Skip to main content
CVE-2026-1062 LOW POC Monitor

Teamwork Management System versions up to 2.28.0. is affected by server-side request forgery (ssrf) (CVSS 6.3).

Java SSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-1061 LOW POC Monitor

Unrestricted file upload in Teamwork Management System (TMS) versions up to 2.28.0 allows authenticated attackers to upload malicious files by manipulating the filename parameter in the FileController. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for organizations using affected versions.

Java Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-1049 LOW POC Monitor

A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. [CVSS 3.5 LOW]

XSS Ligerosmart
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-1048 LOW POC Monitor

A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketZoom. [CVSS 3.5 LOW]

XSS Ligerosmart
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-0519 LOW Monitor

Secure Access versions up to 14.20 is affected by insertion of sensitive information into log file (CVSS 3.4).

Information Disclosure Secure Access
NVD
CVSS 3.1
3.4
EPSS
0.0%
CVE-2026-0682 LOW Monitor

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audio_url' parameter. [CVSS 2.2 LOW]

WordPress SSRF
NVD
CVSS 3.1
2.2
EPSS
0.0%
CVE-2026-1066 LOW Monitor

Kodbox versions up to 1.61.10 contain a command injection vulnerability in the compression handler component that allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor.

Command Injection Kodbox
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-1064 LOW Monitor

Bastillion up to version 4.0.1 contains a command injection vulnerability in the System Management Module that allows remote attackers with high privileges to execute arbitrary commands. Public exploit code exists for this vulnerability, and the vendor has not provided a patch. The impact is limited to low-level confidentiality, integrity, and availability compromise.

Java Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.3%
CVE-2026-1063 LOW Monitor

Command injection in Bastillion's public key management system (versions up to 4.0.1) allows remote attackers with high privileges to execute arbitrary commands through the AuthKeysKtrl.java component. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor. The attack requires network access and high-level authentication but carries minimal complexity once access is obtained.

Java Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy