Skip to main content
CVE-2026-3146 LOW POC PATCH Monitor

A vulnerability has been found in libvips up to 8.18.0. The impacted element is the function vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. [CVSS 3.3 LOW]

Null Pointer Dereference Libvips
NVD VulDB GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-3192 LOW POC Monitor

Improper authentication in Chia Blockchain 2.1.0's RPC Credential Handler (_authenticate function) allows remote attackers to bypass credential validation with high complexity exploitation. Public exploit code exists for this vulnerability, and the vendor dismissed the report as a design choice placing responsibility on users for host security. Affected systems may experience confidentiality, integrity, and availability impacts through unauthorized RPC access.

Authentication Bypass Blockchain
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2026-27632 LOW POC Monitor

Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery (CSRF) protections on critical state-changing endpoints, specifically within `SubmitChat.php` and other game interaction handlers. [CVSS 2.6 LOW]

PHP CSRF
NVD GitHub
CVSS 3.1
2.6
EPSS
0.0%
CVE-2026-3187 LOW POC PATCH Monitor

Unrestricted file uploads in Sz Boot Parent versions up to 1.3.2-beta allow authenticated remote attackers to upload malicious files via the /api/admin/sys-file/upload API endpoint. Public exploit code exists for this vulnerability, which has been patched in version 1.3.3-beta through the addition of file extension and MIME type whitelisting controls. Immediate upgrade to the patched version is strongly recommended.

File Upload Authentication Bypass Sz Boot Parent
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-3163 LOW POC Monitor

Website Link Extractor versions up to 1.0 is affected by server-side request forgery (ssrf) (CVSS 6.3).

SSRF Website Link Extractor
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3150 LOW POC Monitor

SQL injection in itsourcecode College Management System 1.0's teacher management interface allows authenticated attackers to manipulate the teacher_id parameter in /admin/display-teacher.php and execute arbitrary database queries. Public exploit code exists for this vulnerability, enabling remote exploitation by users with administrative access. The vulnerability remains unpatched and carries medium severity with potential for data confidentiality, integrity, and availability compromise.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3149 LOW POC Monitor

College Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 6.3).

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3186 LOW POC PATCH Monitor

Improper authorization in Sz Boot Parent up to version 1.3.2-beta allows authenticated attackers to reset arbitrary user passwords by manipulating the userId parameter in the password reset API endpoint. Public exploit code exists for this vulnerability, enabling remote password reset attacks against any user account. Upgrade to version 1.3.3-beta or later to remediate.

Information Disclosure Sz Boot Parent
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3171 LOW POC Monitor

Patients Waiting Area Queue Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 3.5).

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-3170 LOW POC Monitor

Patients Waiting Area Queue Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 2.4).

PHP XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-3147 LOW POC PATCH Monitor

Libvips up to version 8.18.0 contains a heap buffer overflow in the CSV parsing function that allows local attackers with user-level privileges to corrupt memory and potentially execute arbitrary code. Public exploit code is available for this vulnerability, and a patch has been released to address the issue.

Buffer Overflow Libvips
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-3137 LOW POC Monitor

Stack-based buffer overflow in CodeAstro Food Ordering System 1.0 allows local attackers with user privileges to corrupt memory and potentially execute arbitrary code, with public exploit code currently available. The vulnerability affects food_ordering.exe through an undocumented function and requires local access to exploit. No patch is currently available for affected systems.

Buffer Overflow Food Ordering System
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-3193 LOW POC Monitor

A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the file /send_transaction. [CVSS 3.1 LOW]

CSRF Blockchain
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2026-3194 LOW POC Monitor

Chia Blockchain 2.1.0's RPC Server Master Passphrase Handler lacks proper authentication in the send_transaction and get_private_key functions, allowing authenticated local attackers to bypass security controls with public exploit code available. An attacker with local access and existing privileges could manipulate these functions to gain unauthorized access to sensitive blockchain operations, though exploitation requires high complexity and the vendor considers this a user responsibility issue. A patch is not currently available.

Authentication Bypass Blockchain
NVD GitHub VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2025-67860 LOW PATCH Monitor

A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users. [CVSS 3.8 LOW]

Authentication Bypass
NVD GitHub
CVSS 3.1
3.8
EPSS
0.0%
CVE-2026-3189 LOW Monitor

A weakness has been identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This vulnerability affects unknown code of the file /api/admin/common/files/download. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be executed remotely. Attacks of this nature are highly complex. It is stated that the exploitability is difficult. Upgrading to v...

SSRF
NVD GitHub VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-21725 LOW Monitor

A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. [CVSS 2.6 LOW]

Grafana Information Disclosure
NVD
CVSS 3.1
2.6
EPSS
0.0%
CVE-2026-28196 LOW Monitor

In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk [CVSS 2.3 LOW]

Information Disclosure Teamcity
NVD
CVSS 3.1
2.3
EPSS
0.0%
CVE-2026-3209 LOW Monitor

Improper access control in the Role Handler component of fosrl Pangolin up to version 1.15.4-s.3 allows authenticated remote attackers to bypass role and API key verification checks. Public exploit code exists for this vulnerability, enabling attackers with valid credentials to gain unauthorized access to protected functionality. Users should upgrade to version 1.15.4-s.4 or later to remediate this issue.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-3188 LOW Monitor

Path traversal in feiyuchuixue sz-boot-parent versions up to 1.3.2-beta allows authenticated remote attackers to read arbitrary files by manipulating the templateName parameter in the /api/admin/common/download/templates endpoint. Public exploit code exists for this vulnerability. Users should upgrade to version 1.3.3-beta or later, which implements proper path validation checks.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy