Skip to main content
CVE-2026-43726 MEDIUM PATCH This Month

Use-after-free memory corruption in Apple's WebKit browser engine causes an unexpected process crash when rendering maliciously crafted web content. Safari (all versions prior to 26.5.2), iOS and iPadOS (all versions prior to 26.5.2), and macOS Tahoe (all versions prior to 26.5.2) are affected across Apple's full consumer device ecosystem. No public exploit or CISA KEV listing exists at time of analysis; impact is confirmed as denial-of-service (process crash) only, with no confidentiality or integrity compromise.

Memory Corruption Apple Denial Of Service Use After Free Ios And Ipados
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-31016 MEDIUM This Month

Cross-site request forgery in Squidex CMS v7.21.0 and earlier allows a remote attacker to escalate privileges by targeting the IdentityServer account profile endpoint without requiring any authentication of their own. A proof-of-concept exploit is publicly documented, including a video walkthrough, and SSVC analysis classifies the attack as automatable with partial technical impact. No active exploitation has been confirmed by CISA KEV at time of analysis.

CSRF N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-51218 MEDIUM This Month

Heap buffer overflow in snap7 v1.4.3 crashes the embedded S7 server when processing a specially crafted write function packet targeting TS7Worker::PerformFunctionWrite() in /core/s7_server.cpp. Systems deploying snap7 as an S7-compatible communication server - common in industrial SCADA, HMI, and IoT gateway applications bridging to Siemens S7-series PLCs - can be disrupted remotely with no privileges required per the CVSS PR:N designation. No public exploit identified at time of analysis, and the EPSS score of 0.19% (8th percentile) reflects minimal current exploitation activity; however, operational impact in OT environments can exceed what the CVSS Availability score alone suggests.

Heap Overflow Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-51219 MEDIUM This Month

A heap buffer overflow in the HighPriorityASDUQueue_hasUnconfirmedIMessages function of lib60870 v2.3.3 to v2.3.6 allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Denial Of Service Buffer Overflow N A Heap Overflow
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43706 MEDIUM PATCH This Month

Double free memory corruption in Apple's web content processing engine crashes the rendering process on iOS/iPadOS (pre-26.5.2) and macOS Tahoe (pre-26.5.2) when a device processes attacker-controlled web content. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) confirms network delivery with no authentication required, though a user must interact with the malicious content, and impact is limited to availability - no confidentiality or integrity compromise is indicated. No public exploit code and no CISA KEV listing exist at time of analysis, placing this in a lower active-risk tier despite the ubiquity of affected Apple platforms.

Apple Denial Of Service Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43713 MEDIUM PATCH This Month

Sensitive data leakage in Apple Safari, iOS/iPadOS, and macOS Tahoe before version 26.5.2 exposes users to cross-site data disclosure when visiting a malicious or compromised website. The root cause is a permissions enforcement deficiency (CWE-1264) that allows a web context to access data beyond its intended permission boundary. No active exploitation has been confirmed by CISA KEV, and the EPSS score of 0.17% (6th percentile) indicates low observed exploitation probability at time of analysis; however, the unauthenticated, low-complexity network vector makes this a realistic target for drive-by attacks once details become public.

Apple Information Disclosure Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-55956 MEDIUM This Month

Improper Authorization (CWE-285) in Apache Tomcat's default servlet allows HTTP method-based and method-omission security constraints to be silently bypassed across all major supported Tomcat branches from 7.0.x through 11.0.x. An attacker can perform HTTP operations - such as PUT or DELETE - that the web.xml security constraint configuration was intended to restrict, potentially enabling unauthorized file upload, modification, or deletion on the default servlet's served content. No active exploitation has been confirmed (not in CISA KEV) and no CVSS score has been published at time of analysis, but the broad version range and ubiquitous deployment footprint of Tomcat make prompt patching a priority.

Authentication Bypass Tomcat Apache Apache Tomcat
NVD VulDB HeroDevs
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43707 MEDIUM PATCH This Month

Denial-of-service memory corruption in Apple's WebKit engine affects Safari, iOS/iPadOS, and macOS Tahoe before version 26.5.2, where processing maliciously crafted web content triggers an unexpected process crash. The CVSS vector scores only availability impact (A:H) with no confidentiality or integrity loss, indicating a crash rather than code execution. There is no public exploit identified at time of analysis, and the EPSS probability is very low (0.16%), consistent with a browser-rendering DoS reported internally by Apple rather than an actively exploited threat.

Apple Buffer Overflow Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43721 MEDIUM PATCH This Month

Clipboard data disclosure in Apple Safari (and the shared WebKit engine on iOS, iPadOS, and macOS) before version 26.5.2 lets a malicious website silently read or hijack clipboard contents without user interaction or permission, rated CVSS 7.5 (confidentiality-only). Apple has shipped fixes in Safari 26.5.2, iOS/iPadOS 26.5.2, and macOS Tahoe 26.5.2, and the issue was reported internally by Apple. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

Apple Information Disclosure Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43700 MEDIUM PATCH This Month

Cross-origin information disclosure in Apple Safari, iOS, iPadOS, and macOS Tahoe (all versions before 26.5.2) allows an attacker who can direct a user to maliciously crafted web content to read sensitive data from other origins, violating the Same-Origin Policy. The flaw stems from inadequate tracking of security origins in the WebKit engine (CWE-346), and is notable because on iOS and iPadOS all browsers are mandated to use WebKit, meaning every browser on those platforms is affected. No public exploit or CISA KEV listing is identified at time of analysis; Apple has released patches across all affected platforms.

Apple Information Disclosure Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-55955 MEDIUM This Month

Replay attack vulnerability in Apache Tomcat's cluster EncryptionInterceptor allows a network-adjacent attacker to retransmit previously captured encrypted inter-node cluster messages, causing receiving nodes to accept and process them as legitimate - potentially corrupting distributed session state or triggering unintended cluster actions. All major supported branches are affected: 11.0.0-M1 through 11.0.22, 10.1.0-M1 through 10.1.55, 9.0.13 through 9.0.18, plus end-of-life branches 8.5.38-8.5.100 and 7.0.100-7.0.109. No public exploit or CISA KEV listing has been identified at time of analysis; however, the breadth of affected versions across all active and legacy branches elevates organizational exposure, particularly for environments running EOL 8.5.x or 7.x with no available patch.

Authentication Bypass Tomcat Apache Apache Tomcat
NVD VulDB HeroDevs
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-13601 MEDIUM This Month

Sandbox-escaping information disclosure in Yelp (the GNOME help viewer) lets a malicious Flatpak application read arbitrary user-readable files on the host. By using the OpenURI portal to open crafted help content that embeds an untrusted CSS stylesheet inside a structured SVG document, an attacker abuses an overly permissive Content Security Policy supplied by yelp-xsl to force Yelp to evaluate local XML inclusions and exfiltrate file contents via remote CSS resource requests, defeating Flatpak's intended isolation. The flaw was disclosed publicly (GNOME developer blog by Michael Catanzaro, May 2026) and tracked by Red Hat; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Information Disclosure Enterprise Linux Yelp
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-57340 MEDIUM This Month

Unauthenticated broken access control in the Japanized For WooCommerce WordPress plugin (versions <= 2.9.12) allows remote unauthenticated attackers to bypass authorization checks and perform restricted operations, resulting in limited integrity and availability impact. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms no authentication or user interaction is required, lowering the exploitation barrier significantly for any exposed WordPress site running this plugin. No public exploit code or CISA KEV listing has been identified at time of analysis, though the low complexity and zero-privilege requirement make this accessible to unsophisticated attackers.

Authentication Bypass WordPress Japanized For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-57339 MEDIUM This Month

Broken Access Control in the Business Directory WordPress plugin (versions 6.4.23 and below) permits unauthenticated remote attackers to perform unauthorized operations against directory data, yielding limited integrity and availability impacts. The CVSS vector AV:N/AC:L/PR:N/UI:N confirms exploitation requires no authentication, no special configuration, and no user interaction, making the attack trivially accessible to any network-reachable actor. No public exploit code and no CISA KEV listing are confirmed at time of analysis, placing current real-world exploitation risk in the moderate range.

Authentication Bypass Business Directory
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-57334 MEDIUM This Month

Broken access control in WP User Frontend plugin for WordPress (versions <= 4.3.7) allows unauthenticated remote attackers to perform restricted actions without authorization. The flaw stems from missing authorization checks (CWE-862) on one or more plugin endpoints, enabling limited integrity and availability impact against affected WordPress installations. No public exploit code or active exploitation via CISA KEV has been identified at time of analysis, though the unauthenticated, low-complexity nature of the vulnerability lowers the bar for casual abuse.

Authentication Bypass Wp User Frontend
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-57330 MEDIUM This Month

Stored Cross-Site Scripting in the MasterStudy LMS WordPress plugin (versions <= 3.7.27) allows authenticated subscriber-level users to inject malicious scripts that execute in the browsers of higher-privileged users such as administrators. The vulnerability carries a Scope:Changed CVSS vector, meaning successful exploitation breaks the browser security boundary and can impact resources beyond the plugin itself - enabling session hijacking, credential theft, or privilege escalation within the WordPress admin context. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low privilege bar (subscriber role) widens the attacker pool considerably on sites with open or paid user registration.

XSS Masterstudy Lms
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-57328 MEDIUM This Month

Cross-site scripting in the Business Directory WordPress plugin (versions 6.4.22 and earlier) allows authenticated subscriber-level users to inject arbitrary JavaScript that executes in other users' browsers. The scope-change indicator in the CVSS vector (S:C) confirms the payload can cross trust boundaries - most critically, scripts injected by a low-privilege subscriber can execute in the context of a higher-privilege user such as an administrator. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

XSS Business Directory
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-57946 MEDIUM PATCH This Month

Unauthenticated access to private playlist data in Invidious before v2.20260626.0 is possible via a broken authorization check on the RSS feed playlist endpoint. By supplying a known playlist ID to this endpoint, a remote attacker with no credentials can retrieve the full contents of a private playlist, the owner's email address, and all associated video entries. No public exploit has been identified at time of analysis, and a vendor-released patch is available in v2.20260626.0.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.3%
CVE-2026-57947 MEDIUM This Month

Server-side request forgery in Pinpoint APM through version 3.1.0 allows authenticated users with low privileges to register internal or cloud-metadata URLs as alarm webhook targets due to missing URL validation on the webhook registration endpoint. By deliberately triggering alarm threshold breaches, an attacker can coerce the Pinpoint server to issue outbound POST requests to internal hosts, cloud metadata services (such as AWS IMDS at 169.254.169.254), or other non-routable internal infrastructure. No public exploit code or CISA KEV listing has been identified at time of analysis, though the CVSS 4.0 subsequent-system confidentiality impact is rated High, reflecting the potential to enumerate internal services or harvest cloud credentials.

Authentication Bypass SSRF
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-57997 MEDIUM PATCH This Month

JWT algorithm confusion in Strapi's users-permissions plugin enables authentication control weakening when the plugin::users-permissions.jwt.algorithm setting is absent from configuration. The plugin silently accepts HS384 and HS512 tokens alongside the intended HS256, allowing an attacker who has already obtained the jwtSecret to mint tokens using non-standard HMAC variants and bypass any algorithm-enforcement logic. No public exploit code is identified at time of analysis and this vulnerability is not listed in CISA KEV; real-world risk is substantially bounded by the prerequisite of jwtSecret compromise, reflected in the CVSS 4.0 score of 6.3 with High Complexity and Presence-of-attack-requirement modifiers.

Authentication Bypass Strapi
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-13748 MEDIUM PATCH This Month

Path traversal in Snowflake CLI versions prior to 3.19 enables arbitrary local file exfiltration to Snowflake cloud services when a victim processes attacker-controlled project or repository content. The CLI fails to restrict file path resolution during deployment or SQL template processing, allowing crafted project files to reference and transmit content from outside the intended project directory boundary to Snowflake-hosted artifacts. No public exploit has been identified and this CVE is not listed in the CISA KEV catalog; upgrade to version 3.19 is required as the vendor documents no supported workarounds.

Path Traversal Snowflake Cli
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-57327 MEDIUM This Month

Broken access control in MainWP WordPress plugin versions 6.1.1 and below allows authenticated subscribers to bypass authorization checks and perform actions restricted to higher-privileged roles. The CVSS vector (PR:L, AC:L, AV:N) confirms any low-privileged WordPress account - the subscriber role being the lowest default - is sufficient for network-based exploitation with no special complexity. No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog, though the minimal barrier to obtaining a subscriber account on sites with open registration makes this a meaningful risk for multi-user or membership-based installations.

Authentication Bypass Mainwp
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2026-13757 MEDIUM This Month

Stack exhaustion in p11-kit's RPC server crashes the daemon and any dependent cryptographic services on affected Red Hat systems. The vulnerability exists in the PKCS#11 RPC message parsing layer, where two attribute-handling functions form a mutually-recursive call chain with no depth limit when processing nested CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE, and CKA_DERIVE_TEMPLATE attributes - allowing any local user or process with socket access to crash the server by sending a single crafted request. No public exploit or active exploitation has been identified at time of analysis, and impact is limited to availability (denial of service) with no confidentiality or integrity consequence.

Denial Of Service Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +3
NVD VulDB GitHub
CVSS 3.1
6.2
EPSS
0.1%
CVE-2026-52760 MEDIUM PATCH This Month

Stored cross-site scripting in Apache ActiveMQ Web Console allows an authenticated message producer to inject malicious JavaScript via a crafted JMS message ID, which executes in the browser of any administrator who browses the affected queue. The browse page renders message IDs without HTML sanitization, enabling privilege escalation from producer to administrator via session hijacking or credential theft. No public exploit identified at time of analysis and not listed in CISA KEV; rated moderate severity by Apache, consistent with the authentication prerequisite and required user interaction.

XSS Apache Activemq Activemq Web
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2026-57956 MEDIUM This Month

Broken tenant isolation in SigNoz through 0.130.1 allows authenticated users from one organization to read, modify, and delete alert rules belonging to entirely separate organizations by directly supplying a target rule UUID via API. The alert rule store predicates omit organization ID filtering - a textbook Insecure Direct Object Reference (CWE-639) - collapsing the multi-tenant access boundary. No active exploitation is confirmed (not in CISA KEV) and no public POC has been independently confirmed, though the referenced GitHub issue may expose sufficient technical detail for manual exploitation by any credentialed user on a shared SigNoz instance.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
6.1
EPSS
0.2%
CVE-2026-57326 MEDIUM This Month

Unauthenticated cross-site scripting in the Business Directory WordPress plugin (versions <= 6.4.22) allows remote attackers without any authentication to inject and store arbitrary JavaScript that executes in the context of a victim's browser when they visit an affected page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:C) confirms network-accessible exploitation requiring no privileges, with a scope change indicating the payload crosses from the plugin's execution context into the victim's browser session. No public exploit code or active exploitation has been identified at time of analysis, but the unauthenticated nature and low complexity lower the barrier to abuse significantly.

XSS Business Directory
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-57943 MEDIUM PATCH This Month

Broken object-level authorization (BOLA/IDOR) in LibrePhotos prior to version 1.0.0 allows any authenticated user to read private photos belonging to other users by manipulating shared_to relationship parameters in the SetPhotosShared endpoint without server-side ownership validation. The attack vector is network-accessible and requires only a low-privilege account, delivering high confidentiality impact against victim photo libraries. No public exploit code or CISA KEV listing has been identified at time of analysis; a vendor-released patch is available as version 1.0.0.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.2%
CVE-2026-57952 MEDIUM PATCH This Month

Cross-operation authorization bypass in Mythic C2 framework before 3.4.0.60 exposes encryption keys and C2 profile configurations to authenticated operators from separate operations. Four webhook REST endpoints - c2profile_config_check_webhook, c2profile_redirect_rules_webhook, c2profile_get_ioc_webhook, and c2profile_sample_message_webhook - fail to verify that a submitted payload UUID belongs to the caller's operation, allowing an operator in Operation A to retrieve the full C2 profile configuration of Operation B by supplying a known UUID. No public exploit or CISA KEV listing exists at time of analysis; the CVSS 4.0 score of 6.0 reflects high complexity due to the prerequisite of obtaining a cross-operation UUID.

Authentication Bypass Mythic
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.2%
CVE-2026-13742 MEDIUM This Month

Honeywell IQ MultiAccess physical access control software, all versions through V28, improperly verifies digital signatures on downloaded files due to a time-of-check/time-of-use (TOCTOU) race condition, allowing a local low-privileged attacker to replace a legitimately verified file with a malicious one in the window between signature check and file consumption. Successful exploitation yields high integrity and availability impact on the vulnerable system, as the replaced file may execute attacker-controlled code or corrupt system components. No public exploit identified at time of analysis; Honeywell has released patches V27 SP1 and V28 SP1.

Honeywell Information Disclosure Iq Multiaccess
NVD
CVSS 4.0
5.9
EPSS
0.1%
CVE-2026-13568 MEDIUM This Month

Privilege escalation via role parameter manipulation in SourceCodester Inventory Management System 1.0 allows unauthenticated remote attackers to self-assign elevated roles during user registration. The vulnerability resides in /api/users_handler.php, where the application fails to enforce server-side restrictions on the role argument at the User Registration Endpoint, enabling account creation with admin-level privileges. A public proof-of-concept exploit is available, lowering the skill bar for abuse against any exposed instance; no CISA KEV listing exists, so confirmed active exploitation in the wild has not been established.

Authentication Bypass PHP Inventory Management System
NVD VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-43722 MEDIUM PATCH This Month

Kernel state disclosure in Apple iOS, iPadOS, and macOS Tahoe allows a locally installed app to leak sensitive kernel memory through insufficiently sanitized input. All versions prior to iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2 are affected. No active exploitation is confirmed (not in CISA KEV), and EPSS sits at 0.19% (9th percentile), indicating minimal current threat actor interest despite the kernel-level information exposure.

Apple Information Disclosure Ios And Ipados
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-53325 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's AMD64 AGP driver crashes systems running in virtualized environments without physical AMD northbridge hardware. Broken error propagation in `agp_amd64_probe()` - comparing `cache_nbs()` return value against exactly `-1` rather than `< 0` - masks the `-ENODEV` error code, allowing the driver to proceed with initialization, ultimately causing a General Protection Fault in `amd64_fetch_size()` when `node_to_amd_nb(0)` returns NULL. No public exploit has been identified at time of analysis, EPSS is 0.18% (7th percentile), and impact is confined to local denial of service via kernel crash; patches are confirmed available across multiple stable branches.

Linux Amd Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-10648 MEDIUM PATCH This Month

Denial of service in Zephyr RTOS v4.4.0 allows an attacker with access to a serial, UART, or shell-console interface to crash an affected embedded device by exhausting the MCUmgr shared buffer pool and triggering a NULL pointer dereference. The defect in mcumgr_serial_process_frag() (CWE-476) was introduced during the MCUmgr rework and manifests in default builds where assertion checks are compiled out, making the write-through-NULL a hard fault rather than a caught assertion. No public exploit has been identified at time of analysis and no CISA KEV listing exists, but exploitation is straightforward for any attacker with interface access.

Denial Of Service Null Pointer Dereference Zephyr
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-13750 MEDIUM PATCH This Month

Snowflake CLI versions prior to 3.19 write plaintext credentials - including passwords, authentication tokens, and private key material - to persistent local debug log files due to CWE-532 (Insertion of Sensitive Information into Log File). Any local user account with read access to the affected user's log directory can harvest these credentials without needing application-level privileges. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis, but the confidentiality impact is rated high given that full credential material may be exposed.

Information Disclosure Snowflake Cli
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-13559 MEDIUM This Month

SQL injection in code-projects Real State Services 1.0 exposes the `ID` parameter of `/single-list_sale.php?action=add` to remote, unauthenticated query manipulation, enabling attackers to read or modify database contents. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no authentication or special conditions are required to reach the endpoint, and the E:P modifier confirms publicly available exploit code referenced via a GitHub CVE disclosure. No patch has been issued; this is not currently listed in CISA KEV, indicating no confirmed mass exploitation at time of analysis.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.4%
CVE-2026-13555 MEDIUM This Month

SQL injection in itsourcecode Online Hotel Management System 1.0 exposes the admin user-management endpoint to remote database manipulation via the unsanitized Name parameter in /admin/mod_users/controller.php?action=add. The CVSS 4.0 vector assigns no privilege requirement (PR:N) and low complexity (AC:L), though the admin-panel path raises a discrepancy worth verifying - the endpoint may be accessible without authentication if the application does not enforce session controls on admin routes. A public proof-of-concept exploit exists (E:P in the CVSS 4.0 supplemental data), elevating immediate risk despite the absence of a CISA KEV listing.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.4%
CVE-2026-13553 MEDIUM This Month

Unrestricted file upload in itsourcecode Online Hotel Management System 1.0 allows remote attackers to upload arbitrary files - including PHP webshells - via the `image` parameter of `/admin/mod_amenities/controller.php?action=add`. The CVSS 4.0 vector assigns PR:N (no privileges required), corroborated by the 'Authentication Bypass' tag, indicating the admin-facing endpoint is reachable without credentials. A published proof-of-concept exploit exists; no patch has been identified at time of analysis.

Authentication Bypass File Upload PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.5%
CVE-2026-13552 MEDIUM This Month

SQL injection in itsourcecode Online Hotel Management System 1.0 exposes the admin amenities controller to remote database manipulation via the unsanitized amen_id parameter at /admin/mod_amenities/controller.php?action=edit. A publicly available proof-of-concept exploit has been confirmed (CVSS 4.0 E:P modifier; VulDB submission 843569; GitHub issue Hh-176/CVE#3), enabling unauthenticated or low-privileged remote attackers to read, modify, or corrupt hotel management database records. No vendor patch has been identified at time of analysis.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.4%
CVE-2026-13746 MEDIUM PATCH This Month

Snowflake CLI versions prior to 3.19 permit self-injection SQL execution through improper neutralization of local CLI parameters in Cortex SQL and object listing command paths, where crafted argument values cause the tool to construct and execute unintended SQL within the authenticated user's existing Snowflake session. Exploitation is structurally constrained to self-injection - the attacker must themselves supply the malicious values via local CLI arguments, and impact cannot exceed the privileges already held by the current session context. No public exploit code has been identified and no active exploitation is confirmed; the vendor-assigned CVSS score of 3.6 (Low) accurately reflects the narrow attack surface and bounded impact.

SQLi Snowflake Cli
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-57953 MEDIUM PATCH This Month

Authorization bypass in Mythic C2 framework before 3.4.0.60 allows authenticated spectator-role users to perform write operations against the eventing_import_automatic_webhook endpoint, which is incorrectly registered under spectator-permitted middleware. Spectator accounts - intended to be read-only observers of red team operations - can exploit this misconfiguration to create and delete automation workflows and EventGroups, effectively escalating their privilege within an active operation. No public exploit code has been identified and no CISA KEV listing exists; a vendor-released patch is available in v3.4.0.60.

Authentication Bypass Mythic
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2026-43704 MEDIUM PATCH This Month

Use-after-free memory corruption in Apple Safari (and the broader iOS/iPadOS/macOS Tahoe platform) allows a malicious web extension to trigger an unexpected process crash, resulting in a denial-of-service condition. Affected versions span all Safari, iOS/iPadOS, and macOS Tahoe releases prior to 26.5.2, with Apple-confirmed fixes available across all three platforms. No active exploitation is confirmed (not listed in CISA KEV) and no public exploit code has been identified at time of analysis; the high attack complexity and requirement for a pre-installed malicious extension meaningfully constrain real-world risk.

Memory Corruption Apple Denial Of Service Use After Free Ios And Ipados
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-57945 MEDIUM PATCH This Month

{uid} API endpoint allows any authenticated non-admin user to overwrite another user's profile information by substituting an arbitrary user identifier in the request path. Affected are all PhotoPrism deployments running versions prior to 260601-a7d098548 that host multiple user accounts. No active exploitation has been confirmed by CISA KEV and no public exploit code is known at time of analysis, though the attack requires only a valid low-privileged session and knowledge of a target user's UID.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-57954 MEDIUM This Month

Sort-expression permission bypass in Yahoo Elide through 7.1.17 allows authenticated network attackers to leak relative values of @ReadPermission-protected fields by sorting API collections on forbidden field names. The flaw exists in SortingImpl.getValidSortingRules, which accepts client-controlled sort keys without verifying the caller's read authorization, exposing a classic side-channel across both JSON:API and GraphQL read endpoints. No public exploit code has been identified and no CISA KEV listing exists, but the attack is low-complexity for any authenticated user on an affected deployment.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-13595 MEDIUM PATCH This Month

Heap use-after-free read in libblkid (util-linux) enables unauthenticated local attackers to crash udisks or leak root-process heap data by presenting a crafted block device image during nested partition probing. BSD, Minix, Solaris x86, and UnixWare partition table parsers cache raw pointers into a dynamically allocated partition array; when subsequent partition additions trigger array reallocation, those pointers become stale and dereference freed memory. Because udev and udisks invoke libblkid automatically as root on block-device hot-plug events, USB insertion alone is sufficient to trigger the flaw without any user interaction or authentication. No public exploit identified at time of analysis.

Memory Corruption Denial Of Service Use After Free Information Disclosure Red Hat Enterprise Linux 10 +7
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-10647 MEDIUM PATCH This Month

USB CDC-NCM network driver in Zephyr RTOS through v4.4.0 permanently deadlocks the shared network egress thread when a USB bus suspend coincides with outbound device traffic, requiring a reboot to recover. The defect in `cdc_ncm_send()` ignores the return value of `usbd_ep_enqueue()` and unconditionally blocks on a completion semaphore that only the (never-fired) bulk-IN ISR can signal - halting not just CDC-NCM traffic but all egress on other interfaces sharing the TX thread. No public exploit code or active exploitation has been identified; the trigger is routine USB host power management, making this an availability risk for any embedded Zephyr device using USB virtual Ethernet.

Buffer Overflow Information Disclosure Zephyr
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-54889 MEDIUM PATCH This Month

Cross-site scripting in MDEx (Elixir Markdown library by leandrocp), versions 0.8.3 through 0.13.1, allows any attacker who can supply Markdown content to inject javascript: URLs that execute in the browser of any user who views the downstream-rendered output. The MDEx to_delta/2 function copies link, wikilink, and image URLs verbatim into Quill Delta attributes without a scheme allowlist, meaning a crafted payload like [click](javascript:alert(document.cookie)) survives intact; when a downstream renderer such as quill-delta-to-html converts that Delta to HTML, the javascript: scheme becomes an executable href. No public exploit has been identified at time of analysis, though the attack requires only standard Markdown syntax, and a vendor-released patch is available in version 0.13.2.

XSS Mdex
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2026-57965 MEDIUM This Month

Integer overflow in spice-vdagent's message parsing allows a malicious or compromised SPICE host to crash the guest VM's vdagent daemon by delivering a specially crafted message that triggers a downstream heap buffer overflow. Affected deployments span spice-vdagent as packaged in Red Hat Enterprise Linux 6 through 10, where the daemon runs inside guests handling host-to-guest SPICE protocol communications. No public exploit code or CISA KEV listing exists at time of analysis; exploitation is structurally constrained by the requirement that the attacking SPICE host itself be untrusted or already compromised prior to the attack.

Integer Overflow Denial Of Service Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +3
NVD VulDB
CVSS 3.1
5.1
EPSS
0.1%
CVE-2026-57958 MEDIUM This Month

Reflected XSS in Mixpost through version 2.6.0 enables unauthenticated remote attackers to execute arbitrary JavaScript in authenticated users' browsers by delivering crafted OAuth callback URLs containing malicious error query parameters. The OAuth callback controller fails to sanitize error parameters before routing them through Laravel flash messages, which are then rendered by Vue's v-html directive without HTML escaping - creating a direct injection path into the DOM. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis, though the low attack complexity and zero-privilege requirement make delivery straightforward once a victim is identified.

XSS
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2026-43743 MEDIUM PATCH This Month

Race condition in Apple iOS, iPadOS, and macOS Tahoe allows a locally-running app with standard privileges to trigger unexpected system termination. Rooted in improper state handling during concurrent operations (CWE-362), exploitation is constrained by high attack complexity due to the timing-dependent nature of race conditions. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis.

Apple Race Condition Information Disclosure Ios And Ipados
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2026-57966 MEDIUM This Month

Path traversal in spice-vdagent enables a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system during file transfer operations. Affecting Red Hat Enterprise Linux versions 6 through 10, the flaw stems from unsanitized filenames supplied by the SPICE host before use by the vdagent process, allowing writes at the privilege level of the logged-in guest user. No public exploit is identified at time of analysis, and exploitation requires prior control of the SPICE host - a high-privilege precondition that substantially constrains realistic risk despite the high integrity impact.

Path Traversal Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +1
NVD
CVSS 3.1
4.4
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy