Skip to main content
CVE-2026-2008 LOW POC Monitor

Code injection in Fermat's eqn_chart function allows authenticated remote attackers to execute arbitrary code by manipulating equation arguments. Public exploit code exists for this vulnerability, and the developers have not yet released a patch despite early notification. The attack requires valid credentials but no user interaction, affecting all versions up to the latest rolling release commit.

Code Injection Fermat
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2065 LOW POC Monitor

Smart Pixelator 2.0's Bluetooth Low Energy interface lacks proper authentication controls, allowing unauthenticated attackers on the local network to manipulate device functionality and potentially compromise confidentiality and integrity. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification.

Authentication Bypass Smart Pixelator Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2015 LOW POC Monitor

I-Educar versions up to 2.10. contains a vulnerability that allows attackers to improper authorization (CVSS 6.3).

PHP Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2009 LOW POC Monitor

Gas Agency Management System versions up to 1.0 contains a vulnerability that allows attackers to improper access controls (CVSS 6.3).

PHP Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2000 LOW POC Monitor

Remote command injection in DCN DCME-320 web management interface allows authenticated attackers to execute arbitrary commands through manipulation of the ip_list parameter in the bridge configuration function. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor. The attack requires high-level privileges but can be executed over the network without user interaction.

PHP Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2026-2063 LOW POC Monitor

D-Link DIR-823X routers are vulnerable to remote command injection through the Web Management Interface's /goform/set_ac_server endpoint, allowing unauthenticated attackers to execute arbitrary OS commands. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. A patch is not currently available, leaving affected devices exposed until remediation.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2026-2061 LOW POC Monitor

D-Link DIR-823X firmware versions up to 250416 contain an OS command injection vulnerability in the IPv6 configuration endpoint that allows authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires administrative privileges but can be executed over the network with no user interaction required.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2026-2064 LOW POC Monitor

A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. [CVSS 3.5 LOW]

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-1971 LOW POC Monitor

A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wiz_WISP24gmanual of the file wiz_WISP24gmanual.asp. [CVSS 2.4 LOW]

XSS Br 6288Acl Firmware
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-1998 LOW POC PATCH Monitor

A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. [CVSS 3.3 LOW]

Buffer Overflow Micropython
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-1991 LOW POC Monitor

A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. [CVSS 3.3 LOW]

Denial Of Service Libuvc
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2016 LOW POC PATCH Monitor

Stack-based buffer overflow in libfastcommon's base64_decode function allows local attackers with user-level privileges to corrupt memory and potentially execute arbitrary code. Public exploit code exists for this vulnerability affecting libfastcommon versions up to 1.0.84. A patch is available and should be applied immediately to mitigate the risk.

Buffer Overflow Libfastcommon
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-1979 LOW POC PATCH Monitor

Use-after-free memory corruption in mruby up to version 3.4.0 within the JMPNOT-to-JMPIF optimization logic allows local attackers with user-level privileges to corrupt memory and potentially execute arbitrary code. Public exploit code exists for this vulnerability, and a patch is available. Affected systems should apply the available security update promptly.

Buffer Overflow Denial Of Service Mruby
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2069 LOW POC Monitor

A flaw has been found in ggml-org llama.cpp versions up to 55 is affected by buffer overflow (CVSS 3.3).

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2010 LOW POC PATCH Monitor

Improper authorization in Sanluan PublicCMS versions up to 4.0.202506.d, 5.202506.d, and 6.202506.d allows authenticated attackers to manipulate the paymentId parameter in the Trade Payment Handler, potentially leading to integrity and availability impacts. Public exploit code exists for this vulnerability, though exploitation requires high complexity and specific conditions. A patch is available and should be applied promptly to affected Java-based deployments.

Java Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.1%
CVE-2026-23738 LOW Monitor

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using ast_str_append. [CVSS 3.5 LOW]

XSS Asterisk Certified Asterisk
NVD GitHub
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-25764 LOW Monitor

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. [CVSS 3.5 LOW]

XSS Openproject
NVD GitHub
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-15320 LOW Monitor

Tanium addressed a denial of service vulnerability in Tanium Client. [CVSS 3.3 LOW]

Denial Of Service Tanium
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-25724 LOW PATCH Monitor

Claude Code versions prior to 2.1.7 allow unauthorized file access by bypassing deny rules through symbolic link traversal, enabling attackers to read restricted files that administrators explicitly blocked. An attacker with access to the system can exploit this vulnerability to access sensitive files like /etc/passwd by leveraging symlinks that point to denied resources. This vulnerability affects AI/ML tools using Claude Code and currently has no available patch.

Information Disclosure Claude Code
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2026-1977 LOW Monitor

Unauthenticated code injection in isaacwasserman mcp-vegalite-server's visualize_data function allows remote attackers with valid credentials to execute arbitrary code by manipulating the vegalite_specification parameter. Public exploit code exists for this vulnerability. No patch is currently available, and the project has not responded to early notification of the issue.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-25729 LOW PATCH Monitor

DeepAudit is a multi-agent system for code vulnerability discovery. [CVSS 6.5 MEDIUM]

Authentication Bypass Deepaudit
NVD GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-23739 LOW Monitor

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the ast_xml_open() function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing. Specifically, it invokes xmlReadFile() with the XML_PARSE_NOENT flag and later processes XIncludes via xmlXIncludeProcess().If any untrusted or user-supplied XML file is passed to this function, it can ...

XXE Asterisk Certified Asterisk
NVD GitHub
CVSS 3.1
2.0
EPSS
0.1%
CVE-2026-1990 LOW Monitor

A security vulnerability has been detected in oatpp versions up to 1.3.1. is affected by improper resource shutdown or release (CVSS 3.3).

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy