Skip to main content
CVE-2026-9307 MEDIUM CISA This Month

Unauthenticated information disclosure in Rockwell Automation CompactLogix 5370 PLCs exposes CIP Connection IDs via the controller's built-in web diagnostics page to any host with network access. The disclosed identifiers can be used by an attacker as a stepping-stone to craft malicious CIP packets, enabling a chained Denial-of-Service attack against active controller connections. No public exploit code or CISA KEV listing has been identified at time of analysis, though the CVSS 4.0 AT:P flag indicates specific network access conditions must be satisfied, which reduces exposure in properly segmented OT environments.

Information Disclosure Compactlogix 5370
NVD
CVSS 4.0
6.3
EPSS
0.3%
CVE-2026-46812 MEDIUM This Month

Remote exploitation of Oracle Access Manager's Authentication Engine allows unauthenticated network attackers - contingent on user interaction - to achieve limited confidentiality and integrity compromise, with scope change propagating impact to additional Fusion Middleware products. Versions 12.2.1.4.0 and 14.1.2.1.0 are confirmed affected per Oracle's June 2026 Critical Patch Update. The scope change (S:C) is particularly notable because OAM functions as an SSO gateway, meaning even limited manipulation during authentication flows can cascade to downstream applications sharing that identity fabric. No public exploit code has been identified and the vulnerability is not listed in CISA KEV at time of analysis.

Authentication Bypass Oracle Oracle Access Manager
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2026-46770 MEDIUM This Month

Cross-site scripting or authentication bypass in Oracle Application Development Framework (ADF) Security Framework component allows network-based unauthenticated attackers to compromise versions 12.2.1.4.0 and 14.1.2.0.0 via HTTP when a victim user interacts with a malicious payload. Successful exploitation results in unauthorized read access to a subset of ADF data and unauthorized modification of ADF-accessible data, with a confirmed scope change indicating downstream impact on additional Oracle Fusion Middleware products. No public exploit has been identified at time of analysis, and no CISA KEV listing exists.

Authentication Bypass Oracle Oracle Application Development Framework Adf
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2026-48520 MEDIUM PATCH GHSA This Month

Arbitrary file read in Langflow's Shareable Playground feature exposes local filesystem and S3 paths to unauthenticated attackers on instances where at least one public flow exists. The `/api/v1/build_public_tmp` endpoint accepts a user-controlled `files` field without path validation, causing Langflow to read attacker-specified files and pass their contents to the configured LLM. A proof-of-concept is publicly documented in the GitHub Security Advisory GHSA-rcjh-r59h-gq37; no active exploitation (CISA KEV) has been confirmed. Note: the 'RCE' tag associated with this CVE in source data is inconsistent with the described impact, which is limited to information disclosure via file read.

RCE
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-50146 MEDIUM PATCH GHSA This Month

Reflected cross-site scripting in Astro framework (versions prior to 6.3.3) allows remote attackers to inject arbitrary HTML and execute JavaScript in victim browsers when an SSR-rendered page passes user-controlled input as a slot name to a component using a client:* directive. The flaw lives in the server renderer, which interpolates the slot name into a data-astro-template attribute without HTML escaping, enabling attribute-context breakout. No public exploit identified at time of analysis beyond the reporter's PoC in the GHSA advisory, and the issue is not listed in CISA KEV.

XSS Node.js
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-54298 MEDIUM PATCH GHSA This Month

Cross-site scripting in Astro's server-side rendering pipeline allows injection of arbitrary HTML attributes and event handlers when the spread syntax `{...props}` is used with untrusted object keys. All Astro deployments — SSR, SSG, and hybrid — are affected when application code spreads props sourced from external APIs, CMS responses, or URL parameters onto HTML elements. A functional public proof-of-concept demonstrates session cookie theft via injected `onmousemove` event handlers; no active exploitation has been confirmed in CISA KEV at time of analysis.

XSS
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-1766 MEDIUM PATCH This Month

Heap buffer overflow in GNOME localsearch's tracker-extract-mp3 component enables a local attacker to crash the metadata extraction daemon and potentially disclose heap memory contents by supplying a specially crafted MP3 file with malformed ID3v2.3 COMM tags. Affected platforms confirmed by Red Hat include RHEL 8, 9, and 10, where GNOME localsearch (formerly tracker-miners) runs as a background desktop search indexing service. No public exploit code and no active exploitation (CISA KEV) have been identified at time of analysis; exploitation is further constrained by the requirement for local access, low privileges, and user interaction.

Denial Of Service Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-49465 MEDIUM PATCH GHSA This Month

The Git node in n8n's workflow automation platform allows authenticated workflow editors to exfiltrate arbitrary host filesystem contents by supplying local paths as git repository sources in Clone or Push operations, bypassing the N8N_RESTRICT_FILE_ACCESS_TO sandbox entirely. Any git repository readable by the n8n process - including directories containing SSH keys, environment files, or database credentials - can be cloned into an allowed output path and read back through normal workflow outputs. No public exploit identified at time of analysis, but the attack complexity is genuinely low for any user holding workflow editing permissions, and vendor-confirmed patches are available in versions 1.123.48, 2.21.8, and 2.22.4.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.5%
CVE-2026-54311 MEDIUM PATCH GHSA This Month

Prototype pollution in n8n's Merge node SQL Query mode enables cross-user workflow data interception on multi-user instances. A low-privileged authenticated user can inject JavaScript prototype mutations into a shared, cached sandbox context; because that sandbox is reused across all workflow executions on the instance, the mutations persist into subsequent Merge SQL executions belonging to other users or projects, exposing their workflow data. Vendor-released patches are available in versions 2.25.7 and 2.26.2; no public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.3%
CVE-2026-53854 MEDIUM POC PATCH GHSA This Month

Privilege escalation in OpenClaw before 2026.4.25 allows authenticated low-privileged users to inherit wildcard ownerAllowFrom authorization state across channel boundaries, enabling execution of owner-level commands outside their intended channel scope on both internal and webchat command paths. The flaw (CWE-863) produces high integrity impact (VI:H per CVSS 4.0) without confidentiality or availability consequences, as the attacker gains unauthorized administrative command execution rather than data access. No public exploit code and no CISA KEV listing have been identified at time of analysis, and the CVSS 4.0 score of 6.0 reflects meaningful but condition-dependent risk.

Privilege Escalation Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.2%
CVE-2026-53840 MEDIUM POC PATCH GHSA This Month

OpenClaw's streamable-http MCP server implementation leaks operator-configured custom headers to attacker-controlled origins during cross-origin HTTP redirects. All OpenClaw versions before 2026.5.12 are affected, and any deployment that places sensitive values - API keys, tenant-routing credentials, or bearer tokens - in operator-configured custom headers is exposed. An attacker who controls or has compromised an MCP endpoint can trigger a cross-origin redirect, causing OpenClaw to forward those headers to an origin the attacker controls, resulting in credential theft. No public exploit has been identified at time of analysis, and this CVE is not currently listed in CISA KEV.

Information Disclosure Openclaw
NVD GitHub
CVSS 4.0
6.0
EPSS
0.2%
CVE-2026-53859 MEDIUM PATCH GHSA This Month

Hostname blocklist bypass in OpenClaw before 2026.5.26 enables authenticated attackers to reach operator-restricted network destinations by supplying trailing-dot notation in model- or workspace-derived URLs. The comparison logic evaluating hostnames against blocklist policies does not normalize fully qualified domain name (FQDN) trailing dots before evaluation, while DNS resolvers treat `blocked.example.com.` and `blocked.example.com` as identical targets. With confidentiality impact rated High by CVSS 4.0 and no public exploit or KEV listing identified at time of analysis, risk is real but bounded to deployments with active blocklist policies and users who control URL parameters.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.2%
CVE-2026-53844 MEDIUM POC PATCH GHSA This Month

Session visibility check bypass in OpenClaw's shared memory search component allows authenticated low-privileged users to retrieve memory entries belonging to other sessions without proper authorization. All OpenClaw versions prior to 2026.4.29 are affected; the flaw (CWE-862, Missing Authorization) exists because the session visibility guard is not enforced on the shared memory search code path, yielding a high confidentiality impact against multi-session deployments. No public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog; however, the CVSS 4.0 score of 6.0 with VC:H signals meaningful data exposure risk for any environment where multiple users or sessions operate concurrently.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.2%
CVE-2026-46877 MEDIUM This Month

The VMSVGA virtual graphics device in Oracle VM VirtualBox 7.2.8 allows a high-privileged local attacker to cross the guest-to-host isolation boundary and gain unauthorized read access to critical data beyond the VM's intended scope. The CVSS scope change (S:C) confirms this is a hypervisor boundary violation - successful exploitation exposes host-level or cross-VM confidential data, a severe outcome in multi-tenant virtualization environments despite the moderate base score. No public exploit identified at time of analysis, and no CISA KEV listing indicates no confirmed active exploitation.

Authentication Bypass Oracle Oracle Vm Virtualbox Privilege Escalation
NVD VulDB
CVSS 3.1
6.0
EPSS
0.2%
CVE-2026-46825 MEDIUM This Month

Integrity compromise in Oracle VM VirtualBox 7.2.8 via the VMSVGA virtual graphics device component allows a highly privileged local attacker to make unauthorized modifications to critical data, with scope change indicating impact extends beyond the initially targeted VM instance. The CVSS 3.1 vector (AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N) confirms local-only attack surface requiring high privileges, but the confirmed scope change elevates the potential blast radius to the host or adjacent VMs. No public exploit has been identified at time of analysis, and the vulnerability is patched under Oracle's Critical Security Update for June 2026.

Authentication Bypass Oracle Oracle Vm Virtualbox
NVD VulDB
CVSS 3.1
6.0
EPSS
0.2%
CVE-2026-46768 MEDIUM This Month

Denial-of-service in Oracle VM VirtualBox 7.2.8 affects the VMSVGA virtual graphics device emulation layer, allowing a highly privileged local attacker to cause a persistent hang or fully repeatable crash of the hypervisor process. The CVSS Scope:Changed metric signals that the DoS impact propagates beyond the attacker's own guest VM, potentially destabilizing the host process and all co-resident VMs - a meaningful concern in multi-tenant and VDI environments. No public exploit code exists and no CISA KEV listing is present at time of analysis; exploitation is bounded by the requirement for high-privileged local access to the infrastructure.

Oracle Oracle Vm Virtualbox Authentication Bypass
NVD VulDB
CVSS 3.1
6.0
EPSS
0.2%
CVE-2026-53863 MEDIUM PATCH GHSA This Month

OpenClaw versions before 2026.4.25 expose an authorization bypass via unvalidated user-controlled group IDs in the tool group policy resolver, enabling authenticated low-privilege network attackers to manipulate access-control decisions for tool invocations. The CVSS 4.0 vector assigns VI:H (High integrity impact on the vulnerable system), reflecting that successful exploitation can cause the policy engine to grant or deny tool permissions contrary to the intended configuration. No public exploit code has been identified at time of analysis, and the CVSS 4.0 AT:P metric indicates a specific attack requirement limits opportunistic mass exploitation.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.2%
CVE-2026-54286 MEDIUM PATCH GHSA This Month

Static file disclosure in Hono's serve-static middleware on Windows allows unauthenticated remote attackers to read files protected behind prefix-mounted middleware by submitting a URL-encoded backslash (%5C) in the request path. Hono versions prior to 4.12.25 are affected when deployed on Windows using the Node, Bun, or Deno adapters with an auth or access-control middleware guarding a static subtree. No public exploit or CISA KEV listing has been identified at time of analysis, but the attack primitive is trivially constructable from the public advisory.

Path Traversal Microsoft
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2026-52714 MEDIUM This Month

Broken access control in SEO Plugin by Squirrly SEO version 12.4.16 and earlier allows unauthenticated remote attackers to perform unauthorized privileged actions, resulting in high integrity impact against affected WordPress installations. The flaw stems from missing authorization checks (CWE-862), permitting requests to restricted functionality without any credential validation. No public exploit code or active CISA KEV listing has been identified at time of analysis, though the CVSS high-complexity rating suggests exploitation requires meeting specific conditions beyond a simple direct request.

Authentication Bypass Seo Plugin By Squirrly Seo
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2026-12425 MEDIUM This Month

Reflected cross-site scripting in PowerSchool Employee Access Center 23.10 allows unauthenticated remote attackers to execute arbitrary JavaScript in the browser context of any user who clicks a crafted login URL, with injected code evaluated directly via eval(). Reported by Palo Alto Networks Unit 42 (PANW-2026-0002), exploit code has been publicly released (CVSS 4.0 E:P), meaningfully lowering the barrier to exploitation. No active exploitation has been confirmed in CISA KEV at time of analysis, but the low-barrier phishing delivery path targeting an education-sector HR authentication page - with high subsequent-system impact - warrants treatment above the Medium CVSS 4.0 score of 5.7 implies.

XSS Employee Access Center
NVD GitHub VulDB
CVSS 4.0
5.7
EPSS
0.3%
CVE-2026-0165 MEDIUM This Month

In several functions of the RTCP packet decoder, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Information Disclosure Buffer Overflow
NVD VulDB
CVSS 3.1
5.7
EPSS
0.2%
CVE-2026-53856 MEDIUM POC PATCH GHSA This Month

OpenClaw before 2026.4.24 exposes sensitive configuration data to other local users on shared hosts due to insecure file permissions set during the config recovery process. When recovery restores OpenClaw.json, the resulting file is created with overly broad permissions, allowing any low-privileged local user to read its contents. No public exploit has been identified at time of analysis, but exploitation requires only a low-privilege local account and a shared-host environment where the recovery path has been exercised.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 4.0
5.7
EPSS
0.1%
CVE-2026-2604 MEDIUM PATCH This Month

Arbitrary file deletion in evolution-data-server's addressbook file backend exposes host filesystem to manipulation by a Flatpak application with D-Bus access. The vulnerability exploits split validation logic: a crafted URI embedding directory traversal sequences (e.g., '../') is accepted without sufficient sanitization during contact creation or modification, but when the same URI is later processed at deletion time, a second, less restrictive check fails to catch the traversal - allowing files outside the intended addressbook directory to be removed. Critically, deletion of Flatpak override files could be leveraged to silently weaken sandbox restrictions for subsequent application runs. No public exploit has been identified at time of analysis.

Path Traversal Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +3
NVD VulDB
CVSS 3.1
5.6
EPSS
0.3%
CVE-2026-1765 MEDIUM PATCH This Month

Out-of-bounds read in the tracker-extract-mp3 component of GNOME localsearch (formerly tracker-miners) allows a low-privileged local user to trigger an application crash or leak sensitive process memory when the indexer parses a specially crafted MP3 file. Affected deployments include Red Hat Enterprise Linux 8, 9, and 10 running the GNOME desktop stack. No public exploit or active exploitation has been identified at time of analysis, though the file-based delivery mechanism - providing a malicious MP3 to a system where localsearch auto-indexes media - keeps realistic attacker reach higher than the AV:L vector alone implies.

Denial Of Service Information Disclosure Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 +1
NVD VulDB
CVSS 3.1
5.6
EPSS
0.2%
CVE-2026-1764 MEDIUM PATCH This Month

Heap out-of-bounds read in GNOME localsearch (formerly tracker-miners) MP3 Extractor affects Red Hat Enterprise Linux 8, 9, and 10, exploitable when a local user triggers indexing of a specially crafted MP3 file containing malformed ID3v2.4 tags. The missing bounds check in the `extract_performers_tags` function can cause a Denial of Service via an unmapped memory read, and in certain heap layout scenarios may also leak fragments of heap memory, resulting in limited information disclosure. No public exploit code has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog.

Denial Of Service Information Disclosure Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 +1
NVD VulDB
CVSS 3.1
5.6
EPSS
0.2%
CVE-2026-47963 MEDIUM This Month

Out-of-bounds read in Adobe DNG SDK 1.7.1 build 2536 and earlier exposes sensitive process memory when a victim opens a specially crafted Digital Negative (DNG) image file. The vulnerability is confined to information disclosure - no code execution or data modification is achievable - and requires local file delivery combined with explicit user interaction, as reflected by the CVSS AV:L/UI:R metrics. No public exploit code or CISA KEV listing has been identified at time of analysis, placing this as a moderate-priority patching target, though risk scales with how broadly the SDK is embedded in applications that process untrusted DNG files.

Information Disclosure Buffer Overflow Dng Sdk
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-47934 MEDIUM This Month

Out-of-bounds memory read in Adobe DNG SDK 1.7.1 build 2536 and earlier enables sensitive process memory disclosure when a victim opens a specially crafted DNG raw image file. The vulnerability is local-vector, requiring attacker-controlled file delivery and victim interaction, making phishing or malicious file distribution the primary delivery mechanism. No public exploit code or CISA KEV listing has been identified at time of analysis, placing this as a medium-priority information disclosure risk consistent with its CVSS 5.5 rating.

Information Disclosure Buffer Overflow Dng Sdk
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-47927 MEDIUM This Month

Out-of-bounds read in Adobe DNG SDK 1.7.1 build 2536 and earlier exposes sensitive process memory contents when a victim opens a specially crafted DNG image file. The attacker requires no privileges of their own - the attack surface is entirely dependent on social engineering a user into opening a malicious file processed by any application embedding the vulnerable SDK. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, indicating no confirmed active exploitation.

Information Disclosure Buffer Overflow Dng Sdk
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-49406 MEDIUM PATCH GHSA This Month

BYONM module resolution in Deno (≤ 2.7.11) allows path traversal via crafted `package.json` `main` fields, bypassing the `--allow-read` permission sandbox that is central to Deno's security model. A malicious npm package installed under a BYONM `node_modules` tree can cause `require()` to read and return the parsed contents of arbitrary JSON files outside the directory scope granted by `--allow-read`, while a direct `Deno.readTextFileSync()` call to the same path would be correctly blocked. No active exploitation is confirmed (not in CISA KEV), but a self-contained proof-of-concept was supplied by the reporter and is documented in the GitHub Security Advisory; real-world risk is meaningful in supply-chain scenarios where Deno's permission model is the primary isolation boundary.

Path Traversal Node.js
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-47748 MEDIUM This Month

Out-of-bounds reads in stable-diffusion.cpp's PyTorch pickle checkpoint parser (versions prior to master-584-0a7ae07) allow a crafted or truncated .ckpt file to crash the loading application or leak process memory contents. The pickle opcode handlers in src/model.cpp advanced the buffer pointer without verifying remaining bytes before each read, meaning any application using this library to load untrusted .ckpt model files is exposed to denial-of-service and potential memory disclosure. No public exploit has been identified at time of analysis, though LibFuzzer triggered crashing inputs in under one second, indicating an extremely low barrier for generating working crash payloads.

Checkpoint Information Disclosure Buffer Overflow Stable Diffusion Cpp
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-12299 MEDIUM PATCH This Month

JIT miscompilation in Mozilla Firefox's DOM Core & HTML component enables memory corruption and limited information disclosure when a user visits a malicious web page. Affecting Firefox prior to 152, Firefox ESR 140.x prior to 140.12, and Firefox ESR 115.x prior to 115.37, the root cause is a type confusion (CWE-843) in the Just-In-Time compiler that mishandles type information during DOM object operations. No public exploit has been identified and CISA's SSVC rates exploitation as none with partial technical impact; vendor patches are confirmed across all three release channels.

Mozilla Memory Corruption Information Disclosure
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-12298 MEDIUM PATCH This Month

Out-of-bounds read memory safety bug in Mozilla Firefox allows network-based attackers to cause limited confidentiality and integrity impact by luring users to visit crafted web content. All Firefox versions prior to 152 and Firefox ESR versions prior to 140.12 are affected, per Mozilla security advisories mfsa2026-57 and mfsa2026-58. No public exploit identified at time of analysis, and CISA SSVC assessment confirms no known active exploitation with only partial technical impact.

Mozilla Information Disclosure Buffer Overflow
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-30476 MEDIUM PATCH This Month

PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Powerstore
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-50255 MEDIUM This Month

Privilege escalation to SYSTEM in Sony Optical Disc Archive Software for Windows 5.5.3 and earlier arises from incorrect default filesystem permissions (CWE-276), enabling a local low-privileged attacker to plant or replace executable content that the software later runs with SYSTEM-level authority. Reported by JPCERT/CC and tracked under JVN#79926428, the vulnerability is classified as local with passive user interaction required (CVSS 4.0 AV:L/UI:P/AT:P), limiting opportunistic mass exploitation. No public exploit code and no CISA KEV listing have been identified at time of analysis.

Privilege Escalation Microsoft RCE Optical Disc Archive Software For Windows
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-12330 MEDIUM PATCH This Month

Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12 and Firefox ESR 115.37.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-12323 MEDIUM PATCH This Month

Spoofing via CWE-1021 (UI layer restriction failure) in Mozilla Firefox's DOM Core & HTML component allows remote unauthenticated attackers to render deceptive UI content in a victim's browser when they interact with a malicious web page. All Firefox versions prior to 152 are affected. No public exploit has been identified at time of analysis, and CISA SSVC assessment classifies exploitation status as none with partial technical impact, placing real-world urgency below the moderate CVSS score suggests.

Mozilla XSS Suse Red Hat
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-12322 MEDIUM PATCH This Month

Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152.

Mozilla XSS Suse Red Hat
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-12321 MEDIUM PATCH This Month

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152.

Mozilla Information Disclosure Suse Red Hat
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-46790 MEDIUM This Month

Unauthorized information disclosure in Oracle WebCenter Content 14.1.2.0.0 exposes a subset of managed content to remote unauthenticated attackers via HTTP against the Content Server component. The intelligence tags classify the mechanism as an Authentication Bypass, suggesting the Content Server fails to enforce access controls on certain requests before serving content. No public exploit code or CISA KEV listing has been identified at time of analysis; however, the zero-complexity, zero-privilege CVSS vector means any network-reachable attacker can attempt exploitation without preconditions.

Oracle Oracle Webcenter Content Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-6964 MEDIUM This Month

Unauthenticated access to Zoom SDK credentials is possible in the Video Conferencing with Zoom WordPress plugin (versions up to and including 4.6.7) due to missing authorization checks on AJAX endpoints. Any unauthenticated remote attacker can retrieve the site's Zoom SDK API key - a persistent, reusable secret - along with a freshly-signed JWT, enabling them to join any Zoom meeting associated with those credentials without a valid invitation. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis, though the low attack complexity and zero authentication requirement make this straightforward to exploit.

Authentication Bypass WordPress Video Conferencing With Zoom
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-12308 MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-12307 MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-12306 MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-12301 MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.

Mozilla Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-12300 MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.

Mozilla Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-12329 MEDIUM PATCH This Month

Memory safety bug fixed in Firefox ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12.

Mozilla Buffer Overflow
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-9187 MEDIUM This Month

Unauthenticated arbitrary post deletion in the Abandoned Contact Form 7 WordPress plugin (versions ≤ 2.2) allows any remote attacker to permanently erase any post, page, or custom content type from an affected site by submitting a single crafted HTTP request. The plugin's AJAX handler is registered on the `wp_ajax_nopriv_remove_abandoned` hook without capability checks or nonce validation, exposing WordPress's `wp_delete_post()` with the force-delete flag set to true to unauthenticated callers who supply any valid post ID. No confirmed active exploitation (CISA KEV) or public exploit code has been identified at time of analysis, but the trivially automatable, zero-prerequisite attack surface makes this a high-priority remediation target for any site running the vulnerable plugin version.

Authentication Bypass WordPress Abandoned Contact Form 7
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-54300 MEDIUM PATCH GHSA This Month

Regex translation in the @astrojs/netlify adapter broadens Astro's image.remotePatterns beyond the intended allowlist when building for Netlify deployment, enabling unauthorized image fetches from apex hosts and deeper URL paths. Versions of @astrojs/netlify prior to 7.0.13 (confirmed vulnerable at 7.0.10) generate Netlify Image CDN regex patterns that make wildcard subdomains optional and omit end-anchoring on pathname segments, causing the Netlify CDN to accept URLs that Astro's canonical matcher would reject. Unauthenticated public requesters can exploit this to cause the Netlify Image CDN to fetch image-like resources from hosts or paths outside the developer's intended scope, constituting a partial SSRF bypass against the image proxy allowlist. No active exploitation has been confirmed in CISA KEV, but a detailed reproduction is included in the GHSA advisory.

Canonical Node.js SSRF
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-53847 MEDIUM PATCH GHSA This Month

Privilege escalation in OpenClaw before 2026.5.6 allows authenticated Gateway operators holding operator.write access to modify global configuration that should be restricted exclusively to operator.admin privileges. The root cause (CWE-266: Incorrect Privilege Assignment) lies in insufficient scope validation within the Active Memory write scope, which fails to enforce the boundary between the write and admin privilege tiers. No public exploit has been identified at time of analysis; however, the network-accessible attack vector (AV:N, PR:L) means any authenticated operator-level account across the deployment is a viable exploitation path with low attack complexity.

Privilege Escalation Openclaw
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-12003 MEDIUM PATCH This Month

Privilege escalation in CPython on Windows enables a low-privileged local user to hijack the module search path of a more-privileged Python process running from a legacy all-users installation, enabling arbitrary code execution under an elevated context. The root cause is a VPATH-based fallback landmark mechanism compiled into release builds: on Windows, VPATH resolves two directory levels above PCbuild/, placing the Modules/Setup.local landmark outside the install directory in a location writable by unprivileged users under the legacy EXE installer's default all-users path. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV; however, high confidentiality and integrity impact (VC:H/VI:H) reflect the ability to fully substitute Python's module loading path.

Python Privilege Escalation Microsoft Cpython
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy