Skip to main content
CVE-2026-42390 MEDIUM PATCH This Month

ZONEMD validation bypass in PowerDNS Recursor allows a cryptographically invalid DNS zone to be accepted as legitimate when ZoneToCache is configured with ZONEMD validation enabled. This undermines the integrity guarantee that ZONEMD is designed to provide - an attacker capable of serving a crafted zone to the resolver (e.g., via a rogue authoritative source or network interception) can cause the recursor to cache and serve tampered DNS data. No public exploit code has been identified and exploitation is not confirmed in CISA KEV; real-world risk is constrained by the non-default configuration prerequisite.

Information Disclosure Recursor Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-40012 MEDIUM PATCH This Month

Improper packet cache handling in PowerDNS Recursor causes ECS zero-scoped DNS answers to be stored in the cache when they should be discarded or handled as global entries, creating an information disclosure pathway. All Recursor versions (cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*) are affected, but only deployments with EDNS Client Subnet (ECS) explicitly enabled are exposed. The CVSS score of 5.3 with a network vector and no required privileges reflects that any DNS client can trigger the improper caching behavior, though real-world impact is bounded by the non-default ECS configuration requirement. No public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Recursor Suse
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2020-37256 MEDIUM PATCH This Month

Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS RCE Grav
NVD GitHub
CVSS 4.0
5.1
EPSS
0.2%
CVE-2026-9083 MEDIUM PATCH This Month

Red Hat Build of Keycloak allows realm administrators holding the 'manage-realm' role to probe arbitrary filesystem paths by submitting unsanitized path values as keystore parameters during key provider component creation. The Keycloak process's file access attempt reveals whether a given path exists and is readable, functioning as a filesystem oracle for authenticated attackers. No public exploit code or active exploitation has been identified at time of analysis; the CVSS score of 4.9 (PR:H) reflects the significant constraint of requiring realm administrator credentials prior to exploitation.

Path Traversal Information Disclosure Red Hat Build Of Keycloak
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2026-55164 MEDIUM PATCH GHSA This Month

Cleartext password storage in Netflix Lemur's user-update service path allows any attacker who gains read access to the Lemur database, its backups, query logs, or read replicas to obtain directly usable plaintext credentials - no offline cracking required. The flaw affects all Lemur deployments running pip/lemur <= 1.9.1 and is triggered exclusively when an administrator resets a user password through the admin-gated PUT /api/1/users/<id> API endpoint. No public exploit is required: the advisory itself contains precise reproduction steps, and the side effect (immediate login failure for affected users) makes the exposure operationally detectable. No KEV listing exists at time of analysis.

Authentication Bypass Hashicorp Python
NVD GitHub
CVSS 3.1
4.9
CVE-2026-55165 MEDIUM POC PATCH GHSA This Month

JWT algorithm confusion in Netflix Lemur 1.9.0 allows an attacker to control which signing algorithm the server trusts by supplying an arbitrary alg value in the unverified token header, which is passed directly to pyjwt.decode() instead of a server-pinned allowlist. On current PyJWT 2.x deployments the standalone impact is limited to audit-log blinding and a durable algorithm-downgrade primitive; full account takeover requires chaining with a separate LEMUR_TOKEN_SECRET disclosure vulnerability, after which a forged HS256 admin JWT yields HTTP 200 with role=admin. A public proof-of-concept walkthrough exists (asciinema); no active exploitation is confirmed in CISA KEV.

SSRF Jwt Attack Python Docker
NVD GitHub
CVSS 3.1
4.8
CVE-2026-40210 MEDIUM PATCH This Month

dnsdist's SetMacAddrAction handler exposes operators to uninitialized memory leakage in DNS responses and potential service crashes when the action is configured in the ruleset. The flaw is reachable over the network without authentication (AV:N/PR:N), but the high attack complexity (AC:H) constrains real-world impact to deployments that have explicitly enabled SetMacAddrAction - a non-default configuration. No public exploit code exists and no CISA KEV listing is present at time of analysis; the PowerDNS security team (Open-Xchange) reported this internally, suggesting responsible disclosure rather than observed active exploitation.

Buffer Overflow Suse
NVD VulDB
CVSS 3.1
4.8
EPSS
0.3%
CVE-2026-9799 MEDIUM PATCH This Month

Authorization bypass in Red Hat Build of Keycloak's UMA engine lets an authenticated user who holds a valid permission ticket for a single resource escalate access to all resources of the same type on the resource server by crafting a specific permission request prefix. The bypass is silently permitted when the resource server operates in PERMISSIVE enforcement mode with ownerManagedAccess enabled and no explicit type-level policy in place. No public exploit code exists and this CVE is not listed in CISA KEV at time of analysis, but the low attack complexity and network vector make this a credible internal-privilege escalation path in affected Keycloak deployments.

Authentication Bypass Information Disclosure Red Hat Build Of Keycloak
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2026-46406 MEDIUM PATCH GHSA This Month

Insecure temporary file handling in Claude Code's `/copy` command exposes privileged users on multi-user systems to two distinct local attacks: passive response disclosure and symlink-based arbitrary file write. The command unconditionally writes AI response content to `/tmp/claude/response.md` - a static, world-readable path in a world-traversable directory - enabling any local user to read output that may contain secrets, credentials, or sensitive data. A more capable local attacker can pre-plant a symlink at the predictable path, causing a privileged process's `/copy` invocation to overwrite an attacker-chosen file. Affected versions span `@anthropic-ai/claude-code` 2.1.59 through 2.1.127; no public exploit has been identified at time of analysis, and no CISA KEV listing exists.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
4.4
EPSS
0.2%
CVE-2026-8330 MEDIUM PATCH This Month

Sensitive data exposure in GitLab CE/EE affects all instances running versions from 9.3 through 18.11.5, 19.0 through 19.0.2, and 19.1.0, where under certain conditions a CI/CD API endpoint fails to adequately filter sensitive information before writing it to application logs. A high-privileged local actor who can access application log files on the GitLab server may recover sensitive data that should never have been persisted. No public exploit code exists and this vulnerability is not listed in CISA KEV, indicating no confirmed active exploitation at time of analysis.

Gitlab Information Disclosure
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2026-8662 MEDIUM PATCH This Month

Path traversal in Rapid7 InsightConnect's Compression Plugin on Linux allows authenticated attackers with high privileges to write files to arbitrary paths on the underlying host via crafted archive filenames passed to the create_archive function. Impact is constrained to file corruption - the attacker can control write destination but not write content, preventing code execution via this vector alone. No public exploit code exists and no KEV listing is present; the low CVSS score of 3.3 reflects the high authentication bar and limited impact scope.

Path Traversal Insightconnect Compression Plugin
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-1606 MEDIUM PATCH This Month

Content injection in GitLab CE/EE via improper Snippet input validation permits authenticated low-privilege users to conceal arbitrary content within Snippets, affecting all versions from 14.8 through 19.1.0. Despite being tagged as Code Injection (CWE-94) with RCE in vendor-supplied tags, the published CVSS score of 4.3 with only low integrity impact (I:L) indicates the vendor-confirmed impact is scoped to content concealment rather than full remote code execution. Patches are available in versions 18.11.6, 19.0.3, and 19.1.1; no public exploit and no CISA KEV listing have been identified at time of analysis.

Code Injection Gitlab RCE
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-5952 MEDIUM PATCH This Month

Incorrect authorization in GitLab CE/EE allows authenticated users holding developer-role permissions to bypass Maven package protection rules and overwrite protected package metadata. All GitLab versions from 17.11 through 18.11.5, 19.0.0 through 19.0.2, and 19.1.0 are affected, with patched releases available across all three trains. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV; real-world impact is scoped to organizations that have explicitly configured Maven package protection rules and host untrusted developer-role users.

Authentication Bypass Gitlab
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-5796 MEDIUM PATCH This Month

Incorrect authorization in GitLab CE/EE's group packages feature exposes package metadata from projects where the Package Registry has been explicitly disabled, allowing any authenticated Reporter-level group member to enumerate package names, versions, and publish timestamps that project owners intended to restrict. The flaw spans a very wide version range - all 13.6+ releases up to the newly-issued fixes in 18.11.6, 19.0.3, and 19.1.1 - meaning a large proportion of self-hosted GitLab deployments are affected. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Authentication Bypass Gitlab
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-42005 MEDIUM PATCH This Month

PowerDNS Authoritative Server's optional internal web server accepts crafted HTTP requests that trigger unbounded memory allocation, exhausting process memory and causing a denial of service against the DNS service. Exploitation requires low-privilege authentication (PR:L per CVSS vector) and the internal web server must be explicitly enabled - it is disabled by default, sharply limiting the real-world attack surface. No public exploit code has been identified and this vulnerability is not listed in CISA KEV.

Denial Of Service Authoritative Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2026-2299 MEDIUM This Month

Missing authorization in the Mattermost Google Drive plugin's file creation endpoint (all versions before 1.1.0) allows authenticated Mattermost users with a linked Google account to share Drive files into private channels they are not a member of, and to infer the existence and membership of those private channels. The root cause is CWE-862 (Missing Authorization): the endpoint processes the target channel ID supplied by the caller without verifying the caller belongs to that channel. No public exploit has been identified at time of analysis, and the vulnerability has not been added to the CISA KEV catalog.

Authentication Bypass Mattermost Google Mattermost Google Drive Plugin
NVD GitHub VulDB
CVSS 3.1
4.2
EPSS
0.1%
CVE-2026-57455 MEDIUM PATCH This Month

Stack out-of-bounds write in Vim's spell_soundfold_sofo() function (src/spell.c) allows local exploitation when a SOFO-based spell language is active and the soundfold path is triggered with a word exceeding MAXWLEN (254) bytes, corrupting the call frame and crashing the editor with theoretical code execution potential. All Vim releases prior to 9.2.0698 carrying the single-byte SOFO branch are affected; the vendor has released a confirmed fix at v9.2.0698. No public exploit code exists and no CISA KEV listing is present; the CVSS 4.0 E:U supplemental metric confirms exploitation remains unproven at time of analysis.

Memory Corruption Buffer Overflow Vim Suse
NVD GitHub
CVSS 4.0
4.0
EPSS
0.1%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy