Skip to main content
CVE-2026-1813 LOW POC Monitor

Unrestricted file upload in Bolo Solo up to version 2.6.4 allows authenticated remote attackers to upload arbitrary files via the FreeMarker Template Handler component. Public exploit code exists for this vulnerability, and the vendor has not yet released a patch despite early notification. An attacker with valid credentials can achieve limited confidentiality, integrity, and availability impacts.

Java Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-1884 LOW POC Monitor

ZenTao versions up to 21.7.6-85642 contain a server-side request forgery vulnerability in the Webhook Module's fetchHook function that allows remote attackers to initiate requests from the affected server. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

PHP SSRF
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-22873 LOW PATCH Monitor

It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. [CVSS 3.8 LOW]

Path Traversal Go
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-2134 LOW Monitor

Jazz Reporting Service versions up to 7.0.3 contains a vulnerability that allows attackers to an authenticated user on the network to affect the system's performance using co (CVSS 3.5).

IBM
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-27550 LOW Monitor

Jazz Reporting Service versions up to 7.0.3 contains a vulnerability that allows attackers to an authenticated user on the host network to obtain sensitive information about (CVSS 3.5).

IBM
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-1823 LOW Monitor

Jazz Reporting Service versions up to 7.0.3 is affected by allocation of resources without limits or throttling (CVSS 3.5).

IBM Denial Of Service
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-20730 LOW Monitor

A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated [CVSS 3.3 LOW]

Windows
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-20732 LOW Monitor

Big-Ip Access Policy Manager is affected by user interface (ui) misrepresentation of critical information (CVSS 3.1).

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +17
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2026-1791 LOW Monitor

Hillstone Networks Operation and Maintenance Security Gateway on Linux is affected by unrestricted upload of file with dangerous type (CVSS 2.7).

Linux
NVD
CVSS 3.1
2.7
EPSS
0.1%
CVE-2026-25517 LOW PATCH Monitor

Wagtail is an open source content management system built on Django. [CVSS 2.7 LOW]

Django
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-1835 LOW Monitor

lcg0124 BootDo is susceptible to cross-site request forgery (CSRF) attacks due to insufficient request validation, allowing remote attackers to perform unauthorized actions on behalf of authenticated users. Public exploit code exists for this vulnerability, though no patch is currently available. The rolling release model used by this product complicates version tracking for affected and patched instances.

CSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy