Skip to main content
CVE-2026-12033 MEDIUM PATCH This Month

Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-12015 MEDIUM PATCH This Month

Use after free in Autofill in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2023-40200 MEDIUM This Month

Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Logo Showcase Responsive Slider And Carousel
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-12025 MEDIUM PATCH This Month

Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Suse Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-41001 MEDIUM PATCH This Month

Insecure temporary file handling in Spring Boot's ArtemisEmbeddedConfigurationFactory allows a local, low-privileged attacker on the same host to hijack the embedded Apache ActiveMQ Artemis broker's data directory before the application starts. By pre-creating the predictable static path or placing a symlink at that location, the attacker can redirect broker persistence writes - including application messages, journal files, and bindings - to an attacker-controlled filesystem location, yielding partial confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis, but the vulnerability spans five active Spring Boot release trains (2.7.x through 4.0.x), broadening aggregate exposure.

Java Information Disclosure Spring Boot
NVD VulDB HeroDevs
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-46308 MEDIUM PATCH This Month

Improper access control via flawed authorization state management in Apple iOS/iPadOS (before 18.4) and macOS Sequoia (before 15.4) permits a locally installed app to leak sensitive user information without proper authorization. Fixed in iOS 18.4, iPadOS 18.4, and macOS Sequoia 15.4, as confirmed by Apple security advisories. No public exploit code has been identified and no active exploitation is recorded in CISA KEV at time of analysis, though SSVC flags the vulnerability as automatable with partial technical impact.

Authentication Bypass Apple Ios And Ipados
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-46698 MEDIUM PATCH This Month

Server-Side Request Forgery in the Fediverse Embeds WordPress plugin (versions prior to 1.5.9) allows any unauthenticated visitor to cause the WordPress server to fetch an arbitrary URL by abusing a publicly exposed AJAX endpoint. The nonce mechanism guarding the endpoint (`ftf-fediverse-embeds-nonce`) is not an authentication boundary - the same nonce is embedded into every public page containing a fediverse embed, making it trivially obtainable by any site visitor. Once obtained, the nonce can be replayed to invoke `file_get_html($site_url)` with an attacker-controlled URL, potentially exposing internal services such as cloud provider metadata endpoints. No active exploitation has been confirmed (CVE is not in CISA KEV) and no public proof-of-concept has been identified at time of analysis.

PHP WordPress SSRF
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-48049 MEDIUM PATCH GHSA This Month

Static file confinement bypass in @hapi/inert (npm, versions 4.0.0-7.1.0) allows remote unauthenticated attackers to read arbitrary files from sibling directories when those directories share a string prefix with the configured serve path. The flaw is a classic CWE-22 path traversal rooted in a faulty string-prefix comparison that fails to enforce a directory separator boundary, meaning a path like /app/static-secret incorrectly passes the confinement check for a serve root of /app/static. No public exploit code has been identified and this CVE is not in CISA KEV, but the attack itself - a single URL-encoded traversal request - is trivially simple once the precondition of a matching-prefix sibling directory is confirmed.

Path Traversal
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-47167 MEDIUM PATCH This Month

Code injection via unsanitized step-definition patterns in Vim's cucumber filetype plugin allows arbitrary Ruby and shell command execution on any Vim build compiled with +ruby support, prior to version 9.2.0496. An attacker who controls .rb step definition files in a repository can craft a regex-terminating payload that escapes a Kernel.eval() argument, enabling full shell access as the victim's user when the developer invokes the [d or ]d step-jump mapping. No public exploit identified at time of analysis, but the patch commit includes a working proof-of-concept demonstrating the injection technique.

Code Injection RCE Vim Suse
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-53912 MEDIUM PATCH This Month

Cerebrate's inbox self-registration workflow exposed bcrypt password hashes of pending registrants to any authenticated user holding inbox or audit log access privileges. The hashed credential appeared unredacted across HTML, JSON, and CSV inbox responses and was also written unredacted into audit log entries, as confirmed by commit 02da6d7 and its accompanying test assertions checking for suppression of the $2y$10$ bcrypt prefix. Exploitation requires PR:H per the CVSS 4.0 vector, no active exploitation is confirmed (not in CISA KEV), and no public exploit code has been identified at time of analysis.

Information Disclosure Cerebrate
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-11850 MEDIUM PATCH This Month

Heap out-of-bounds read in MIT krb5's LDAP KDB plugin allows a compromised or malicious LDAP backend to crash the KDC or kadmind process, or leak heap memory. The flaw exists in berval2tl_data() within libkdb_ldap and is triggered when the LDAP server returns a krbExtraData attribute with bv_len less than 2, causing an unsigned integer underflow that drives a memcpy of up to 65,534 bytes from a near-zero-length source buffer. Exploitation requires prior control of the LDAP KDB backend server (PR:H, AC:H), constraining real-world risk to insider or supply-chain threat scenarios; no public exploit or CISA KEV listing exists at time of analysis.

Integer Overflow Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +6
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-40992 MEDIUM PATCH This Month

Spring Boot's Mail auto-configuration omits hostname verification for SMTP over TLS/SSL, leaving applications exposed to man-in-the-middle interception of outbound email traffic on adjacent network segments. Three active release lines are affected - 3.4.x through 3.4.16, 3.5.x through 3.5.14, and 4.0.x through 4.0.6 - unless the deploying application has explicitly set the JavaMail property spring.mail.properties.mail.smtp.ssl.checkserveridentity=true to override the insecure default. No public exploit has been identified at time of analysis, but the flaw is present by default in any Spring Boot application that uses the built-in Mail auto-configuration with TLS/SSL and has not applied the corrective property.

Java Information Disclosure Spring Boot
NVD VulDB HeroDevs
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-53812 MEDIUM PATCH GHSA This Month

Server-side request forgery in OpenClaw's Playwright-backed browser control allows authenticated low-privilege users to circumvent private-network navigation guards by chaining action-triggered redirects through the Playwright act interaction mechanism. All OpenClaw versions prior to 2026.5.18 are affected, and subsequent browser evaluation APIs can be abused to read the content of private-network pages - including internal services, admin panels, or cloud metadata endpoints reachable from the server. No public exploit code and no CISA KEV listing have been identified at time of analysis; however, the subsequent-system confidentiality impact is rated High in the CVSS 4.0 vector, reflecting meaningful data-disclosure potential in cloud-hosted or internally networked deployments.

SSRF Openclaw
NVD GitHub VulDB
CVSS 4.0
4.9
EPSS
0.0%
CVE-2026-11986 MEDIUM This Month

Broken access control in the admin-ui-ext component of Red Hat Build of Keycloak permits an authenticated delegated administrator to exploit missing granular permission checks on bulk role-removal endpoints, stripping highly privileged roles from arbitrary users or groups within the Keycloak realm. Affected deployments are those using Keycloak's delegated administration model with the admin-ui-ext extension active; exploitation is bounded by the PR:H CVSS requirement, meaning an attacker must already hold delegated admin credentials. No public exploit has been identified and the vulnerability is not listed in CISA KEV, placing real-world risk in the moderate range with highest relevance to environments with partially trusted delegated administrators.

Information Disclosure Red Hat Build Of Keycloak Red Hat Jboss Enterprise Application Platform Expansion Pack Red Hat
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-6338 MEDIUM PATCH This Month

HTTP request smuggling in Kong Gateway Enterprise (3.4, 3.10-3.14 series) enables unauthenticated remote attackers to desynchronize the HTTP/1.1 processing pipeline between Kong and its backend services, achieving high confidentiality and integrity impact against downstream systems. The parsing flaw (CWE-444) exploits ambiguous header interpretation to poison backend request queues, allowing cross-user request hijacking or malicious content injection. Proof-of-concept exploit code exists (CVSS 4.0 E:P), and no active exploitation is confirmed in CISA KEV at time of analysis.

Request Smuggling Information Disclosure
NVD VulDB
CVSS 4.0
4.9
EPSS
0.0%
CVE-2026-50623 MEDIUM PATCH This Month

Authentication bypass in Apache CXF's OAuth2 TokenIntrospectionService allows unauthenticated network access to the token introspection endpoint due to a missing 'throw' keyword in the internal security context check, causing the guard to silently pass rather than reject unauthorized callers. Affected are deployments using cxf-rt-rs-security-oauth2 versions 4.2.0-4.2.1 and all 4.1.x releases before 4.1.7 that relied solely on CXF's built-in check without independent authentication at the container or gateway layer. No public exploit code or active exploitation has been identified; vendor-confirmed patches (4.2.2 and 4.1.7) were released June 10, 2026.

Apache Authentication Bypass Cxf
NVD VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-40986 MEDIUM PATCH This Month

Reflected XSS in Spring Web Flow's JavaScript RemotingHandler allows an authenticated attacker to inject and execute arbitrary scripts in a victim's browser by embedding malicious content in input that the server reflects within error response bodies. The RemotingHandler renders these error bodies as HTML regardless of the declared Content-Type, bypassing MIME-type enforcement. Affected versions span the 2.5.x, 3.0.x, and 4.0.0 release lines; no public exploit code has been identified at time of analysis and the vulnerability is not listed in CISA KEV.

Java XSS Spring Web Flow
NVD HeroDevs VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-40996 MEDIUM PATCH This Month

Spring Web Services' Wss4jSecurityInterceptor silently defaults allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's own safer default and permitting inbound WS-Security decryption to accept the weak RSA PKCS#1 v1.5 (rsa-1_5) key transport algorithm. This misconfiguration-by-default affects all four supported release trains (3.1.x, 4.0.x, 4.1.x, 5.0.x) and opens deployed SOAP services to Bleichenbacher-style adaptive chosen-ciphertext attacks against server-side RSA key material unless operators explicitly override the flag. No public exploit has been identified at time of analysis, and the CVSS-assigned high attack complexity (AC:H) reflects the significant number of oracle queries required to mount a practical attack.

Apache Java Information Disclosure Spring Web Services
NVD HeroDevs VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-53809 MEDIUM PATCH GHSA This Month

OpenClaw's embedded runner policy incorrectly resolves provider aliases against other aliases rather than their canonical provider identities, enabling an authenticated local user to bypass intended provider policy restrictions. When the affected provider alias feature is active, a low-privileged attacker can select bundled tool access that falls outside the scope their policy should permit, effectively sidestepping the authorization boundary. No public exploit has been identified and no active exploitation is confirmed via CISA KEV; the local attack vector and required feature enablement materially limit real-world exposure.

Canonical Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-2827 MEDIUM This Month

Stored Cross-Site Scripting in the Open User Map PRO WordPress plugin (versions ≤ 1.4.31) via the 'oum_location_notification' parameter enables unauthenticated attackers to persistently inject arbitrary JavaScript into WordPress pages. The injected payload executes in any visitor's browser upon accessing the affected page, with scope extending beyond the originating application context (S:C). No public exploit code or CISA KEV listing has been identified at time of analysis, but the unauthenticated injection surface lowers the barrier for mass exploitation against unpatched sites.

WordPress XSS
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2022-44630 MEDIUM This Month

Cross-Site request forgery (CSRF) vulnerability in YITH YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery.16.0. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF WordPress
NVD VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2024-45636 MEDIUM PATCH This Month

IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Security Qradar Edr
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-32110 MEDIUM This Month

Cross-Site request forgery (CSRF) vulnerability in Magepeople inc. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wpevently
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-49482 MEDIUM This Month

SQL wildcard character injection in ClipBucket v5's subtitle editing endpoint allows authenticated users to overwrite all subtitle titles across every video they own in a single HTTP request. Affected versions are all releases prior to 5.5.3 - #141 of the open-source video sharing platform maintained by MacWarrior. No public exploit exists and the vulnerability is not listed in CISA KEV, but the trivial exploitation mechanism (a single % character) means any authenticated account could cause bulk subtitle data corruption against their own content.

Information Disclosure Clipbucket V5
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2023-32959 MEDIUM This Month

Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels.3.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Metrostore
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-10733 MEDIUM PATCH This Month

Denial of service on the GitLab CI/CD Catalog page is achievable by any authenticated user across a broad version range (17.0 through pre-patch releases of 18.10, 18.11, and 19.0) due to improper sanitization of user-supplied content. The low-privilege, network-accessible attack vector means any GitLab account holder can trigger the condition without elevated permissions or complex setup. No public exploit code or CISA KEV listing has been identified at time of analysis, and the limited availability impact (A:L) constrains real-world severity, though the wide version exposure across three concurrent release branches broadens organizational risk.

Gitlab XSS Denial Of Service
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2022-47150 MEDIUM This Month

Cross-Site request forgery (CSRF) vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery.0.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-47780 MEDIUM GHSA This Month

Improper input validation in free5GC UDR (versions <= 1.4.3) allows any actor with network access to the UDR Service Based Interface to inject arbitrary non-3GPP-compliant identifiers into the EE subscription data path, causing persistent database pollution of the UDR subscriber data store. The flaw originates from a catch-all regex branch (`|.+`) in `HandleCreateEeSubscriptions` and `HandleQueryeesubscriptions` within `api_datarepository.go` that nullifies all preceding format-specific checks for IMSI, NAI, MSISDN, EXTID, GCI, and GLI identifiers. A publicly available proof-of-concept - published in the GHSA advisory - confirms that attacker-controlled `ueId` strings are accepted with HTTP 201, persisted, and retrievable via HTTP 200, demonstrating a fully exploitable integrity violation with no patch available at time of analysis.

RCE
NVD GitHub
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy