Skip to main content
CVE-2026-14250 MEDIUM This Month

Privilege escalation in the Themehunk Login Registration WordPress plugin (versions up to and including 1.0.2) allows unauthenticated attackers to self-register accounts with elevated roles - including editor - by supplying an arbitrary 'role' parameter to the publicly exposed /thlogin/v1/register REST endpoint. The handle_frontend_register() function validates the supplied role only against get_editable_roles(), which returns every administratively configurable role on the site, then passes it directly to wp_insert_user() without restricting it to the subscriber level expected for public self-registration. Exploitation is conditioned on public user registration being enabled on the target site; no public exploit code or CISA KEV listing has been identified at time of analysis.

Privilege Escalation WordPress Th Login Registration
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2026-59820 MEDIUM PATCH This Month

Path traversal in LiteLLM's Skills archive extraction enables authenticated users with access to specific LLM API routes to write arbitrary files outside the intended server extraction directory by uploading a crafted ZIP archive containing path traversal entries. Affected versions are all LiteLLM releases prior to 1.83.7-stable; the CPE confirms the entire berriai/litellm product line is in scope. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV, but the integrity and availability impact is rated High in the vendor-provided CVSS 4.0 vector, making this a meaningful risk for any LiteLLM deployment that exposes the Skills upload feature to untrusted authenticated users.

Path Traversal Litellm
NVD GitHub VulDB
CVSS 4.0
6.1
EPSS
0.3%
CVE-2026-15105 LOW POC Monitor

Improper input validation in the snap7 library (versions up to 1.4.3) allows adjacent-network attackers to trigger a deserialization flaw via crafted ReadVar requests processed by TS7Worker::PerformFunctionRead in the S7 server component. Exploitation results in partial confidentiality, integrity, and availability impact against the snap7 server process - a concern in industrial OT environments where PLC communication libraries may interface with safety-relevant systems. No vendor-released patch exists as the maintainer has not responded to disclosure, and a publicly available proof-of-concept exploit lowers the barrier to exploitation.

Deserialization
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-58191 MEDIUM PATCH This Month

Reflected cross-site scripting in Appium's base-driver allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser on the Appium server origin. All Appium installations prior to 10.7.0 unconditionally expose three test routes whose `compileLodashTemplate` handler reflects unsanitized user-controlled inputs - the `throwError` query parameter, the `comments` POST field, and the `User-Agent` request header - directly into rendered HTML without output encoding. No public exploit has been identified at time of analysis, but the zero-authentication requirement and permanently-mounted test routes make any network-reachable Appium server an attack surface with no opt-out mechanism below the fix version.

XSS Appium Base Driver
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2026-59890 MEDIUM PATCH This Month

Setuptools prior to 83.0.0 fails to normalize Unicode filenames before matching them against MANIFEST.in exclusion patterns on macOS APFS and HFS+ filesystems, allowing files with NFD-normalized on-disk names to silently bypass NFC-encoded exclude, global-exclude, recursive-exclude, and prune directives and be packed into Python source distributions. Python package maintainers developing on macOS face a supply chain risk: sensitive files such as credentials, private keys, or environment configs that are correctly listed in MANIFEST.in for exclusion may still appear in tarballs published to PyPI or private registries. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass Python Apple Setuptools
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2026-11798 MEDIUM This Month

Reflected Cross-Site Scripting in the Super Socializer WordPress plugin (versions up to and including 7.14.5) enables unauthenticated remote attackers to inject arbitrary JavaScript via the unsanitized 'heateor_mastodon_share' parameter, discovered and reported by Wordfence with source-level confirmation at helper.php lines 1243-1246. Successful exploitation requires social engineering a victim into clicking a crafted URL, after which the payload executes within the victim's browser session in the context of the target WordPress site. No public exploit code or active exploitation has been identified at time of analysis; the CVSS 6.1 (Medium) rating reflects the mandatory user-interaction requirement that constrains opportunistic mass exploitation.

WordPress XSS Social Share Social Login And Social Comments Plugin Super Socializer
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-59923 MEDIUM PATCH This Month

Cross-site scripting in Mistune Python Markdown parser (all versions before 3.3.0) allows attacker-controlled Markdown content containing percent-encoded javascript: URIs to bypass the HTMLRenderer.safe_url() URL sanitization filter and execute arbitrary script in victim browsers. The bypass works because safe_url() checks the raw string without first decoding percent-encoded characters, so schemes like %6Aavascript: or %6aVaScRiPt: evade detection while remaining valid to browsers. Any web application that renders user-supplied or attacker-influenced Markdown through Mistune and serves the output to other users is exposed. No public exploit or CISA KEV listing has been identified at time of analysis.

XSS Python Mistune
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-59929 MEDIUM PATCH This Month

Cross-site scripting in Mistune prior to 3.3.0 stems from an incomplete URI scheme blocklist in the `safe_url` filter, permitting legacy and chained schemes (`feed:`, `jar:`, `livescript:`, `mocha:`, `ms-its:`, `mk:`, `res:`, `view-source:`) to pass unchecked into rendered `href` and `src` attributes. Any web application that accepts user-supplied Markdown, renders it via Mistune's HTML renderer, and serves the output to other users' browsers is exposed to stored or reflected XSS. No public exploit or CISA KEV listing has been identified at time of analysis; however, the CVSS 6.1 score with scope change (S:C) reflects genuine cross-session impact when the victim interacts with attacker-controlled content.

XSS Python Mistune
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-59895 MEDIUM PATCH This Month

Server-side rendering XSS in Hono's hono/css module (versions 4.0.0 through 4.12.26) allows injection of arbitrary HTML markup by exploiting the cx() function's failure to HTML-escape input before marking it as safe. When untrusted data flows into a cx() call used in a JSX class attribute during SSR, attackers can break out of the attribute context and inject arbitrary markup or script into the rendered page delivered to victims. No public exploit code or CISA KEV listing has been identified at time of analysis; the CVSS 6.1 Medium score with Scope:Changed reflects the cross-context server-to-browser impact.

XSS Hono
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-15128 MEDIUM PATCH This Month

Universal Cross-Site Scripting (UXSS) in Google Chrome's Forms implementation prior to version 150.0.7871.115 permits remote, unauthenticated attackers to inject arbitrary scripts or HTML across any browser origin by luring a victim to a crafted HTML page. The Scope:Changed metric in the CVSS vector reflects the defining characteristic of UXSS: unlike conventional XSS, the injected script executes outside the attacker-controlled page's origin, effectively bypassing the Same-Origin Policy and threatening any concurrent browser session. No public exploit code or confirmed active exploitation has been identified at time of analysis; SSVC rates exploitation as none and the attack as non-automatable due to the required user interaction.

XSS Google
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-15127 MEDIUM PATCH This Month

Universal Cross-Site Scripting (UXSS) in Google Chrome's WebGL implementation prior to version 150.0.7871.115 allows remote attackers to bypass the Same-Origin Policy and inject arbitrary scripts or HTML into cross-origin contexts via a crafted HTML page. The vulnerability carries a scope change (S:C) in its CVSS vector, reflecting the cross-origin boundary violation inherent to UXSS. No public exploit has been identified at time of analysis, and CISA's SSVC assessment marks exploitation status as none with no automatable exploitation path, reducing immediate real-world urgency despite the sensitivity of cross-origin script execution.

XSS Google
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-59946 MEDIUM PATCH This Month

Path traversal in Composer's binary installation flow allows a malicious PHP package to cause arbitrary host files to be chmod'd world-readable and world-executable. Any user running `composer install`, `composer update`, or `composer require` against a package whose `bin` entry contains `..` path segments is vulnerable - Composer follows the traversal and applies chmod outside the intended package install directory. This is a supply chain attack vector affecting Composer prior to 2.2.29 and 2.10.2; no public exploit or CISA KEV listing is identified at time of analysis, but the impact to developer and CI/CD environments is significant given the confidentiality risk of exposing sensitive host files.

Path Traversal PHP Composer
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-59883 MEDIUM PATCH This Month

Cookie domain suffix-matching bypass in Guzzle PHP HTTP client (prior to 7.12.3) allows cross-host cookie disclosure, cookie injection, and session fixation when an application makes requests to multiple IP-address-based or bare-numeric-domain hosts within a shared CookieJar session. The SetCookie::matchesDomain() method incorrectly applied suffix-matching logic - valid for FQDN hierarchies - to numeric domain identifiers such as 192.168.0.1, [::1], and bare labels like 1, meaning a cookie set by one numeric host could be forwarded to a structurally related but distinct host. No public exploit has been identified at time of analysis; a vendor-released patch is available in version 7.12.3.

Code Injection PHP Guzzle
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-57258 MEDIUM This Month

Out-of-bounds read in Foxit PDF Editor and Foxit PDF Reader's PRC 3D file header parser crashes the application and may leak process memory when a victim opens a specially crafted PDF. Affected version ranges span Foxit PDF Reader through 2026.1.1 and multiple Foxit PDF Editor release branches through 13.2.4, 14.0.4, and 2026.1.1. No public exploit code or confirmed active exploitation has been identified at time of analysis; the CVSS availability impact is rated High due to a reliable application crash on trigger, with a minor confidentiality component from out-of-bounds memory exposure.

Buffer Overflow Information Disclosure Foxit Pdf Editor Foxit Pdf Reader
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-50813 MEDIUM This Month

Session Extension information disclosure in SQLite before Fossil check-in 869a51ae84df exposes sensitive process memory when adversarially crafted changesets are processed through the changeset concat or changegroup merge code paths. A local attacker who can deliver a malicious changeset to an application using the Session Extension API can leak heap memory contents and likely crash the process, yielding both low confidentiality and high availability impact consistent with an out-of-bounds read pattern. No active exploitation has been confirmed by CISA KEV, though a researcher gist is referenced that may represent proof-of-concept material; no public exploit is independently confirmed at time of analysis.

N A Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-57241 MEDIUM This Month

Out-of-bounds read in Foxit PDF Editor and Foxit PDF Reader allows a local attacker to crash the application and potentially expose adjacent memory contents by delivering a specially crafted PDF containing malicious JavaScript. The JavaScript manipulates page and document objects to desynchronize internal page-related state from the renderer's trusted page count; when the renderer subsequently accesses page objects using the stale index, it reads beyond valid memory bounds. No public exploit identified at time of analysis and no CISA KEV listing, but the broad affected version ranges across multiple major release branches (13.x, 14.x, and 2026.x) means a large proportion of unpatched Foxit deployments are exposed.

Buffer Overflow Information Disclosure Foxit Pdf Editor Foxit Pdf Reader
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-57243 MEDIUM This Month

Foxit PDF Reader and PDF Editor crash with potential memory disclosure when processing maliciously crafted PDF documents containing JavaScript that causes reentrancy during page opening or form formatting. The reentrancy leaves the document object in an inconsistent state; when the application subsequently attempts to dereference stale page metadata, it reads from an invalid memory address (CWE-125 out-of-bounds read), resulting in application termination and limited memory content exposure. No public exploit code or active exploitation has been identified at time of analysis; exploitation requires a local user interaction to open a crafted PDF file.

Buffer Overflow Information Disclosure Foxit Pdf Editor Foxit Pdf Reader
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-57253 MEDIUM This Month

Out-of-bounds read in Foxit PDF Reader and PDF Editor allows a local attacker to crash the application and potentially disclose limited memory contents by delivering a specially crafted PDF containing a malformed image object. The vulnerability triggers when the renderer encounters an abnormal image object, causes it to enter an incorrect processing branch, and subsequently dereferences an invalid buffer pointer during scan line conversion. No public exploit code has been identified and no CISA KEV listing exists, but the CVSS availability impact is rated High, meaning successful exploitation reliably causes application termination.

Buffer Overflow Information Disclosure Foxit Pdf Editor Foxit Pdf Reader
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-57255 MEDIUM This Month

Out-of-bounds read in Foxit PDF Editor and Foxit PDF Reader crashes the application and exposes limited memory contents when a victim opens a specially crafted PDF embedding a semantically malformed color space function. Affected versions span multiple branches across both Editor and Reader products, confirmed through EUVD-2026-42198. No public exploit code or active exploitation has been identified at time of analysis; however, the low attack complexity and file-based delivery mechanism make this a plausible phishing lure in targeted campaigns against organizations relying on Foxit products.

Buffer Overflow Information Disclosure Foxit Pdf Editor Foxit Pdf Reader
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-57257 MEDIUM This Month

Out-of-bounds read in Foxit PDF Editor and PDF Reader during PRC (Product Representation Compact) 3D content parsing crashes the application and leaks limited memory content. Affects multiple concurrent release trains including versions 2026.1.1, 14.0.4, and 13.2.4 and earlier. Exploitation requires a victim to open a specially crafted PDF containing a malicious PRC entity - no public exploit has been identified at time of analysis.

Buffer Overflow Information Disclosure Foxit Pdf Editor Foxit Pdf Reader
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-8310 MEDIUM This Month

Reflected XSS in Mediküm Web, a Turkish healthcare web application by Webbeyaz Web Design, enables unauthenticated remote attackers to inject and execute malicious scripts in victims' browsers by tricking them into visiting a crafted URL. All versions through 08072026 are affected with no patch available or forthcoming, as the vendor has confirmed the product is end-of-life and unsupported. No public exploit code or active exploitation has been identified at time of analysis, but the permanent unpatched status makes decommissioning the only definitive remediation.

XSS Medik M Web
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-5923 MEDIUM PATCH This Month

Cross-Site Request Forgery in HP IP phones' web management interface allows an attacker who has obtained a stolen session cookie to submit unauthorized state-changing requests that modify the phone's webpage contents, with integrity and availability rated high (VI:H/VA:H) in the vendor-supplied CVSS 4.0 vector. The CVSS 4.0 score of 6.0 reflects the attack conditions prerequisite (AT:P) of prior cookie theft, low-level privilege requirement (PR:L), and passive user interaction (UI:P), meaningfully limiting opportunistic exploitation. No public exploit code exists and this vulnerability has not been added to the CISA KEV catalog at time of analysis.

CSRF
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2026-59924 MEDIUM PATCH This Month

Path traversal in Mistune's Include plugin allows reading arbitrary files from the server filesystem when processing attacker-controlled markdown. Applications using md.read() with the Include plugin on markdown content supplied by external users are exposed: a crafted include directive can escape the intended markdown base directory to access any file readable by the running process. No public exploit has been identified at time of analysis, but a vendor-released patch is available in version 3.3.0.

Python Path Traversal Mistune
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2026-54590 MEDIUM PATCH This Month

{ENV}) unblocked, enabling escape via Python's Path.expanduser() and _expand_val() expansion. No public exploit has been identified at time of analysis, and CVSS AC:H reflects the prerequisite server-side configuration; however, successful exploitation achieves high integrity impact by enabling authentication with key material from arbitrary filesystem locations.

Python Path Traversal
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.3%
CVE-2026-58501 MEDIUM PATCH This Month

Server-Side Request Forgery in Python Zeep 4.0.0 through 4.3.2 allows an attacker who can influence WSDL or XSD content parsed by the library to bypass the explicit `Settings.forbid_external` security control, causing the server to issue HTTP or HTTPS requests to attacker-chosen URLs via transitive xsd:import, xsd:include, wsdl:import, or lxml entity and DTD references. The vulnerability is particularly significant because it defeats a documented security setting that developers actively configure to prevent external fetching - applications relying on this control are silently unprotected. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV.

SSRF Python Python Zeep
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.3%
CVE-2026-5922 MEDIUM PATCH This Month

Stored cross-site scripting in HP IP phone WebUI allows a low-privileged authenticated attacker to inject malicious script content into configuration parameters, which the phone's web management interface later renders unsanitized to visiting users. When an administrator browses the affected WebUI page, the injected payload executes in their browser session, producing a High integrity impact within the WebUI context. No public exploit code has been identified and the vulnerability is not listed in CISA KEV at time of analysis; HP has published advisory HPSBPY04108 addressing the issue.

XSS
NVD
CVSS 4.0
5.9
EPSS
0.2%
CVE-2026-44918 MEDIUM PATCH This Month

Insufficient access controls in OpenStack Ironic's parent/child node hierarchy allow authenticated users to access or manipulate resources belonging to nodes outside their authorization scope. Affected objects include Volume Targets and Volume Connectors - which carry iSCSI storage credentials in boot-from-volume deployments - as well as Port and Portgroup objects (hardened as defense-in-depth in the same patch set). No public exploit identified at time of analysis and the CVE carries no CVSS score in the input data, but the exposure of iSCSI credentials in affected environments represents a meaningful lateral-movement risk within bare-metal cloud infrastructure.

Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-15167 MEDIUM PATCH This Month

Denial of service in Wireshark's DBS Etherwatch dissector affects release branches 4.6.0 through 4.6.6 and 4.4.0 through 4.4.16, where a malformed capture file or crafted packet can crash the application. The flaw is a stack-based buffer overflow (CWE-121) that manifests only as an availability impact - no confidentiality or integrity loss and no confirmed code execution - carrying a 7.5 (High) CVSS. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Denial Of Service Stack Overflow Wireshark
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-15170 MEDIUM PATCH This Month

Heap-based buffer overflow in Wireshark's Z39.50 protocol dissector crashes the application when processing malformed Z39.50 PDUs, resulting in denial of service. Affected versions span the 4.4.x branch (4.4.0-4.4.16) and 4.6.x branch (4.6.0-4.6.6). An attacker can trigger the crash by persuading an analyst to open a crafted packet capture file or by injecting malicious Z39.50 traffic onto a monitored network segment; no active exploitation (CISA KEV) or public exploit code has been identified at time of analysis.

Heap Overflow Denial Of Service Buffer Overflow Wireshark
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-15166 MEDIUM PATCH This Month

Stack-based buffer overflow in Wireshark's IEEE 802.11 (Wi-Fi) protocol dissector crashes the application, resulting in denial of service across versions 4.6.0-4.6.6 and 4.4.0-4.4.16. An attacker with the ability to deliver a malicious packet capture file, or inject crafted 802.11 frames into a live capture session, can crash the Wireshark process on a victim analyst's machine. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog; vendor-released patches (4.6.7 and 4.4.17) are available.

Buffer Overflow Denial Of Service Stack Overflow Wireshark
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-15165 MEDIUM PATCH This Month

Denial of service in Wireshark 4.6.0 through 4.6.6 lets a remote attacker crash the application by feeding it a malformed TLS packet using the Encrypted Client Hello (ECH) extension, triggering a heap buffer overflow in the ECH decryptor. No authentication or user interaction beyond processing the traffic is required, though impact is limited to availability (analyzer crash) with no code execution or data disclosure claimed. Publicly available exploit code exists per SSVC (POC), EPSS is low at 0.14% (4th percentile), and it is not listed in CISA KEV.

Heap Overflow Denial Of Service Buffer Overflow Wireshark
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-50812 MEDIUM This Month

NULL pointer dereference in SQLite's Session Extension crashes any application that passes attacker-controlled changeset blobs to sqlite3changeset_apply_v3(). Affected releases include SQLite 3.53.1 and all trunk builds prior to check-in e807d4e3798efd53. Impact is limited to availability - the process crashes - but because SQLite is embedded ubiquitously, the blast radius depends entirely on how widely consuming applications expose this code path to untrusted input. A public proof-of-concept gist is referenced in the CVE record; no public exploit identified at time of analysis beyond that demonstrator, and the vulnerability is not listed in CISA KEV.

Denial Of Service Null Pointer Dereference N A
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-15172 MEDIUM PATCH This Month

The FMP/NOTIFY protocol dissector in Wireshark 4.6.0-4.6.6 and 4.4.0-4.4.16 crashes when processing malformed packet data, resulting in a denial of service against the application. Exploitation requires a victim to open a crafted packet capture file or analyze injected traffic, making this a social-engineering-dependent vector rather than a remotely triggerable flaw. A vendor-released patch is available in versions 4.6.7 and 4.4.17; no public exploit or CISA KEV listing has been identified at time of analysis.

Denial Of Service Wireshark
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-15174 MEDIUM PATCH This Month

Denial of service in Wireshark 4.6.0-4.6.6 and 4.4.0-4.4.16 is caused by a heap-based buffer overflow in the Catapult DCT2000 protocol dissector, crashing the application when a crafted capture file is opened. The CVSS local attack vector (AV:L) and required user interaction (UI:R) constrain exploitation to scenarios where an analyst is socially engineered into opening a malicious capture file - no remote or unauthenticated network exploitation path exists. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV; vendor-released fixes are available in 4.6.7 and 4.4.17.

Heap Overflow Denial Of Service Buffer Overflow Wireshark
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-15171 MEDIUM PATCH This Month

Wireshark's SSH protocol dissector crashes via a null pointer dereference (CWE-476) in versions 4.4.0-4.4.16 and 4.6.0-4.6.6, enabling denial of service against any analyst or engineer running an affected build. The flaw is triggered locally when Wireshark processes malformed SSH protocol data, whether from a live capture or a crafted packet capture file, causing the application to crash and disrupting network analysis workflows. No active exploitation has been confirmed in CISA KEV, and no public exploit code is known at time of analysis.

Denial Of Service Null Pointer Dereference Wireshark
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-15164 MEDIUM PATCH This Month

Denial of service in Wireshark's ciscodump remote capture utility (extcap) affects versions 4.6.0 through 4.6.6 and 4.4.0 through 4.4.16, where a heap-based buffer overflow (CWE-122) can crash the capture tool. An attacker able to feed crafted data to a running ciscodump session can terminate the process, disrupting live packet capture. A POC is referenced by CISA's SSVC assessment (no public exploit code independently identified), it is not in CISA KEV, and EPSS is very low at 0.10% (1st percentile), indicating minimal likelihood of widespread exploitation.

Heap Overflow Denial Of Service Buffer Overflow Wireshark
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-15173 MEDIUM PATCH This Month

The pcapng file parser in Wireshark 4.6.0 through 4.6.6 contains a heap-based buffer overflow (CWE-122) that crashes the application, resulting in denial of service. An attacker must convince a user to open a specially crafted pcapng capture file, making this a social-engineering-dependent attack with no network-facing exploitation path. No public exploit code has been identified at time of analysis and the vulnerability is not listed in CISA KEV; a vendor patch is available in Wireshark 4.6.7.

Heap Overflow Denial Of Service Buffer Overflow Wireshark
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-49833 MEDIUM PATCH GHSA This Month

Path traversal via the COAR Notify / Linked Data Notifications (LDN) service in DSpace 8.0-8.3 and 9.0-9.2 allows an authenticated DSpace administrator to reference arbitrary filesystem paths as LDN inbound-pattern templates, causing those files to be read and interpreted as Apache Velocity templates. While no public exploit or active exploitation has been identified, the vulnerability was demonstrated as part of a proven attack chain in which an administrator stages a malicious Velocity payload in a predictable file location and triggers its execution, enabling either sensitive file disclosure or arbitrary Java code execution via Velocity template injection. No special conditions (KEV, public PoC) are confirmed at time of analysis.

Java Path Traversal Tomcat Apache
NVD GitHub
CVSS 3.1
5.5
CVE-2026-49831 MEDIUM PATCH GHSA This Month

Path traversal in DSpace's Curation Task reporter parameter exposes authenticated Collection, Community, and Site Administrators to file write operations at arbitrary server-side paths writable by the DSpace/Tomcat OS user. Affected are DSpace versions through 7.6.6, 8.0-8.3, and 9.0-9.2, where the attack surface widened when web UI access was granted to admin roles beyond CLI-only system administrators. No public exploit or CISA KEV listing exists; the vendor-assigned CVSS 3.1 score of 5.5 (PR:H, A:H) correctly reflects that high-privilege credentials are required but the availability impact from overwriting configuration or binary files can be severe.

Java Path Traversal Denial Of Service Tomcat
NVD GitHub
CVSS 3.1
5.5
CVE-2026-6896 MEDIUM PATCH This Month

Stored/reflected cross-site scripting in GitLab Enterprise Edition lets an authenticated user holding Developer-role permissions inject arbitrary scripts that execute in a victim user's browser session, enabling session hijacking or actions performed as the victim. It affects a broad version range (13.11 through 18.11.6, 19.0.x before 19.0.4, and 19.1.x before 19.1.2) and stems from improper sanitization of user-supplied input. There is no public exploit identified at time of analysis, though the flaw was disclosed through a HackerOne bug-bounty report.

XSS Gitlab
NVD VulDB
CVSS 3.1
5.4
EPSS
0.3%
CVE-2026-13320 MEDIUM PATCH This Month

Stored/reflected cross-site scripting in GitLab CE/EE (all versions from 15.7 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2) lets an authenticated user inject unsanitized input that executes arbitrary JavaScript in a victim's browser session, enabling session hijacking or actions on the victim's behalf. The scope-changed CVSS 7.3 reflects that the payload crosses a security boundary into another user's context. There is no public exploit identified at time of analysis, though the flaw originated from a HackerOne bug bounty submission and vendor patches are already available.

XSS Gitlab
NVD VulDB
CVSS 3.1
5.4
EPSS
0.3%
CVE-2026-11903 MEDIUM PATCH This Month

Stored/reflected cross-site scripting in the Ad Hoc Transfer module of Progress MOVEit Transfer lets an authenticated low-privilege user inject script that executes in another user's browser session, per the CVSS PR:L/UI:R vector. Affected builds are 2026.0.0 before 2026.0.1, 2025.1.0 before 2025.1.4, and 2025.0.0 before 2025.0.8. No public exploit identified at time of analysis, though MOVEit Transfer's history as a mass-exploitation target (prior GoAnywhere/MOVEit campaigns) makes prompt patching prudent.

XSS Moveit Transfer
NVD VulDB
CVSS 3.1
5.4
EPSS
0.3%
CVE-2026-59996 MEDIUM PATCH This Month

Path traversal in the scp utility of OpenSSH before 10.4 causes files to be written into the parent directory of the intended destination during remote-to-remote copy operations. The root cause is CWE-23 (Relative Path Traversal): scp fails to canonicalize or sanitize paths when relaying data between two remote hosts, allowing an attacker controlling a malicious endpoint to influence where transferred files land. No public exploit identified at time of analysis, and active exploitation has not been confirmed by CISA KEV; the CVSS AC:H and UI:R metrics significantly constrain real-world exploitability.

SSH Information Disclosure Openssh
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-59995 MEDIUM PATCH This Month

Path traversal in the OpenSSH sftp client before version 10.4p1 allows an attacker-controlled server to write downloaded files outside the user's intended target directory when the 'sftp server:/path .' bulk-download syntax is used. Affected are all OpenSSH deployments where users sftp from untrusted or attacker-controlled hosts, which in practice spans virtually every Linux and Unix environment. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though the ubiquity of OpenSSH elevates aggregate exposure despite the moderate per-instance severity.

SSH Information Disclosure Openssh
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-59997 MEDIUM PATCH This Month

OpenSSH's internal-sftp subsystem silently discards all command-line arguments beyond position 9, allowing authenticated SFTP users to bypass security restrictions that administrators intended to enforce via those later-positioned arguments. All OpenSSH releases before 10.4 are affected when sshd_config supplies more than nine arguments to the internal-sftp subsystem, which is a non-default but legitimate administrative pattern used for directory restriction, read-only enforcement, and umask control. No public exploit has been identified and this vulnerability is not listed in the CISA KEV catalog; however, sites relying on complex internal-sftp argument chains for access policy enforcement face a direct, silent policy bypass.

SSH Information Disclosure Openssh
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-8315 MEDIUM This Month

Stored cross-site scripting in Mediküm Web (by Webbeyaz Web Design) enables authenticated low-privilege attackers to persist malicious scripts that execute in the browsers of other users who view the affected pages. All versions through 08072026 are affected per the CVE scope, with the CVSS scope-change metric (S:C) confirming cross-boundary execution into victim browser sessions. Critically, the vendor has confirmed the product is no longer supported, meaning no patch will be issued - organizations still running this software have no vendor remediation path. No public exploit code or CISA KEV listing has been identified at time of analysis.

XSS Medik M Web
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-42505 MEDIUM PATCH This Month

Passive network de-anonymization of Encrypted Client Hello (ECH) connections is possible in Go's crypto/tls library because pre-shared key (PSK) identities are exposed in cleartext outer ClientHello messages, allowing any on-path observer to correlate resumption sessions and identify servers despite ECH's intended privacy protections. Affected versions span crypto/tls prior to 1.25.12, 1.26.5, and 1.27.0-rc.2 across the Go standard library. No public exploit code has been identified at time of analysis and no CISA KEV listing exists; however, exploitation requires no authentication or user interaction and is accessible to any network-level adversary with passive traffic visibility.

Information Disclosure Crypto Tls
NVD VulDB
CVSS 3.1
5.3
EPSS
0.4%
CVE-2026-59926 MEDIUM PATCH This Month

Cross-site scripting in Mistune (Python Markdown parser) prior to version 3.2.1 allows injection of arbitrary HTML attributes via the Admonition directive's `:class:` option, critically bypassing HTMLRenderer escape mode even when it is explicitly enabled. Applications that render user-controlled Markdown with admonition directives and serve the resulting HTML to web browsers are exposed to stored or reflected XSS, enabling session hijacking, credential theft, or malicious DOM manipulation. No public exploit has been identified at time of analysis, and a vendor-released patch is available in v3.2.1.

XSS Python Mistune
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2026-14500 MEDIUM This Month

Unauthenticated arbitrary file read in Bulk Order Update for WooCommerce (versions up to and including 1.6) exposes the first line of any server-side file to remote attackers without credentials. The plugin's AJAX handler bouw_fetch_csv_data() is registered on the wp_ajax_nopriv_ hook - meaning WordPress serves it to unauthenticated users - and passes attacker-controlled filesystem paths directly to fopen()/fgetcsv(), reflecting parsed output in the JSON response. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, but the attack requires no authentication and no interaction, making it straightforward to exploit against any site with the plugin active.

WordPress Oracle Path Traversal Bulk Order Update For Woocommerce
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-59257 MEDIUM PATCH This Month

SQL injection in n8n's legacy MySQL v1 node (executeQuery operation) exposes the connected MySQL database to arbitrary query execution when workflow expressions interpolate attacker-controlled input without parameterization. Versions before 1.123.61 (1.x branch), 2.27.4 (2.x branch), and 2.28.1 (2.28.x branch) are affected when workflows combine the MySQL v1 node with externally-reachable triggers such as a Webhook node. No public exploit or CISA KEV listing is identified at time of analysis; however, deployments exposing such workflows to untrusted networks face high-severity database confidentiality and integrity risk.

SQLi N8n
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
Prev Page 5 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy