Skip to main content
CVE-2026-3755 LOW POC Monitor

Sales And Inventory System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 6.3).

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3754 LOW POC Monitor

SQL injection in SourceCodester Sales and Inventory System 1.0 via the cost parameter in /add_stock.php enables authenticated attackers to manipulate database queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can result in unauthorized data access and modification.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3753 LOW POC Monitor

SQL injection in SourceCodester Sales and Inventory System versions up to 1.0 via the sid parameter in /add_sales_print.php allows authenticated attackers to execute arbitrary SQL queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can leverage this to access, modify, or delete sensitive inventory and sales data.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3786 LOW POC Monitor

SQL injection in EasyCMS up to version 1.6 via the _order parameter in the Request Parameter Handler allows authenticated remote attackers to execute arbitrary SQL queries with medium impact on confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3785 LOW POC Monitor

SQL injection in EasyCMS versions up to 1.6 via the _order parameter in the Request Parameter Handler allows remote attackers with valid credentials to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early disclosure notification. The attack requires low complexity and can result in unauthorized data access, modification, and potential service disruption.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3704 LOW POC Monitor

Command injection in Wavlink NU516U1 firmware's firewall CGI component allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code exists for this vulnerability, which stems from an incomplete fix of a prior CVE. A patch is not currently available, though the vendor has been notified and indicated a fix is in development.

Command Injection Wl Nu516u1 Firmware
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2026-3766 LOW POC Monitor

Web-Based Pharmacy Product Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 3.5).

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-3711 LOW POC Monitor

SQL injection in Simple Flight Ticket Booking System 1.0's admin update function allows remote attackers with high privileges to manipulate flight parameters and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires administrative credentials but could enable data exfiltration or modification of flight booking records.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-3710 LOW POC Monitor

SQL injection in Simple Flight Ticket Booking System 1.0's /Adminadd.php allows remote attackers with high privileges to manipulate flight parameters and execute arbitrary SQL queries, potentially compromising flight booking data. Public exploit code exists for this vulnerability, though patches are not yet available. The attack requires administrative credentials but can be exploited over the network without user interaction.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-3750 LOW POC Monitor

ContiNew Admin up to version 4.2.0 contains a server-side request forgery vulnerability in its Storage Management Module that allows remote attackers to manipulate URI creation functions with high privileges. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

Java SSRF
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-3743 LOW POC Monitor

A flaw has been found in YiFang CMS 2.0.5. This affects the function update of the file app/db/admin/D_singlePageGroup.php. [CVSS 3.5 LOW]

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-3742 LOW POC Monitor

A vulnerability was detected in YiFang CMS 2.0.5. The impacted element is the function update of the file app/db/admin/D_singlePage.php. [CVSS 3.5 LOW]

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-3741 LOW POC Monitor

A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/D_friendLink.php. [CVSS 3.5 LOW]

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-3752 LOW POC Monitor

SourceCodester Employee Task Management System through version 1.0 contains a SQL injection vulnerability in the /daily-task-report.php GET parameter handler that allows remote attackers with high privileges to extract or manipulate database contents. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access but no user interaction, potentially compromising sensitive employee task data and system integrity.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-3751 LOW POC Monitor

SQL injection in SourceCodester Employee Task Management System 1.0 allows remote attackers to manipulate the Date parameter in /daily-attendance-report.php, enabling unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires high-level privileges but can be executed over the network with minimal complexity.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-3716 LOW POC Monitor

A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This vulnerability affects the function sub_401AD4 of the file /cgi-bin/adm.cgi. [CVSS 2.4 LOW]

XSS Wl Wn579x3 C Firmware
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-3713 LOW POC PATCH Monitor

Heap buffer overflow in libpng's pnm2png utility (versions up to 1.6.55) allows local attackers to corrupt memory and potentially execute code by supplying malicious width or height parameters. The vulnerability requires local access and public exploit code is available. The maintainers have not yet provided a patch despite early notification.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-3719 MEDIUM This Month

Path traversal in Tsinghua Unigroup Electronic Archives System 3.2.210802 allows unauthenticated remote attackers to read arbitrary files via a crafted path parameter in the /System/Cms/downLoad endpoint. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response to remediation efforts.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-3693 MEDIUM This Month

Improper resource identifier validation in Shy2593666979 AgentChat versions up to 2.3.0 allows unauthenticated remote attackers to manipulate the user_id parameter in the user endpoint, potentially gaining unauthorized access to or modifying user data. Public exploit code exists for this vulnerability, and the vendor has not responded to disclosure attempts. No patch is currently available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-3731 MEDIUM PATCH This Month

Out-of-bounds read in libssh versions up to 0.11.3 allows remote attackers to cause denial of service by manipulating the idx argument in the SFTP extension name handler functions. The vulnerability resides in the sftp_extensions_get_name and sftp_extensions_get_data functions, enabling unauthenticated attackers to trigger memory access violations without user interaction. Upgrading to libssh 0.11.4 or 0.12.0 resolves this issue.

Buffer Overflow Libssh Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-3714 MEDIUM This Month

OpenCart 4.0.2.3 contains an incomplete fix for a template injection vulnerability in the admin template controller that allows high-privileged attackers to inject malicious code through improper neutralization of special template elements. An authenticated administrator can exploit this flaw to achieve arbitrary code execution on the affected system. No patch is currently available, and the vendor has not responded to disclosure attempts.

PHP Opencart
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-3739 LOW Monitor

Improper authentication in suitenumerique messages 0.2.0 allows authenticated remote attackers to bypass access controls on ThreadAccess objects via the ThreadAccessSerializer component, with public exploit code available. The vulnerability affects the serializer logic in src/backend/core/api/serializers.py and can be exploited by users with valid credentials to gain unauthorized access. Upgrading to version 0.3.0 resolves this issue.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-3733 LOW Monitor

XXL-Job versions up to 3.3.2 contain a server-side request forgery vulnerability in the JobInfoController that allows authenticated attackers to make arbitrary HTTP requests from the server due to insufficient access token validation. An attacker with valid credentials can exploit this remotely to conduct SSRF attacks against internal systems. Public exploit code exists for this vulnerability, and no patch is currently available.

Java SSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3725 LOW Monitor

SmartAdmin versions up to 3.29 contain a template injection vulnerability in the FreeMarker template handler that allows authenticated remote attackers to manipulate template content and achieve code execution. The flaw exists in the MailService component's freemarkerResolverContent function and has a public exploit available. Since no patch is available and the vendor has not responded, organizations using affected versions should immediately assess exposure and consider alternative solutions.

Java Information Disclosure
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3697 LOW Monitor

Stack Overflow's Language Package Configuration Handler contains a stack-based buffer overflow in the httpd component that can be triggered by manipulating the Language parameter, allowing authenticated remote attackers to achieve code execution. The vulnerability affects Planet ICG-2510 1.0_20250811 and currently lacks an available patch. An attacker with valid credentials can exploit this remotely without user interaction to potentially compromise the affected system.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3682 LOW Monitor

Argument injection in welovemedia FFmate versions up to 2.0.15 allows authenticated attackers to manipulate the FFmpeg execution function in /internal/service/ffmpeg/ffmpeg.go, potentially leading to unauthorized command execution. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3683 LOW Monitor

Server-side request forgery in bufanyun HotGo's ImageTransferStorage endpoint allows authenticated attackers to initiate arbitrary outbound requests from the vulnerable server. Public exploit code exists for this vulnerability, and the vendor has not provided patches or updates.

SSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3720 LOW Monitor

A security flaw has been discovered in 1024-lab/lab1024 SmartAdmin up to 3.29. Impacted is an unknown function of the file smart-admin-web-javascript/src/views/business/oa/notice/components/notice-form-drawer.vue of the component Notice Module. The manipulation results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be used for a...

XSS Smartadmin
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-3721 LOW Monitor

A weakness has been identified in 1024-lab/lab1024 SmartAdmin versions up to 3.29. is affected by cross-site scripting (xss) (CVSS 3.5).

Java XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-3707 LOW Monitor

Integer overflow in MrNanko webp4j versions up to 1.3.x within the GIF decoder's DecodeGifFromMemory function allows local attackers to trigger memory corruption through manipulation of the canvas_height parameter. Public exploit code exists for this vulnerability, and no patch is currently available. Affected users should restrict local access to the application until an update is released.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-3706 LOW Monitor

A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is considered difficult. The exploit has been publicly di...

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.7
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy