Skip to main content

Suse

9341 CVEs vendor

Monthly

CVE-2026-23257 MEDIUM PATCH This Month

A memory leak vulnerability exists in the Linux kernel's liquidio network driver within the setup_nic_devices() function, where an off-by-one error in the cleanup loop causes failure to deallocate the last successfully allocated device during error handling. The vulnerability affects Linux kernel versions across multiple stable branches (as evidenced by patches in 4.9, 4.14, 4.19, 5.4, 5.10, 5.15, and 5.16 stable trees per the kernel.org references). While this is a local denial-of-service vector through memory exhaustion rather than a direct code execution path, it could be leveraged by unprivileged users to degrade system stability over time.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23256 MEDIUM PATCH This Month

This vulnerability is an off-by-one error in the Linux kernel's liquidio driver that causes a memory leak during virtual function (VF) setup failure cleanup. The vulnerability affects the Linux kernel across all versions where the liquidio net driver is compiled, as identified through the affected CPE (cpe:2.3:a:linux:linux). While this is a memory leak rather than a direct code execution vulnerability, it can be exploited to exhaust kernel memory resources, leading to denial of service.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23254 MEDIUM PATCH This Month

A vulnerability in the Linux kernel's Generic Receive Offload (GRO) implementation for UDP traffic causes incorrect network offset calculations when processing encapsulated packets. The flaw affects all Linux kernel versions where the GRO subsystem handles UDP encapsulation, as specified in the CPE cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*. When hardware NICs, the tun driver, or veth setups inject packets with the encapsulation flag set, the udp4_gro_complete() function incorrectly computes the outer UDP header pseudo checksum using the inner network offset, leading to checksum validation failures that can disrupt packet processing and potentially cause denial of service or packet drops. No active exploitation has been reported in the wild, and no public proof-of-concept code is known to exist, though the vulnerability is triggered through normal network operations involving UDP-encapsulated traffic.

Linux Code Injection Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71270 MEDIUM PATCH This Month

This vulnerability is a missing exception fixup handler in the LoongArch architecture's BPF JIT compiler that fails to properly recover from memory access exceptions (ADEM) triggered by BPF_PROBE_MEM* instructions. The Linux kernel on LoongArch systems (CPE: cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*) is affected, potentially allowing information disclosure or denial of service when BPF programs attempt to safely probe memory locations. This is not actively exploited (no KEV status), but patches are available across multiple stable kernel branches.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71269 MEDIUM PATCH This Month

A resource management vulnerability exists in the Linux kernel's Btrfs filesystem implementation where qgroup data reservations are incorrectly freed when an inline extent creation fails due to -ENOSPC (no space available). This causes the kernel to prematurely release qgroup quota accounting for data that will actually be used when the operation falls back to the normal copy-on-write path, potentially leading to qgroup quota inconsistencies and information disclosure about quota state. All Linux distributions using Btrfs with qgroup quota tracking enabled are affected. While no CVSS score or EPSS risk score has been assigned, the vulnerability has stable patches available in the Linux kernel repository.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71268 MEDIUM PATCH This Month

A resource leak vulnerability exists in the Linux kernel's btrfs filesystem implementation where reserved qgroup data fails to be freed in error paths during inline extent insertion operations. This affects all Linux versions with vulnerable btrfs code, and allows local attackers with filesystem write access to exhaust kernel memory resources through repeated failed inline extent insertions, potentially causing denial of service. No active exploitation in the wild has been reported, but kernel memory exhaustion vulnerabilities are routinely targeted by local privilege escalation chains.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-32937 Go HIGH PATCH This Week

Out-of-bounds slice access in the Free5GC CHF nchf-convergedcharging service allows authenticated attackers to trigger server-side panics via malformed PUT requests to the recharge endpoint, causing denial of service and log flooding. An attacker with valid authentication credentials can repeatedly exploit this vulnerability to degrade recharge functionality and disrupt service availability. A patch is available to remediate this high-severity vulnerability.

Buffer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-33151 npm HIGH PATCH This Week

A specially crafted Socket.IO packet can cause the server to allocate unbounded memory by waiting for and buffering a large number of binary attachments, leading to denial of service through memory exhaustion. The vulnerability affects socket.io-parser versions across multiple major releases (v2.x, v3.x, and v4.x) used by Socket.IO server and client implementations. No EPSS score or KEV listing is available, but patches have been released by the vendor.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-33132 Go MEDIUM PATCH This Month

Zitadel's OAuth2/OIDC implementation contains an authentication bypass vulnerability (CWE-863: Improper Authorization) that allows unauthenticated attackers to circumvent organization enforcement controls during login. Affected versions 3.0.0-3.4.8 and 4.0.0-4.12.2 fail to validate organization membership scopes in device authorization flows and all Login V2/OIDC API V2 endpoints, enabling attackers to authenticate with users from unauthorized organizations. While the CVSS score of 5.3 indicates low-to-moderate severity with confidentiality impact only, the attack requires no privileges or user interaction and operates over the network, making it a practical concern for multi-tenant deployments.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-23252 MEDIUM PATCH This Month

A memory allocation failure vulnerability exists in the Linux kernel's XFS filesystem checking code where the xchk_xfile_*_descr macros call kasprintf with formatted strings that can exceed safe allocation limits, leading to potential denial of service or information disclosure. This affects Linux kernel versions 6.6 through 6.14 and later releases including 6.18.16, 6.19.6, and 7.0-rc1, with the vulnerability discoverable through syzbot fuzzing by researcher Jiaming Zhang. While no active exploitation has been confirmed, the issue represents a path to failure in a core filesystem validation component that could be triggered by malicious or malformed filesystem structures.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23251 MEDIUM PATCH This Month

This vulnerability in the Linux kernel's XFS filesystem code involves improper pointer validation in xfarray and xfblob destructor functions, where the destructors can be called with invalid (dangling) pointers if the pointer is not properly nulled after deallocation. The vulnerability affects Linux kernel versions 6.9 through 6.10 and later patch versions, potentially allowing information disclosure or system instability. While no CVSS score or exploitation data is publicly available, the fix was backported across multiple kernel versions (6.12.75, 6.18.16, 6.19.6, 7.0-rc1) indicating recognition of the issue's significance across the kernel maintenance community.

Linux Null Pointer Dereference Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23250 MEDIUM PATCH This Month

A null pointer dereference vulnerability exists in the XFS filesystem checker (xchk_scrub_create_subord) in the Linux kernel, where the function returns a mangled ENOMEM error instead of NULL, and callers fail to properly validate the return value. This affects Linux kernel versions 6.2 through 6.10 and later stable branches, potentially allowing a local attacker with filesystem access to trigger a denial of service condition through unhandled memory allocation failures during XFS filesystem integrity checks.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23249 MEDIUM PATCH This Month

A null pointer dereference vulnerability exists in the Linux kernel's XFS filesystem repair code when revalidating B-tree structures during fsck operations. The vulnerability affects Linux kernel versions across multiple release branches (6.8, 6.12.75, 6.18.16, 6.19.6, and 7.0-rc1) when the xfs_scrub utility attempts to repair both the free space B-tree (bnobt) and count B-tree (cntbt) simultaneously. An authenticated attacker with fsck/scrub privileges can trigger a kernel crash (denial of service) by injecting corruption markers via XFS_IOC_ERROR_INJECTION ioctl, causing the kernel to crash when the second B-tree revalidation is attempted after the first one fails and nullifies a required cursor.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-33081 Go MEDIUM PATCH This Month

PinchTab contains a Server-Side Request Forgery (SSRF) vulnerability in its /download endpoint that allows unauthenticated attackers to bypass URL validation and cause the embedded Chromium browser to make requests to internal network services. The vulnerability affects PinchTab versions 0.7.x and 0.8.x when the security.allowDownload setting is enabled (disabled by default), and exploits a validation gap where only the initial user-supplied URL is checked while subsequent browser-initiated requests (redirects, JavaScript navigations, resource fetches) bypass this protection entirely. Although the attacker cannot receive response bodies from internal services (blind SSRF), they can trigger state-changing endpoints on localhost or private network addresses reachable from the PinchTab host, with a proof-of-concept publicly available demonstrating counter increments on internal services.

Google Python SSRF Chrome Suse
NVD GitHub VulDB
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-33123 PyPI MEDIUM PATCH This Month

A Denial of Service vulnerability exists in pypdf (Python PDF library) where an attacker can craft a malicious PDF file that causes excessive runtime and memory consumption by exploiting improper handling of array-based streams with large numbers of entries. All versions of pypdf prior to 6.9.1 are affected. An attacker can remotely trigger resource exhaustion on any system processing untrusted PDF files with this library, potentially causing application crashes or service unavailability.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33067 Go CRITICAL PATCH Act Now

SiYuan's Bazaar marketplace fails to sanitize package metadata (displayName, description) before rendering in the Electron desktop application, allowing stored XSS that escalates to arbitrary remote code execution. Any SiYuan user (versions ≤3.5.9) who browses the Bazaar will automatically execute attacker-controlled code with full OS-level privileges when a malicious package card renders-no installation or user interaction required. A functional proof-of-concept exists demonstrating command execution via img onerror handlers, and this vulnerability is actively tracked in GitHub's advisory database (GHSA-mvpm-v6q4-m2pf), making it a critical supply-chain risk to the SiYuan user community.

Command Injection Apple Microsoft XSS RCE +4
NVD GitHub VulDB
CVSS 3.1
9.0
EPSS
0.4%
CVE-2026-33066 Go CRITICAL PATCH Act Now

SiYuan's Bazaar (community package marketplace) fails to sanitize HTML in package README files during rendering, allowing stored XSS that escalates to remote code execution due to unsafe Electron configuration. An attacker can submit a malicious package with embedded JavaScript in the README that executes with full Node.js access when any user views the package details in the Bazaar. This affects SiYuan versions 3.5.9 and earlier across Windows, macOS, and Linux, with a CVSS score of 9.6 and multiple real-world exploitation vectors including data theft, reverse shells, and persistent backdoors.

Apple Microsoft XSS RCE Information Disclosure +4
NVD GitHub VulDB
CVSS 3.1
9.0
EPSS
0.5%
CVE-2026-32811 Go HIGH PATCH This Week

Heimdall, an authorization decision API for Envoy proxy, contains a path traversal bypass vulnerability when used in gRPC decision API mode. Attackers can bypass non-wildcard path expression rules by appending query parameters to URLs, which causes incorrect URL encoding that prevents rule matching. A proof-of-concept is publicly available demonstrating the bypass, though exploitation requires heimdall to be configured with an insecure 'allow all' default rule (which is blocked by secure defaults since v0.16.0 unless explicitly disabled).

Docker Authentication Bypass Suse
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-32694 Go MEDIUM PATCH This Month

A predictable secret identifier (XID) vulnerability in Juju versions 3.0.0 through 3.6.18 allows a malicious grantee to enumerate and predict previously granted secrets owned by the same administrator, enabling unauthorized access to resources intended for other applications. An attacker with high privileges and control over at least one deployed application can exploit this to obtain credentials or configuration data from past secret grants, resulting in information disclosure and potential privilege escalation. While the CVSS score is moderate at 6.6 and exploitation requires specific configuration and high privileges, the fundamental weakness in secret ownership verification represents a significant trust boundary violation in Juju's secret management architecture.

Information Disclosure Debian Juju Suse
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-32693 Go HIGH PATCH This Week

An authorization bypass vulnerability in Canonical's Juju versions 3.0.0 through 3.6.18 allows authenticated users with grantee privileges to incorrectly update secret content beyond their intended permissions, potentially accessing or modifying other secrets. The vulnerability (CWE-863: Incorrect Authorization) has a CVSS score of 8.8, indicating high severity with network-based exploitation requiring low attack complexity and low privileges. The flaw is particularly dangerous because even when exploitation attempts are logged as errors, the unauthorized secret updates still persist and become visible to both owners and grantees.

Authentication Bypass Debian Juju Suse
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-32692 Go HIGH PATCH This Week

An authorization bypass vulnerability exists in the Vault secrets back-end implementation of Canonical's Juju orchestration tool, allowing authenticated unit agents to perform unauthorized updates to secret revisions beyond their intended scope. Juju versions 3.1.6 through 3.6.18 are affected, and attackers with sufficient information can poison any existing secret revision within the Vault secret back-end scope. With a CVSS score of 7.6 (High severity) featuring network attack vector, low complexity, and high integrity impact, this represents a significant security concern for Juju deployments using Vault as their secrets back-end, though no active exploitation (KEV) status or EPSS score was provided in available data.

Hashicorp Authentication Bypass Debian Juju Suse
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-32691 Go MEDIUM PATCH This Month

Juju 3.0.0 through 3.6.18 contains a race condition in secrets management that allows authenticated unit agents to intercept and claim ownership of newly created secrets due to a timing window between secret ID generation and revision creation. An attacker with valid unit agent credentials can exploit this to read the initial content of secrets intended for other units. The vulnerability requires local authentication and manual interaction but results in high-impact confidentiality disclosure with no available patch.

Information Disclosure Debian Juju Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-23246 HIGH PATCH This Week

A stack out-of-bounds write vulnerability exists in the Linux kernel's mac80211 WiFi subsystem in the ieee80211_ml_reconfiguration function, where the link_id parameter extracted from the ML Reconfiguration element is not properly bounds-checked before being used as an array index. The vulnerability affects Linux kernel versions across multiple release branches (6.5 through 7.0-rc2), allowing an attacker with network proximity to craft a malicious WiFi frame to trigger a buffer overflow and potentially cause denial of service or code execution. While no CVSS score or EPSS data is currently published, the vulnerability has been assigned EUVD-2026-12809 and patches are available across stable kernel branches.

Linux Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-23244 HIGH PATCH This Week

A memory allocation vulnerability exists in the Linux kernel's NVMe Persistent Reservation implementation where the nvme_pr_read_keys() function fails to properly handle large num_keys values passed from userspace, resulting in excessive memory allocation attempts up to 4MB that trigger page allocator warnings and potential denial of service. This affects Linux kernel versions across multiple stable branches (6.5, 6.12.77, 6.18.17, 6.19.7, and 7.0-rc3) and requires local access with ioctl privileges to trigger. The vulnerability is addressed through replacement of kzalloc() with kvzalloc() to support larger allocations via vmalloc fallback, and patches are available across multiple kernel stable branches.

Linux Information Disclosure Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-20643 MEDIUM PATCH NEWS This Month

A denial of service vulnerability in A cross-origin (CVSS 5.4). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Apple macOS iOS Red Hat +1
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-33022 Go MEDIUM PATCH This Month

A denial of service vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Denial Of Service Kubernetes Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33036 npm HIGH PATCH This Week

A bypass vulnerability in fast-xml-parser allows attackers to circumvent entity expansion limits through numeric character references (&#NNN;) and standard XML entities, causing denial of service via excessive memory allocation and CPU consumption. The vulnerability affects fast-xml-parser versions 5.x through 5.5.5, completely bypassing security controls added in the previous CVE-2026-26278 fix. A proof-of-concept demonstrates that even with strict limits configured (maxTotalExpansions=10), an attacker can inject 100,000+ numeric entities to consume hundreds of megabytes of memory.

Denial Of Service Node.js Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-32953 Go MEDIUM PATCH This Month

CVE-2026-32953 is a security vulnerability. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

RCE Suse
NVD GitHub VulDB
CVSS 4.0
4.7
EPSS
0.0%
CVE-2026-32700 Ruby MEDIUM PATCH This Month

Devise's Confirmable module with the reconfirmable option enabled contains a race condition that allows attackers to confirm email addresses they don't control by sending concurrent email change requests. By exploiting the desynchronization between the confirmation token and unconfirmed email fields, an attacker can redirect a victim's email confirmation to their own account. This affects all Devise applications using the default Confirmable configuration with email changes, and is patched in Devise v5.0.3.

Race Condition Information Disclosure Red Hat Suse
NVD VulDB GitHub
CVSS 4.0
6.0
EPSS
0.1%
CVE-2026-32636 NuGet MEDIUM PATCH This Month

The NewXMLTree method in affected products is vulnerable to a denial of service condition where an out-of-bounds write of a single zero byte can trigger an application crash. An unauthenticated remote attacker can exploit this memory corruption vulnerability without user interaction to cause service disruption. No patch is currently available for this issue.

Buffer Overflow Memory Corruption Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32254 Go HIGH PATCH This Week

The kube-router proxy module fails to validate Service externalIPs and LoadBalancer IPs against configured IP ranges, allowing namespace-scoped users to bind arbitrary VIPs on all cluster nodes and hijack traffic to critical services like kube-dns. This affects all kube-router v2.x versions including v2.7.1, primarily impacting multi-tenant clusters where untrusted users have Service creation permissions. A detailed proof-of-concept demonstrates single-command cluster DNS takedown and arbitrary VIP binding with traffic redirection to attacker-controlled pods, though EPSS scoring is not available for this recently disclosed vulnerability.

Kubernetes Denial Of Service Authentication Bypass Nginx Suse
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-23241 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: audit: add missing syscalls to read class The "at" variant of getxattr() and listxattr() are missing from the audit read class.

Linux Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71239 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2() to change attributes class fchmodat2(), introduced in version 6.6 is currently not in the change attribute class of audit.

Linux Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-32769 Go HIGH PATCH GHSA This Week

CVE-2026-32769 is a security vulnerability. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Kubernetes Authentication Bypass Suse
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-32805 Go HIGH PATCH This Week

Path traversal in the webserver's archive extraction function allows unauthenticated remote attackers to write files outside the intended directory by crafting malicious tar archives, due to incomplete path validation in the sanitizeArchivePath function. The vulnerability affects the download command's decompression functionality and could enable arbitrary file placement on the system. A patch is available.

Path Traversal Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-32771 Go HIGH PATCH GHSA This Week

Path traversal in the `extractor` CLI tool and `extract.DumpOTelCollector` library function allows attackers to write files outside the intended extraction directory by exploiting an incomplete path validation check in the `sanitizeArchivePath` function. A maliciously crafted tar archive can bypass the prefix check and place arbitrary files on the system when processed. A patch is available to address the missing trailing path separator validation.

Path Traversal Suse
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-32737 Go CRITICAL PATCH Act Now

CVE-2026-32737 is a security vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affected systems. Vendor patch is available.

Authentication Bypass Suse
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-32768 Go HIGH PATCH This Week

CVE-2026-32768 is a security vulnerability. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Kubernetes Authentication Bypass Suse
NVD GitHub VulDB
CVSS 4.0
7.9
EPSS
0.0%
CVE-2026-32758 Go MEDIUM PATCH This Month

Path traversal in the resourcePatchHandler allows authenticated users with Create or Rename permissions to bypass access control rules by injecting path traversal sequences (`..\`) into PATCH requests, since validation occurs before path normalization. An attacker can exploit this to copy or rename files to restricted directories that should be protected by administrator-configured deny rules. No patch is currently available.

Path Traversal Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-32767 Go CRITICAL PATCH Act Now

An authorization bypass vulnerability in SiYuan Note v3.6.0 and earlier allows any authenticated user, including those with read-only 'Reader' role privileges, to execute arbitrary SQL commands through the /api/search/fullTextSearchBlock endpoint when the method parameter is set to 2. This enables attackers to read, modify, or delete all data in the application's SQLite database, completely bypassing the application's role-based access controls. A detailed proof-of-concept demonstrates how Reader-role users can execute destructive SQL operations including dropping tables.

SQLi Docker Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-32760 Go CRITICAL POC PATCH Act Now

Unauthenticated attackers can register administrator accounts in Docker when self-registration is enabled and default user permissions include admin privileges, as the signup handler fails to strip admin permissions from self-registered accounts. Public exploit code exists for this vulnerability. No patch is currently available.

Privilege Escalation Docker Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26304 Go MEDIUM PATCH This Month

Mattermost versions 11.3.0 and 11.2.2 and earlier fail to properly validate the run_create permission when a playbook ID is empty, allowing authenticated team members to create unauthorized playbook runs through the API. This permission bypass could enable attackers with valid credentials to perform actions they should not be permitted to execute within the platform.

Authentication Bypass Mattermost Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-32751 Go CRITICAL PATCH Act Now

SiYuan's mobile file tree fails to sanitize notebook names in WebSocket rename events, allowing authenticated users to inject arbitrary HTML and JavaScript that executes in other clients' browsers. When combined with Electron's insecure configuration (nodeIntegration enabled, contextIsolation disabled), this stored XSS escalates to remote code execution with full Node.js privileges on affected desktop and mobile clients. The vulnerability affects users with notebook rename permissions across Docker, Node.js, Python, and Apple platforms.

Docker RCE XSS Node.js Command Injection +4
NVD GitHub VulDB
CVSS 3.1
9.0
EPSS
0.4%
CVE-2026-32750 Go MEDIUM PATCH This Month

SiYuan Note contains an unrestricted path traversal vulnerability in the POST /api/import/importStdMd endpoint that allows authenticated administrators to recursively import arbitrary files from the host filesystem into the workspace database without any validation or blocklisting. Affected versions of SiYuan (pkg:go/github.com_siyuan-note_siyuan) allow admin users to permanently store sensitive files such as /proc/, /etc/, /run/secrets/, and other system directories as searchable note content, making them accessible to other workspace users including those with limited privileges. A proof-of-concept has been published demonstrating import of /proc/1/ and /run/secrets/, and when chained with separate SQL injection vulnerabilities in the renderSprig template function, non-admin users can retrieve imported secrets without additional privileges.

Path Traversal SQLi Docker Suse
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-32749 Go HIGH PATCH This Week

Path traversal in Python and Docker import endpoints allows authenticated administrators to write files to arbitrary filesystem locations by injecting directory traversal sequences in multipart upload filenames, potentially enabling remote code execution through placement of malicious files in executable paths. The vulnerability affects the POST /api/import/importSY and POST /api/import/importZipMd endpoints which fail to sanitize user-supplied filenames before constructing file write paths. No patch is currently available.

Python Docker Path Traversal Suse
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-32747 Go MEDIUM PATCH This Month

Administrative users of Docker and PostgreSQL deployments can exploit an incomplete path validation in the `POST /api/file/globalCopyFiles` endpoint to copy sensitive files like container environment variables and Docker secrets from restricted locations (`/proc/`, `/run/secrets/`) into the workspace, where they become readable via standard file APIs. The vulnerability stems from reliance on a blocklist-based validation mechanism that fails to prevent access to these critical system paths. Since no patch is currently available, organizations should restrict administrative access to the affected API endpoint until an update is released.

Docker PostgreSQL Path Traversal Suse
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-32634 PyPI HIGH PATCH This Week

A credential disclosure vulnerability exists in Glances monitoring tool when running in Central Browser mode with autodiscovery enabled. The vulnerability allows attackers on the same local network to steal reusable authentication credentials by advertising fake Glances services via Zeroconf, as the application trusts untrusted service names for password lookups instead of using verified IP addresses. A working proof-of-concept is included in the advisory, and the issue has a CVSS score of 8.1 indicating high severity.

Python Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-32633 PyPI CRITICAL PATCH Act Now

The Glances system monitoring tool exposes reusable authentication credentials for downstream servers through an unauthenticated API endpoint when running in Central Browser mode without password protection. This vulnerability allows any network attacker to retrieve pbkdf2-hashed passwords that can be replayed to access protected Glances servers across an entire monitored fleet. A proof-of-concept is included in the advisory demonstrating credential extraction from the /api/4/serverslist endpoint.

Python Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-32632 PyPI MEDIUM PATCH This Month

The Glances system monitoring application accepts arbitrary HTTP Host headers on its REST API and WebUI endpoints, enabling DNS rebinding attacks that bypass browser same-origin policy and expose sensitive system data. While the MCP endpoint was recently hardened with host validation, the main FastAPI application for REST/WebUI/token routes lacks equivalent TrustedHostMiddleware protection, allowing attackers to rebind attacker-controlled domains to the victim's local Glances instance and read API responses as same-origin content. A proof-of-concept is code-validated through source inspection, and a patch is available in version 4.5.2 and later.

Python RCE Suse
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-32611 PyPI HIGH PATCH This Week

SQL injection in Python's Glances DuckDB export module allows unauthenticated remote attackers to execute arbitrary SQL commands by injecting malicious data through unparameterized table and column name interpolation in DDL statements. While INSERT values use parameterized queries, identifier names are directly embedded via f-strings, enabling attackers over the network to manipulate database structure and access sensitive monitoring data. A patch is available.

Python SQLi Suse
NVD GitHub VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-32610 PyPI HIGH PATCH This Week

A critical CORS misconfiguration in the Glances system monitoring tool's REST API allows any website to steal sensitive system information from users who visit a malicious page while having access to a Glances instance. The vulnerability affects all versions prior to 4.5.2 and enables cross-origin theft of system stats, configuration secrets, database passwords, API keys, and command-line arguments. A proof-of-concept is publicly available, though no active exploitation has been reported yet.

Python Information Disclosure Docker Cors Misconfiguration Suse
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-32609 PyPI HIGH PATCH This Week

A critical information disclosure vulnerability in Glances system monitoring tool allows unauthenticated remote attackers to access sensitive configuration data including password hashes, SNMP community strings, and authentication keys through unprotected API endpoints. The vulnerability affects Glances versions prior to 4.5.2 when running in web server mode without password protection (the default configuration), and a proof-of-concept demonstrating the attack is publicly available. While not currently in CISA's Known Exploited Vulnerabilities catalog, the issue has a high CVSS score of 7.5 due to the ease of exploitation and severity of exposed secrets.

Python Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-32608 PyPI HIGH PATCH This Week

Glances monitoring system allows local attackers with limited privileges to execute arbitrary commands by injecting shell metacharacters into process or container names, which bypass command sanitization in the action execution handler. The vulnerability affects the threshold alert system that dynamically executes administrator-configured shell commands populated with runtime monitoring data. An attacker controlling a process name or container name can manipulate command parsing to break out of intended command boundaries and inject malicious commands.

Privilege Escalation Nginx Python Command Injection Docker +1
NVD GitHub VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-32596 PyPI HIGH POC PATCH GHSA This Week

Glances web server exposes its REST API without authentication by default when started with the -w flag, allowing unauthenticated remote attackers to access sensitive system information including process details that may contain credentials such as passwords and API keys. The vulnerability affects Python and Docker deployments where Glances is exposed to untrusted networks due to the server binding to 0.0.0.0 with authentication disabled by default. A patch is available to address this configuration vulnerability.

Python Docker Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-28490 PyPI MEDIUM POC PATCH This Month

Authlib's implementation of the JWE RSA1_5 key management algorithm contains a padding oracle vulnerability that leaks decryption failures through timing and exception patterns, allowing attackers to decrypt sensitive data without the private key. The library disabled the constant-time protections provided by the underlying cryptography library and raises exceptions before tag validation completes, creating a reliable side-channel. Public exploit code exists for this vulnerability affecting Authlib users in Python and related Oracle products.

Oracle Python RCE Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-2455 Go MEDIUM PATCH This Month

Mattermost Server versions 11.3.0, 11.2.x through 11.2.2, and 10.11.x through 10.11.10 contain a server-side request forgery (SSRF) vulnerability due to improper validation of IPv4-mapped IPv6 addresses, allowing authenticated attackers to bypass reserved IP restrictions and access internal services. An attacker with login credentials can craft requests using IPv6 notation (such as [::ffff:127.0.0.1]) to reach localhost or other restricted internal endpoints that would normally be blocked. No patch is currently available for this vulnerability.

SSRF Mattermost Server Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24692 Go MEDIUM PATCH This Month

A remote code execution vulnerability (CVSS 4.3) that allows guest users without read permissions. Remediation should follow standard vulnerability management procedures.

Authentication Bypass Mattermost Server Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-21386 Go MEDIUM PATCH This Month

CVE-2026-21386 is a security vulnerability (CVSS 4.3) that allows an authenticated team member. Remediation should follow standard vulnerability management procedures.

Information Disclosure Mattermost Server Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-27448 PyPI MEDIUM PATCH This Month

CVE-2026-27448 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-25780 Go MEDIUM PATCH This Month

Mattermost versions 11.3.0, 11.2.2, and 10.11.10 and earlier lack proper memory bounds checking when processing DOC file uploads, enabling authenticated attackers to trigger server memory exhaustion and denial of service. An attacker with valid credentials can upload a specially crafted DOC file to exhaust available memory and crash the Mattermost server. This vulnerability currently lacks a patch and affects multiple active versions of the platform.

Denial Of Service Mattermost Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-4265 Go MEDIUM PATCH This Month

This vulnerability in Mattermost allows guest users to bypass team-specific file upload permissions through a cross-team file metadata reuse attack. Affected versions include Mattermost 11.3.0, 11.2.x up to 11.2.2, and 10.11.x up to 10.11.10. An authenticated guest user can upload a file in a team where they have upload_file permission, then reuse that file's metadata in POST requests to channels in different teams where they lack upload permission, resulting in unauthorized file posting with potential integrity impact.

Authentication Bypass Mattermost Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-25783 Go MEDIUM PATCH This Month

Mattermost fails to properly validate User-Agent header tokens in versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier, allowing authenticated attackers to trigger request panics through specially crafted User-Agent headers. This denial-of-service vulnerability affects availability but requires prior authentication and results in only low-severity impact. While the CVSS score of 4.3 reflects the low severity, the practical risk depends on whether the application is exposed to untrusted authenticated users and whether automatic exploitation tools are readily available.

Information Disclosure Mattermost Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-24458 Go HIGH PATCH This Week

Mattermost 10.11.x through 11.3.x fails to validate password length, allowing unauthenticated attackers to trigger denial of service by submitting multi-megabyte passwords during login attempts that consume excessive CPU and memory resources. The vulnerability affects all versions up to 10.11.10, 11.2.2, and 11.3.0, with no patch currently available.

Denial Of Service Mattermost Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-2578 Go MEDIUM PATCH This Month

Mattermost versions 11.3.x up to and including 11.3.0 contain an information disclosure vulnerability where burn-on-read posts fail to maintain their redacted state when deleted, allowing authenticated channel members to view previously hidden message contents through WebSocket post deletion events. The vulnerability requires low-privilege authenticated access and results in confidentiality loss of sensitive communications that were intentionally designed to be self-destructing. With a CVSS score of 4.3 and network-based attack vector, this represents a meaningful but contained risk primarily affecting organizations relying on Mattermost's burn-on-read feature for secure internal communications.

Information Disclosure Mattermost Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-26246 Go MEDIUM PATCH This Month

Mattermost fails to properly bound memory allocation when processing PSD (Photoshop) image files, allowing authenticated attackers to exhaust server memory and trigger denial of service by uploading a specially crafted PSD file. The vulnerability affects Mattermost versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier. With a CVSS score of 4.3 and a low attack complexity requirement, this represents a moderate but exploitable risk for organizations running affected versions where user file upload is permitted.

Denial Of Service Mattermost Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-2458 Go MEDIUM PATCH This Month

This vulnerability is an improper access control flaw in Mattermost's channel search functionality that allows removed team members to enumerate all public channels within private teams. Affected versions include Mattermost 11.3.x through 11.3.0, 11.2.x through 11.2.2, and 10.11.x through 10.11.10. An authenticated attacker who has been removed from a team can query the channel search API endpoint to discover the complete list of public channels in that private team, resulting in information disclosure without requiring elevated privileges.

Authentication Bypass Mattermost Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-2457 Go MEDIUM PATCH This Month

Mattermost fails to properly sanitize client-supplied post metadata in its post update API endpoint, allowing authenticated attackers to spoof permalink embeds and impersonate other users through crafted PUT requests. The vulnerability affects Mattermost versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier. While the CVSS score of 4.3 is moderate and requires authentication, the integrity impact allows attackers to deceive users by falsely attributing messages to legitimate users, potentially facilitating social engineering or misinformation campaigns within Mattermost instances.

Information Disclosure Mattermost Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-2461 Go MEDIUM PATCH This Month

Mattermost Plugins versions 11.3 and earlier fail to implement proper authorization checks on comment block modifications, allowing authenticated users with editor permissions to modify comments created by other board members without restriction. An authorized attacker can alter or tamper with comments from colleagues, potentially modifying project records, discussions, or audit trails. With a CVSS score of 4.3 and low attack complexity, this represents a moderate integrity risk in collaborative environments where comment authenticity is important, though exploitation requires prior authentication and editor-level access.

Authentication Bypass Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-2463 Go MEDIUM PATCH This Month

Mattermost fails to properly validate user permissions when filtering invite IDs during team creation, allowing authenticated users to bypass access controls and register unauthorized accounts using leaked or discovered invite tokens. Affected versions include Mattermost 11.3.0 and earlier in the 11.3.x branch, 11.2.2 and earlier in the 11.2.x branch, and 10.11.10 and earlier in the 10.11.x branch. An authenticated attacker with knowledge of valid invite IDs can circumvent intended access restrictions to create accounts that should be restricted, resulting in unauthorized account registration and potential lateral movement within the Mattermost instance.

Authentication Bypass Mattermost Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-2476 Go HIGH PATCH This Week

A sensitive information disclosure vulnerability in Mattermost Plugins versions 2.0.3.0 and earlier fails to properly mask sensitive configuration values in support packets, allowing attackers with high privileges to extract original plugin settings from exported configuration data. The vulnerability requires authenticated access with high privileges (CVSS 7.6) and enables attackers to obtain sensitive configuration data that should be masked, potentially exposing API keys, credentials, or other sensitive plugin configurations. No active exploitation or proof-of-concept has been reported, and the vulnerability requires significant access privileges to exploit.

Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-2456 Go MEDIUM PATCH This Month

Mattermost fails to enforce response size limits on integration action endpoints, allowing an authenticated attacker to trigger server memory exhaustion and denial of service by clicking an interactive message button that connects to a malicious integration server returning arbitrarily large responses. This vulnerability affects Mattermost versions 11.3.0, 11.2.x up to 11.2.2, and 10.11.x up to 10.11.10. While the CVSS score of 5.3 is moderate, the attack requires user interaction (UI:R) and network access, but can be reliably triggered by any authenticated user interacting with crafted messages.

Denial Of Service Mattermost Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-69693 MEDIUM PATCH This Month

Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c).

Buffer Overflow Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-32720 Go HIGH POC PATCH This Week

A misconfigured NetworkPolicy in Kubernetes deployments allows attackers to perform unauthorized lateral movement between namespaces, breaking namespace isolation security boundaries. This vulnerability affects Kubernetes environments with improperly configured inter-namespace NetworkPolicies, specifically those with 'inter-ns' prefixed policies in monitoring namespaces. An attacker who compromises any component can pivot to access resources in other namespaces, potentially accessing sensitive data or systems they shouldn't have access to.

Kubernetes Authentication Bypass Suse
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-32704 Go MEDIUM POC PATCH This Month

CVE-2026-32704 is a security vulnerability (CVSS 6.5). Risk factors: public PoC available.

Authentication Bypass Docker Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-32627 HIGH PATCH This Week

cpp-httplib versions before 0.37.2 silently disable TLS certificate validation when following HTTPS redirects through a proxy, allowing attackers to intercept encrypted connections without detection. This affects any application using cpp-httplib as an HTTP client with proxy and redirect following enabled. No active exploitation (not in KEV) or public POC has been reported, with low EPSS probability indicating minimal current threat activity.

Information Disclosure Cpp Httplib Suse
NVD GitHub VulDB
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-3910 HIGH POC KEV PATCH THREAT Act Now

Chrome's V8 JavaScript engine contains an inappropriate implementation (CVE-2026-3910, CVSS 8.8) that allows remote attackers to execute arbitrary code within the browser sandbox via crafted HTML pages. KEV-listed with public PoC, this V8 vulnerability affects all Chromium-based browsers and enables drive-by exploitation through any web page containing malicious JavaScript.

Google RCE Buffer Overflow Chrome Red Hat +1
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.1%
Threat
4.8
CVE-2026-3909 HIGH POC KEV PATCH THREAT Act Now

Google Chrome's Skia graphics library contains an out-of-bounds write (CVE-2026-3909, CVSS 8.8) enabling remote attackers to perform memory corruption through crafted HTML pages. KEV-listed with public PoC and patches available, this vulnerability in the core graphics rendering engine affects all Chromium-based browsers.

Buffer Overflow Memory Corruption Google Chrome Red Hat +1
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.1%
Threat
4.8
CVE-2026-32301 Go CRITICAL POC PATCH Act Now

SSRF in Centrifugo real-time messaging before 6.7.0.

SSRF Centrifugo Suse
NVD GitHub VulDB
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-30853 MEDIUM PATCH This Month

Arbitrary file write vulnerability in Calibre's RocketBook input plugin enables attackers to write files to any location accessible by the Calibre process when a user opens or converts a malicious .rb file. The path traversal flaw affects versions prior to 9.5.0 and represents an unpatched instance of the same vulnerability class previously fixed in the PDB reader component. Local attackers can leverage this to corrupt files, modify configuration, or potentially achieve code execution depending on file system permissions.

Path Traversal Calibre Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-31899 PyPI HIGH PATCH GHSA This Week

Denial of service vulnerability in CairoSVG (Python SVG rendering library) caused by exponential amplification through recursive <use> SVG elements without depth limits. An attacker can cause 100% CPU exhaustion indefinitely with a tiny 1,411-byte SVG file, affecting any service that processes SVG input (thumbnails, PDFs, avatars). A working proof-of-concept is publicly available, patches have been released, and while not in KEV, the vulnerability has a 7.5 CVSS score with network-based, unauthenticated exploitation.

Denial Of Service Python Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-30961 Go MEDIUM PATCH This Month

A validation bypass in the chunked file upload completion logic for file requests allows attackers to circumvent per-request file size limits by splitting oversized files into smaller chunks that individually pass validation. Attackers with access to a public file request link can sequentially upload chunks to exceed the administrator-configured MaxSize limit, uploading files up to the server's global MaxFileSizeMB threshold. This enables unauthorized storage consumption and potential service disruption through storage exhaustion, though no data exposure or privilege escalation occurs; the vulnerability carries a CVSS score of 4.3 with EPSS and KEV status not currently indicated as critical, suggesting limited real-world exploitation pressure despite straightforward attack mechanics.

Information Disclosure Privilege Escalation Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-30955 Go MEDIUM PATCH This Month

Denial-of-service vulnerability in Gokapi, a file-sharing server, wherein an authenticated attacker can send unbounded request bodies to an API endpoint without size restrictions, causing out-of-memory (OOM) conditions that crash the service and deny access to all users. The vulnerability requires valid authentication credentials but no special privileges, and is classified as high-severity (CVSS 6.5) due to guaranteed availability impact. Patch availability exists in version 2.2.4 and later.

Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-30943 Go MEDIUM PATCH This Month

An insufficient authorization check in a file replace API allows authenticated users with basic list and replace permissions to delete other users' files by abusing the deleteNewFile flag, bypassing the intended delete permission requirement. This affects any system implementing this vulnerable API pattern where permission checks are not properly enforced at the API endpoint level. While the CVSS score of 4.1 is moderate, the vulnerability requires high privilege level (authenticated user with PERM_REPLACE and PERM_LIST) and results in integrity impact through unauthorized file deletion across user boundaries.

Authentication Bypass Suse
NVD GitHub VulDB
CVSS 3.1
4.1
EPSS
0.0%
CVE-2026-30915 Go MEDIUM PATCH This Month

SFTPGo versions before v2.7.1 suffer from improper input validation in dynamic group path handling, where placeholder substitution (e.g., %username%) fails to sanitize relative path traversal sequences. An authenticated attacker with user creation privileges can craft a malicious username containing path traversal components (such as ../) to escape the intended directory structure and access parent directories, achieving unauthorized directory traversal with low to moderate impact on confidentiality and integrity. The vulnerability requires authenticated access and is not listed as actively exploited in known exploit databases, though the fix availability and moderate CVSS score suggest it warrants prompt patching.

Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-30914 Go HIGH PATCH This Week

SFTPGo versions prior to 2.7.1 contain a path normalization vulnerability (CWE-22: Improper Limitation of a Pathname to a Restricted Directory) that allows authenticated attackers to bypass folder-level permissions and escape Virtual Folder boundaries through crafted file paths. An attacker with valid credentials can exploit this authorization bypass to access files and directories beyond their intended scope. The vulnerability has been patched in version 2.7.1 with strict edge-level path normalization, and while no public POC or KEV status has been disclosed, the CVSS 5.3 (network-accessible, low complexity) and requirement for prior authentication suggest this is a real but moderate-priority issue.

Canonical Path Traversal Suse
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-31885 MEDIUM PATCH This Month

FreeRDP versions prior to 3.24.0 contain an out-of-bounds read vulnerability in MS-ADPCM and IMA-ADPCM audio decoders that allows unauthenticated remote attackers to read sensitive information from process memory. The vulnerability affects all FreeRDP installations using these audio codecs; an attacker can trigger the flaw by providing specially crafted audio data during RDP session establishment, potentially disclosing confidential data such as credentials or session tokens without requiring privileges or interaction beyond basic RDP connection initiation.

Buffer Overflow Information Disclosure Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-31884 MEDIUM PATCH This Month

A denial of service vulnerability in FreeRDP (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Denial Of Service Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-31883 MEDIUM PATCH This Month

Size_t integer underflow vulnerability in FreeRDP's IMA-ADPCM and MS-ADPCM audio decoders that triggers a heap buffer overflow write via the RDPSND audio channel. All FreeRDP versions prior to 3.24.0 are affected. An unauthenticated remote attacker can exploit this vulnerability over the network without user interaction to cause information disclosure and data corruption, though not denial of service based on the CVSS impact ratings.

Buffer Overflow Integer Overflow Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-29775 MEDIUM PATCH This Month

FreeRDP versions prior to 3.24.0 contain a client-side heap out-of-bounds read/write vulnerability in the bitmap cache subsystem caused by an off-by-one boundary check error. A malicious RDP server can exploit this by sending a specially crafted CACHE_BITMAP_ORDER (Rev1) packet with cacheId equal to maxCells, allowing access to memory one element past the allocated array boundary. This vulnerability affects FreeRDP clients connecting to untrusted or compromised servers and could lead to information disclosure or denial of service, though the CVSS score of 5.3 and lack of confidentiality impact suggest limited real-world severity.

Memory Corruption Buffer Overflow Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-29774 MEDIUM PATCH This Month

A client-side heap buffer overflow vulnerability exists in FreeRDP's AVC420/AVC444 YUV-to-RGB color space conversion code due to missing horizontal bounds validation of H.264 metablock region coordinates. FreeRDP versions prior to 3.24.0 are affected, allowing a malicious RDP server to trigger out-of-bounds memory writes via specially crafted WIRE_TO_SURFACE_PDU_1 packets with oversized regionRects left coordinates, resulting in denial of service through heap corruption. The vulnerability requires no user interaction or authentication and has a CVSS score of 5.3 with EPSS risk classification indicating moderate exploitation likelihood; no public exploit code is known to exist at this time.

Buffer Overflow Memory Corruption Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A memory leak vulnerability exists in the Linux kernel's liquidio network driver within the setup_nic_devices() function, where an off-by-one error in the cleanup loop causes failure to deallocate the last successfully allocated device during error handling. The vulnerability affects Linux kernel versions across multiple stable branches (as evidenced by patches in 4.9, 4.14, 4.19, 5.4, 5.10, 5.15, and 5.16 stable trees per the kernel.org references). While this is a local denial-of-service vector through memory exhaustion rather than a direct code execution path, it could be leveraged by unprivileged users to degrade system stability over time.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

This vulnerability is an off-by-one error in the Linux kernel's liquidio driver that causes a memory leak during virtual function (VF) setup failure cleanup. The vulnerability affects the Linux kernel across all versions where the liquidio net driver is compiled, as identified through the affected CPE (cpe:2.3:a:linux:linux). While this is a memory leak rather than a direct code execution vulnerability, it can be exploited to exhaust kernel memory resources, leading to denial of service.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A vulnerability in the Linux kernel's Generic Receive Offload (GRO) implementation for UDP traffic causes incorrect network offset calculations when processing encapsulated packets. The flaw affects all Linux kernel versions where the GRO subsystem handles UDP encapsulation, as specified in the CPE cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*. When hardware NICs, the tun driver, or veth setups inject packets with the encapsulation flag set, the udp4_gro_complete() function incorrectly computes the outer UDP header pseudo checksum using the inner network offset, leading to checksum validation failures that can disrupt packet processing and potentially cause denial of service or packet drops. No active exploitation has been reported in the wild, and no public proof-of-concept code is known to exist, though the vulnerability is triggered through normal network operations involving UDP-encapsulated traffic.

Linux Code Injection Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

This vulnerability is a missing exception fixup handler in the LoongArch architecture's BPF JIT compiler that fails to properly recover from memory access exceptions (ADEM) triggered by BPF_PROBE_MEM* instructions. The Linux kernel on LoongArch systems (CPE: cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*) is affected, potentially allowing information disclosure or denial of service when BPF programs attempt to safely probe memory locations. This is not actively exploited (no KEV status), but patches are available across multiple stable kernel branches.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A resource management vulnerability exists in the Linux kernel's Btrfs filesystem implementation where qgroup data reservations are incorrectly freed when an inline extent creation fails due to -ENOSPC (no space available). This causes the kernel to prematurely release qgroup quota accounting for data that will actually be used when the operation falls back to the normal copy-on-write path, potentially leading to qgroup quota inconsistencies and information disclosure about quota state. All Linux distributions using Btrfs with qgroup quota tracking enabled are affected. While no CVSS score or EPSS risk score has been assigned, the vulnerability has stable patches available in the Linux kernel repository.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A resource leak vulnerability exists in the Linux kernel's btrfs filesystem implementation where reserved qgroup data fails to be freed in error paths during inline extent insertion operations. This affects all Linux versions with vulnerable btrfs code, and allows local attackers with filesystem write access to exhaust kernel memory resources through repeated failed inline extent insertions, potentially causing denial of service. No active exploitation in the wild has been reported, but kernel memory exhaustion vulnerabilities are routinely targeted by local privilege escalation chains.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds slice access in the Free5GC CHF nchf-convergedcharging service allows authenticated attackers to trigger server-side panics via malformed PUT requests to the recharge endpoint, causing denial of service and log flooding. An attacker with valid authentication credentials can repeatedly exploit this vulnerability to degrade recharge functionality and disrupt service availability. A patch is available to remediate this high-severity vulnerability.

Buffer Overflow Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

A specially crafted Socket.IO packet can cause the server to allocate unbounded memory by waiting for and buffering a large number of binary attachments, leading to denial of service through memory exhaustion. The vulnerability affects socket.io-parser versions across multiple major releases (v2.x, v3.x, and v4.x) used by Socket.IO server and client implementations. No EPSS score or KEV listing is available, but patches have been released by the vendor.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Zitadel's OAuth2/OIDC implementation contains an authentication bypass vulnerability (CWE-863: Improper Authorization) that allows unauthenticated attackers to circumvent organization enforcement controls during login. Affected versions 3.0.0-3.4.8 and 4.0.0-4.12.2 fail to validate organization membership scopes in device authorization flows and all Login V2/OIDC API V2 endpoints, enabling attackers to authenticate with users from unauthorized organizations. While the CVSS score of 5.3 indicates low-to-moderate severity with confidentiality impact only, the attack requires no privileges or user interaction and operates over the network, making it a practical concern for multi-tenant deployments.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A memory allocation failure vulnerability exists in the Linux kernel's XFS filesystem checking code where the xchk_xfile_*_descr macros call kasprintf with formatted strings that can exceed safe allocation limits, leading to potential denial of service or information disclosure. This affects Linux kernel versions 6.6 through 6.14 and later releases including 6.18.16, 6.19.6, and 7.0-rc1, with the vulnerability discoverable through syzbot fuzzing by researcher Jiaming Zhang. While no active exploitation has been confirmed, the issue represents a path to failure in a core filesystem validation component that could be triggered by malicious or malformed filesystem structures.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

This vulnerability in the Linux kernel's XFS filesystem code involves improper pointer validation in xfarray and xfblob destructor functions, where the destructors can be called with invalid (dangling) pointers if the pointer is not properly nulled after deallocation. The vulnerability affects Linux kernel versions 6.9 through 6.10 and later patch versions, potentially allowing information disclosure or system instability. While no CVSS score or exploitation data is publicly available, the fix was backported across multiple kernel versions (6.12.75, 6.18.16, 6.19.6, 7.0-rc1) indicating recognition of the issue's significance across the kernel maintenance community.

Linux Null Pointer Dereference Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A null pointer dereference vulnerability exists in the XFS filesystem checker (xchk_scrub_create_subord) in the Linux kernel, where the function returns a mangled ENOMEM error instead of NULL, and callers fail to properly validate the return value. This affects Linux kernel versions 6.2 through 6.10 and later stable branches, potentially allowing a local attacker with filesystem access to trigger a denial of service condition through unhandled memory allocation failures during XFS filesystem integrity checks.

Linux Denial Of Service Null Pointer Dereference +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A null pointer dereference vulnerability exists in the Linux kernel's XFS filesystem repair code when revalidating B-tree structures during fsck operations. The vulnerability affects Linux kernel versions across multiple release branches (6.8, 6.12.75, 6.18.16, 6.19.6, and 7.0-rc1) when the xfs_scrub utility attempts to repair both the free space B-tree (bnobt) and count B-tree (cntbt) simultaneously. An authenticated attacker with fsck/scrub privileges can trigger a kernel crash (denial of service) by injecting corruption markers via XFS_IOC_ERROR_INJECTION ioctl, causing the kernel to crash when the second B-tree revalidation is attempted after the first one fails and nullifies a required cursor.

Linux Denial Of Service Null Pointer Dereference +2
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

PinchTab contains a Server-Side Request Forgery (SSRF) vulnerability in its /download endpoint that allows unauthenticated attackers to bypass URL validation and cause the embedded Chromium browser to make requests to internal network services. The vulnerability affects PinchTab versions 0.7.x and 0.8.x when the security.allowDownload setting is enabled (disabled by default), and exploits a validation gap where only the initial user-supplied URL is checked while subsequent browser-initiated requests (redirects, JavaScript navigations, resource fetches) bypass this protection entirely. Although the attacker cannot receive response bodies from internal services (blind SSRF), they can trigger state-changing endpoints on localhost or private network addresses reachable from the PinchTab host, with a proof-of-concept publicly available demonstrating counter increments on internal services.

Google Python SSRF +2
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A Denial of Service vulnerability exists in pypdf (Python PDF library) where an attacker can craft a malicious PDF file that causes excessive runtime and memory consumption by exploiting improper handling of array-based streams with large numbers of entries. All versions of pypdf prior to 6.9.1 are affected. An attacker can remotely trigger resource exhaustion on any system processing untrusted PDF files with this library, potentially causing application crashes or service unavailability.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

SiYuan's Bazaar marketplace fails to sanitize package metadata (displayName, description) before rendering in the Electron desktop application, allowing stored XSS that escalates to arbitrary remote code execution. Any SiYuan user (versions ≤3.5.9) who browses the Bazaar will automatically execute attacker-controlled code with full OS-level privileges when a malicious package card renders-no installation or user interaction required. A functional proof-of-concept exists demonstrating command execution via img onerror handlers, and this vulnerability is actively tracked in GitHub's advisory database (GHSA-mvpm-v6q4-m2pf), making it a critical supply-chain risk to the SiYuan user community.

Command Injection Apple Microsoft +6
NVD GitHub VulDB
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

SiYuan's Bazaar (community package marketplace) fails to sanitize HTML in package README files during rendering, allowing stored XSS that escalates to remote code execution due to unsafe Electron configuration. An attacker can submit a malicious package with embedded JavaScript in the README that executes with full Node.js access when any user views the package details in the Bazaar. This affects SiYuan versions 3.5.9 and earlier across Windows, macOS, and Linux, with a CVSS score of 9.6 and multiple real-world exploitation vectors including data theft, reverse shells, and persistent backdoors.

Apple Microsoft XSS +6
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Heimdall, an authorization decision API for Envoy proxy, contains a path traversal bypass vulnerability when used in gRPC decision API mode. Attackers can bypass non-wildcard path expression rules by appending query parameters to URLs, which causes incorrect URL encoding that prevents rule matching. A proof-of-concept is publicly available demonstrating the bypass, though exploitation requires heimdall to be configured with an insecure 'allow all' default rule (which is blocked by secure defaults since v0.16.0 unless explicitly disabled).

Docker Authentication Bypass Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

A predictable secret identifier (XID) vulnerability in Juju versions 3.0.0 through 3.6.18 allows a malicious grantee to enumerate and predict previously granted secrets owned by the same administrator, enabling unauthorized access to resources intended for other applications. An attacker with high privileges and control over at least one deployed application can exploit this to obtain credentials or configuration data from past secret grants, resulting in information disclosure and potential privilege escalation. While the CVSS score is moderate at 6.6 and exploitation requires specific configuration and high privileges, the fundamental weakness in secret ownership verification represents a significant trust boundary violation in Juju's secret management architecture.

Information Disclosure Debian Juju +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An authorization bypass vulnerability in Canonical's Juju versions 3.0.0 through 3.6.18 allows authenticated users with grantee privileges to incorrectly update secret content beyond their intended permissions, potentially accessing or modifying other secrets. The vulnerability (CWE-863: Incorrect Authorization) has a CVSS score of 8.8, indicating high severity with network-based exploitation requiring low attack complexity and low privileges. The flaw is particularly dangerous because even when exploitation attempts are logged as errors, the unauthorized secret updates still persist and become visible to both owners and grantees.

Authentication Bypass Debian Juju +1
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

An authorization bypass vulnerability exists in the Vault secrets back-end implementation of Canonical's Juju orchestration tool, allowing authenticated unit agents to perform unauthorized updates to secret revisions beyond their intended scope. Juju versions 3.1.6 through 3.6.18 are affected, and attackers with sufficient information can poison any existing secret revision within the Vault secret back-end scope. With a CVSS score of 7.6 (High severity) featuring network attack vector, low complexity, and high integrity impact, this represents a significant security concern for Juju deployments using Vault as their secrets back-end, though no active exploitation (KEV) status or EPSS score was provided in available data.

Hashicorp Authentication Bypass Debian +2
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Juju 3.0.0 through 3.6.18 contains a race condition in secrets management that allows authenticated unit agents to intercept and claim ownership of newly created secrets due to a timing window between secret ID generation and revision creation. An attacker with valid unit agent credentials can exploit this to read the initial content of secrets intended for other units. The vulnerability requires local authentication and manual interaction but results in high-impact confidentiality disclosure with no available patch.

Information Disclosure Debian Juju +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A stack out-of-bounds write vulnerability exists in the Linux kernel's mac80211 WiFi subsystem in the ieee80211_ml_reconfiguration function, where the link_id parameter extracted from the ML Reconfiguration element is not properly bounds-checked before being used as an array index. The vulnerability affects Linux kernel versions across multiple release branches (6.5 through 7.0-rc2), allowing an attacker with network proximity to craft a malicious WiFi frame to trigger a buffer overflow and potentially cause denial of service or code execution. While no CVSS score or EPSS data is currently published, the vulnerability has been assigned EUVD-2026-12809 and patches are available across stable kernel branches.

Linux Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A memory allocation vulnerability exists in the Linux kernel's NVMe Persistent Reservation implementation where the nvme_pr_read_keys() function fails to properly handle large num_keys values passed from userspace, resulting in excessive memory allocation attempts up to 4MB that trigger page allocator warnings and potential denial of service. This affects Linux kernel versions across multiple stable branches (6.5, 6.12.77, 6.18.17, 6.19.7, and 7.0-rc3) and requires local access with ioctl privileges to trigger. The vulnerability is addressed through replacement of kzalloc() with kvzalloc() to support larger allocations via vmalloc fallback, and patches are available across multiple kernel stable branches.

Linux Information Disclosure Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A denial of service vulnerability in A cross-origin (CVSS 5.4). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Apple macOS +3
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A denial of service vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Denial Of Service Kubernetes Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A bypass vulnerability in fast-xml-parser allows attackers to circumvent entity expansion limits through numeric character references (&#NNN;) and standard XML entities, causing denial of service via excessive memory allocation and CPU consumption. The vulnerability affects fast-xml-parser versions 5.x through 5.5.5, completely bypassing security controls added in the previous CVE-2026-26278 fix. A proof-of-concept demonstrates that even with strict limits configured (maxTotalExpansions=10), an attacker can inject 100,000+ numeric entities to consume hundreds of megabytes of memory.

Denial Of Service Node.js Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

CVE-2026-32953 is a security vulnerability. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

RCE Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Devise's Confirmable module with the reconfirmable option enabled contains a race condition that allows attackers to confirm email addresses they don't control by sending concurrent email change requests. By exploiting the desynchronization between the confirmation token and unconfirmed email fields, an attacker can redirect a victim's email confirmation to their own account. This affects all Devise applications using the default Confirmable configuration with email changes, and is patched in Devise v5.0.3.

Race Condition Information Disclosure Red Hat +1
NVD VulDB GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The NewXMLTree method in affected products is vulnerable to a denial of service condition where an out-of-bounds write of a single zero byte can trigger an application crash. An unauthenticated remote attacker can exploit this memory corruption vulnerability without user interaction to cause service disruption. No patch is currently available for this issue.

Buffer Overflow Memory Corruption Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

The kube-router proxy module fails to validate Service externalIPs and LoadBalancer IPs against configured IP ranges, allowing namespace-scoped users to bind arbitrary VIPs on all cluster nodes and hijack traffic to critical services like kube-dns. This affects all kube-router v2.x versions including v2.7.1, primarily impacting multi-tenant clusters where untrusted users have Service creation permissions. A detailed proof-of-concept demonstrates single-command cluster DNS takedown and arbitrary VIP binding with traffic redirection to attacker-controlled pods, though EPSS scoring is not available for this recently disclosed vulnerability.

Kubernetes Denial Of Service Authentication Bypass +2
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: audit: add missing syscalls to read class The "at" variant of getxattr() and listxattr() are missing from the audit read class.

Linux Authentication Bypass Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2() to change attributes class fchmodat2(), introduced in version 6.6 is currently not in the change attribute class of audit.

Linux Authentication Bypass Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

CVE-2026-32769 is a security vulnerability. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Kubernetes Authentication Bypass Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Path traversal in the webserver's archive extraction function allows unauthenticated remote attackers to write files outside the intended directory by crafting malicious tar archives, due to incomplete path validation in the sanitizeArchivePath function. The vulnerability affects the download command's decompression functionality and could enable arbitrary file placement on the system. A patch is available.

Path Traversal Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Path traversal in the `extractor` CLI tool and `extract.DumpOTelCollector` library function allows attackers to write files outside the intended extraction directory by exploiting an incomplete path validation check in the `sanitizeArchivePath` function. A maliciously crafted tar archive can bypass the prefix check and place arbitrary files on the system when processed. A patch is available to address the missing trailing path separator validation.

Path Traversal Suse
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

CVE-2026-32737 is a security vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affected systems. Vendor patch is available.

Authentication Bypass Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.9
HIGH PATCH This Week

CVE-2026-32768 is a security vulnerability. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Kubernetes Authentication Bypass Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Path traversal in the resourcePatchHandler allows authenticated users with Create or Rename permissions to bypass access control rules by injecting path traversal sequences (`..\`) into PATCH requests, since validation occurs before path normalization. An attacker can exploit this to copy or rename files to restricted directories that should be protected by administrator-configured deny rules. No patch is currently available.

Path Traversal Suse
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

An authorization bypass vulnerability in SiYuan Note v3.6.0 and earlier allows any authenticated user, including those with read-only 'Reader' role privileges, to execute arbitrary SQL commands through the /api/search/fullTextSearchBlock endpoint when the method parameter is set to 2. This enables attackers to read, modify, or delete all data in the application's SQLite database, completely bypassing the application's role-based access controls. A detailed proof-of-concept demonstrates how Reader-role users can execute destructive SQL operations including dropping tables.

SQLi Docker Suse
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Unauthenticated attackers can register administrator accounts in Docker when self-registration is enabled and default user permissions include admin privileges, as the signup handler fails to strip admin permissions from self-registered accounts. Public exploit code exists for this vulnerability. No patch is currently available.

Privilege Escalation Docker Suse
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Mattermost versions 11.3.0 and 11.2.2 and earlier fail to properly validate the run_create permission when a playbook ID is empty, allowing authenticated team members to create unauthorized playbook runs through the API. This permission bypass could enable attackers with valid credentials to perform actions they should not be permitted to execute within the platform.

Authentication Bypass Mattermost Suse
NVD VulDB
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

SiYuan's mobile file tree fails to sanitize notebook names in WebSocket rename events, allowing authenticated users to inject arbitrary HTML and JavaScript that executes in other clients' browsers. When combined with Electron's insecure configuration (nodeIntegration enabled, contextIsolation disabled), this stored XSS escalates to remote code execution with full Node.js privileges on affected desktop and mobile clients. The vulnerability affects users with notebook rename permissions across Docker, Node.js, Python, and Apple platforms.

Docker RCE XSS +6
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

SiYuan Note contains an unrestricted path traversal vulnerability in the POST /api/import/importStdMd endpoint that allows authenticated administrators to recursively import arbitrary files from the host filesystem into the workspace database without any validation or blocklisting. Affected versions of SiYuan (pkg:go/github.com_siyuan-note_siyuan) allow admin users to permanently store sensitive files such as /proc/, /etc/, /run/secrets/, and other system directories as searchable note content, making them accessible to other workspace users including those with limited privileges. A proof-of-concept has been published demonstrating import of /proc/1/ and /run/secrets/, and when chained with separate SQL injection vulnerabilities in the renderSprig template function, non-admin users can retrieve imported secrets without additional privileges.

Path Traversal SQLi Docker +1
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Path traversal in Python and Docker import endpoints allows authenticated administrators to write files to arbitrary filesystem locations by injecting directory traversal sequences in multipart upload filenames, potentially enabling remote code execution through placement of malicious files in executable paths. The vulnerability affects the POST /api/import/importSY and POST /api/import/importZipMd endpoints which fail to sanitize user-supplied filenames before constructing file write paths. No patch is currently available.

Python Docker Path Traversal +1
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Administrative users of Docker and PostgreSQL deployments can exploit an incomplete path validation in the `POST /api/file/globalCopyFiles` endpoint to copy sensitive files like container environment variables and Docker secrets from restricted locations (`/proc/`, `/run/secrets/`) into the workspace, where they become readable via standard file APIs. The vulnerability stems from reliance on a blocklist-based validation mechanism that fails to prevent access to these critical system paths. Since no patch is currently available, organizations should restrict administrative access to the affected API endpoint until an update is released.

Docker PostgreSQL Path Traversal +1
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

A credential disclosure vulnerability exists in Glances monitoring tool when running in Central Browser mode with autodiscovery enabled. The vulnerability allows attackers on the same local network to steal reusable authentication credentials by advertising fake Glances services via Zeroconf, as the application trusts untrusted service names for password lookups instead of using verified IP addresses. A working proof-of-concept is included in the advisory, and the issue has a CVSS score of 8.1 indicating high severity.

Python Information Disclosure Suse
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

The Glances system monitoring tool exposes reusable authentication credentials for downstream servers through an unauthenticated API endpoint when running in Central Browser mode without password protection. This vulnerability allows any network attacker to retrieve pbkdf2-hashed passwords that can be replayed to access protected Glances servers across an entire monitored fleet. A proof-of-concept is included in the advisory demonstrating credential extraction from the /api/4/serverslist endpoint.

Python Information Disclosure Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The Glances system monitoring application accepts arbitrary HTTP Host headers on its REST API and WebUI endpoints, enabling DNS rebinding attacks that bypass browser same-origin policy and expose sensitive system data. While the MCP endpoint was recently hardened with host validation, the main FastAPI application for REST/WebUI/token routes lacks equivalent TrustedHostMiddleware protection, allowing attackers to rebind attacker-controlled domains to the victim's local Glances instance and read API responses as same-origin content. A proof-of-concept is code-validated through source inspection, and a patch is available in version 4.5.2 and later.

Python RCE Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

SQL injection in Python's Glances DuckDB export module allows unauthenticated remote attackers to execute arbitrary SQL commands by injecting malicious data through unparameterized table and column name interpolation in DDL statements. While INSERT values use parameterized queries, identifier names are directly embedded via f-strings, enabling attackers over the network to manipulate database structure and access sensitive monitoring data. A patch is available.

Python SQLi Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

A critical CORS misconfiguration in the Glances system monitoring tool's REST API allows any website to steal sensitive system information from users who visit a malicious page while having access to a Glances instance. The vulnerability affects all versions prior to 4.5.2 and enables cross-origin theft of system stats, configuration secrets, database passwords, API keys, and command-line arguments. A proof-of-concept is publicly available, though no active exploitation has been reported yet.

Python Information Disclosure Docker +2
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A critical information disclosure vulnerability in Glances system monitoring tool allows unauthenticated remote attackers to access sensitive configuration data including password hashes, SNMP community strings, and authentication keys through unprotected API endpoints. The vulnerability affects Glances versions prior to 4.5.2 when running in web server mode without password protection (the default configuration), and a proof-of-concept demonstrating the attack is publicly available. While not currently in CISA's Known Exploited Vulnerabilities catalog, the issue has a high CVSS score of 7.5 due to the ease of exploitation and severity of exposed secrets.

Python Information Disclosure Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Glances monitoring system allows local attackers with limited privileges to execute arbitrary commands by injecting shell metacharacters into process or container names, which bypass command sanitization in the action execution handler. The vulnerability affects the threshold alert system that dynamically executes administrator-configured shell commands populated with runtime monitoring data. An attacker controlling a process name or container name can manipulate command parsing to break out of intended command boundaries and inject malicious commands.

Privilege Escalation Nginx Python +3
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Glances web server exposes its REST API without authentication by default when started with the -w flag, allowing unauthenticated remote attackers to access sensitive system information including process details that may contain credentials such as passwords and API keys. The vulnerability affects Python and Docker deployments where Glances is exposed to untrusted networks due to the server binding to 0.0.0.0 with authentication disabled by default. A patch is available to address this configuration vulnerability.

Python Docker Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Authlib's implementation of the JWE RSA1_5 key management algorithm contains a padding oracle vulnerability that leaks decryption failures through timing and exception patterns, allowing attackers to decrypt sensitive data without the private key. The library disabled the constant-time protections provided by the underlying cryptography library and raises exceptions before tag validation completes, creating a reliable side-channel. Public exploit code exists for this vulnerability affecting Authlib users in Python and related Oracle products.

Oracle Python RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Mattermost Server versions 11.3.0, 11.2.x through 11.2.2, and 10.11.x through 10.11.10 contain a server-side request forgery (SSRF) vulnerability due to improper validation of IPv4-mapped IPv6 addresses, allowing authenticated attackers to bypass reserved IP restrictions and access internal services. An attacker with login credentials can craft requests using IPv6 notation (such as [::ffff:127.0.0.1]) to reach localhost or other restricted internal endpoints that would normally be blocked. No patch is currently available for this vulnerability.

SSRF Mattermost Server Suse
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A remote code execution vulnerability (CVSS 4.3) that allows guest users without read permissions. Remediation should follow standard vulnerability management procedures.

Authentication Bypass Mattermost Server Suse
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

CVE-2026-21386 is a security vulnerability (CVSS 4.3) that allows an authenticated team member. Remediation should follow standard vulnerability management procedures.

Information Disclosure Mattermost Server Suse
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

CVE-2026-27448 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Mattermost versions 11.3.0, 11.2.2, and 10.11.10 and earlier lack proper memory bounds checking when processing DOC file uploads, enabling authenticated attackers to trigger server memory exhaustion and denial of service. An attacker with valid credentials can upload a specially crafted DOC file to exhaust available memory and crash the Mattermost server. This vulnerability currently lacks a patch and affects multiple active versions of the platform.

Denial Of Service Mattermost Suse
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

This vulnerability in Mattermost allows guest users to bypass team-specific file upload permissions through a cross-team file metadata reuse attack. Affected versions include Mattermost 11.3.0, 11.2.x up to 11.2.2, and 10.11.x up to 10.11.10. An authenticated guest user can upload a file in a team where they have upload_file permission, then reuse that file's metadata in POST requests to channels in different teams where they lack upload permission, resulting in unauthorized file posting with potential integrity impact.

Authentication Bypass Mattermost Suse
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Mattermost fails to properly validate User-Agent header tokens in versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier, allowing authenticated attackers to trigger request panics through specially crafted User-Agent headers. This denial-of-service vulnerability affects availability but requires prior authentication and results in only low-severity impact. While the CVSS score of 4.3 reflects the low severity, the practical risk depends on whether the application is exposed to untrusted authenticated users and whether automatic exploitation tools are readily available.

Information Disclosure Mattermost Suse
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Mattermost 10.11.x through 11.3.x fails to validate password length, allowing unauthenticated attackers to trigger denial of service by submitting multi-megabyte passwords during login attempts that consume excessive CPU and memory resources. The vulnerability affects all versions up to 10.11.10, 11.2.2, and 11.3.0, with no patch currently available.

Denial Of Service Mattermost Suse
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Mattermost versions 11.3.x up to and including 11.3.0 contain an information disclosure vulnerability where burn-on-read posts fail to maintain their redacted state when deleted, allowing authenticated channel members to view previously hidden message contents through WebSocket post deletion events. The vulnerability requires low-privilege authenticated access and results in confidentiality loss of sensitive communications that were intentionally designed to be self-destructing. With a CVSS score of 4.3 and network-based attack vector, this represents a meaningful but contained risk primarily affecting organizations relying on Mattermost's burn-on-read feature for secure internal communications.

Information Disclosure Mattermost Suse
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Mattermost fails to properly bound memory allocation when processing PSD (Photoshop) image files, allowing authenticated attackers to exhaust server memory and trigger denial of service by uploading a specially crafted PSD file. The vulnerability affects Mattermost versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier. With a CVSS score of 4.3 and a low attack complexity requirement, this represents a moderate but exploitable risk for organizations running affected versions where user file upload is permitted.

Denial Of Service Mattermost Suse
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

This vulnerability is an improper access control flaw in Mattermost's channel search functionality that allows removed team members to enumerate all public channels within private teams. Affected versions include Mattermost 11.3.x through 11.3.0, 11.2.x through 11.2.2, and 10.11.x through 10.11.10. An authenticated attacker who has been removed from a team can query the channel search API endpoint to discover the complete list of public channels in that private team, resulting in information disclosure without requiring elevated privileges.

Authentication Bypass Mattermost Suse
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Mattermost fails to properly sanitize client-supplied post metadata in its post update API endpoint, allowing authenticated attackers to spoof permalink embeds and impersonate other users through crafted PUT requests. The vulnerability affects Mattermost versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier. While the CVSS score of 4.3 is moderate and requires authentication, the integrity impact allows attackers to deceive users by falsely attributing messages to legitimate users, potentially facilitating social engineering or misinformation campaigns within Mattermost instances.

Information Disclosure Mattermost Suse
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Mattermost Plugins versions 11.3 and earlier fail to implement proper authorization checks on comment block modifications, allowing authenticated users with editor permissions to modify comments created by other board members without restriction. An authorized attacker can alter or tamper with comments from colleagues, potentially modifying project records, discussions, or audit trails. With a CVSS score of 4.3 and low attack complexity, this represents a moderate integrity risk in collaborative environments where comment authenticity is important, though exploitation requires prior authentication and editor-level access.

Authentication Bypass Suse
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Mattermost fails to properly validate user permissions when filtering invite IDs during team creation, allowing authenticated users to bypass access controls and register unauthorized accounts using leaked or discovered invite tokens. Affected versions include Mattermost 11.3.0 and earlier in the 11.3.x branch, 11.2.2 and earlier in the 11.2.x branch, and 10.11.10 and earlier in the 10.11.x branch. An authenticated attacker with knowledge of valid invite IDs can circumvent intended access restrictions to create accounts that should be restricted, resulting in unauthorized account registration and potential lateral movement within the Mattermost instance.

Authentication Bypass Mattermost Suse
NVD VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

A sensitive information disclosure vulnerability in Mattermost Plugins versions 2.0.3.0 and earlier fails to properly mask sensitive configuration values in support packets, allowing attackers with high privileges to extract original plugin settings from exported configuration data. The vulnerability requires authenticated access with high privileges (CVSS 7.6) and enables attackers to obtain sensitive configuration data that should be masked, potentially exposing API keys, credentials, or other sensitive plugin configurations. No active exploitation or proof-of-concept has been reported, and the vulnerability requires significant access privileges to exploit.

Information Disclosure Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Mattermost fails to enforce response size limits on integration action endpoints, allowing an authenticated attacker to trigger server memory exhaustion and denial of service by clicking an interactive message button that connects to a malicious integration server returning arbitrarily large responses. This vulnerability affects Mattermost versions 11.3.0, 11.2.x up to 11.2.2, and 10.11.x up to 10.11.10. While the CVSS score of 5.3 is moderate, the attack requires user interaction (UI:R) and network access, but can be reliably triggered by any authenticated user interacting with crafted messages.

Denial Of Service Mattermost Suse
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c).

Buffer Overflow Information Disclosure Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

A misconfigured NetworkPolicy in Kubernetes deployments allows attackers to perform unauthorized lateral movement between namespaces, breaking namespace isolation security boundaries. This vulnerability affects Kubernetes environments with improperly configured inter-namespace NetworkPolicies, specifically those with 'inter-ns' prefixed policies in monitoring namespaces. An attacker who compromises any component can pivot to access resources in other namespaces, potentially accessing sensitive data or systems they shouldn't have access to.

Kubernetes Authentication Bypass Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

CVE-2026-32704 is a security vulnerability (CVSS 6.5). Risk factors: public PoC available.

Authentication Bypass Docker Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

cpp-httplib versions before 0.37.2 silently disable TLS certificate validation when following HTTPS redirects through a proxy, allowing attackers to intercept encrypted connections without detection. This affects any application using cpp-httplib as an HTTP client with proxy and redirect following enabled. No active exploitation (not in KEV) or public POC has been reported, with low EPSS probability indicating minimal current threat activity.

Information Disclosure Cpp Httplib Suse
NVD GitHub VulDB
EPSS 0% 4.8 CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

Chrome's V8 JavaScript engine contains an inappropriate implementation (CVE-2026-3910, CVSS 8.8) that allows remote attackers to execute arbitrary code within the browser sandbox via crafted HTML pages. KEV-listed with public PoC, this V8 vulnerability affects all Chromium-based browsers and enables drive-by exploitation through any web page containing malicious JavaScript.

Google RCE Buffer Overflow +3
NVD VulDB GitHub
EPSS 0% 4.8 CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

Google Chrome's Skia graphics library contains an out-of-bounds write (CVE-2026-3909, CVSS 8.8) enabling remote attackers to perform memory corruption through crafted HTML pages. KEV-listed with public PoC and patches available, this vulnerability in the core graphics rendering engine affects all Chromium-based browsers.

Buffer Overflow Memory Corruption Google +3
NVD VulDB GitHub
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

SSRF in Centrifugo real-time messaging before 6.7.0.

SSRF Centrifugo Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Arbitrary file write vulnerability in Calibre's RocketBook input plugin enables attackers to write files to any location accessible by the Calibre process when a user opens or converts a malicious .rb file. The path traversal flaw affects versions prior to 9.5.0 and represents an unpatched instance of the same vulnerability class previously fixed in the PDB reader component. Local attackers can leverage this to corrupt files, modify configuration, or potentially achieve code execution depending on file system permissions.

Path Traversal Calibre Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service vulnerability in CairoSVG (Python SVG rendering library) caused by exponential amplification through recursive <use> SVG elements without depth limits. An attacker can cause 100% CPU exhaustion indefinitely with a tiny 1,411-byte SVG file, affecting any service that processes SVG input (thumbnails, PDFs, avatars). A working proof-of-concept is publicly available, patches have been released, and while not in KEV, the vulnerability has a 7.5 CVSS score with network-based, unauthenticated exploitation.

Denial Of Service Python Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A validation bypass in the chunked file upload completion logic for file requests allows attackers to circumvent per-request file size limits by splitting oversized files into smaller chunks that individually pass validation. Attackers with access to a public file request link can sequentially upload chunks to exceed the administrator-configured MaxSize limit, uploading files up to the server's global MaxFileSizeMB threshold. This enables unauthorized storage consumption and potential service disruption through storage exhaustion, though no data exposure or privilege escalation occurs; the vulnerability carries a CVSS score of 4.3 with EPSS and KEV status not currently indicated as critical, suggesting limited real-world exploitation pressure despite straightforward attack mechanics.

Information Disclosure Privilege Escalation Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Denial-of-service vulnerability in Gokapi, a file-sharing server, wherein an authenticated attacker can send unbounded request bodies to an API endpoint without size restrictions, causing out-of-memory (OOM) conditions that crash the service and deny access to all users. The vulnerability requires valid authentication credentials but no special privileges, and is classified as high-severity (CVSS 6.5) due to guaranteed availability impact. Patch availability exists in version 2.2.4 and later.

Denial Of Service Suse
NVD GitHub VulDB
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

An insufficient authorization check in a file replace API allows authenticated users with basic list and replace permissions to delete other users' files by abusing the deleteNewFile flag, bypassing the intended delete permission requirement. This affects any system implementing this vulnerable API pattern where permission checks are not properly enforced at the API endpoint level. While the CVSS score of 4.1 is moderate, the vulnerability requires high privilege level (authenticated user with PERM_REPLACE and PERM_LIST) and results in integrity impact through unauthorized file deletion across user boundaries.

Authentication Bypass Suse
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

SFTPGo versions before v2.7.1 suffer from improper input validation in dynamic group path handling, where placeholder substitution (e.g., %username%) fails to sanitize relative path traversal sequences. An authenticated attacker with user creation privileges can craft a malicious username containing path traversal components (such as ../) to escape the intended directory structure and access parent directories, achieving unauthorized directory traversal with low to moderate impact on confidentiality and integrity. The vulnerability requires authenticated access and is not listed as actively exploited in known exploit databases, though the fix availability and moderate CVSS score suggest it warrants prompt patching.

Information Disclosure Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

SFTPGo versions prior to 2.7.1 contain a path normalization vulnerability (CWE-22: Improper Limitation of a Pathname to a Restricted Directory) that allows authenticated attackers to bypass folder-level permissions and escape Virtual Folder boundaries through crafted file paths. An attacker with valid credentials can exploit this authorization bypass to access files and directories beyond their intended scope. The vulnerability has been patched in version 2.7.1 with strict edge-level path normalization, and while no public POC or KEV status has been disclosed, the CVSS 5.3 (network-accessible, low complexity) and requirement for prior authentication suggest this is a real but moderate-priority issue.

Canonical Path Traversal Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

FreeRDP versions prior to 3.24.0 contain an out-of-bounds read vulnerability in MS-ADPCM and IMA-ADPCM audio decoders that allows unauthenticated remote attackers to read sensitive information from process memory. The vulnerability affects all FreeRDP installations using these audio codecs; an attacker can trigger the flaw by providing specially crafted audio data during RDP session establishment, potentially disclosing confidential data such as credentials or session tokens without requiring privileges or interaction beyond basic RDP connection initiation.

Buffer Overflow Information Disclosure Freerdp +2
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A denial of service vulnerability in FreeRDP (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Denial Of Service Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Size_t integer underflow vulnerability in FreeRDP's IMA-ADPCM and MS-ADPCM audio decoders that triggers a heap buffer overflow write via the RDPSND audio channel. All FreeRDP versions prior to 3.24.0 are affected. An unauthenticated remote attacker can exploit this vulnerability over the network without user interaction to cause information disclosure and data corruption, though not denial of service based on the CVSS impact ratings.

Buffer Overflow Integer Overflow Freerdp +2
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

FreeRDP versions prior to 3.24.0 contain a client-side heap out-of-bounds read/write vulnerability in the bitmap cache subsystem caused by an off-by-one boundary check error. A malicious RDP server can exploit this by sending a specially crafted CACHE_BITMAP_ORDER (Rev1) packet with cacheId equal to maxCells, allowing access to memory one element past the allocated array boundary. This vulnerability affects FreeRDP clients connecting to untrusted or compromised servers and could lead to information disclosure or denial of service, though the CVSS score of 5.3 and lack of confidentiality impact suggest limited real-world severity.

Memory Corruption Buffer Overflow Freerdp +2
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A client-side heap buffer overflow vulnerability exists in FreeRDP's AVC420/AVC444 YUV-to-RGB color space conversion code due to missing horizontal bounds validation of H.264 metablock region coordinates. FreeRDP versions prior to 3.24.0 are affected, allowing a malicious RDP server to trigger out-of-bounds memory writes via specially crafted WIRE_TO_SURFACE_PDU_1 packets with oversized regionRects left coordinates, resulting in denial of service through heap corruption. The vulnerability requires no user interaction or authentication and has a CVSS score of 5.3 with EPSS risk classification indicating moderate exploitation likelihood; no public exploit code is known to exist at this time.

Buffer Overflow Memory Corruption Freerdp +2
NVD GitHub VulDB
Prev Page 35 of 104 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy