Skip to main content
CVE-2026-2110 LOW POC Monitor

A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of excessive authentication attempts. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit has been released to the public and may be used for attacks. This pro...

PHP Information Disclosure
NVD VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2026-2111 LOW POC Monitor

Path traversal in JeecgBoot's Retrieval-Augmented Generation Module (versions up to 3.9.0) allows authenticated remote attackers to access arbitrary files through manipulation of the filePath parameter in the /airag/knowledge/doc/edit endpoint. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Path Traversal Jeecg Boot
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2105 LOW POC Monitor

Improper authorization in the Department Management component of yeqifu Warehouse allows authenticated users to manipulate department operations (add, update, delete) without proper access controls. Public exploit code exists for this vulnerability, which can be leveraged remotely by attackers with valid credentials. No patch is currently available from the vendor.

Java Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2079 LOW POC Monitor

Improper authorization in the Menu Management component of Yeqifu Warehouse allows authenticated remote attackers to manipulate menu operations (add, update, delete) without proper access controls. Public exploit code exists for this vulnerability, and the maintainers have not yet released a patch despite early notification. The flaw affects Java-based deployments running the vulnerable commit and could enable unauthorized administrative actions.

Java Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2078 LOW POC Monitor

Improper authorization in the Permission Management component of yeqifu Warehouse allows authenticated remote attackers to manipulate permission-related functions (addPermission, updatePermission, deletePermission) and gain unauthorized access or modify system permissions. Public exploit code exists for this vulnerability, and no patch is currently available. The vulnerability affects Java-based Warehouse deployments with a CVSS score of 6.3.

Java Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2077 LOW POC Monitor

Improper authorization in yeqifu Warehouse's Role Management Handler (addRole/updateRole/deleteRole functions) allows authenticated remote attackers to perform unauthorized privilege escalation and data manipulation. Public exploit code exists for this vulnerability, and the vendor has not released a patch or responded to disclosure. An attacker with valid credentials can bypass authorization controls to modify system roles and access restrictions.

Java Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2076 LOW POC Monitor

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. [CVSS 6.3 MEDIUM]

Java Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2074 LOW POC Monitor

O2OA versions up to 9.0.0 contain an XML external entity (XXE) injection vulnerability in the /x_program_center/jaxrs/mpweixin/check HTTP POST handler that allows authenticated remote attackers to read sensitive files or conduct denial-of-service attacks. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. The attack requires valid credentials but can be executed over the network without user interaction.

XXE O2oa
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2107 LOW POC Monitor

Improper authorization in the yeqifu Warehouse Log Info Handler allows authenticated remote attackers to access, modify, or delete log information through the loadAllLoginfo, deleteLoginfo, and batchDeleteLoginfo functions. Public exploit code exists for this vulnerability, and the developers have not yet released a patch despite early notification. Java-based deployments using affected versions are at risk of unauthorized log manipulation by authenticated users.

Java Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2106 LOW POC Monitor

Improper authorization in Yeqifu Warehouse's Notice Management component allows authenticated users to perform unauthorized operations on notice records through the addNotice, updateNotice, deleteNotice, and batchDeleteNotice functions. Public exploit code exists for this vulnerability, and the vendor has not yet responded to the disclosure. An attacker with valid credentials can remotely manipulate notice data, compromising the confidentiality, integrity, and availability of the application.

Java Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2075 LOW POC Monitor

Improper access control in the Role-Permission Binding Handler of yeqifu Warehouse allows authenticated remote attackers to modify role permissions through the saveRolePermission function, potentially gaining unauthorized access to sensitive operations. Public exploit code exists for this vulnerability, and the vendor has not yet released a patch despite early notification of the issue.

Java Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2109 LOW POC Monitor

Coco Annotator through version 0.11.1 contains an authorization bypass in the Delete Category Handler endpoint (/api/undo/) that allows authenticated attackers to manipulate category IDs and access or modify unauthorized data. The vulnerability requires valid credentials but can be exploited remotely with public exploit code available. No patch is currently available from the vendor.

Information Disclosure Coco Annotator
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2081 LOW POC Monitor

D-Link DIR-823X firmware contains an OS command injection vulnerability in the /goform/set_password endpoint that allows remote attackers with high privileges to execute arbitrary commands by manipulating the http_passwd parameter. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker could leverage this to compromise the affected device with limited confidentiality, integrity, and availability impact.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2026-2082 LOW POC Monitor

D-Link DIR-823X routers contain an OS command injection vulnerability in the /goform/set_mac_clone endpoint that allows remote attackers with high privileges to execute arbitrary commands through manipulation of the mac parameter. Public exploit code exists for this vulnerability, which affects confidentiality, integrity, and availability. No patch is currently available.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2025-15564 LOW POC Monitor

A vulnerability has been found in Mapnik up to 4.2.0. This vulnerability affects the function mapnik::detail::mod<...>::operator of the file src/value.cpp. [CVSS 3.3 LOW]

Information Disclosure Mapnik
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy