Skip to main content
CVE-2026-9027 MEDIUM This Month

Payment bypass in the CorvusPay WooCommerce Payment Gateway plugin (all versions up to and including 2.7.4) enables unauthenticated remote attackers to fraudulently mark any pending WooCommerce order as fully paid, obtaining goods or services without actual payment. The `corvuspay_success_handler` function registers a publicly accessible REST endpoint where a cryptographic signature validation is performed but its boolean result is silently discarded - written only to a debug log - causing `$order->payment_complete()` to execute unconditionally regardless of signature validity. WooCommerce order IDs are sequential integers, making every pending order on an affected store trivially enumerable with no prior knowledge required. No public exploit code or CISA KEV listing was identified at time of analysis.

WordPress Jwt Attack Authentication Bypass Corvuspay Woocommerce Payment Gateway
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-57158 MEDIUM PATCH This Month

Insufficient data exists to characterize CVE-2026-57158 meaningfully. The CVE description is absent, no CVSS vector or score has been published, and the only available intelligence signal is a single vendor source tag ('vendor:ubuntu'). No impact, attack vector, or affected component can be determined from the provided data. Security teams should treat this as an unresolved entry requiring direct vendor advisory lookup before any risk decision is made.

Information Disclosure Buffer Overflow Freerdp
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2026-53760 MEDIUM POC GHSA This Month

Cross-site request forgery in Admidio's plugin management endpoint (`modules/plugins.php`) enables a remote attacker to trigger destructive plugin operations - including irreversible DROP TABLE SQL execution - against any authenticated administrator who visits an attacker-controlled web page. The endpoint processes install, uninstall, and update operations via unauthenticated GET requests lacking CSRF token validation, and SameSite=Lax cookie behavior causes browsers to automatically include session credentials on top-level GET navigations from cross-origin pages. A working Playwright-based proof-of-concept is publicly available demonstrating the full attack chain; no confirmed active exploitation (CISA KEV) is present at time of analysis.

CSRF PHP
NVD GitHub
CVSS 3.1
5.2
CVE-2026-60120 MEDIUM PATCH This Month

Stored client-side template injection in Bagisto before v2.4.4 allows any attacker who can register a customer account to execute arbitrary JavaScript in an administrator's browser. The `create.blade.php` template renders customer name fields inside a Vue.js context without the `v-pre` directive, causing Vue.js to evaluate stored template expressions as live code when an administrator opens the Create Order page for the affected customer. No public exploit code has been identified at time of analysis and the CVE is not listed in CISA KEV, though the stored nature of the payload and its execution in an admin session context make this a higher real-world priority than the CVSS 4.0 score of 5.1 alone suggests.

XSS PHP
NVD GitHub
CVSS 4.0
5.1
EPSS
0.2%
CVE-2026-58144 MEDIUM This Month

Stored cross-site scripting in Cotonti Siena 0.9.26 and earlier allows any authenticated user with PFS (Personal File System) access to plant persistent JavaScript payloads by submitting a crafted folder title via the ntitle parameter. The TXT filter in pfs.main.php fails to sanitize HTML before persisting the value, so the payload executes in the browser of every subsequent visitor - including administrators - who views the folder listing. No public exploit has been confirmed beyond a researcher-published proof-of-concept gist, and no vendor patch has been identified at time of analysis.

XSS PHP
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
CVE-2026-59213 MEDIUM PATCH This Month

Cache key misconfiguration in Open WebUI versions 0.6.27 through 0.9.x leaks permission-filtered model lists across authenticated users during the aiocache TTL window. The flaw exists in both the OpenAI and Ollama router handlers, where a lambda was incorrectly passed as the cache key instead of a per-user key_builder, collapsing all users into a single shared cache entry. An authenticated attacker on a shared instance can receive a different user's model list - revealing which AI models that user has access to - with no public exploit identified at time of analysis and a vendor-released patch available in v0.10.0.

Information Disclosure Open Webui
NVD GitHub
CVSS 3.1
5.0
EPSS
0.3%
CVE-2026-43752 MEDIUM PATCH This Month

Arbitrary code execution on the host operating system is achievable by an authenticated FileMaker Server administrator via a malicious file upload through the Open Source LLM setup feature - specifically the Miniforge installer upload path - in the Admin Console. All FileMaker Server versions prior to 26.0.1 are affected; the flaw is classified as CWE-434 (unrestricted upload of a dangerous file type) and was reported directly by Apple/Claris product security. No public exploit code or CISA KEV listing exists at time of analysis, and SSVC rates exploitation as none with no automation feasibility, substantially limiting real-world risk despite the RCE classification.

RCE File Upload Filemaker Server
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2026-59854 MEDIUM This Month

Credential file exfiltration in SiYuan prior to 3.7.1 is possible through the POST /api/file/globalCopyFiles endpoint, which accepts arbitrary absolute source paths and relies on an incomplete denylist in util.IsSensitivePath to block sensitive files. The denylist omits common credential files including .git-credentials, .netrc, .pgpass, .kube/config, .docker/config.json, and .gnupg, enabling an authenticated administrator or API-token holder to copy these files into the workspace and read them via the file API. No public exploit code or CISA KEV listing exists at time of analysis, but the Docker tag suggests this is relevant in containerized deployments where host-mounted credential files may be accessible.

Information Disclosure Docker Siyuan
NVD GitHub
CVSS 3.1
4.9
EPSS
0.3%
CVE-2026-14342 MEDIUM This Month

Time-based SQL injection in the Mail Mint WordPress plugin (versions ≤1.24.2) allows authenticated administrators to extract arbitrary data from the underlying database via the unsanitized 'contact_ids' parameter in the contact management API. Reported by Wordfence, the flaw is rooted in insufficient input escaping and missing prepared statements in the ContactModel and ContactController layers. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, a corrective changeset (3597255) has been committed to the WordPress plugin repository.

WordPress SQLi Mail Mint Email Marketing Newsletter Email Automation Woocommerce Emails
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2026-48737 MEDIUM POC GHSA This Month

SSRF protection bypass in pyload-ng allows authenticated users with link-add permissions to reach internal network endpoints - including cloud metadata services - by supplying IPv6 transition-encoded addresses that Python's `ipaddress.IPv6Address.is_global` incorrectly classifies as globally routable. The NAT64 prefix (`64:ff9b::/96`) bypass is universal across all supported Python versions (3.9-3.14); the 6to4 prefix (`2002::/16`) bypass additionally affects Python 3.9-3.11, covering the full `python_requires = >=3.9` matrix. No confirmed active exploitation (CISA KEV) has been identified, but a researcher-provided proof-of-concept demonstrates full bypass of both the `is_global_address` guard and the pycurl PREREQFUNC in `http_request.py:680`.

SSRF Python
NVD GitHub
CVSS 3.1
4.9
CVE-2026-31981 MEDIUM PATCH This Month

Stored HTML injection in Nozomi Networks Guardian and CMC (N2OS) allows authenticated administrators to embed malicious HTML into configuration data rendered in the Diagram tab and Graph view, enabling phishing and open redirect attacks against other authenticated users who view the affected pages. The vulnerability originates from a shared input validation function applied across multiple input vectors in N2OS that is insufficiently restrictive, permitting certain HTML tags to persist. Full XSS exploitation and direct information disclosure are explicitly constrained by existing input validation and a Content Security Policy, limiting realistic attacker impact to social engineering vectors. No public exploit or active exploitation (CISA KEV) has been identified at time of analysis.

XSS Open Redirect Information Disclosure Guardian Cmc
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-0284 MEDIUM PATCH This Month

XML injection in Palo Alto Networks PAN-OS Large Scale VPN (LSVPN) exposes unauthenticated remote attackers a path to inject malicious XML content into the LSVPN data pipeline, resulting in information disclosure or corruption of internal satellite configuration data. Only PAN-OS devices with LSVPN actively configured are affected; the vendor explicitly confirms Panorama, Cloud NGFW, and Prisma Access are not in scope. No public exploit has been identified at time of analysis, and the CVSS 4.0 supplemental E:U metric signals exploitation as currently unlikely, though the zero-authentication, network-accessible attack surface demands prompt attention from operators running LSVPN hub deployments.

Information Disclosure Paloalto Pan Os
NVD VulDB
CVSS 4.0
4.7
EPSS
0.5%
CVE-2026-0285 MEDIUM PATCH This Month

Server-side request forgery in Palo Alto Networks PAN-OS allows an authenticated administrator with access to the management web interface to weaponize the firewall as an unauthorized network relay, making requests to internal services on behalf of the attacker. Exploitation is constrained by the requirement for high-privilege administrator credentials (PR:H) and network reachability to the management interface, substantially limiting the realistic attacker population. No public exploit code or active exploitation has been identified; the vendor's own CVSS 4.0 supplemental metrics rate exploitation status as Unreported (E:U) and urgency as Amber.

SSRF Paloalto Pan Os
NVD VulDB
CVSS 4.0
4.7
EPSS
0.5%
CVE-2026-56289 MEDIUM PATCH This Month

GNU patch enters an infinite CPU-consuming loop when processing a specially crafted unified-diff file containing an excessively large hunk line offset, resulting in a denial of service. The utility becomes unresponsive and must be manually terminated, impacting any pipeline, CI/CD system, or developer workflow that applies untrusted patch files. No public exploit has been identified at time of analysis, and an upstream fix commit has been published by the maintainers on Savannah; a formally tagged release is not yet independently confirmed.

Denial Of Service Patch
NVD VulDB
CVSS 4.0
4.6
EPSS
0.1%
CVE-2026-56288 MEDIUM PATCH This Month

GNU patch crashes with a NULL pointer dereference when a user applies a specially crafted unified-diff file, resulting in denial of service. Improper handling of consecutive end-of-file newline markers corrupts internal hunk data structures, causing a NULL pointer to be passed to fwrite() during processing. No public exploit has been identified at time of analysis and no CISA KEV listing exists; real-world impact is constrained by the requirement for user interaction with a malicious file.

Denial Of Service Null Pointer Dereference Patch
NVD VulDB
CVSS 4.0
4.6
EPSS
0.1%
CVE-2026-0283 MEDIUM PATCH This Month

Authentication bypass in the Large Scale VPN (LSVPN) feature of Palo Alto Networks PAN-OS enables unauthenticated network-adjacent attackers to establish unauthorized site-to-site VPN connections without valid credentials. The root cause is CWE-306 (Missing Authentication for Critical Function), where the LSVPN peer negotiation process fails to enforce authentication before allowing VPN tunnel establishment. While the CVSS 4.0 base score is 4.5, the subsequent-system confidentiality impact is rated High (SC:H), reflecting that a successful bypass grants the attacker routing-level access into networks protected by the VPN - a materially greater risk than the headline score suggests. No public exploit code exists and no active exploitation has been confirmed (CISA KEV not listed, E:U).

Authentication Bypass Paloalto Pan Os
NVD VulDB
CVSS 4.0
4.5
EPSS
0.6%
CVE-2026-59831 MEDIUM This Month

Command execution via URI injection in GitHub CLI's `gh codespace jupyter` subcommand (versions 2.10.0-2.95.0) allows an attacker who controls a Codespace to redirect a connecting developer's VS Code instance into executing arbitrary protocol handler actions. The CLI passes a JupyterLab URL sourced from a process inside the Codespace directly to the OS without validating that the URL is a loopback HTTP or HTTPS address, enabling substitution with a crafted `vscode://` or `vscode-insiders://` URI. No public exploit has been identified at time of analysis and this CVE is not listed in CISA's Known Exploited Vulnerabilities catalog, but the scope-change characteristic (S:C) means local VS Code extension execution is a realistic downstream impact.

Information Disclosure Cli
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2026-12433 MEDIUM This Month

{id} enforces only the tfhb_manage_options capability check but never validates that the requested booking ID is owned by the requesting host, exposing attendee PII (names, emails, phone numbers, addresses), payment method and status, transaction history, and internal notes. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV; a fix commit is present in the WordPress plugin SVN repository.

Authentication Bypass WordPress Hydra Booking Appointment Scheduling Booking Calendar
NVD VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2026-45780 MEDIUM PATCH This Month

EventSerializer in Discourse improperly exposes private event invitation metadata - including invited group names, sample invitee usernames, and attendance statistics - to any user who can view the topic, regardless of their authorization to access the private invitee list. All Discourse installations prior to versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5 are affected when event functionality is in use. No public exploit or active exploitation (CISA KEV) has been identified, but the trivial network vector (AV:N/AC:L/PR:N/UI:N) makes this passively accessible to any user - authenticated or not - with topic-read access on an open or semi-open forum.

Information Disclosure Discourse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2026-59217 MEDIUM PATCH This Month

File upload authorization bypass in Open WebUI before 0.10.0 allows authenticated users with read-only knowledge base access to inject arbitrary files into restricted knowledge bases by supplying a crafted metadata.knowledge_id parameter. The upload endpoint omits the write-access check enforced by the dedicated /api/v1/knowledge/<id>/file/add route (CWE-862), creating a privilege escalation path for any authenticated platform user. No public exploit code or CISA KEV listing exists at time of analysis, but the impact extends beyond the low CVSS integrity score - injected content directly influences LLM responses for all users of the affected knowledge base, enabling indirect prompt injection.

Authentication Bypass File Upload Open Webui
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2026-11359 MEDIUM This Month

Unauthorized plugin installation affects the Memberships and User Profiles for WooCommerce - ProfileGrid WooCommerce Integration plugin (versions up to and including 3.4), allowing any authenticated WordPress user at Subscriber level or above to force-install and activate the ProfileGrid plugin without administrative approval. The flaw stems from a dual failure - absent capability check and absent nonce validation - on the `pg_install_profilegrid()` AJAX handler, registered via the `wp_ajax_pg_install_profilegrid` hook. No active exploitation has been confirmed (not listed in CISA KEV) and no public exploit code has been identified at time of analysis; however, the low barrier to exploitation (any authenticated user) makes this a meaningful integrity risk on multi-tenant or open-registration WooCommerce stores.

Authentication Bypass WordPress Memberships And User Profiles For Woocommerce Profilegrid Woocommerce Integration
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-59223 MEDIUM PATCH This Month

Open WebUI's WEB_FETCH_FILTER_LIST blocklist enforcement fails to parse hostnames at label boundaries in versions prior to 0.10.0, enabling authenticated users to bypass administrator-configured host restrictions and trigger server-side fetches to internally restricted resources. Two bypass classes exist: embedding a blocked hostname in the URL path component (e.g., https://attacker.com/internal.corp/data) rather than the authority, and using a sibling domain sharing the blocked entry's suffix (e.g., evilinternalhost.example.com matching a blocklist entry for internalhost.example.com). No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass Open Webui
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-53638 MEDIUM PATCH GHSA This Month

{tokenValue}/payments/{paymentId}` silently accepts and returns HTTP 200 for payment methods the store operator has explicitly excluded from the order's sales channel, while the equivalent checkout endpoint correctly rejects them with HTTP 422. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass PHP
NVD GitHub
CVSS 3.1
4.3
CVE-2026-59226 MEDIUM PATCH This Month

Improper authorization in Open WebUI 0.9.x allows deactivated or pending users to continue executing scheduled AI model automations after their accounts should have lost that capability. The `execute_automation` function rehydrated automation owners without re-verifying that the owner account was still active or still held the `features.automations` permission, and `check_model_access` enforced private-model grants only against the current user role at the time of check rather than re-validating eligibility at execution time. No public exploit has been identified at time of analysis, and the CVSS score of 3.1 reflects the low real-world severity: high attack complexity, limited availability impact, and no confidentiality or integrity impact per the official assessment.

Authentication Bypass Open Webui
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2026-9237 MEDIUM This Month

Authorization bypass in the Crew HRM WordPress plugin (all versions ≤ 1.2.2) allows any authenticated subscriber-level user to delete, archive, unarchive, and duplicate arbitrary job listings - including associated stages, metadata, addresses, and applications - by supplying an arbitrary integer job_id. The nonce that nominally gates these actions via Dispatcher::dispatch() is deliberately exposed to every authenticated frontend visitor through wp_head script localization, making the bypass trivially reproducible by any user with a WordPress account. No public exploit code or active exploitation has been identified at time of analysis, and no KEV listing exists; however, the nonce leak collapses the practical access barrier to subscriber level.

Authentication Bypass WordPress Employee Leave And Recruitment Management System Crew Hrm
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-9235 MEDIUM This Month

Unauthorized shipping label manipulation in DHL eCommerce (Benelux) for WooCommerce versions up to 2.2.3 allows any authenticated WordPress user - down to Subscriber level - to create or delete DHL shipping labels for any WooCommerce order site-wide. The two vulnerable AJAX handlers lack both capability verification and nonce (CSRF token) checks, meaning the attacker-supplied order ID is acted upon without confirming the caller has order management rights. No public exploit is identified and this is not listed in CISA KEV, but the low authentication bar (any registered user) and operational impact on fulfillment make this a meaningful risk for Benelux e-commerce stores with open user registration.

Authentication Bypass WordPress Dhl Ecommerce Benelux For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-4298 MEDIUM This Month

Missing authorization in the DSGVO All in One for WP plugin (versions up to and including 4.9) allows any authenticated WordPress user with Subscriber-level access or higher to invoke the dsgvo_reset_policy_service_func() function and wipe all customized privacy policy content - cookie notices, Google Analytics policies, Facebook policies, and YouTube policies - back to plugin defaults. The root cause is a complete absence of both WordPress capability checks and nonce verification on a sensitive administrative function that accepts and acts on user-supplied parameters. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, though the low authentication barrier makes this accessible to a wide pool of potential abusers on sites with open user registration.

Authentication Bypass WordPress Google Dsgvo All In One For Wp
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-9240 MEDIUM This Month

Unauthorized order modification in the Colissimo Officiel shipping plugin for WordPress (versions up to and including 2.9.0) allows any authenticated subscriber-level user to overwrite the shipping method, pickup-relay metadata, and shipping address of arbitrary WooCommerce orders - including orders belonging to other customers. The vulnerability stems from a completely unguarded AJAX handler: no capability check and no nonce verification are performed before acting on caller-supplied input. No public exploit code has been identified at time of analysis, and the issue is not listed in the CISA KEV catalog, though Wordfence has confirmed and disclosed it with specific source-line references.

Authentication Bypass WordPress Colissimo Shipping Methods For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-49836 MEDIUM POC PATCH GHSA This Month

Path traversal in psd-tools through v1.17.0 exposes any application processing untrusted PSD files to arbitrary file write and secondary arbitrary file read via the SmartObject API. SmartObject.save() consumes the embedded smart-object filename verbatim from the PSD binary - without basename stripping, absolute-path rejection, or directory-escape filtering - allowing a crafted PSD to write attacker-supplied bytes to any path the process can reach. A secondary issue in SmartObject.open() for external-kind objects uses the attacker-controlled fullPath descriptor as a read source, enabling file exfiltration to the write destination. A standalone proof-of-concept is publicly confirmed in the advisory; the fix is vendor-confirmed in v1.17.1 (PR #657). No public exploit identified at time of analysis beyond the advisory-embedded POC, and no CISA KEV listing was found.

Python Path Traversal Buffer Overflow Docker Denial Of Service +1
NVD GitHub
CVE-2026-55252 MEDIUM POC PATCH GHSA This Month

Open redirect bypass in openrun prior to v0.17.7 allows remote unauthenticated attackers to redirect victims to arbitrary external URLs by exploiting a double-slash path prefix that evades the application's host/scheme validation. The referrer-based redirect logic correctly validates the host and scheme but passes the extracted path `//attacker.com` to the Location header, which browsers interpret as a protocol-relative URL and resolve to an external destination. A proof-of-concept is publicly documented in the security advisory; no active exploitation has been confirmed by CISA KEV at time of analysis.

Google Apple Open Redirect Microsoft Mozilla
NVD GitHub
CVE-2026-53639 MEDIUM PATCH GHSA This Month

Missing ownership enforcement on Sylius Shop API payment request endpoints allows any caller who possesses a valid payment request UUID hash to read sensitive order data - including customer email, shipping addresses, and order totals - or manipulate post-payment redirect URLs to an attacker-controlled domain. Affected versions span the 2.0.x, 2.1.x, and 2.2.x release lines, with fixes available in 2.0.18, 2.1.15, and 2.2.6 per the vendor advisory GHSA-mr9r-h354-966r. No public exploit code or CISA KEV listing has been identified at time of analysis; real-world exploitability is gated on acquiring the UUID hash out-of-band.

Authentication Bypass PHP
NVD GitHub
CVE-2026-53602 MEDIUM PATCH GHSA This Month

Certificate revocation in nebula-mgmt (forgekeep/nebula-mesh ≤ v0.3.6) is non-durable due to two distinct authorization gaps at certificate issuance time. Blocked hosts bypass blocklist enforcement entirely by re-enrolling with a new token because `enroll.go:128` calls `caMgr.Sign()` without consulting the blocklist - a fingerprint-keyed structure that treats any fresh certificate as unknown. Separately, hosts enrolled under a subsequently-disabled operator auto-renew certificates indefinitely because `signHostCert` never re-validates operator or CA lifecycle status, meaning operator offboarding does not terminate provisioned host access. No public exploit is identified at time of analysis; both issues were discovered during an internal offensive security audit (tracking issue #178).

Authentication Bypass
NVD GitHub
CVE-2026-53720 MEDIUM PATCH GHSA This Month

Heap buffer overflow in pymonocypher's argon2i_32 function allows memory corruption when callers supply an undersized nb_blocks buffer, violating the library's API contract without triggering any bounds check. Applications using pymonocypher prior to version 4.0.2.8 that invoke the Argon2i password-hashing interface are at risk of heap corruption, which can produce crashes or potentially enable controlled memory writes. No public exploit code has been identified at time of analysis, and no active exploitation has been confirmed.

Heap Overflow Buffer Overflow
NVD GitHub
CVE-2026-53588 MEDIUM This Month

Insufficient data exists to characterize CVE-2026-53588 meaningfully. The only available intelligence signal is attribution to the Ubuntu vendor source; no description, CVSS vector, CWE classification, or reference URLs were provided in the input. Security teams cannot assess impact, affected versions, or exploitability from the current data. Monitor Ubuntu Security Notices (USN) and the NVD entry for this CVE as details are published.

Information Disclosure
NVD
CVE-2026-55238 MEDIUM This Month

CVE-2026-55238 has insufficient public data to characterize at time of analysis. The sole intelligence source is a Ubuntu vendor report, with no description, no CVSS scoring, no CWE classification, and no advisory content available. Security teams should treat this as an unverified, uncharacterized vulnerability pending vendor disclosure. No exploitation status, affected product details, or impact scope can be determined from available data.

Information Disclosure
NVD
CVE-2026-49861 MEDIUM This Month

CVE-2026-49861 is a vulnerability reported via Ubuntu vendor channels for which no description, CVSS score, CWE classification, or technical detail is currently available in the provided intelligence data. The affected component, attack vector, and impact cannot be characterized from available sources. Security teams should monitor the Ubuntu Security Notices (USN) portal and the NVD entry for this CVE for updated technical details before attempting triage or remediation.

Information Disclosure
NVD
CVE-2026-53589 MEDIUM This Month

Insufficient data exists to characterize CVE-2026-53589 beyond its association with Ubuntu as the reporting vendor. No description, CVSS score, CWE, CPE strings, references, EPSS score, KEV status, or patch information were provided in the intelligence feed. A meaningful impact statement cannot be synthesized from the available data without risking fabrication.

Information Disclosure
NVD
CVE-2026-45098 MEDIUM This Month

CVE-2026-45098 has no publicly available description, CVSS score, CWE classification, or technical details at time of analysis. The sole intelligence signal is a vendor:ubuntu source attribution, which may indicate the vulnerability was reported through Ubuntu's security tracker or affects an Ubuntu-packaged component. No impact, affected versions, attack vector, or exploitation status can be determined from available data.

Information Disclosure
NVD
CVE-2026-54538 MEDIUM This Month

CVE-2026-54538 is attributed to Ubuntu as the reporting vendor, but no description, CVSS score, vector, CWE classification, or supplementary intelligence is available at time of analysis. The vulnerability type, affected component, and impact cannot be characterized from the provided data. No determination of severity, exploitability, or affected versions is possible without additional vendor or NVD data.

Information Disclosure
NVD
CVE-2026-45096 MEDIUM This Month

CVE-2026-45096 has been assigned and attributed to Ubuntu (vendor source) but no description, CVSS score, vector, or CWE data is available at time of analysis. The vulnerability cannot be characterized beyond its association with the Ubuntu vendor track. Security teams should treat this as a placeholder record requiring active monitoring for descriptor updates from Canonical or NVD before any triage or remediation action can be taken.

Information Disclosure
NVD
CVE-2026-55063 MEDIUM This Month

Insufficient data exists to characterize CVE-2026-55063 meaningfully. The sole intelligence signal is a vendor tag of 'ubuntu', suggesting the affected product may reside in the Ubuntu ecosystem, but no description, CVSS vector, CWE classification, or advisory has been provided. No impact, attack vector, affected versions, or exploitation conditions can be determined from the available data. Security teams should treat this record as unresolved until a vendor advisory or NVD enrichment is available.

Information Disclosure
NVD
CVE-2026-41252 MEDIUM This Month

CVE-2026-41252 has been reported via the Ubuntu vendor channel, but no description, CVSS score, CWE classification, CPE data, or advisory references are available at this time. The affected product, vulnerability class, and impact cannot be determined from the provided intelligence. No exploitation status, patch availability, or technical details have been disclosed.

Information Disclosure
NVD
CVE-2026-45095 MEDIUM This Month

CVE-2026-45095 has no public description, CVSS score, CWE classification, or technical details available at time of analysis. The sole intelligence signal is a vendor report attributed to Ubuntu, indicating the CVE may affect software distributed through or by Canonical's Ubuntu platform. No impact, affected versions, exploitation status, or vulnerability class can be determined from available data. Security teams should monitor NVD, Ubuntu Security Notices (USN), and CISA for updates as this record is populated.

Information Disclosure
NVD
CVE-2026-42218 MEDIUM This Month

Insufficient intelligence data exists to characterize CVE-2026-42218 beyond its association with the Ubuntu vendor source. No description, CVSS vector, CWE classification, or additional references were provided, making a substantive impact assessment impossible. Security teams should query Ubuntu Security Notices (USN) or the Ubuntu CVE Tracker directly for authoritative details on affected packages and severity.

Information Disclosure
NVD
CVE-2026-44178 MEDIUM This Month

CVE-2026-44178 affects Ubuntu (reported by the Ubuntu vendor) but no description, CVSS score, vector, or CWE data is available in the provided intelligence. The vulnerability details, impact scope, and exploitation conditions cannot be characterized without a description. This record should be treated as incomplete pending enrichment from NVD, Ubuntu Security Notices (USN), or CISA.

Information Disclosure
NVD
CVE-2026-41521 MEDIUM This Month

CVE-2026-41521 is reported by Ubuntu (vendor source) but no description, CVSS score, vector, CWE, or any technical detail is available in the provided intelligence data. The affected component, vulnerability class, and impact are entirely unknown at this time. No assessment of attacker capability or affected user population is possible without additional data.

Information Disclosure
NVD
CVE-2026-3886 MEDIUM This Month

Integer overflow in the virtio-gpu driver's 2D image allocation path of the Linux kernel exposes virtualized guest systems to potential heap corruption. The flaw resides in an insufficient overflow check performed before allocating memory for a 2D image resource in the virtio-gpu paravirtualized GPU subsystem. An attacker or malicious process with access to GPU resource creation within an affected guest OS could trigger the overflow, potentially leading to out-of-bounds memory writes and kernel-level memory corruption. No public exploit or KEV listing is identified at time of analysis.

Buffer Overflow
NVD
CVE-2026-53590 MEDIUM This Month

CVE-2026-53590 has been reported by Ubuntu but contains no publicly available description, CVSS scoring, CWE classification, or technical detail at the time of this analysis. The absence of all structured vulnerability data - description, vector, severity, and CWE - makes it impossible to characterize the impact, affected component, or exploitation conditions. No public exploit has been identified, and no KEV listing exists. Security teams should monitor the Ubuntu Security Notices (USN) portal for updated advisories.

Information Disclosure
NVD
CVE-2026-44978 MEDIUM This Month

CVE-2026-44978 has insufficient public data to characterize at this time. The only confirmed intelligence source is a Ubuntu vendor report, but no description, CVSS metrics, CWE classification, or affected product details are available in the current dataset. Security teams should treat this as an unresolved entry requiring further data gathering before risk assessment or remediation decisions can be made.

Information Disclosure
NVD
CVE-2026-49863 MEDIUM This Month

Insufficient data exists to characterize CVE-2026-49863 meaningfully. The only available intelligence signal is a reporter attribution of 'vendor:ubuntu', suggesting the vulnerability affects a package or component within the Ubuntu ecosystem. No description, CVSS vector, CWE classification, affected version range, or exploitation status has been provided, making substantive analysis impossible at this time.

Information Disclosure
NVD
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy