Skip to main content
CVE-2026-53463 MEDIUM PATCH GHSA This Month

Null pointer dereference in ImageMagick's distort operation crashes the processing process when an attacker supplies malformed distort arguments via a crafted image. Affected are all ImageMagick 6.x versions prior to 6.9.13-50 and all 7.x versions prior to 7.1.2-25. An unauthenticated remote attacker who can cause a target application to process a specially crafted image can trigger a DoS; no public exploit has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog.

Denial Of Service Null Pointer Dereference Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-53440 MEDIUM This Month

Open redirect in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) enables unauthenticated remote attackers to craft login URLs with a malicious external domain in the 'from' parameter under the 'Delegate to servlet container' security realm, silently redirecting authenticated users to attacker-controlled sites post-login for phishing purposes. The CVSS vector (PR:N, UI:R) confirms no attacker authentication is needed, but victim interaction is mandatory - the user must click a crafted link and complete a login. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV; vendor-released patches are available as of 2026-06-10.

Jenkins Open Redirect Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-53437 MEDIUM This Month

Open redirect in Jenkins login flow enables phishing attacks by exploiting improper redirect URL validation. Tab or newline characters injected between `//` in a post-login redirect URL bypass Jenkins' legitimacy check, redirecting authenticated victims to attacker-controlled sites. Affects Jenkins weekly 2.567 and earlier and LTS 2.555.2 and earlier; vendor-released patches are available. No public exploit identified at time of analysis, and no CISA KEV listing exists, but the bypass technique is trivially derivable from the public advisory.

Jenkins Open Redirect
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-53634 MEDIUM POC PATCH GHSA This Month

Authorization bypass in Sharp (code16/sharp Laravel CMS package) versions 9.0.0 through 9.22.3 permits authenticated users lacking create permissions to invoke Quick Creation Command endpoints directly, circumventing the authorization layer to either retrieve entity creation forms or submit new records. The root cause is a missing `authorizationManager->check('create', $entityKey)` call in both the constructor and the `create` method of `ApiEntityListQuickCreationCommandController`, meaning the restriction enforced at the entity list level was not replicated at the command controller level. No public exploit exists and no CISA KEV listing is present; vendor-released patch v9.22.3 closes both vulnerable endpoints.

Authentication Bypass Sharp
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-50569 MEDIUM PATCH This Month

Input validation bypass in Fission (Kubernetes-native serverless framework) prior to version 1.25.0 allows authenticated users with Kubernetes API access to create HTTPTrigger resources with malformed or unsafe URL paths, achieving low-integrity routing manipulation. The RelativeURL and Prefix fields in HTTPTriggerSpec were validated only at the Fission CLI layer; when the post-CRD-modernization admission webhook was retired in favor of API-server CEL, no CEL rules were authored for those two fields - leaving a complete gap exploitable via kubectl apply or direct Kubernetes REST API calls. No public exploit code exists and this CVE is not listed in CISA KEV, but the bypass is straightforward for any cluster user with HTTPTrigger create rights.

Authentication Bypass Kubernetes
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-20260 MEDIUM PATCH This Month

ANSI escape code injection in Splunk SOAR versions below 8.5.0 allows an unauthenticated remote attacker to embed terminal control sequences into application log files via crafted HTTP request paths. When an administrator subsequently views those logs in a terminal emulator, the escape codes may be interpreted, enabling visual output manipulation such as overwriting displayed text, hiding log entries, or altering terminal state. No public exploit code has been identified at time of analysis, and exploitation requires administrator interaction with affected log output, keeping real-world risk moderate despite the low authentication barrier.

Code Injection Splunk Splunk Soar
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-45563 MEDIUM This Month

Roxy-WI 8.2.6.4 and prior exposes a broken object-level authorization flaw in its audit history endpoint, allowing any authenticated user to read any other user's full action audit trail. The GET /history/user/<server_ip> endpoint conflates the server_ip path parameter with a user identifier and performs no authorization check, meaning a guest account in an unrelated group can enumerate administrators' operational history including server IPs touched, configs deployed, and services restarted. No patch is available at time of publication; no public exploit code or active exploitation has been identified.

Authentication Bypass Nginx Apache
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-53439 MEDIUM This Month

Missing authorization checks in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) expose user-specific configuration data to any authenticated user holding the Overall/Read permission. Authenticated low-privilege users can query the timezone setting of any Jenkins user account and enumerate the names of views configured within other users' 'My Views' personal dashboards, constituting an information disclosure weakness. No public exploit code exists and this CVE is not listed in the CISA KEV catalog at time of analysis, placing real-world risk in the low-moderate tier primarily relevant to multi-tenant or shared Jenkins deployments.

Authentication Bypass Jenkins Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-53438 MEDIUM This Month

Missing authorization enforcement in Jenkins allows low-privileged authenticated users to cancel build queue items they lack permission to view. Affecting Jenkins 2.567 and earlier (LTS 2.555.2 and earlier), this CWE-862 flaw breaks the expected access control invariant that Item/Cancel should be constrained by Item/Read visibility. No public exploit code exists and this vulnerability is not listed in CISA KEV at time of analysis, but the low attack complexity and network accessibility make it a realistic threat in multi-tenant Jenkins deployments where fine-grained RBAC is in use.

Authentication Bypass Jenkins Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-53436 MEDIUM This Month

Open redirect exploitation in Jenkins allows unauthenticated network attackers to craft login URLs that bypass the post-authentication redirect validation and forward users to attacker-controlled external sites. Affected are Jenkins weekly releases through 2.567 and LTS releases through 2.555.2, where the redirect URL legitimacy check fails when the URL contains relative path segments such as `./` or `../`. No active exploitation is confirmed (not listed in CISA KEV) and no public exploit code has been identified at time of analysis, placing this in a moderate-risk, phishing-enablement category rather than a direct system compromise class.

Jenkins Open Redirect Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-41714 MEDIUM PATCH This Month

Improper certificate validation in Spring AMQP allows a network-positioned attacker to perform a man-in-the-middle attack against applications that configure broker connections via RabbitConnectionFactoryBean.setUri("amqps://...") without explicitly calling setUseSSL(true). Affected are Spring AMQP versions 2.4.0 through 4.0.3 across four release lines. Although TLS encryption is established, the absence of certificate chain validation and hostname verification means a rogue broker can impersonate the legitimate RabbitMQ instance, exposing message content in transit. No public exploit identified at time of analysis, and this CVE is not listed in CISA KEV.

Information Disclosure Java
NVD HeroDevs VulDB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-53464 MEDIUM PATCH GHSA This Month

Memory leak in ImageMagick's wand option parser degrades availability when invalid options are supplied, affecting all versions prior to 7.1.2-25. The leak is described as small, meaning impact is limited to gradual memory exhaustion rather than immediate resource collapse. No active exploitation has been identified (not in CISA KEV), no public exploit code is known, and an EPSS score was not provided - consistent with a low-severity, locally-triggered defect. The 'Information Disclosure' tag in the source data is inconsistent with the CVSS C:N metric and the description; this discrepancy should be treated as a possible tagging error unless the vendor advisory clarifies memory-content exposure.

Information Disclosure Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-47763 MEDIUM PATCH GHSA This Month

Arbitrary file clobber in PDM (Python Development Master) below version 2.27.0 allows an attacker who controls a cloned project repository to overwrite files outside the repository root by planting symlinks at project-local config paths (pdm.toml, .pdm-python, .python-version) that PDM writes to without symlink protection. When a developer runs any PDM command triggering a project-local config write against the malicious checkout, the tool follows the symlink and overwrites the target with attacker-influenced content - up to arbitrary file corruption relative to the invoking user's privileges. A working proof-of-concept is included in the GitHub security advisory GHSA-ghq2-5c67-fprm; no active exploitation is confirmed in CISA KEV at time of analysis.

RCE Python Suse
NVD GitHub VulDB
EPSS
0.0%
CVE-2026-47753 MEDIUM PATCH GHSA This Month

Nil-pointer dereference in Incus daemon (incusd) versions before 7.1.0 allows any authenticated API user holding the standard can_create permission on any project to crash the entire incusd process by uploading a crafted backup tarball, causing denial of service across all projects on the affected cluster member. The vulnerable path in internal/server/storage/backend.go:795 dereferences Config.Volume without a nil guard while adjacent fields received nil-checks in sibling patches (GHSA-fwj8-62r8-8p8m, GHSA-r7w7-mmxr-47r9, GHSA-x5r6-jr56-89pv) released 2026-05-04. Publicly available exploit code exists in the form of a self-contained Go unit test and 2560-byte tarball builder included with the disclosure; no CISA KEV listing at time of analysis.

Null Pointer Dereference Denial Of Service Suse
NVD GitHub
EPSS
0.0%
CVE-2026-48058 MEDIUM PATCH GHSA This Month

Session and OIDC state cookies in nebula-mesh up to v0.3.1 are transmitted without the Secure attribute, allowing a network-adjacent attacker who can observe a single plaintext HTTP request to recover the session cookie and fully impersonate the operator for up to 24 hours. The OIDC state cookie carries an additional CSRF risk during its 10-minute validity window, enabling an attacker to hijack the OIDC callback flow. A working reproducer is included in the GHSA advisory; no public exploit framework distribution is known and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

CSRF
NVD GitHub
EPSS
0.0%
CVE-2026-48025 MEDIUM PATCH GHSA This Month

Decrypted CA private keys in nebula-mesh linger in Go's process heap after signing operations complete, violating the keystore package's explicit zeroise contract. All versions through v0.3.6 are affected across three call sites - enroll.go:116, updates.go:297, and mobile_bundle.go:40 - each of which constructs a CAManager with a plaintext ed25519.PrivateKey and drops the reference without wiping the underlying slice. An attacker with local memory-read access can extract the plaintext CA private key from process heap, defeating the master-key envelope-encryption design's core security guarantee. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV.

Information Disclosure
NVD GitHub
EPSS
0.0%
CVE-2026-48037 MEDIUM PATCH GHSA This Month

Silent security posture degradation in `@hulumi/baseline` (npm, versions < 1.4.0) allows AWS detective service configurations to appear active while being suspended, misconfigured, or inadvertently destroyed through normal Pulumi stack teardown operations. The `AccountFoundation` component's opt-in reuse mode for existing GuardDuty detectors and Security Hub configurations never validates imported resource state, meaning a suspended or slow-cadence GuardDuty detector silently passes deployment as healthy, and a routine `pulumi destroy` will call `BatchDisableStandards` to strip CIS/NIST compliance subscriptions from accounts that had those subscriptions before Hulumi was ever introduced. No public exploit identified at time of analysis; both failure modes are triggered by legitimate operator actions, not adversarial input.

Information Disclosure
NVD GitHub
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy