Skip to main content
CVE-2026-2824 LOW POC Monitor

Cf-E7 Firmware versions up to 2.6.0.9 contains a vulnerability that allows attackers to command injection (CVSS 6.3).

Command Injection Cf E7 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-2823 LOW POC Monitor

Command injection in Comfast CF-E7 firmware versions 2.6.0.9 and earlier allows remote authenticated attackers to execute arbitrary commands through the timestr parameter in the NTP timezone configuration function. Public exploit code exists for this vulnerability, and the vendor has not provided patches despite early notification. An attacker with valid credentials can achieve remote code execution with medium impact on confidentiality, integrity, and availability.

Command Injection Cf E7 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2025-15582 LOW POC Monitor

A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. [CVSS 5.4 MEDIUM]

Authentication Bypass E Commerce
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2852 LOW POC Monitor

Improper access controls in the Sales endpoint of Yeqifu Warehouse allow authenticated remote attackers to manipulate sales records through the addSales, updateSales, and deleteSales functions, potentially compromising data integrity and confidentiality. Public exploit code exists for this vulnerability, and no patch is currently available despite early notification to the developers.

Java Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2850 LOW POC Monitor

Improper access controls in the Customer Endpoint of yeqifu Warehouse allow authenticated remote attackers to manipulate customer data through the addCustomer, updateCustomer, and deleteCustomer functions. Public exploit code exists for this vulnerability, and the vendor has not yet provided a patch. An attacker with valid credentials can achieve unauthorized information disclosure, modification, and denial of service with low attack complexity.

Java Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2849 LOW POC Monitor

Improper access controls in the Cache Sync Handler of yeqifu Warehouse allow authenticated remote attackers to manipulate cache operations (deleteCache, removeAllCache, syncCache) and achieve unauthorized modification or denial of service. Public exploit code exists for this vulnerability, and the vendor has not yet released a patch despite early notification.

Java Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2851 LOW POC Monitor

Improper access controls in the Inport Endpoint of yeqifu Warehouse allow authenticated remote attackers to manipulate critical functions (addInport, updateInport, deleteInport) and gain unauthorized access to sensitive data or operations. Public exploit code exists for this vulnerability, and no patch is currently available. The vulnerability affects Java-based deployments with network access to the warehouse application.

Java Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2822 LOW POC Monitor

SQL injection in JeecgBoot versions up to 3.9.1 allows authenticated remote attackers to manipulate the keyword parameter in the dictionary loading endpoint, potentially enabling unauthorized data access or modification. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be executed over the network with low complexity.

SQLi Jeecg Boot
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15583 LOW POC Monitor

A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get_safe_value of the file utility/function.php. [CVSS 3.5 LOW]

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-22885 LOW Monitor

A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in a memory leak from the program's memory. [CVSS 3.7 LOW]

IoT
NVD GitHub
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-52603 LOW Monitor

Connections versions up to 7.0 contains a vulnerability that allows attackers to obtain limited information when a single piece of internal metadata is returned (CVSS 3.5).

Information Disclosure Connections
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-27007 LOW PATCH Monitor

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, `normalizeForHash` in `src/agents/sandbox/config-hash.ts` recursively sorted arrays that contained only primitive values. [CVSS 3.3 LOW]

Docker
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-26964 LOW Monitor

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Versions 1.634.6 and below allow non-admin users to obtain Slack OAuth client secrets, which should only be accessible to workspace administrators. [CVSS 2.7 LOW]

Information Disclosure Windmill
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-21620 LOW Monitor

Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-2819 LOW Monitor

Missing authorization in Dromara RuoYi-Vue-Plus up to version 5.5.3 allows authenticated remote attackers to delete workflow instances without proper access controls via the SaServletFilter component. Public exploit code exists for this vulnerability, and the vendor has not responded to disclosure attempts. The flaw enables low-impact compromise of workflow data integrity with network accessibility and minimal attack complexity.

Authentication Bypass
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2825 LOW Monitor

A vulnerability has been found in rachelos WeRSS we-mp-r versions up to 1.4.8. is affected by cross-site scripting (xss) (CVSS 3.5).

XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-2858 LOW Monitor

A vulnerability was identified in wren-lang wren up to 0.4.0. This affects the function peekChar of the file src/vm/wren_compiler.c of the component Source File Parser. [CVSS 3.3 LOW]

Buffer Overflow Wren
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy