6.5
CVE-2026-26939 - Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration
Missing Authorization (CWE-862) in Kibanaβs server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration (host isolation, process termination, and process suspension) via CAPEC-1 (Accessing Functionality Not Properly Constrained by ACLs). This requires an auβ¦
5.5
CVE-2026-2645 - Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2
In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vulnβ¦
5.7
CVE-2026-26933 - Improper Validation of Array Index in Packetbeat Leading to Denial of Service
Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-ofβ¦
5.7
CVE-2026-26931 - Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service
Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation (CAPEC-130).
2.1
CVE-2026-1005 - Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt path
Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket. The underflow wraps a 16-bit length to a large vaβ¦
2.2
CVE-2026-0819 - Stack buffer overflow in PKCS7 SignedData encoding with custom signed attributes
A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wc_PKCS7_BuildSignedAttributes(), when adding custom signed attributes, the code passes an incorrect capacity value (esd->signedAttribsCount) to EncodeAttributes() instead of the remaining availablβ¦
0.0
CVE-2026-3029 - CVE-2026-3029
A path traversal and arbitrary file write vulnerability exist in the embedded get function in '_main_.py' in PyMuPDF version, 1.26.5.
5.1
CVE-2026-32869 - OPEXUS eComplaint and eCASE XSS via Name of Organization field
OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of Organization" field when filling out case information. An authenticated attacker can inject an XSS payload which is executed in the context of a victim's session when they visit the case information pβ¦
5.1
CVE-2026-32868 - OPEXUS eComplaint and eCASE XSS via my information
OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS payload in the first and last name fields. The payload is executed when the full name is rendered. Thβ¦
5.3
CVE-2026-32867 - OPEXUS eComplaint unauthenticated file upload
OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage.