Skip to main content
CVE-2026-39595 MEDIUM This Month

W3 Total Cache for WordPress (versions through 2.9.1) exposes Author-role users to administrative plugin functions due to missing authorization checks (CWE-862), enabling unintended read, write, and availability impacts against the caching layer. The CVSS vector confirms a network-accessible, low-complexity exploit requiring Author-level authentication (PR:H), with low but confirmed impact across all three CIA dimensions. No public exploit code or active exploitation via CISA KEV has been identified at the time of analysis.

Authentication Bypass W3 Total Cache
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2026-54325 MEDIUM PATCH GHSA This Month

Implicit execution of untrusted repository-controlled TypeScript/JavaScript extensions in Pi coding agent (npm package @earendil-works/pi-coding-agent) before 0.79.0 allows an attacker who controls a repository to execute arbitrary code with the victim user's full process privileges. Pi's startup path auto-loaded project-local extensions from a repository's .pi directory - including executable TypeScript/JavaScript modules - without any trust gate or user prompt, meaning a developer who cloned and ran Pi in a malicious repository would silently execute attacker-supplied extension code. No public exploit has been identified at time of analysis and this CVE is not listed in CISA KEV, but the attack class (supply-chain / repository-as-malware-delivery) is highly relevant to developer tooling security.

Privilege Escalation
NVD GitHub
CVSS 3.1
4.4
EPSS
0.1%
CVE-2026-12469 MEDIUM PATCH This Month

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2026-12446 MEDIUM PATCH This Month

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Google Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2026-54014 MEDIUM PATCH GHSA This Month

Sibling-prefix path traversal in open-webui 0.9.5 and earlier allows any authenticated user to read arbitrary files from directories adjacent to the configured cache directory, provided those directories share the string prefix 'cache' (e.g., cache_backup, cached_models). The flaw exists in serve_cache_file() at main.py:2914, where a missing trailing path separator in the startswith boundary check causes os.path.abspath() to validate resolved sibling paths as if they were within the cache root. Publicly available exploit code exists in the GHSA advisory (PoC confirmed against open-webui 0.9.5 via raw ASGI delivery); no confirmed active exploitation (not in CISA KEV) at time of analysis.

Path Traversal Python
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-54016 MEDIUM PATCH GHSA This Month

Broken Object Level Authorization in Open WebUI's `search_knowledge_files` builtin tool (versions ≤ 0.9.5) allows any authenticated user to enumerate file metadata from private or restricted knowledge bases they do not own or have permission to access. By sending a crafted chat completion request with native function calling enabled and supplying an arbitrary `knowledge_id`, an attacker bypasses the `AccessGrants` permission model entirely, receiving file IDs, filenames, knowledge base names, and timestamps. No KEV listing exists at time of analysis, but a detailed proof-of-concept with full reproduction steps is publicly documented in GitHub Security Advisory GHSA-cx9v-4qj2-jrw6, and a vendor-released patch is available in version 0.9.6.

Python Authentication Bypass
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-37496 MEDIUM This Month

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels.3.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Metro Magazine
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-31435 MEDIUM This Month

: Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels.8.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Social Media Share Icons
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-20178 MEDIUM This Month

Open redirect in the browser-based Cisco Webex App allowed unauthenticated remote attackers to redirect users to attacker-controlled websites by crafting malicious URLs with manipulated parameters. The vulnerability (CWE-601) stems from improper input validation of URL parameters in HTTP requests and scores CVSS 4.3 Medium (AV:N/AC:L/PR:N/UI:R). Cisco has fully remediated this server-side with no customer action required; no public exploit or CISA KEV listing exists at time of analysis.

Cisco Open Redirect Cisco Webex App
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-20265 MEDIUM This Month

Outbound SSRF-class data exfiltration in Splunk AI Toolkit versions below 5.7.4 allows any low-privileged authenticated Splunk user - without admin or power roles - to redirect the AI agent's HTTP request mechanism to an attacker-controlled server. The root cause is an insecure default domain allowlist shipped with the toolkit that places no restrictions on which external domains the AI agent may contact. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, but the low privilege barrier makes it broadly relevant in enterprise Splunk deployments with many standard users.

Splunk Information Disclosure Splunk Ai Toolkit
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-12515 MEDIUM PATCH This Month

Insufficient authorization in the Katello ContentUploadsController within Red Hat Satellite 6 permits authenticated users holding only the edit_products permission to query content metadata for repositories belonging to products they have no rights to manage. The flaw, rooted in a missing ActiveRecord scope on repository lookup, allows cross-product content-existence enumeration via the content-upload API - but explicitly does not permit modification, import, or publication of content. No public exploit exists and the vulnerability is not listed in CISA KEV; risk is bounded by the authentication requirement and the limited read-only impact.

Authentication Bypass Red Hat Red Hat Hardened Images Red Hat Satellite 6
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-24709 MEDIUM This Month

Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels.7.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Shareaholic
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-54006 MEDIUM PATCH GHSA This Month

{event_id}/update` endpoint validates write access only on the source calendar, silently omitting the destination `calendar_id` authorization check that `create_event` correctly enforces - a classic IDOR pattern. A verified public proof-of-concept exists against v0.9.4 (the official Docker image); the fix is available in v0.9.6. No CISA KEV listing was present in the input data, so widespread in-the-wild exploitation is unconfirmed.

Python Authentication Bypass XSS Docker
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-55517 MEDIUM PATCH GHSA This Month

Process-terminating denial of service in Deno's WebSocket client (versions <= 2.7.4) allows any server - or a network man-in-the-middle on an unencrypted ws:// connection - to crash a Deno application by returning non-visible-ASCII bytes (0x80-0xFF) in the Sec-WebSocket-Protocol or Sec-WebSocket-Extensions handshake response headers. The root cause is an unhandled Rust panic in the HTTP upgrade path: HeaderValue::to_str() returns an error for out-of-range bytes, and that error path was not caught, causing the entire Deno process to abort. No public exploit has been identified at time of analysis and this is not listed in the CISA KEV catalog; impact is strictly availability - the advisory explicitly states there is no information disclosure or memory-safety consequence.

Information Disclosure Denial Of Service
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-33685 MEDIUM This Month

Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Startupzy
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-35648 MEDIUM This Month

Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Emergency Password Reset
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34810 MEDIUM This Month

Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery.0.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Skyline Wp
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-40723 MEDIUM This Month

Broken Access Control in Bricks Builder for WordPress (versions up to and including 2.1.4) allows subscriber-level authenticated users to perform actions that should be restricted to higher-privilege roles such as editor or administrator. Rooted in CWE-862 (Missing Authorization), the flaw means certain builder endpoints or AJAX actions execute without verifying whether the requesting user holds sufficient capabilities. No public exploit code identified at time of analysis, and this CVE is not listed in CISA KEV; however, the low authentication barrier (any registered subscriber) on sites with open registration increases realistic exposure.

Authentication Bypass Bricks Builder
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-24610 MEDIUM This Month

Broken Access Control in MetForm Pro WordPress plugin (versions <= 3.9.1) permits subscriber-level authenticated users to perform actions restricted to higher-privileged roles, resulting in unauthorized low-level integrity modifications. The flaw stems from missing authorization checks (CWE-862) on one or more plugin endpoints or AJAX handlers accessible to the lowest standard WordPress role. No active exploitation has been confirmed by CISA KEV, and no public exploit code has been identified at time of analysis, but the low attack complexity and network accessibility make this exploitable by any user with a valid WordPress subscriber account on an affected site.

Authentication Bypass Metform Pro
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-24575 MEDIUM This Month

Broken access control in WishList Member X WordPress plugin (versions ≤ 3.29.0) permits authenticated subscriber-level users to access membership-restricted content without holding the required membership tier. Rooted in CWE-862 (Missing Authorization), the plugin fails to enforce authorization checks on protected content access paths, exposing paid or restricted resources to the lowest WordPress authenticated role. No public exploit has been identified at time of analysis, and this vulnerability has not been added to the CISA KEV catalog.

Authentication Bypass Wishlist Member X
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-48571 MEDIUM This Month

In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Information Disclosure
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-12460 MEDIUM PATCH This Month

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. (Chromium security severity: High)

Google Chrome Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
4.2
EPSS
0.3%
CVE-2026-12453 MEDIUM PATCH This Month

Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

Google Chrome Authentication Bypass Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
4.2
EPSS
0.3%
CVE-2026-12457 MEDIUM PATCH This Month

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

Google Chrome Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
4.2
EPSS
0.2%
CVE-2026-12456 MEDIUM PATCH This Month

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. (Chromium security severity: High)

Google Chrome Authentication Bypass Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
4.2
EPSS
0.2%
CVE-2026-11525 LOW PATCH GHSA Monitor

SameSite attribute parsing in undici's cookie implementation uses substring matching instead of the case-insensitive exact match required by RFC 6265, enabling a malicious or non-compliant upstream server to silently downgrade a cookie's SameSite enforcement to a more permissive value. All undici installations from v5.15.0 onward through the unpatched release branches are affected when consuming Set-Cookie headers via undici's fetch or proxy code paths and forwarding or relying on the parsed sameSite attribute. No public exploit has been identified and no CISA KEV listing exists at time of analysis; however, the integrity impact is concrete in architectures where SameSite policy enforcement is delegated to the parsed cookie attribute.

Information Disclosure Undici
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.2%
CVE-2026-6733 LOW PATCH GHSA Monitor

Response queue poisoning in Undici's HTTP/1.1 client allows an attacker-controlled or compromised upstream server to inject unsolicited HTTP responses onto idle keep-alive sockets, causing subsequent outbound requests to receive falsified responses. All Undici versions across the v6, v7, and v8 branches prior to the patched releases are affected when keep-alive connection reuse is active (the default). While the CVSS score is low (3.7) and no public exploit or KEV listing exists, the integrity impact can carry significant business logic consequences in applications that proxy requests through third-party or partially trusted upstream servers.

Code Injection Undici
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.2%
CVE-2026-0057 LOW Monitor

In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Information Disclosure
NVD VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2026-12458 LOW PATCH Monitor

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Google Chrome Information Disclosure Microsoft Office
NVD VulDB
CVSS 3.1
3.1
EPSS
0.3%
CVE-2026-39199 LOW Monitor

Out-of-bounds write in snes9x 1.63's UPS patch file parser allows a crafted .ups ROM patch file to trigger memory corruption and a denial-of-service crash. The flaw resides in the ReadUPSPatch loop in memmap.cpp, where the loop iterator `relative` was not bounded against CMemory::MAX_ROM_SIZE, permitting writes past the end of the allocated ROM buffer. Impact is limited to availability (crash) per the CVSS vector, though the underlying CWE-787 out-of-bounds write class carries broader memory-safety implications. No public exploit identified at time of analysis, and CVSS rates this Low (2.9) due to local attack vector and high complexity.

Denial Of Service Memory Corruption Buffer Overflow Snes9X
NVD GitHub VulDB
CVSS 3.1
2.9
EPSS
0.1%
CVE-2026-54327 LOW PATCH GHSA Monitor

Credential disclosure in Pi coding agent affects all versions of @mariozechner/pi-coding-agent (>=0.28.0, <=0.73.1) and @earendil-works/pi-coding-agent (>=0.74.0, <0.78.1) due to a TOCTOU race condition in auth.json file writes. The credential storage code wrote auth.json with umask-inherited permissions and only subsequently tightened the mode to owner-only, leaving a brief window in which a local user with directory traverse access could read API keys, OAuth access tokens, and OAuth refresh tokens. This is not remotely exploitable; no public exploit identified at time of analysis, and the vendor CVSS of 2.2 reflects the strict local and timing prerequisites.

Crowdstrike Information Disclosure
NVD GitHub
CVSS 3.1
2.2
EPSS
0.1%
CVE-2026-50268 LOW PATCH GHSA Monitor

Steeltoe.Configuration.Encryption 4.0.0 through 4.1.0 silently downgrades RSA encryption from OAEP to PKCS#1 v1.5 when operators explicitly configure `encrypt:rsa:algorithm=OAEP`. The root cause is an incorrect BouncyCastle transformation string in `RsaKeyStoreDecryptor.cs` - the `OAEP` branch passed `"RSA/ECB/PKCS1"` to `CipherUtilities.GetCipher()` instead of the correct `"RSA/NONE/OAEPWithSHA1AndMGF1Padding"`, meaning both the `OAEP` and `DEFAULT` settings silently selected the same weaker algorithm. No public exploit is identified at time of analysis, and CVSS scores this at 1.9 (Low) given the high-privilege local attack vector; however, the security consequence is a cryptographic guarantee failure that exposes encrypted configuration secrets to Bleichenbacher-class padding oracle attacks that OAEP was chosen to prevent.

Information Disclosure Steeltoe Configuration Encryption
NVD GitHub
CVSS 3.1
1.9
EPSS
0.0%
CVE-2026-49050 CRITICAL Act Now

Privilege escalation in Apache DolphinScheduler before 3.4.2 allows any authenticated general user to mint admin-level access tokens by calling the /access-tokens API endpoint directly, bypassing role-enforcement logic. This effectively grants full administrative control over the workflow scheduling platform to any low-privilege account holder. No public exploit has been identified at time of analysis, but the simplicity of the attack surface - a direct API call - makes this a high-priority remediation target for any multi-tenant or enterprise DolphinScheduler deployment.

Apache Information Disclosure
NVD
CVE-2026-36849 HIGH This Week

Denial of service in libtiff v4.7.1 and prior allows processing of a crafted TIFF file containing an abnormally large SamplesPerPixel tag value to crash or hang the affected process. Any application or service that passes attacker-controlled TIFF files through libtiff is potentially vulnerable, including web-based image processors, document converters, and media ingestion pipelines. No active exploitation has been confirmed by CISA KEV, and no public exploit code has been identified at the time of this analysis.

Gitlab Denial Of Service Suse
NVD
Prev Page 9 of 9

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy