Skip to main content
CVE-2026-1203 LOW POC Monitor

Improper authentication in CRMEB up to version 5.6.3 allows remote attackers to manipulate the uid parameter in the LoginServices.php token handler to bypass authentication, despite requiring high complexity. Public exploit code exists for this vulnerability, though no patch is currently available from the vendor.

PHP Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2026-1196 LOW POC Monitor

A security vulnerability has been detected in MineAdmin 1.x/2.x. Affected is an unknown function of the file /system/getFileInfoById. [CVSS 3.1 LOW]

Information Disclosure Mineadmin
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2026-1195 LOW POC Monitor

MineAdmin 1.x and 2.x contains insufficient JWT token verification in the /system/refresh endpoint, allowing authenticated remote attackers to tamper with token data and potentially escalate privileges or bypass security controls. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. Exploitation requires authenticated access and specific conditions, resulting in a medium severity rating with limited immediate impact.

Information Disclosure Mineadmin
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2026-1197 LOW POC Monitor

A vulnerability was detected in MineAdmin 1.x/2.x. Affected by this vulnerability is an unknown functionality of the file /system/downloadById. [CVSS 3.1 LOW]

Information Disclosure Mineadmin
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2025-36411 LOW Monitor

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. [CVSS 3.5 LOW]

IBM CSRF
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-36410 LOW Monitor

Applinx versions up to 11.1.0 contains a vulnerability that allows attackers to an authenticated user to perform unauthorized administrative actions on the serv (CVSS 3.1).

IBM
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-21977 LOW Monitor

Vulnerability in the Oracle Zero Data Loss Recovery Appliance Software product of Oracle Zero Data Loss Recovery Appliance (component: Security). Supported versions that are affected are 23.1.0-23.1.202509. [CVSS 3.1 LOW]

Oracle
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-21947 LOW CISA Monitor

Vulnerability in Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u471-b50. [CVSS 3.1 LOW]

Oracle Java XSS
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-21965 LOW Monitor

Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a partial denial of service (partial DOS) of MySQL (CVSS 2.7).

Oracle MySQL MSSQL Denial Of Service
NVD VulDB
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-21640 LOW Monitor

HackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error. [CVSS 2.7 LOW]

PHP
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-21930 LOW Monitor

Sun Zfs Storage Appliance Kit versions up to 8.8.0 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle ZFS Storage Appli (CVSS 2.3).

Oracle
NVD
CVSS 3.1
2.3
EPSS
0.0%
CVE-2026-1218 LOW Monitor

XXE injection in Bjskzy Zhiyou ERP through the RichClientService component allows authenticated attackers to read sensitive files and manipulate XML data from the network. Public exploit code exists for this vulnerability affecting versions up to 11.0, and the vendor has not provided a patch despite early disclosure notification.

XXE
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy