Skip to main content
CVE-2026-2956 LOW POC Monitor

Unauthenticated remote attackers can execute arbitrary commands on dst-admin versions up to 1.5.0 by manipulating the Name parameter in the revertBackup function at /home/restore endpoint. Public exploit code is available for this vulnerability, and the vendor has not provided a patch despite early notification.

Command Injection Dst Admin
NVD VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-2953 LOW POC Monitor

Path traversal in Dromara UJCMS 101.2 Template Handler allows authenticated remote attackers to manipulate the deleteDirectory function and access files outside intended directories. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification. The attack requires valid credentials but can be executed remotely with minimal complexity.

Path Traversal Ujcms
NVD VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-2957 LOW POC Monitor

The deleteBackup function in Dst Admin up to version 1.5.0 contains an improper resource handling flaw that permits authenticated remote attackers to trigger denial of service conditions. Public exploit code is available for this vulnerability, and the vendor has not provided a patch despite early notification. The attack requires valid credentials but no user interaction, making it actionable in environments where access controls are weak.

Java Denial Of Service
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2945 LOW POC Monitor

Server-side request forgery in JeecgBoot 3.9.0's /sys/common/uploadImgByHttp endpoint allows authenticated attackers to manipulate the fileUrl parameter and make arbitrary HTTP requests from the vulnerable server. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

SSRF Jeecg Boot
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2947 LOW POC Monitor

A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. [CVSS 3.5 LOW]

Java XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-2946 LOW POC Monitor

A security vulnerability has been detected in rymcu forest up to 0.0.5. Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java of the component Article Content/Comments/Portfolio. [CVSS 3.5 LOW]

Java XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-2898 LOW POC Monitor

Funadmin up to version 7.1.0-rc4 contains an unsafe deserialization vulnerability in the AuthCloudService.php getMember function that allows authenticated remote attackers to manipulate the cloud_account parameter and execute arbitrary code. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

PHP Deserialization
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-2939 LOW POC Monitor

A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /add_student/ of the component Add Student Module. [CVSS 2.4 LOW]

XSS Student Management System
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2932 LOW POC Monitor

A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/D_adPosition.php of the component Extended Management Module. [CVSS 2.4 LOW]

PHP XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2934 LOW POC Monitor

A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/D_friendLinkGroup.php of the component Extended Management Module. [CVSS 2.4 LOW]

PHP XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2933 LOW POC Monitor

A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/D_adManage.php of the component Extended Management Module. [CVSS 2.4 LOW]

PHP XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2897 LOW POC Monitor

A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. [CVSS 2.4 LOW]

XSS Funadmin
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2913 LOW POC PATCH Monitor

A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vips_source_read_to_memory of the file libvips/iofuncs/source.c. [CVSS 2.5 LOW]

Buffer Overflow Libvips
NVD GitHub VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-2930 LOW Monitor

Stack buffer overflow in Tenda A18 15.13.07.13 firmware allows authenticated remote attackers to execute arbitrary code through malformed boundary parameters in the /cgi-bin/UploadCfg HTTP endpoint. The vulnerability affects the webCgiGetUploadFile function within the Httpd service and has public exploit code available. Affected users should apply patches when available, as the vulnerability requires valid credentials but no user interaction.

Buffer Overflow Tenda
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2954 LOW Monitor

SQL/code injection in Dromara UJCMS 10.0.2 allows authenticated remote attackers to manipulate database driver parameters (driverClassName/url) through the ImportDataController's import-channel endpoint. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response. Successful exploitation could result in unauthorized data access, modification, or system availability impacts.

Code Injection Ujcms
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2943 LOW Monitor

Cross-site scripting in SapneshNaik Student Management System allows remote attackers to inject malicious scripts through the Error parameter in index.php, with public exploit code available. The vulnerability requires user interaction to trigger and has a low CVSS score of 4.3, but no patch is currently available from the unresponsive vendor.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2903 LOW Monitor

A flaw has been found in skvadrik re2c versions up to 4.4. is affected by improper resource shutdown or release (CVSS 3.3).

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy