Skip to main content
CVE-2026-56742 MEDIUM PATCH This Month

Cross-namespace traffic mirroring in Cilium's Gateway API implementation allows authenticated Kubernetes users holding HTTPRoute create or update permissions to duplicate HTTP traffic to arbitrary Services in any namespace, bypassing the ReferenceGrant authorization mechanism intended to enforce cross-namespace access control. Affected branches are Cilium 1.17.x before 1.17.17, 1.18.x before 1.18.11, and 1.19.x before 1.19.5. No public exploit or active exploitation has been identified at time of analysis; the attack surface is significantly narrowed by Gateway API being disabled by default and exploitation requiring elevated Kubernetes RBAC permissions.

Authentication Bypass Cilium
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2026-54443 MEDIUM PATCH This Month

Stored XSS via unsanitized `javascript:` URI injection in the Dashy RSS Feed widget (src/components/Widgets/RssFeed.vue) affects all releases from 1.9.4 through 3.1.x, allowing an attacker who controls an RSS feed source configured in the dashboard to deliver a malicious anchor href that executes arbitrary JavaScript in the Dashy origin when a user clicks it. The attack requires both feed-source control and user interaction, and is confined to the Dashy application origin - meaning session tokens, cookies, or dashboard credentials are the primary targets. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV; a vendor-released patch is available in version 3.2.0.

XSS Dashy
NVD GitHub
CVSS 4.0
5.9
EPSS
0.2%
CVE-2026-61643 MEDIUM PATCH This Month

Authorization bypass in FastGPT's workflow engine allows any authenticated platform user to invoke another user's private HTTP toolsets by crafting a workflow node ID in the form http-<victim_toolset_app_id>/<tool_name>. Affected versions span 4.14.17 through pre-4.15.0-beta5; the normal toolset access routes enforce ownership, but the workflow save path and the /api/v2/chat/completions runtime endpoint omit the same check, enabling cross-tenant tool execution. No public exploit code or CISA KEV listing exists at time of analysis; the AC:H vector reflects that exploitation requires prior knowledge of a victim's toolset app ID.

Authentication Bypass Fastgpt
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2026-11851 MEDIUM This Month

SQL injection in the web management interface of multiple ASUS router models enables a remotely authenticated, high-privilege user to exfiltrate confidential information by sending crafted requests that bypass the router's existing input validation. The vulnerability is limited to read-only data disclosure (no integrity or availability impact) and requires prior administrative authentication, significantly constraining real-world exploitability. No public exploit code or CISA KEV listing has been identified at time of analysis; the CVSS 4.0 score of 5.9 reflects the high complexity and authentication prerequisites.

SQLi Router
NVD
CVSS 4.0
5.9
EPSS
0.3%
CVE-2026-62314 MEDIUM This Month

Challenge bypass in Anubis Web AI Firewall (versions 1.22.0 through pre-1.26.0-pre1) allows unauthenticated remote HTTP clients to circumvent bot-challenge enforcement by supplying a crafted X-Original-URI header. PathChecker.Check() in lib/policy/checker.go unconditionally trusted this client-controlled header over the actual request path, enabling any client to match default ALLOW rules (e.g., ^/\.well-known/.*$) and reach upstream resources without completing the Anubis challenge. No active exploitation confirmed (not in CISA KEV) and no public exploit code identified at time of analysis, but the bypass is trivially reproducible with a single HTTP header manipulation.

Authentication Bypass Anubis
NVD GitHub
CVSS 3.1
5.8
EPSS
0.3%
CVE-2026-47160 MEDIUM PATCH This Month

{domain}/icon.png endpoint, bypassing the server's address blocklist. The icon-fetching HTTP client in src/http_client.rs applied should_block_address() and post_resolve() checks only against standard dotted-decimal notation, leaving alternative encodings - such as 0x7f000001 or 2130706433 for 127.0.0.1 - fully unblocked. No public exploit has been identified at time of analysis, and the issue is fixed in version 1.36.0.

SSRF Vaultwarden
NVD GitHub VulDB
CVSS 3.1
5.8
EPSS
0.2%
CVE-2026-15030 MEDIUM This Month

Out-of-bounds memory read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager exposes kernel and firmware memory contents to local administrators via a crafted IOCTL request that bypasses the driver's length validation. The vulnerability (CWE-125) is constrained to AV:L/PR:H, meaning exploitation requires prior establishment of local administrator access on a system where the affected ASUS software is installed. No public exploit code or active exploitation has been confirmed at time of analysis; the ASUS Security Advisory documents the remediation path.

Buffer Overflow Information Disclosure System Control Interface V3 System Control Interface Business Manager
NVD VulDB
CVSS 4.0
5.6
EPSS
0.1%
CVE-2026-20146 MEDIUM This Month

Path traversal in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows a remote, authenticated attacker with administrative credentials to read or delete arbitrary files on the underlying operating system via crafted HTTP requests. Successful exploitation could expose sensitive configuration or credential files, or trigger destructive deletion of system files. No public exploit code and no CISA KEV listing have been identified at time of analysis, but the high confidentiality impact and the critical role ISE plays in enterprise network access control make this notable for environments running affected versions.

Path Traversal Cisco Cisco Identity Services Engine Software Cisco Ise Passive Identity Connector
NVD VulDB
CVSS 3.1
5.5
EPSS
0.5%
CVE-2026-62361 MEDIUM PATCH This Month

SQL injection in listmonk's subscriber export endpoint prior to version 6.2.0 allows a highly-privileged authenticated user to read arbitrary PostgreSQL database tables - including users and settings - and execute data-modifying CTEs. The GET /api/subscribers/export endpoint passed a user-controlled query parameter directly into QuerySubscribersForExport in internal/core/subscribers.go without invoking the validateQueryTables guard that the sibling GET /api/subscribers endpoint correctly applies, creating a bypass of the allowlist-based table restriction. Exploitation requires possession of both the subscribers:sql_query and subscribers:get_all permissions; no public exploit code has been identified at time of analysis.

SQLi PostgreSQL Listmonk
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-9007 MEDIUM This Month

Reflected cross-site scripting in HCL Notes 12.0.2FP5HF8 enables unauthenticated network attackers to inject and execute arbitrary JavaScript in the browser sessions of targeted users who interact with malicious links. The CVSS 4.0 vector (SC:H/SI:H/SA:H) signals high downstream impact on victim sessions - including potential session hijacking, credential theft, and unauthorized action execution within the Notes web environment. No public exploit code has been identified and this vulnerability is not listed in CISA KEV at time of analysis.

XSS Hcl Notes
NVD
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-40633 MEDIUM PATCH This Month

Local information disclosure in Dell PowerScale OneFS (9.5.0.0-9.10.1.7 and 9.11.0.0-9.13.0.2) arises from sensitive data being written to log files, allowing a low-privileged local user to read secrets they should not access. Dell reported the issue (advisory DSA-2026-261) with no public exploit identified at time of analysis. Exploitation requires existing local, authenticated access to the cluster, limiting reach to insiders or attackers who have already established a foothold.

Dell Information Disclosure Powerscale Onefs
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-62348 MEDIUM PATCH This Month

Privilege escalation in TDengine Enterprise (prior to 3.4.1.15) allows any authenticated low-privilege SQL user to abort active shared-storage migrations by issuing KILL SSMIGRATE commands that should be restricted to administrators. The MND_OPER_SSMIGRATE_DB privilege gate was inadvertently commented out in mndProcessKillSsMigrateReq, collapsing authorization enforcement entirely for this operation. No public exploit or active exploitation has been identified at time of analysis; a vendor-released patch is available in version 3.4.1.15.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-56743 MEDIUM PATCH This Month

Network policy bypass in Cilium 1.19.0-1.19.4 allows workloads inside a Kubernetes namespace to reach peers that CIDR-based ipBlock NetworkPolicies should block. The flaw surfaces exclusively when Cilium is deployed with a custom clusterName (any value other than the default 'any'): the network-policy parser in parseNetworkPolicyPeer erroneously instantiates an empty pod selector for selectorless ipBlock peers, which compiles into a wildcard namespace-allow rule instead of a pure CIDR rule. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

Authentication Bypass Kubernetes Cilium
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-62355 MEDIUM PATCH This Month

Improper privilege management in TDengine Cloud DB prior to 3.4.1.15 allows an authenticated Data Reader admin_user to execute `create udf` (user-defined function) commands that should be restricted to higher-privilege roles. While the same role is correctly denied `show dnodes` and `create user`, the UDF creation permission was left ungated, creating a privilege escalation path within the database engine. No public exploit code has been identified at time of analysis, and this CVE has not been added to the CISA KEV catalog.

Privilege Escalation
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-62353 MEDIUM PATCH This Month

Out-of-bounds read in TDengine's SQL tokenizer (versions prior to 3.4.1.14) allows an authenticated user with SQL query access to crash the database server and potentially leak one byte of adjacent heap memory. The flaw resides in tGetToken() within source/libs/parser/src/parTokenizer.c, triggered by submitting a SQL string literal ending in a bare backslash (e.g., 'abc\). No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

Buffer Overflow Information Disclosure
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-26032 MEDIUM This Month

Path traversal in Apache Ivy's PackagerResolver (versions 2.0.0 through 2.5.3) allows an attacker with write access to a packager repository to overwrite arbitrary files outside the configured buildRoot directory by embedding '../' sequences in module coordinates such as organisation, name, or revision. The overwrite occurs during the Ant-script-driven repackaging phase that PackagerResolver triggers on artifact download. No public exploit code has been identified at time of analysis, and the vendor has released version 2.6.0 as the fix, confirmed via the Apache Ant project site on July 14, 2026.

Apache Path Traversal Ivy
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2026-13230 MEDIUM PATCH This Month

Unauthenticated information disclosure in TP-Link Kasa EC70 v4 and EC71 v4 exposes sensitive geolocation data to any attacker on the same local network segment. The flaw resides in the devices' local discovery mechanism, which returns geolocation-related information in response to crafted network probes without requiring any credentials. Impact is limited to confidentiality; no integrity or availability compromise is possible through this vector. No public exploit exists and no active exploitation has been confirmed.

TP-Link Information Disclosure Kasa Ec71 V4 Kasa Ec70 V4
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-38974 MEDIUM This Month

Missing SSH host key verification in Dulwich's paramiko vendor module exposes SSH connections to man-in-the-middle interception. The contrib/paramiko_vendor.py module used paramiko's MissingHostKeyPolicy, which silently accepts any server host key without checking it against known_hosts, allowing a network-positioned attacker to impersonate a legitimate SSH Git server. No public exploit has been identified at time of analysis and EPSS sits at 0.14% (4th percentile), but the attack is conceptually straightforward for any attacker with network access between client and server.

Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-20298 MEDIUM PATCH This Month

Credential hash exposure in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users - those without the 'admin' or 'power' roles - to retrieve stored credential hashes by issuing the `|rest` SPL command against the `/servicesNS/-/-/storage/passwords` endpoint, which incorrectly returns the `encr_password` field. Affected are Splunk Enterprise branches below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and multiple Splunk Cloud Platform versions. No public exploit has been identified at time of analysis and this CVE is not in CISA KEV, but the real-world impact is significant wherever Splunk stores credentials for external services such as databases, APIs, or cloud accounts.

Splunk Information Disclosure Splunk Enterprise Splunk Cloud Platform
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-60062 MEDIUM PATCH This Month

Path traversal in F5 NGINX Agent via the config_dirs directive enables a remotely authenticated low-privileged attacker to read and write files outside of the directories designated as secure in the agent's configuration. The config_dirs directive can be set directly in the NGINX Agent configuration or through NGINX Instance Manager, expanding the attack surface across both products. No public exploit code or active exploitation has been identified at time of analysis, and a vendor patch is available per F5 advisory K000161971.

Nginx Path Traversal Nginx Agent Nginx Instance Manager
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-46459 MEDIUM PATCH This Month

Missing authorization on device receiver endpoints in ICU Scandinavia Boomerang exposes facility and quality-assurance installations to unauthenticated read and write access over adjacent networks. Any attacker with network adjacency can retrieve complete facility configurations and inject arbitrary data into the sensor database without supplying credentials, violating both confidentiality and integrity of operational sensor records. No public exploit has been identified at time of analysis, but CERT-PL's coordinated disclosure and a vendor-confirmed patch in version 2.4.18.029 indicate a concrete, addressable risk for organizations running unpatched deployments.

Authentication Bypass Boomerang
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2026-61457 MEDIUM PATCH This Month

Remote code execution in the Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 is achievable by authenticated API users holding the api.media.write permission via a double-extension file upload bypass. The HandlesMediaUploads::validateFileExtension() method uses PHP's pathinfo() to inspect only the final file extension, meaning a file named shell.php.jpg passes the dangerous-extension blocklist while retaining a .php segment that certain web server configurations will execute as PHP. No public exploit code or CISA KEV listing has been identified at time of analysis, but the technique is well-understood and exploitation is low-complexity once permission prerequisites are met.

File Upload PHP RCE Grav
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2026-56352 MEDIUM PATCH This Month

File path restriction bypass in n8n before 2.19.3 allows authenticated users with workflow creation or modification rights to circumvent the N8N_RESTRICT_FILE_ACCESS_TO security boundary via a legacy REST API code path, enabling arbitrary file existence disclosure on the host filesystem. Where a targeted path contains valid workflow JSON, that file can additionally be loaded and executed by the n8n engine, potentially triggering downstream actions on all systems connected to that workflow. No public exploit or active exploitation has been identified at time of analysis, but the low complexity and broad impact on connected downstream systems make this a meaningful risk in multi-tenant or partially-trusted deployments.

Path Traversal N8n
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-55399 MEDIUM PATCH This Month

Resource exhaustion in Absolute Security Secure Access publisher (versions prior to 14.55) enables authenticated remote attackers holding valid tunnel credentials to trigger a non-persistent denial of service against the publisher component. The CVSS 4.0 score of 5.1 (Medium) reflects the constrained impact: availability loss is limited and self-recovering, with no confidentiality or integrity exposure. No public exploit code and no CISA KEV listing identified at time of analysis.

Denial Of Service Secure Access
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2026-62294 MEDIUM PATCH This Month

Flameshot's 'Open With' feature prior to version 14.0.0 contains a TOCTOU (time-of-check to time-of-use) symlink-following race condition that allows a local unprivileged attacker on the same machine to overwrite arbitrary files writable by the victim user. By pre-planting a symlink at the predictable temporary file path before Flameshot writes the screenshot PNG, an attacker can redirect the write operation to any file within the victim's permissions - including configuration files, SSH keys, or application data. No public exploit identified at time of analysis, though the attack is straightforward given the deterministic path; the vendor-confirmed fix is available in v14.0.0.

Race Condition Information Disclosure Flameshot
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
CVE-2026-58556 MEDIUM This Month

Permission control failure in the Bluetooth module of Huawei HarmonyOS and EMUI exposes devices to local exploitation that can degrade Bluetooth service availability and leak limited data. The flaw, classified under CWE-264, allows a local process operating without elevated privileges to bypass Bluetooth permission enforcement, potentially disrupting connectivity or reading restricted information. No public exploit or CISA KEV listing exists at time of analysis, but Huawei has disclosed this via its July 2026 security bulletin.

Privilege Escalation Harmony Os Emui
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2026-58552 MEDIUM This Month

Out-of-bounds read in HarmonyOS's image codec module exposes partial memory contents to local attackers, affecting service confidentiality with a secondary availability impact. The CVSS vector (AV:L/PR:N) scopes exploitation to the local device - reachable by any installed application capable of submitting image data to the vulnerable codec - without requiring elevated privileges. No confirmed active exploitation (not listed in CISA KEV) and no public exploit code have been identified at time of analysis; Huawei has published remediation bulletins across four device categories in July 2026.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2026-58551 MEDIUM This Month

Out-of-bounds read in HarmonyOS's image codec module exposes limited memory content and may cause service instability, affecting confidentiality and availability at a low severity level. The flaw resides in image processing logic and is reachable by a local, unprivileged actor who can trigger image decoding - such as by supplying a crafted image file. No public exploit has been identified at time of analysis, and Huawei has disclosed patches via July 2026 security bulletins covering consumer devices, wearables, and laptops.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2026-61453 MEDIUM PATCH This Month

{{ page.content|raw }} filter. No public exploit or CISA KEV listing has been identified at time of analysis, but the bypass technique is explicitly documented in the vendor advisory.

XSS Grav
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2026-62947 MEDIUM PATCH This Month

Path traversal in OpenWrt's cgi-io cgi-download handler (prior to 25.12.5) allows an authenticated administrator to read arbitrary root-readable files - including /etc/shadow - by exploiting a TOCTOU-style authorization flaw where ACL checks occur before path canonicalization. The rpcd session.c ACL matcher uses fnmatch() without FNM_PATHNAME, meaning a wildcard-prefixed ACL entry (e.g., /etc/config/*) can be defeated by appending ../ sequences that pass the ACL check but resolve to an out-of-scope file when open() is called. No public exploit identified at time of analysis; vendor-released patch is available in v25.12.5.

Path Traversal Openwrt
NVD GitHub
CVSS 3.1
4.9
EPSS
0.4%
CVE-2026-61859 MEDIUM PATCH This Month

ImageMagick's `-script` operation bypasses the configured security policy file path restrictions in versions before 7.1.2-26 (7.x branch) and before 6.9.13-51 (6.9.13-x branch), enabling a local attacker with low privileges to read files from paths explicitly denied by the security policy. The CVSS 4.0 score of 4.8 reflects the local-only attack surface, low-privilege requirement, and confidentiality-only impact with no code execution possible. No public exploit code has been identified and this vulnerability is not confirmed actively exploited (CISA KEV).

Authentication Bypass Imagemagick
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-1563 MEDIUM This Month

Reflected cross-site scripting in Pega Platform (Pega Infinity) versions 8.1.0 through 25.1.2 allows a high-privileged attacker holding a developer role to inject malicious scripts into a user interface component, which execute in a victim's browser upon interaction. The CVSS 4.0 score of 4.8 (Medium) reflects meaningful constraints: exploitation requires both developer-level authentication and a victim's active interaction with a crafted link or payload. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

XSS Pega Infinity
NVD
CVSS 4.0
4.8
EPSS
0.3%
CVE-2026-59838 MEDIUM This Month

Stored or reflected cross-site scripting in Fortinet FortiSIEM's web interface enables a high-privileged authenticated attacker to inject malicious script tags that execute in the browsers of other users who view the affected page. The vulnerability spans a wide version range from FortiSIEM 6.4 through 7.4.0, affecting all deployments of this enterprise SIEM platform. No active exploitation has been confirmed by CISA KEV, and no public exploit code is identified at time of analysis; the PR:H requirement meaningfully constrains real-world attacker opportunity despite the scope change to the victim's browser context.

Fortinet XSS Fortisiem
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2026-58557 MEDIUM This Month

Design defect in HarmonyOS's 'Expedition mode' allows a high-privileged local attacker, with user interaction, to cause significant availability disruption and minor integrity impact. Reported by Huawei in its July 2026 security bulletin, the vulnerability carries a CVSS 3.1 base score of 4.8, reflecting constrained exploitability due to local access, high privilege, and required user interaction. No public exploit code has been identified, and the flaw does not appear in the CISA KEV catalog. Notably, the 'Information Disclosure' tag associated with this CVE is inconsistent with the CVSS confidentiality metric of C:N - this discrepancy should be verified against the vendor advisory.

Information Disclosure Harmonyos
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2026-56375 MEDIUM PATCH This Month

Memory exhaustion denial of service in ImageMagick through 7.1.2-18 arises from the ASHLAR coder failing to release a temporary image object when an internal action fails, allowing an attacker who can supply malicious ASHLAR files to a processing pipeline to cumulatively exhaust process memory. The CVSS 4.0 vector (AV:L/UI:P) confirms this is a local-vector attack requiring passive user or pipeline interaction to process the crafted file, not a remote unauthenticated scenario. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV; confirmed fixed versions exist for Magick.NET NuGet packages at 14.11.1.

Denial Of Service Imagemagick
NVD GitHub
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-58196 LOW POC PATCH GHSA Monitor

Server-Side Request Forgery in ToolHive's host-side authentication discovery flow allows a malicious or compromised remote MCP server to force the ToolHive host process to issue arbitrary internal HTTP GET requests with redirect following and no address filtering, bypassing the container isolation that ToolHive is architecturally designed to enforce. Affected versions include all releases through v0.29.3 (commit b672d82f confirmed 2026-06-14); the fix is available in v0.31.0. A publicly reproducible proof-of-concept with recording exists demonstrating retrieval of cloud instance metadata via AWS IMDSv1 redirect; no CISA KEV listing is present, but the exploit is fully operationalized without special infrastructure on any deployment with IMDSv1 enabled.

SSRF
NVD GitHub
CVSS 3.1
4.7
CVE-2026-1562 MEDIUM This Month

Stored cross-site scripting in Pega Platform (Pega Infinity) versions 8.1.0 through 25.1.2 allows a high-privileged developer-role user to inject persistent malicious scripts into a UI component, which execute in the browser context of other users who interact with the affected interface. The CVSS 4.0 score of 4.6 (Medium) reflects the constrained impact - limited confidentiality and integrity exposure with no availability impact - consistent with the PR:H and UI:A prerequisites that substantially reduce real-world risk. No public exploit code and no CISA KEV listing have been identified at time of analysis.

XSS Pega Infinity
NVD
CVSS 4.0
4.6
EPSS
0.3%
CVE-2026-54495 MEDIUM GHSA This Month

{NAMESPACE}/{NAME} cross-namespace annotation syntax are both intentional design choices; this vulnerability represents an unimplemented security feature rather than a coding bug, and is categorized as CWE-668. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV; however, multi-tenant Kubernetes clusters relying on namespace isolation as a trust boundary are the exclusive impact surface.

Kubernetes Information Disclosure
NVD GitHub
CVSS 3.1
4.3
CVE-2026-54492 MEDIUM POC PATCH GHSA This Month

Authenticated blind SSRF in Koel v9.6.0 allows any logged-in user to trigger server-side HTTP requests to private, loopback, and RFC1918 destinations by exploiting a missing SafeUrl validation guard on the Subsonic-compatible createPodcastChannel.view route. The main podcast API correctly rejects private URLs with a 422 error, but the Subsonic compatibility layer omits the same SafeUrl rule, and the attacker-supplied URL is fetched synchronously during channel creation via Poddle::fromUrl() - no separate step required. No public exploit identified at time of analysis per KEV status, but a fully documented public PoC with step-by-step curl commands is available in GHSA-w79m-f3jx-779v, validated against the official phanan/koel:9.6.0 Docker image.

Docker SSRF PHP
NVD GitHub
CVSS 3.1
4.3
CVE-2026-58553 MEDIUM This Month

Out-of-bounds read in HarmonyOS's image codec module allows a local attacker to cause service availability disruption, with the vendor description also noting potential confidentiality impact - a discrepancy with the CVSS C:N metric that warrants attention. All versions of Huawei HarmonyOS across consumer devices, vision products, wearables, and laptops are identified as affected per the July 2026 Huawei Security Bulletin. No public exploit code has been identified at time of analysis, and the medium CVSS score of 4.0 with a local attack vector limits real-world exploitation to scenarios with physical or local access to the target device.

Buffer Overflow Harmonyos
NVD VulDB
CVSS 3.1
4.0
EPSS
0.1%
CVE-2026-58550 MEDIUM This Month

Out-of-bounds read in HarmonyOS's image codec module can be triggered locally, with potential impact to service confidentiality and availability. Huawei disclosed this via its July 2026 security bulletin family covering consumer devices, vision products, wearables, and laptops - indicating broad exposure across the HarmonyOS device ecosystem. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA's KEV catalog.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2026-58549 MEDIUM This Month

Out-of-bounds read in the HarmonyOS image codec module allows a local unprivileged user to disrupt service availability on affected Huawei devices. Huawei's own bulletin language references potential confidentiality impact, but the NVD CVSS vector assigns C:N and A:L only - a discrepancy that warrants attention. No public exploit code and no CISA KEV listing have been identified at time of analysis, keeping real-world risk low despite the wide device footprint across Huawei phones, wearables, and laptops.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2026-62683 LOW PATCH Monitor

File Browser prior to 2.63.17 retains stale public directory share records after a shared directory is deleted via a trailing-slash path, because the Bolt storage backend queries for shares using the unnormalized path before trimming the slash - causing the exact-match share record (stored as '/a') to be missed by a query against '/a/'. If the directory is subsequently recreated at the same path, any holder of the original share URL immediately gains unauthorized read access to the new directory contents. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Authentication Bypass Filebrowser
NVD GitHub
CVSS 3.1
3.1
EPSS
0.2%
CVE-2026-40958 LOW PATCH Monitor

Non-persistent denial-of-service affecting Absolute Secure Access clients prior to version 14.55 can be triggered by an attacker who possesses intimate knowledge of and total control over the underlying tunnel protocol, yielding low availability impact limited to the client process. The CVSS 4.0 score of 2.3 reflects the highly constrained exploitation requirements captured by AT:P and UI:P - this is not opportunistic exploitation but a targeted, condition-heavy attack against a specific client. No active exploitation has been identified, no public exploit code exists, and the DoS is explicitly described as non-persistent, meaning the client recovers without lasting damage.

Information Disclosure Secure Access
NVD VulDB
CVSS 4.0
2.3
EPSS
0.2%
CVE-2026-15921 LOW PATCH Monitor

Path traversal in nvm versions 0.32.1 through 0.40.5 allows a hostile Node.js mirror to overwrite arbitrary files in the victim's home directory, including shell startup files, leading to code execution on the next shell session. The vulnerability exists in `nvm ls-remote`, `nvm install --lts`, and any other nvm command that refreshes remote LTS aliases by fetching and parsing a mirror's `index.tab` - the LTS codename field is used as an alias filename without sanitization, permitting sequences like `../../../.bashrc` to escape `$NVM_DIR/alias`. No public exploit identified at time of analysis, but a working proof-of-concept is embedded in the upstream test suite added in the fix commit.

Node.js Path Traversal RCE Nvm
NVD GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-40955 LOW PATCH Monitor

Integer underflow in the traffic parsing function of Absolute Security Secure Access clients prior to version 14.55 enables a non-persistent denial-of-service condition against the client application. Exploitation demands the attacker possess intimate knowledge of the proprietary tunnel protocol AND maintain total control over that tunnel - an exceptionally high bar that drastically limits realistic attacker population. The impact is restricted to temporarily disrupting the Secure Access client on the victim endpoint; the service recovers without persistent damage. No public exploit code exists and this vulnerability is not listed in CISA KEV.

Information Disclosure Secure Access Integer Overflow
NVD VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-40954 LOW PATCH Monitor

Integer underflow in Absolute Security's Secure Access client prior to version 14.55 allows an attacker with full control over the tunnel protocol to cause a non-persistent denial of service against the client. The exploitation bar is extremely high - the attacker must possess both intimate knowledge of the proprietary tunnel protocol and total control over the communication channel. No public exploit code exists and this vulnerability is not listed in CISA KEV; the vendor-reported CVSS 4.0 score of 2.1 reflects the negligible real-world risk.

Information Disclosure Secure Access Integer Overflow
NVD VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-40956 LOW PATCH Monitor

Memory disclosure in Absolute Security Secure Access client (versions prior to 14.55) permits a small, indeterminate amount of process memory to leak to an adversary who has already achieved full control over the tunnel protocol. The CVSS 4.0 score of 2.1 accurately reflects the narrow real-world impact: an attacker must simultaneously possess intimate protocol knowledge and the ability to manipulate tunnel communications end-to-end, a prerequisite that dramatically limits the exploitable population. No public exploit code exists and the vulnerability does not appear in the CISA KEV catalog, reinforcing its low operational priority for most enterprises.

Information Disclosure Secure Access
NVD VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-61863 LOW PATCH Monitor

ImageMagick's TIFF encoder leaks a small quantity of memory when a temporary file cannot be created during encoding operations, affecting versions 7.x before 7.1.2-26 and 6.x before 6.9.13-51. The CVSS 4.0 score of 2.1 and vector (AV:L/AC:H/AT:P) place this firmly in minimal-severity territory: exploitation is local, requires high complexity, and depends on a platform-specific precondition. No public exploit has been identified, the flaw is not listed in CISA KEV, and the described impact is limited to a small, incremental availability reduction with no confidentiality or integrity consequences.

Information Disclosure Imagemagick
NVD GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-61869 LOW PATCH Monitor

Memory leak in ImageMagick's MIFF encoder (CWE-401) affects the 7.x branch before 7.1.2-26 and the 6.x branch before 6.9.13-51, enabling denial of service through resource exhaustion. When a memory allocation fails during MIFF image encoding, previously allocated buffers are not released, causing memory to accumulate across repeated processing calls. The CVSS 4.0 score of 2.1 and a local attack vector (AV:L) with high complexity (AC:H) and specific prerequisites (AT:P) signal a low-priority finding with no public exploit and no CISA KEV listing.

Denial Of Service Imagemagick
NVD GitHub
CVSS 4.0
2.1
EPSS
0.1%
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy