Skip to main content
CVE-2026-1414 LOW POC Monitor

Operation And Maintenance Security Management System versions up to 3.0.12. contains a vulnerability that allows attackers to command injection (CVSS 6.3).

Command Injection Operation And Maintenance Security Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-1423 LOW POC Monitor

Unrestricted file upload in code-projects Online Examination System 1.0 via the /admin_pic.php endpoint allows authenticated remote attackers to upload arbitrary files with minimal complexity. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could enable code execution or system compromise depending on server configuration and file handling.

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-1419 LOW POC Monitor

Dcs-700L Firmware versions up to 1.03.09 contains a vulnerability that allows attackers to command injection (CVSS 4.7).

D-Link Command Injection
NVD VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2026-1424 LOW POC Monitor

Unrestricted file upload in PHPGurukul News Portal 1.0's profile picture handler allows remote attackers to upload arbitrary files with high-level privileges. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker could potentially upload malicious files to compromise the application or underlying system.

File Upload Authentication Bypass News Portal
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-1421 LOW POC Monitor

A vulnerability has been found in code-projects Online Examination System 1.0. Affected is an unknown function of the component Add Pages. [CVSS 3.5 LOW]

XSS Online Examination System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-1415 LOW POC PATCH Monitor

A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. [CVSS 3.3 LOW]

Denial Of Service Gpac
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-1418 LOW POC PATCH Monitor

Out-of-bounds write in GPAC's SRT subtitle import functionality (versions up to 2.4.0) allows local attackers with user privileges to corrupt memory and potentially execute arbitrary code. Public exploit code exists for this vulnerability, and a patch is available. Local access is required to exploit this flaw, limiting the attack surface to authenticated users on the affected system.

Buffer Overflow Gpac
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-1417 LOW POC PATCH Monitor

A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. [CVSS 3.3 LOW]

Denial Of Service Gpac
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-1416 LOW POC PATCH Monitor

A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. [CVSS 3.3 LOW]

Denial Of Service Gpac
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-1409 LOW POC Monitor

A security vulnerability has been detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack on the physical device. The attack's complexity is rated as high. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this di...

Information Disclosure 777vr1 Firmware
NVD GitHub VulDB
CVSS 4.0
0.3
EPSS
0.0%
CVE-2026-24656 LOW PATCH Monitor

Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. [CVSS 3.7 LOW]

Apache Deserialization
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-57784 LOW Monitor

Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client. [CVSS 3.3 LOW]

Information Disclosure Hiawatha
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-9615 LOW Monitor

A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. [CVSS 3.3 LOW]

Information Disclosure
NVD VulDB
CVSS 3.0
3.3
EPSS
0.0%
CVE-2026-1190 LOW Monitor

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. [CVSS 3.1 LOW]

Denial Of Service
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-0925 LOW Monitor

Tanium addressed an improper input validation vulnerability in Discover. [CVSS 2.7 LOW]

Information Disclosure Discover
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-1413 LOW Monitor

Operation And Maintenance Security Management System versions up to 3.0.12. contains a security vulnerability (CVSS 6.3).

Command Injection Operation And Maintenance Security Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-1445 LOW Monitor

Unrestricted file upload in iJason-Liu Books_Manager allows authenticated attackers with high privileges to upload arbitrary files via the book_cover parameter in the upload_bookCover.php controller. Public exploit code exists for this vulnerability, increasing the risk of exploitation. A patch is not currently available for this rolling-release product.

PHP Authentication Bypass File Upload
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-1444 LOW Monitor

A vulnerability has been found in iJason-Liu Books_Manager versions up to 298 is affected by cross-site scripting (xss) (CVSS 2.4).

PHP XSS
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy