Skip to main content
CVE-2026-55050 MEDIUM PATCH This Month

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Office 2019 +9
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-34328 MEDIUM PATCH This Month

Windows Audio Service on multiple Windows desktop and server versions improperly exposes sensitive information to locally authenticated standard users, enabling information disclosure without requiring elevated privileges. Affecting Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 (with Server 2022 and 2025 referenced in tags), the flaw is exploitable post-foothold by any low-privileged local account, making it a realistic post-exploitation pivot rather than an initial access vector. No public exploit code has been identified at time of analysis, and a vendor-released patch is confirmed available via the Microsoft Security Response Center.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +9
NVD VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-15766 MEDIUM PATCH This Month

Uninitialized Use in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-15770 MEDIUM PATCH This Month

Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-47481 MEDIUM This Month

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an authentication bypass through an alternative path or channel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Nvidia Authentication Bypass RCE Information Disclosure Triton Inference Server
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-15778 MEDIUM PATCH This Month

Navigation input validation bypass in Google Chrome prior to 150.0.7871.125 enables a remote attacker who has already compromised the renderer process to circumvent navigation restrictions through a crafted HTML page. The flaw is classified as a second-stage, chained exploit - the attacker must first achieve renderer process compromise before this vulnerability becomes exploitable. With integrity rated High (I:H) and no confidentiality or availability impact, the practical danger is unauthorized navigation control, potentially enabling redirect-based phishing, cross-origin frame manipulation, or security boundary bypass. No public exploit code or active exploitation has been identified at time of analysis; EPSS probability stands at 0.26% (17th percentile), consistent with low current threat activity.

Google Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-15775 MEDIUM PATCH This Month

Same Origin Policy bypass in Google Chrome's V8 JavaScript engine (prior to 150.0.7871.125) allows a remote attacker to cross origin security boundaries via a crafted HTML page, enabling high-impact integrity violations against cross-origin content. Exploitation requires the victim to visit the malicious page (UI:R), limiting automated mass exploitation - a constraint confirmed by SSVC's Automatable:no finding. No public exploit code has been identified and this vulnerability does not appear in the CISA KEV catalog; EPSS at 0.26% (17th percentile) is consistent with no observed active exploitation at time of analysis.

Google Authentication Bypass
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-15768 MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome prior to 150.0.7871.125 enables remote attackers to manipulate cross-origin content integrity through the browser's HTML-in-Canvas rendering subsystem. Exploitation requires a victim to visit a crafted HTML page, making this a socially-engineered attack rather than a fully autonomous one. No active exploitation has been recorded (CISA KEV: absent, SSVC exploitation: none), and EPSS sits at 0.26% - indicating low real-world exploitation activity at time of analysis.

Google Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-59888 MEDIUM PATCH This Month

Deserialization logic in FasterXML jackson-databind 2.15.0 through 2.18.7, 2.21.3, and 3.1.3 allows unauthenticated remote callers to bypass @JsonIgnore annotations on Java Record types when a PropertyNamingStrategy is configured. The renamed JSON key - e.g., 'internal_role' produced by SnakeCaseStrategy from 'internalRole' - is not registered in the ignore list, so Jackson's constructor-parameter binding accepts the attacker-supplied value despite the developer's explicit exclusion directive. No public exploit tooling has been identified at time of analysis, but the upstream fix PR includes a runnable proof-of-concept test that fully demonstrates the bypass, lowering the bar for independent reproduction.

Authentication Bypass Java Jackson Databind
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-50302 MEDIUM PATCH This Month

Improper certificate validation in Windows Cryptographic Services allows an unauthorized attacker to bypass a security feature over a network.

Authentication Bypass Microsoft Windows 10 Version 21H2 Windows 10 Version 22H2 Windows 11 Version 24H2 +5
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-13699 MEDIUM This Month

Eclipse KUKSA Databroker 0.6.1 panics in a Tokio worker thread when an authenticated client sends a PublishValueRequest with a valid signal_id but omits the optional data_point field, causing the server to call Rust's unwrap() on a None value. Any client holding a valid JWT token can trigger this condition, cancelling the individual gRPC call while leaving the Databroker process intact and available. No public exploit has been identified and this vulnerability is not listed in CISA KEV; EPSS data was not supplied in available intelligence.

Information Disclosure Eclipse Kuksa Databroker
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-36035 MEDIUM This Month

Incorrect access control in CAXPerts UniversalPlantViewer WebServices Server v2.7.6 allows any authenticated low-privilege user to invoke the /api/License/deactivateOffline endpoint and strip the server's license, rendering the service inoperable. The flaw (CWE-284) grants low-privileged accounts an action that should be restricted to administrative roles, providing a trivial denial-of-service primitive against industrial plant visualization infrastructure. No public exploit identified at time of analysis, though a researcher disclosure post on Medium appears to document the discovery.

Authentication Bypass Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-3014 MEDIUM This Month

OS command injection in Milestone Systems XProtect Management Server API enables authenticated users with edit permissions to execute arbitrary code as the Management Server Service. The CWE-78 flaw is network-accessible (AV:N) and requires no user interaction beyond possessing a privileged account, with CVSS 4.0 scope change metrics indicating high downstream impact (SC:H/SI:H/SA:H) to the broader surveillance infrastructure. No public exploit code or CISA KEV listing has been identified at time of analysis; Milestone has released patched versions addressed in their official advisory.

RCE Command Injection Xprotect Management Server
NVD VulDB
CVSS 4.0
6.4
EPSS
0.6%
CVE-2026-50157 MEDIUM PATCH GHSA This Month

### Description Applications built with the Auth0 Symphony SDK, using the Authorizer security authenticator to protect HTTP routes may accept OAuth 2.0 bearer access tokens provided through a URL query parameter, in addition to the standard Authorization header, which may increase the risk of access token exposure and replay against protected API endpoints. ### Resolution Upgrade auth0/symfony to version 5.9.0 or greater. ### Acknowledgement Okta would like to thank Alex Yeara for their discovery.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
CVE-2026-50018 MEDIUM PATCH GHSA This Month

### Summary: Remote post-serve actions use `http.DefaultClient` without any timeout configuration. When the remote endpoint is unreachable or intentionally slow (accepts TCP connection but never responds), each triggered proxy request spawns a goroutine that blocks indefinitely on `http.DefaultClient.Do()`. An attacker can cause unbounded goroutine accumulation leading to memory exhaustion and process crash (OOM kill). Unlike local post-serve action execution, this requires no binary execution, only a URL pointing to a non-responsive endpoint. ### Details: **1. Remote actions executed in goroutines without timeout (`core/hoverfly.go:224-228`):** ```go go postServeAction.Execute(result.Pair, journalIDChannel, hf.Journal) ``` Post-serve actions are executed in separate goroutines with no recovery wrapper. **2. HTTP client has no timeout (`core/action/action.go:128-143`):** ```go req, err := http.NewRequest("POST", action.Remote, bytes.NewBuffer(pairViewBytes)) // ... resp, err := http.DefaultClient.Do(req) // No timeout! Blocks forever. ``` `http.DefaultClient` has zero timeout by default in Go. If the remote server: - Accepts the TCP connection but never sends a response - Establishes TLS but never completes the handshake - Uses TCP window size 0 (flow control stall) ...the goroutine blocks indefinitely. There is no context cancellation, no deadline, and no cleanup. **3. No goroutine limit or backpressure:** There is no limit on how many post-serve action goroutines can be active simultaneously. Each matching proxy request spawns a new one unconditionally. **4. The goroutine is never cleaned up:** The only exit path from `Execute()` is a successful (or failed) HTTP response. A non-responding server means the goroutine lives until the process is killed. ### Environment: - **Hoverfly version:** v1.12.7 - **Operating System:** macOS Darwin 25.4.0 - **Go version:** 1.26.2 - **Configuration:** Default (no flags required) ### POC: **Step 1: Start a black-hole TCP listener (accepts connections, never responds)** ```bash # Option A: Use ncat ncat -l -k 9999 & # Option B: Use a non-routable IP (connections hang at TCP SYN) # 192.0.2.1 is TEST-NET-1, guaranteed non-routable # This causes http.DefaultClient to block on TCP connect timeout (which is also unlimited) ``` **Step 2: Register remote post-serve action pointing to the black hole** ```bash curl -X PUT http://localhost:8888/api/v2/hoverfly/post-serve-action \ -H "Content-Type: application/json" \ -d '{ "actionName": "leak", "remote": "http://192.0.2.1:9999/blackhole", "delayInMs": 0 }' ``` **Step 3: Load a catch-all simulation** ```bash curl -X PUT http://localhost:8888/api/v2/simulation \ -H "Content-Type: application/json" \ -d '{ "data": { "pairs": [{ "request": {"path": [{"matcher": "glob", "value": "*"}]}, "response": {"status": 200, "body": "ok", "postServeAction": "leak"} }], "globalActions": {"delays": [], "delaysLogNormal": []} }, "meta": {"schemaVersion": "v5.2"} }' ``` **Step 4: Flood with requests** ```bash # Each request spawns an immortal goroutine for i in $(seq 1 10000); do curl -s -x http://localhost:8500 "http://target.com/req${i}" & # Throttle to avoid local FD exhaustion [ $((i % 100)) -eq 0 ] && wait done ``` **Verified memory impact on Hoverfly v1.12.7:** ``` Memory before: 20,064 KB Memory after 50 requests: 23,376 KB Memory increase: 3,312 KB (66 KB per goroutine) ``` At this rate: - 1,000 requests = ~64 MB leaked - 10,000 requests = ~640 MB leaked - 100,000 requests = ~6.4 GB leaked → OOM crash ### Impact: An attacker with access to the admin API (unauthenticated by default) can cause a complete denial of service by: 1. Registering a remote post-serve action pointing to a non-responsive endpoint. 2. Loading a catch-all simulation that triggers the action on every request. 3. Sending proxy traffic, each request permanently leaks a goroutine and its associated memory.

Apple Denial Of Service
NVD GitHub
CVSS 3.1
6.5
CVE-2026-58535 MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2026-58533 MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2026-56168 MEDIUM PATCH Exploit Unlikely This Month

Null pointer dereference in Windows SMB Server allows an authorized attacker to deny service over a network.

Microsoft Denial Of Service Null Pointer Dereference Windows 10 Version 21H2 Windows 10 Version 22H2 +6
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2026-55054 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2026-54126 MEDIUM PATCH This Month

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +14
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2026-50504 MEDIUM PATCH Exploit Unlikely This Month

Buffer over-read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +14
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2026-50445 MEDIUM PATCH Exploit Unlikely This Month

Buffer over-read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2026-50376 MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2026-50366 MEDIUM PATCH This Month

Null pointer dereference in Active Directory Domain Services allows an authorized attacker to deny service over a network.

Denial Of Service Null Pointer Dereference Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2026-57979 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +14
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2026-57976 MEDIUM PATCH Exploit Unlikely This Month

Null pointer dereference in Windows Active Directory Domain Services (AD DS) enables a low-privileged authenticated attacker to crash the service remotely, causing denial of service across the affected domain. The flaw spans a wide range of Windows client and server releases, from Windows 10 version 1607 through Windows 11 version 26H1 and Windows Server 2012 through 2025. No public exploit code has been identified and this vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog at time of analysis, though the network-accessible attack surface and low privilege requirement lower the bar for abuse in environments with broad domain user access.

Denial Of Service Null Pointer Dereference Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2026-55003 MEDIUM PATCH This Month

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2026-49488 MEDIUM PATCH This Month

Arbitrary file read in Apache OpenMeetings 5.0.0 through 9.0.x allows any room moderator to exfiltrate files accessible to the OS account running the server, including credentials and secrets, via a crafted download request to the WhiteBoard download service. The vulnerability stems from insufficient path validation in the WB download endpoint, enabling directory traversal outside the intended file scope. No active exploitation has been confirmed (not in CISA KEV), but the ability to read credential files makes this high-priority for any internet-exposed deployment where moderator access is not tightly controlled.

Path Traversal Apache Openmeetings
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2026-55126 MEDIUM PATCH Exploit Unlikely This Month

Stored/reflected cross-site scripting in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription Edition) lets an authenticated attacker inject script that executes in another user's browser session to spoof content over the network. Although Microsoft classifies the impact as 'spoofing,' the CVSS 3.1 vector rates confidentiality and integrity as High (C:H/I:H), indicating the injected script can access or alter sensitive session data. There is no public exploit identified at time of analysis, and a vendor patch is available.

Microsoft XSS Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019 Microsoft Sharepoint Server Subscription Edition
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2026-55030 MEDIUM PATCH This Month

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Microsoft XSS Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019 Microsoft Sharepoint Server Subscription Edition
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2026-55019 MEDIUM PATCH This Month

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Microsoft XSS Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019 Microsoft Sharepoint Server Subscription Edition
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2026-55135 MEDIUM PATCH Exploit Unlikely This Month

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Microsoft XSS Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019 Microsoft Sharepoint Server Subscription Edition
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2026-55020 MEDIUM PATCH This Month

Cross-site scripting in Microsoft SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition enables an authenticated attacker with low-privilege network access to inject malicious scripts into SharePoint pages, resulting in spoofing impacts when a victim user interacts with the crafted content. The CVSS vector (PR:L/UI:R) confirms exploitation requires both an existing authenticated account and victim interaction, constraining real-world risk relative to unauthenticated XSS variants. No public exploit identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog. Vendor patch is available via the Microsoft Security Response Center.

Microsoft XSS Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019 Microsoft Sharepoint Server Subscription Edition
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2026-55016 MEDIUM PATCH Exploit Unlikely This Month

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Microsoft XSS Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019 Microsoft Sharepoint Server Subscription Edition
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2026-56157 MEDIUM PATCH Exploit Unlikely This Month

Improper access control in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Authentication Bypass Microsoft Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019 Microsoft Sharepoint Server Subscription Edition
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2026-7640 MEDIUM This Month

Stored Cross-Site Scripting in WP Customer Area WordPress plugin (versions up to and including 8.3.5) allows authenticated attackers with Contributor-level access or above to persistently inject arbitrary JavaScript via the unsanitized 'type' attribute of the customer-area-protected-content shortcode. The injected payload executes in the browser of any user who visits the compromised page, enabling session hijacking, credential theft, or malicious redirects against site visitors. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis; however, the Contributor-level prerequisite is a low barrier in multi-author WordPress environments.

XSS WordPress Wp Customer Area
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2026-24259 MEDIUM This Month

NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critical function. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.

Authentication Bypass Nvidia RCE Information Disclosure Tensorrt Llm
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2026-24220 MEDIUM This Month

NVIDIA TensorRT-LLM for any platform contains a vulnerability in visual gen server, where an attacker could cause an unsafe deserialization by unauthorized zeroMQ deserialization. A successful exploit of this vulnerability might lead to code execution.

Nvidia RCE Deserialization Tensorrt Llm
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2026-4018 MEDIUM This Month

TOCTOU Race Condition in specific trace commands of the TraceEvent() system call could allow an attacker with local access and with the PROCMGR_AID_TRACE ability, to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel.

Information Disclosure Qnx Software Development Platform Qnx Os For Safety Qnx Os For Medical
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2026-57097 MEDIUM PATCH Exploit Unlikely This Month

Untrusted search path in Microsoft XML allows an unauthorized attacker to bypass a security feature with a physical attack.

Authentication Bypass Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2026-55000 MEDIUM PATCH Exploit Unlikely This Month

Privilege escalation via use-after-free in the Windows USB Print Driver affects Windows 11 (versions 24H2, 25H2, 26H1) and Windows Server 2025, requiring physical access to exploit. An attacker with hands-on access to a target machine can trigger a memory corruption condition through the USB print subsystem to achieve full local privilege escalation - High confidentiality, integrity, and availability impact per CVSS. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2026-62644 MEDIUM PATCH This Month

Username spoofing via session data in Roundcube Webmail's password plugin allows an authenticated attacker to manipulate session state so that the plugin operates on a victim's account rather than the attacker's own, enabling password changes on the target account and full account takeover. All 1.6.x versions prior to 1.6.17 and all 1.7.x versions prior to 1.7.2 are affected when the password plugin is enabled. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but the high integrity and confidentiality impact ratings reflect genuine account hijacking potential in shared hosting environments.

Authentication Bypass Webmail
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2026-11390 MEDIUM This Month

Stored Cross-Site Scripting in the News Kit Addons For Elementor WordPress plugin (versions ≤1.4.6) permits authenticated contributors to persistently inject arbitrary JavaScript into pages via the Site Logo Title and Single Author Box widgets by manipulating the elementor_ajax AJAX save request to bypass client-side tag-name restrictions. Every user who subsequently visits an injected page executes the attacker's script in their browser, enabling session hijacking, credential theft, or admin-level actions on their behalf. No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog; a vendor-released patch is available in version 1.4.7.

XSS WordPress News Kit Addons For Elementor
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2026-59246 MEDIUM PATCH This Month

Memory exhaustion in elixir-mint's HTTP/2 client library (mint) allows a malicious or attacker-controlled HTTP/2 server to crash any BEAM application using the library by streaming unbounded zero-length CONTINUATION frames that bypass the existing byte-size guard. Affected versions span mint 0.1.0 through 1.9.1; a vendor-released patch is confirmed in 1.9.2. No public exploit or CISA KEV listing exists at time of analysis, but the explicit SSRF and redirect attack vectors meaningfully increase realistic exposure for server-side Elixir applications that proxy user-supplied URLs.

SSRF Denial Of Service Mint
NVD GitHub
CVSS 4.0
6.3
EPSS
0.3%
CVE-2026-12606 MEDIUM PATCH This Month

HTTP request smuggling in Eclipse Grizzly before 5.0.2 stems from the framework's inability to correctly parse malformed trailer header lines in chunked HTTP requests, enabling CWE-444 boundary-confusion attacks. Remote unauthenticated attackers who can send crafted chunked requests through a front-end proxy to a GlassFish-backed server can cause the proxy and Grizzly to disagree on request boundaries, smuggling attacker-controlled content as the prefix of a subsequent legitimate user's request. No public exploit code and no CISA KEV listing have been identified at time of analysis, though the CVSS 4.0 AT:P condition signals that specific deployment prerequisites must be met.

Request Smuggling Information Disclosure Eclipse Glassfish
NVD VulDB
CVSS 4.0
6.3
EPSS
0.3%
CVE-2026-61520 MEDIUM PATCH This Month

Simple Machines Forum 2.1 prior to commit 4bf35cf and 3.0 prior to commit b4d23df contains a server-side request forgery vulnerability in the image proxy that allows authenticated attackers to trigger internal HTTP requests by embedding attacker-controlled URLs in BBCode image tags, which the proxy fetches without validating resolved destination IPs against private address ranges, loopback, or link-local addresses. Attackers can leverage SMF's automatic HMAC signature generation for any embedded image URL to obtain valid signed proxy requests targeting internal services such as cloud instance metadata endpoints, internal web applications, and container network services.

SSRF Smf
NVD GitHub
CVSS 4.0
6.3
EPSS
0.3%
CVE-2026-15757 MEDIUM Monitor

A security flaw was discovered in the NETGEAR DGND3700v1 that could allow someone on the same local WiFi network to send unauthorized commands to the device. This issue was identified through testing in a controlled research environment using a simulated version of the router's software and has not been confirmed on physical production devices.

Authentication Bypass Netgear Dgnd3700V1
NVD
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-15305 MEDIUM PATCH This Month

MIME type restriction bypass in TYPO3 CMS 14.2.0-14.3.5 allows unauthenticated attackers to upload files of arbitrary MIME types through forms configured with FileUpload or ImageUpload elements, circumventing the allowedMimeTypes restriction entirely. The flaw originates from a lifecycle ordering defect in the server-side form framework: MimeTypeValidator is registered before concrete form definition properties are applied, so it is absent from the validation pipeline at runtime. No public exploit code and no CISA KEV listing have been identified at time of analysis, but the network-accessible, zero-prerequisite-auth nature of the bypass elevates practical risk wherever affected forms are publicly exposed.

Information Disclosure
NVD GitHub
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-58543 MEDIUM PATCH Exploit Unlikely This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges with a physical attack.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2026-24226 MEDIUM This Month

NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.

Nvidia RCE Information Disclosure Tensorrt Llm
NVD
CVSS 3.1
6.3
EPSS
0.1%
Prev Page 2 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy