By year

Vulnerabilities disclosed in 2026

CVEs published in 2026 with SEC.co analysis.

3144 published vulnerabilities · page 31 of 32

  • CVE-2026-6816LOW 3.8

    Drupal's TFA Basic Plugins module contains a flaw that allows administrators with user management permissions to access or create recovery codes intended for other users. This bypasses the expected access controls around two-factor authentication recovery mechanisms. The vulnerability is restricted to versions 7.x-1.0 through 7.x-1.2, and exploitation requires administrative privileges, limiting its immediate threat to environments where admin accounts are already compromised or where trust boundaries have been violated.

  • CVE-2025-52609LOW 3.7

    HCL iControl is missing HTTP security headers that would instruct modern web browsers to block cross-site scripting (XSS) attacks. Without these headers—such as Content-Security-Policy or X-XSS-Protection—the application relies on older browser XSS filters that are inconsistently implemented and increasingly deprecated. An attacker could craft malicious input that, when processed by iControl, gets reflected in responses without proper sanitization, potentially allowing script execution in users' browsers.

  • CVE-2026-10169LOW 3.7

    A weakness in the password recovery feature of OUSL-GROUP-BrinaryBrains School Student Management System allows an attacker to manipulate the email parameter in the forgot password function, potentially leading to unauthorized password resets or account takeover. The vulnerability exists in the Login.php controller's ajax_forgot_password endpoint. While exploitable remotely, the attack requires specific conditions and is considered of low severity. Exploit code is publicly available, increasing risk of opportunistic attacks.

  • CVE-2026-10216LOW 3.7

    A vulnerability has been discovered in unitedbyai droidclaw version 0.5.3 and earlier that weakens authentication security on the claim endpoint. The flaw allows attackers to bypass rate limiting or account lockout protections during login attempts, potentially enabling brute-force attacks to guess user credentials. While a public exploit exists, the attack requires specific conditions and technical skill to execute successfully. The vendor has been notified but has not yet released a fix.

  • CVE-2026-10300LOW 3.7

    SGLang version 0.5.10.post1 contains a vulnerability in its inference HTTP endpoint that can be triggered by manipulating the lora_path argument. When an attacker provides a specially crafted lora_path value, the system reaches an assertion condition that causes the service to become unavailable. This is a remote vulnerability requiring network access, though the attack is complex to execute and not trivial to exploit in practice.

  • CVE-2026-11555LOW 3.7

    A privilege escalation vulnerability exists in D-Link's DGS-1100-08PD switch running firmware version 1.00.006. The issue resides in how the web interface processes the /etc/boa.conf configuration file, potentially allowing an attacker to modify system settings in ways that bypass normal access restrictions. While a public exploit exists, successful exploitation requires significant technical skill and specific conditions to align. The impact is limited to integrity violations—an attacker cannot read sensitive data or crash the device, only make unauthorized configuration changes.

  • CVE-2026-24761LOW 3.7

    CVE-2026-24761 is an authorization flaw in Kiteworks Secure Data Forms that allows authenticated users to view metadata belonging to other users. Because the system doesn't properly verify who owns a resource before allowing access, a legitimate user can craft requests to retrieve information about files and documents they shouldn't see. The vulnerability requires an attacker to already have valid credentials and involves a higher complexity of exploitation, which limits its risk profile. This affects Kiteworks versions before 9.3.0.

  • CVE-2026-41694LOW 3.7

    Spring Security's SAML module decrypts encrypted SAML messages without first verifying they contain a valid digital signature. An attacker can craft malicious SAML responses or logout messages, send them to a vulnerable application, and observe how the application behaves when decrypting attacker-controlled data. By analyzing these responses, an attacker could potentially extract encryption keys or other sensitive information that the application decrypts. This is a low-severity issue because exploitation requires specific conditions and yields limited information exposure.

  • CVE-2026-41848LOW 3.7

    Spring Framework's AntPathMatcher component is susceptible to a Regular Expression Denial of Service (ReDoS) attack. If an attacker can control or influence URL path patterns processed by the matcher, they can craft a malicious pattern that causes excessive CPU consumption, potentially degrading application performance or availability. This vulnerability affects multiple actively supported versions of Spring Framework spanning several release lines.

  • CVE-2026-41852LOW 3.7

    Spring Expression Language (SpEL) in VMware Spring Framework contains a flaw that allows attackers to invoke arbitrary methods with zero arguments even in contexts designed to restrict or prevent such actions. An attacker with network access could exploit this to trigger unintended application logic, potentially leading to denial of service or information disclosure depending on available methods and application design. This affects multiple versions across the 5.3, 6.1, 6.2, and 7.0 release branches.

  • CVE-2026-42768LOW 3.7

    OpenSSL's CMS and S/MIME decryption functions contain a flaw that allows attackers to exploit error messages or decryption output to gradually recover encrypted data or forge signatures. The vulnerability exists in two forms: when no recipient certificate is provided, an attacker can craft a message with multiple encryption layers to probe for valid padding patterns; when a certificate is provided but doesn't match, OpenSSL substitutes a random key, which an attacker can use to compare results and refine attacks. The practical risk is low because exploiting it requires the victim's application to expose detailed error codes or decryption results to an untrusted attacker, a scenario OpenSSL's developers consider very unlikely in real-world deployments.

  • CVE-2026-42770LOW 3.7

    A weakness in OpenSSL's handling of X9.42 Diffie-Hellman key exchanges allows a malicious peer to forge domain parameters in a way that bypasses security validation. Specifically, when checking that a peer's public key belongs to the correct mathematical subgroup, OpenSSL uses the peer's own parameters instead of verifying against the local key's parameters. An attacker can exploit this to gradually recover fragments of a victim's private key through repeated key exchange attempts, ultimately reconstructing the entire key via mathematical combination. However, the practical risk is limited to specific scenarios: principally Certificate Management Protocol (CMP) deployments where a Certification Authority or Registration Authority maintains long-lived X9.42 DHX keys, and custom enterprise or government applications using static DHX keys in interactive protocols.

  • CVE-2026-44546LOW 3.7

    Daphne, a popular ASGI server for Django applications, contains a header parsing vulnerability that allows attackers to inject additional HTTP headers into requests under specific conditions. The issue arises from a mismatch in how Daphne and the underlying WebSocket library (autobahn) interpret certain whitespace characters as line separators. By crafting requests with specific byte sequences in header values, an attacker can inject headers that the application receives, potentially leading to security bypasses depending on application logic. Daphne versions before 4.2.2 are affected. The vulnerability has a low CVSS score (3.7) and requires specific conditions to exploit, but organizations running affected versions should still apply the patch.

  • CVE-2026-44743LOW 3.7

    CVE-2026-44743 is a low-severity information disclosure vulnerability in SAP Business Objects that allows unauthorized attackers to leak sensitive data through a specific application endpoint. The vulnerability requires specific conditions to be exploitable and does not affect system integrity or availability—only the confidentiality of information is at risk.

  • CVE-2026-48524LOW 3.7

    PyJWT, a widely-used Python library for handling JSON Web Tokens (JWTs), contains a weakness in how it fetches public signing keys. When a JWT arrives with an unfamiliar key identifier (kid), the library will make a fresh HTTP request to retrieve the correct signing key—without any protection against repeated requests for the same unknown identifier. An attacker can exploit this by sending JWTs with different fake kid values, forcing the library to make outbound requests for each one. While the actual impact depends on whether the signing-key endpoint has its own rate limiting or becomes saturated, the vulnerability allows an attacker to potentially cause a denial-of-service condition through request amplification. This issue is resolved in PyJWT 2.13.0 and later.

  • CVE-2026-5419LOW 3.7

    A timing vulnerability has been discovered in GnuTLS, a widely-used encryption library. When the library decrypts data protected with PKCS#7 padding, the padding verification process takes different amounts of time depending on the content of the padding bytes. An attacker with network access could measure these timing differences to infer information about the padding, potentially revealing details about encrypted messages. This is a subtle flaw that requires precise network-level observation to exploit, making it a low-risk issue in most environments, but one that sophisticated attackers targeting high-value communications might attempt.

  • CVE-2026-10766LOW 3.6

    MLRun versions up to 1.12.0-rc3 contain a weakness in how they hash dataframes. The vulnerable function in mlrun/utils/helpers.py uses cryptographic methods that are considered inadequate for security purposes. An attacker with local access to a system running MLRun could potentially manipulate or forge data integrity checks, though doing so requires significant technical effort and local privileges. The vulnerability is not currently listed as actively exploited in the wild, but proof-of-concept details have been publicly disclosed.

  • CVE-2026-10775LOW 3.6

    CVE-2026-10775 is a denial-of-service vulnerability in SGLang's cache handling mechanism. An attacker with local system access and user-level privileges can trigger a crash or service interruption by exploiting the data_hash function in the cache handler. The attack requires specific knowledge of the system's cache internals, making it moderately difficult to execute, though proof-of-concept code has been publicly disclosed.

  • CVE-2026-10800LOW 3.6

    PaddlePaddle FastDeploy versions up to 2.4.1 contain a weakness in how the MultimodalHasher component generates hashes for multimodal features. An attacker with local system access and user-level privileges could manipulate the hash_features function to use cryptographically weak hashing, potentially allowing them to forge or predict hash values. This is a low-severity issue that requires both local access and significant technical effort to exploit.

  • CVE-2026-10801LOW 3.6

    A weakness in how ModelScope's ms-swift library (versions up to 4.2.0) hashes cached PIL images creates a local integrity risk. An attacker with local system access and user-level privileges could manipulate image cache validation, potentially leading to cache poisoning or image substitution. The vulnerability requires significant technical effort to exploit and poses limited immediate threat in most environments, but should be addressed before deployment in sensitive workflows.

  • CVE-2026-10803LOW 3.6

    MLflow versions up to 3.10.0 contain a cryptographic weakness in the Dataset Digest Computation module. The vulnerability uses an insufficiently strong hash function for dataset digest operations, which could allow an attacker with local system access and user-level privileges to tamper with dataset integrity checks or trigger application errors. Exploitation requires significant technical effort and local presence on the affected machine.

  • CVE-2026-10804LOW 3.6

    Streamlit versions up to 1.53.0 contain a weak cryptographic hashing vulnerability in its palette handler component. An attacker with local system access and authenticated user privileges can manipulate the hashing function to produce predictable or non-unique hash values, potentially allowing them to bypass integrity checks or cause minor application disruptions. The attack is complex and requires deep knowledge of the affected code path, making opportunistic exploitation unlikely. However, the vulnerability is not currently tracked as an active threat on CISA's Known Exploited Vulnerabilities catalog.

  • CVE-2026-10812LOW 3.6

    GPTCache versions up to 0.1.44 contain a weakness in how it hashes image data used for cache key generation. An attacker with local access to a system running vulnerable GPTCache can manipulate image input parameters to exploit weak cryptographic hashing, potentially causing data integrity issues. The attack requires elevated complexity to execute and is not considered an immediate threat to most deployments, but organizations using GPTCache for image processing should monitor for patches.

  • CVE-2026-10813LOW 3.6

    LMCache versions up to 0.4.6 contain a cryptographic weakness in the KV Cache Handler component, specifically in how it converts hash values to integers. An attacker with local system access could manipulate this weak hash function to potentially compromise data integrity or availability. However, exploiting this requires significant technical complexity and local access privileges, limiting its practical risk in most environments.

  • CVE-2026-11329LOW 3.6

    CVE-2026-11329 is a low-severity weakness in ONNX MLIR's node cache handler that uses weak cryptographic hashing in the hash key generation function. The vulnerability requires local access and elevated privileges to exploit, making it a restricted-scope risk. An attacker with local user permissions could manipulate the hash mechanism to cause minor integrity issues or availability disruptions, but the attack is difficult to execute in practice and does not compromise confidentiality.

  • CVE-2026-11330LOW 3.6

    A cryptographic weakness has been discovered in thedotmack claude-mem versions up to 11.0.1. The Observation Content Hash Handler component uses an insufficiently strong hashing algorithm when processing observation data, which could allow a local attacker with user-level access to manipulate or forge content hashes under specific conditions. This is a localized vulnerability with limited practical exploitability but should be remediated in environments where hash integrity is critical.

  • CVE-2026-41974LOW 3.6

    CVE-2026-41974 is a permission control flaw in a service notification system that could be exploited to impact system availability. The vulnerability requires local access and user interaction to trigger, but does not require elevated privileges. The attack surface is confined to the notification subsystem, and successful exploitation would degrade service performance or cause temporary unavailability rather than expose sensitive data or grant unauthorized access.

  • CVE-2026-50568LOW 3.6

    Fission, an open-source serverless framework for Kubernetes, contained a path validation flaw that could allow a tenant with local access to read or write files outside an intended safe directory. The vulnerability stems from a lexical string comparison that doesn't respect directory boundaries—for example, a directory named '/packages-extra' would incorrectly pass validation meant for '/packages'. An attacker who can pre-create or control a sibling directory in the shared storage volume could exploit this to access sensitive files. This affects versions prior to 1.25.0 and has been patched.

  • CVE-2022-48575LOW 3.5

    CVE-2022-48575 is a local bypass vulnerability in macOS that allows someone with physical access to a Mac to circumvent the Login Window security prompt. The issue stems from inconsistent state handling in the authentication system—essentially, the login screen may fail to properly enforce its security state in certain conditions, potentially allowing unauthorized access. Apple has patched this in macOS Monterey 12.4 and later.

  • CVE-2026-10228LOW 3.5

    A cross-site scripting (XSS) vulnerability exists in the raisulislamg4 student_management_system_by_php project. The flaw resides in the admission_form_check.php file, where user input passed through the Message parameter is not properly sanitized before being reflected in the web response. An authenticated attacker can craft malicious input that, when viewed by another user, executes arbitrary JavaScript in their browser. The vulnerability requires user interaction (clicking a malicious link) and affects only the integrity of data, not confidentiality or availability. Public exploit details are available, though the CVSS 3.5 score reflects the relatively constrained attack scenario requiring authentication and browser-based execution.

  • CVE-2026-10234LOW 3.5

    Mettle sendportal versions up to 3.0.1 contain a cross-site scripting (XSS) vulnerability in the Campaign Handler component. An authenticated attacker can inject malicious scripts through the content parameter in the /webview/ endpoint, potentially allowing them to steal session cookies, perform actions on behalf of users, or redirect users to malicious sites. The vulnerability requires user interaction to be effective and does not grant direct administrative access. Exploit code is publicly available, elevating practical risk despite the low CVSS score.

  • CVE-2026-10244LOW 3.5

    SourceCodester Pharmacy Sales and Inventory System version 1.0 contains a cross-site scripting (XSS) vulnerability in the medicine name creation function. An authenticated user can inject malicious script code through the medicine_name parameter, which executes in the context of other users' browsers. The vulnerability requires user interaction (clicking a link or visiting a page) to trigger, and an attacker must have valid login credentials to exploit it. Public exploits are now available.

  • CVE-2026-10245LOW 3.5

    SourceCodester Pharmacy Sales and Inventory System version 1.0 contains a cross-site scripting (XSS) vulnerability in its supplier creation functionality. An authenticated user can inject malicious code through the company name field when creating a supplier record. This code executes in the browsers of other users who view the supplier information, potentially allowing attackers to steal session tokens, redirect users to malicious sites, or perform unauthorized actions on their behalf. Public exploits for this vulnerability are already available.

  • CVE-2026-10246LOW 3.5

    A stored cross-site scripting (XSS) vulnerability exists in SourceCodester Pharmacy Sales and Inventory System version 1.0. An authenticated user can inject malicious scripts through the medicine presentation creation function, which are then executed in the browsers of other users who view that data. The attack requires user interaction and does not grant elevated privileges, but can be used to steal session tokens, redirect users, or perform actions on their behalf within the application.

  • CVE-2026-10247LOW 3.5

    A cross-site scripting (XSS) vulnerability exists in SourceCodester Pharmacy Sales and Inventory System version 1.0. An authenticated attacker can inject malicious scripts through the generic_name parameter in the create_generic_name function, which the application will then execute in users' browsers. This could allow the attacker to steal session cookies, hijack user accounts, or manipulate pharmacy data. The vulnerability requires user interaction to trigger and an authenticated account to exploit, limiting its immediate impact, but public exploit code is now available.

  • CVE-2026-10264LOW 3.5

    CVE-2026-10264 is a path traversal vulnerability in lharries whatsapp-mcp version 0.0.1, located in the SendMessageRequest function of the Send API Endpoint. An attacker with local access and user privileges can manipulate the mediaPath argument to traverse the file system and read sensitive files, though exploitation impact is limited to information disclosure. The vulnerability has been publicly disclosed.

  • CVE-2026-10567LOW 3.5

    A stored cross-site scripting (XSS) vulnerability exists in 1Panel-dev CordysCRM versions up to 1.4.1. An authenticated attacker can inject malicious JavaScript into the Description field of the ModuleFormController, which will execute in the browsers of other users who view the affected module form. The vulnerability requires user interaction (viewing the crafted form) to trigger, and does not grant the attacker direct access to sensitive data or system functions. Upgrading to version 1.7.0 resolves the issue.

  • CVE-2026-11511LOW 3.5

    Bolt CMS versions up to 3.7.5 contain a vulnerability in how it handles HTML attributes within text fields. An authenticated attacker can manipulate the 'style' argument to inject arbitrary HTML code, potentially affecting the visual presentation or behavior of a web page. The vulnerability requires user interaction (a user must view the injected content) and authentication, limiting its immediate risk. However, because Bolt CMS is no longer actively maintained, affected organizations should plan transitions away from this platform.

  • CVE-2026-11520LOW 3.5

    SourceCodester Inventory System version 1.0 contains a cross-site scripting (XSS) vulnerability in the header.php file that allows authenticated users to inject malicious scripts through multiple parameters. An attacker with valid credentials can craft a specially crafted request to inject JavaScript that executes in the browsers of other users, potentially stealing session data or performing unauthorized actions on their behalf. Public exploit code is available, increasing the practical risk despite the low CVSS score.

  • CVE-2026-11534LOW 3.5

    A cross-site scripting (XSS) vulnerability exists in imvks786's student_management_system application. The flaw allows attackers to inject malicious scripts through the name, address, or fname parameters in the /add.php file. An attacker with authenticated access can craft a malicious request that, when clicked by another user, executes arbitrary JavaScript in that user's browser. The vulnerability is publicly known, and the development team has been notified but has not yet responded with a patch.

  • CVE-2026-45159LOW 3.5

    Nextcloud's end-to-end encrypted file drop feature contained a logic flaw that allowed a user with drop-link access to place files into other encrypted folders owned by the share recipient—without being able to read or modify existing files. The vulnerability affects multiple version lines and has been patched across all active branches.

  • CVE-2026-45266LOW 3.5

    A flaw in Nextcloud allows any authenticated user to remotely mute other participants' microphones during calls, but only when the deployment lacks a High-performance Backend configuration. This is a low-severity integrity issue that affects call participants' ability to communicate via audio.

  • CVE-2026-48190LOW 3.5

    OTRS has a permission-handling flaw in its External Interface and ConfigItem List module that allows authenticated customers to access Configuration Item (CI) information they shouldn't be able to see. The vulnerability only manifests when both CMDB is enabled and CustomerGroupSupport is configured, meaning organizations using default or simpler OTRS setups may not be affected. An attacker would need valid customer credentials and user interaction to exploit this issue.

  • CVE-2026-48191LOW 3.5

    A permissions bug in OTRS and STORM-powered OTRS allows authenticated users to discover metadata about configuration items (CIs), SLA levels, and services—such as how many are affected—without having actual access to view or modify them. An attacker needs valid login credentials and must interact with the Document Search Article Meta Filters modules to extract this information. While the exposure is limited to metadata disclosure rather than data access, it can provide reconnaissance value to an insider threat or compromised account holder.

  • CVE-2026-48288LOW 3.5

    Adobe Experience Manager contains a flaw in how it validates user input that can allow a logged-in attacker to bypass certain security controls and gain unauthorized write permissions. The attacker must trick a victim into visiting a malicious link or interacting with a compromised page, making this a lower-risk issue in practice. Affected versions include 6.5.24, LTS SP1, 2026.04 and earlier.

  • CVE-2026-48289LOW 3.5

    Adobe Experience Manager contains a vulnerability in how it validates user input that could allow a low-privileged attacker to bypass security controls and gain unauthorized write access to content. The attack requires the victim to visit a malicious link or interact with a compromised webpage, making it a practical but not trivial threat in environments where AEM is exposed to users. This is not currently listed as exploited in the wild.

  • CVE-2026-8981LOW 3.5

    The Custom Block Builder WordPress plugin before version 4.3.0 fails to properly validate user permissions when handling block template code in certain scenarios. This allows site administrators—particularly on WordPress multisite networks or single-site installations with `DISALLOW_UNFILTERED_HTML` enabled—to inject malicious JavaScript into block templates. When visitors load pages containing these blocks, the injected code executes in their browsers, potentially compromising user sessions or stealing sensitive information.

  • CVE-2026-9060LOW 3.5

    The Store Locator WordPress plugin before version 1.6.6 contains a stored cross-site scripting (XSS) vulnerability in its admin settings. An administrator or similarly privileged user can inject malicious JavaScript into one of the plugin's settings, which is then executed when other high-privileged users (such as network super admins on multisite installations) visit the admin page. This bypasses WordPress's standard HTML filtering protections that normally prevent such attacks.

  • CVE-2026-49370LOW 3.4

    JetBrains YouTrack versions before 2026.1.13162 contain an information disclosure vulnerability affecting the fetchApp request handler. An authenticated user with high privileges can trigger unintended data exposure through a request that includes user interaction, though the scope of disclosed information is limited. This is a low-severity issue that requires administrative or privileged account access to exploit.

  • CVE-2026-49381LOW 3.4

    CVE-2026-49381 is a stored cross-site scripting (XSS) vulnerability in JetBrains TeamCity's SAML login page that existed prior to version 2026.1. An attacker with high privileges could inject malicious scripts into the login interface, which would then execute in the browsers of users who interact with that page. The vulnerability requires user interaction to trigger and has limited scope, affecting only the confidentiality of information visible to the victim during their session.

  • CVE-2025-48616LOW 3.3

    CVE-2025-48616 is a logic error in Android's KeyguardViewMediator that allows a local attacker with basic user privileges to bypass lockdown mode when screen pinning is active, potentially exposing sensitive information on the device. The vulnerability requires no user interaction and poses a localized risk to data confidentiality on affected Android devices.

  • CVE-2025-62338LOW 3.3

    CVE-2025-62338 is a low-severity vulnerability in HCL BigFix Cloud Lifecycle Management caused by insufficient input validation. An authenticated local user can exploit this flaw to bypass security controls and access sensitive information they shouldn't have permission to view. The issue does not allow attackers to modify data or crash the system, only to read information they're not authorized to access.

  • CVE-2026-0016LOW 3.3

    A permissions validation flaw in Android's credential management system allows a local attacker with limited user privileges to read sensitive information across other user accounts without special permissions or user interaction. The vulnerability resides in how the system handles credential provider updates when services are removed, creating a bypass that exposes data intended to be isolated between users.

  • CVE-2026-0050LOW 3.3

    CVE-2026-0050 is a local information disclosure vulnerability in Android's Bluetooth adapter service. A malicious app with basic user-level permissions can bypass security checks in the handleBondStateChanged function to read sensitive Bluetooth-related information without requiring additional privileges or user interaction. The impact is limited to information disclosure; the attacker cannot modify data or crash the system.

  • CVE-2026-0056LOW 3.3

    CVE-2026-0056 is a memory safety issue in Android's ResourceTypes.cpp component where an incorrect bounds check allows a local process to read data outside intended memory boundaries. This flaw exposes sensitive information resident in adjacent memory to any app with basic local access—no special permissions, elevated privileges, or user interaction required. The vulnerability is classified as low severity due to its limited scope and local-only nature.

  • CVE-2026-10197LOW 3.3

    Assimp, a widely-used open-source 3D model import library, contains a flaw in its glTF2 file handler that can cause the application to crash when processing maliciously crafted glTF2 files with embedded textures. An attacker with local file system access can trigger a null pointer dereference by supplying a crafted glTF2 file, leading to denial of service. The vulnerability affects versions up to and including 6.0.4. A fix exists in pending pull request form but has not yet been merged into a stable release.

  • CVE-2026-10198LOW 3.3

    Assimp, a popular open-source 3D model import library, contains a flaw in its glTF file import handler that can cause the application to crash. The vulnerability stems from improper handling of certain glTF mesh data, leading to a null pointer dereference when the ImportMeshes function processes malformed or specially crafted files. An attacker with local access to a system running a vulnerable version of Assimp could trigger this crash, resulting in denial of service. The issue affects Assimp versions up to and including 6.0.4.

  • CVE-2026-10199LOW 3.3

    Assimp, a popular 3D asset library, contains a null pointer dereference vulnerability in its glTF2 parsing code. An attacker with local access can craft a malicious glTF2 file that triggers a crash when processed, causing a denial of service. The vulnerability affects Assimp versions up to 6.0.4 and has been publicly disclosed, though it requires local interaction and low privileges to exploit.

  • CVE-2026-10201LOW 3.3

    CVE-2026-10201 is a divide-by-zero flaw in Assimp (Asset Importer Library), a widely-used 3D model processing library. The defect exists in the UV Channel Handler component, specifically within the FBXExporter::WriteObjects function in FBXExporter.cpp. When a user with local access supplies specially crafted input, the vulnerability triggers a division-by-zero error that crashes the application. Because this is a local-only attack requiring user-level privileges and the impact is availability-focused (denial of service via crash), the risk is classified as low. However, the fact that proof-of-concept code has been publicly released means defenders should not assume this will remain a theoretical concern.

  • CVE-2026-10233LOW 3.3

    Assimp, a popular open-source 3D model importing library, contains an out-of-bounds read vulnerability in its Half-Life 1 MDL file loader. When processing specially crafted MDL files, the vulnerability allows an attacker with local access to read memory outside intended boundaries. While the issue has been publicly disclosed, the impact is limited to information disclosure with no ability to modify or crash systems. This vulnerability requires local file system access and authenticated user privileges to trigger.

  • CVE-2026-10267LOW 3.3

    A flaw in the Janet programming language (version 1.41.0 and earlier) allows a local user to read memory beyond intended boundaries in the debug frame handling code. The vulnerability requires local system access and valid user credentials to exploit, but poses a confidentiality risk by enabling unauthorized disclosure of sensitive data in memory.

  • CVE-2026-10268LOW 3.3

    A vulnerability exists in Janet language versions up to 1.41.0 that allows an integer overflow when processing serialized fiber data. An attacker with local system access can exploit this condition to cause a denial of service by crashing the affected application. The vulnerability is not critical but represents a real risk in environments where untrusted users have local access to systems running vulnerable Janet versions.

  • CVE-2026-10295LOW 3.3

    CVE-2026-10295 is a low-severity denial-of-service vulnerability in SourceCodester Customer Review App version 1.0. By manipulating the 'name' or 'comment' parameters in the review submission functions, an attacker with local access can crash or degrade the application's availability. While an exploit has been published, the attack surface is limited because local authentication is required—this is not a remote vulnerability that can be exploited from the internet.

  • CVE-2026-10298LOW 3.3

    A null pointer dereference vulnerability exists in whisper.cpp versions up to 1.8.2, specifically in the model loading function. An attacker with local system access can trigger this flaw to cause the application to crash or become unavailable. The vulnerability requires user privileges to exploit and does not directly compromise data confidentiality or integrity. Public exploit code is available, though the impact remains limited to denial of service on the affected system.

  • CVE-2026-10528LOW 3.3

    Orthanc DICOM Server versions up to 1.12.11 contain a stack-based buffer overflow vulnerability in the DCMTK parser component. The flaw exists in the DcmItem::read function and can be triggered through malicious DICOM file manipulation. An attacker with local system access can exploit this to cause a denial of service condition. The vulnerability has been publicly disclosed with working exploit code available.

  • CVE-2026-10722LOW 3.3

    A local integer overflow vulnerability exists in Cilium eBPF's BTF (BPF Type Format) loading functionality. An attacker with local system access can manipulate offset parameters during eBPF collection loading, causing the application to miscalculate memory boundaries. While the impact is limited to denial of service on the affected system, the public disclosure means exploitation tools may become available. This is a localized threat requiring prior system access but warrants patching to maintain system stability.

  • CVE-2026-11312LOW 3.3

    A flaw in ByteDance's InfiniStore library (versions up to 0.2.33) allows a local user to trigger inefficient algorithmic behavior in the key-value map purge function. An attacker with local access can manipulate input to the purge_kv_map routine, causing the function to consume excessive CPU or processing time. The vulnerability requires local system access and valid user privileges, limiting its scope, but public exploit code now exists.

  • CVE-2026-11459LOW 3.3

    SecureAge CatchPulse versions up to 10.9.3 contain a vulnerability in the saappctl.sys driver that can leak sensitive information to authenticated local users. An attacker with a valid local account on the affected system can trigger the IOCTL handler to access data they shouldn't normally see. The vulnerability has been publicly disclosed and active exploitation is possible, though it requires legitimate access to the target machine.

  • CVE-2026-11478LOW 3.3

    CVE-2026-11478 is a denial-of-service vulnerability in the kokke tiny-regex-c library that allows a local attacker to trigger inefficient regular expression processing through the matchstar function. An attacker with local access and basic privileges can craft a malicious regex pattern that causes excessive computation, potentially slowing or stalling applications that parse untrusted regex inputs. The severity is low because exploitation requires local execution and user-level permissions, but the published exploit code means the attack method is already in the wild.

  • CVE-2026-11792LOW 3.3

    A memory corruption flaw exists in 389 Directory Server's audit logging feature. When audit logging is enabled and certain password storage conditions are met, the server can write more data than a buffer can hold, corrupting memory and producing garbled audit logs. The vulnerability requires non-standard configuration or a compromised replication partner to trigger, which limits real-world exposure.

  • CVE-2026-21027LOW 3.3

    CVE-2026-21027 is a low-severity vulnerability in Samsung's ImsSettings application that allows a local attacker with existing device access to trigger logging functions through improperly exported application components. The attack requires the attacker to already have user-level privileges on the device and does not enable data theft or system takeover—the primary risk is integrity impact through manipulation of logging behavior.

  • CVE-2026-21034LOW 3.3

    Samsung Auto versions prior to 3.1.2.61 (Android 15) and 3.2.0.38 (Android 16) contain a flaw that improperly exposes application components. A local attacker with user-level access can exploit this exposure to modify audio settings without user consent. The vulnerability is rated LOW severity and does not affect confidentiality or system availability, only the integrity of audio configuration.

  • CVE-2026-28586LOW 3.3

    CVE-2026-28586 is a local information disclosure vulnerability in Android's AppOpsService that allows an already-authenticated user to bypass permission checks and read sensitive data they shouldn't have access to. The flaw requires the attacker to already have a local account on the device; there's no way to exploit it remotely. The exposure is classified as low-severity because the data leaked is limited and no system functions are disrupted.

  • CVE-2026-45277LOW 3.3

    Nextcloud's approval workflow feature contains an information disclosure flaw that allows authenticated users to determine whether arbitrary files are connected to specific approval processes. An attacker with valid credentials can probe the system to learn if particular files have approval workflows attached, potentially revealing organizational file structures and approval dependencies that should remain confidential. The issue affects versions prior to 2.7.2 and does not require user interaction to exploit.

  • CVE-2026-45278LOW 3.3

    Nextcloud's user OIDC (OpenID Connect) module contains an open redirect vulnerability that allows attackers to craft malicious login links. When users click these links to authenticate via OIDC, they are redirected to attacker-controlled websites after logging in. This affects Nextcloud versions 6.1.0 through 8.2.1. The vulnerability has a low CVSS score because it requires user interaction and does not directly compromise confidentiality or availability.

  • CVE-2026-45324LOW 3.3

    Rizin, a reverse engineering framework used for binary analysis and code inspection, contains a double free vulnerability in its search functionality. This occurs when the same memory location is freed twice, potentially causing application crashes or unexpected behavior. The vulnerability requires physical access to the system and user interaction to trigger, making it a lower-risk issue in most operational environments.

  • CVE-2026-45455LOW 3.3

    A flaw in Microsoft Office Excel can allow an attacker to read memory that shouldn't be accessible, potentially exposing sensitive information on a local system. The vulnerability requires user interaction—someone must open a specially crafted Excel file—but once triggered, it could leak data like file contents or system details. This is a low-severity issue with no direct impact on system availability or file integrity.

  • CVE-2026-45459LOW 3.3

    Microsoft Excel has a flaw that allows someone with local access to bypass a built-in security protection mechanism. An attacker would need to trick a user into opening a specially crafted Excel file on their machine. The vulnerability exposes some information (such as file contents or formulas) but cannot be used to modify data or crash the application. This is a low-risk issue with limited real-world impact.

  • CVE-2026-45466LOW 3.3

    A flaw in Microsoft Office Word allows an attacker to trigger a heap-based buffer overflow by crafting a malicious document. When a user opens the document, sensitive information stored in the application's memory could be read by the attacker. This is a local attack—the attacker cannot exploit it remotely—and it requires user interaction to open the malicious file. The confidentiality risk is limited; no system damage or data modification occurs.

  • CVE-2026-45485LOW 3.3

    Microsoft Office contains a flaw that allows an attacker to read data from memory locations outside the intended bounds, potentially exposing sensitive information stored locally on a user's machine. The vulnerability requires local system access and user interaction (such as opening a malicious document), but does not allow the attacker to modify or delete data or crash the application. This is classified as a low-risk issue because it requires presence on the affected system and a user action to trigger exposure.

  • CVE-2026-45613LOW 3.3

    Rizin, a reverse engineering framework used by security researchers and analysts, contains a heap buffer overflow vulnerability in its OMF (Object Module Format) file parsing code. An attacker could craft a malicious OMF binary file that, when opened by a user in Rizin, could read small amounts of sensitive data from the program's memory. This requires local access and user interaction—the user must deliberately open a malicious file.

  • CVE-2026-47327LOW 3.3

    CVE-2026-47327 is a denial-of-service vulnerability in Ubuntu Linux affecting versions 6.8, 6.17, and 7.0. A NULL pointer dereference in the AppArmor notification handling code allows any unprivileged local user to crash the kernel without authentication or special permissions. The attack requires only local system access and can be triggered with a single action, causing a kernel oops that disrupts availability but does not compromise confidentiality or integrity.

  • CVE-2026-47329LOW 3.3

    Ubuntu Linux versions 6.8, 6.17, and 7.0 contain a flaw in SAUCE patches that handle AppArmor security notifications. The vulnerability stems from improper validation of the name field size in these notifications. An unprivileged local user can exploit this by sending crafted AppArmor responses that bypass validation checks, potentially leading to unexpected behavior in the kernel's handling of these security-related messages. This is a local-only issue with low severity impact.

  • CVE-2026-47330LOW 3.3

    CVE-2026-47330 is a local privilege escalation and cache poisoning vulnerability affecting Ubuntu Linux systems with AppArmor SAUCE patches. An unprivileged user can trigger uninitialized variable handling in AppArmor's notification code, causing incorrect caching of security policy responses. While the CVSS score is low (3.3), the issue undermines AppArmor's integrity by allowing cache corruption that could affect subsequent policy enforcement decisions.

  • CVE-2026-47336LOW 3.3

    Ubuntu Linux 6.8 has a bug in its AppArmor security module that could allow an unprivileged local user to bypass or weaken network socket access controls. The issue stems from an uninitialized variable in the code that mediates AF_INET and AF_INET6 (IPv4 and IPv6) socket access. While the vulnerability requires local access and does not enable data theft or system crashes, it undermines the purpose of AppArmor's fine-grained network policy enforcement, potentially allowing a local user to perform network operations that should have been restricted.

  • CVE-2026-47337LOW 3.3

    A NULL pointer dereference flaw in Ubuntu Linux kernel versions 6.8, 6.17, and 7.0 can be triggered by any unprivileged local user to crash the kernel. The vulnerability exists in socket mediation code that handles both IPv4 and IPv6 traffic. While the flaw itself does not enable data theft or system compromise, it can be exploited to cause a denial of service by forcing a kernel panic, disrupting availability for all users on the affected system.

  • CVE-2026-48156LOW 3.3

    pypdf, a popular open-source Python library for PDF handling, contains a vulnerability that allows an attacker to craft malicious PDF files that cause the library to consume excessive processing time during parsing. The issue stems from how pypdf processes cross-reference streams—a mechanism PDFs use to index internal objects—when they contain specific structural patterns. An attacker would need to trick a user or application into opening a specially crafted PDF, but once opened, the library can hang or freeze during PDF processing, resulting in a denial-of-service condition on that system.

  • CVE-2026-49383LOW 3.3

    CVE-2026-49383 is a low-severity vulnerability in JetBrains IntelliJ IDEA's UI Designer form parser that could allow local attackers to read sensitive information from a user's system. The vulnerability requires user interaction—specifically opening a malicious or compromised form file in the IDE—and affects versions prior to 2026.1. The exposure is limited to information disclosure; the vulnerability does not enable code execution or system modification.

  • CVE-2026-49497LOW 3.3

    Ghidra, the NSA's reverse-engineering framework, contains a path traversal flaw in its debug symbol handler. When you open a malicious ELF binary, Ghidra automatically tries to load debugging information referenced in the binary's .gnu_debuglink section. An attacker can craft that section with path traversal sequences (like "../") to trick Ghidra into checking whether arbitrary files exist on your system and leaking their CRC32 checksums. This is a local attack—the attacker needs you to open a malicious file—but it can reveal information about your system's filesystem structure and contents.

  • CVE-2024-42206LOW 3.1

    HCL iReflection contains third-party components that are vulnerable and outdated, creating a potential integrity risk within the web application. An authenticated user with low privileges could potentially exploit this condition, though the attack surface is constrained by difficult environmental conditions and limited authentication requirements.

  • CVE-2025-52608LOW 3.1

    HCL iControl contains a cookie security misconfiguration that leaves session identifiers and authentication tokens vulnerable to interception and cross-site request forgery attacks. The vulnerability stems from the absence of the Secure and SameSite cookie attributes, combined with an overly permissive cookie path set to root. While the immediate risk is moderate, this configuration flaw can enable attackers to hijack user sessions or trick authenticated users into performing unintended actions.

  • CVE-2025-52611LOW 3.1

    HCL iControl v4.0.0 contains a vulnerability where the application crashes and exposes internal error messages, including stack traces, when certain code paths are triggered. The underlying cause is a programming error where the application attempts to access a property (the 'dashboard key') from an object that hasn't been properly initialized or is missing entirely. While an attacker would need valid login credentials to trigger this issue, the exposure of stack trace information could help them understand the application's internal structure and identify further attack vectors.

  • CVE-2026-10011LOW 3.1

    A flaw in Chrome's Skia graphics library could allow an attacker who has already compromised Chrome's renderer process to extract sensitive data from websites you visit. The attacker would need to serve you a specially crafted web page to perform the attack. While the underlying issue received a High severity rating from Chromium, the overall exploitability is limited because it requires both renderer compromise and user interaction, making it a low-risk vulnerability in practical terms.

  • CVE-2026-10565LOW 3.1

    A race condition vulnerability has been discovered in Open5GS versions up to 2.7.6 that affects the NGAP Handover security mode processing function. The flaw allows an authenticated attacker to trigger a timing-dependent race condition that results in a denial-of-service condition. While a public exploit exists, successful exploitation requires specific conditions and careful timing, making real-world attacks difficult to execute reliably.

  • CVE-2026-10705LOW 3.1

    Dask, a Python library for parallel computing and distributed data processing, contains a resource exhaustion vulnerability in its HyperLogLog (approximate distinct count) functionality. An authenticated remote attacker can trigger excessive resource consumption through the nunique_approx function, potentially degrading system availability. The flaw requires significant attack complexity and specific preconditions, making real-world exploitation difficult despite being theoretically possible.

  • CVE-2026-11240LOW 3.1

    CVE-2026-11240 is a low-severity input validation flaw in Google Chrome's Loader component that allows a remote attacker to bypass the browser's site isolation security feature, but only if they have already compromised the renderer process. Site isolation is Chrome's defense mechanism that runs each website in a separate process to prevent one compromised site from accessing data from another. An attacker would need to deliver a specially crafted HTML page to exploit this, making it a post-compromise risk rather than a direct remote code execution vector. The vulnerability affects Chrome versions prior to 149.0.7827.53.

  • CVE-2026-11244LOW 3.1

    CVE-2026-11244 is a low-severity flaw in Google Chrome's WebAuthentication feature that allows inadequate validation of user-supplied input. An attacker with prior access to Chrome's renderer process—the component responsible for displaying web pages—could craft a malicious HTML page to circumvent the browser's same-origin policy, a fundamental security boundary that prevents scripts from one website accessing data from another. This is not a direct remote code execution and requires both renderer process compromise and user interaction to succeed.

  • CVE-2026-11247LOW 3.1

    A flaw in Google Chrome's CustomTabs feature on Android allows an attacker to leak data across website boundaries through a specially crafted webpage. The vulnerability requires user interaction and is difficult to exploit, affecting Android devices running Chrome versions before 149.0.7827.53. While the risk is low, it represents a potential privacy leak in a widely used mobile browser component.

  • CVE-2026-11251LOW 3.1

    A flaw in Chrome's password manager allows a sophisticated attacker to read stored password information if they can first compromise Chrome's renderer process through a malicious web page. The vulnerability requires multiple conditions to exploit: the attacker must already control the rendering engine, the user must interact with the page, and the attack surface is limited to sensitive credential disclosure. Chrome versions before 149.0.7827.53 are affected. This is not a zero-click issue and does not allow code execution or system-level access.

  • CVE-2026-11464LOW 3.1

    JeecgBoot versions up to 3.9.2 contain a vulnerability in the User List Endpoint that allows authenticated users to disclose sensitive information by manipulating a salt parameter. An attacker with valid credentials can exploit this flaw to access restricted data, though doing so requires specific conditions and technical knowledge. A fix is planned for a future release.