by modzero and disclosed via TeamSpeak security advisory TS-SA-2026-001. No public exploit or CISA KEV listing exists at time of analysis, but the low-complexity, no-privileges-required attack surface makes this straightforward to trigger remotely.

Denial Of Service
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-4391 MEDIUM This Month

Heap-based buffer overflow in TeamSpeak 3 Server's ECC Key Parser allows remote unauthenticated attackers to crash the server, causing a denial of service against all versions up to and including 3.13.7. The vulnerability was discovered and disclosed by modzero security research (advisory mz-26-01-teamspeak) with a coordinated vendor response resulting in TeamSpeak security advisory TS-SA-2026-001. A proof-of-concept exploit exists per SSVC data, and the attack is automatable, meaning exploitation can be scripted at scale against exposed TeamSpeak server instances. No public exploit identified as confirmed actively exploited in the wild (not listed in CISA KEV at time of analysis).

Buffer Overflow
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-9617 MEDIUM PATCH This Month

Privilege escalation in PostgreSQL Anonymizer (all versions prior to 3.1.0) allows an authenticated database user to gain superuser privileges by embedding malicious SQL code within a column identifier of a user-created table. When a superuser invokes the k-anonymity function against such a table, the injected code executes with superuser-level privileges, yielding full confidentiality, integrity, and availability impact across the database. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis, though SSVC rates technical impact as total due to the complete privilege escalation outcome.

PostgreSQL SQLi
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-11399 MEDIUM PATCH This Month

Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Synology Path Traversal Redis Information Disclosure
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-41704 MEDIUM PATCH This Month

Arbitrary blobstore deletion in BOSH Director allows a compromised, high-privileged BOSH-managed VM to delete any object from the shared Director blobstore by injecting crafted NATS reply messages. All BOSH Director versions prior to v282.1.12 are affected, with the root cause being a complete absence of UUID-format validation, ownership checks, and namespace prefixing in ResourceManager before executing blobstore.delete(). An attacker leveraging this post-compromise path can corrupt or destroy deployment artifacts, compiled packages, and release binaries relied upon by dependent deployments, producing cascading availability failures across the BOSH environment. No public exploit or active exploitation has been identified at time of analysis; SSVC confirms exploitation status as none.

Authentication Bypass Bosh
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-3012 MEDIUM PATCH This Month

Trust-store poisoning in Samba's certificate auto-enrollment lets an adjacent-network attacker install an attacker-controlled CA certificate when auto-enrollment is enabled. Because Samba retrieves the CA certificate over plaintext HTTP and adds it to the local trust store without verifying authenticity, a man-in-the-middle can have a rogue CA trusted system-wide, enabling interception or spoofing of otherwise trusted TLS communications. The issue carries CVSS 8.0 with high confidentiality and integrity impact and a changed scope; EPSS is 0.00% and no public exploit identified at time of analysis.

Information Disclosure Openshift Container Platform Samba Enterprise Linux
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-48065 MEDIUM PATCH This Month

Heap buffer overflow in pam_usb prior to 0.9.1 allows a local attacker with high privileges to corrupt heap memory on 32-bit Linux platforms (armv7l, i686) by supplying a crafted configuration file with an excessive device count. The root cause is an unchecked integer multiplication in src/conf.c where n_devices * sizeof(t_pusb_device) wraps around size_t on 32-bit targets, causing xmalloc() to receive a drastically undersized allocation that is silently accepted, enabling out-of-bounds writes into heap memory. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog; however, successful exploitation yields full confidentiality, integrity, and availability impact on the affected host.

Heap Overflow Buffer Overflow Pam Usb
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-48919 MEDIUM PATCH This Month

Unsafe deserialization in Jenkins Active Directory Plugin 2.41 and earlier allows a remote attacker holding administrative credentials to achieve full system compromise by manipulating the LDAP referral processing path. The plugin deserializes data received from LDAP referrals without validation (CWE-502), which can enable arbitrary code execution on the Jenkins controller. No public exploit exists at time of analysis, and CISA SSVC assesses this as not automatable, though technical impact is rated total - making it a targeted rather than opportunistic threat.

Deserialization Jenkins
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2026-48917 MEDIUM PATCH This Month

Jenkins LDAP Plugin versions up to and including 807.v7d7de30930cf deserializes Java objects returned via LDAP referral responses without any validation, exposing the underlying Jenkins instance to potential remote code execution via classic Java deserialization gadget chains. Exploitation is constrained by a high privilege requirement and high attack complexity (CVSS PR:H/AC:H), limiting realistic scenarios to attackers who already hold Jenkins administrative credentials or can manipulate LDAP referral destinations. No public exploit code has been identified and this vulnerability does not appear in the CISA KEV catalog at time of analysis.

Deserialization Jenkins
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2026-48918 MEDIUM PATCH This Month

Server-Side Request Forgery in Jenkins Active Directory Plugin 2.41 and earlier enables a highly privileged attacker to abuse the plugin's default LDAP referral-following behavior to force Jenkins to issue out-of-band requests to attacker-controlled or internal network hosts. The vulnerability (CWE-918) stems from the plugin not restricting LDAP referrals by default, which can be weaponized to pivot from the Jenkins server into internal infrastructure. No public exploit code exists and SSVC confirms no known active exploitation, but the technical impact is rated total - confidentiality, integrity, and availability are all at risk if exploitation succeeds.

SSRF Jenkins
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-48916 MEDIUM PATCH This Month

Unconstrained LDAP referral following in Jenkins LDAP Plugin (≤ 807.v7d7de30930cf) enables Server-Side Request Forgery, allowing a highly privileged attacker who controls LDAP configuration to force the Jenkins server to initiate connections to arbitrary internal hosts by supplying a malicious LDAP server that returns crafted referrals. The CVSS score of 6.6 reflects genuine constraints: network-reachable but requiring both high privileges and high attack complexity, with High confidentiality, integrity, and availability impact if those barriers are cleared. SSVC assessment confirms no current exploitation and a non-automatable attack path, though technical impact is rated total; no public exploit code has been identified at time of analysis.

SSRF Jenkins
NVD VulDB
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-42744 MEDIUM This Month

Unauthenticated manipulation of hidden input fields in Ads by WPQuads WordPress plugin (versions through 3.0.2) allows remote attackers to bypass input validation controls, producing low-severity integrity and availability impact. The root cause is CWE-1284 (Improper Validation of Specified Quantity in Input), enabling attackers to supply out-of-range or unexpected quantity values that the plugin fails to reject. EPSS is 0.06% (18th percentile), no public exploit code has been identified, and the vulnerability is not listed in CISA KEV, placing this firmly in lower-priority triage.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-42732 MEDIUM This Month

Input data manipulation in the Ads by WPQuads WordPress plugin (slug: quick-adsense-reloaded) versions up to and including 3.0.2 allows unauthenticated remote attackers to submit improperly validated input, resulting in low-impact integrity and availability degradation. Discovered and reported by Patchstack (audit@patchstack.com) and tracked under ENISA EUVD-2026-32183, this vulnerability carries a CVSS 6.5 base score. No public exploit code has been identified at time of analysis, and EPSS places exploitation probability at just 0.06% (18th percentile), indicating low real-world exploitation pressure currently.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-47273 MEDIUM PATCH This Month

XPath injection in pam_usb prior to 0.9.0 allows unauthenticated remote attackers to manipulate device-verification queries against /etc/pamusb.conf, potentially bypassing USB hardware authentication entirely. PAM usernames and service names submitted through network-facing services such as SSH are passed unsanitized into XPath expressions; injecting predicates such as `' or @id='victim` causes the device-presence check to evaluate as true without the USB token physically present. No public exploit identified at time of analysis, though the GitHub security advisory, fix commit, and injection test cases demonstrating the technique are publicly available.

Code Injection Pam Usb
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3676 MEDIUM This Month

Authenticated denial-of-service in IBM Db2 for Linux, UNIX, and Windows allows a low-privileged network user to crash database availability by submitting specially crafted data queries against the Fenced environment. The vulnerability affects IBM Cloud APM Base Private 8.1.4 and Advanced Private 8.1.4, which bundle Db2 as a backend component. No public exploit has been identified at time of analysis, and the CVSS score of 6.5 reflects meaningful but bounded risk due to the authentication prerequisite.

IBM Microsoft Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-44645 MEDIUM GHSA This Month

{% for %}` or `{% tablerow %}` tags with empty bodies, enabling any low-privileged template author to stall a Node.js event-loop thread for an attacker-controlled duration. Because Node.js is single-threaded, a stall of 2-10+ seconds on one worker blocks all concurrent in-flight HTTP requests on that process, making this a practical denial-of-service vector in SaaS and multi-tenant platforms. A public proof-of-concept is included in the GitHub Security Advisory (GHSA-8xx9-69p8-7jp3) and was reproduced against liquidjs@10.25.7; no patch has been released as of this analysis.

Node.js Denial Of Service
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-9035 MEDIUM This Month

Path traversal in the asperahttpd HTTP component of IBM Aspera High-Speed Transfer Endpoint and Server (versions 3.7.4 through 4.4.7 Fix Pack 1) enables authenticated network users to read arbitrary files from the server's local filesystem beyond their authorized scope. The vulnerability is classified CWE-22 and carries a CVSS 6.5 medium score, reflecting high confidentiality impact with no integrity or availability exposure. No public exploit identified at time of analysis, and CISA's SSVC framework rates exploitation status as none with partial technical impact, suggesting limited immediate threat despite the sensitive nature of file read primitives in a file-transfer product.

Path Traversal IBM
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-6936 MEDIUM This Month

Denial-of-service via uncontrolled recursion in the IBM i Integrated Language Environment (ILE) compiler affects versions 7.3, 7.4, 7.5 (≤12.1.4), and 7.6 (≤11.5.9). An authenticated network attacker can crash or hang the ILE compiler by submitting specially crafted source code containing a specific combination of statements that triggers infinite or deeply nested recursive processing. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis, though the low complexity and authenticated-only barrier makes this plausible for insider threat or compromised credential scenarios.

IBM Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-6052 MEDIUM This Month

Memory exhaustion in IBM Db2 11.5.x and 12.1.x allows an authenticated remote attacker to crash the database engine by submitting certain queries targeting Multi-Dimensional Clustering (MDC) tables, resulting in a denial of service. The vulnerability carries a CVSS 6.5 score with network-accessible attack vector and low-privilege requirement, meaning any valid database user can trigger it. No active exploitation has been identified at time of analysis; SSVC rates exploitation status as none and technical impact as partial.

Denial Of Service IBM
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-42726 MEDIUM This Month

Missing authorization in the AWP Classifieds WordPress plugin (versions through 4.4.5) exposes unauthenticated remote attackers to broken access control, enabling unauthorized modification and availability disruption of classified listing data. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms exploitation requires no authentication, no user interaction, and no elevated privileges against any internet-facing WordPress site running the affected plugin. No public exploit code or CISA KEV listing exists at time of analysis, and EPSS at 0.04% (11th percentile) indicates low observed exploitation probability, though the unauthenticated attack surface broadens theoretical exposure.

Authentication Bypass WordPress
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-42725 MEDIUM This Month

Insecure Direct Object Reference (IDOR) in the WP Wham Checkout Files Upload for WooCommerce WordPress plugin exposes uploaded checkout files to unauthenticated remote attackers who manipulate user-controlled object keys. All plugin versions through 2.2.5 are affected, with the CVSS vector confirming no authentication or user interaction is required. Despite the straightforward exploit path - flagged as automatable by the SSVC framework - real-world risk is tempered by a very low EPSS score of 0.04% (12th percentile), no public exploit code, and no active exploitation per CISA KEV.

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-38930 MEDIUM This Month

Authentication bypass via SQL injection in OpenRapid RapidCMS v1.3.1 allows unauthenticated remote attackers to manipulate the application's authentication logic by injecting crafted SQL payloads into the `name` cookie parameter processed by the `/template/default/menu.php` component. The CVSS 6.5 (AV:N/AC:L/PR:N/UI:N) score reflects trivial remote exploitability with no prior authentication required, though the confidentiality and integrity impacts are rated Low and availability is unaffected. A public researcher writeup is linked in references, suggesting exploit techniques are documented, but no confirmed active exploitation (CISA KEV) has been recorded and EPSS sits at 0.03% (11th percentile), indicating low observed exploitation activity at time of analysis.

PHP SQLi Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-42751 MEDIUM This Month

Stored XSS in the Booking Manager WordPress plugin (wpdevelop) versions through 2.1.18 allows authenticated low-privileged users to inject persistent malicious scripts that execute in other users' browsers. The CVSS scope change (S:C) indicates injected scripts can affect resources beyond the plugin itself - most critically, administrator sessions viewing booking data. No public exploit code has been identified at time of analysis, and EPSS at 0.03% (10th percentile) signals minimal observed exploitation interest currently.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-42750 MEDIUM This Month

Stored Cross-Site Scripting in the WPComplete WordPress plugin (all versions through 2.9.5.4) allows authenticated low-privileged users to inject persistent malicious scripts that execute in other users' browsers upon viewing affected content. The CVSS changed scope (S:C) is the critical risk factor: a contributor- or author-level account can craft payloads that execute in the session of higher-privileged users, including administrators, enabling session hijacking or unauthorized admin actions. No public exploit identified at time of analysis, and an EPSS score of 0.03% (10th percentile) reflects low broad exploitation probability, though the admin-targeting potential elevates real-world concern for multi-user WordPress deployments.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-48968 MEDIUM This Month

DOM-Based Cross-Site Scripting in the Averta Master Slider WordPress plugin (versions through 3.10.8) enables authenticated low-privilege users to inject persistent malicious scripts that execute in the browsers of other site visitors. The CVSS Scope:Changed flag (S:C) confirms the injected payload can escape the plugin's context and affect the broader browser environment, enabling session hijacking or admin action forgery against higher-privileged users. No public exploit code exists and EPSS at 0.03% (10th percentile) aligns with SSVC's 'Exploitation: none' classification - this is a real but moderate-priority finding gated behind authentication and victim interaction requirements.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-42539 MEDIUM PATCH This Month

Excessive data exposure in DFIR-IRIS before version 2.4.28 enables authenticated low-privileged users to retrieve sensitive information from API responses that should be restricted or filtered server-side. The flaw (CWE-201) is part of a coordinated multi-vulnerability disclosure by SBA Research (SBA-ADV-20260126-04), which also identified an Open Redirect (CVE-2026-42329), Insecure File Upload (CVE-2026-42538), and Mass Assignment (CVE-2026-42540) in the same product version. No public exploit identified at time of analysis and no CISA KEV listing; however, the target platform stores highly sensitive digital forensics and incident response case data, elevating the practical impact of any confidentiality breach.

Information Disclosure File Upload Open Redirect
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-0898 MEDIUM This Month

Arbitrary file read in the Xpro Elementor Addons - Pro WordPress plugin (versions ≤1.4.7) allows authenticated attackers with Contributor-level access to retrieve the contents of any file readable by the web server process, including credential-bearing files such as wp-config.php. The vulnerability originates in the Draw SVG widget, which passes user-controlled input to a server-side file read operation without adequate path restriction (CWE-73). No public exploit code has been identified at time of analysis, and CISA has not added this to the KEV catalog; however, successful exploitation fully compromises the confidentiality of server-side data.

Information Disclosure WordPress
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-48877 MEDIUM This Month

Sensitive data exposure in the GenerateBlocks WordPress plugin (versions through 2.1.0) allows authenticated low-privilege users to retrieve embedded sensitive information via network requests. The vulnerability, classified under CWE-201, means the plugin inserts sensitive data into outbound responses where it can be intercepted or retrieved by parties with basic WordPress authentication. No public exploit code exists and CISA has not listed this in KEV, though the high confidentiality impact (CVSS C:H) indicates meaningful data leakage potential if exploited against unpatched installations.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-9156 MEDIUM PATCH This Month

Authenticated network-accessible denial of service in Tanium Server affects three active release branches, patched in versions 7.6.4.2190, 7.7.3.8274, and 7.8.2.1176. The vulnerability stems from a CWE-772 resource leak - allocated resources are not released after their effective lifetime, enabling a low-privileged authenticated attacker to exhaust server resources. A notable conflict exists in the available data: the CVSS vector reports C:H/I:N/A:N (high confidentiality impact, no availability impact) while the CVE description, ENISA EUVD tags, and vendor advisory title all characterize this as a denial of service; defenders should treat both confidentiality and availability as potentially affected until Tanium clarifies. No public exploit is identified and EPSS is low at 0.03%.

Denial Of Service Server
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-45081 MEDIUM PATCH This Month

Improper authorization in Frappe HR (HRMS) prior to version 16.5.0 allows any authenticated employee to read the leave records of other employees without permission. The root cause is CWE-863 (Incorrect Authorization) - the application authenticates the user but fails to enforce that the requesting employee is authorized to view the target employee's data. With a CVSS score of 6.5 (Medium) and a High confidentiality impact, this is a horizontal privilege escalation issue; no public exploit has been identified at time of analysis and it does not appear in the CISA KEV catalog.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-8405 MEDIUM This Month

Credential exposure in IBM Guardium Data Protection's Long Term Retention (LTR) add-on feature allows authenticated network users to obtain sensitive credentials when the system is operating in debug mode. Affected versions are 12.2.1 (up to and including Fix Pack 4.4.7 Fix Pack 1) and 12.2.2. The high confidentiality impact (C:H) reflects that fully valid credentials - not just partial data - may be disclosed, potentially enabling lateral movement or privilege escalation within the data protection infrastructure. No public exploit has been identified at time of analysis, and SSVC assessment confirms no active exploitation.

IBM Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-1933 MEDIUM PATCH This Month

Access control bypass in Samba allows authenticated SMB users who hold write permissions on the underlying filesystem to create or delete NTFS-style reparse point metadata on shares configured with 'read only = yes', defeating the read-only intent of the export. Because the necessary access checks are missing at the SMB layer, an attacker can change how files behave when accessed over SMB - for example, converting a regular file into a symbolic link or another reparse-point type - yielding an integrity and availability impact (CVSS 7.1). There is no public exploit identified at time of analysis, and CISA's SSVC framework rates exploitation as 'none', non-automatable, with partial technical impact.

Authentication Bypass Openshift Container Platform Samba Enterprise Linux
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3279 MEDIUM This Month

Unauthorized jQuery downgrade in the Enable jQuery Migrate Helper WordPress plugin (all versions ≤1.4.1) allows any authenticated Subscriber-level user to replace the site-wide jQuery 3.7.1 with the legacy 1.12.4-wp release, which carries known security vulnerabilities. The root cause is a missing authorization check in the `downgrade_jquery_version()` function, which validates a nonce but never verifies user capabilities (CWE-862). No public exploit exists and CISA has not added this to KEV; however, the indirect impact is significant because a successful downgrade introduces a vulnerable jQuery version that could serve as a stepping stone for further exploitation of other weaknesses.

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-2340 MEDIUM PATCH This Month

WORM protection bypass in Samba's vfs_worm VFS module allows authenticated share users to defeat data retention controls by renaming a newly created file over an existing WORM-protected file. Affected users are those operating Samba deployments that have explicitly enabled the vfs_worm module for write-once, read-many data protection - such as compliance, archival, or audit log shares. An attacker with low-privilege write access can silently overwrite files that should be immutable post-grace-period, with high integrity impact (CVSS I:H). No public exploit or CISA KEV listing is identified at time of analysis.

Information Disclosure Openshift Container Platform Samba Enterprise Linux
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-6938 MEDIUM This Month

Authorization bypass in IBM Db2 12.1.0 through 12.1.4 enables authenticated low-privilege users to upload data to remote object storage paths that should be beyond their access scope by including a specially crafted query. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms the attack is network-accessible, requires no user interaction, and demands only a low-privilege database account, while the I:H score indicates high integrity impact - unauthorized writes to restricted storage destinations. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass IBM
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-1402 MEDIUM PATCH This Month

Denial of service in GitLab CE/EE affects all versions from 17.1 through those prior to 18.10.7, 18.11.4, and 19.0.1, allowing a low-privileged authenticated user to crash or degrade service availability through insufficient input validation. The root cause is CWE-770 (resource allocation without limits or throttling), meaning a specially crafted request can exhaust server-side resources under certain conditions. Publicly available exploit code exists per SSVC assessment, though CISA has not added this to the Known Exploited Vulnerabilities catalog and automated mass exploitation is considered unlikely.

Gitlab Denial Of Service
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-48147 MEDIUM PATCH GHSA This Month

CSRF middleware bypass in Budibase Worker allows unauthenticated remote attackers to forge state-changing requests against any Worker API endpoint by injecting a public route pattern into the query string. Affected versions prior to 3.35.4 are exposed to privilege escalation actions including sending admin invites, modifying global configuration, and managing users - all without a valid CSRF token. User interaction is required (CVSS UI:R), limiting opportunistic mass exploitation, though proof-of-concept exploit code exists per SSVC assessment. No active exploitation has been confirmed by CISA KEV at time of analysis.

CSRF
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-49044 MEDIUM This Month

Stored Cross-Site Scripting in the Advanced Custom Fields: Font Awesome Field WordPress plugin (versions through 5.0.2) allows authenticated low-privileged users to inject persistent malicious scripts into web pages viewed by other users. The changed scope (S:C in CVSS) confirms that injected payloads execute in victims' browsers, potentially enabling session hijacking, credential theft, or unauthorized admin-level actions on the WordPress site. No public exploit code has been identified at time of analysis, and SSVC classifies exploitation as none with partial technical impact.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-8884 MEDIUM This Month

Stored Cross-Site Scripting in the Instant-Quote.co Quotation Page WordPress plugin (all versions ≤1.3.4) allows authenticated attackers with contributor-level access to inject persistent malicious scripts via unsanitized shortcode attributes. The changed-scope CVSS vector (S:C) reflects that injected scripts execute in victim browsers rather than the server, and the plugin's shortcode is exploitable through the WordPress post review workflow - a contributor can embed a malicious shortcode in a draft submitted for editor or administrator review, causing the payload to execute when a privileged user previews the post. No public exploit has been identified and EPSS is very low at 0.04% (12th percentile), indicating limited opportunistic exploitation risk, though the cross-privilege escalation path warrants attention on multi-author WordPress sites.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-8891 MEDIUM This Month

Stored Cross-Site Scripting in the BitForm WordPress plugin (versions up to and including 1.1.0) allows authenticated attackers with contributor-level access or above to inject persistent malicious scripts via unsanitized 'width' and 'height' shortcode attributes in the Shortcode::shortcode() function, which are written directly into the style attribute of an iframe element without escaping. Any user who subsequently views a page containing the injected shortcode will trigger execution of the attacker's script in their browser session, enabling session hijacking, credential theft, or malicious redirects. No public exploit code has been identified at time of analysis, and EPSS places current exploitation probability at 0.03% (9th percentile), indicating this is currently a low-activity finding despite its network-accessible attack vector.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-8872 MEDIUM This Month

Stored Cross-Site Scripting in the Animate Your Content WordPress plugin (versions ≤ 1.0.0) allows authenticated attackers with contributor-level access to inject persistent malicious scripts into pages via the 'animation-set' shortcode. The injected payload executes in the browsers of any user who subsequently visits the affected page, enabling session hijacking, credential theft, or malicious redirects. No public exploit code has been identified at time of analysis, and EPSS (0.03%, 9th percentile) together with SSVC exploitation status of 'none' indicate this is currently a low-priority, low-activity vulnerability.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-8844 MEDIUM This Month

Stored Cross-Site Scripting in the Responsive Check WordPress plugin (versions ≤ 0.0.3) allows authenticated attackers holding contributor-level access or above to inject persistent malicious scripts via the 'url' and 'button' attributes of the [rspcheck] shortcode. The payload executes in the browser of any user who visits an affected page, with a CVSS scope-change designation (S:C) reflecting cross-user impact. No public exploit has been identified and the EPSS score of 0.03% (9th percentile) places real-world exploitation probability firmly at the low end, though sites with open contributor registration remain meaningfully exposed.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.0%
Page 1 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy