Skip to main content
CVE-2026-12349 MEDIUM This Month

Unauthenticated sidebar manipulation in the Premium Addons for KingComposer WordPress plugin (versions up to and including 1.1.1) allows any remote attacker to create arbitrary custom widget areas or permanently delete existing ones without any credentials. The root cause is that the AJAX handlers add_custom_sidebar() and remove_custom_sidebar() are registered under wp_ajax_nopriv_* hooks with no authorization or capability checks, granting public HTTP access to options-table writes via update_option(). Deletion of sidebars silently breaks widget rendering site-wide, and no public exploit has been identified at time of analysis; no CISA KEV listing is present.

Authentication Bypass WordPress Premium Addons For Kingcomposer
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-56333 MEDIUM PATCH This Month

Server-side validation bypass in Capgo before 12.128.2 allows authenticated organization administrators to write invalid values directly to the public.orgs database table from the browser, circumventing field-level security policy enforcement for parameters such as max_apikey_expiration_days. The root cause is insufficient server-side enforcement in a Supabase-backed architecture where authenticated clients can interact directly with underlying tables without adequate RLS or server-side validation gates. No public exploit has been identified and the vulnerability is not listed in CISA KEV, though the low-complexity attack path makes it trivially executable by any org admin.

Information Disclosure Capgo
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-14117 MEDIUM PATCH This Month

Memory disclosure via DevTools in Google Chrome on Windows (prior to 150.0.7871.47) enables a remote attacker to read sensitive process memory contents by delivering a crafted HTML page and manipulating the victim into performing specific UI gestures. The vulnerability is Windows-platform-exclusive and carries a Chromium-internal severity of Low, consistent with SSVC's assessment of no current exploitation and non-automatable delivery. No active exploitation or public exploit code has been identified at time of analysis, though the CVSS C:H rating reflects meaningful confidentiality risk if successfully triggered.

Information Disclosure Microsoft Google Suse
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-14112 MEDIUM PATCH This Month

Inappropriate implementation in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Suse
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-14049 MEDIUM PATCH This Month

Memory disclosure in Google Chrome's GPU component (prior to 150.0.7871.47) allows an attacker who has already achieved renderer process compromise to extract potentially sensitive information from process memory via a crafted HTML page. The attack requires both user interaction and a pre-existing renderer compromise, making this a second-stage vulnerability most useful for ASLR bypass or credential harvesting within an exploit chain. No public exploit code or active exploitation (CISA KEV) has been identified; Google rates this as Low severity internally despite the NVD CVSS 5.3 Medium score.

Google Information Disclosure Suse
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-14012 MEDIUM PATCH This Month

CSS side-channel information leakage in Google Chrome prior to 150.0.7871.47 enables a remote attacker to read potentially sensitive data from the browser's process memory by inducing a victim to visit a specially crafted HTML page. The vulnerability is classified under CWE-1300 (Improper Protection of Physical Side Channels), indicating that observable rendering or timing behavior in Chrome's CSS engine can be exploited to infer in-memory state. No public exploit identified at time of analysis; however, the CVSS-assessed confidentiality impact is rated High, and Google has released a fix in Chrome stable channel version 150.0.7871.47.

Information Disclosure Google Suse
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-58373 MEDIUM PATCH This Month

Cross-organization report enumeration in CVAT before 2.69.0 exposes the existence of quality reports belonging to other organizations to any authenticated user. The vulnerability stems from a missing authorization gate in QualityReportViewSet.get_queryset, where the parent_id query parameter is processed without invoking check_object_permissions, allowing cross-tenant enumeration via differential HTTP response analysis. No public exploit or CISA KEV listing exists, but the attack is trivially automatable by any authenticated user in a multi-organization CVAT deployment.

Authentication Bypass Cvat
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-13874 MEDIUM PATCH This Month

Race condition in the DataTransfer API in Google Chrome prior to 150.0.7871.47 allows a remote attacker to read potentially sensitive data from renderer process memory by luring a user to a specially crafted HTML page. The CVSS vector (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) confirms the impact is limited to confidentiality - no integrity or availability loss - and that reliable exploitation requires winning a timing race (AC:H) combined with user interaction. No public exploit identified at time of analysis; Google has shipped a patch in the stable channel update dated June 2026.

Information Disclosure Race Condition Google Suse
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-56334 MEDIUM PATCH This Month

Missing UPDATE row-level security (RLS) policy on Capgo's build_requests table permits low-privileged API-key holders to perform unauthorized status updates against build pipeline records, corrupting build state by leaving rows permanently stuck in a pending state with null last_error values. Capgo versions before 12.128.2 on all platforms are affected. No public exploit code exists and this vulnerability is not listed in CISA KEV; however, exploitation requires only low-privilege network access with no additional complexity, making it a straightforward post-authentication integrity issue.

Authentication Bypass Capgo
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-14153 MEDIUM PATCH This Month

UI spoofing in the Glic component of Google Chrome (all versions prior to 150.0.7871.47) enables a remote attacker to misrepresent browser interface elements via a crafted HTML page, provided the victim is socially engineered into performing specific UI gestures. The CVSS vector (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) assigns high confidentiality impact, suggesting the spoofed UI can be leveraged to elicit disclosure of sensitive information such as credentials or session data. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

Information Disclosure Google Suse
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-13989 MEDIUM PATCH This Month

UI spoofing in Google Chrome's PageInfo component affects all desktop versions prior to 150.0.7871.47, enabling an attacker who has already compromised the renderer process to present deceptive browser security indicators to the user via a crafted HTML page. The vulnerability stems from an inappropriate implementation in the PageInfo subsystem (CWE-451), which controls the trusted security panel users consult to assess site authenticity. No active exploitation is confirmed - EPSS is 0.17% (7th percentile), SSVC rates exploitation as none, and this CVE is absent from the CISA KEV catalog - but the integrity impact is high where the attack chain is achievable.

Information Disclosure Google Suse
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-55219 MEDIUM PATCH GHSA This Month

Credit double-spend via race condition in Paymenter allows any authenticated user with a non-zero credit balance to settle multiple invoices for the cost of one. The root cause is that `lockForUpdate()` in `app/Livewire/Invoices/Show.php` is called outside a database transaction, rendering the pessimistic lock a no-op in MySQL/MariaDB and leaving the read-check-deduct sequence unprotected against concurrent execution. Successful exploitation results in direct financial or resource loss to the platform operator as `ExtensionHelper::addPayment()` provisions services or digital goods for each winning request. No public exploit has been identified at time of analysis.

Authentication Bypass Race Condition PHP
NVD GitHub
CVSS 3.1
5.3
CVE-2026-48796 MEDIUM POC PATCH GHSA This Month

Path traversal in CefSharp's `FolderSchemeHandlerFactory` (NuGet: cefsharp.common, assembly version 147.0.100) allows an embedded browser to serve local files from outside the configured `rootFolder` when sibling directories share a common name prefix. The root cause is a raw C# string prefix check (`filePath.StartsWith(rootFolder, StringComparison.OrdinalIgnoreCase)`) that does not enforce directory boundaries, meaning a canonicalized path into a sibling directory such as `www2` passes validation intended to restrict access to `www`. A detailed proof-of-concept with exact request paths is publicly documented in the GitHub Security Advisory GHSA-85jm-cwp2-mvpv; no CISA KEV listing exists at time of analysis, indicating no confirmed active exploitation.

Path Traversal Microsoft
NVD GitHub
CVSS 3.1
5.3
CVE-2026-57079 MEDIUM This Month

Arbitrary file write in Net::BitTorrent 2.0.1 and earlier allows a malicious BitTorrent peer to place attacker-controlled content at attacker-chosen filesystem paths outside the designated download directory. The library validates path components on the .torrent ingest path but omits identical validation for peer-supplied metadata received via the BEP09 ut_metadata extension, causing file names containing '..' segments to resolve to traversal targets when passed to Storage::add_file. Because the attacking peer controls both the piece hashes and the served bytes, content verification passes silently, making the write invisible to the application. No public exploit has been identified at time of analysis, and this CVE is not listed in CISA KEV.

Path Traversal Net
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-6954 MEDIUM This Month

Reflected Cross-Site Scripting in Intermark IT's WebControl CMS v3.5 allows an unauthenticated remote attacker to inject and execute arbitrary JavaScript in a victim's browser by tricking them into visiting a crafted URL targeting the 'urlDestino' parameter of the '/portal.do' endpoint. Successful exploitation enables session cookie theft, phishing overlay injection, and unauthorized actions performed within the victim's authenticated session context. No public exploit code or CISA KEV listing has been identified at time of analysis, though the CVSS 4.0 score of 5.1 reflects a meaningful subsequent-system integrity impact via the user's browser.

XSS Webcontrol Cms
NVD VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2026-6953 MEDIUM This Month

HTML injection in Intermark IT's WebControl CMS v3.5 enables unauthenticated remote attackers to embed malicious markup in outbound emails generated by the contact form, delivered to recipients such as site administrators. Exploitation targets three unsanitized parameters — 'nombreApellidos', 'dirección', and 'comentarios' — in a POST request to '/processContact.do', with the injected content rendered when the recipient opens the resulting email in an HTML-capable mail client. No public exploit code or active exploitation has been identified at time of analysis; the CVSS 4.0 score of 5.1 reflects limited scope impact confined to the recipient's mail client.

XSS Webcontrol Cms
NVD VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2026-56224 MEDIUM PATCH This Month

Session fixation in the Capgo cloud console login endpoint (console.capgo.app/login) allows unauthenticated remote attackers to force victims into attacker-controlled sessions by crafting malicious URLs containing attacker-owned tokens. Versions before 12.128.2 silently accept access_token and refresh_token as URL query parameters and authenticate the user without confirmation, bypassing normal login flows. Tokens passed via URL are additionally exposed in browser history, server access logs, and HTTP Referer headers, creating secondary information-disclosure risk. No public exploit code and no CISA KEV listing exist at time of analysis.

Session Fixation Information Disclosure Capgo
NVD GitHub
CVSS 4.0
5.1
EPSS
0.2%
CVE-2026-56809 MEDIUM This Month

Reflected cross-site scripting in Ricoh Web Image Monitor allows unauthenticated remote attackers to inject and execute arbitrary JavaScript in the browser of any user who visits a specially crafted URL pointing to the printer's web management interface. The vulnerability affects multiple Ricoh laser printer and MFP product lines that ship with Web Image Monitor, as documented by JPCERT/CC and Ricoh's own security advisory. No public exploit has been identified at time of analysis, and active exploitation has not been confirmed by CISA KEV.

XSS Multiple Laser Printers And Mfps Which Implement Ricoh Web Image Monitor
NVD VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2026-56356 MEDIUM PATCH This Month

Stored XSS in n8n's Chat Trigger node allows authenticated workflow editors to inject JavaScript through a misconfigured sanitize-html filter in the Custom CSS field, which then executes in the browsers of every user visiting the public chat page. Affected are all 1.x releases before 1.123.27, the 2.0.0-2.13.2 range, and 2.14.0; fixed versions are 1.123.27, 2.13.3, and 2.14.1. No public exploit code or CISA KEV listing has been identified at time of analysis, and the CVSS 4.0 score of 5.1 reflects the authenticated prerequisite and bounded per-user impact.

XSS N8n
NVD GitHub
CVSS 4.0
5.1
EPSS
0.2%
CVE-2023-46118 MEDIUM PATCH GHSA This Month

### Summary Responsibly disclosed by @NSEcho. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Red Hat Suse
NVD GitHub
CVSS 3.1
4.9
EPSS
1.1%
CVE-2026-35096 MEDIUM PATCH This Month

CSRF flaws in KTM System e-BOK's email-change and password-change endpoints allow any remote, unauthenticated attacker to trigger account credential changes on behalf of an authenticated victim by luring them to a malicious web page. Reported by CERT-PL, the vulnerabilities affect all e-BOK versions prior to the June 2026 patch and carry a CVSS 4.0 score of 5.1 (Medium). No public exploit code or CISA KEV listing has been identified at time of analysis, but the attack is trivially constructable given the well-understood CSRF class and the public CERT-PL advisory.

CSRF E Bok
NVD VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2026-27883 MEDIUM PATCH This Month

{uuid} endpoint extracts the requesting user's teamId from their authentication token but never applies it to scope the underlying database query, meaning any valid UUID is sufficient to retrieve another team's data. Exploitation requires a valid Coolify account; no public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.

Authentication Bypass Coolify
NVD GitHub
CVSS 3.1
5.0
EPSS
0.2%
CVE-2026-27881 MEDIUM PATCH This Month

{uuid}`. The DeployController.php endpoint performs no team-ownership validation against the requesting user's session, making this a textbook CWE-639 Insecure Direct Object Reference (IDOR) across tenant boundaries. No public exploit code has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog, but the attack is mechanically trivial once a target UUID is known.

Authentication Bypass PHP Coolify
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.2%
CVE-2026-9106 MEDIUM This Month

OAuth scope concealment in GitHub Enterprise Server allows an attacker to obtain unauthorized control over an organization's GitHub Actions runner management by exploiting a missing scope disclosure on the authorization consent screen. The `manage_runners:org` OAuth scope, which governs CI/CD runner infrastructure, is never shown to the victim during the standard OAuth authorization flow, enabling a maliciously crafted OAuth application to acquire it without informed user consent. No public exploit or CISA KEV listing exists at time of analysis; the CVSS 4.0 score of 4.8 and mandatory user interaction (UI:A) correctly reflect the social-engineering dependency that constrains real-world exploitation.

Information Disclosure Enterprise Server
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2026-56377 MEDIUM PATCH This Month

ImageMagick before 7.1.2-24 fails to correctly enforce path restrictions configured in its security policy (policy.xml), enabling file creation and truncation outside designated filesystem boundaries. In sandboxed image conversion services - a common deployment pattern for web applications accepting user-submitted images - this incorrect policy check can be exploited by attackers who submit crafted images to write arbitrary files accessible to the conversion process. No public exploit has been identified at time of analysis and this is not listed in CISA KEV, but the wide use of ImageMagick in web application stacks makes the affected population substantial.

Path Traversal Imagemagick
NVD GitHub
CVSS 4.0
4.8
EPSS
0.2%
CVE-2026-14154 MEDIUM PATCH This Month

UI spoofing in Google Chrome's DevTools component allows an attacker to misrepresent critical interface information to users who have been socially engineered into installing a malicious Chrome Extension. Affected versions are all Chrome releases prior to 150.0.7871.47. The flaw stems from an inappropriate implementation (CWE-451) in DevTools, enabling an extension to manipulate how DevTools renders UI elements - potentially deceiving developers or power users into trusting falsified debugging output or security indicators. No public exploit code has been identified at time of analysis, and this vulnerability is not in the CISA KEV catalog.

Information Disclosure Google Suse
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2026-56361 MEDIUM PATCH This Month

Heap buffer out-of-bounds read in ImageMagick before 7.1.2-19 via off-by-one error in morphology validation allows local attackers with user interaction to trigger denial of service. The vulnerability stems from incorrect morphology parameters causing single pixel memory access violations within heap buffers, potentially leading to application crashes or information disclosure through controlled reads of adjacent heap memory.

Buffer Overflow Information Disclosure Imagemagick
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-56363 MEDIUM PATCH This Month

Division by zero in ImageMagick's binomial kernel processing path, affecting all versions before 7.1.2-22, allows an attacker to crash the application by supplying a crafted image with an oversized binomial kernel value. The integer overflow corrupts the kernel size calculation, and a subsequent division by the resulting zero value causes an unhandled exception and process termination. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; however, automated image-processing pipelines that accept untrusted uploads are at elevated practical risk despite the local-vector CVSS rating.

Integer Overflow Denial Of Service Imagemagick
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-27882 MEDIUM PATCH This Month

Coolify's GitLab webhook endpoint leaks its secret token through a timing side-channel, enabling unauthenticated network attackers to reconstruct the token incrementally by measuring HTTP response time differences. All self-hosted Coolify instances prior to 4.0.0-beta.461 with GitLab webhook integrations configured are affected. Once the secret is recovered, an attacker can forge arbitrary GitLab webhook events and potentially trigger unauthorized deployments. No public exploit or active exploitation has been identified at time of analysis; the CVSS-assigned AC:H correctly reflects the practical difficulty of conducting reliable timing measurements over real-world networks.

Gitlab Information Disclosure Coolify
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2026-35095 MEDIUM PATCH This Month

Session fixation in KTM System e-BOK (an online customer service portal) enables an attacker to preset a session identifier in a victim's browser before authentication, which the application then retains unchanged after successful login. Because the server accepts a client-supplied cookie value and never regenerates it at the authentication boundary, an attacker who controls the initial session token can hijack the victim's fully authenticated session. A patch was published by KTM System in June 2026; no public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Session Fixation Information Disclosure E Bok
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-13812 MEDIUM PATCH This Month

Universal Cross-Site Scripting (UXSS) in Google Chrome for iOS prior to 150.0.7871.47 enables a remote attacker to inject arbitrary scripts or HTML across origins by exploiting insufficient input validation triggered through specific user UI gestures on a crafted page. The scope change (S:C in CVSS) is the critical dimension here - successful exploitation bypasses the same-origin policy, potentially granting the attacker script execution in the context of arbitrary origins within the browser session. No public exploit code has been identified and EPSS sits at just 0.20% (11th percentile), indicating low observed exploitation activity despite the high-impact class of vulnerability.

Code Injection Apple Google Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.2%
CVE-2026-49820 MEDIUM PATCH GHSA This Month

Open redirect in Probo's saferedirect package allows unauthenticated remote attackers to bypass same-origin URL validation across all authentication flows - OIDC, SAML, session transfer, OAuth connectors, and trust-center magic links. A crafted URL such as /../\evil.com passes the flawed second-character check, and Go's http.Redirect normalizer collapses it to /\evil.com before setting the Location header; browsers then interpret the backslash as a host separator and navigate victims to an attacker-controlled domain. No public exploit is identified at time of analysis and the CVE carries no CISA KEV listing, but the authentication-flow context makes this a credible, high-value phishing vector. Self-hosted deployments must upgrade to probod v0.194.1.

Open Redirect
NVD GitHub
CVSS 3.1
4.7
CVE-2026-13808 MEDIUM PATCH This Month

Sensitive process memory exposure in Google Chrome for iOS prior to 150.0.7871.47 enables a physically present attacker to read potentially sensitive data from the browser's memory without authentication. The root cause is insufficient data validation (CWE-20) within the iOS-specific Chrome implementation. No public exploit code or CISA KEV listing has been identified at time of analysis, and the physical access requirement (CVSS AV:P) significantly constrains real-world attacker opportunity.

Information Disclosure Apple Google Suse
NVD VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2026-12560 MEDIUM This Month

Stored Cross-Site Scripting in the Editorial Rating - Product Review & Rating System WordPress plugin (versions ≤ 4.0.5) enables authenticated administrators to inject persistent JavaScript payloads via the 'Link URL' field, which execute in any site visitor's browser upon loading an affected review page. The attack exploits a WordPress-specific sanitization bypass: because the payload is stored in post meta (_wpas_er_options via update_post_meta) rather than post_content or post_excerpt, WordPress's unfiltered_html capability exemption does not apply, meaning the restriction affects all administrators regardless of their unfiltered_html status. No public exploit has been identified at time of analysis and no active exploitation is confirmed; real-world risk is substantially constrained by the PR:H (administrator) prerequisite.

WordPress XSS Editorial Rating Product Review Rating System
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2026-12114 MEDIUM This Month

Persistent script injection in the Team Members - Multi Language Supported Team Plugin for WordPress (all versions through 8.7) enables authenticated administrators to embed malicious JavaScript into site pages via insufficient sanitization and escaping in admin settings fields, with injected payloads executing silently for every subsequent page visitor. The vulnerability is constrained to two non-default deployment scenarios: WordPress multisite network installations and single-site installations where the unfiltered_html capability has been explicitly revoked from administrators - standard single-site installs are unaffected. No active exploitation has been confirmed (not in CISA KEV) and no public proof-of-concept exists, placing real-world risk well below what the scope-changed CVSS vector might initially suggest.

WordPress XSS Team Members Multi Language Supported Team Plugin
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2026-13316 MEDIUM This Month

Server-Side Request Forgery (SSRF) in Foreman's HTTP proxy controller within Red Hat Satellite 6 allows high-privileged attackers to redirect internal HTTP requests to cloud metadata endpoints on AWS, GCP, and Azure environments. By manipulating HTTP parameters in the http_proxies_controller or http_proxy configuration files, an attacker can cause the Foreman server to issue forged requests to internal metadata services (e.g., AWS IMDS at 169.254.169.254), potentially harvesting IAM role credentials, access tokens, and environment configuration secrets. No public exploit code has been identified at time of analysis, and no CISA KEV listing exists, but the confidentiality impact is high given the value of cloud metadata credentials.

SSRF Microsoft Red Hat Satellite 6 Red Hat
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-36319 MEDIUM PATCH This Month

Temporary denial of service in IBM watsonx.data intelligence 5.2.0 through 5.3.0 is achievable by authenticated users who submit specially crafted HTTP requests, exploiting improper resource throttling allocation (CWE-770). The impact is limited to availability - confidentiality and integrity are unaffected - and the disruption is described as temporary rather than persistent. No public exploit code or active exploitation has been identified at the time of analysis.

IBM Denial Of Service Watsonx Data Intelligence
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2025-36328 MEDIUM PATCH This Month

IBM watsonx.data Intelligence versions 5.2.0 through 5.3.0 leak sensitive technical information to the browser via verbose error messages, giving authenticated remote attackers a reconnaissance foothold for follow-on attacks. The flaw is rooted in CWE-209 (overly informative error generation), which can expose stack traces, internal paths, backend technology details, or configuration fragments depending on what error condition is triggered. No public exploit code has been identified and no active exploitation is confirmed; the mandatory authentication barrier (PR:L) and information-only impact limit immediate blast radius, but the data gathered can materially assist more sophisticated attacks against the same system.

IBM Information Disclosure Watsonx Data Intelligence
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2025-36333 MEDIUM PATCH This Month

IBM watsonx.data Intelligence versions 5.2.0 through 5.3.0 exposes authenticated users to unauthorized action execution due to improper enforcement of behavioral workflow sequences (CWE-841). Low-privileged authenticated users can circumvent intended access controls by exploiting gaps in workflow state validation, enabling integrity-impacting operations they should not be permitted to perform. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog, though the network-accessible attack vector and low complexity lower the bar for exploitation by any credentialed user.

Authentication Bypass IBM Watsonx Data Intelligence
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-36324 MEDIUM PATCH This Month

Server-side request forgery in IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 enables authenticated attackers to coerce the server into issuing arbitrary outbound HTTP requests to attacker-controlled destinations. The CVSS vector (PR:L) confirms exploitation requires a valid account, but no elevated privileges are needed beyond basic authentication. Primary impact is internal network enumeration and potential pivoting to services that trust the watsonx.data host, rather than direct data exfiltration. No public exploit code or CISA KEV listing has been identified at time of analysis.

SSRF IBM Watsonx Data Intelligence
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2026-13946 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome on iOS (prior to 150.0.7871.47) stems from an inappropriate implementation in the ScriptInjections subsystem, exploitable by a remote attacker who can lure a victim to a crafted HTML page. The flaw allows the attacker's origin to read data belonging to a different, protected origin - a fundamental violation of the Same-Origin Policy on Apple's iOS platform. No public exploit code has been identified at time of analysis, EPSS places exploitation probability at 0.22% (13th percentile), and SSVC signals no observed active exploitation, making this a medium-priority patch item despite its cross-origin impact.

CSRF Apple Google Suse
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-14058 MEDIUM PATCH This Month

Content Security Policy bypass in Google Chrome prior to 150.0.7871.47 stems from insufficient policy enforcement in the browser's Parser component, allowing a remote unauthenticated attacker to circumvent CSP protections via a crafted HTML page. The attacker achieves limited integrity impact (I:L) - able to load or execute content that a properly enforced CSP would block - but gains no confidentiality or availability impact. EPSS is low at 0.22% (13th percentile), no active exploitation has been confirmed (not in CISA KEV), and Chromium internally rated this Low severity, making it a real but low-priority finding.

Authentication Bypass Google Suse
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-13959 MEDIUM PATCH This Month

Insufficient validation of untrusted input in Blink in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Authentication Bypass Google Suse
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-13902 MEDIUM PATCH This Month

UI spoofing in Google Chrome for iOS prior to version 150.0.7871.47 enables remote attackers to misrepresent browser interface elements - such as address bars or security indicators - by delivering a crafted HTML page to a victim on an iOS device. Rooted in CWE-451 (UI Misrepresentation of Critical Information), the flaw exploits an inappropriate implementation specific to Chrome's iOS code path, which differs from desktop Chrome due to WKWebView constraints imposed by Apple. No public exploit code exists, CISA SSVC rates exploitation as none, and EPSS sits at the 12th percentile, indicating minimal real-world threat at time of analysis.

Information Disclosure Apple Google Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-13842 MEDIUM PATCH This Month

Omnibox spoofing in Google Chrome for iOS prior to 150.0.7871.47 enables remote unauthenticated attackers to display a falsified URL in the browser address bar by delivering a crafted HTML page to an iOS user. The flaw is classified CWE-451 (UI misrepresentation of critical information) and is iOS-platform-specific, with no impact on Chrome for Android, Windows, macOS, or Linux. No active exploitation is confirmed - the vulnerability is not listed in CISA KEV and EPSS sits at 0.22% (12th percentile) - but the spoofing primitive is a classic enabler of targeted phishing campaigns against mobile users.

Information Disclosure Apple Google Suse
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-13837 MEDIUM PATCH This Month

UI spoofing in Google Chrome before 150.0.7871.47 allows remote unauthenticated attackers to visually deceive users by serving a crafted HTML page that exploits a flaw in Chrome's CSS implementation. The flaw (CWE-451: UI Misrepresentation of Critical Information) enables attacker-controlled content to obscure or mimic trusted browser UI elements such as the address bar or security indicators, creating a credible phishing surface. No public exploit has been identified at time of analysis, and the EPSS score of 0.22% (12th percentile) indicates minimal observed exploitation activity; however, Google's internal Chromium severity rating of 'High' reflects the significant phishing and credential-theft potential inherent in convincing browser UI spoofing.

Information Disclosure Google Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-13995 MEDIUM PATCH This Month

Insufficient validation of untrusted input in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Suse
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-13981 MEDIUM PATCH This Month

UI spoofing in Google Chrome for iOS prior to version 150.0.7871.47 enables a remote attacker to misrepresent page identity or security state through a specially crafted HTML page, exploiting an inappropriate implementation classified under CWE-451. The vulnerability affects only the iOS-specific Chrome codebase - not Chrome on other platforms - and requires user interaction (visiting an attacker-controlled page). No public exploit code has been identified and EPSS sits at 0.21% (11th percentile), indicating low observed exploitation probability; it is not listed in the CISA KEV catalog.

Information Disclosure Apple Google Suse
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-13980 MEDIUM PATCH This Month

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Apple Google Suse
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-13979 MEDIUM PATCH This Month

Inappropriate implementation in Paint in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Suse
NVD
CVSS 3.1
4.3
EPSS
0.2%
Prev Page 11 of 13 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy