Skip to main content
CVE-2026-1548 LOW POC Monitor

Command injection in Totolik A7000R firmware (version 4.1cu.4154) via the CloudACManualUpdateUserdata function allows authenticated remote attackers to execute arbitrary commands through a crafted url parameter. Public exploit code exists for this vulnerability and no patch is currently available.

Command Injection A7000r Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-1547 LOW POC Monitor

Command injection in Totolik A7000R firmware allows authenticated remote attackers to execute arbitrary commands through the plugin_name parameter in the setUnloadUserData function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and valid credentials but no user interaction.

Command Injection A7000r Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-1544 LOW POC Monitor

D-Link DIR-823X routers are vulnerable to remote command injection through the lan_gateway parameter in the /goform/set_mode function, allowing authenticated attackers to execute arbitrary OS commands. Public exploit code is available for this vulnerability, and affected devices are no longer receiving security updates from the vendor. The attack requires network access and valid credentials but has a low CVSS score of 6.3 due to limited impact scope.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-1546 LOW POC Monitor

SQL injection in jshERP up to version 3.6 allows authenticated remote attackers to manipulate the barCodes parameter in the DepotItem import function, potentially enabling unauthorized data access or modification. Public exploit code exists for this vulnerability, and no patch is currently available. The vendor has not responded to early notification of this issue.

SQLi Jsherp
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-1550 LOW POC Monitor

Improper authorization in PHPGurukul Hospital Management System 1.0 allows authenticated attackers to manipulate the Admin Dashboard Page and gain unauthorized access to sensitive functionality. Public exploit code exists for this vulnerability, and no patch is currently available. The network-accessible flaw requires only valid credentials to exploit, enabling attackers to bypass access controls with low complexity.

Information Disclosure Hospital Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-1549 LOW POC Monitor

jshERP versions up to 3.6 contain a path traversal vulnerability in the PluginController's file upload functionality that allows authenticated attackers to read arbitrary files on the server. Public exploit code exists for this vulnerability, and the vendor has not yet released a patch despite being notified of the issue.

Path Traversal Jsherp
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-1533 LOW POC Monitor

SQL injection in Online Music Site 1.0's AdminAddCategory.php allows remote attackers with high privileges to execute arbitrary SQL queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-1532 LOW POC Monitor

A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. [CVSS 2.4 LOW]

D-Link Path Traversal File Upload
NVD VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-1520 LOW POC Monitor

A vulnerability was identified in rethinkdb versions up to 2.4.3. is affected by cross-site scripting (xss) (CVSS 2.4).

XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-23553 LOW PATCH Monitor

In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. [CVSS 2.9 LOW]

Linux
NVD
CVSS 3.1
2.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy