Skip to main content
CVE-2026-11623 LOW POC PATCH Monitor

Use-after-free memory corruption in tmux's SIXEL image handling allows a local low-privileged attacker with high complexity to trigger memory corruption or denial of service in versions up to 3.6a. The root cause lies in the `image_free()` function in `image.c`, where image structs retain stale pointers to their original parent screen's image list after alternate screen transitions, causing `TAILQ_REMOVE` to dereference an invalid list pointer. No active exploitation is confirmed (not in CISA KEV), though publicly available exploit code exists per the CVE vector's E:P designation and a public gist from XlabAITeam. A fix is available in tmux 3.7-rc.

Denial Of Service Use After Free Memory Corruption Tmux
NVD VulDB GitHub
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-45485 LOW PATCH Exploit Unlikely Monitor

Out-of-bounds read in Microsoft Office and SharePoint Server exposes low-level memory contents to a local attacker when a victim opens a crafted document. Affected products span Microsoft 365 Apps for Enterprise, Office 2016/2019/LTSC 2021/2024, Office for Mac variants, and SharePoint Server 2016/2019/Subscription Edition - all at version 16.0.x baselines. The CVSS score of 3.3 (Low) reflects constrained impact: confidentiality is only partially affected, integrity and availability are untouched, and exploitation requires both local access and user interaction. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Microsoft Buffer Overflow 365 Apps Microsoft 365 +5
NVD VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2026-45466 LOW PATCH Monitor

Heap-based buffer overflow in Microsoft Office Word exposes limited local memory contents when a user opens a specially crafted document. Affecting multiple Office product lines including Microsoft 365 Apps for Enterprise, Office LTSC 2021, LTSC 2024, and their Mac counterparts, the vulnerability carries a CVSS score of 3.3 (Low) and is constrained to confidentiality impact only, with no integrity or availability consequences. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

Heap Overflow Microsoft Buffer Overflow 365 Apps Microsoft 365 +2
NVD VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2026-45642 LOW PATCH Exploit Unlikely Monitor

Spoofing via improper input validation affects Microsoft Azure Attestation service and the Device Health Attestation Service component across a broad range of Windows OS versions, from Windows Server 2012 through Windows Server 2025 and Windows 10/11. An authorized attacker with high privileges and physical access to the target device can manipulate attestation inputs to spoof device health or platform integrity status, achieving a high-integrity impact with no confidentiality or availability consequence. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog; the CVSS score of 3.9 (Low) reflects the significant physical and privilege barriers to exploitation.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
3.9
EPSS
0.1%
CVE-2026-42768 LOW PATCH Monitor

Bleichenbacher oracle in OpenSSL's CMS_decrypt() and PKCS7_decrypt() functions exposes RSA-encrypted message content to unauthenticated remote attackers who can submit adaptive chosen-ciphertext queries against multi-RecipientInfo CMS/PKCS7 structures. Four active OpenSSL branches are affected (3.4.x, 3.5.x, 3.6.x, and 4.0.x), with patches released under the coordinated OpenSSL security advisory on 2026-06-09. No public exploit code and no active exploitation have been identified at time of analysis; SSVC rates this non-automatable with partial technical impact, consistent with the attack's high operational complexity.

OpenSSL Information Disclosure
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-42770 LOW PATCH Monitor

FFC-DH peer validation in OpenSSL incorrectly accepts an attacker-supplied `q` (subgroup order) parameter instead of using the locally trusted value, undermining the cryptographic integrity of Diffie-Hellman key exchange. Affected branches span OpenSSL 3.0.x, 3.4.x, 3.5.x, 3.6.x, and 4.0.0, with patched releases issued across all five branches on 2026-06-09. With a CVSS score of 3.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) and no confirmed active exploitation or public proof-of-concept, this is a moderate-priority patch item rather than an emergency response trigger - though its broad reach across widely deployed OpenSSL branches warrants timely remediation.

OpenSSL Information Disclosure
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-44743 LOW Monitor

SAP Business Objects exposes sensitive information through a specific network-accessible endpoint when high-complexity preconditions are met, exploitable by unauthenticated remote attackers. Classified as CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere), the flaw carries a CVSS score of 3.7 (Low) with impact limited strictly to partial confidentiality loss - integrity and availability are unaffected. No public exploit has been identified at time of analysis, and no active exploitation has been confirmed.

Information Disclosure SAP
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-11764 LOW PATCH Monitor

Gift card secret exposure in pretix event ticketing software allows a highly privileged user who lacks explicit gift card viewing permission to obtain full gift card secret codes by generating a reusable media export. Affected versions span pretix 2024.1.0 through all releases prior to the 2026.5.1 fix, as confirmed by ENISA EUVD-2026-35407. No public exploit exists at time of analysis (CVSS E:U), but successful exploitation undermines organizational permission boundaries and can enable financial fraud against end customers whose gift card balances are exposed.

Information Disclosure Pretix
NVD
CVSS 4.0
3.6
EPSS
0.0%
CVE-2026-41974 LOW Monitor

Permission control weakness in the service notifications component of Huawei HarmonyOS and EMUI allows a local, unprivileged attacker - with user interaction - to partially degrade availability across a changed scope boundary. Rooted in CWE-264 (Permissions, Privileges, and Access Controls), the flaw permits improper manipulation of notification service permissions, with impact reaching beyond the immediately vulnerable component as indicated by the CVSS Scope:Changed attribute. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV; the low CVSS score of 3.6 reflects constrained real-world impact limited to availability.

Privilege Escalation Emui
NVD
CVSS 3.1
3.6
EPSS
0.0%
CVE-2026-48289 LOW Monitor

Security feature bypass in Adobe Experience Manager (versions up to 6.5.24, LTS SP1, and 2026.04) allows a low-privileged authenticated attacker to gain unauthorized write access through improper input validation. Despite the 'Authentication Bypass' tag, the CVSS PR:L vector clarifies the attacker already holds a low-privilege account and uses this flaw to circumvent an additional security control - not to bypass authentication itself. Exploitation requires social engineering a victim to visit a maliciously crafted URL or interact with a compromised web page, and no public exploit has been identified at time of analysis.

Adobe Authentication Bypass
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2026-48288 LOW Monitor

Security feature bypass in Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, and 2026.04 and earlier allows a low-privileged authenticated attacker to gain unauthorized write access by exploiting improper input validation. Exploitation requires user interaction - a victim must be socially engineered into visiting a maliciously crafted URL or interacting with a compromised web page. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV; the CVSS score of 3.5 (Low) reflects constrained impact limited to integrity only, with no confidentiality or availability exposure.

Adobe Authentication Bypass
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2026-8981 LOW PATCH Monitor

Stored cross-site scripting in the Custom Block Builder WordPress plugin (versions before 4.3.0) allows authenticated administrators to inject persistent JavaScript into block template code fields that executes in every visitor's browser on pages embedding the affected block. The vulnerability is specifically scoped to multisite WordPress installations or single-site deployments where DISALLOW_UNFILTERED_HTML is defined - environments that are supposed to restrict the unfiltered_html capability from lower-trust administrators. The root cause is inconsistent capability enforcement: certain code paths writing to block template fields bypass the unfiltered_html check that should gate raw HTML/JS input. No public exploit identified at time of analysis, and the CVSS score of 3.5 reflects the high-privilege prerequisite and limited confidentiality/integrity impact.

XSS WordPress
NVD WPScan VulDB
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-45459 LOW PATCH Exploit Unlikely Monitor

Excel across multiple Microsoft Office product lines fails to properly enforce an internal protection mechanism, enabling a local attacker to bypass a security feature and access limited confidential data within the process context. Affected builds span Microsoft 365 Apps for Enterprise, Office LTSC 2024, and Mac variants of Office. With a CVSS score of 3.3, this is a low-severity finding - no public exploit has been identified at time of analysis, and exploitation requires both local system access and deliberate user interaction.

Authentication Bypass Microsoft 365 Apps Microsoft 365 Office 2021 +1
NVD VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2026-11792 LOW Monitor

Heap buffer overflow in Red Hat Directory Server's audit logging subsystem allows an authenticated high-privilege attacker to corrupt heap memory and tamper with audit log output. The vulnerable function create_masked_entry_string() in auditlog.c writes a fixed-length password mask into a precisely-sized heap buffer without bounds checking, overflowing when a short cleartext password is processed. Exploitation requires two non-default preconditions - audit logging must be enabled AND either CLEAR password storage must be configured or a replication peer must already be compromised - limiting real-world exposure significantly. No public exploit identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

Heap Overflow Buffer Overflow Red Hat Directory Server 11 Red Hat Directory Server 12 Red Hat Directory Server 13 +5
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-11684 LOW PATCH Monitor

Insufficient network policy enforcement in Google Chrome prior to 149.0.7827.103 allows a remote unauthenticated attacker - who has already compromised the browser's utility process - to leak cross-origin data by luring a victim to a crafted HTML page. The confidentiality impact is limited and scoped unchanged, yielding a CVSS base score of just 3.1 (Low). No public exploit exists and CISA SSVC confirms exploitation status as none at time of analysis.

Information Disclosure Google
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-11691 LOW PATCH Monitor

Cross-origin data leakage in Google Chrome's New Tab Page (NTP) component prior to version 149.0.7827.103 enables an unauthenticated remote attacker - who has already achieved renderer process compromise - to exfiltrate cross-origin data via a crafted HTML page. The vulnerability stems from insufficient input validation in the NTP, exploitable only as a second-stage attack chained after a separate renderer exploit. No public exploit code or CISA KEV listing exists at time of analysis, and the CVSS base score of 3.1 (Low) accurately reflects the constrained impact: confidentiality-only, low severity, high attack complexity.

Information Disclosure Google
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-11686 LOW PATCH Monitor

Cross-origin data leak in Chrome's Dawn (WebGPU) component on macOS affects all versions prior to 149.0.7827.103, allowing a remote attacker who has already compromised the renderer process to exfiltrate cross-origin data via a crafted HTML page. CVSS score of 3.1 (Low) accurately reflects the constrained impact: confidentiality loss only (C:L), no integrity or availability impact, and a hard prerequisite of prior renderer compromise that makes standalone exploitation impossible. No public exploit code exists and CISA SSVC assessment confirms exploitation status as none with non-automatable attack conditions.

Apple Information Disclosure Google
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-11675 LOW PATCH Monitor

Out-of-bounds read in Chrome's Skia graphics engine (versions prior to 149.0.7827.103) enables cross-origin data leakage via a crafted HTML page, but only after a prior renderer process compromise. The CVSS score of 3.1 (Low) reflects the constrained impact: confidentiality loss is limited in scope, and the prerequisite renderer compromise represents a significant barrier. No public exploit identified at time of analysis, and CISA SSVC confirms exploitation status as none with non-automatable attack surface.

Google Buffer Overflow
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-41986 LOW Monitor

File system logic bypass in Huawei HarmonyOS allows a physically present, unauthenticated attacker to circumvent file system control logic, resulting in limited availability impact on the affected device. CVSS scores this at 2.4 (Low), reflecting the mandatory physical access requirement and constrained availability-only impact with no confidentiality or integrity exposure. No public exploit code exists and the vulnerability is not listed in CISA KEV at time of analysis.

Authentication Bypass
NVD
CVSS 3.1
2.4
EPSS
0.0%
CVE-2026-47241 LOW PATCH GHSA Monitor

{0}` or `{0+}`, allowing a smuggled literal-continuation marker to reach the IMAP server and cause it to absorb the next client command - hanging the issuing thread and, in multi-threaded environments, also the thread that sent the follow-up command. Rated low severity by the maintainers; no public exploit identified at time of analysis, but any application passing untrusted input to the affected raw argument parameters is at risk.

Denial Of Service Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-46546 LOW Monitor

Metadata injection in Frappe LMS prior to version 2.53.0 enables authenticated users to embed crafted content into user-editable fields that, when reflected in page metadata, silently redirects visiting users' browsers to an attacker-controlled URL. Exploitation requires a low-privilege account (PR:L) and passive victim interaction (UI:P) - a target must visit a page containing the poisoned content. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog; its CVSS 4.0 score of 2.1 reflects genuinely low severity, though the redirect capability carries downstream phishing and credential-harvesting risk.

Information Disclosure Lms
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-11619 LOW Monitor

Dolibarr ERP CRM's Legacy Filemanager component exposes its configuration endpoint without any authorization gate, allowing authenticated users holding only low-level privileges to interact with filemanager functionality reserved for website administrators. Affecting all releases through 23.0.2, the missing permission check in htdocs/core/filemanagerdol/connectors/php/config.inc.php means any valid account - regardless of role - can reach this endpoint. Publicly available exploit code exists (CVSS E:P); no CISA KEV listing is confirmed in the available data.

PHP Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-49738 LOW PATCH GHSA Monitor

Path traversal in TYPO3 CMS's GeneralUtility::isAllowedAbsPath() allows authenticated administrator-level users to define File Abstraction Layer (FAL) storage roots that resolve to directories outside the project root. Affected versions span all active TYPO3 branches: before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31, and 14.0.0-14.3.3. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog; the CVSS 4.0 score of 2.1 reflects the severe privilege and prerequisite constraints that substantially limit real-world impact.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-11621 LOW Monitor

Unrestricted file upload in Dcat-Admin up to 2.2.3-beta allows remote attackers with high privileges - or potentially with authentication bypass - to upload arbitrary files via the editorMDUpload function at the /admin/dcat-api/editor-md/upload endpoint on the User Setting Page. The vulnerability stems from improper access control (CWE-284) on the editormd-image-file parameter, enabling upload of potentially malicious file types. Publicly available exploit code exists (CVSS E:P confirmed), though no active exploitation is listed in CISA KEV. The low CVSS 4.0 base score of 2.0 reflects constrained impact scope, but the 'Authentication Bypass' tag warrants additional scrutiny of the effective privilege requirement.

Authentication Bypass File Upload
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-0410 LOW PATCH Monitor

Integrity controls on multiple NETGEAR router firmware lines can be subverted by authenticated administrators on the local network through improper input validation (CWE-20), enabling privilege escalation beyond the intended administrative authorization boundary and permitting unauthorized modifications to router software and functionality. Twenty distinct NETGEAR SKUs across the R7000, RAX, RAXE, and XR1000 series are confirmed affected per ENISA EUVD-2026-35452, each with specific patched firmware thresholds now released by the vendor. No public exploit exists at time of analysis (CVSS E:U), and multiple CVSS constraints - adjacent-only attack vector, high complexity, and high privilege requirement - substantially limit the realistic threat population.

Authentication Bypass R7000 Rax20 Rax35V2 Rax41 +16
NVD VulDB
CVSS 4.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy