Skip to main content
CVE-2026-2436 MEDIUM PATCH This Month

libsoup's SoupServer contains a use-after-free vulnerability in the soup_server_disconnect() function that prematurely frees connection objects while TLS handshakes are pending, allowing remote unauthenticated attackers to trigger a server crash via denial of service when a handshake completes after memory deallocation. The vulnerability affects Red Hat Enterprise Linux versions 6, 7, 8, 9, and 10, as well as Ubuntu and Debian distributions across multiple releases. No public exploit code or active exploitation has been confirmed at the time of analysis.

Denial Of Service Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-33882 MEDIUM PATCH This Month

Statamic CMS versions prior to 5.73.16 and 6.7.2 allow authenticated control panel users to extract sensitive user data including email addresses, encrypted passkey credentials, and encrypted two-factor authentication codes through manipulation of the markdown preview endpoint. The vulnerability stems from insufficient input validation (CWE-20) that permits attackers to retrieve data from arbitrary fieldtypes beyond the intended scope. With a CVSS score of 6.5 reflecting low attack complexity and high confidentiality impact, the threat is moderate but requires valid control panel authentication to exploit.

RCE
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-33750 MEDIUM PATCH This Month

Brace-expansion library versions prior to 5.0.5 allow unauthenticated remote attackers to cause denial of service through resource exhaustion by supplying brace expansion patterns with zero step values (e.g., {1..2..0}), triggering an infinite loop that consumes gigabytes of memory and hangs the process for seconds. The vulnerability affects any application passing untrusted input to the expand() function, including glob/minimatch-based tools consuming CLI arguments or configuration files, and requires only 10 bytes of malicious input to trigger.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-33148 MEDIUM PATCH This Month

Tandoor Recipes versions prior to 2.6.0 allow authenticated remote attackers to cause denial of service by injecting URL parameters into the USDA FoodData Central search endpoint through improper URL encoding of the query parameter, enabling API key override and server crashes via malformed requests. Publicly available exploit code exists, and a vendor-released patch is available in version 2.6.0.

Denial Of Service Recipes
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33743 MEDIUM PATCH This Month

Denial of service in Incus prior to version 6.23.0 allows authenticated users with storage bucket access to crash the Incus daemon via specially crafted storage bucket backups, enabling repeated attacks to render the control plane API unavailable while leaving running workloads unaffected. The vulnerability requires local or remote authentication to the Incus system and has a CVSS score of 6.5 (medium severity) with high availability impact. Vendor-released patch available in version 6.23.0.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33541 MEDIUM PATCH This Month

TSPortal versions prior to 34 contain an uncontrolled resource creation vulnerability that allows authenticated attackers to generate arbitrary user database records through validation logic abuse, resulting in potential denial of service via uncontrolled database growth. The flaw exists in Miraheze's Trust and Safety management platform (cpe:2.3:a:miraheze:tsportal) and requires low-privilege authenticated access to exploit. Vendor-released patch available in version 34; no public exploit identified at time of analysis.

Denial Of Service Tsportal
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33438 MEDIUM PATCH This Month

Stirling-PDF versions 2.1.5 through 2.5.1 are vulnerable to resource exhaustion denial of service through the watermark API endpoint, where authenticated users can supply extreme values for fontSize and widthSpacer parameters to crash the server. A proof-of-concept exists according to SSVC data, and the vendor has released patched version 2.5.2 to resolve the issue.

Denial Of Service Stirling Pdf
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-29905 MEDIUM PATCH GHSA This Month

Kirby CMS versions through 5.1.4 allow authenticated editors to trigger a persistent denial of service by uploading malformed images that bypass getimagesize() validation, causing fatal TypeErrors during metadata or thumbnail processing. A proof-of-concept exists and the vulnerability is automatable post-authentication, though no CISA KEV confirmation is evident. The impact is availability degradation affecting CMS operations for all users.

PHP Denial Of Service
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3114 MEDIUM PATCH This Month

Mattermost server versions 10.11.x through 11.4.x fail to validate decompressed archive entry sizes during ZIP file extraction, allowing authenticated users with file upload permissions to trigger denial of service by uploading crafted zip bombs that exhaust server memory. The vulnerability affects Mattermost 10.11.0-10.11.11, 11.2.0-11.2.3, 11.3.0-11.3.1, and 11.4.0, with CVSS 6.5 (medium) reflecting the requirement for prior authentication and limited scope (availability impact only). No public exploit identified at time of analysis, though the attack vector is network-accessible and requires low complexity once an attacker has valid upload credentials.

Denial Of Service File Upload Mattermost
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33886 MEDIUM PATCH This Month

Statamic CMS versions prior to 5.73.16 and 6.7.2 allow authenticated control panel users with access to Antlers-enabled fields to read sensitive application configuration values through template variable injection, exposing secrets such as API keys and database credentials. The vulnerability requires low-privilege authenticated access and network connectivity to the control panel, with a CVSS score of 6.5 reflecting moderate real-world risk. No public exploit code or active exploitation has been identified at the time of analysis.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33470 MEDIUM This Month

Frigate network video recorder versions prior to 0.17.1 allow authenticated users with restricted camera access to enumerate and retrieve snapshots from unauthorized cameras through a two-step authorization bypass in the timeline and snapshot APIs. An attacker with low-privilege credentials limited to one camera can exploit missing validation in the snapshot-clean.webp endpoint to access video evidence from other cameras in the system, compromising the confidentiality of surveillance data across the entire installation. A proof-of-concept exists, though no confirmation of active exploitation in the wild has been reported.

Authentication Bypass Frigate
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33469 MEDIUM This Month

Broken access control in Frigate 0.17.0 allows authenticated non-admin users to retrieve the complete raw configuration file via the `/api/config/raw` endpoint, exposing camera credentials, RTMP stream passwords, MQTT secrets, and proxy authentication tokens that are intentionally redacted from the standard `/api/config` API. The vulnerability stems from inconsistent authorization enforcement between `/api/config/raw_paths` (admin-only) and `/api/config/raw` (authenticated-user-accessible), introduced during an admin-by-default API refactor. Patch version 0.17.1 is available; publicly available exploit code exists but the vulnerability is not confirmed as actively exploited in the wild.

Authentication Bypass Frigate
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33907 MEDIUM PATCH This Month

Ella Core crashes when processing NAS Authentication Response and Authentication Failure messages with missing Information Elements, enabling unauthenticated attackers on the adjacent network to trigger denial of service affecting all connected subscribers. The vulnerability stems from a null pointer dereference in message handling logic (CWE-476) and carries a CVSS 6.5 score reflecting high availability impact with low attack complexity. Vendor-released patch available via GitHub release v1.7.0.

Denial Of Service Null Pointer Dereference
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3531 MEDIUM PATCH This Month

Drupal OpenID Connect / OAuth client versions before 1.5.0 contain an authentication bypass vulnerability that allows attackers to circumvent authentication mechanisms through an alternate path or channel. The vulnerability affects all versions from 0.0.0 through 1.4.x, enabling remote attackers to gain unauthorized access without proper credentials. No CVSS score, EPSS data, or confirmed active exploitation status is currently available; however, the vulnerability's authentication bypass nature and wide version range suggest significant real-world risk to Drupal installations relying on OpenID Connect or OAuth authentication.

Authentication Bypass Openid Connect Oauth Client
NVD HeroDevs
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3527 MEDIUM PATCH This Month

Drupal AJAX Dashboard versions before 3.1.0 fail to enforce authentication on critical AJAX endpoints, allowing unauthenticated remote attackers to bypass access controls and invoke privileged dashboard functions. The vulnerability affects all versions from 0.0.0 through 3.1.0 (exclusive) and is categorized as a Missing Authentication for Critical Function (CWE-306). No public exploit code or active exploitation via CISA KEV has been confirmed at time of analysis, but the authentication bypass nature of this defect presents significant risk to installations relying on dashboard security.

Authentication Bypass Ajax Dashboard
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3121 MEDIUM PATCH This Month

Keycloak allows authenticated administrators with manage-clients permission to escalate privileges to manage-permissions level, enabling unauthorized control over roles, users, and administrative functions within a realm. Red Hat Build of Keycloak, JBoss Enterprise Application Platform 8, and Red Hat Single Sign-On 7 are affected when admin permissions are enabled at the realm level. The vulnerability requires high-privilege authentication but carries medium CVSS severity (6.5) due to confidentiality and integrity impact without availability compromise.

Privilege Escalation Red Hat Build Of Keycloak Red Hat Jboss Enterprise Application Platform 8 Red Hat Jboss Enterprise Application Platform Expansion Pack Red Hat Single Sign On 7
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33903 MEDIUM PATCH This Month

Ella Core suffers a null pointer dereference vulnerability in its NGAP LocationReport message handler that causes the process to panic and crash, enabling unauthenticated network-adjacent attackers to trigger denial of service affecting all connected mobile subscribers. The vulnerability (CVE-2026-33903, CVSS 6.5) stems from missing input validation guards and has a vendor-released patch available in version 1.7.0; no public exploit code or active exploitation has been identified at time of analysis.

Denial Of Service Null Pointer Dereference
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33904 MEDIUM PATCH This Month

Ella Core's AMF control plane deadlocks in the SCTP notification handler when processing malformed or stale radio entries, allowing unauthenticated attackers with N2 interface access to hang the entire Access and Mobility Function until manual process restart, completely denying service to all subscribers. The vulnerability (CVSS 6.5, CWE-833 deadlock) stems from improper synchronization in radio cleanup logic combined with stale-entry scanning, and patches are available in version 1.7.0 and later.

Denial Of Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33375 MEDIUM PATCH This Month

Grafana MSSQL data source plugin versions across multiple release branches contain a logic flaw enabling low-privileged Viewer users to bypass API restrictions and trigger catastrophic out-of-memory exhaustion, resulting in host container denial of service. The vulnerability affects Grafana OSS versions 11.6.0 through 12.4.0 across multiple patch branches (11.6.14+security-01, 12.1.10+security-01, 12.2.8+security-01, 12.3.6+security-01, and 12.4.2 or later) and requires only network access and valid low-privileged credentials to exploit; no public exploit code or active exploitation has been confirmed at time of analysis.

Grafana Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55265 MEDIUM This Month

HCL Aftermarket DPC version 1.0.0 is vulnerable to unauthenticated file discovery that allows remote attackers to read sensitive files from the system without user interaction beyond a single click, potentially enabling reconnaissance for follow-on attacks. The vulnerability carries a CVSS score of 6.5 (Medium) with high confidentiality impact but no integrity or availability consequences. No public exploit code or active exploitation has been reported at the time of analysis.

Information Disclosure Aftermarket Dpc
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-4278 MEDIUM This Month

The Simple Download Counter WordPress plugin contains a Stored Cross-Site Scripting (XSS) vulnerability in the 'sdc_menu' shortcode due to insufficient input sanitization and output escaping of the 'text' and 'cat' attributes. Authenticated attackers with Contributor-level access or higher can inject arbitrary JavaScript code into pages via these unescaped shortcode attributes, which will execute for all users visiting the affected pages. All versions up to and including 2.3 are vulnerable, with a CVSS score of 6.4 indicating moderate severity and the vulnerability requiring low attack complexity and only low privileges to exploit.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2026-4075 MEDIUM This Month

The BWL Advanced FAQ Manager Lite WordPress plugin contains a Stored Cross-Site Scripting (XSS) vulnerability in the 'baf_sbox' shortcode due to insufficient input sanitization and output escaping of user-supplied attributes. Authenticated attackers with Contributor-level access or higher can inject arbitrary JavaScript code through shortcode attributes (sbox_id, sbox_class, placeholder, highlight_color, highlight_bg, cont_ext_class) that will execute in the browsers of all users viewing the affected pages. The vulnerability affects all versions up to and including 1.1.1, and while no public exploit code or KEV designation is currently documented, the CVSS 6.4 score and straightforward nature of the flaw indicate moderate real-world risk.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4389 MEDIUM This Month

This is a Stored Cross-Site Scripting (XSS) vulnerability in the DSGVO Snippet for Leaflet Map and its Extensions WordPress plugin (all versions up to and including 3.1) that allows authenticated attackers with contributor-level or higher privileges to inject arbitrary JavaScript code into pages via the `leafext-cookie-time` and `leafext-delete-cookie` shortcodes. The vulnerability stems from insufficient input sanitization and output escaping on user-supplied shortcode attributes (`unset`, `before`, `after`), enabling script execution whenever visitors access the compromised pages. With a CVSS score of 6.4 and attack complexity of low, this represents a moderate but real threat in WordPress environments where multiple content contributors exist.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-0964 MEDIUM PATCH This Month

SCP client implementations across Red Hat Enterprise Linux 6-10 and OpenShift Container Platform 4 are vulnerable to path traversal during file transfer, allowing a malicious SCP server to write files outside the designated working directory and potentially execute arbitrary code or modify system configuration. This vulnerability mirrors CVE-2019-6111 in OpenSSH; unauthenticated remote attackers can exploit it with high user interaction (the victim must initiate an SCP connection to a malicious server), resulting in confidentiality, integrity, and availability compromise. No public exploit code or active exploitation has been confirmed at the time of analysis.

SSH Path Traversal
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-29976 MEDIUM This Month

The getradiotapfield() function in ZerBea hcxpcapngtool version 7.0.1-43-g2ee308e contains a buffer overflow vulnerability allowing local attackers to trigger a denial of service condition through memory corruption. While the vulnerability is classified as causing information disclosure in the description, the CVSS vector (C:N/I:N/A:H) indicates the primary impact is availability degradation rather than confidentiality compromise. No public exploit code or active exploitation has been identified at the time of analysis, though the local attack vector and lack of required privileges make exploitation feasible for any user with local system access.

Buffer Overflow Red Hat
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-1986 MEDIUM This Month

A Reflected Cross-Site Scripting (XSS) vulnerability exists in FloristPress for Woo (BakkBone) plugin versions up to 7.8.2, where the 'noresults' parameter is insufficiently sanitized and escaped, allowing unauthenticated attackers to inject arbitrary JavaScript. An attacker can craft a malicious URL and trick users into clicking it, resulting in script execution within the victim's browser session with access to sensitive data and session tokens. The vulnerability requires user interaction (UI:R) but has a network attack vector with low complexity, and while no KEV or confirmed active exploitation data is available in the provided intelligence, Wordfence has documented the issue with references to vulnerable code locations.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-33885 MEDIUM PATCH This Month

Statamic CMS versions prior to 5.73.16 and 6.7.2 contain an open redirect vulnerability in external URL detection logic that protects unauthenticated endpoints. Unauthenticated remote attackers can exploit insufficient redirect validation to bypass security controls and redirect users to attacker-controlled external URLs following form submissions or authentication workflows, potentially facilitating phishing, credential theft, or malware distribution. No public exploit code or active exploitation has been identified at time of analysis.

Open Redirect
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-4898 LOW POC Monitor

The Online Food Ordering System 1.0 by code-projects contains a reflected cross-site scripting (XSS) vulnerability in the Name parameter of /dbfood/contact.php that allows unauthenticated remote attackers to inject malicious scripts. The vulnerability has a publicly available proof-of-concept and affects all versions of the affected product line. While the CVSS score of 4.3 is moderate, the public availability of exploit code and minimal complexity of attack execution elevate practical risk for instances exposed to the internet.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4877 LOW POC Monitor

Reflected cross-site scripting (XSS) in itsourcecode Payroll Management System version 1.0 allows remote unauthenticated attackers to inject malicious scripts via manipulation of the 'page' parameter in /index.php. The vulnerability has a CVSS v4.0 score of 5.3 with network accessibility and low integrity impact; publicly available exploit code exists, and CISA SSVC assessment confirms the flaw is exploitable and partially automatable, making it suitable for active compromise of application integrity and user sessions.

PHP XSS
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4849 LOW POC Monitor

A reflected cross-site scripting (XSS) vulnerability exists in code-projects Simple Laundry System version 1.0 via the firstName parameter in the /modify.php file. An attacker can inject malicious JavaScript that executes in a victim's browser when they visit a crafted link, potentially leading to session hijacking, credential theft, or malware distribution. A public proof-of-concept is available on GitHub, and exploitation requires only user interaction (clicking a malicious link), making this a practical concern despite the moderate CVSS score of 5.3.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4848 LOW POC Monitor

Muucmf 1.9.5.20260309 contains a cross-site scripting (XSS) vulnerability in the /admin/extend/list.html endpoint where the Name parameter is not properly sanitized, allowing remote attackers to inject malicious scripts. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

XSS Muucmf
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4847 LOW POC Monitor

A reflected cross-site scripting (XSS) vulnerability exists in dameng100 muucmf version 1.9.5.20260309 within the /admin/config/list.html endpoint, where the Name parameter is not properly sanitized before being rendered in the response. An unauthenticated remote attacker can craft a malicious URL containing JavaScript code in the Name parameter to execute arbitrary scripts in a victim's browser context, potentially leading to session hijacking, credential theft, or malware distribution. A public proof-of-concept exploit has been published, and the vendor has not responded to early disclosure notifications, indicating no immediate patch is available.

XSS Muucmf
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4846 LOW POC Monitor

A stored cross-site scripting (XSS) vulnerability exists in dameng100 muucmf version 1.9.5.20260309 and potentially earlier versions, affecting the autoReply.html administrative interface in the channel/admin.Account module. An unauthenticated attacker can inject malicious JavaScript through the 'keyword' parameter, which is reflected in the response without proper sanitization, allowing session hijacking, credential theft, or malware distribution to administrative users. A public proof-of-concept exploit is available, and the vendor has not responded to disclosure notifications, indicating no official patch is currently available.

XSS Muucmf
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4845 LOW POC Monitor

A reflected cross-site scripting (XSS) vulnerability exists in Dameng100 MUUCMF version 1.9.5.20260309 within the Member management interface at /admin/Member/index.html. The vulnerability is triggered via an unsanitized Search parameter, allowing remote attackers to inject arbitrary JavaScript that executes in the context of an authenticated user's browser. A proof-of-concept exploit has been publicly disclosed, and the vendor has not responded to early disclosure attempts, leaving deployments unpatched.

XSS Muucmf
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-33933 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in the custom template editor of OpenEMR, a widely-deployed open-source electronic health records system. Attackers can craft malicious URLs that, when clicked by authenticated staff members, execute arbitrary JavaScript within their browser sessions and gain access to sensitive medical data and system functions; notably, the attacker does not require an OpenEMR account themselves. The vulnerability affects OpenEMR versions 7.0.2.1 through 8.0.0.2, and while there is no evidence of active exploitation in the wild or public proof-of-concept code, the moderate CVSS score of 6.1 combined with the user-interaction requirement and the context-sensitive nature of healthcare data makes this a meaningful priority for healthcare organizations.

XSS Openemr
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-28297 MEDIUM This Month

SolarWinds Observability Self-Hosted versions 2026.1.1 and earlier contain a stored cross-site scripting vulnerability that allows authenticated attackers with high privileges to inject malicious scripts into the application, resulting in unintended script execution within the security context of the affected system. The vulnerability requires administrative or high-privilege access and does not currently show evidence of active exploitation, though the ability to persist malicious payloads in stored data represents a significant insider threat. Affected organizations should prioritize patching to versions after 2026.1.1 to eliminate the XSS attack surface.

XSS Solarwinds Observability Self Hosted
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-3529 MEDIUM PATCH This Month

Drupal Google Analytics GA4 module versions before 1.1.14 contain a cross-site scripting (XSS) vulnerability through improper input neutralization during web page generation, allowing attackers to inject and execute arbitrary JavaScript in user browsers. Remote attackers can craft malicious requests that persist within analytics data or configuration, affecting all users of sites running vulnerable versions. The vulnerability is documented in Drupal's security advisory SA-CONTRIB-2026-024 and has been assigned EUVD-2026-16383; no public exploit code or active exploitation has been confirmed at the time of this analysis.

XSS Google
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-3528 MEDIUM PATCH This Month

Cross-site scripting (XSS) in Drupal Calculation Fields module versions prior to 1.0.4 permits remote attackers to inject arbitrary JavaScript into dynamically generated web pages, enabling session hijacking, credential theft, and malware distribution against users viewing affected pages. The vulnerability stems from improper input neutralization during calculation field rendering, affecting all installations running Calculation Fields 0.0.0 through 1.0.3. No public exploit code or active exploitation has been confirmed at time of analysis.

XSS Calculation Fields
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-33883 MEDIUM PATCH This Month

The user:reset_password_form template tag in Statamic CMS fails to escape user-supplied input before rendering it into HTML, enabling reflected cross-site scripting (XSS) attacks via crafted URLs. An unauthenticated remote attacker can exploit this by tricking a victim into clicking a malicious link, causing arbitrary JavaScript execution in the victim's browser with access to session tokens and sensitive page content. Vendor-released patches are available in versions 5.73.16 and 6.7.2.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-30162 MEDIUM This Month

Timo 2.0.3 contains a stored cross-site scripting (XSS) vulnerability in the title field that allows unauthenticated remote attackers to inject malicious scripts via crafted links, resulting in session hijacking, credential theft, or malware distribution to other users viewing affected content. Publicly available exploit code exists (referenced via GitHub issue), and the vulnerability is rated CVSS 6.1 with cross-site scope impact, though no evidence of active exploitation in the wild has been confirmed at the time of analysis.

XSS
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-4876 LOW POC Monitor

SQL injection in itsourcecode Free Hotel Reservation System 1.0 via the ID parameter in /admin/mod_amenities/index.php?view=editpic allows authenticated remote attackers to manipulate database queries and extract or modify sensitive data. The vulnerability requires valid administrator credentials to exploit (PR:L per CVSS 4.0 vector), affects confidentiality and integrity of database contents, and carries moderate real-world risk despite a CVSS score of 5.3 due to publicly available exploit code and low attack complexity. No vendor-released patch has been identified; the system appears to be unsupported or abandoned based on available advisory data.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4836 LOW POC Monitor

SQL injection in code-projects Accounting System 1.0 allows authenticated remote attackers to execute arbitrary SQL commands via the cos_id parameter in /my_account/delete.php. Public exploit code exists for this vulnerability, enabling potential unauthorized database access and manipulation. No patch is currently available.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-29934 MEDIUM This Month

Lightcms v2.0 contains a reflected cross-site scripting vulnerability in the /admin/menus component that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the HTTP referer header. The vulnerability requires user interaction (clicking a crafted link) to trigger exploitation. A proof-of-concept has been publicly disclosed on GitHub, though no evidence of active exploitation in the CISA Known Exploited Vulnerabilities catalog was identified. With a CVSS score of 6.1 and low attack complexity, this represents a moderate-severity risk requiring prompt patching.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-29933 MEDIUM This Month

YZMCMS v7.4 suffers from a reflected cross-site scripting (XSS) vulnerability in the /index/login.html component that permits attackers to execute arbitrary JavaScript in a user's browser by manipulating the referrer value in request headers. Remote attackers can exploit this to steal session credentials, perform actions on behalf of authenticated users, or redirect users to malicious sites without requiring prior authentication. No public exploit code or active exploitation has been independently confirmed at the time of analysis.

XSS Yzmcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-29969 MEDIUM This Month

StaffWiki v7.0.1.19219 contains a reflected cross-site scripting (XSS) vulnerability in the wff_cols_pref.css.aspx endpoint that enables remote attackers to execute arbitrary JavaScript in a user's browser context through a crafted HTTP request. The vulnerability affects StaffWiki versions up to at least 7.0.1.19219, and publicly available exploit code has been disclosed via GitHub, though no active exploitation has been confirmed by CISA at the time of analysis.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-4875 LOW POC Monitor

Free Hotel Reservation System 1.0 permits unrestricted file uploads via the image parameter in the /admin/mod_amenities/index.php?view=add endpoint, allowing remote attackers with high privileges to upload arbitrary files. The vulnerability (CWE-434: Unrestricted Upload of File with Dangerous Type) affects the amenities management module and has publicly available exploit code. With a CVSS v4.0 score of 5.1 and network-accessible attack vector requiring high administrative privileges, this poses a moderate risk primarily to authenticated administrators or systems where authentication has been compromised.

File Upload PHP
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-4835 LOW POC Monitor

A stored cross-site scripting (XSS) vulnerability exists in code-projects Accounting System 1.0 within the customer management interface (/my_account/add_costumer.php), where the costumer_name parameter fails to properly sanitize user input. Attackers with low privileges and user interaction can inject malicious JavaScript that will execute in the browsers of other users viewing the affected page, potentially leading to session hijacking, credential theft, or unauthorized actions within the accounting system. A public proof-of-concept exploit is available, significantly increasing the likelihood of real-world exploitation.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-4923 MEDIUM PATCH GHSA This Month

path-to-regexp versions prior to 8.4.0 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing multiple wildcard parameters combined with path parameters in specific configurations. Unauthenticated remote attackers can craft malicious path patterns containing multiple wildcards (not at the end) to trigger catastrophic regex backtracking, causing denial of service against applications using the affected library. No public exploit code or active exploitation has been confirmed at time of analysis.

Denial Of Service Red Hat
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-26073 MEDIUM PATCH This Month

EVerest charging software stack versions prior to 2026.02.0 suffer from a data race condition in queue/deque handling triggered by concurrent powermeter public key updates and EV session/error events, resulting in heap corruption and potential denial of service. Unauthenticated remote attackers can exploit this via specially timed network events to crash the charging infrastructure, though successful exploitation requires precise timing due to high attack complexity. The vulnerability affects everest-core and has been patched in version 2026.02.0.

Heap Overflow Buffer Overflow Everest Core
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-4899 LOW POC Monitor

The code-projects Online Food Ordering System versions up to 1.0 contain a stored cross-site scripting (XSS) vulnerability in the /dbfood/food.php file via the cuisines parameter, allowing authenticated attackers with high privileges to inject malicious scripts that execute in users' browsers. The vulnerability carries a CVSS score of 2.4 (low severity) but has publicly available exploit code and confirmed documentation on GitHub, limiting its practical impact due to high privilege requirements and user interaction dependency. Remote exploitation is possible, but the attack requires an authenticated user with high-level administrative privileges and victim user interaction, substantially constraining real-world exploitation likelihood.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
Prev Page 4 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy