Skip to main content
CVE-2026-2895 LOW POC Monitor

A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forget_code/vercode results in weak password recovery. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about...

PHP Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2026-2869 LOW POC PATCH Monitor

A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. [CVSS 3.3 LOW]

Buffer Overflow Janet
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2887 LOW POC PATCH Monitor

A security vulnerability has been detected in aardappel lobster up to 2025.4. This impacts the function lobster::TypeName in the library dev/src/lobster/idents.h. [CVSS 3.3 LOW]

Information Disclosure Lobster
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2863 LOW Monitor

Path traversal in the FileServiceImpl.deleteFile function of feng_ha_ha/megagao ssm-erp and production_ssm allows authenticated attackers to manipulate file deletion operations remotely. Public exploit code exists for this vulnerability, and the developer has not yet addressed the reported issue. An attacker with valid credentials could delete or access arbitrary files on the affected system.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2864 LOW Monitor

Path traversal in the pictureDelete function of feng_ha_ha/megagao ssm-erp and production_ssm allows authenticated remote attackers to manipulate the picName parameter and access arbitrary files on the system. Public exploit code exists for this vulnerability. No patch is currently available, and the developers have not responded to the disclosure.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2860 LOW Monitor

Improper authorization in the EmployeeController.java file of feng_ha_ha/megagao ssm-erp and production_ssm allows authenticated remote attackers to gain unauthorized access to sensitive data or modify system information. Public exploit code exists for this vulnerability, and the developers have not yet provided a patch despite early notification. Java-based deployments of these products are vulnerable to this medium-severity attack requiring valid credentials.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-27467 LOW PATCH Monitor

BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. [CVSS 2.0 LOW]

Information Disclosure Bigbluebutton
NVD GitHub
CVSS 3.1
2.0
EPSS
0.0%
CVE-2026-2889 LOW Monitor

A vulnerability was detected in CCExtractor versions up to 0.96.5. is affected by buffer overflow (CVSS 3.3).

Buffer Overflow Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy