Skip to main content
CVE-2026-2256 MEDIUM POC This Month

ModelScope ms-agent v1.6.0rc1 and earlier allows unauthenticated remote attackers to execute arbitrary operating system commands by injecting malicious input through prompt-derived parameters. Public exploit code exists for this vulnerability, and no patch is currently available. This command injection flaw affects AI/ML systems processing untrusted user prompts.

Command Injection AI / ML Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
2.3%
CVE-2026-28412 MEDIUM POC PATCH This Month

Textream versions prior to 1.5.1 lack connection limits on the DirectorServer WebSocket, allowing remote attackers to trigger denial of service by flooding the server with requests that trigger periodic state broadcasts, exhausting system resources and crashing the application during live sessions. Public exploit code exists for this vulnerability. The issue is resolved in version 1.5.1 and later.

macOS Denial Of Service Textream
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3413 MEDIUM POC This Month

SQL injection in itsourcecode University Management System 1.0 via the ID parameter in /admin_single_student.php allows unauthenticated remote attackers to manipulate database queries with public exploit code currently available. The vulnerability enables attackers to read, modify, or delete sensitive academic and administrative data without authentication. No patch is currently available for this PHP-based application.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3411 MEDIUM POC This Month

SQL injection in itsourcecode University Management System 1.0 via the ID parameter in /admin_single_student_update.php allows unauthenticated remote attackers to manipulate database queries and potentially extract or modify sensitive student records. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected institutions at immediate risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3410 MEDIUM POC This Month

Society Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3406 MEDIUM POC This Month

SQL injection in Online Art Gallery Shop 1.0 via the fname parameter in /admin/registration.php enables unauthenticated remote attackers to manipulate database queries. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected PHP installations at immediate risk of data compromise or unauthorized access.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-28358 MEDIUM POC PATCH This Month

NocoDB versions prior to 0.301.3 expose user enumeration through the password reset endpoint, which returns distinguishable responses for valid and invalid email addresses. An unauthenticated attacker can exploit this to identify registered users in the system. This vulnerability requires no user interaction and has a CVSS score of 5.3, though no patch is currently available.

Information Disclosure Nocodb
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-50337 MEDIUM POC PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. [CVSS 5.3 MEDIUM]

SSRF Chamilo Lms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-50198 MEDIUM POC PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. [CVSS 4.9 MEDIUM]

PHP Deserialization Chamilo Lms
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%
CVE-2026-26698 MEDIUM POC This Month

SQL injection in Simple Student Alumni System v1.0's modal_edit.php endpoint allows authenticated administrators to extract sensitive database information through unauthenticated network requests. Public exploit code exists for this vulnerability, though no patch is currently available. The attack requires high-level privileges but can bypass intended access controls to read confidential data.

PHP SQLi Simple Student Alumni System
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-26697 MEDIUM POC This Month

Simple Student Alumni System v1.0 contains a SQL injection vulnerability in the recordteacher_view.php endpoint that allows authenticated administrators to extract sensitive data from the underlying database. Public exploit code exists for this vulnerability, though a patch is currently unavailable. The attack requires high-level administrative privileges but can be executed remotely without user interaction.

PHP SQLi Simple Student Alumni System
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-50186 MEDIUM POC PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists due to insufficient sanitization of CSV filenames. [CVSS 4.8 MEDIUM]

XSS Chamilo Lms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-52470 MEDIUM POC PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_add.php script. [CVSS 4.8 MEDIUM]

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-25477 MEDIUM This Month

all-in-one workspace and an operating system. versions up to 0.26.0 is affected by url redirection to untrusted site (open redirect).

Open Redirect
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-30062 MEDIUM This Month

In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection.

SQLi
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-0027 MEDIUM PATCH This Month

The ARM SMMU v3 driver in Android contains a use-after-free vulnerability in the smmu_detach_dev function that could allow a local privileged attacker to execute arbitrary code with system privileges. An attacker with high-level system access can trigger an out-of-bounds write to escalate privileges without requiring user interaction. A patch is available to address this issue.

Use After Free Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20436 MEDIUM This Month

The Nbiot SDK's wlan STA driver contains a buffer overflow vulnerability due to missing bounds checking that allows privilege escalation from System-level access. An attacker with existing System privileges can exploit this flaw without user interaction to gain elevated permissions. No patch is currently available for this vulnerability.

Privilege Escalation Nbiot Sdk
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20440 MEDIUM This Month

Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.7).

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20444 MEDIUM This Month

Local privilege escalation in Android's display module stems from insufficient bounds checking in memory operations, allowing system-level attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability affects Android devices where an adversary with existing system privileges can exploit this flaw to further escalate their access. No patch is currently available for this issue.

Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20443 MEDIUM This Month

Local privilege escalation in Android's display subsystem exploits a use-after-free memory corruption vulnerability to elevate from system-level privileges, requiring no user interaction. An attacker with pre-existing system access can trigger the memory corruption to gain complete control over the affected device. No patch is currently available to remediate this issue.

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20441 MEDIUM This Month

Android's MAE component contains an out-of-bounds write vulnerability due to insufficient bounds checking that enables local privilege escalation for attackers with existing system-level access. This memory corruption flaw requires no user interaction and could allow a privileged malicious actor to achieve arbitrary code execution, though exploitation is currently not publicly documented. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20428 MEDIUM This Month

Improper bounds checking in Android's display subsystem enables local privilege escalation for attackers with system-level access, potentially allowing them to execute arbitrary code with elevated privileges. The vulnerability stems from an out-of-bounds write condition that requires no user interaction to exploit. No patch is currently available for this medium-severity issue.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20427 MEDIUM This Month

Android's display subsystem contains a buffer overflow vulnerability stemming from insufficient bounds validation, allowing attackers with system-level privileges to escalate their access further without user interaction. This local privilege escalation affects Android devices and requires an attacker to already possess system privileges, limiting the immediate threat scope. While no patch is currently available, the vulnerability poses a significant risk in multi-user or containerized Android environments where system compromise could lead to complete device control.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20426 MEDIUM This Month

Android's display component contains an out-of-bounds write vulnerability due to insufficient bounds checking that could allow a system-privileged attacker to escalate privileges without user interaction. The vulnerability affects devices where an adversary has already obtained system-level access, enabling potential memory corruption and further privilege elevation. No patch is currently available.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20425 MEDIUM This Month

Android's display module contains an out-of-bounds write vulnerability due to insufficient bounds validation, enabling local privilege escalation for attackers who already possess System-level access. The vulnerability requires no user interaction and could allow complete system compromise through memory corruption. No patch is currently available for this medium-severity issue.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-43766 MEDIUM This Month

Android versions up to 14.0 is affected by cleartext transmission of sensitive information (CVSS 6.5).

Information Disclosure Android Google
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28396 MEDIUM PATCH This Month

NocoDB versions prior to 0.301.3 fail to invalidate refresh tokens during password resets, enabling attackers with previously compromised tokens to continue generating valid session tokens despite the victim changing their password. An authenticated attacker can exploit this to maintain unauthorized access to user accounts without requiring the new credentials. This vulnerability requires prior token compromise but allows indefinite session hijacking until the stolen token naturally expires.

Information Disclosure Nocodb
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-47384 MEDIUM This Month

5G Fixed Wireless Access Platform Firmware versions up to - is affected by reachable assertion (CVSS 6.5).

Denial Of Service Qca6391 Firmware 5g Fixed Wireless Access Platform Firmware Snapdragon 690 5g Mobile Platform Firmware Wsa8835 Firmware +34
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-47371 MEDIUM This Month

5G Fixed Wireless Access Platform Firmware versions up to - is affected by reachable assertion (CVSS 6.5).

Denial Of Service Wcn3950 Firmware Snapdragon 7c Gen 2 Compute Platform Firmware Wcd9340 Firmware Wsa8830 Firmware +117
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-2583 MEDIUM This Month

Stored cross-site scripting in Blocksy WordPress theme versions up to 2.1.30 allows authenticated contributors and above to inject malicious scripts through insufficiently sanitized metadata fields. When users access pages containing injected payloads, the scripts execute in their browsers, potentially compromising site security and user data. No patch is currently available for this vulnerability.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-20438 MEDIUM This Month

Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.4).

Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-28361 MEDIUM PATCH This Month

Nocodb versions up to 0.301.3 is affected by authorization bypass through user-controlled key (CVSS 6.3).

Authentication Bypass Nocodb
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-0012 MEDIUM This Month

Contact information exposure in Android's notification system allows local attackers to extract sensitive user data through a logic error in the setHideSensitive function, requiring no special privileges or user interaction. The vulnerability affects the ExpandableNotificationRow component where contact names can be inadvertently disclosed despite intended privacy protections. No patch is currently available for this medium-severity flaw.

Information Disclosure Android Google
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-0015 MEDIUM This Month

AppOpsService.java in Android contains insufficient input validation that permits local attackers to trigger persistent denial of service without requiring elevated privileges or user interaction. An attacker can exploit multiple code paths to repeatedly crash or disable the service, degrading system functionality for legitimate users. No patch is currently available for this vulnerability.

Denial Of Service Android Google
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-0014 MEDIUM This Month

Local denial of service in Android's AppOpsService allows unauthenticated attackers to trigger persistent system crashes through improper input validation in the isPackageNullOrSystem function. The vulnerability requires only local access with no special privileges or user interaction, making any app on an affected device a potential attack vector. No patch is currently available.

Denial Of Service Android Google
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-0005 MEDIUM This Month

App pinning bypass in Android's KeyguardServiceDelegate allows unauthenticated local attackers to interact with restricted applications without the lock screen knowledge factor (LSKF) due to insufficient permission validation. The vulnerability enables limited information disclosure through unauthorized app access with no additional privileges or user interaction required. No patch is currently available.

Information Disclosure Android Google
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-48587 MEDIUM This Month

In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. [CVSS 6.2 MEDIUM]

Denial Of Service Android Google
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-48585 MEDIUM This Month

In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. [CVSS 6.2 MEDIUM]

Denial Of Service Android Google
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-66880 MEDIUM This Month

Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute arbitrary code via the LoginComp (Module 2093) and SignupComp (Module 2094) modules. [CVSS 6.1 MEDIUM]

XSS RCE
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-52564 MEDIUM PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. [CVSS 6.1 MEDIUM]

PHP Chamilo Lms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-52563 MEDIUM This Month

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitization of the page parameter in the session/add_users_to_session.php endpoint. [CVSS 6.1 MEDIUM]

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-52476 MEDIUM PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to improper sanitization of the keyword_active parameter in admin/user_list.php. [CVSS 6.1 MEDIUM]

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-52475 MEDIUM PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability in the admin/user_list.php endpoint. [CVSS 6.1 MEDIUM]

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-58405 MEDIUM This Month

The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frame‑busting protections were detected. [CVSS 6.1 MEDIUM]

CSRF Clininet
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-65465 MEDIUM This Month

A reflected Cross-Site Scripting (XSS) vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter (e.g., to the FileRead function). [CVSS 6.1 MEDIUM]

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-0689 MEDIUM This Month

In ExtremeCloud IQ - Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses.

Information Disclosure Extremecloud Iq Site Engine
NVD VulDB
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-3337 MEDIUM PATCH This Month

Timing side-channel attacks in AWS-LC's AES-CCM decryption implementation allow unauthenticated attackers to infer authentication tag validity through precise timing measurements. The vulnerability affects AWS-LC and related cryptographic libraries across multiple AES-CCM variants (128, 192, and 256-bit), potentially enabling attackers to forge authenticated messages. AWS service customers are unaffected, but applications using AWS-LC directly should upgrade to version 1.69.0 or later.

AWS Aws Libcrypto Aws Lc Fips Sys Aws Lc Sys Red Hat +2
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-3409 MEDIUM This Month

Remote code injection in eosphoros-ai db-gpt 0.7.5 allows unauthenticated attackers to execute arbitrary code through malicious file uploads to the Flow Import endpoint. The vulnerability exploits unsafe module loading in the file import functionality and has public exploit code available. No patch is currently available from the vendor.

Code Injection
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-48644 MEDIUM This Month

In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. [CVSS 5.5 MEDIUM]

Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48642 MEDIUM This Month

In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. [CVSS 5.5 MEDIUM]

Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy