Skip to main content
CVE-2026-3795 LOW POC Monitor

DoraCMS 3.0.x contains a path traversal vulnerability in the createFileBypath function that allows authenticated attackers to read, write, or delete arbitrary files on the server. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor.

Path Traversal Doracms
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-3789 LOW POC PATCH Monitor

Server-side request forgery in Bytedesk versions up to 1.3.9 allows authenticated attackers to manipulate the apiUrl parameter in the SpringAIGiteeRestService component, enabling them to make arbitrary network requests from the affected server. Public exploit code exists for this vulnerability, which requires valid user credentials to exploit. Users should upgrade to version 1.4.5.4 or later to remediate the issue.

Java SSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-3788 LOW POC PATCH Monitor

Server-side request forgery in Bytedesk versions up to 1.3.9 allows authenticated attackers to manipulate the apiUrl parameter in the SpringAIOpenrouterRestController, enabling arbitrary HTTP requests from the affected server. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. Upgrading to version 1.4.5.4 or later resolves this issue.

Java SSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-3813 LOW POC Monitor

Injection vulnerability in JFlow's WF_CCForm Calculate function allows authenticated remote attackers to perform injection attacks with limited impact on confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, though no patch is currently available from the project maintainers.

Java Information Disclosure
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3800 LOW POC Monitor

Unrestricted file upload in SourceCodester Resort Reservation System 1.0 allows authenticated remote attackers to upload arbitrary files via the image parameter in /controller.php?action=add, potentially leading to remote code execution. Public exploit code exists for this vulnerability, and no patch is currently available. The issue affects PHP-based installations of the affected resort reservation software.

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3812 LOW POC Monitor

Stored cross-site scripting in itsourcecode Payroll Management System 1.0 allows unauthenticated remote attackers to inject malicious scripts via the ID parameter in /manage_employee_allowances.php. Public exploit code exists for this vulnerability, though no patch is currently available. Successful exploitation could enable credential theft or unauthorized actions within the payroll system.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3806 LOW POC Monitor

SourceCodester Resort Reservation System 1.0 contains SQL injection in the /room_rates.php endpoint via the q parameter, allowing authenticated remote attackers to execute arbitrary database queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be performed over the network with minimal complexity.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3792 LOW POC Monitor

SQL injection in SourceCodester Sales and Inventory System 1.0 allows authenticated remote attackers to manipulate the purchaseid parameter in purchase_invoice.php, enabling unauthorized data access and modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving deployed instances at risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3791 LOW POC Monitor

SQL injection in SourceCodester Sales and Inventory System 1.0 allows authenticated attackers to execute arbitrary SQL queries through the searchtxt parameter in dashboard.php. Public exploit code exists for this vulnerability, enabling remote exploitation by users with login credentials to read, modify, or delete database contents. No patch is currently available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3790 LOW POC Monitor

Sales And Inventory System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 6.3).

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3816 LOW POC PATCH Monitor

DefectDojo versions up to 2.55.4 contain a denial of service vulnerability in the SonarQubeParser and MSDefenderParser components where improper handling of ZIP file input allows authenticated remote attackers to crash the service. Public exploit code exists for this vulnerability, and administrators should upgrade to version 2.56.0 or later to remediate the issue.

Denial Of Service Defectdojo
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3793 LOW POC Monitor

SQL injection in SourceCodester Sales and Inventory System 1.0 via the sellid GET parameter in sales_invoice1.php allows authenticated attackers to execute arbitrary SQL queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems can suffer data exposure, modification, or loss depending on database permissions.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3798 LOW POC Monitor

Command injection in Comfast CF-AC100 firmware via the ping_config request handler allows remote attackers with high privileges to execute arbitrary commands on affected devices. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

Command Injection Comfast Cf Ac100 Firmware
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2026-3819 LOW POC Monitor

A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Management Module. [CVSS 3.5 LOW]

XSS Resort Reservation System
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-15603 LOW Monitor

A security vulnerability has been detected in open-webu versions up to 0.6.16. is affected by cryptographic issues (CVSS 3.7).

Information Disclosure
NVD VulDB
CVSS 4.0
2.9
EPSS
0.0%
CVE-2026-3797 LOW Monitor

Video Surveillance System Firmware versions up to 7.17.0 is affected by improper access control (CVSS 6.3).

Authentication Bypass File Upload Video Surveillance System Firmware
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3796 LOW Monitor

Qax Internet Control Gateway versions up to 2025-10 contains a vulnerability that allows attackers to improper access controls (CVSS 5.3).

Information Disclosure Qax Internet Control Gateway
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy