By year
Vulnerabilities disclosed in 2026
CVEs published in 2026 with SEC.co analysis.
2448 published vulnerabilities · page 24 of 25
- CVE-2026-48522MEDIUM 4.2
PyJWT, a widely-used Python library for JSON Web Token handling, has a vulnerability in versions before 2.13.0 where it blindly accepts any URL scheme when fetching public key sets (JWKS). An attacker who can influence the URL used to fetch these keys—through JWT headers, configuration, or OAuth parameters—can trick the application into reading local files, attempting unusual protocol connections (FTP, data URIs), or in certain chained scenarios, forging valid tokens. The vulnerability requires specific conditions: the attacker must control the URL source, and token forgery scenarios require additional application-layer flaws like writable filesystem access.
- CVE-2026-9986MEDIUM 4.2
CVE-2026-9986 is a UI spoofing vulnerability in Google Chrome's OptimizationGuide component that could let an attacker deceive users about what they're seeing on a webpage. The vulnerability requires the attacker to have already compromised Chrome's rendering process—the engine that draws web content. While this limits the immediate attack scope, it represents a meaningful escalation risk for adversaries who have achieved code execution in that sandboxed component. The flaw stems from inadequate validation of user-supplied input before it's used to generate on-screen elements.
- CVE-2024-47263MEDIUM 4.1
A path traversal flaw in Synology Hyper Backup's web API allows administrators who already have legitimate access to write files outside their intended directory. The vulnerability is constrained to non-sensitive file types, limiting immediate damage, but represents a control-boundary weakness that could enable privilege misuse or lateral movement in environments where admin accounts are compromised or where insider threat is a concern.
- CVE-2026-10052MEDIUM 4.1
Quay's configuration tool contains a weakness in how it validates LDAP and SMTP settings. When a configuration editor supplies endpoints for these services, the tool connects to them without restricting which IP addresses or hostnames are allowed. An attacker with config editor privileges can abuse this to make the Quay container reach internal network resources, allowing them to map and discover the organization's internal infrastructure from inside the cluster's network position.
- CVE-2026-37700MEDIUM 4.1
MaxSite CMS version 109.2 contains a cross-site scripting (XSS) vulnerability in its backend file upload feature that allows authenticated attackers to inject malicious scripts. When an administrator performs a file upload through the admin page endpoint, an attacker with login credentials could craft a request that executes JavaScript in the victim's browser, potentially exposing sensitive information displayed during the upload process.
- CVE-2026-42401MEDIUM 4.1
CVE-2026-42401 is a stored HTML injection vulnerability in Kibana that allows an attacker with write access to an Elasticsearch index to inject malicious markup. When other users view the affected Kibana dashboard or visualization, the injected code is not properly sanitized before rendering in their browser. This can enable unauthorized UI changes and cause the victim's browser to make unintended outbound network requests on their behalf.
- CVE-2019-25723MEDIUM 4.0
Dräger Perseus A500 ventilators running software versions 2.00 through 2.02 are vulnerable to a denial-of-service attack. An attacker on the network can send malformed data through the Medibus medical interface to crash the device's processor, forcing a warm restart. During this restart—which lasts several seconds—ventilation pressure drops to ambient level, temporarily interrupting therapy delivery before the device recovers. This is a network-accessible vulnerability with no authentication required, making it a genuine concern for clinical environments.
- CVE-2019-25734MEDIUM 4.0
Contact Form by WD version 1.13.1 has a security flaw that combines two weaknesses: a cross-site request forgery (CSRF) vulnerability and local file inclusion (LFI). An unauthenticated attacker can craft a malicious web form that, when visited by an admin, tricks the admin's browser into loading arbitrary files from the server using directory traversal sequences. This bypasses the normal authentication checks on certain WordPress AJAX actions, potentially exposing sensitive files.
- CVE-2021-4479MEDIUM 4.0
Dräger Atlan A350 patient monitoring devices running firmware versions 1.00 through 1.01 are vulnerable to a denial-of-service attack delivered through the Medibus network interface. An attacker can send malformed data packets that the device fails to validate properly, causing the internal processor to become overloaded. Over several hours, this degradation manifests as loss of data transmission capability, delays in displaying vital sign curves, and discrepancies between measured airway pressure and displayed values—conditions that could compromise clinical decision-making in critical care settings.
- CVE-2026-10099MEDIUM 4.0
XX-Net V5.16.6 has a flaw in how it processes WebSocket communications that causes data corruption. When a client sends WebSocket frames without proper masking, the server incorrectly interprets the first 4 bytes of the message as a mask key (even when masking wasn't used), then mangles the rest of the data by applying the wrong decryption. This results in corrupted data being processed by the application. The vulnerability affects local attack scenarios and has medium severity.
- CVE-2026-10998MEDIUM 4.0
CVE-2026-10998 is a memory safety issue in Google Chrome's media handling code that allows an attacker positioned on the same local network to read data from memory locations they shouldn't have access to. The vulnerability exists in Chrome versions before 149.0.7827.53. An attacker would need to send specially crafted network traffic to trigger an out-of-bounds read, which could potentially expose sensitive information resident in the browser's memory. This is a local-network-only threat, meaning the attacker must be on your network segment to exploit it.
- CVE-2026-28581MEDIUM 4.0
A logic error in Android's call processing code allows an application to initiate emergency calls without proper authorization checks. The vulnerability stems from inadequate validation in the CallIntentProcessor when determining the initiating user, potentially enabling an app to trigger emergency dialing functionality that should be restricted. No user interaction is required for exploitation, and the issue affects multiple Android versions.
- CVE-2026-30963LOW 3.9
Capsule is a Kubernetes framework that uses webhooks to prevent tenant administrators from hijacking namespaces—essentially taking control of cluster resources they shouldn't own. The framework checks most update requests, but it misses two specific APIs (namespace/status and namespace/finalize subresources) that can also change namespace ownership markers. Before version 0.13.0, a tenant admin with permission to use these subresources could bypass the webhook protection and seize a namespace. Version 0.13.0 patches this gap by ensuring the webhook intercepts both subresource types.
- CVE-2025-12656LOW 3.8
The WPvivid Backup & Migration plugin for WordPress contains a vulnerability that allows administrators to inadvertently (or maliciously) delete arbitrary directories from the server. The flaw lies in insufficient validation of file paths when canceling a staging site, meaning an authenticated admin could specify any folder path and have it removed. This is restricted to high-privilege accounts, but the impact—permanent data loss—is serious for affected organizations.
- CVE-2026-10299LOW 3.8
CVE-2026-10299 is a resource identifier control vulnerability in code-projects Online Hospital Management System version 1.0. An authenticated attacker with high-level privileges can manipulate the 'delid' parameter in the viewdoctortimings.php file to cause unintended modifications or deletion of data. While the flaw requires administrative or high-privilege access and carries a low CVSS score, the availability of public exploit code warrants attention in environments running this system.
- CVE-2026-40510LOW 3.8
OpenSC, a widely-used open-source smart card library, contains a stack buffer overflow flaw in how it processes the Key History Object from PIV (Personal Identity Verification) cards. An attacker with physical access to a system could craft a malicious smart card or USB device that returns an oversized URL field—exceeding 118 bytes—triggering memory corruption. This vulnerability requires the attacker to be physically present at the machine and involves user interaction, limiting its reach but posing a real concern in environments where untrusted hardware may be connected.
- CVE-2026-40528LOW 3.8
OpenSC, a widely-used open-source library for working with smart cards and cryptographic tokens, contains a buffer overflow vulnerability in its profile configuration parser. When OpenSC's pkcs15-init tool processes a maliciously crafted configuration file, it can be tricked into copying more data than a buffer can hold, corrupting memory. An attacker would need local access to supply the malicious file and convince a user to run the initialization tool, but successful exploitation could allow memory corruption and potential code execution.
- CVE-2026-45683LOW 3.8
OpenTelemetry eBPF Instrumentation versions prior to 0.9.0 contain a memory disclosure vulnerability in the Java TLS monitoring probe. The vulnerability stems from incorrect kernel memory access calls that allow a local attacker to read sensitive kernel memory and exfiltrate it through the instrumentation telemetry pipeline. This is a localized information disclosure risk that requires local process-level access to exploit.
- CVE-2026-6816LOW 3.8
Drupal's TFA Basic Plugins module contains a flaw that allows administrators with user management permissions to access or create recovery codes intended for other users. This bypasses the expected access controls around two-factor authentication recovery mechanisms. The vulnerability is restricted to versions 7.x-1.0 through 7.x-1.2, and exploitation requires administrative privileges, limiting its immediate threat to environments where admin accounts are already compromised or where trust boundaries have been violated.
- CVE-2025-52609LOW 3.7
HCL iControl is missing HTTP security headers that would instruct modern web browsers to block cross-site scripting (XSS) attacks. Without these headers—such as Content-Security-Policy or X-XSS-Protection—the application relies on older browser XSS filters that are inconsistently implemented and increasingly deprecated. An attacker could craft malicious input that, when processed by iControl, gets reflected in responses without proper sanitization, potentially allowing script execution in users' browsers.
- CVE-2026-10169LOW 3.7
A weakness in the password recovery feature of OUSL-GROUP-BrinaryBrains School Student Management System allows an attacker to manipulate the email parameter in the forgot password function, potentially leading to unauthorized password resets or account takeover. The vulnerability exists in the Login.php controller's ajax_forgot_password endpoint. While exploitable remotely, the attack requires specific conditions and is considered of low severity. Exploit code is publicly available, increasing risk of opportunistic attacks.
- CVE-2026-10216LOW 3.7
A vulnerability has been discovered in unitedbyai droidclaw version 0.5.3 and earlier that weakens authentication security on the claim endpoint. The flaw allows attackers to bypass rate limiting or account lockout protections during login attempts, potentially enabling brute-force attacks to guess user credentials. While a public exploit exists, the attack requires specific conditions and technical skill to execute successfully. The vendor has been notified but has not yet released a fix.
- CVE-2026-10300LOW 3.7
SGLang version 0.5.10.post1 contains a vulnerability in its inference HTTP endpoint that can be triggered by manipulating the lora_path argument. When an attacker provides a specially crafted lora_path value, the system reaches an assertion condition that causes the service to become unavailable. This is a remote vulnerability requiring network access, though the attack is complex to execute and not trivial to exploit in practice.
- CVE-2026-11555LOW 3.7
A privilege escalation vulnerability exists in D-Link's DGS-1100-08PD switch running firmware version 1.00.006. The issue resides in how the web interface processes the /etc/boa.conf configuration file, potentially allowing an attacker to modify system settings in ways that bypass normal access restrictions. While a public exploit exists, successful exploitation requires significant technical skill and specific conditions to align. The impact is limited to integrity violations—an attacker cannot read sensitive data or crash the device, only make unauthorized configuration changes.
- CVE-2026-24761LOW 3.7
CVE-2026-24761 is an authorization flaw in Kiteworks Secure Data Forms that allows authenticated users to view metadata belonging to other users. Because the system doesn't properly verify who owns a resource before allowing access, a legitimate user can craft requests to retrieve information about files and documents they shouldn't see. The vulnerability requires an attacker to already have valid credentials and involves a higher complexity of exploitation, which limits its risk profile. This affects Kiteworks versions before 9.3.0.
- CVE-2026-41848LOW 3.7
Spring Framework's AntPathMatcher component is susceptible to a Regular Expression Denial of Service (ReDoS) attack. If an attacker can control or influence URL path patterns processed by the matcher, they can craft a malicious pattern that causes excessive CPU consumption, potentially degrading application performance or availability. This vulnerability affects multiple actively supported versions of Spring Framework spanning several release lines.
- CVE-2026-41852LOW 3.7
Spring Expression Language (SpEL) in VMware Spring Framework contains a flaw that allows attackers to invoke arbitrary methods with zero arguments even in contexts designed to restrict or prevent such actions. An attacker with network access could exploit this to trigger unintended application logic, potentially leading to denial of service or information disclosure depending on available methods and application design. This affects multiple versions across the 5.3, 6.1, 6.2, and 7.0 release branches.
- CVE-2026-42768LOW 3.7
OpenSSL's CMS and S/MIME decryption functions contain a flaw that allows attackers to exploit error messages or decryption output to gradually recover encrypted data or forge signatures. The vulnerability exists in two forms: when no recipient certificate is provided, an attacker can craft a message with multiple encryption layers to probe for valid padding patterns; when a certificate is provided but doesn't match, OpenSSL substitutes a random key, which an attacker can use to compare results and refine attacks. The practical risk is low because exploiting it requires the victim's application to expose detailed error codes or decryption results to an untrusted attacker, a scenario OpenSSL's developers consider very unlikely in real-world deployments.
- CVE-2026-42770LOW 3.7
A weakness in OpenSSL's handling of X9.42 Diffie-Hellman key exchanges allows a malicious peer to forge domain parameters in a way that bypasses security validation. Specifically, when checking that a peer's public key belongs to the correct mathematical subgroup, OpenSSL uses the peer's own parameters instead of verifying against the local key's parameters. An attacker can exploit this to gradually recover fragments of a victim's private key through repeated key exchange attempts, ultimately reconstructing the entire key via mathematical combination. However, the practical risk is limited to specific scenarios: principally Certificate Management Protocol (CMP) deployments where a Certification Authority or Registration Authority maintains long-lived X9.42 DHX keys, and custom enterprise or government applications using static DHX keys in interactive protocols.
- CVE-2026-44546LOW 3.7
Daphne, a popular ASGI server for Django applications, contains a header parsing vulnerability that allows attackers to inject additional HTTP headers into requests under specific conditions. The issue arises from a mismatch in how Daphne and the underlying WebSocket library (autobahn) interpret certain whitespace characters as line separators. By crafting requests with specific byte sequences in header values, an attacker can inject headers that the application receives, potentially leading to security bypasses depending on application logic. Daphne versions before 4.2.2 are affected. The vulnerability has a low CVSS score (3.7) and requires specific conditions to exploit, but organizations running affected versions should still apply the patch.
- CVE-2026-48524LOW 3.7
PyJWT, a widely-used Python library for handling JSON Web Tokens (JWTs), contains a weakness in how it fetches public signing keys. When a JWT arrives with an unfamiliar key identifier (kid), the library will make a fresh HTTP request to retrieve the correct signing key—without any protection against repeated requests for the same unknown identifier. An attacker can exploit this by sending JWTs with different fake kid values, forcing the library to make outbound requests for each one. While the actual impact depends on whether the signing-key endpoint has its own rate limiting or becomes saturated, the vulnerability allows an attacker to potentially cause a denial-of-service condition through request amplification. This issue is resolved in PyJWT 2.13.0 and later.
- CVE-2026-5419LOW 3.7
A timing vulnerability has been discovered in GnuTLS, a widely-used encryption library. When the library decrypts data protected with PKCS#7 padding, the padding verification process takes different amounts of time depending on the content of the padding bytes. An attacker with network access could measure these timing differences to infer information about the padding, potentially revealing details about encrypted messages. This is a subtle flaw that requires precise network-level observation to exploit, making it a low-risk issue in most environments, but one that sophisticated attackers targeting high-value communications might attempt.
- CVE-2026-10766LOW 3.6
MLRun versions up to 1.12.0-rc3 contain a weakness in how they hash dataframes. The vulnerable function in mlrun/utils/helpers.py uses cryptographic methods that are considered inadequate for security purposes. An attacker with local access to a system running MLRun could potentially manipulate or forge data integrity checks, though doing so requires significant technical effort and local privileges. The vulnerability is not currently listed as actively exploited in the wild, but proof-of-concept details have been publicly disclosed.
- CVE-2026-10775LOW 3.6
CVE-2026-10775 is a denial-of-service vulnerability in SGLang's cache handling mechanism. An attacker with local system access and user-level privileges can trigger a crash or service interruption by exploiting the data_hash function in the cache handler. The attack requires specific knowledge of the system's cache internals, making it moderately difficult to execute, though proof-of-concept code has been publicly disclosed.
- CVE-2026-10800LOW 3.6
PaddlePaddle FastDeploy versions up to 2.4.1 contain a weakness in how the MultimodalHasher component generates hashes for multimodal features. An attacker with local system access and user-level privileges could manipulate the hash_features function to use cryptographically weak hashing, potentially allowing them to forge or predict hash values. This is a low-severity issue that requires both local access and significant technical effort to exploit.
- CVE-2026-10801LOW 3.6
A weakness in how ModelScope's ms-swift library (versions up to 4.2.0) hashes cached PIL images creates a local integrity risk. An attacker with local system access and user-level privileges could manipulate image cache validation, potentially leading to cache poisoning or image substitution. The vulnerability requires significant technical effort to exploit and poses limited immediate threat in most environments, but should be addressed before deployment in sensitive workflows.
- CVE-2026-10803LOW 3.6
MLflow versions up to 3.10.0 contain a cryptographic weakness in the Dataset Digest Computation module. The vulnerability uses an insufficiently strong hash function for dataset digest operations, which could allow an attacker with local system access and user-level privileges to tamper with dataset integrity checks or trigger application errors. Exploitation requires significant technical effort and local presence on the affected machine.
- CVE-2026-10804LOW 3.6
Streamlit versions up to 1.53.0 contain a weak cryptographic hashing vulnerability in its palette handler component. An attacker with local system access and authenticated user privileges can manipulate the hashing function to produce predictable or non-unique hash values, potentially allowing them to bypass integrity checks or cause minor application disruptions. The attack is complex and requires deep knowledge of the affected code path, making opportunistic exploitation unlikely. However, the vulnerability is not currently tracked as an active threat on CISA's Known Exploited Vulnerabilities catalog.
- CVE-2026-10812LOW 3.6
GPTCache versions up to 0.1.44 contain a weakness in how it hashes image data used for cache key generation. An attacker with local access to a system running vulnerable GPTCache can manipulate image input parameters to exploit weak cryptographic hashing, potentially causing data integrity issues. The attack requires elevated complexity to execute and is not considered an immediate threat to most deployments, but organizations using GPTCache for image processing should monitor for patches.
- CVE-2026-10813LOW 3.6
LMCache versions up to 0.4.6 contain a cryptographic weakness in the KV Cache Handler component, specifically in how it converts hash values to integers. An attacker with local system access could manipulate this weak hash function to potentially compromise data integrity or availability. However, exploiting this requires significant technical complexity and local access privileges, limiting its practical risk in most environments.
- CVE-2026-11329LOW 3.6
CVE-2026-11329 is a low-severity weakness in ONNX MLIR's node cache handler that uses weak cryptographic hashing in the hash key generation function. The vulnerability requires local access and elevated privileges to exploit, making it a restricted-scope risk. An attacker with local user permissions could manipulate the hash mechanism to cause minor integrity issues or availability disruptions, but the attack is difficult to execute in practice and does not compromise confidentiality.
- CVE-2026-11330LOW 3.6
A cryptographic weakness has been discovered in thedotmack claude-mem versions up to 11.0.1. The Observation Content Hash Handler component uses an insufficiently strong hashing algorithm when processing observation data, which could allow a local attacker with user-level access to manipulate or forge content hashes under specific conditions. This is a localized vulnerability with limited practical exploitability but should be remediated in environments where hash integrity is critical.
- CVE-2026-41974LOW 3.6
CVE-2026-41974 is a permission control flaw in a service notification system that could be exploited to impact system availability. The vulnerability requires local access and user interaction to trigger, but does not require elevated privileges. The attack surface is confined to the notification subsystem, and successful exploitation would degrade service performance or cause temporary unavailability rather than expose sensitive data or grant unauthorized access.
- CVE-2026-10228LOW 3.5
A cross-site scripting (XSS) vulnerability exists in the raisulislamg4 student_management_system_by_php project. The flaw resides in the admission_form_check.php file, where user input passed through the Message parameter is not properly sanitized before being reflected in the web response. An authenticated attacker can craft malicious input that, when viewed by another user, executes arbitrary JavaScript in their browser. The vulnerability requires user interaction (clicking a malicious link) and affects only the integrity of data, not confidentiality or availability. Public exploit details are available, though the CVSS 3.5 score reflects the relatively constrained attack scenario requiring authentication and browser-based execution.
- CVE-2026-10234LOW 3.5
Mettle sendportal versions up to 3.0.1 contain a cross-site scripting (XSS) vulnerability in the Campaign Handler component. An authenticated attacker can inject malicious scripts through the content parameter in the /webview/ endpoint, potentially allowing them to steal session cookies, perform actions on behalf of users, or redirect users to malicious sites. The vulnerability requires user interaction to be effective and does not grant direct administrative access. Exploit code is publicly available, elevating practical risk despite the low CVSS score.
- CVE-2026-10244LOW 3.5
SourceCodester Pharmacy Sales and Inventory System version 1.0 contains a cross-site scripting (XSS) vulnerability in the medicine name creation function. An authenticated user can inject malicious script code through the medicine_name parameter, which executes in the context of other users' browsers. The vulnerability requires user interaction (clicking a link or visiting a page) to trigger, and an attacker must have valid login credentials to exploit it. Public exploits are now available.
- CVE-2026-10245LOW 3.5
SourceCodester Pharmacy Sales and Inventory System version 1.0 contains a cross-site scripting (XSS) vulnerability in its supplier creation functionality. An authenticated user can inject malicious code through the company name field when creating a supplier record. This code executes in the browsers of other users who view the supplier information, potentially allowing attackers to steal session tokens, redirect users to malicious sites, or perform unauthorized actions on their behalf. Public exploits for this vulnerability are already available.
- CVE-2026-10246LOW 3.5
A stored cross-site scripting (XSS) vulnerability exists in SourceCodester Pharmacy Sales and Inventory System version 1.0. An authenticated user can inject malicious scripts through the medicine presentation creation function, which are then executed in the browsers of other users who view that data. The attack requires user interaction and does not grant elevated privileges, but can be used to steal session tokens, redirect users, or perform actions on their behalf within the application.
- CVE-2026-10247LOW 3.5
A cross-site scripting (XSS) vulnerability exists in SourceCodester Pharmacy Sales and Inventory System version 1.0. An authenticated attacker can inject malicious scripts through the generic_name parameter in the create_generic_name function, which the application will then execute in users' browsers. This could allow the attacker to steal session cookies, hijack user accounts, or manipulate pharmacy data. The vulnerability requires user interaction to trigger and an authenticated account to exploit, limiting its immediate impact, but public exploit code is now available.
- CVE-2026-10264LOW 3.5
CVE-2026-10264 is a path traversal vulnerability in lharries whatsapp-mcp version 0.0.1, located in the SendMessageRequest function of the Send API Endpoint. An attacker with local access and user privileges can manipulate the mediaPath argument to traverse the file system and read sensitive files, though exploitation impact is limited to information disclosure. The vulnerability has been publicly disclosed.
- CVE-2026-10567LOW 3.5
A stored cross-site scripting (XSS) vulnerability exists in 1Panel-dev CordysCRM versions up to 1.4.1. An authenticated attacker can inject malicious JavaScript into the Description field of the ModuleFormController, which will execute in the browsers of other users who view the affected module form. The vulnerability requires user interaction (viewing the crafted form) to trigger, and does not grant the attacker direct access to sensitive data or system functions. Upgrading to version 1.7.0 resolves the issue.
- CVE-2026-11511LOW 3.5
Bolt CMS versions up to 3.7.5 contain a vulnerability in how it handles HTML attributes within text fields. An authenticated attacker can manipulate the 'style' argument to inject arbitrary HTML code, potentially affecting the visual presentation or behavior of a web page. The vulnerability requires user interaction (a user must view the injected content) and authentication, limiting its immediate risk. However, because Bolt CMS is no longer actively maintained, affected organizations should plan transitions away from this platform.
- CVE-2026-11520LOW 3.5
SourceCodester Inventory System version 1.0 contains a cross-site scripting (XSS) vulnerability in the header.php file that allows authenticated users to inject malicious scripts through multiple parameters. An attacker with valid credentials can craft a specially crafted request to inject JavaScript that executes in the browsers of other users, potentially stealing session data or performing unauthorized actions on their behalf. Public exploit code is available, increasing the practical risk despite the low CVSS score.
- CVE-2026-11534LOW 3.5
A cross-site scripting (XSS) vulnerability exists in imvks786's student_management_system application. The flaw allows attackers to inject malicious scripts through the name, address, or fname parameters in the /add.php file. An attacker with authenticated access can craft a malicious request that, when clicked by another user, executes arbitrary JavaScript in that user's browser. The vulnerability is publicly known, and the development team has been notified but has not yet responded with a patch.
- CVE-2026-45159LOW 3.5
Nextcloud's end-to-end encrypted file drop feature contained a logic flaw that allowed a user with drop-link access to place files into other encrypted folders owned by the share recipient—without being able to read or modify existing files. The vulnerability affects multiple version lines and has been patched across all active branches.
- CVE-2026-45266LOW 3.5
A flaw in Nextcloud allows any authenticated user to remotely mute other participants' microphones during calls, but only when the deployment lacks a High-performance Backend configuration. This is a low-severity integrity issue that affects call participants' ability to communicate via audio.
- CVE-2026-48190LOW 3.5
OTRS has a permission-handling flaw in its External Interface and ConfigItem List module that allows authenticated customers to access Configuration Item (CI) information they shouldn't be able to see. The vulnerability only manifests when both CMDB is enabled and CustomerGroupSupport is configured, meaning organizations using default or simpler OTRS setups may not be affected. An attacker would need valid customer credentials and user interaction to exploit this issue.
- CVE-2026-48191LOW 3.5
A permissions bug in OTRS and STORM-powered OTRS allows authenticated users to discover metadata about configuration items (CIs), SLA levels, and services—such as how many are affected—without having actual access to view or modify them. An attacker needs valid login credentials and must interact with the Document Search Article Meta Filters modules to extract this information. While the exposure is limited to metadata disclosure rather than data access, it can provide reconnaissance value to an insider threat or compromised account holder.
- CVE-2026-49370LOW 3.4
JetBrains YouTrack versions before 2026.1.13162 contain an information disclosure vulnerability affecting the fetchApp request handler. An authenticated user with high privileges can trigger unintended data exposure through a request that includes user interaction, though the scope of disclosed information is limited. This is a low-severity issue that requires administrative or privileged account access to exploit.
- CVE-2026-49381LOW 3.4
CVE-2026-49381 is a stored cross-site scripting (XSS) vulnerability in JetBrains TeamCity's SAML login page that existed prior to version 2026.1. An attacker with high privileges could inject malicious scripts into the login interface, which would then execute in the browsers of users who interact with that page. The vulnerability requires user interaction to trigger and has limited scope, affecting only the confidentiality of information visible to the victim during their session.
- CVE-2025-48616LOW 3.3
CVE-2025-48616 is a logic error in Android's KeyguardViewMediator that allows a local attacker with basic user privileges to bypass lockdown mode when screen pinning is active, potentially exposing sensitive information on the device. The vulnerability requires no user interaction and poses a localized risk to data confidentiality on affected Android devices.
- CVE-2025-62338LOW 3.3
CVE-2025-62338 is a low-severity vulnerability in HCL BigFix Cloud Lifecycle Management caused by insufficient input validation. An authenticated local user can exploit this flaw to bypass security controls and access sensitive information they shouldn't have permission to view. The issue does not allow attackers to modify data or crash the system, only to read information they're not authorized to access.
- CVE-2026-0016LOW 3.3
A permissions validation flaw in Android's credential management system allows a local attacker with limited user privileges to read sensitive information across other user accounts without special permissions or user interaction. The vulnerability resides in how the system handles credential provider updates when services are removed, creating a bypass that exposes data intended to be isolated between users.
- CVE-2026-0050LOW 3.3
CVE-2026-0050 is a local information disclosure vulnerability in Android's Bluetooth adapter service. A malicious app with basic user-level permissions can bypass security checks in the handleBondStateChanged function to read sensitive Bluetooth-related information without requiring additional privileges or user interaction. The impact is limited to information disclosure; the attacker cannot modify data or crash the system.
- CVE-2026-0056LOW 3.3
CVE-2026-0056 is a memory safety issue in Android's ResourceTypes.cpp component where an incorrect bounds check allows a local process to read data outside intended memory boundaries. This flaw exposes sensitive information resident in adjacent memory to any app with basic local access—no special permissions, elevated privileges, or user interaction required. The vulnerability is classified as low severity due to its limited scope and local-only nature.
- CVE-2026-10197LOW 3.3
Assimp, a widely-used open-source 3D model import library, contains a flaw in its glTF2 file handler that can cause the application to crash when processing maliciously crafted glTF2 files with embedded textures. An attacker with local file system access can trigger a null pointer dereference by supplying a crafted glTF2 file, leading to denial of service. The vulnerability affects versions up to and including 6.0.4. A fix exists in pending pull request form but has not yet been merged into a stable release.
- CVE-2026-10198LOW 3.3
Assimp, a popular open-source 3D model import library, contains a flaw in its glTF file import handler that can cause the application to crash. The vulnerability stems from improper handling of certain glTF mesh data, leading to a null pointer dereference when the ImportMeshes function processes malformed or specially crafted files. An attacker with local access to a system running a vulnerable version of Assimp could trigger this crash, resulting in denial of service. The issue affects Assimp versions up to and including 6.0.4.
- CVE-2026-10199LOW 3.3
Assimp, a popular 3D asset library, contains a null pointer dereference vulnerability in its glTF2 parsing code. An attacker with local access can craft a malicious glTF2 file that triggers a crash when processed, causing a denial of service. The vulnerability affects Assimp versions up to 6.0.4 and has been publicly disclosed, though it requires local interaction and low privileges to exploit.
- CVE-2026-10201LOW 3.3
CVE-2026-10201 is a divide-by-zero flaw in Assimp (Asset Importer Library), a widely-used 3D model processing library. The defect exists in the UV Channel Handler component, specifically within the FBXExporter::WriteObjects function in FBXExporter.cpp. When a user with local access supplies specially crafted input, the vulnerability triggers a division-by-zero error that crashes the application. Because this is a local-only attack requiring user-level privileges and the impact is availability-focused (denial of service via crash), the risk is classified as low. However, the fact that proof-of-concept code has been publicly released means defenders should not assume this will remain a theoretical concern.
- CVE-2026-10233LOW 3.3
Assimp, a popular open-source 3D model importing library, contains an out-of-bounds read vulnerability in its Half-Life 1 MDL file loader. When processing specially crafted MDL files, the vulnerability allows an attacker with local access to read memory outside intended boundaries. While the issue has been publicly disclosed, the impact is limited to information disclosure with no ability to modify or crash systems. This vulnerability requires local file system access and authenticated user privileges to trigger.
- CVE-2026-10267LOW 3.3
A flaw in the Janet programming language (version 1.41.0 and earlier) allows a local user to read memory beyond intended boundaries in the debug frame handling code. The vulnerability requires local system access and valid user credentials to exploit, but poses a confidentiality risk by enabling unauthorized disclosure of sensitive data in memory.
- CVE-2026-10268LOW 3.3
A vulnerability exists in Janet language versions up to 1.41.0 that allows an integer overflow when processing serialized fiber data. An attacker with local system access can exploit this condition to cause a denial of service by crashing the affected application. The vulnerability is not critical but represents a real risk in environments where untrusted users have local access to systems running vulnerable Janet versions.
- CVE-2026-10295LOW 3.3
CVE-2026-10295 is a low-severity denial-of-service vulnerability in SourceCodester Customer Review App version 1.0. By manipulating the 'name' or 'comment' parameters in the review submission functions, an attacker with local access can crash or degrade the application's availability. While an exploit has been published, the attack surface is limited because local authentication is required—this is not a remote vulnerability that can be exploited from the internet.
- CVE-2026-10298LOW 3.3
A null pointer dereference vulnerability exists in whisper.cpp versions up to 1.8.2, specifically in the model loading function. An attacker with local system access can trigger this flaw to cause the application to crash or become unavailable. The vulnerability requires user privileges to exploit and does not directly compromise data confidentiality or integrity. Public exploit code is available, though the impact remains limited to denial of service on the affected system.
- CVE-2026-10528LOW 3.3
Orthanc DICOM Server versions up to 1.12.11 contain a stack-based buffer overflow vulnerability in the DCMTK parser component. The flaw exists in the DcmItem::read function and can be triggered through malicious DICOM file manipulation. An attacker with local system access can exploit this to cause a denial of service condition. The vulnerability has been publicly disclosed with working exploit code available.
- CVE-2026-10722LOW 3.3
A local integer overflow vulnerability exists in Cilium eBPF's BTF (BPF Type Format) loading functionality. An attacker with local system access can manipulate offset parameters during eBPF collection loading, causing the application to miscalculate memory boundaries. While the impact is limited to denial of service on the affected system, the public disclosure means exploitation tools may become available. This is a localized threat requiring prior system access but warrants patching to maintain system stability.
- CVE-2026-11312LOW 3.3
A flaw in ByteDance's InfiniStore library (versions up to 0.2.33) allows a local user to trigger inefficient algorithmic behavior in the key-value map purge function. An attacker with local access can manipulate input to the purge_kv_map routine, causing the function to consume excessive CPU or processing time. The vulnerability requires local system access and valid user privileges, limiting its scope, but public exploit code now exists.
- CVE-2026-11459LOW 3.3
SecureAge CatchPulse versions up to 10.9.3 contain a vulnerability in the saappctl.sys driver that can leak sensitive information to authenticated local users. An attacker with a valid local account on the affected system can trigger the IOCTL handler to access data they shouldn't normally see. The vulnerability has been publicly disclosed and active exploitation is possible, though it requires legitimate access to the target machine.
- CVE-2026-11478LOW 3.3
CVE-2026-11478 is a denial-of-service vulnerability in the kokke tiny-regex-c library that allows a local attacker to trigger inefficient regular expression processing through the matchstar function. An attacker with local access and basic privileges can craft a malicious regex pattern that causes excessive computation, potentially slowing or stalling applications that parse untrusted regex inputs. The severity is low because exploitation requires local execution and user-level permissions, but the published exploit code means the attack method is already in the wild.
- CVE-2026-11792LOW 3.3
A memory corruption flaw exists in 389 Directory Server's audit logging feature. When audit logging is enabled and certain password storage conditions are met, the server can write more data than a buffer can hold, corrupting memory and producing garbled audit logs. The vulnerability requires non-standard configuration or a compromised replication partner to trigger, which limits real-world exposure.
- CVE-2026-21027LOW 3.3
CVE-2026-21027 is a low-severity vulnerability in Samsung's ImsSettings application that allows a local attacker with existing device access to trigger logging functions through improperly exported application components. The attack requires the attacker to already have user-level privileges on the device and does not enable data theft or system takeover—the primary risk is integrity impact through manipulation of logging behavior.
- CVE-2026-21034LOW 3.3
Samsung Auto versions prior to 3.1.2.61 (Android 15) and 3.2.0.38 (Android 16) contain a flaw that improperly exposes application components. A local attacker with user-level access can exploit this exposure to modify audio settings without user consent. The vulnerability is rated LOW severity and does not affect confidentiality or system availability, only the integrity of audio configuration.
- CVE-2026-28586LOW 3.3
CVE-2026-28586 is a local information disclosure vulnerability in Android's AppOpsService that allows an already-authenticated user to bypass permission checks and read sensitive data they shouldn't have access to. The flaw requires the attacker to already have a local account on the device; there's no way to exploit it remotely. The exposure is classified as low-severity because the data leaked is limited and no system functions are disrupted.
- CVE-2026-45277LOW 3.3
Nextcloud's approval workflow feature contains an information disclosure flaw that allows authenticated users to determine whether arbitrary files are connected to specific approval processes. An attacker with valid credentials can probe the system to learn if particular files have approval workflows attached, potentially revealing organizational file structures and approval dependencies that should remain confidential. The issue affects versions prior to 2.7.2 and does not require user interaction to exploit.
- CVE-2026-45278LOW 3.3
Nextcloud's user OIDC (OpenID Connect) module contains an open redirect vulnerability that allows attackers to craft malicious login links. When users click these links to authenticate via OIDC, they are redirected to attacker-controlled websites after logging in. This affects Nextcloud versions 6.1.0 through 8.2.1. The vulnerability has a low CVSS score because it requires user interaction and does not directly compromise confidentiality or availability.
- CVE-2026-45324LOW 3.3
Rizin, a reverse engineering framework used for binary analysis and code inspection, contains a double free vulnerability in its search functionality. This occurs when the same memory location is freed twice, potentially causing application crashes or unexpected behavior. The vulnerability requires physical access to the system and user interaction to trigger, making it a lower-risk issue in most operational environments.
- CVE-2026-45613LOW 3.3
Rizin, a reverse engineering framework used by security researchers and analysts, contains a heap buffer overflow vulnerability in its OMF (Object Module Format) file parsing code. An attacker could craft a malicious OMF binary file that, when opened by a user in Rizin, could read small amounts of sensitive data from the program's memory. This requires local access and user interaction—the user must deliberately open a malicious file.
- CVE-2026-47327LOW 3.3
CVE-2026-47327 is a denial-of-service vulnerability in Ubuntu Linux affecting versions 6.8, 6.17, and 7.0. A NULL pointer dereference in the AppArmor notification handling code allows any unprivileged local user to crash the kernel without authentication or special permissions. The attack requires only local system access and can be triggered with a single action, causing a kernel oops that disrupts availability but does not compromise confidentiality or integrity.
- CVE-2026-47329LOW 3.3
Ubuntu Linux versions 6.8, 6.17, and 7.0 contain a flaw in SAUCE patches that handle AppArmor security notifications. The vulnerability stems from improper validation of the name field size in these notifications. An unprivileged local user can exploit this by sending crafted AppArmor responses that bypass validation checks, potentially leading to unexpected behavior in the kernel's handling of these security-related messages. This is a local-only issue with low severity impact.
- CVE-2026-47330LOW 3.3
CVE-2026-47330 is a local privilege escalation and cache poisoning vulnerability affecting Ubuntu Linux systems with AppArmor SAUCE patches. An unprivileged user can trigger uninitialized variable handling in AppArmor's notification code, causing incorrect caching of security policy responses. While the CVSS score is low (3.3), the issue undermines AppArmor's integrity by allowing cache corruption that could affect subsequent policy enforcement decisions.
- CVE-2026-47336LOW 3.3
Ubuntu Linux 6.8 has a bug in its AppArmor security module that could allow an unprivileged local user to bypass or weaken network socket access controls. The issue stems from an uninitialized variable in the code that mediates AF_INET and AF_INET6 (IPv4 and IPv6) socket access. While the vulnerability requires local access and does not enable data theft or system crashes, it undermines the purpose of AppArmor's fine-grained network policy enforcement, potentially allowing a local user to perform network operations that should have been restricted.
- CVE-2026-47337LOW 3.3
A NULL pointer dereference flaw in Ubuntu Linux kernel versions 6.8, 6.17, and 7.0 can be triggered by any unprivileged local user to crash the kernel. The vulnerability exists in socket mediation code that handles both IPv4 and IPv6 traffic. While the flaw itself does not enable data theft or system compromise, it can be exploited to cause a denial of service by forcing a kernel panic, disrupting availability for all users on the affected system.
- CVE-2026-48156LOW 3.3
pypdf, a popular open-source Python library for PDF handling, contains a vulnerability that allows an attacker to craft malicious PDF files that cause the library to consume excessive processing time during parsing. The issue stems from how pypdf processes cross-reference streams—a mechanism PDFs use to index internal objects—when they contain specific structural patterns. An attacker would need to trick a user or application into opening a specially crafted PDF, but once opened, the library can hang or freeze during PDF processing, resulting in a denial-of-service condition on that system.
- CVE-2026-49383LOW 3.3
CVE-2026-49383 is a low-severity vulnerability in JetBrains IntelliJ IDEA's UI Designer form parser that could allow local attackers to read sensitive information from a user's system. The vulnerability requires user interaction—specifically opening a malicious or compromised form file in the IDE—and affects versions prior to 2026.1. The exposure is limited to information disclosure; the vulnerability does not enable code execution or system modification.
- CVE-2024-42206LOW 3.1
HCL iReflection contains third-party components that are vulnerable and outdated, creating a potential integrity risk within the web application. An authenticated user with low privileges could potentially exploit this condition, though the attack surface is constrained by difficult environmental conditions and limited authentication requirements.
- CVE-2025-52608LOW 3.1
HCL iControl contains a cookie security misconfiguration that leaves session identifiers and authentication tokens vulnerable to interception and cross-site request forgery attacks. The vulnerability stems from the absence of the Secure and SameSite cookie attributes, combined with an overly permissive cookie path set to root. While the immediate risk is moderate, this configuration flaw can enable attackers to hijack user sessions or trick authenticated users into performing unintended actions.
- CVE-2025-52611LOW 3.1
HCL iControl v4.0.0 contains a vulnerability where the application crashes and exposes internal error messages, including stack traces, when certain code paths are triggered. The underlying cause is a programming error where the application attempts to access a property (the 'dashboard key') from an object that hasn't been properly initialized or is missing entirely. While an attacker would need valid login credentials to trigger this issue, the exposure of stack trace information could help them understand the application's internal structure and identify further attack vectors.
- CVE-2026-10011LOW 3.1
A flaw in Chrome's Skia graphics library could allow an attacker who has already compromised Chrome's renderer process to extract sensitive data from websites you visit. The attacker would need to serve you a specially crafted web page to perform the attack. While the underlying issue received a High severity rating from Chromium, the overall exploitability is limited because it requires both renderer compromise and user interaction, making it a low-risk vulnerability in practical terms.
- CVE-2026-10565LOW 3.1
A race condition vulnerability has been discovered in Open5GS versions up to 2.7.6 that affects the NGAP Handover security mode processing function. The flaw allows an authenticated attacker to trigger a timing-dependent race condition that results in a denial-of-service condition. While a public exploit exists, successful exploitation requires specific conditions and careful timing, making real-world attacks difficult to execute reliably.
- CVE-2026-10705LOW 3.1
Dask, a Python library for parallel computing and distributed data processing, contains a resource exhaustion vulnerability in its HyperLogLog (approximate distinct count) functionality. An authenticated remote attacker can trigger excessive resource consumption through the nunique_approx function, potentially degrading system availability. The flaw requires significant attack complexity and specific preconditions, making real-world exploitation difficult despite being theoretically possible.