Skip to main content
CVE-2026-9060 LOW POC PATCH Monitor

Stored Cross-Site Scripting in Store Locator WordPress plugin before 1.6.6 allows administrator-level users to inject persistent malicious scripts into the plugin's admin settings page, with execution triggered when any privileged user visits the page. Critically, this bypass works even when WordPress's `unfiltered_html` capability is restricted - a control commonly enforced in multisite networks - meaning a subsite admin could target visiting super admins. A publicly available exploit exists via WPScan, though no active exploitation has been confirmed by CISA KEV. CVSS rates this 3.5 (Low), but multisite deployments face materially higher practical risk.

XSS WordPress
NVD WPScan
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-45380 LOW PATCH Monitor

Path traversal via crafted .7z archive in bit7z before v4.0.12 on POSIX platforms allows an attacker-controlled symlink to escape the extraction directory by exactly one level - up to the parent directory. Any archive entries extracted after the malicious symlink is placed will write attacker-controlled files to the parent of the intended output path, carrying the permissions of the extracting process. No public exploit has been identified at time of analysis and this CVE is not listed in CISA KEV; the vendor-confirmed fix ships in version 4.0.12.

Microsoft Path Traversal
NVD GitHub
CVSS 3.1
3.6
EPSS
0.0%
CVE-2026-50568 LOW PATCH Monitor

Path traversal in Fission's SanitizeFilePath function (pkg/utils/utils.go) allows a low-privileged tenant to read or write files outside an intended safe directory on a shared Kubernetes volume. Versions prior to 1.25.0 validated directory confinement using strings.HasPrefix, which performs a purely lexical string comparison: a sibling path such as /packages-extra/evil incorrectly passes a check for the safe directory /packages because it satisfies the string prefix condition without a directory-separator boundary. The builder's Clean handler and the fetcher's Fetch and Upload handlers were all affected. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV.

Information Disclosure Kubernetes
NVD GitHub VulDB
CVSS 3.1
3.6
EPSS
0.0%
CVE-2022-48575 LOW PATCH Monitor

A person with access to a Mac may be able to bypass Login Window. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apple Authentication Bypass
NVD VulDB
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-48051 LOW PATCH GHSA Monitor

Papra's webhook delivery system allows any authenticated organisation member to bypass SSRF protections and cause the server to issue HTTP requests to loopback, link-local, and RFC-1918 addresses by exploiting automatic redirect-following in the ofetch HTTP client. The SSRF blocklist is enforced on registered webhook URLs but never applied to 3xx redirect destinations, meaning an attacker-controlled server can return a 302/307 response pointing to any internal address and Papra's server will follow it. A public proof-of-concept is available and exploitation was confirmed against the official Docker image; no CISA KEV listing is present at time of analysis.

Python Docker Microsoft SSRF
NVD GitHub
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-48855 LOW PATCH Monitor

Path disclosure in Erlang OTP's ssh_sftpd module exposes the absolute backend filesystem path of the SFTP chroot root to authenticated clients. By creating a symlink inside the chroot pointing to '/' and issuing SSH_FXP_READLINK, an authenticated SFTP client receives the raw absolute path (e.g., '/data/sftp') that the server uses as the chroot backend, rather than the sanitized chroot-relative value '/'. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog; the CVSS 4.0 score of 2.3 reflects the narrowly scoped, low-severity nature of the disclosure.

Information Disclosure Otp
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-29114 LOW Monitor

CA root certificate exposure in Dahua IPC devices allows unauthenticated network-based attackers, under specific prerequisite conditions, to retrieve the device's internal CA root certificate. If the obtained certificate is installed and trusted on client systems, the attacker could leverage it to issue fraudulent certificates recognized as valid by those clients, collapsing the integrity of affected certificate trust chains. No active exploitation has been confirmed (not in CISA KEV), no public exploit code has been identified, and the CVSS 4.0 score of 2.3 reflects the multi-step, user-dependent nature of the full attack chain.

Information Disclosure Dahua
NVD
CVSS 4.0
2.3
EPSS
0.0%
CVE-2024-58350 LOW PATCH Monitor

Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability. Rated low severity (CVSS 2.1), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Ghidra
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-11859 LOW PATCH Monitor

HTML injection in the 'fetch links' alert email feature of Thinkst Canarytokens allows unauthenticated remote attackers to embed malicious HTML and JavaScript into notification emails delivered to token owners (defenders). The vulnerability is notable because it weaponizes the deception platform's own alert mechanism against the security operators relying on it - turning a defensive tool into a phishing vector. Proof-of-concept exploit code exists (CVSS 4.0 E:P), though the vulnerability is not listed in CISA KEV and the CVSS 4.0 base score of 2.0 reflects the limited, interaction-dependent impact.

Docker XSS
NVD GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-24717 LOW PATCH Monitor

Path traversal in QNAP QTS and QuTS hero NAS operating systems exposes arbitrary file contents to attackers who have already obtained administrator-level access. The root cause (CWE-22) indicates insufficient sanitization of file path inputs, allowing directory escape to reach files outside intended scope. No public exploit code has been identified at time of analysis, and CISA KEV lists no active exploitation - making this a targeted post-compromise risk rather than an opportunistic mass-exploitation scenario. Vendor-released patches address all affected branches as of May 2026.

Path Traversal Qnap Qts Quts Hero
NVD VulDB
CVSS 4.0
1.2
EPSS
0.2%
CVE-2026-24716 LOW PATCH Monitor

NULL pointer dereference in QNAP QTS and QuTS hero NAS operating systems enables a remote, administrator-authenticated attacker to trigger a denial-of-service condition. Exploitation requires the attacker to first hold or acquire an administrator account on the target device, after which a crafted request can crash system services. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

Denial Of Service Null Pointer Dereference Qnap Qts Quts Hero
NVD VulDB
CVSS 4.0
1.2
EPSS
0.1%
CVE-2025-59382 LOW Monitor

External control of assumed-immutable web parameters in QNAP NAS software enables remote unauthenticated attackers to achieve low-integrity impact by manipulating parameters the application treats as unmodifiable. The vulnerability requires active user interaction to trigger, limiting opportunistic exploitation. QNAP has released a fix per advisory QSA-26-10; no public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure Qts Quts Hero Qutscloud
NVD VulDB
CVSS 4.0
1.2
EPSS
0.0%
CVE-2026-0266 LOW PATCH Monitor

Stored cross-site scripting in Palo Alto Networks PAN-OS allows a malicious authenticated administrator to persist a JavaScript payload via the web management interface, enabling potential execution of that script in the browsers of other administrative users who view the affected interface element. Affected platforms include PA-Series and VM-Series physical and virtual firewalls as well as Panorama (both virtual appliances and M-Series hardware). The CVSS 4.0 base score of 1.1 reflects the extremely constrained exploitability: high-privilege access is a prerequisite and passive user interaction by a second victim is required. No public exploit identified at time of analysis.

XSS Paloalto Cloud Ngfw Pan Os Prisma Access
NVD VulDB
CVSS 4.0
1.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy