Skip to main content
CVE-2026-2218 LOW POC Monitor

Command injection in D-Link DCS-933L firmware up to version 1.14.11 allows authenticated remote attackers to execute arbitrary commands through the AdminID parameter in the /setSystemAdmin endpoint. Public exploit code exists for this vulnerability, which affects only end-of-life devices no longer receiving security updates. An attacker with valid credentials can achieve remote code execution with limited system privileges.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-2194 LOW POC Monitor

Di-7100G C1 Firmware versions up to 24.04.18d1 contains a vulnerability that allows attackers to command injection (CVSS 6.3).

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2227 LOW POC Monitor

D-Link DCS-931L camera firmware versions up to 1.13.0 contain a command injection vulnerability in the /setSystemAdmin endpoint that allows remote attackers with high privileges to execute arbitrary commands by manipulating the AdminID parameter. Public exploit code exists for this vulnerability, though the affected devices are no longer supported by D-Link. An attacker with administrative access could achieve remote code execution on vulnerable cameras.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2026-2213 LOW POC Monitor

Unrestricted file upload in Online Music Site 1.0's AdminAddAlbum.php allows authenticated administrators with high privileges to upload arbitrary files via the txtimage parameter. Public exploit code exists for this vulnerability, enabling remote attackers to potentially execute malicious code or compromise the application. The affected component impacts both the PHP runtime and the vulnerable web application, with no patch currently available.

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-2224 LOW POC Monitor

A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /system/system/admins/manage/users/btn_functions.php. [CVSS 3.5 LOW]

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-2226 LOW POC Monitor

Unrestricted file upload in DouPHP versions up to 1.9 allows remote attackers with administrative privileges to bypass upload restrictions via manipulation of the sql_filename parameter in the ZIP File Handler component. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-2201 LOW POC Monitor

A security vulnerability has been detected in ZeroWdd studentmanager up to 2151560fc0a50ec00426785ec1e01a3763b380d9. This impacts the function addLeave of the file src/main/java/com/wdd/studentmanager/controller/LeaveController.java. [CVSS 2.4 LOW]

Java XSS
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2200 LOW POC Monitor

A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. [CVSS 2.4 LOW]

XSS Jfinalcms
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2222 LOW POC Monitor

A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btn_functions.php. [CVSS 2.4 LOW]

PHP XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2214 LOW POC Monitor

A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. [CVSS 2.4 LOW]

PHP XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2242 LOW POC PATCH Monitor

A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetc_if of the file src/core/specials.c. [CVSS 3.3 LOW]

Buffer Overflow Janet
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2241 LOW POC PATCH Monitor

A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function os_strftime of the file src/core/os.c. [CVSS 3.3 LOW]

Buffer Overflow Janet
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2240 LOW POC PATCH Monitor

A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. [CVSS 3.3 LOW]

Buffer Overflow Janet
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2215 LOW Monitor

A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRET_KEY results in use of default cryptographic key. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult...

Information Disclosure
NVD VulDB
CVSS 4.0
2.9
EPSS
0.0%
CVE-2026-2216 LOW Monitor

Path traversal in rachelos WeRSS plugin versions up to 1.4.8 allows authenticated remote attackers to access arbitrary files through manipulation of the filename parameter in the download_export_file function. Public exploit code exists for this vulnerability. The issue requires valid credentials but has a low complexity attack surface, affecting file confidentiality without requiring user interaction.

Path Traversal
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2245 LOW Monitor

A vulnerability was identified in CCExtractor versions up to 183. is affected by buffer overflow (CVSS 3.3).

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2246 LOW Monitor

A security vulnerability has been detected in AprilRobotics apriltag versions up to 3.4.5. is affected by buffer overflow (CVSS 3.3).

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy