5.7
CVE-2026-26933 - Improper Validation of Array Index in Packetbeat Leading to Denial of Service
Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-ofβ¦
5.7
CVE-2026-26931 - Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service
Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation (CAPEC-130).
2.1
CVE-2026-1005 - Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt path
Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket. The underflow wraps a 16-bit length to a large vaβ¦
2.2
CVE-2026-0819 - Stack buffer overflow in PKCS7 SignedData encoding with custom signed attributes
A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wc_PKCS7_BuildSignedAttributes(), when adding custom signed attributes, the code passes an incorrect capacity value (esd->signedAttribsCount) to EncodeAttributes() instead of the remaining availablβ¦
0.0
CVE-2026-3029 - CVE-2026-3029
A path traversal and arbitrary file write vulnerability exist in the embedded get function in '_main_.py' in PyMuPDF version, 1.26.5.
5.1
CVE-2026-32869 - OPEXUS eComplaint and eCASE XSS via Name of Organization field
OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of Organization" field when filling out case information. An authenticated attacker can inject an XSS payload which is executed in the context of a victim's session when they visit the case information pβ¦
5.1
CVE-2026-32868 - OPEXUS eComplaint and eCASE XSS via my information
OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS payload in the first and last name fields. The payload is executed when the full name is rendered. Thβ¦
5.3
CVE-2026-32867 - OPEXUS eComplaint unauthenticated file upload
OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage.
5.1
CVE-2026-32866 - OPEXUS eComplaint and eCase stored XSS via profile first and last name
OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a user profile. An authenticated attacker can inject parts of an XSS payload in their first and last name fields. The payload is executed when the user's full name is rendered. The atβ¦
9.2
CVE-2026-32865 - OPEXUS eComplaint and eCase insecure password reset
OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing securitβ¦