Skip to main content
CVE-2026-27435 MEDIUM PATCH This Month

Broken access control in the WofficeIO Woffice WordPress theme (all versions before 5.4.33) permits unauthenticated remote attackers to exploit incorrectly configured access control security levels, achieving low-impact unauthorized write actions without credentials or user interaction. Discovered and disclosed by Patchstack, the flaw stems from CWE-862 (Missing Authorization), where the theme fails to enforce proper capability checks on specific endpoints. No public exploit or CISA KEV listing has been identified at time of analysis, though the unauthenticated and low-complexity attack vector broadens the exposure surface beyond what the medium CVSS score alone conveys.

Authentication Bypass Woffice
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-55594 MEDIUM PATCH This Month

Stack overflow in ImageMagick's MVG decoder prior to versions 6.9.13-51 and 7.1.2-26 allows remote unauthenticated attackers to crash image-processing services by submitting a crafted MVG image file. The root cause is a missing depth check in the MVG decoder (CWE-400), enabling unbounded recursion that exhausts stack memory. No active exploitation has been confirmed and no public exploit code has been identified at time of analysis, but the zero-friction attack surface - any application accepting image uploads with unpatched ImageMagick - makes patching a practical priority.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-53905 MEDIUM This Month

MCO's compliance management platform exposes administrator ACL tree structures to any authenticated low-privileged user via a missing authorization check on the `/customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure` web API endpoint. Confirmed by CERT-PL in version 25.3.3.1, the flaw allows low-privileged users to retrieve permission hierarchies and internal configuration details intended only for administrators. No active exploitation has been identified, no public exploit code exists, and vendor contact attempts were unsuccessful, leaving the patch timeline and full version impact unresolved.

Authentication Bypass Mco
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-14414 MEDIUM PATCH This Month

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Suse
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-14391 MEDIUM PATCH This Month

Integer overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Microsoft Google Suse
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-53467 MEDIUM PATCH This Month

Heap memory disclosure in ImageMagick's MNG decoder affects all versions prior to 6.9.13-51 (legacy branch) and 7.1.2-26 (current branch), allowing remote unauthenticated attackers to obtain partial heap contents by submitting a crafted MNG image file and retrieving the processed output. The root cause (CWE-908) is that pixel buffers are not fully initialized before output is written, leaving residual in-process heap data embedded in the resulting image. No public exploit or CISA KEV listing exists at time of analysis; however, the zero-authentication, network-accessible attack vector makes this a meaningful risk for any image-processing pipeline that accepts untrusted MNG input.

Information Disclosure Imagemagick
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-20461 MEDIUM This Month

Out-of-bounds write in MediaTek modem firmware allows a network-adjacent attacker controlling a rogue cellular base station to remotely crash affected User Equipment (UE), resulting in denial of service. Thirty-three distinct MediaTek chipsets - spanning flagship mobile SoCs (MT6991, MT6989, MT6985) to tablet and IoT chipsets (MT8795T, MT8893) - contain the vulnerable modem component identified under Patch IDs MOLY01267281 and MOLY01318201. No public exploit code has been identified at time of analysis, and the attack is non-trivial due to the requirement for attacker-controlled cellular infrastructure, but the sheer deployment scale of affected chipsets across Android devices makes the aggregate exposure significant.

Memory Corruption Denial Of Service Buffer Overflow Mediatek Chipset
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-20457 MEDIUM This Month

Remote denial of service in the MediaTek Modem firmware component affects approximately 60 chipset models via a null pointer dereference triggered when a target device connects to a rogue cellular base station. An attacker controlling a fake eNodeB or gNodeB can transmit crafted modem protocol messages that cause improper input validation to fail, crashing the modem and stripping affected devices of cellular connectivity. No public exploit has been identified at time of analysis, and CISA SSVC rates current exploitation status as none, indicating this remains a theoretical but technically feasible threat for well-resourced actors.

Denial Of Service Null Pointer Dereference Mediatek Chipset
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-20460 MEDIUM This Month

Information disclosure in MediaTek modem firmware across 67+ chipset models enables a network-adjacent attacker operating a rogue cellular base station to extract sensitive data from a victim's User Equipment (UE) without any privileges or user interaction. The root cause is improper input validation (CWE-288) in the modem baseband stack, allowing a fake cell tower to elicit confidential data from connected devices. No active exploitation has been confirmed by CISA KEV, and SSVC assessment rates exploitation as 'none' at time of analysis, though the architecture of the attack closely resembles IMSI-catcher and stingray-type tradecraft used in targeted surveillance operations.

Information Disclosure Mediatek Chipset
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-20459 MEDIUM This Month

Remote denial-of-service in MediaTek modem firmware across 80+ chipset families allows an attacker operating a rogue cellular base station to crash affected devices by sending malformed input the modem fails to validate. The vulnerability (CWE-288) requires no privileges on the target device and no user interaction - a device that autonomously connects to the attacker's false base station is sufficient. No public exploit code has been identified at time of analysis, and SSVC classifies exploitation status as none, though the widespread chipset deployment across Android handsets and IoT hardware makes the affected attack surface extremely broad.

Denial Of Service Mediatek Chipset
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-56152 MEDIUM This Month

Incorrect Authorization (CWE-863) in Elastic Defend exposes response action data to low-privileged authenticated users who should not have access to it. The flaw, classified under CAPEC-1, arises because access controls on specific functionality are not properly enforced, allowing a user with minimal privileges to read security response action data belonging to other users or roles. No public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog, but the High confidentiality impact (CVSS C:H) means sensitive endpoint response data - such as isolation actions, process kills, or file retrieval outputs - could be disclosed.

Authentication Bypass Elastic Information Disclosure Endpoint Security
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-57962 MEDIUM This Month

A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1.

Mozilla Thunderbird Denial Of Service
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-48824 MEDIUM PATCH GHSA This Month

{id}/release` still call `json.NewDecoder(r.Body)` with no body-size cap, allowing a remote unauthenticated attacker to drive process RSS from ~8 MB baseline to ~450 MB with a single 16 MB request (~28× amplification), with no memory recovery between requests. A working proof-of-concept with exact reproduction steps is published in the advisory; no KEV status confirmed at time of analysis.

Denial Of Service Docker
NVD GitHub
CVSS 3.1
5.3
CVE-2026-57721 MEDIUM This Month

Missing authorization controls in the ApplyOnline WordPress plugin (versions through 2.6.7.6) by WP Reloaded allow unauthenticated remote attackers to perform unauthorized write-level actions by exploiting incorrectly configured access control security levels. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms exploitation requires no authentication and no user interaction against any network-accessible WordPress installation running this plugin. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low complexity and zero-auth requirement make this straightforward to abuse.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-27409 MEDIUM This Month

Unauthenticated remote attackers can bypass access controls in the Webba Booking WordPress plugin (all versions through 6.4.13) due to missing server-side authorization checks on one or more booking-related endpoints, enabling unauthorized integrity-affecting actions such as creating, modifying, or canceling bookings. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms zero-friction exploitation requiring no credentials or user interaction against any internet-facing WordPress site running the affected plugin. No public exploit code has been identified at time of analysis, and this vulnerability does not appear in the CISA KEV catalog.

Authentication Bypass Webba Booking
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-53906 MEDIUM This Month

Path traversal and path disclosure in MyComplianceOffice MCO's file handling functionality expose authenticated high-privilege users' ability to write files to arbitrary server locations and leak absolute server paths through error messages. Confirmed in version 25.3.3.1 via CERT-PL research, with other versions potentially affected given unsuccessful vendor contact. No public exploit code or active exploitation identified at time of analysis; the high privilege prerequisite (PR:H) substantially constrains real-world attack surface.

Path Traversal Mco
NVD
CVSS 4.0
5.1
EPSS
0.4%
CVE-2026-58024 MEDIUM PATCH This Month

Information disclosure in MediaWiki's ApiUserrights.php exposes sensitive user rights data to authenticated actors who should not have access to it. All MediaWiki installations running versions prior to 1.43.9, 1.44.6, 1.45.4, and 1.46.0 are affected. The CVSS 4.0 score of 5.1 with low confidentiality impact (VC:L) reflects a bounded but real data leakage risk; no public exploit identified at time of analysis.

PHP Information Disclosure Mediawiki
NVD VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2026-44936 MEDIUM PATCH GHSA This Month

Helm credential exfiltration in Rancher Fleet allows an attacker with git push access to a Fleet-monitored repository to redirect configured Helm BasicAuth credentials to an attacker-controlled server by manipulating the `helm.repo` field inside a committed `fleet.yaml`. Affected deployments are those where `GitRepo` resources carry `helmSecretName` or `helmSecretNameForPaths` but lack a `helmRepoURLRegex` allowlist - the default state for most pre-patch installations across the v0.12, v0.13, v0.14, and v0.15 release lines. No public exploit code has been identified and the vulnerability is absent from the CISA KEV catalog, but the low attack complexity and clear credential-theft path make this a meaningful supply-chain risk for organizations relying on private Helm repositories within Rancher-managed multi-cluster environments.

SSRF
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.3%
CVE-2026-56149 MEDIUM This Month

Elasticsearch's machine learning API contains an unbounded resource allocation flaw that allows an authenticated user with elevated privileges to crash an affected node by submitting a specially crafted ML request over the network. The absence of throttling or quota enforcement on ML request memory consumption (CWE-770) means the node's JVM heap can be exhausted, rendering it unavailable without any confidentiality or integrity exposure. No public exploit code has been identified at the time of analysis, and this vulnerability does not appear in the CISA KEV catalog.

Elastic Denial Of Service Elasticsearch
NVD VulDB
CVSS 3.1
4.9
EPSS
0.3%
CVE-2026-53907 MEDIUM This Month

Stored XSS in MyComplianceOffice MCO version 25.3.3.1 allows a privileged attacker with logo-upload rights to plant malicious JavaScript inside a crafted SVG file that executes in any user's browser when the application logo is rendered. Reported by CERT-PL, vendor contact was unsuccessful, leaving no official patch or advisory in place. No public exploit code has been identified at time of analysis, though the SVG-based XSS technique is well-documented and trivially replicable against unpatched instances.

XSS Mco
NVD
CVSS 4.0
4.8
EPSS
0.3%
CVE-2026-48819 MEDIUM PATCH GHSA This Month

Prototype pollution in @hey-api/openapi-ts affects all versions through 0.97.2, allowing remote unauthenticated attackers to substitute the prototype chain of the returned params slot object by passing a crafted key such as '$query___proto__' through any application that forwards user-supplied parameters to a generated SDK method. The flaw resides in a runtime template (dist/clients/core/params.ts) that is copied verbatim into every generated SDK, meaning every downstream npm package regenerated from this tool carries the vulnerable code - confirmed affected consumers include @opencode-ai/sdk and @trigger.dev/sdk. A functional proof-of-concept is publicly available; exploitation is not confirmed as actively exploited and is absent from CISA KEV.

Node.js Docker Code Injection Prototype Pollution
NVD GitHub
CVSS 3.1
4.8
CVE-2026-55595 MEDIUM PATCH This Month

Uncontrolled resource consumption in ImageMagick (all versions prior to 6.9.13-51 and 7.1.2-26) allows a denial-of-service condition by supplying invalid arguments to the connected-components processing option, which causes an infinite loop that exhausts CPU resources indefinitely. The vulnerability requires local access, user interaction, and high attack complexity, confining realistic risk to environments where untrusted input can influence ImageMagick invocations - such as automated image-processing pipelines or web applications that expose connected-components functionality. Vendor-released patches exist for both the 6.x and 7.x branches; no public exploit code and no active exploitation (CISA KEV) have been identified at time of analysis.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2026-6684 MEDIUM This Month

Unbounded mount-time loop in FatFs prior to R0.16 allows physical attackers to cause a denial of service by presenting a crafted GPT disk image with an arbitrarily large GPTH_PtNum partition count field. The flaw is present only in builds where the FF_LBA64 = 1 compile-time flag is set, enabling 64-bit LBA and GPT scanning support. A public proof-of-concept is available from runZero; no confirmed active exploitation (CISA KEV) has been observed, and SSVC categorizes technical impact as partial, limited to availability.

Denial Of Service Fatfs
NVD GitHub
CVSS 3.1
4.6
EPSS
0.2%
CVE-2026-6683 MEDIUM This Month

Divide-by-zero in FatFs R0.16 and earlier's exFAT sync logic crashes the filesystem when crafted volume metadata causes the expression `n_fatent - 2` to evaluate to zero during write/sync operations, resulting in a hard fault or denial of service on the affected embedded device. The elm-chan FatFs library is widely bundled into microcontroller SDKs and IoT firmware, meaning the vulnerable code exists across a broad range of downstream products compiled with exFAT support. A proof-of-concept exists per SSVC assessment; no confirmed active exploitation (CISA KEV) has been recorded, and the physical attack vector limits mass exploitation, though network-accessible firmware update pipelines can extend effective reach.

Information Disclosure Fatfs
NVD GitHub
CVSS 3.1
4.6
EPSS
0.2%
CVE-2026-6686 MEDIUM This Month

Uninitialized cluster exposure in FatFs R0.16 and earlier allows recovery of residual disk data when f_lseek() extends a file beyond its current EOF without zeroing newly allocated FAT clusters. Any application or device reading the extended region receives raw, previously written sector content instead of zeroed bytes, leaking sensitive residual storage data such as deleted file fragments or cryptographic material. A proof-of-concept exploit exists per SSVC and runZero's GitHub repository; no active exploitation has been confirmed in CISA KEV.

Information Disclosure Fatfs
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.2%
CVE-2026-5051 MEDIUM PATCH This Month

Plugin directory guard bypass in HashiCorp Vault and Vault Enterprise allows a highly privileged, authenticated attacker to read files outside the intended audit plugin directory via path traversal. Exploitation requires network access, high-privilege credentials, and the use of the legacy file audit path option - a non-default configuration. Fixed versions are 2.0.1, 1.21.6, 1.20.11, and 1.19.17; no public exploit or active exploitation (CISA KEV) has been identified at time of analysis.

Hashicorp Path Traversal Vault Vault Enterprise
NVD VulDB
CVSS 3.1
4.4
EPSS
0.3%
CVE-2026-49088 MEDIUM This Month

Sensitive HTTP request header values are written into Kibana application logs when the optional APM (Application Performance Monitoring) instrumentation feature is enabled, exposing credentials or tokens to anyone with operator-level log access. This affects multiple Kibana release branches (8.18.x, 8.19.x, 9.0.x, and 9.1.x) and is classified as information disclosure under CWE-532. No public exploit or active exploitation has been identified at time of analysis; the exposure is passive and gated behind both a non-default configuration and existing operator privileges.

Elastic Information Disclosure Kibana
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2026-12904 MEDIUM This Month

Kadence Blocks WordPress plugin versions up to and including 3.7.7 allows authenticated Contributor-level users to read or delete optimizer analysis records belonging to posts they do not own, by exploiting a parameter mismatch in four REST API endpoints of the Optimize_Rest_Controller. The authorization check binds to a user-supplied post_id while the storage layer retrieves records by sha256 of a separately supplied, attacker-controlled post_path, with no enforcement that these two parameters refer to the same post. No public exploit code or CISA KEV listing exists at time of analysis; however, the low barrier to exploitation - any registered Contributor can leverage this - makes it relevant for multi-author WordPress sites. EPSS data was not provided in the input.

Authentication Bypass WordPress Kadence Blocks Page Builder Toolkit For Gutenberg Editor
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2026-12902 MEDIUM This Month

Authorization bypass in the Kadence Blocks WordPress plugin (all versions through 3.7.7) allows authenticated contributors to create arbitrary Media Library attachments by fetching remote images via internal WordPress functions, bypassing the upload_files capability boundary. The flaw resides in class-kadence-blocks-prebuilt-library.php at multiple call sites where wp_upload_bits() and wp_insert_attachment() are invoked without verifying the requesting user's authorization. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass WordPress Kadence Blocks Page Builder Toolkit For Gutenberg Editor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2026-12408 MEDIUM This Month

Unauthorized private content disclosure in the Slim SEO WordPress plugin (all versions through 4.9.8) allows authenticated Contributors to read protected content they do not own via the `/wp-json/slim-seo/meta-tags/ai` REST API endpoint. The endpoint's broken object-level authorization - checking only the generic `edit_posts` capability rather than per-post read access - lets any Contributor supply an arbitrary post ID and receive an AI-generated summary of that post's raw content, including private, draft, pending, future, and password-protected posts authored by other users. No public exploit or CISA KEV listing is identified at time of analysis; real-world risk is constrained by the requirement for a pre-existing Contributor-level account.

WordPress Information Disclosure Slim Seo A Fast Automated Seo Plugin For Wordpress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2026-12133 MEDIUM This Month

Arbitrary group deletion in the JoomSport WordPress plugin (versions ≤5.7.8) is achievable by any authenticated subscriber-level user due to a missing capability check in the joomsport_season_groupdel() AJAX handler. The handler validates a WordPress nonce - preventing CSRF - but never calls current_user_can() or equivalent, allowing any logged-in user to supply attacker-controlled group IDs to an unguarded DELETE query. No public exploit has been identified at time of analysis and this vulnerability is not listed in CISA KEV; real-world risk is bounded by the requirement for a valid WordPress account and the limited scope of impact (group record deletion only).

Authentication Bypass WordPress Joomsport For Sports
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-5138 MEDIUM This Month

Cross-tenant information disclosure in Foreman (packaged as Red Hat Satellite 6) allows an authenticated user holding host-edit permissions to retrieve sensitive infrastructure metadata from organizations and locations they are not authorized to access. The root cause is the taxonomy_scope controller method accepting organization and location IDs from nested request parameters without validating them against the caller's authorized tenancy scope, implementing a textbook CWE-639 authorization bypass through user-controlled key. No active exploitation has been confirmed (not listed in CISA KEV), and no public exploit code is identified at time of analysis; however, the low attack complexity and lack of user interaction make this straightforward to exploit for any low-privileged authenticated user in multi-tenant Satellite deployments.

Authentication Bypass Information Disclosure Red Hat Satellite 6
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-12435 MEDIUM This Month

Authorization bypass in the Motors - Car Dealership & Classified Listings Plugin for WordPress allows authenticated subscriber-level users to arbitrarily mark any other user's vehicle listing as sold by replaying a harvested nonce against a victim's post ID. All plugin versions up to and including 1.4.111 are affected. An attacker exploiting this flaw can silently deface competitor or victim listings with a site-wide 'Sold' badge while also stripping the `special_car` featured post meta, causing business harm on dealership or classifieds sites. No public exploit has been identified at time of analysis and this CVE is not listed in the CISA KEV catalog.

Authentication Bypass WordPress Motors Car Dealership Classified Listings Plugin
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-12113 MEDIUM This Month

Sensitive PII exposure in the Appointment Booking Calendar WordPress plugin (versions up to and including 1.4.02) allows any authenticated user with contributor-level access to retrieve customer booking records - including names, email addresses, phone numbers, and appointment comments - via the unprotected `cpabc_appointments_filter_list` AJAX action. The root cause is CWE-862 (Missing Authorization): the endpoint performs no capability check before returning data, meaning the attacker's only prerequisite is a valid WordPress login at contributor tier or above. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, but a source-level fix appears committed in the plugin's SVN repository (changeset 3581633).

Authentication Bypass WordPress Information Disclosure Appointment Booking Calendar
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-10096 MEDIUM This Month

Insecure Direct Object Reference in the Qi Blocks WordPress plugin (all versions ≤ 1.4.9) allows any authenticated user with Author-level access to overwrite the stored global styles of arbitrary posts, templates, or widgets they do not own by manipulating the unvalidated 'page_id' parameter. Critically, the reserved 'template' and 'widget' page_id values expose site-wide surfaces, enabling an Author to deface, hide content on, or visually degrade any page across the entire WordPress installation. The permission_callback validates only generic edit_posts and publish_posts capabilities rather than post ownership, meaning the built-in Author role is sufficient for exploitation. No active exploitation has been confirmed (not listed in CISA KEV), and no public exploit code has been identified at time of analysis.

Authentication Bypass WordPress Qi Blocks
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-14410 MEDIUM PATCH This Month

UI spoofing in Google Chrome's Skia graphics engine (versions prior to 150.0.7871.46) allows a remote attacker who has already compromised the renderer process to mislead users through a crafted HTML page. The attack requires renderer process compromise as a prerequisite, making this a chained exploit component rather than a standalone threat. EPSS at 0.18% (8th percentile) and absence from CISA KEV confirm no known active exploitation; Chromium's own team rated this Low severity.

Information Disclosure Google Suse
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-14418 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's ANGLE graphics subsystem (all versions prior to 150.0.7871.46) enables remote attackers to read sensitive data from other browser origins by luring a victim to a crafted HTML page. The flaw stems from uninitialized memory use in ANGLE, Chrome's GPU abstraction layer, which may expose stale cross-origin pixel buffers or texture memory to attacker-controlled JavaScript. No public exploit has been identified and CISA's SSVC framework rates exploitation as none with a non-automatable attack path, indicating limited immediate real-world threat despite the network-accessible vector.

Information Disclosure Google Suse
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-54262 MEDIUM PATCH This Month

Authorization bypass in Wagtail CMS allows authenticated low-privilege users to create translations for pages beyond their permitted scope. Versions prior to 7.0.8, 7.3.3, and 7.4.2 fail to enforce page-level permission checks when a user submits a translation request, exposing content of restricted pages to anyone holding the 'Can submit translation' permission. No public exploit code or active exploitation (CISA KEV) has been identified, but the low attack complexity and network-accessible vector make this straightforward to abuse for information disclosure.

Python Information Disclosure Wagtail
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-54259 MEDIUM PATCH This Month

Wagtail's Documents and Images chooser endpoint leaks asset metadata - including filenames, display names, and URLs - to authenticated admin users who have been explicitly denied collection-level choose permissions. Versions prior to 7.0.8, 7.3.3, and 7.4.2 are affected across the 7.0, 7.3, and 7.4 release branches. An attacker with a valid Wagtail admin account can enumerate restricted media assets across collections beyond their authorized scope, bypassing the collection permission model. No public exploit or active exploitation (CISA KEV) has been identified at time of analysis.

Python Information Disclosure Wagtail
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-11981 MEDIUM This Month

Cross-Site Request Forgery in GiveWP - Donation Plugin and Fundraising Platform (versions up to and including 4.15.3) allows unauthenticated remote attackers to disable donation email notifications by tricking a logged-in administrator into clicking a crafted link. The root cause is absent nonce validation in the give_set_notification_status_handler() AJAX handler, permitting forged state-changing requests. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog; however, the integrity impact - silently disabling donation notifications - could cause operational blind spots for nonprofit or fundraising site operators.

WordPress CSRF Givewp Donation Plugin And Fundraising Platform
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-13211 MEDIUM This Month

The genucenter web interface by genua exposes SNMP authentication and encryption keys in cleartext HTTP responses to any user holding the 'Service' or 'Admin' role, enabling credential theft without any exploitation complexity beyond normal authenticated use. Affected versions are all releases prior to 8.0p11; the fix was disclosed by sba-research via a coordinated advisory in April 2026. No public exploit code or active exploitation has been identified at time of analysis, though the disclosure of SNMP v3 keys - which govern both authentication integrity and traffic encryption - represents a meaningful lateral movement risk if those keys are reused across network devices.

Information Disclosure Genucenter
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-49856 MEDIUM PATCH GHSA This Month

SSRF policy bypass in jshookmcp 0.3.1 allows an authenticated MCP client with network domain access to probe internal RFC 1918 and reserved addresses that are explicitly blocked by all other network tools on the same server. The `network_icmp_probe` and `network_traceroute` handlers call `resolveHostname` directly without invoking the central `resolveAuthorizedTransportTarget` guard, creating an inconsistent enforcement boundary. No CISA KEV listing exists, but proof-of-concept test code demonstrating the bypass via the `handleCallTool` dispatch path is included in the GitHub advisory (GHSA-c5r6-m4mr-8q5j), confirming exploitability without external traffic.

SSRF Microsoft Node.js RCE Oracle
NVD GitHub
CVSS 3.1
4.3
CVE-2026-57720 MEDIUM This Month

Missing authorization in the ThumbPress WordPress plugin (Codexpert Inc) through version 6.3.2 allows low-privileged authenticated users to invoke restricted plugin functionality, resulting in limited availability impact against thumbnail or image-size management operations. The CVSS vector (PR:L, A:L) confirms exploitation requires an authenticated session but no elevated role, and produces no confidentiality or integrity loss - only partial disruption. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-8480 MEDIUM This Month

Administrative access to the Stormshield Network Security captive-admin portal is bypassed when an attacker presents a revoked client certificate, because the portal does not enforce certificate revocation checks during TLS mutual authentication. Affected versions span three branches: 4.3.0-4.3.41, 4.4.0-4.8.15, and 5.0.2 EA-5.0.5. No public exploit has been identified at time of analysis and the vulnerability is absent from CISA KEV, but the threat actor population is meaningfully constrained - exploitation requires prior possession of a certificate that was specifically issued for this portal and then revoked.

Information Disclosure Stormshield Network Security
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-55688 MEDIUM PATCH This Month

Cookie tossing in AsyncHttpClient (AHC) library allows a malicious HTTP server to plant cookies scoped to an unrelated trusted domain, affecting versions 2.0.0-2.15.x and 3.0.0.Beta1-3.0.10. ThreadSafeCookieStore accepts and stores a cookie's Domain attribute value without verifying that the responding host is authorised to set cookies for that domain, so any server the client contacts can inject a cookie that AHC will automatically forward to the targeted domain on subsequent requests. Java applications sharing a single AHC instance - and therefore its default shared CookieStore - across calls to both attacker-influenced and trusted hosts are the primary attack surface; no public exploit has been identified at time of analysis, and vendor-released fixes are available in 2.16.0 and 3.0.11.

Code Injection Java Async Http Client
NVD GitHub
CVSS 3.1
4.0
EPSS
0.2%
CVE-2026-50162 MEDIUM PATCH GHSA This Month

Symlink traversal in oras-go's file content store allows writes outside the intended `workingDir` boundary even when `AllowPathTraversalOnWrite=false`. Applications that pull OCI artifacts from untrusted registries where an attacker controls blob titles (`ocispec.AnnotationTitle`) are at risk if any directory component under `workingDir` is a symlink pointing to an external path. No confirmed active exploitation (not in CISA KEV), but a self-contained proof-of-concept was included in the researcher's disclosure, making reproduction straightforward given the prerequisites.

Authentication Bypass Canonical
NVD GitHub
CVE-2026-45382 MEDIUM This Month

CVE-2026-45382 is associated with Ubuntu Linux based on the sole reporting source (vendor:ubuntu), but no description, CVSS score, CWE classification, or affected version data was provided in the intelligence feed. The vulnerability's nature, impact, and exploitability are entirely unknown from available data. No assessment of attacker capability or affected user population is possible without a vendor advisory or NVD entry.

Information Disclosure
NVD
CVE-2026-45383 MEDIUM This Month

CVE-2026-45383 has no publicly available description, CVSS score, CWE classification, or technical details at time of analysis. The sole intelligence signal is a report attribution to the Ubuntu vendor source, suggesting this may affect a package within the Ubuntu ecosystem. No impact, attack vector, or affected version data can be synthesized without a description - any characterization beyond this would be fabricated.

Information Disclosure
NVD
CVE-2026-54240 MEDIUM This Month

Insufficient data exists to characterize CVE-2026-54240 with confidence. The sole intelligence source is a vendor report attributed to Ubuntu, but no description, CVSS score, CWE classification, CPE strings, or references were provided. The affected component, vulnerability class, and impact cannot be determined from available data. No exploitation status, patch availability, or EPSS signal is present.

Information Disclosure
NVD
CVE-2026-54241 MEDIUM This Month

CVE-2026-54241 is reported by the Ubuntu vendor source with no description, CVSS score, CWE classification, or supplementary intelligence available at time of analysis. The affected product or component within the Ubuntu ecosystem cannot be determined from the provided data. No exploitation status, patch details, or technical context can be assessed.

Information Disclosure
NVD
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy