By severity

Medium-severity vulnerabilities

CVEs rated Medium by CVSS, with SEC.co remediation and prioritization guidance.

964 published vulnerabilities · page 10 of 10

  • CVE-2026-48092MEDIUM 4.3

    7-Zip versions 9.34 through 26.00 contain a flaw in how they process SquashFS archive files that can leak sensitive data from memory when extracting files. The vulnerability exists only in 32-bit builds of 7-Zip and requires an attacker to craft a malicious archive with specially modified metadata. When a user extracts such an archive, heap memory contents that should remain private are instead written into the extracted file, potentially exposing passwords, encryption keys, or other sensitive information stored in memory. The issue stems from integer arithmetic wrapping that bypasses safety checks. Users on 64-bit systems are not affected.

  • CVE-2026-48103MEDIUM 4.3

    7-Zip versions 9.34 through 26.00 contain a memory read vulnerability in the WIM (Windows Imaging Format) archive handler. When processing specially crafted WIM files, the software reads a small amount of data just beyond an allocated memory region due to an off-by-one error in bounds checking. This occurs automatically in the file manager when listing directory contents, requiring only that a user open or preview a malicious WIM file. The practical impact is limited to crashes or potential minor leaks of adjacent memory; no file corruption or system compromise is possible through this flaw alone.

  • CVE-2026-48111MEDIUM 4.3

    7-Zip versions 9.21 through 26.00 contain a boundary-checking flaw in their UEFI firmware image parser. When processing certain archive sections, the parser uses an incorrect comparison operator that allows a malicious opcode value to read data beyond an array's bounds. This can either crash the application when the out-of-bounds memory is invalid, or leak small amounts of adjacent string data into the archive's metadata. The flaw is triggered automatically when opening a specially crafted archive file, but the leaked information is limited and does not expose sensitive data or memory layout information.

  • CVE-2026-48810MEDIUM 4.3

    FreeScout, a free help desk platform built on Laravel, contains an authorization flaw in version 1.8.220 and earlier. A user with conversation editing permissions who authored a message in one mailbox can edit that message's content even after an administrator removes them from that mailbox. The vulnerability exploits a gap in access controls: the system verifies the user created the message and has the global edit permission, but fails to confirm the user still belongs to the mailbox where the conversation lives. This allows former mailbox members to alter thread history and potentially mislead team members or customers.

  • CVE-2026-48811MEDIUM 4.3

    FreeScout, an open-source helpdesk and shared inbox platform, contains a flaw that allows former team members to permanently delete internal notes—even after their access to the mailbox has been revoked. A non-admin user who previously created private threads in a conversation can return and destroy those notes without authorization, because the system fails to verify whether the user still belongs to the mailbox. This affects FreeScout versions before 1.8.221.

  • CVE-2026-4888MEDIUM 4.3

    Everest Forms, a popular WordPress form-building plugin, contains a security flaw that allows low-privilege logged-in users to send emails from your website to anyone they choose. Any user with Subscriber access or higher can exploit this by calling an internal email-testing function without proper permission checks. This doesn't require clicking malicious links or advanced technical skills—just authenticated access to your WordPress admin panel.

  • CVE-2026-49140MEDIUM 4.3

    Nanobot versions before 0.2.1 have a denial-of-service flaw in how they handle media downloads from Matrix chat rooms. An authenticated user in a room can deliberately send specially crafted media events with missing or wrong size information, causing the system to download large files without properly checking their declared sizes first. By sending many of these malicious requests at once, an attacker can force the Nanobot process to consume excessive memory and bandwidth until the service becomes slow or unresponsive. The attacker must already be a member of the room to exploit this.

  • CVE-2026-49322MEDIUM 4.3

    The 2025 Indian Motorcycle Scout Bobber + Tech model contains a flaw in its wireless control system that allows someone with access to the motorcycle's internal network to steal the owner's PIN unlock code by observing just a single authentication attempt. Instead of using proper cryptographic security, the system performs simple mathematical operations that can be reversed to recover the PIN, completely bypassing the bike's primary security lock.

  • CVE-2026-49323MEDIUM 4.3

    The 2025 Indian Motorcycle Scout Bobber + Tech model contains a flaw in how its wireless control module authenticates with the engine control module. An attacker positioned on the vehicle's internal network can intercept a single authentication exchange and reverse-engineer the motorcycle's immobilizer secret—the cryptographic key that prevents unauthorized engine starts. Once recovered, the attacker can bypass the immobilizer entirely and start the engine without the key fob.

  • CVE-2026-49369MEDIUM 4.3

    JetBrains YouTrack versions before 2026.1.13162 contained a flaw that allowed authenticated users to access sensitive information about other users and groups they shouldn't be able to see. The vulnerability is limited to the Users and Groups administrative pages and requires valid login credentials to exploit. This is a straightforward authorization issue where the application failed to properly restrict who could view certain user and group data.

  • CVE-2026-49377MEDIUM 4.3

    JetBrains TeamCity contains a configuration flaw where default agent parameters inadvertently expose sensitive data to authenticated users. An attacker with valid login credentials can access information through TeamCity's agent configuration that should remain restricted. This is a network-accessible issue affecting TeamCity deployments before version 2025.11.2, though the vulnerability requires prior authentication to exploit.

  • CVE-2026-49378MEDIUM 4.3

    JetBrains TeamCity contained a vulnerability where stored credentials could be inadvertently exposed through the parameter autocompletion feature. When users typed in parameter fields, the system would suggest previously stored credential values, potentially revealing sensitive authentication data to anyone with access to the TeamCity interface. This issue affects TeamCity versions prior to 2026.1 and requires an authenticated user to interact with the affected feature. The exposure is limited to local disclosure within the TeamCity environment rather than remote exfiltration.

  • CVE-2026-7047MEDIUM 4.3

    The Frontend User Notes plugin for WordPress contains a cross-site request forgery (CSRF) vulnerability affecting all versions through 2.1.1. An attacker can craft a malicious webpage that, when visited by a logged-in WordPress user, silently overwrites that user's own notes without their knowledge or consent. The attack requires social engineering—tricking the victim into clicking a link or visiting a malicious site—but once successful, allows unauthorized modification of the victim's note content. Importantly, the vulnerability is self-contained: attackers cannot use it to tamper with other users' notes, only those belonging to the person they've tricked.

  • CVE-2026-7523MEDIUM 4.3

    The Alba Board plugin for WordPress contains a flaw that allows attackers to bypass access controls and view sensitive project information they shouldn't be able to see. An authenticated user with basic subscriber access can retrieve private card data—titles, descriptions, due dates, and comments—that should be restricted to administrators and editors only. More critically, the vulnerability can be exploited by unauthenticated site visitors if the Alba Board shortcode appears anywhere on the website, because the security token (nonce) is exposed in the page source. All versions up to and including 2.1.3 are affected.

  • CVE-2026-7526MEDIUM 4.3

    The PDF Embedder plugin for WordPress contains a flaw that allows authenticated users with basic contributor permissions or higher to access sensitive configuration information. If the premium add-on is installed with a saved license key, that key can be exposed; on free installations, the exposure is limited to non-sensitive viewer settings like dimensions and toolbar options. An attacker would need valid WordPress login credentials at the contributor level or above to exploit this, but no user interaction or network complexity is required once authenticated.

  • CVE-2026-7533MEDIUM 4.3

    The Easy Digital Downloads plugin for WordPress contains a security flaw that allows attackers to hijack a store's Square payment processing account. An attacker can send a malicious link to a WordPress administrator; if clicked while logged in, the link silently changes the store's Square payment credentials to attacker-controlled ones, redirecting future payments to the attacker. The vulnerability exists because the plugin does not verify that payment configuration requests come from legitimate, authorized actions—a standard web security practice called CSRF protection.

  • CVE-2026-7621MEDIUM 4.3

    The SMTP2GO for WordPress plugin contains an authorization flaw that allows any logged-in user with subscriber-level permissions or higher to delete all SMTP email logs from the database or export sensitive email records to CSV format. This affects all versions up to 1.16.0 and exposes recipient addresses, sender information, message subjects, and API response data. An attacker with basic user access can perform these destructive and data-exfiltration actions without additional authentication checks.

  • CVE-2026-7624MEDIUM 4.3

    The Squirrly SEO plugin for WordPress has an access control flaw that allows lower-privileged users to perform actions meant only for administrators. Specifically, a contributor-level user can disconnect the website from Google Search Console and Google Analytics by invoking backend API calls that should be blocked. This is a privilege escalation issue affecting all versions up to 12.4.16.

  • CVE-2026-8422MEDIUM 4.3

    The Remove meta boxes per user role WordPress plugin contains a security flaw that allows attackers to change how meta boxes (content panels) are hidden or shown for different user roles on a WordPress site. An attacker can't do this directly, but by tricking a site administrator into clicking a malicious link, the attacker can force the admin's browser to make unauthorized changes to these visibility settings. The vulnerability affects all versions up to and including 1.01.

  • CVE-2026-8611MEDIUM 4.3

    A WordPress plugin called Klamra Paycal for Aspaclaria contains a flaw that allows authenticated users with subscriber-level permissions to access and download invoices belonging to other customers. The vulnerability stems from insufficient access controls on invoice retrieval—an attacker can simply modify an invoice identifier in a request to view sensitive billing data from any customer, including names, email addresses, phone numbers, order amounts, and internal notes. No special privileges or user interaction are required beyond basic authenticated access.

  • CVE-2026-8682MEDIUM 4.3

    The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On WordPress plugin contains a flaw that allows users with basic subscriber access to change critical plugin settings they should not be able to modify. An authenticated attacker can bypass authorization checks to write arbitrary data directly to the plugin's configuration stored in the database, potentially affecting how the 3D viewer and virtual try-on features function across the site.

  • CVE-2026-8689MEDIUM 4.3

    The Visualizer: Tables and Charts Manager WordPress plugin contains an authorization bypass flaw that allows logged-in users with minimal privileges (Subscriber level and above) to create chart posts without proper permission checks and to view or modify charts belonging to other users, including site administrators. The vulnerability affects all versions through 3.11.14 and stems from missing capability validation in two critical AJAX functions. While the flaw requires an authenticated account, the low barrier to entry and potential for unauthorized data access make it a meaningful risk for multi-user WordPress installations.

  • CVE-2026-8976MEDIUM 4.3

    The RSS Aggregator by Feedzy plugin for WordPress fails to properly verify user permissions, allowing contributors and higher-level users to perform administrative actions they shouldn't be able to access. An authenticated attacker with basic contributor rights can create RSS import jobs, delete all posts from any import, clear error logs, and view sensitive taxonomy and post metadata information. The vulnerability is particularly dangerous because the security token needed to perform these actions is automatically exposed to anyone who can edit posts through the block editor interface—no additional hacking or theft is required.

  • CVE-2026-8995MEDIUM 4.3

    The Poll Maker – Versus Polls plugin for WordPress has a flaw that lets logged-in users see sensitive account information they shouldn't access, including password hashes. The vulnerability stems from an AJAX endpoint that returns the entire WordPress user object without proper security checks. Any subscriber or higher can call this endpoint and retrieve not just their own data, but potentially others' account details including email addresses, registration dates, roles, and capabilities. While the exposure doesn't immediately compromise an account, the password hash data could be targeted by offline cracking attempts.

  • CVE-2026-9008MEDIUM 4.3

    The Page-list plugin for WordPress contains an authorization flaw in its shortcode feature that allows authenticated users with contributor-level or higher permissions to view sensitive content they shouldn't be able to access. By inserting a specially crafted shortcode into a draft post and previewing it, attackers can extract titles, body text, and metadata from private or draft pages across the entire site. The vulnerability exists because the plugin doesn't verify whether the current user is permitted to view the pages being queried.

  • CVE-2026-9015MEDIUM 4.3

    The Equalize Digital Accessibility Checker plugin for WordPress contains a flaw that allows users with basic subscriber access to modify accessibility audit findings they shouldn't be able to touch. An authenticated attacker can change whether issues are marked as ignored, alter the reason for ignoring them, and add comments to any accessibility finding on the site. In some cases, they can perform bulk modifications across multiple related findings at once. This means someone with minimal privileges could systematically hide or dismiss accessibility compliance problems, undermining the integrity of WCAG and ADA audit records without proper authorization.

  • CVE-2026-9048MEDIUM 4.3

    Slider Revolution, a popular WordPress plugin, contains a vulnerability that allows authenticated users with basic contributor privileges to view sensitive social media API credentials through a specific AJAX action. An attacker with contributor-level access or higher can call the 'slider.get.full' AJAX action to retrieve raw API tokens and keys—including Instagram OAuth tokens, Flickr API keys, YouTube Data API credentials, and Facebook App IDs—that have been configured within slider settings. This exposure affects plugin versions 7.0.0 through 7.0.14.

  • CVE-2026-9050MEDIUM 4.3

    Slider Revolution, a popular WordPress plugin, contains a flaw that allows contributors and higher-privileged users to disable any plugin on a WordPress site without proper authorization checks. An attacker with basic contributor access—a common account level in multi-author sites—can leverage this to shut down security plugins, backup solutions, or other critical extensions. The vulnerability affects versions 6.0.0 through 6.7.55 and 7.0.0 through 7.0.14.

  • CVE-2026-9228MEDIUM 4.3

    A WordPress plugin called Timetable and Event Schedule by MotoPress has a flaw that allows users with contributor-level access or higher to see confidential information they shouldn't have access to. Specifically, they can view drafts, pending reviews, and private event posts created by other users, including the content, excerpts, and author information. The vulnerability stems from the plugin failing to properly validate user input when retrieving event data, making it possible to directly access posts by guessing or enumerating their IDs.

  • CVE-2026-9234MEDIUM 4.3

    The JTL-Connector for WooCommerce plugin contains authorization flaws that allow low-privileged WordPress users (Subscriber level and above) to perform administrative actions without proper permission checks. Specifically, attackers can change plugin configuration, download sensitive log files containing developer information, and delete those logs. This bypasses WordPress's built-in permission model and could lead to configuration tampering or information disclosure.

  • CVE-2026-9241MEDIUM 4.3

    The FOX – Currency Switcher Professional for WooCommerce plugin contains a flaw that lets authenticated users trick the system into thinking they have higher privileges than they actually do. By manipulating a request parameter, a subscriber-level user can impersonate a wholesale customer or administrator to access pricing they shouldn't be able to see. This only matters if your store uses the fixed user-role pricing feature and has set special prices for privileged customer types.

  • CVE-2026-9599MEDIUM 4.3

    The Tectite Forms plugin for WordPress contains a Cross-Site Request Forgery (CSRF) vulnerability affecting all versions through 1.3. An attacker can trick a site administrator into clicking a malicious link, which then allows the attacker to change the plugin's settings without the administrator's knowledge. This could include modifying the tectite_forms_button option or other plugin configurations. The vulnerability requires social engineering but poses a real risk to WordPress sites using this plugin.

  • CVE-2026-9618MEDIUM 4.3

    The PeachPay plugin for WordPress, which integrates payment processing for Stripe, PayPal, Square, and other providers, contains a cross-site request forgery (CSRF) vulnerability in all versions up to 1.120.46. An attacker can craft a malicious link or webpage that, when clicked by a site administrator, silently deletes all stored Stripe credentials from the site's database without the administrator's knowledge or consent. This disables Stripe payments immediately and requires the administrator to reconfigure the integration. The attack requires social engineering to trick an admin into clicking the link, but requires no special authentication or technical sophistication once the admin takes the bait.

  • CVE-2026-9719MEDIUM 4.3

    The LatePoint WordPress plugin, which handles calendar booking and appointment scheduling, contains a security flaw that allows attackers to manipulate invoice statuses without proper authorization. An attacker can craft a malicious link or webpage and, if they trick a WordPress administrator into clicking it, change the status of any invoice—including fraudulently marking unpaid invoices as paid. This works because the plugin fails to properly validate requests before processing status changes.

  • CVE-2026-9722MEDIUM 4.3

    The Laiser Tag plugin for WordPress contains a cross-site request forgery (CSRF) vulnerability affecting all versions through 1.2.5. An attacker can craft a malicious link or webpage that, when clicked by a site administrator, silently modifies critical plugin settings without the administrator's knowledge or consent. This includes changes to API keys, tag filtering rules, and tagging behavior—settings that directly control how the plugin functions across the site.

  • CVE-2026-9723MEDIUM 4.3

    The Google Plus One Bottom plugin for WordPress contains a cross-site request forgery (CSRF) flaw that allows attackers to manipulate plugin settings without proper authorization. An attacker can craft a malicious link or web page that, when clicked by a site administrator, will change critical plugin configuration options—such as language preferences, callback functions, and URLs—without the administrator's knowledge or consent. This attack requires social engineering to trick an admin into clicking the malicious link, but requires no authentication or technical exploit code to execute.

  • CVE-2026-9730MEDIUM 4.3

    The Remove NoFollow Commenter URL plugin for WordPress contains a cross-site request forgery (CSRF) vulnerability that allows unauthenticated attackers to change how the plugin displays comments. An attacker can craft a malicious link or webpage that, when clicked by a WordPress site administrator, silently modifies the plugin's comment settings without the administrator's knowledge or consent. This requires social engineering to trick an admin into visiting the attacker's content, but requires no special technical skills to exploit once that condition is met.

  • CVE-2026-9732MEDIUM 4.3

    The EmergencyWP plugin for WordPress has a security flaw that allows attackers to change important plugin settings without authorization. An attacker would need to trick a WordPress site administrator into clicking a malicious link, but if successful, they could alter access controls, email addresses, and other critical configurations. This is a cross-site request forgery (CSRF) vulnerability caused by the plugin failing to properly validate requests before processing them.

  • CVE-2026-9791MEDIUM 4.3

    An authenticated user who belongs to a Keycloak organization can request tokens or access APIs in ways that expose organization metadata, even after an administrator has turned off the Organizations feature. This metadata leakage could cause downstream applications (resource servers) to make incorrect access control decisions based on stale or unintended organization information.

  • CVE-2026-9798MEDIUM 4.3

    Keycloak's account lockout feature, which temporarily disables accounts after repeated failed login attempts, can be bypassed when an attacker possesses valid client credentials. By using the Client-Initiated Backchannel Authentication (CIBA) flow—a legitimate OAuth 2.0 feature—attackers can circumvent the lockout and continue attempting to authenticate or obtain tokens. This undermines brute-force protection and creates a secondary path for unauthorized access once the attacker has obtained initial client credentials.

  • CVE-2026-9807MEDIUM 4.3

    GitLab has patched a flaw in its Community and Enterprise editions where a Project Access Token that was supposed to be blocked could still access private project resources. This happened because the authorization checks weren't applied correctly when a token was revoked or blocked. An authenticated user with permissions to create or manage tokens could potentially exploit this before the fix was released, though the vulnerability requires prior login access and the attacker would need knowledge of or ability to create a blocked token.

  • CVE-2026-9907MEDIUM 4.3

    A memory read vulnerability in Google Chrome's Dawn graphics component allows attackers to access sensitive data from different website origins. An attacker can craft a malicious web page that, when visited by a user, tricks Chrome into reading memory beyond intended boundaries and leaking information from other websites the user may have open. This affects Windows systems running Chrome versions prior to 148.0.7778.216.

  • CVE-2026-9911MEDIUM 4.3

    CVE-2026-9911 is a memory safety issue in the ANGLE graphics library used by Google Chrome. When a user visits a specially crafted webpage, an attacker can read small amounts of sensitive data from the browser's memory. The vulnerability requires user interaction—visiting the malicious page—but needs no special permissions or browser configuration to exploit. While the data exposure is limited in scope, it could leak sensitive information like passwords, tokens, or cached credentials stored in memory.

  • CVE-2026-9913MEDIUM 4.3

    A flaw in the ANGLE graphics library component of Google Chrome prior to version 148.0.7778.216 could allow an attacker to access memory outside intended bounds when a user visits a malicious website. The vulnerability requires user interaction (visiting a crafted page) but does not require special privileges. Potential impacts include disclosure of sensitive information, though the attacker cannot modify data or crash the browser directly through this flaw.

  • CVE-2026-9919MEDIUM 4.3

    A WebGL processing flaw in Google Chrome for Android allows attackers to read data they shouldn't have access to by tricking users into visiting a malicious webpage. The vulnerability exists in how Chrome handles certain graphics operations and can leak information across website boundaries, but only affects the Android version of Chrome and requires user interaction to exploit.

  • CVE-2026-9921MEDIUM 4.3

    Google Chrome on Android contains a flaw in its WebGL graphics processing where memory buffers may not be properly initialized before use. An attacker can exploit this by crafting a malicious HTML page that, when visited, allows them to read sensitive information from other websites—a cross-origin data leak. The vulnerability requires user interaction (clicking a link or viewing a page) but does not require special privileges or complex attack setup.

  • CVE-2026-9929MEDIUM 4.3

    A flaw in how Google Chrome on Android handles WebGL—a technology that enables 3D graphics in web browsers—could allow an attacker to trick a user into visiting a malicious webpage and expose data from other websites the user has open. The attacker cannot force this to happen; the user must interact with the page, such as by clicking or scrolling. This is a cross-origin data leak, meaning sensitive information from one domain could become visible to JavaScript code running on an attacker's domain.

  • CVE-2026-9930MEDIUM 4.3

    An out-of-bounds write vulnerability exists in the Dawn graphics component of Google Chrome on macOS. An attacker can craft a malicious HTML page that, when viewed by a user, writes data to memory locations outside the intended bounds of a buffer. This memory corruption could allow an attacker to modify sensitive data or potentially achieve code execution, though the CVSS assessment indicates the integrity impact is limited. The vulnerability requires user interaction—the victim must visit or be directed to the malicious page—and affects Chrome versions prior to 148.0.7778.216 on macOS.

  • CVE-2026-9935MEDIUM 4.3

    CVE-2026-9935 is a memory safety issue in Google Chrome's ANGLE graphics library that allows attackers to steal sensitive data from other websites. When you visit a malicious webpage, an attacker can craft it to leak information that should be isolated to other sites you have open. The vulnerability requires user interaction—you must visit the attack page—but the bar for exploitation is otherwise low. Google has classified this as High severity internally, though the CVSS score reflects a more limited scope.

  • CVE-2026-9943MEDIUM 4.3

    A memory access flaw in Google Chrome's WebGL implementation on Android allows attackers to read data from other websites through a specially crafted web page. When a user visits the malicious page, the attacker can extract information (such as authentication tokens, session cookies, or sensitive content) from sites the user is logged into. This is a cross-origin data leak—meaning the attacker can access information meant to be isolated to other domains.

  • CVE-2026-9955MEDIUM 4.3

    A vulnerability in Google Chrome on iOS versions before 148.0.7778.216 allows attackers to extract sensitive information from websites the user visits. An attacker would craft a malicious webpage and trick a user into visiting it; the page can then read data intended to be private to other websites. This is a cross-origin data leak—a violation of the browser's same-origin policy that normally prevents websites from accessing each other's information.

  • CVE-2026-48104MEDIUM 4.2

    7-Zip versions 9.18 through 26.00 contain a memory safety bug in the SquashFS archive handler that can crash the application or leak heap information when processing a specially crafted archive file. The vulnerability stems from uninitialized memory left in an internal index structure; an attacker can craft a SquashFS archive that causes the handler to read from these uninitialized slots and potentially dereference invalid pointers during directory parsing. The issue is triggered automatically when you open the malicious file—no user interaction beyond that is required. The impact is limited to denial of service and potential information disclosure; the attacker cannot modify files or escalate privileges.

  • CVE-2026-48522MEDIUM 4.2

    PyJWT, a widely-used Python library for JSON Web Token handling, has a vulnerability in versions before 2.13.0 where it blindly accepts any URL scheme when fetching public key sets (JWKS). An attacker who can influence the URL used to fetch these keys—through JWT headers, configuration, or OAuth parameters—can trick the application into reading local files, attempting unusual protocol connections (FTP, data URIs), or in certain chained scenarios, forging valid tokens. The vulnerability requires specific conditions: the attacker must control the URL source, and token forgery scenarios require additional application-layer flaws like writable filesystem access.

  • CVE-2026-9986MEDIUM 4.2

    CVE-2026-9986 is a UI spoofing vulnerability in Google Chrome's OptimizationGuide component that could let an attacker deceive users about what they're seeing on a webpage. The vulnerability requires the attacker to have already compromised Chrome's rendering process—the engine that draws web content. While this limits the immediate attack scope, it represents a meaningful escalation risk for adversaries who have achieved code execution in that sandboxed component. The flaw stems from inadequate validation of user-supplied input before it's used to generate on-screen elements.

  • CVE-2024-47263MEDIUM 4.1

    A path traversal flaw in Synology Hyper Backup's web API allows administrators who already have legitimate access to write files outside their intended directory. The vulnerability is constrained to non-sensitive file types, limiting immediate damage, but represents a control-boundary weakness that could enable privilege misuse or lateral movement in environments where admin accounts are compromised or where insider threat is a concern.

  • CVE-2026-10052MEDIUM 4.1

    Quay's configuration tool contains a weakness in how it validates LDAP and SMTP settings. When a configuration editor supplies endpoints for these services, the tool connects to them without restricting which IP addresses or hostnames are allowed. An attacker with config editor privileges can abuse this to make the Quay container reach internal network resources, allowing them to map and discover the organization's internal infrastructure from inside the cluster's network position.

  • CVE-2026-37700MEDIUM 4.1

    MaxSite CMS version 109.2 contains a cross-site scripting (XSS) vulnerability in its backend file upload feature that allows authenticated attackers to inject malicious scripts. When an administrator performs a file upload through the admin page endpoint, an attacker with login credentials could craft a request that executes JavaScript in the victim's browser, potentially exposing sensitive information displayed during the upload process.

  • CVE-2026-42401MEDIUM 4.1

    CVE-2026-42401 is a stored HTML injection vulnerability in Kibana that allows an attacker with write access to an Elasticsearch index to inject malicious markup. When other users view the affected Kibana dashboard or visualization, the injected code is not properly sanitized before rendering in their browser. This can enable unauthorized UI changes and cause the victim's browser to make unintended outbound network requests on their behalf.

  • CVE-2019-25723MEDIUM 4.0

    Dräger Perseus A500 ventilators running software versions 2.00 through 2.02 are vulnerable to a denial-of-service attack. An attacker on the network can send malformed data through the Medibus medical interface to crash the device's processor, forcing a warm restart. During this restart—which lasts several seconds—ventilation pressure drops to ambient level, temporarily interrupting therapy delivery before the device recovers. This is a network-accessible vulnerability with no authentication required, making it a genuine concern for clinical environments.

  • CVE-2019-25734MEDIUM 4.0

    Contact Form by WD version 1.13.1 has a security flaw that combines two weaknesses: a cross-site request forgery (CSRF) vulnerability and local file inclusion (LFI). An unauthenticated attacker can craft a malicious web form that, when visited by an admin, tricks the admin's browser into loading arbitrary files from the server using directory traversal sequences. This bypasses the normal authentication checks on certain WordPress AJAX actions, potentially exposing sensitive files.

  • CVE-2021-4479MEDIUM 4.0

    Dräger Atlan A350 patient monitoring devices running firmware versions 1.00 through 1.01 are vulnerable to a denial-of-service attack delivered through the Medibus network interface. An attacker can send malformed data packets that the device fails to validate properly, causing the internal processor to become overloaded. Over several hours, this degradation manifests as loss of data transmission capability, delays in displaying vital sign curves, and discrepancies between measured airway pressure and displayed values—conditions that could compromise clinical decision-making in critical care settings.

  • CVE-2026-10099MEDIUM 4.0

    XX-Net V5.16.6 has a flaw in how it processes WebSocket communications that causes data corruption. When a client sends WebSocket frames without proper masking, the server incorrectly interprets the first 4 bytes of the message as a mask key (even when masking wasn't used), then mangles the rest of the data by applying the wrong decryption. This results in corrupted data being processed by the application. The vulnerability affects local attack scenarios and has medium severity.

  • CVE-2026-10998MEDIUM 4.0

    CVE-2026-10998 is a memory safety issue in Google Chrome's media handling code that allows an attacker positioned on the same local network to read data from memory locations they shouldn't have access to. The vulnerability exists in Chrome versions before 149.0.7827.53. An attacker would need to send specially crafted network traffic to trigger an out-of-bounds read, which could potentially expose sensitive information resident in the browser's memory. This is a local-network-only threat, meaning the attacker must be on your network segment to exploit it.

  • CVE-2026-28581MEDIUM 4.0

    A logic error in Android's call processing code allows an application to initiate emergency calls without proper authorization checks. The vulnerability stems from inadequate validation in the CallIntentProcessor when determining the initiating user, potentially enabling an app to trigger emergency dialing functionality that should be restricted. No user interaction is required for exploitation, and the issue affects multiple Android versions.