Skip to main content
CVE-2026-4185 LOW POC PATCH Monitor

Stack-based buffer overflow vulnerability in GPAC's MP4Box component, specifically in the swf_def_bits_jpeg function of src/scene_manager/swf_parse.c, affecting versions up to 2.5-DEV-rev2167. An authenticated attacker can exploit this remotely by manipulating the szName argument to cause a stack overflow, resulting in information disclosure, data modification, or denial of service. A public proof-of-concept exists, and a vendor patch is available; exploitation requires valid credentials (CVSS 6.3 with authenticated access requirement).

Stack Overflow Buffer Overflow Gpac
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-4171 LOW POC Monitor

CVE-2026-4171 is an authorization bypass vulnerability in CodeGenieApp serverless-express affecting versions up to 4.17.1, where manipulation of the userId parameter in the API Endpoint component allows authenticated attackers to access or modify resources belonging to other users. A public proof-of-concept exploit exists, the vendor has not responded to early disclosure, and the vulnerability carries a CVSS score of 6.3 with exploitation rated as Probable (EPSS indicator); while not currently in CISA KEV, the combination of public POC availability and low attack complexity represents moderate real-world risk.

Authentication Bypass Serverless Express
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4173 LOW POC Monitor

CodePhiliaX Chat2DB versions up to 0.3.7 contain a SQL injection vulnerability in the Database Export Handler component (DMDBManage.java) affecting multiple export functions. An authenticated attacker with low privileges can remotely exploit this vulnerability to execute arbitrary SQL commands, potentially compromising data confidentiality, integrity, and availability. A public proof-of-concept exploit is available, and the vendor has not responded to early disclosure attempts.

SQLi Java
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4166 LOW POC Monitor

A vulnerability was found in Wavlink WL-NU516U1 240425.

XSS Wl Nu516U1
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-4186 LOW POC Monitor

A vulnerability was determined in UEditor up to 1.4.3.2.

PHP XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-4189 LOW POC Monitor

SQL injection in phpIPAM versions up to 1.7.4 allows authenticated administrators to manipulate the subnetOrdering parameter in the Section Handler component, enabling remote database compromise. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

SQLi PHP
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-4168 LOW POC PATCH Monitor

A vulnerability was identified in Tecnick TCExam 16.5.0.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-4174 LOW POC PATCH Monitor

A vulnerability has been found in Radare2 5.9.9.

Denial Of Service Radare2
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2233 MEDIUM This Month

Unauthenticated attackers can modify arbitrary WordPress posts through the User Frontend plugin (versions up to 4.2.8) due to missing authorization checks in the draft_post() function, allowing them to unpublish or alter post content. The vulnerability affects all installations of the affected plugin versions without requiring authentication or user interaction. No patch is currently available.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-4175 MEDIUM PATCH This Month

A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2.

PHP XSS
NVD VulDB GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-4169 MEDIUM PATCH This Month

A security flaw has been discovered in Tecnick TCExam up to 16.6.0.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-1883 MEDIUM This Month

An Insecure Direct Object Reference (IDOR) vulnerability exists in the Wicked Folders plugin for WordPress (versions up to 4.1.0) within the delete_folders() function, allowing authenticated attackers with Contributor-level privileges to delete arbitrary folders created by other users due to missing validation on user-controlled folder identifiers. The vulnerability has a CVSS score of 4.3 (low-to-moderate severity) with a network attack vector requiring low privilege access and no user interaction. While the CVSS rating is moderate, the practical impact is data loss affecting legitimate users' organizational structures.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-4165 LOW Monitor

A vulnerability has been found in Worksuite HR, CRM and Project Management up to 5.5.25.

XSS Hr Crm And Project Management
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy