Skip to main content
CVE-2026-3285 LOW POC PATCH Monitor

A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the function scan_string of the file src/be_lexer.c. [CVSS 3.3 LOW]

Buffer Overflow Berry
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-3283 LOW POC PATCH Monitor

A vulnerability has been found in libvips 8.19.0. This issue affects the function vips_extract_band_build of the file libvips/conversion/extract.c. [CVSS 3.3 LOW]

Buffer Overflow Libvips
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-3282 LOW POC PATCH Monitor

A flaw has been found in libvips 8.19.0. This vulnerability affects the function vips_unpremultiply_build of the file libvips/conversion/unpremultiply.c. [CVSS 3.3 LOW]

Buffer Overflow Libvips
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-3289 LOW POC Monitor

Path traversal in Sanluan PublicCMS 6.202506.d's Template Cache Generation component allows authenticated remote attackers to manipulate the saveMetadata function and access arbitrary files on the system. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor who has not responded to disclosure attempts.

Java Path Traversal
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-3269 LOW POC Monitor

Psi Probe versions up to 5.3.0 contain a denial of service vulnerability in the session expiration handler that allows authenticated remote attackers to crash the application through request manipulation. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. The vulnerability affects Java-based deployments of Psi Probe used for Tomcat monitoring.

Java Denial Of Service
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3270 LOW POC Monitor

Server-side request forgery in PSI Probe up to version 5.3.0 allows authenticated attackers to conduct arbitrary network requests through the Whois lookup function. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor. The flaw requires valid credentials but can be exploited remotely with minimal complexity.

Java SSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3286 LOW POC Monitor

Server-side request forgery in Paicoding 1.0.0-1.0.3 allows authenticated attackers to manipulate the image upload parameter and trigger arbitrary outbound requests from the affected server. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. The attack requires valid credentials but poses risks to internal network reconnaissance and data exfiltration.

Java SSRF
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3302 LOW POC Monitor

Cross-site scripting (XSS) in SourceCodester Doctor Appointment System 1.0 allows unauthenticated remote attackers to inject malicious scripts via the Email parameter in the /register.php Sign Up Page. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The lack of an available patch leaves affected systems vulnerable to session hijacking and credential theft.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3292 LOW POC Monitor

SQL injection in jizhiCMS up to version 2.5.6 via the findAll function in the Model.php batch interface allows authenticated remote attackers to manipulate database queries and potentially access or modify sensitive data. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. The flaw requires valid user credentials but can be exploited over the network with minimal additional complexity.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3287 LOW POC Monitor

SQL injection in Youlai Mall 2.0.0's product pagination endpoint allows authenticated remote attackers to manipulate the sortField parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and the vendor has not provided a patch. Attackers with valid credentials can exploit this flaw to read or modify sensitive data within the database.

Java SQLi
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3281 LOW POC PATCH Monitor

Heap-based buffer overflow in libvips 8.19.0's vips_bandrank_build function can be triggered by manipulating the index argument, allowing local attackers with user privileges to corrupt heap memory and potentially achieve code execution. Public exploit code exists for this vulnerability, and a patch is available to address the issue.

Buffer Overflow Libvips
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-3293 LOW POC PATCH Monitor

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. [CVSS 3.3 LOW]

Java Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-3284 LOW POC PATCH Monitor

A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. [CVSS 3.3 LOW]

Buffer Overflow Libvips
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-22877 LOW Monitor

An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack. [CVSS 3.7 LOW]

Path Traversal Information Disclosure Xweb 300d Pro Firmware Xweb 500d Pro Firmware Xweb 500b Pro Firmware
NVD GitHub
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-15567 LOW Monitor

Insufficient protection mechanisms in the Health Module may lead to partial information disclosure. [CVSS 3.3 LOW]

Information Disclosure Health Module
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-12150 LOW PATCH Monitor

A flaw was found in Keycloak’s WebAuthn registration component. [CVSS 3.1 LOW]

Authentication Bypass Build Of Keycloak Keycloak
NVD GitHub
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-22717 LOW Monitor

Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to obtain limited information disclosure from the machine where VMware Workstation is installed. [CVSS 2.7 LOW]

VMware Information Disclosure
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-28422 LOW PATCH Monitor

Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. [CVSS 2.2 LOW]

Buffer Overflow Vim
NVD GitHub VulDB
CVSS 3.1
2.2
EPSS
0.0%
CVE-2026-21619 LOW Monitor

Uncontrolled resource consumption in hex_core, hex, and rebar3 package managers results from unsafe deserialization of untrusted data in API request handling, enabling remote attackers to trigger excessive memory allocation and denial of service without authentication. Affected versions include hex_core before 0.12.1, hex before 2.3.2, and rebar3 before 3.27.0, with no patch currently available. An attacker can exploit this remotely over the network to exhaust system resources and crash affected Erlang/Elixir build environments.

Deserialization Denial Of Service Rebar3 Hex Hex Core
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy