Skip to main content
CVE-2026-27171 LOW POC Monitor

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition. [CVSS 2.9 LOW]

Information Disclosure Zlib
NVD GitHub
CVSS 3.1
2.9
EPSS
0.0%
CVE-2026-2672 LOW POC Monitor

Path traversal in Tsinghua Unigroup Electronic Archives System 3.2.210802 allows authenticated remote attackers to read arbitrary files through manipulation of the path parameter in the /Search/Subject/downLoad function. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. The attack requires valid credentials but no user interaction, making it a practical risk for organizations using this system.

Path Traversal Electronic Archives System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2654 LOW POC Monitor

Server-side request forgery in Hugging Face smolagents 1.24.0 allows authenticated attackers to manipulate the LocalPythonExecutor's requests.get/requests.post functions, enabling remote exploitation without user interaction. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

SSRF Smolagents
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2682 LOW POC Monitor

SQL injection in Tsinghua Unigroup Electronic Archives System versions up to 3.2.210802 allows authenticated remote attackers to manipulate the comid parameter via the /mine/PublicReport/prinReport.html endpoint, potentially leading to unauthorized data access or modification. Public exploit code is available for this vulnerability, and the vendor has not provided a patch despite early notification.

SQLi Electronic Archives System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2683 LOW POC Monitor

Tsinghua Unigroup Electronic Archives System 3.2.210802 contains a path traversal vulnerability in the download functionality that allows authenticated remote attackers to read arbitrary files on the affected system. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. The attack requires valid credentials but no user interaction, making it accessible to any authenticated user with network access.

Path Traversal Electronic Archives System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2666 LOW POC Monitor

Unrestricted file upload in mingSoft MCMS 6.1.1's template archive handler allows authenticated attackers with high privileges to upload arbitrary files via manipulation of the File parameter in /ms/file/uploadTemplate.do. Public exploit code exists for this vulnerability and no patch is currently available. The attack requires network access and high-level authentication but could lead to remote code execution or system compromise.

File Upload Authentication Bypass Mcms
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-2661 LOW POC Monitor

A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. [CVSS 3.3 LOW]

Buffer Overflow Squirrel
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2659 LOW POC Monitor

A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function SQFuncState::PopTarget of the file src/squirrel/squirrel/sqfuncstate.cpp. [CVSS 3.3 LOW]

Buffer Overflow Squirrel
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2662 LOW POC Monitor

A weakness has been identified in FascinatedBox lily up to 2.3. This vulnerability affects the function count_transforms of the file src/lily_emitter.c. [CVSS 3.3 LOW]

Buffer Overflow Lily
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2660 LOW POC Monitor

A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the function shorthash_for_name of the file src/lily_symtab.c. [CVSS 3.3 LOW]

Buffer Overflow Denial Of Service Lily
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2657 LOW POC Monitor

A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. [CVSS 3.3 LOW]

Buffer Overflow Wren
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2644 LOW POC Monitor

A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. [CVSS 3.3 LOW]

Buffer Overflow Minisat
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2641 LOW POC Monitor

A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. The ...

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2653 LOW POC PATCH Monitor

Admesh versions up to 0.98.5 contain a heap buffer overflow in the stl_check_normal_vector function that allows local attackers to corrupt memory with low integrity and confidentiality impact. Public exploit code exists for this vulnerability, and the product appears to be unmaintained with no patch available.

Buffer Overflow Admesh
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2656 LOW POC Monitor

A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::Type_Info::bare_equal of the file include/chaiscript/dispatchkit/type_info.hpp. [CVSS 2.5 LOW]

Buffer Overflow Denial Of Service Chaiscript
NVD GitHub VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-2655 LOW POC Monitor

A vulnerability was detected in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::str_less::operator of the file include/chaiscript/chaiscript_defines.hpp. [CVSS 2.5 LOW]

Buffer Overflow Denial Of Service Chaiscript
NVD GitHub VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-1582 LOW Monitor

The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison (==) instead of strict comparison (===). This makes it possible for unauthenticated attackers to bypass authentication using "magic hash" values when the expected MD5 hash prefix happens to be numeric-looking (matching pa...

WordPress PHP Authentication Bypass Information Disclosure
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2026-20137 LOW Monitor

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. [CVSS 3.5 LOW]

Path Traversal Splunk Splunk Cloud Platform
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-12343 LOW PATCH Monitor

Ffmpeg contains a vulnerability that allows attackers to a double-free condition, potentially causing FFmpeg or any application using it (CVSS 3.3).

Denial Of Service RCE Tensorflow AI / ML
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-8860 LOW Monitor

A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFI_VARS_REG_BUFFER_SIZE, the .write callback `uefi_vars_write` is invoked. [CVSS 3.3 LOW]

Information Disclosure
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-2419 LOW Monitor

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'download_path' configuration parameter. [CVSS 2.7 LOW]

WordPress Path Traversal
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-1831 LOW Monitor

YayMail - WooCommerce Email Customizer (WordPress plugin) is affected by missing authorization (CVSS 2.7).

WordPress
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-2665 LOW Monitor

Unrestricted file upload in huanzi-qch base-admin's JSP file upload function allows authenticated remote attackers to upload arbitrary files by manipulating the File parameter, potentially leading to code execution. The vulnerability affects the SysFileController component and has public exploit code available. No patch is currently available from the developers.

Java Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2663 LOW Monitor

SQL injection in Alixhan xh-admin-backend versions up to 1.7.0 allows authenticated attackers to manipulate the prop parameter in the /frontend-api/system-service/api/system/role/query endpoint and execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or responded to disclosure efforts. Affected organizations running vulnerable versions should immediately restrict access to this endpoint or upgrade if available.

SQLi
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2658 LOW Monitor

Cross-site request forgery (CSRF) in newbee-mall affects multiple endpoints, allowing unauthenticated remote attackers to perform unauthorized actions on behalf of authenticated users. Public exploit code exists for this vulnerability. No patch is currently available, and the project maintainers have not responded to the early disclosure notification.

CSRF
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2676 LOW Monitor

Improper authorization in GoogTech sms-ssm's LoginInterceptor API interface allows remote authenticated attackers to bypass access controls and manipulate protected functions. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available, requiring organizations to implement compensating controls or restrict access to the affected API endpoints.

Java Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2642 LOW Monitor

A security vulnerability has been detected in ggreer the_silver_searcher versions up to 2.2.0. is affected by improper resource shutdown or release (CVSS 3.3).

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy