Skip to main content
CVE-2026-1812 LOW POC Monitor

Path traversal in Bolo Solo up to version 2.6.4 allows authenticated attackers to manipulate file path arguments in the backup import function, potentially accessing or modifying arbitrary files on the affected system. Public exploit code exists for this vulnerability, and the maintainers have not yet released a patch despite early notification. The attack requires valid credentials but can be executed remotely over the network.

Java Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-1810 LOW POC Monitor

Path traversal in Bolo Solo up to version 2.6.4 allows authenticated attackers to manipulate ZIP file extraction operations in the BackupService component, potentially reading or writing arbitrary files on the affected system. Public exploit code is available for this vulnerability, and the vendor has not yet provided a patch despite early notification.

Java Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-1811 LOW POC Monitor

Path traversal in Bolo Solo's importFromMarkdown function allows authenticated attackers to manipulate file paths and access arbitrary files on affected systems. The vulnerability affects Bolo Solo versions up to 2.6.4 and requires valid credentials but no user interaction to exploit. Public exploit code exists for this vulnerability, and no patch is currently available.

Java Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-52623 LOW Monitor

HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. [CVSS 3.7 LOW]

Authentication Bypass Aion
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-52631 LOW Monitor

HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. [CVSS 3.7 LOW]

Information Disclosure Aion
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-52629 LOW Monitor

HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0. [CVSS 3.7 LOW]

XSS Aion
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-25224 LOW PATCH Monitor

Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream (or Response with a Web Stream body) via reply.send() are impacted. A slow or non-reading client can trigger unbounded buffering when backpressure is ignored, leading to process crashes or severe degradation. This issue has been patched in...

Node.js Denial Of Service
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-24934 LOW Monitor

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. [CVSS 3.7 LOW]

Authentication Bypass Data Master
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-67852 LOW PATCH Monitor

A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. [CVSS 3.5 LOW]

Moodle Information Disclosure Open Redirect
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-33081 LOW Monitor

IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user. [CVSS 3.3 LOW]

IBM
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-52633 LOW Monitor

HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. [CVSS 3.1 LOW]

Authentication Bypass Aion
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-61634 LOW Monitor

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Rest/Handler/PageHTMLHandler.Php.

PHP Path Traversal
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-24513 LOW PATCH Monitor

A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration. [CVSS 3.1 LOW]

Nginx
NVD GitHub
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-61643 LOW Monitor

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php.

PHP Information Disclosure
NVD VulDB
CVSS 4.0
2.7
EPSS
0.0%
CVE-2025-58381 LOW Monitor

Fabric Operating System versions up to 9.2.1 contains a vulnerability that allows attackers to an authenticated attacker with admin privileges using the shell commands “sour (CVSS 2.3).

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
2.3
EPSS
0.0%
CVE-2025-58380 LOW Monitor

Fabric Operating System versions up to 9.2.1 contains a vulnerability that allows attackers to an authenticated attacker with admin privileges using the shell command “grep” t (CVSS 2.3).

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
2.3
EPSS
0.0%
CVE-2025-61641 LOW Monitor

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php.

PHP Path Traversal
NVD VulDB
CVSS 4.0
1.7
EPSS
0.0%
CVE-2025-61658 LOW Monitor

Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/GlobalContributions/GlobalContributionsPager.Php.

PHP Path Traversal
NVD
CVSS 4.0
1.3
EPSS
0.1%
CVE-2025-67476 LOW Monitor

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php.

PHP Information Disclosure
NVD
CVSS 4.0
1.3
EPSS
0.0%
CVE-2025-61646 LOW Monitor

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php.

PHP Path Traversal
NVD VulDB
CVSS 4.0
1.2
EPSS
0.1%
CVE-2025-61647 LOW Monitor

Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Api/Rest/Handler/UserInfoHandler.Php.

PHP Path Traversal
NVD
CVSS 4.0
0.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy