Skip to main content
CVE-2026-1118 LOW POC Monitor

SQL injection in itsourcecode Society Management System 1.0 allows authenticated attackers to manipulate the Title parameter in /admin/add_activity.php, enabling remote data exfiltration, modification, or denial of service. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-1112 LOW POC Monitor

PublicCMS versions up to 5.202506.d contain an authorization bypass in the Trade Address Deletion endpoint that allows authenticated attackers to manipulate request parameters and delete arbitrary trade addresses. The vulnerability is network-accessible, requires valid credentials, and has public exploit code available with no patch currently provided. An attacker with legitimate access could leverage this flaw to perform unauthorized data deletion affecting the trade functionality.

Java Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-1107 LOW POC Monitor

Unrestricted file upload in EyouCMS versions up to 1.7.1/5.0 allows authenticated remote attackers to upload arbitrary files through manipulation of the viewfile parameter in the Member Avatar Handler component. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. An authenticated attacker could leverage this to upload malicious files and potentially achieve remote code execution.

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-1111 LOW POC Monitor

Path traversal in Sanluan PublicCMS up to version 5.202506.d allows remote attackers with high privileges to manipulate the path parameter in the Task Template Management handler, enabling unauthorized file access or manipulation. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Java Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2025-15536 LOW POC PATCH Monitor

A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. [CVSS 5.3 MEDIUM]

Buffer Overflow Open Chinese Convert
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2025-15538 LOW POC PATCH Monitor

A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. [CVSS 5.3 MEDIUM]

Buffer Overflow Denial Of Service Assimp
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-15537 LOW POC Monitor

A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. [CVSS 5.3 MEDIUM]

Buffer Overflow Mapnik
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-15534 LOW POC PATCH Monitor

A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. [CVSS 5.3 MEDIUM]

Buffer Overflow Raylib
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-1110 LOW POC Monitor

Librtsp versions up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04 contain a buffer overflow in the rtsp_parse_method function that allows local attackers with user-level privileges to corrupt memory and potentially execute arbitrary code. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

Buffer Overflow Librtsp
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-1109 LOW POC Monitor

Buffer overflow in cijliu librtsp's rtsp_parse_request function allows local attackers with user privileges to achieve limited confidentiality and integrity impact. Public exploit code exists for this vulnerability, though no patch is currently available and rolling releases make version tracking difficult.

Buffer Overflow Librtsp
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-1108 LOW POC Monitor

Buffer overflow in the rtsp_rely_dumps function of librtsp allows local attackers with user privileges to corrupt memory and potentially execute arbitrary code. Public exploit code exists for this vulnerability, though the vendor has not provided patches despite early notification. The affected library uses rolling releases, making it difficult to determine specific vulnerable versions.

Buffer Overflow Librtsp
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-15533 LOW POC PATCH Monitor

A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. [CVSS 5.3 MEDIUM]

Buffer Overflow Raylib
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-1126 LOW Monitor

Unrestricted file upload in lwj flow's SVG File Handler (FormResource.java) allows authenticated remote attackers to upload arbitrary files due to insufficient input validation on the File parameter. Public exploit code exists for this vulnerability, and the maintainers have not yet released a patch despite early notification. Affected installations using Java should restrict file upload functionality until an update is available.

Java Authentication Bypass File Upload
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-1106 LOW Monitor

Improper authorization in Chamilo LMS up to 2.0.0 Beta 1 allows authenticated users to manipulate the userId parameter in the Legal Consent Handler's deleteLegal function, enabling unauthorized modification or deletion of legal consent records. Public exploit code exists for this vulnerability, and no patch is currently available. The vendor has not responded to disclosure attempts.

PHP Information Disclosure
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15535 LOW Monitor

A security flaw has been discovered in nicbarker clay versions up to 0.14. is affected by improper resource shutdown or release (CVSS 3.3).

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy