Skip to main content
CVE-2026-48816 MEDIUM POC PATCH GHSA This Month

Timestamp forgery in sigstore-js allows an attacker supplying a crafted bundle v0.2 to manipulate certificate validity window checks by controlling the `integratedTime` field in an inclusionProof-only tlog entry. Because the inclusionProof-only code path in `@sigstore/verify` does not cryptographically bind `integratedTime` (unlike the signed inclusionPromise/set path), a low-privileged attacker who can present an untrusted bundle can cause the verifier to accept expired or not-yet-valid signing certificates as currently valid. A publicly available proof-of-concept exists; this vulnerability is not in CISA KEV.

Canonical Microsoft Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-34098 MEDIUM POC This Month

Reflected cross-site scripting in Guardian Language-System's media.php allows authenticated attackers to inject arbitrary JavaScript into the victim's browser session by crafting a malicious URL with a script payload in the id GET parameter. The flaw exists because the id parameter is written unsanitized directly into HTML source and form action attributes at lines 119 and 129 of media.php. A publicly available proof-of-concept exploit exists on GitHub, though no KEV listing indicates broad active exploitation at time of analysis.

XSS PHP Language System
NVD GitHub
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-34097 MEDIUM POC This Month

Reflected XSS in Guardian Language-System's text_file.php allows an authenticated attacker to inject arbitrary script tags into at least six distinct form action attributes (lines 94, 101, 323, 403, 826, 852) by crafting a malicious URL with a payload in the id GET parameter. When a second authenticated victim is socially engineered into following the crafted link, the script executes within their browser session against the Guardian Language-System origin, enabling session token theft or unauthorized actions on the victim's behalf. A publicly available proof-of-concept exploit exists on GitHub; no CISA KEV listing has been identified, meaning active exploitation is not confirmed at time of analysis.

XSS PHP Language System
NVD GitHub
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-34096 MEDIUM POC This Month

Reflected XSS in Guardian language-system's designer.php allows authenticated attackers to inject and execute arbitrary JavaScript in a victim's browser session by crafting a malicious URL. The `name` GET parameter is echoed unsanitized directly into an HTML input value attribute at line 57, enabling classic reflected cross-site scripting. A publicly available proof-of-concept exploit exists on GitHub (via VulnCheck advisory); the vulnerability is not currently listed in CISA KEV, and real-world impact is constrained by the requirement for victim interaction and authentication.

XSS PHP Language System
NVD GitHub
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-11562 MEDIUM POC PATCH This Month

Missing capability check in WS Form LITE WordPress plugin before 1.11.8 allows any authenticated subscriber-level WordPress user to modify the plugin's settings, an action that should be restricted to administrators. The CVSS vector (PR:L) confirms low-privilege authentication is sufficient, and a publicly available proof-of-concept has been documented by WPScan. No active exploitation has been confirmed by CISA KEV, but the low barrier to exploitation and available POC make this a credible risk on multi-user WordPress installations where untrusted subscribers exist.

WordPress Information Disclosure Ws Form Lite
NVD WPScan VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-11887 MEDIUM POC PATCH This Month

Missing authorization on an AJAX endpoint in the Salon Booking System WordPress plugin (all versions before 10.30.20) allows any authenticated subscriber-level user to modify plugin settings and disable the manual approval workflow for new bookings. A publicly available proof-of-concept exists per WPScan's disclosure, making exploitation straightforward for any registered user on affected sites. No public exploitation (CISA KEV) has been confirmed, and SSVC assessment classifies technical impact as partial with exploitation not yet automated.

WordPress Authentication Bypass Salon Booking System
NVD WPScan VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-11570 MEDIUM POC PATCH This Month

Stored Cross-Site Scripting in the User Submitted Posts WordPress plugin before version 20260608 enables unauthenticated attackers to inject persistent malicious scripts into admin-configured display templates. The vulnerability is only reachable when a site administrator has enabled a non-default display option in the plugin settings, limiting its real-world exposure. A publicly available proof-of-concept exploit exists per WPScan, though no active exploitation has been confirmed by CISA KEV at time of analysis.

WordPress XSS User Submitted Posts
NVD WPScan VulDB
CVSS 3.1
4.2
EPSS
0.2%
CVE-2026-58517 MEDIUM PATCH This Month

Authentication bypass in the Wikimedia Foundation's WikiLambda extension for MediaWiki allows unauthenticated remote attackers to circumvent access controls via improper neutralization of input terminator characters (CWE-288). Affected are all WikiLambda deployments running versions prior to 1.43.9, 1.44.6, and 1.45.4 across the supported MediaWiki release branches. No public exploit or CISA KEV listing has been identified at time of analysis, though the network-accessible, zero-prerequisite attack vector warrants prompt patching.

Authentication Bypass Mediawiki Wikilambda Extension
NVD VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-53908 MEDIUM This Month

User enumeration in MyComplianceOffice (MCO) version 25.3.3.1 allows unauthenticated remote attackers to identify valid usernames and email addresses by observing distinguishable application responses from the password reset and username reminder endpoints. The CWE-204 Observable Response Discrepancy root cause means account existence is leaked through differential error messages, status codes, or redirect behavior - classic reconnaissance fodder for follow-on credential stuffing or targeted phishing against compliance personnel. No public exploit code has been identified and no CISA KEV listing exists; however, vendor contact was unsuccessful, leaving patch status unresolved and version scope uncertain beyond the confirmed 25.3.3.1 release.

Information Disclosure Mco
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-14358 MEDIUM PATCH This Month

Cross-site scripting in the Wikimedia Foundation's MediaWiki Charts Extension allows network-accessible, unauthenticated attackers to inject malicious JavaScript into wiki pages that render chart content. All installations running the Charts Extension across the 1.43.x, 1.44.x, and 1.45.x branches prior to fixed releases 1.43.9, 1.44.6, and 1.45.4 are affected. No public exploit code or CISA KEV listing has been identified at time of analysis; however, the CVSS 4.0 vector's PR:N and UI:N designations indicate the attack requires neither attacker credentials nor victim interaction beyond page rendering, which is atypical for classical reflected XSS and elevates practical exploitability.

XSS Mediawiki Charts Extension
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-58519 MEDIUM PATCH This Month

Stored cross-site scripting in the Wikimedia Foundation's MediaWiki Cargo Extension (all versions before 3.9.1) allows attackers to inject persistent malicious scripts into wiki pages rendered through the Cargo data-display system. The CVSS 4.0 vector carries E:A (evidence of active exploitation), elevating this beyond a theoretical risk. Successful exploitation enables session hijacking, credential theft, and in-browser payload delivery against any user who views an affected Cargo-rendered page.

XSS Mediawiki Cargo Extension
NVD VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-58520 MEDIUM PATCH This Month

Open redirect exploitation in the Wikimedia Foundation MediaWiki UrlShortener Extension enables unauthenticated network attackers to craft shortened URLs hosted on trusted MediaWiki domains that silently redirect victims to arbitrary external sites, facilitating phishing and Cross-Site Flashing attacks. All versions of the extension prior to 1.43.9, 1.44.6, and 1.45.4 across their respective branches are affected. No public exploit code or CISA KEV listing has been identified at time of analysis; however, the unauthenticated and network-accessible nature of URL shortener services makes social-engineering abuse low-effort once a target instance is identified.

Open Redirect Mediawiki Urlshortener Extension
NVD VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-14363 MEDIUM PATCH This Month

SQL injection in the Wikimedia Foundation's MediaWiki Cargo Extension exposes wiki deployments to unauthenticated database read and write operations across all versions prior to 1.43.9, 1.44.6, and 1.45.4. The Cargo extension's core function - accepting user-supplied query parameters to construct database queries - makes this a structurally sensitive attack surface, as improper neutralization of SQL special elements allows crafted input to escape intended query boundaries. No public exploit code has been identified at time of analysis, and CISA KEV listing is absent, but the PR:N/AC:L/AT:N CVSS 4.0 vector confirms exploitation requires no authentication or special preconditions against default-accessible Cargo query endpoints.

SQLi Mediawiki Cargo Extension Red Hat
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-58521 MEDIUM PATCH This Month

SQL injection in the Wikimedia Foundation's Cargo Extension for MediaWiki exposes all installations running versions prior to 1.43.9, 1.44.6, or 1.45.4 to unauthenticated database manipulation via the Cargo query interface. The flaw stems from improper neutralization of user-controlled input incorporated into SQL statements without adequate parameterization, allowing attackers to read, modify, or partially disrupt data stored in Cargo-managed tables. No public exploit code or CISA KEV listing has been identified at time of analysis, though the CVSS 4.0 vector confirms low-complexity, network-accessible exploitation requiring no authentication or user interaction.

SQLi Mediawiki Cargo Extension
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2026-58518 MEDIUM PATCH This Month

Cross-site request forgery in the Wikimedia Foundation's MediaWiki RedirectManager Extension (all versions before 1.3.3) enables remote attackers to perform unauthorized redirect management actions on behalf of authenticated wiki users. The CVSS 4.0 base score of 6.9 (Medium) reflects network-accessible exploitation with low impact across confidentiality, integrity, and availability dimensions on both vulnerable and subsequent systems. No public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.

CSRF Mediawiki Redirectmanager Extension
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2026-13769 MEDIUM PATCH This Month

Credential exposure in AWS CLI on Unix-like systems allows other local users on the same host to read sensitive credentials written to disk by three specific subcommands: aws codeartifact login, aws iam create-virtual-mfa-device, and aws deploy register. When the system umask is at its default permissive value - the case on most Unix-like systems - credential files are written without adequately restrictive permissions, making them readable by other local accounts. No public exploit or CISA KEV listing exists at time of analysis; however, the vendor (Amazon) has confirmed the issue and released patched versions 1.44.78 (v1) and 2.34.29 (v2).

Information Disclosure Aws Cli Red Hat Suse
NVD GitHub
CVSS 4.0
6.8
EPSS
0.1%
CVE-2026-49988 MEDIUM PATCH GHSA This Month

Repomix 1.14.0's MCP server exposes a file-read safety bypass allowing any MCP-connected client to retrieve arbitrary local `.json`, `.txt`, `.md`, or `.xml` files without triggering the project's `runSecretLint()` secret-scanning guard. The `attach_packed_output` tool accepts arbitrary local paths, validates only by file extension, reads the file without invoking the secret check, and registers the path under an `outputId`; `read_repomix_output` then returns the full file contents-entirely circumventing the boundary enforced by the dedicated `file_system_read_file` tool. No CISA KEV listing or EPSS data is available, but the advisory includes a reproduction harness that confirmed the bypass end-to-end against repomix@1.14.0.

Information Disclosure
NVD GitHub
CVSS 4.0
6.8
EPSS
0.2%
CVE-2026-20462 MEDIUM This Month

Heap buffer overflow in the Telephony subsystem of MediaTek chipsets enables local privilege escalation on affected Android devices, delivering full confidentiality, integrity, and availability impact. Twenty-two specific MediaTek SoC variants are confirmed affected, spanning the MT6xxx and MT8xxx mid-range and budget families. No public exploit has been identified at time of analysis; MediaTek has issued patch ALPS11006447 via their July 2026 security bulletin, but exploitation requires a pre-existing System-level privilege on the device, making this a chaining vulnerability rather than a standalone entry vector.

Privilege Escalation Heap Overflow Buffer Overflow Mediatek Chipset
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2026-20463 MEDIUM This Month

Local privilege escalation in the Modem component across 80+ MediaTek chipsets allows an attacker already holding System-level access to bypass permission enforcement (CWE-280) and escalate further within the device. The vulnerability is confirmed by MediaTek in their July 2026 Product Security Bulletin (Patch ID: MOLY01716533, Issue ID: MSV-6309) and affects a broad swath of chipsets spanning low-end to flagship tiers. No user interaction is required for exploitation, but the prerequisite of System-level access significantly constrains the realistic attack surface. No public exploit code or CISA KEV listing has been identified at time of analysis.

Privilege Escalation Mediatek Chipset
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2026-38142 MEDIUM This Month

Unauthenticated OS command injection in Tenda AC18 v15.03.05.05 exposes the device to full remote compromise via a crafted HTTP request to the /goform/fast_setting_internet_set endpoint. The vulnerability is a second-order (stored) injection through the mac parameter - malicious payloads are written into device configuration and executed when triggered. No public exploit identified at time of analysis, though SSVC confirms a proof-of-concept exists and the attack is automatable, making mass exploitation technically feasible against internet-exposed devices.

Command Injection Tenda N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2026-13454 MEDIUM This Month

SQL Injection in the MotoPress Appointment Booking WordPress plugin (versions ≤ 2.4.5) allows authenticated attackers holding the mpa_appointment_employee custom role to append arbitrary SQL to booking search queries via the 's' parameter, enabling full read access to the underlying WordPress database. The vulnerability originates in ManageBookingsPage.php at two separate query-construction points (lines 247 and 310), where user-supplied input is neither escaped nor parameterized. No public exploit code or active exploitation has been identified at time of analysis, and the EPSS signal was not supplied; however, the Wordfence intelligence report and a confirmed upstream fix commit indicate the issue is credibly documented.

WordPress SQLi Motopress Appointment Booking
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2026-51946 MEDIUM This Month

SQL Injection vulnerability in GoAdminGroup GoAdmin (last release v1.2.26) allows a remote attacker to execute arbitrary code and obtain sensitive information via the the __sort_type URL parameter on all /admin/info/{table} endpoints

SQLi RCE N A
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-12110 MEDIUM This Month

SQL Injection in the Taskbuilder Project Management & Task Management WordPress plugin (versions up to and including 5.0.8) allows any authenticated WordPress user with Subscriber-level access or higher to exfiltrate arbitrary data from the site's database. The root cause is dual: insufficient escaping of the 'task_search' parameter in the wppm_get_task_list AJAX handler combined with a complete absence of capability checks and nonce verification on that handler, meaning the attack surface is broader than typical subscriber-exploitable SQLi. No public exploit or active exploitation (CISA KEV) has been identified at time of analysis; however, the low privilege bar and straightforward injection vector make this a credible threat against any WordPress site running the affected plugin.

WordPress SQLi Taskbuilder Project Management Task Management Tool With Kanban Board
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-12090 MEDIUM This Month

SQL injection in the Taskbuilder Project Management plugin for WordPress (versions ≤5.0.8) enables any authenticated user-including those with only subscriber-level access-to exfiltrate sensitive data from the WordPress database. The vulnerability exists in the `wppm_proj_filter` parameter handled by `wppm_view_project_tasks.php`, which lacks both proper SQL escaping and prepared statement usage. Compounding the risk, the `wp_ajax_wppm_view_project_tasks` AJAX handler performs no nonce verification, meaning the vulnerable code path is reachable by any authenticated WordPress session without additional preconditions. No public exploit has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

WordPress SQLi Taskbuilder Project Management Task Management Tool With Kanban Board
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-56148 MEDIUM This Month

Denial of service in Elasticsearch allows any authenticated user to crash an affected cluster node by submitting a specially crafted query that triggers uncontrolled recursion during query processing. Excessive resource consumption during request handling can render the targeted node unavailable, disrupting search and indexing operations for all dependent applications. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, the low privilege requirement makes it accessible to any user with query access.

Elastic Denial Of Service Elasticsearch
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-44041 MEDIUM This Month

Out-of-bounds read in UltraVNC through version 1.8.2.2 allows network-authenticated attackers to potentially crash the VNC server process or leak adjacent memory content via the vncWc2Mb() wide-string conversion helper in rfb/dh.cpp at line 204. The flaw is triggered when wcslen() is called on a caller-supplied WCHAR pointer without a preceding bounds check, enabling memory over-reads if the buffer lacks proper NUL termination. No public exploit code or active exploitation has been identified at time of analysis; the vendor's CVSS 4.3 (Medium) rating reflects the constrained and largely denial-of-service-oriented impact.

Denial Of Service Buffer Overflow Information Disclosure Ultravnc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-11988 MEDIUM This Month

Course enrollment data exposure in LearnPress WordPress LMS plugin (all versions through 4.3.9.1) enables authenticated subscribers to read the course progress and completion records of any instructor or administrator by supplying an arbitrary value to the `userId` REST API parameter. The lazy load controller accepts the caller-supplied key without verifying ownership, bypassing authorization for LP_TEACHER_ROLE and administrator accounts while a partial guard correctly blocks subscriber-to-subscriber cross-access. No public exploit code or active exploitation has been identified at time of analysis, but exploitation requires only a subscriber-level account, making the real-world barrier low on sites with open user registration.

Authentication Bypass WordPress Learnpress Wordpress Lms Plugin For Create And Sell Online Courses
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-5142 MEDIUM This Month

Private SSH key exfiltration in Red Hat Satellite 6 (upstream: Foreman) allows authenticated users holding the 'view_keypairs' permission to bypass taxonomy scoping and retrieve private SSH keys belonging to foreign organizations by directly querying key pair IDs via the API. The flaw is an IDOR (CWE-639) at the multi-tenancy enforcement layer, meaning the isolation contract between tenant organizations is broken for any user granted that permission. No CISA KEV listing or public exploit code has been identified at time of analysis; impact is strictly confidentiality - no write or destructive capability is exposed through this path.

Authentication Bypass Information Disclosure Red Hat Satellite 6
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-5135 MEDIUM This Month

Broken access control in Foreman (the upstream engine of Red Hat Satellite 6) permits an authenticated user holding host-edit permissions to retarget an existing lookup value override to hosts outside their authorized organizational or location scope. The flaw stems from insufficient authorization enforcement on the match field when modified via nested host attributes, allowing an attacker to effectively write configuration overrides to managed hosts they are not permitted to administer. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass Red Hat Satellite 6
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-14258 MEDIUM This Month

Denial of service in dhcpcd's IPv6 Neighbor Discovery Router Advertisement parser allows an adjacent unauthenticated attacker to exhaust CPU resources on any host running dhcpcd with IPv6 enabled. The flaw (CWE-835 - infinite loop) arises because a zero-length Neighbor Discovery option passes initial storage validation but is later reparsed without sufficient bounds enforcement, causing the parser to loop indefinitely without advancing. No active exploitation is confirmed (not in CISA KEV), but the adjacent-network attack vector and zero-privilege requirement make this actionable on shared Layer-2 environments such as enterprise Wi-Fi, cloud VLANs, and data-center segments.

Denial Of Service Red Hat Enterprise Linux 10 Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-56151 MEDIUM This Month

Fleet policy management in Kibana is vulnerable to denial of service through insufficient validation of user-supplied policy inputs. An authenticated Kibana user with Fleet write access can submit a specially crafted Fleet policy input that bypasses server-side validation, rendering Fleet agent management, server operations, and policy configuration unavailable. No public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA KEV; however, the low authentication bar (any valid low-privilege account) and network accessibility make it a meaningful operational risk for organizations relying on Elastic Agent deployments.

Elastic Denial Of Service Kibana
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-49087 MEDIUM This Month

Denial of service in Kibana allows any authenticated user with low-privilege access to exhaust server resources via a specially crafted bulk deletion request, potentially rendering the Kibana interface completely unavailable. Affected are Kibana deployments prior to versions 8.19.15 and 9.3.4 across both the 8.x and 9.x release branches. The vulnerability requires no special configuration to be present and no user interaction beyond submitting the malicious request, making it reliably triggerable by any valid Kibana account holder. No public exploit or CISA KEV listing identified at time of analysis.

Elastic Denial Of Service Kibana
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-49090 MEDIUM This Month

Sustained CPU exhaustion in Elasticsearch allows an authenticated low-privilege user to render an affected node unresponsive by submitting a specially crafted bulk request to the _bulk API endpoint. The root cause is CWE-400 (Uncontrolled Resource Consumption), whereby the bulk request processing path fails to bound CPU allocation per request, aligning with CAPEC-130 (Excessive Allocation). No public exploit identified at time of analysis, and no KEV listing exists; however, the low attack complexity and standard network accessibility of the bulk API make this a credible insider or compromised-credential threat in production environments.

Elastic Denial Of Service Elasticsearch
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14388 MEDIUM PATCH This Month

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Google Buffer Overflow Information Disclosure Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14386 MEDIUM PATCH This Month

Out-of-bounds read in ANGLE (Chrome's cross-platform graphics abstraction layer) prior to version 150.0.7871.46 allows a remote attacker to extract potentially sensitive data from the browser's process memory by directing a victim to a crafted HTML page. The CVSS vector confirms network delivery with no authentication required but mandates user interaction, and the High confidentiality impact (C:H) indicates that in-memory data such as session tokens, cached credentials, or page content could be exposed. SSVC assessment records no active exploitation and the flaw is absent from the CISA KEV catalog; a vendor patch has been released and no public exploit code has been identified at time of analysis.

Google Buffer Overflow Information Disclosure Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-53466 MEDIUM PATCH This Month

Integer overflow in ImageMagick's XCF (GIMP native format) decoder allows remote unauthenticated attackers to trigger an out-of-bounds read by supplying a crafted XCF image file, resulting in an application crash or limited memory disclosure. All ImageMagick releases prior to 6.9.13-51 (legacy branch) and 7.1.2-26 (current branch) are affected. No public exploit code or active exploitation has been identified at time of analysis, but the zero-complexity, pre-authentication attack surface makes this a meaningful risk for any internet-facing service that processes user-supplied images via ImageMagick.

Integer Overflow Buffer Overflow Imagemagick
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-54704 MEDIUM PATCH This Month

OpenTelemetry Java Instrumentation prior to 2.28.0 leaks clear-text database passwords into distributed trace span attributes when JDBC auto-instrumentation encounters double-quoted passwords in SQL CONNECT statements, bypassing the sanitization logic. These poisoned spans are then exported to any configured observability backend - Jaeger, Zipkin, OTLP collectors, or third-party SaaS monitoring - making database credentials visible to all parties with telemetry read access. No public exploit or confirmed active exploitation exists at time of analysis, but the impact of credential exposure is high given downstream database access risk.

Java Information Disclosure Opentelemetry Java Instrumentation
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-44040 MEDIUM This Month

UltraVNC through 1.8.2.2 exposes a cryptographically weak VNC authentication challenge generator that an attacker can predict by observing network traffic and enumerating a roughly 31-bit seed space derived from wall-clock time and process ID. Successful seed reconstruction allows the attacker to forge or brute-force valid VNC authentication responses, effectively bypassing the RFB challenge-response mechanism and gaining unauthorized remote desktop access. No public exploit has been identified at time of analysis, and the vulnerability is not currently listed in the CISA KEV catalog; however, the mathematical basis for exploitation is straightforward given the small seed space.

Microsoft Information Disclosure Ultravnc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-54261 MEDIUM PATCH This Month

Missing authorization on the image preview endpoint in Wagtail CMS allows any authenticated admin-panel user to render previews of images they do not have permission to access. Affected across three maintained release branches - all Wagtail versions prior to 7.0.8, 7.3.3, and 7.4.2. No public exploit has been identified at time of analysis, and exploitation is strictly bounded to users holding valid Wagtail admin credentials, making this a privileged-insider or compromised-account risk rather than an external threat.

Python Information Disclosure Wagtail
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14399 MEDIUM PATCH This Month

Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14408 MEDIUM PATCH This Month

Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14421 MEDIUM PATCH This Month

Uninitialized memory use in Dawn, Chrome's WebGPU implementation, on ChromeOS prior to version 150.0.7871.46 enables remote attackers to read potentially sensitive contents from GPU process memory by serving a crafted HTML page. The flaw (CWE-457) allows stale or uninitialized buffer data to be exposed back to the requesting JavaScript context without proper sanitization. No public exploit has been identified at time of analysis, and CISA SSVC rates this as non-automatable with partial technical impact, though the CVSS confidentiality rating is High.

Information Disclosure Google Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14402 MEDIUM PATCH This Month

Uninitialized Use in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Information Disclosure Microsoft Google Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-54164 MEDIUM PATCH This Month

Type confusion in API Platform Core's AbstractItemNormalizer allows authenticated API consumers to corrupt relational data by supplying IRIs pointing to resources of the wrong type during write operations (POST/PUT/PATCH). The root cause is that getResourceFromIri() omits the $operation context when calling IriConverter::getResourceFromIri(), silently bypassing the is_a type guard at IriConverter.php:86. All 4.1.x, 4.2.x, and 4.3.x releases prior to the patched versions are affected; no public exploit or CISA KEV listing has been identified at time of analysis.

Memory Corruption Information Disclosure PHP Core
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14384 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome on Windows prior to 150.0.7871.46 stems from an out-of-bounds read in ANGLE, the browser's graphics abstraction layer. Remote attackers can exploit this by serving a crafted HTML page to a Windows user, causing the ANGLE subsystem to read memory beyond its intended buffer boundary and exposing data belonging to a separate web origin. No public exploit code has been identified at time of analysis, and the EPSS score of 0.18% (8th percentile) indicates low exploitation probability in the near term.

Google Microsoft Buffer Overflow Information Disclosure Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14381 MEDIUM PATCH This Month

UI spoofing in Google Chrome's WebAppInstalls component (versions prior to 150.0.7871.46) enables remote attackers to misrepresent security indicators during Progressive Web App installation prompts via a crafted HTML page. The incorrect security UI (CWE-451) can deceive users into believing they are installing a legitimate, trusted application when they are not, resulting in a low-integrity impact. EPSS is 0.18% (8th percentile), no public exploit code exists, and this vulnerability has not been added to CISA KEV, indicating minimal active exploitation risk at time of analysis.

Information Disclosure Google Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14396 MEDIUM PATCH This Month

Cross-origin data exfiltration in Google Chrome's ANGLE graphics layer exposes sensitive browser memory contents to remote attackers who can induce a victim to visit a crafted HTML page. The out-of-bounds read in ANGLE (Chrome's cross-platform graphics abstraction engine) affects all Chrome desktop versions prior to 150.0.7871.46, confirmed by Google's stable channel advisory. No public exploit code or active exploitation has been identified at time of analysis; an EPSS of 0.17% (7th percentile) reflects minimal current weaponization pressure despite the high confidentiality impact assigned in CVSS.

Google Buffer Overflow Information Disclosure Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14404 MEDIUM PATCH This Month

UI spoofing via a crafted PDF file in Google Chrome's PDFium rendering engine allows a remote, unauthenticated attacker to visually mislead users into performing unintended actions or trusting falsified content. All Chrome versions prior to 150.0.7871.46 are affected. Exploitation requires the victim to open a malicious PDF - no special configuration is needed beyond default Chrome behavior. No public exploit identified at time of analysis, and CISA SSVC rates exploitation as none with partial technical impact.

Information Disclosure Google Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-57963 MEDIUM This Month

An attacker who can send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1.

Mozilla Thunderbird XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-57737 MEDIUM This Month

DOM-Based XSS in the Shortcodes and extra features for Phlox theme WordPress plugin (all versions through 2.17.16) permits a low-privileged authenticated attacker to inject malicious JavaScript that executes in victims' browsers via unsanitized shortcode input. Exploitation requires an attacker with at least contributor-level WordPress access and a privileged user to view the crafted page, enabling session hijacking, credential theft, or unauthorized administrative actions. No public exploit identified at time of analysis; vulnerability was disclosed by Patchstack and is not listed in CISA KEV.

XSS Shortcodes And Extra Features For Phlox Theme
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy