Skip to main content
CVE-2026-45780 MEDIUM PATCH This Month

EventSerializer in Discourse improperly exposes private event invitation metadata - including invited group names, sample invitee usernames, and attendance statistics - to any user who can view the topic, regardless of their authorization to access the private invitee list. All Discourse installations prior to versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5 are affected when event functionality is in use. No public exploit or active exploitation (CISA KEV) has been identified, but the trivial network vector (AV:N/AC:L/PR:N/UI:N) makes this passively accessible to any user - authenticated or not - with topic-read access on an open or semi-open forum.

Information Disclosure Discourse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2026-59217 MEDIUM PATCH This Month

File upload authorization bypass in Open WebUI before 0.10.0 allows authenticated users with read-only knowledge base access to inject arbitrary files into restricted knowledge bases by supplying a crafted metadata.knowledge_id parameter. The upload endpoint omits the write-access check enforced by the dedicated /api/v1/knowledge/<id>/file/add route (CWE-862), creating a privilege escalation path for any authenticated platform user. No public exploit code or CISA KEV listing exists at time of analysis, but the impact extends beyond the low CVSS integrity score - injected content directly influences LLM responses for all users of the affected knowledge base, enabling indirect prompt injection.

Authentication Bypass File Upload Open Webui
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2026-11359 MEDIUM This Month

Unauthorized plugin installation affects the Memberships and User Profiles for WooCommerce - ProfileGrid WooCommerce Integration plugin (versions up to and including 3.4), allowing any authenticated WordPress user at Subscriber level or above to force-install and activate the ProfileGrid plugin without administrative approval. The flaw stems from a dual failure - absent capability check and absent nonce validation - on the `pg_install_profilegrid()` AJAX handler, registered via the `wp_ajax_pg_install_profilegrid` hook. No active exploitation has been confirmed (not listed in CISA KEV) and no public exploit code has been identified at time of analysis; however, the low barrier to exploitation (any authenticated user) makes this a meaningful integrity risk on multi-tenant or open-registration WooCommerce stores.

Authentication Bypass WordPress Memberships And User Profiles For Woocommerce Profilegrid Woocommerce Integration
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-59223 MEDIUM PATCH This Month

Open WebUI's WEB_FETCH_FILTER_LIST blocklist enforcement fails to parse hostnames at label boundaries in versions prior to 0.10.0, enabling authenticated users to bypass administrator-configured host restrictions and trigger server-side fetches to internally restricted resources. Two bypass classes exist: embedding a blocked hostname in the URL path component (e.g., https://attacker.com/internal.corp/data) rather than the authority, and using a sibling domain sharing the blocked entry's suffix (e.g., evilinternalhost.example.com matching a blocklist entry for internalhost.example.com). No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass Open Webui
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-53638 MEDIUM PATCH GHSA This Month

{tokenValue}/payments/{paymentId}` silently accepts and returns HTTP 200 for payment methods the store operator has explicitly excluded from the order's sales channel, while the equivalent checkout endpoint correctly rejects them with HTTP 422. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass PHP
NVD GitHub
CVSS 3.1
4.3
CVE-2026-59226 MEDIUM PATCH This Month

Improper authorization in Open WebUI 0.9.x allows deactivated or pending users to continue executing scheduled AI model automations after their accounts should have lost that capability. The `execute_automation` function rehydrated automation owners without re-verifying that the owner account was still active or still held the `features.automations` permission, and `check_model_access` enforced private-model grants only against the current user role at the time of check rather than re-validating eligibility at execution time. No public exploit has been identified at time of analysis, and the CVSS score of 3.1 reflects the low real-world severity: high attack complexity, limited availability impact, and no confidentiality or integrity impact per the official assessment.

Authentication Bypass Open Webui
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2026-9237 MEDIUM This Month

Authorization bypass in the Crew HRM WordPress plugin (all versions ≤ 1.2.2) allows any authenticated subscriber-level user to delete, archive, unarchive, and duplicate arbitrary job listings - including associated stages, metadata, addresses, and applications - by supplying an arbitrary integer job_id. The nonce that nominally gates these actions via Dispatcher::dispatch() is deliberately exposed to every authenticated frontend visitor through wp_head script localization, making the bypass trivially reproducible by any user with a WordPress account. No public exploit code or active exploitation has been identified at time of analysis, and no KEV listing exists; however, the nonce leak collapses the practical access barrier to subscriber level.

Authentication Bypass WordPress Employee Leave And Recruitment Management System Crew Hrm
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-9235 MEDIUM This Month

Unauthorized shipping label manipulation in DHL eCommerce (Benelux) for WooCommerce versions up to 2.2.3 allows any authenticated WordPress user - down to Subscriber level - to create or delete DHL shipping labels for any WooCommerce order site-wide. The two vulnerable AJAX handlers lack both capability verification and nonce (CSRF token) checks, meaning the attacker-supplied order ID is acted upon without confirming the caller has order management rights. No public exploit is identified and this is not listed in CISA KEV, but the low authentication bar (any registered user) and operational impact on fulfillment make this a meaningful risk for Benelux e-commerce stores with open user registration.

Authentication Bypass WordPress Dhl Ecommerce Benelux For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-4298 MEDIUM This Month

Missing authorization in the DSGVO All in One for WP plugin (versions up to and including 4.9) allows any authenticated WordPress user with Subscriber-level access or higher to invoke the dsgvo_reset_policy_service_func() function and wipe all customized privacy policy content - cookie notices, Google Analytics policies, Facebook policies, and YouTube policies - back to plugin defaults. The root cause is a complete absence of both WordPress capability checks and nonce verification on a sensitive administrative function that accepts and acts on user-supplied parameters. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, though the low authentication barrier makes this accessible to a wide pool of potential abusers on sites with open user registration.

Authentication Bypass WordPress Google Dsgvo All In One For Wp
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-9240 MEDIUM This Month

Unauthorized order modification in the Colissimo Officiel shipping plugin for WordPress (versions up to and including 2.9.0) allows any authenticated subscriber-level user to overwrite the shipping method, pickup-relay metadata, and shipping address of arbitrary WooCommerce orders - including orders belonging to other customers. The vulnerability stems from a completely unguarded AJAX handler: no capability check and no nonce verification are performed before acting on caller-supplied input. No public exploit code has been identified at time of analysis, and the issue is not listed in the CISA KEV catalog, though Wordfence has confirmed and disclosed it with specific source-line references.

Authentication Bypass WordPress Colissimo Shipping Methods For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-59269 LOW Monitor

Privilege escalation in VMware Pinniped's Kubernetes authentication layer allows an attacker who already controls Active Directory group distinguished names to gain elevated Kubernetes RBAC permissions beyond their legitimate entitlements. The flaw affects Pinniped v0.11.0 through v0.46.0 when the Supervisor is configured with an ActiveDirectoryIdentityProvider and a specific empty groupName attribute, and only when an attacker simultaneously holds write access to AD group entries and valid AD user credentials. No public exploit code exists and this is not listed in CISA KEV; the vendor CVSS score of 3.8 (Low) reflects the highly constrained exploitation prerequisites.

Kubernetes Information Disclosure Pinniped
NVD GitHub
CVSS 3.1
3.8
EPSS
0.2%
CVE-2026-59215 LOW PATCH Monitor

Cross-channel thread context disclosure in Open WebUI prior to 0.10.0 allows authenticated low-privilege users to reference messages from private or DM channels they do not have access to, leaking thread content across channel boundaries. The root cause is a missing channel-binding validation on the parent_id parameter in thread reply handling - the server does not verify that the referenced parent message belongs to the channel specified in the URL. No public exploit or active exploitation has been identified; this is a low-severity, high-complexity authorization bypass with confirmed vendor fix in v0.10.0.

Authentication Bypass Open Webui
NVD GitHub VulDB
CVSS 3.1
3.1
EPSS
0.3%
CVE-2026-0282 LOW PATCH Monitor

Unauthenticated file deletion in Palo Alto Networks PAN-OS allows network-reachable attackers to delete files from a temporary directory via the management web interface, affecting PA-Series and VM-Series firewalls and Panorama appliances. Real-world risk is substantially bounded by the vendor's documented best-practice guidance to restrict management interface access to trusted internal IP addresses, which eliminates external attack surface. No public exploit code has been identified, CISA KEV listing is absent, and the vendor-provided CVSS 4.0 score of 2.7 with an E:U supplemental metric reflects no known active exploitation.

Information Disclosure Paloalto Pan Os
NVD VulDB
CVSS 4.0
2.7
EPSS
0.4%
CVE-2026-0281 LOW PATCH Monitor

Web session token theft from PAN-OS management interfaces affects PA-Series and VM-Series firewalls and Panorama deployments, enabling a network-adjacent unauthenticated attacker to hijack authenticated administrator sessions. Exploitation depends on a legitimate management user clicking an attacker-crafted malicious link while an active session exists - a social engineering prerequisite that substantially reduces real-world risk. No public exploit code exists (CVSS 4.0 E:U) and the issue is not listed in CISA KEV; the vendor rates overall CVSS 4.0 severity at 2.1, reflecting these mitigating factors.

Information Disclosure Paloalto Pan Os
NVD VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-15138 LOW Monitor

Path traversal in tumf mcp-text-editor up to version 1.0.2 allows remote attackers to read, write, or delete files outside the intended directory by supplying manipulated file path arguments to the `_validate_file_path` function in `mcp_text_editor/text_editor.py`. A public exploit has been disclosed (confirmed by VulDB and reflected in the CVSS 4.0 E:P modifier), and the vendor has closed the tracking GitHub issue without explanation, leaving the vulnerability unpatched. The CVSS 4.0 base score of 2.1 reflects limited confidentiality, integrity, and availability impact alongside a required user interaction step.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-15202 LOW Monitor

Cross-site scripting in YzmCMS through version 7.5 allows unauthenticated remote attackers to inject and execute arbitrary JavaScript by manipulating the HTTP Host header processed by the `get_url` function in `/yzmphp/yzmphp.php`. The Header Handler component reflects the attacker-controlled `HTTP_HOST` value into generated page output without sanitization, enabling payload execution in a victim's browser upon page visit. A public proof-of-concept exploit has been disclosed; no patch exists and the vendor did not respond to coordinated disclosure, leaving all deployments at or below v7.5 exposed.

XSS PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-15195 LOW Monitor

Prototype pollution in apidevtools json-schema-ref-parser up to v15.3.5 allows low-privileged remote attackers to modify Object prototype attributes via crafted input to the Refs.set/Pointer.set functions in lib/pointer.ts. The vulnerability is tagged RCE and Code Injection, reflecting the theoretical worst-case of prototype pollution in Node.js environments where polluted properties propagate to dangerous sinks; however, the CVSS 4.0 score of 2.1 with limited (L/L/L) impact ratings suggests the direct, exploitable impact is constrained. A proof-of-concept exists (CVSS 4.0 E:P) but no confirmed active exploitation has been recorded in CISA KEV.

Code Injection RCE
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-15186 LOW Monitor

Resource identifier manipulation in macrozheng mall up to 1.0.3 allows authenticated remote attackers to access or affect return-application records belonging to other users by substituting arbitrary orderId values in POST requests to /returnApply/create. The flaw is classified as CWE-99 (Improper Control of Resource Identifiers), consistent with an Insecure Direct Object Reference (IDOR) pattern in the Portal Endpoint. A public exploit is available, and the vendor deleted the corresponding GitHub issue without comment, raising concerns about coordinated disclosure and patch status.

Information Disclosure Mall
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-0275 LOW PATCH Monitor

Privilege escalation in Palo Alto Networks Prisma® Browser on macOS enables a locally authenticated administrator with access to the local filesystem to perform actions at root privilege level. The vulnerability is scoped exclusively to macOS deployments of Prisma Browser - no other platforms or Palo Alto products are implicated per the advisory. No public exploit identified at time of analysis; the CVSS 4.0 base score of 2.0 reflects the substantial exploitation prerequisites that materially constrain real-world risk despite the full-system impact potential at root level.

Privilege Escalation Apple Paloalto Prisma Browser
NVD
CVSS 4.0
2.0
EPSS
0.1%
CVE-2026-15276 LOW Monitor

Denial of service in pdeljanov Symphonia up to version 0.6.0 can be triggered locally by a low-privileged attacker who supplies a crafted audio file to the Metadata Handler component, causing improper resource release and application unavailability. The root cause is CWE-404 (Improper Resource Shutdown or Release) within the metadata parsing subsystem, with no impact on confidentiality or data integrity. A proof-of-concept exploit has been published; however, no patched release exists as the upstream fix (PR #514) remains unmerged at time of analysis.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-15274 LOW Monitor

Denial-of-service in fbxcel up to 0.9.0 allows a local, low-privileged attacker to crash any application embedding this Rust FBX-parsing library by supplying a crafted FBX file that triggers improper resource handling in the v7400 Node Header Handler. Impact is limited to availability with no confidentiality or integrity consequence, consistent with the CVSS 4.0 base score of 1.9. A public proof-of-concept exists (CVSS 4.0 E:P), though exploitation is constrained entirely to local access paths; no KEV listing or active exploitation has been reported.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-15194 LOW Monitor

Use-after-free in Open5GS 2.7.7's AMF component allows a local low-privileged user to access freed memory within the `amf_context_final` function in `src/amf/context.c`, producing a low-severity confidentiality exposure. Exploitation is strictly local - no network vector exists - and a public proof-of-concept is confirmed by the CVSS 4.0 E:P supplemental modifier. This vulnerability is not listed in the CISA KEV catalog and carries a CVSS 4.0 base score of 1.9, reflecting its constrained real-world impact on what is a niche, telecom-research-oriented software stack.

Denial Of Service Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-15193 LOW Monitor

OS command injection in the Android WebView JavaScript bridge of openclaw-android (versions up to 0.4.0) permits a local, low-privileged attacker to execute arbitrary OS commands through the `JsBridge.kt` component. Exploitation is constrained to local device access, limiting real-world blast radius, but a publicly disclosed proof-of-concept exists per the CVSS 4.0 E:P supplemental metric. No patch has been released - a remediation pull request (#137) is pending acceptance, leaving all users on version 0.4.0 or earlier exposed.

Command Injection Java Google
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.7%
CVE-2026-0280 LOW PATCH Monitor

Security policy bypass in Palo Alto Networks PAN-OS exposes protected services behind the firewall to traffic that should be blocked, exploitable by unauthenticated remote attackers via crafted IPv6 packets targeting the dataplane. The CVSS 4.0 score of 1.7 reflects that direct impact on the firewall itself is nil (VC:N/VI:N/VA:N), with only low-severity downstream effect on subsequent systems (SC:L/SI:L), and specific attack conditions must be present (AT:P). No public exploit code exists and no active exploitation has been reported (E:U), though the automatable flag (AU:Y) indicates the attack could in principle be scripted once conditions are met.

Authentication Bypass Paloalto Pan Os
NVD VulDB
CVSS 4.0
1.7
EPSS
0.5%
CVE-2026-0279 LOW PATCH Monitor

Multiple stored and reflected cross-site scripting vulnerabilities in PAN-OS expose the User-ID Authentication Portal (Captive Portal), GlobalProtect gateway/portal, and Clientless VPN web interfaces to unauthenticated attackers who can inject and execute arbitrary JavaScript in victim browsers. Affected deployments span PA-Series and VM-Series firewalls and Panorama management platforms; Cloud NGFW is explicitly not affected. No public exploit code exists (CVSS 4.0 E:U), and the vendor states risk is substantially reduced - potentially minimized - when portal and management access is restricted to trusted internal IP ranges per Palo Alto's recommended hardening guidelines.

XSS Paloalto Pan Os
NVD VulDB
CVSS 4.0
1.3
EPSS
1.2%
CVE-2026-0276 LOW PATCH Monitor

Privilege escalation in Palo Alto Networks Cortex XDR Broker VM permits locally authenticated users to perform operations as the root user within the appliance. The vulnerability is constrained to the Broker VM itself - the CVSS 4.0 vector (SC:N/SI:N/SA:N) confirms no scope change to subsequent or adjacent systems, limiting the blast radius to the VM appliance. No public exploit exists (E:U) and no CISA KEV listing is present; the vendor-assigned CVSS 4.0 score of 1.1 reflects this low-urgency posture.

Privilege Escalation Paloalto Cortex Xdr Broker Vm
NVD VulDB
CVSS 4.0
1.1
EPSS
0.1%
CVE-2026-49836 MEDIUM POC PATCH GHSA This Month

Path traversal in psd-tools through v1.17.0 exposes any application processing untrusted PSD files to arbitrary file write and secondary arbitrary file read via the SmartObject API. SmartObject.save() consumes the embedded smart-object filename verbatim from the PSD binary - without basename stripping, absolute-path rejection, or directory-escape filtering - allowing a crafted PSD to write attacker-supplied bytes to any path the process can reach. A secondary issue in SmartObject.open() for external-kind objects uses the attacker-controlled fullPath descriptor as a read source, enabling file exfiltration to the write destination. A standalone proof-of-concept is publicly confirmed in the advisory; the fix is vendor-confirmed in v1.17.1 (PR #657). No public exploit identified at time of analysis beyond the advisory-embedded POC, and no CISA KEV listing was found.

Python Path Traversal Buffer Overflow Docker Denial Of Service +1
NVD GitHub
CVE-2026-55252 MEDIUM POC PATCH GHSA This Month

Open redirect bypass in openrun prior to v0.17.7 allows remote unauthenticated attackers to redirect victims to arbitrary external URLs by exploiting a double-slash path prefix that evades the application's host/scheme validation. The referrer-based redirect logic correctly validates the host and scheme but passes the extracted path `//attacker.com` to the Location header, which browsers interpret as a protocol-relative URL and resolve to an external destination. A proof-of-concept is publicly documented in the security advisory; no active exploitation has been confirmed by CISA KEV at time of analysis.

Google Apple Open Redirect Microsoft Mozilla
NVD GitHub
CVE-2026-57501 NONE Awaiting Data

System principal privilege escalation in Zen Browser prior to 1.21.5b allows a malicious webpage to bypass Firefox's content-to-file security boundary by exploiting the browser's custom glance and split-view context-menu features. The 'Open link in glance' and 'Split link in new tab' actions navigate attacker-supplied file:// URLs using the System principal rather than the originating page's content principal, granting access to local filesystem contents that would be blocked by an ordinary click. A vendor-released patch exists in version 1.21.5b; no public exploit has been identified at time of analysis.

Authentication Bypass Mozilla Desktop
NVD GitHub
EPSS
0.3%
CVE-2026-53639 MEDIUM PATCH GHSA This Month

Missing ownership enforcement on Sylius Shop API payment request endpoints allows any caller who possesses a valid payment request UUID hash to read sensitive order data - including customer email, shipping addresses, and order totals - or manipulate post-payment redirect URLs to an attacker-controlled domain. Affected versions span the 2.0.x, 2.1.x, and 2.2.x release lines, with fixes available in 2.0.18, 2.1.15, and 2.2.6 per the vendor advisory GHSA-mr9r-h354-966r. No public exploit code or CISA KEV listing has been identified at time of analysis; real-world exploitability is gated on acquiring the UUID hash out-of-band.

Authentication Bypass PHP
NVD GitHub
CVE-2026-52777 CRITICAL POC PATCH GHSA Act Now

PHP object injection in YesWiki's BazaR import feature allows an attacker to reach an unsafe unserialize() sink in tools/bazar/services/CSVManager.php, where attacker-supplied base64 data is deserialized without allowed_classes=false, instantiating arbitrary classes and triggering magic methods (__destruct, and __toString via array_map('strval')). Because the importentries mode lacks CSRF protection (the assigned root cause CWE-352), a remote attacker can host an auto-POSTing HTML page that, when visited by a logged-in wiki admin, drives the deserialization using the admin's session - chaining published Doctrine PHPGGC gadgets into remote code execution on the host. Publicly available exploit code exists demonstrating the object-injection primitive, but no full end-to-end RCE chain is published and this is not confirmed actively exploited (not in CISA KEV).

Deserialization Path Traversal CSRF XSS RCE +1
NVD GitHub
CVE-2026-52762 HIGH POC PATCH GHSA This Week

{{ 7 * 7 }} rendering as 49, escalated to an interactive reverse shell); this vulnerability is not in CISA KEV and there is no evidence of active exploitation.

RCE PHP Ssti Docker
NVD GitHub
CVE-2026-53602 MEDIUM PATCH GHSA This Month

Certificate revocation in nebula-mgmt (forgekeep/nebula-mesh ≤ v0.3.6) is non-durable due to two distinct authorization gaps at certificate issuance time. Blocked hosts bypass blocklist enforcement entirely by re-enrolling with a new token because `enroll.go:128` calls `caMgr.Sign()` without consulting the blocklist - a fingerprint-keyed structure that treats any fresh certificate as unknown. Separately, hosts enrolled under a subsequently-disabled operator auto-renew certificates indefinitely because `signHostCert` never re-validates operator or CA lifecycle status, meaning operator offboarding does not terminate provisioned host access. No public exploit is identified at time of analysis; both issues were discovered during an internal offensive security audit (tracking issue #178).

Authentication Bypass
NVD GitHub
CVE-2026-53727 HIGH POC PATCH GHSA This Week

Server-side request forgery (and cross-scheme local file disclosure) in the Ruby css_parser gem (all versions prior to 3.0.0) lets an attacker who can land a single @import url(...) rule in parsed CSS force the server to issue arbitrary HTTP/HTTPS GETs to any internal host, port or IP, and — via an attacker-controlled 302 redirect to a file:// URI — read local files. Premailer-style consumers that re-emit the parsed CSS into rendered HTML/email leak any CSS-shaped response bytes back to the attacker, turning this into a data-exfiltration channel rather than a blind SSRF. No public CVSS is published and it is not in CISA KEV, but a complete working proof-of-concept (poc.rb) is included in the advisory, so publicly available exploit code exists.

Kubernetes Hashicorp SSRF Canonical Nginx +5
NVD GitHub
CVE-2026-53720 MEDIUM PATCH GHSA This Month

Heap buffer overflow in pymonocypher's argon2i_32 function allows memory corruption when callers supply an undersized nb_blocks buffer, violating the library's API contract without triggering any bounds check. Applications using pymonocypher prior to version 4.0.2.8 that invoke the Argon2i password-hashing interface are at risk of heap corruption, which can produce crashes or potentially enable controlled memory writes. No public exploit code has been identified at time of analysis, and no active exploitation has been confirmed.

Heap Overflow Buffer Overflow
NVD GitHub
CVE-2026-50553 HIGH POC PATCH GHSA This Week

Root-privileged arbitrary directory creation and file write affects Note Mark (self-hosted notes application) versions <= v0.19.4, arising because book and note slug validation uses the unanchored huma OpenAPI pattern '[a-z0-9-]+', letting a low-privilege authenticated user store a path-traversal slug such as '../../../../etc/cron.d/x'. When an administrator later runs the 'note-mark migrate export' or 'export-v1' CLI (routinely as root in Docker), the exporter joins the raw slug into the output path and writes '_index.md' outside the export directory, enabling escalation to code execution as root. Publicly available exploit code exists (a version-pinned Go reproducer plus an end-to-end Docker walkthrough); this is the unpatched sibling of GHSA-g49p-4qxj-88v3 and is not listed in CISA KEV.

RCE OpenSSL Docker
NVD GitHub
CVE-2026-58382 MEDIUM This Month

CVE-2026-58382 is associated with Ubuntu vendor reporting but contains no description, CVSS data, CWE classification, or technical detail in the available intelligence sources. No impact, affected component, or attack surface can be determined from the provided data. Analysis cannot be completed without additional source material from the vendor advisory or NVD entry.

Information Disclosure
NVD
CVE-2026-58385 MEDIUM This Month

CVE-2026-58385 is reported by Ubuntu as the sole intelligence source, but no description, CVSS score, CWE classification, or technical detail is available at this time. The affected product is inferred to be Ubuntu Linux or a component distributed through Ubuntu, but the vulnerability type, impact, and affected versions cannot be determined from the provided data. No meaningful synthesis is possible without a CVE description or supplementary intelligence.

Information Disclosure
NVD
CVE-2026-55564 MEDIUM This Month

CVE-2026-55564 has been reported by Ubuntu but carries no publicly available description, CVSS score, vector, or CWE classification at time of analysis. The affected product, vulnerability class, and impact scope are entirely unconfirmed from available intelligence. No assessment of attacker capability or victim exposure is possible without a description or vendor advisory detailing the flaw.

Information Disclosure
NVD
CVE-2026-45093 MEDIUM This Month

CVE-2026-45093 is a vulnerability reported by Ubuntu with no description, CVSS score, vector, or CWE available at time of analysis. The affected product, impact class, and exploitation conditions are entirely unknown from provided intelligence. No meaningful risk characterization is possible without additional vendor disclosure.

Information Disclosure
NVD
CVE-2026-58387 MEDIUM This Month

CVE-2026-58387 is attributed to Ubuntu (vendor source) but no description, CVSS score, CWE classification, or technical details are available in the provided intelligence data. The nature, impact, and exploitability of this vulnerability cannot be characterized at this time. No assessment of attacker capability, affected versions, or real-world risk is possible without additional data.

Information Disclosure
NVD
CVE-2026-45092 MEDIUM This Month

Insufficient public data exists to characterize CVE-2026-45092 with analytical confidence. The only intelligence signal available is a vendor report attributed to Ubuntu; no description, CVSS vector, CWE, CPE, EPSS score, KEV status, or reference URLs were supplied. No public exploit has been identified at time of analysis. This record should be treated as a placeholder requiring enrichment before any prioritization decision is made.

Information Disclosure
NVD
CVE-2026-45094 MEDIUM This Month

CVE-2026-45094 has been reported by Ubuntu (vendor source) but no description, CVSS score, vector, or CWE data is available at time of analysis. The affected product or package within the Ubuntu ecosystem cannot be determined from available data. No impact, attack vector, or severity assessment can be made without a description or supporting intelligence.

Information Disclosure
NVD
CVE-2026-45097 MEDIUM This Month

Insufficient data exists to characterize CVE-2026-45097 at this time. The only available intelligence signal is a vendor attribution to Ubuntu, with no description, CVSS score, CWE classification, or references provided. No independent synthesis is possible without a vulnerability description, affected version range, or technical details.

Information Disclosure
NVD
CVE-2026-49862 MEDIUM This Month

CVE-2026-49862 cannot be meaningfully summarized - the description field is absent and no technical intelligence is available beyond a vendor attribution to Ubuntu. No CVSS score, CWE classification, affected product details, or advisory references were provided in the input data. Security teams should consult the Ubuntu Security Notices (USN) portal and the NVD entry directly before making any risk decisions.

Information Disclosure
NVD
CVE-2026-49863 MEDIUM This Month

Insufficient data exists to characterize CVE-2026-49863 meaningfully. The only available intelligence signal is a reporter attribution of 'vendor:ubuntu', suggesting the vulnerability affects a package or component within the Ubuntu ecosystem. No description, CVSS vector, CWE classification, affected version range, or exploitation status has been provided, making substantive analysis impossible at this time.

Information Disclosure
NVD
CVE-2026-44978 MEDIUM This Month

CVE-2026-44978 has insufficient public data to characterize at this time. The only confirmed intelligence source is a Ubuntu vendor report, but no description, CVSS metrics, CWE classification, or affected product details are available in the current dataset. Security teams should treat this as an unresolved entry requiring further data gathering before risk assessment or remediation decisions can be made.

Information Disclosure
NVD
CVE-2026-53590 MEDIUM This Month

CVE-2026-53590 has been reported by Ubuntu but contains no publicly available description, CVSS scoring, CWE classification, or technical detail at the time of this analysis. The absence of all structured vulnerability data - description, vector, severity, and CWE - makes it impossible to characterize the impact, affected component, or exploitation conditions. No public exploit has been identified, and no KEV listing exists. Security teams should monitor the Ubuntu Security Notices (USN) portal for updated advisories.

Information Disclosure
NVD
CVE-2026-58388 MEDIUM This Month

Insufficient data exists to characterize CVE-2026-58388 beyond its Ubuntu vendor attribution. No description, CVSS vector, CWE classification, affected version range, or technical detail was provided in the intelligence feed. The only confirmed data point is that Ubuntu (Canonical) reported or acknowledged this CVE. No impact, attack vector, or exploitation conditions can be stated without fabricating information.

Information Disclosure
NVD
CVE-2026-58386 MEDIUM This Month

CVE-2026-58386 is reported by Ubuntu with no description, CVSS score, CWE classification, or additional intelligence available at time of analysis. The affected product, vulnerability class, and impact cannot be determined from the provided data. Security teams should consult Ubuntu Security Notices (USN) directly for authoritative details on this CVE.

Information Disclosure
NVD
Prev Page 6 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy