Skip to main content
CVE-2026-21716 LOW POC PATCH Monitor

Node.js Permission Model bypass in FileHandle.chmod() and FileHandle.chown() promise-based methods allows local authenticated users with restricted --allow-fs-write to modify file permissions and ownership on already-open file descriptors, circumventing intended write restrictions. The vulnerability affects Node.js 20.x, 22.x, 24.x, and 25.x when running under the --permission flag; the callback-based equivalents (fs.fchmod, fs.fchown) were correctly patched in CVE-2024-36137, but the promises API was incompletely fixed. CVSS 3.3 with low real-world impact due to local-only attack vector and requirement for pre-existing file access.

Authentication Bypass Node
NVD VulDB GitHub
CVSS 3.0
3.3
EPSS
0.0%
CVE-2026-5105 LOW POC Monitor

Command injection in Totolink A3300R firmware version 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary commands via manipulation of the pptpPassThru parameter in the setVpnPassCfg function of /cgi-bin/cstecgi.cgi. The vulnerability has a CVSS score of 6.3 (medium severity) with network-accessible attack vector and low complexity; publicly available exploit code exists, making this an actionable threat for affected deployments.

Command Injection A3300R
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-5104 LOW POC Monitor

Command injection in Totolink A3300R router firmware version 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary commands via a crafted ip parameter in the setStaticRoute function of /cgi-bin/cstecgi.cgi. The vulnerability carries a CVSS score of 6.3 (medium severity) with public exploit code available, enabling potential compromise of router configuration and data integrity.

Command Injection A3300R
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-5103 LOW POC Monitor

Remote command injection in Totolink A3300R firmware 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary commands via the enable parameter in the setUPnPCfg function at /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the vulnerability has a CVSS score of 6.3 with confirmed proof-of-concept demonstrated on GitHub.

Command Injection A3300R
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-5102 LOW POC Monitor

Command injection in Totolink A3300R 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary system commands via the qos_up_bw parameter in the setSmartQosCfg function of /cgi-bin/cstecgi.cgi. The vulnerability has a CVSS score of 6.3 (medium severity) with low attack complexity, and publicly available exploit code exists, though no active exploitation via CISA KEV has been confirmed at time of analysis.

Command Injection A3300R
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-5153 LOW POC Monitor

Command injection in Tenda CH22 1.0.0.1 via the FormWriteFacMac function allows authenticated remote attackers to execute arbitrary commands by manipulating the mac parameter in the /goform/WriteFacMac endpoint. Publicly available exploit code exists for this vulnerability, which carries a CVSS score of 6.3 and requires low-privilege authentication to trigger.

Tenda Command Injection
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.7%
CVE-2026-5157 LOW POC Monitor

Reflected cross-site scripting (XSS) in code-projects Online Food Ordering System 1.0 allows unauthenticated remote attackers to inject malicious scripts via the cust_id parameter in /form/order.php, exploitable through user interaction (UI required). Publicly available exploit code exists; the vulnerability carries CVSS 4.3 (low severity) but poses reputational and user session hijacking risks typical of XSS attacks in e-commerce contexts.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5126 LOW POC Monitor

Server-side request forgery in SourceCodester RSS Feed Parser 1.0 via the file_get_contents function allows authenticated remote attackers to perform arbitrary HTTP requests from the vulnerable server. The vulnerability has a CVSS score of 5.3 with low impact across confidentiality, integrity, and availability, and publicly available exploit code exists.

SSRF Rss Feed Parser
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5125 LOW POC PATCH Monitor

OS command injection in raine consult-llm-mcp up to version 2.5.3 allows local authenticated users to execute arbitrary system commands via manipulation of git_diff.base_ref or git_diff.files arguments passed to child_process.execSync in src/server.ts. The vulnerability requires local access and valid credentials (privilege level L), has a CVSS score of 5.3 with medium impact on confidentiality, integrity, and availability, and publicly available exploit code exists. Vendor-released patch addresses the issue in version 2.5.4.

Command Injection Consult Llm Mcp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.2%
CVE-2026-5106 LOW POC Monitor

Reflected cross-site scripting (XSS) in code-projects Exam Form Submission 1.0 allows authenticated remote attackers to inject malicious scripts via the sname parameter in /admin/update_fst.php, affecting user sessions with administrator privileges. The vulnerability requires user interaction (UI:R) and carries a low CVSS score of 2.4 due to the requirement for prior administrative authentication (PR:H), but publicly available exploit code exists and may be actively used. The attack vector is network-based (AV:N) with low complexity (AC:L), creating an insider threat scenario where compromised or malicious administrators can deface content or steal session tokens of other administrators.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-66038 LOW PATCH Monitor

OpenSC before version 0.27.0 contains an out-of-bounds buffer read vulnerability in the sc_compacttlv_find_tag function that can return pointers beyond the allocated buffer bounds, leading to potential memory corruption when downstream code dereferences the returned pointer. The vulnerability affects OpenSC when processing untrusted compact-TLV data from smart cards or files, where a maliciously crafted single-byte element can claim a length exceeding the remaining buffer size without validation. While the CVSS score of 3.9 reflects the physical attack vector requirement (smartcard interaction) and high attack complexity, the memory corruption potential poses a notable risk in environments where OpenSC processes untrusted card data.

Buffer Overflow Opensc
NVD GitHub VulDB
CVSS 3.1
3.9
EPSS
0.0%
CVE-2025-66037 LOW PATCH Monitor

Out-of-bounds heap read in OpenSC prior to version 0.27.0 allows local attackers with physical access to smart card interfaces to trigger information disclosure and potential denial of service via crafted X.509/SPKI input to the pkcs15_reader function. The vulnerability stems from sc_pkcs15_pubkey_from_spki_fields() allocating a zero-length buffer and reading one byte beyond its bounds. No public exploit code or active exploitation has been identified; patch is available in version 0.27.0.

Information Disclosure Buffer Overflow Opensc
NVD GitHub VulDB
CVSS 3.1
3.9
EPSS
0.0%
CVE-2025-66215 LOW PATCH Monitor

Stack-buffer overflow in OpenSC's card-oberthur module (versions prior to 0.27.0) allows local attackers with physical access to trigger memory corruption via specially crafted APDU responses from a malicious USB device or smart card, potentially causing denial of service or limited information disclosure. The attack requires the user or administrator to actively use a token during the compromise window, and the vulnerability has been patched in version 0.27.0. No public exploit code or active exploitation has been confirmed at the time of analysis.

Buffer Overflow Stack Overflow Opensc
NVD GitHub VulDB
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-49010 LOW PATCH Monitor

Stack buffer overflow in OpenSC's GET RESPONSE handler prior to version 0.27.0 allows local attackers with physical access to trigger memory corruption via specially crafted smart card or USB device responses to APDUs. The vulnerability requires user interaction and physical proximity, limiting its practical exploitability; however, it could enable local privilege escalation or information disclosure when an authorized user or administrator actively uses a token. No public exploit code or active exploitation has been confirmed.

Buffer Overflow Stack Overflow Opensc
NVD GitHub VulDB
CVSS 3.1
3.8
EPSS
0.0%
CVE-2026-21715 LOW PATCH Monitor

Node.js Permission Model enforcement in versions 20.x, 22.x, 24.x, and 25.x fails to validate read permissions for fs.realpathSync.native(), allowing local authenticated processes running under --permission with restricted --allow-fs-read to enumerate filesystem paths, check file existence, and resolve symlink targets outside permitted directories. This information disclosure vulnerability bypasses sandbox restrictions intentionally configured by administrators and affects multiple stable and current Node.js release series.

Node.js Information Disclosure
NVD VulDB
CVSS 3.0
3.3
EPSS
0.0%
CVE-2026-32696 LOW PATCH Monitor

Remote denial of service in NanoMQ MQTT Broker 0.24.6 allows unauthenticated remote attackers to crash the broker by connecting without credentials when HTTP authentication is enabled with username/password placeholders, triggering a null pointer dereference in the auth_http.c module. The vulnerability requires high attack complexity (user interaction via specific MQTT CONNECT configuration) but results in broker unavailability. Vendor-released patch version 0.24.7 addresses the issue.

Null Pointer Dereference Denial Of Service Nanomq
NVD GitHub
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-33762 LOW PATCH GHSA Monitor

Denial-of-service vulnerability in go-git v5 and earlier versions allows local attackers with write access to the repository to craft a malicious Git index file (format version 4) that triggers an out-of-bounds slice operation during parsing, causing application panic and process termination. The vulnerability requires local disk write access to the .git directory and user interaction (file opening), making it a low-severity but exploitable DoS vector for applications that do not gracefully handle panics. Patch versions v5.17.1 and v6 are available.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
2.8
EPSS
0.0%
CVE-2026-5107 LOW PATCH Monitor

Remote improper access control in FRRouting FRR up to version 10.5.1 allows authenticated remote attackers to bypass authorization checks in the EVPN Type-2 Route Handler (process_type2_route function), potentially leading to integrity and availability impacts. The vulnerability requires high attack complexity and authenticated access (PR:L), limiting immediate exploitation risk. An upstream fix (commit 7676cad65114aa23adde583d91d9d29e2debd045) is available; no public exploit code or active CISA KEV designation identified at time of analysis.

Authentication Bypass Frr
NVD VulDB GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2025-7741 LOW CISA Monitor

Hardcoded password vulnerability in Yokogawa CENTUM VP allows authentication bypass for the PROG system account across versions R5.01.00-R5.04.20, R6.01.00-R6.12.00, and R7.01.00. An attacker who obtains the hardcoded credential and has direct access to the Human Interface Station (HIS) running CTM authentication mode can log in as PROG; however, real-world risk is constrained because PROG defaults to S1 (OFFUSER) permission level, and exploitation requires pre-existing HIS access. No public exploit code or active CISA KEV status identified at time of analysis.

Authentication Bypass Centum Vp
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-28527 LOW PATCH Monitor

BlueKitchen BTstack contains an out-of-bounds read vulnerability in AVRCP Controller GET_PLAYER_APPLICATION_SETTING_ATTRIBUTE_TEXT and GET_PLAYER_APPLICATION_SETTING_VALUE_TEXT handlers that allows nearby Bluetooth Classic attackers with a paired connection to trigger information disclosure and potential denial of service. The vulnerability requires an attacker within Bluetooth range to establish a paired connection and send specially crafted VENDOR_DEPENDENT responses, resulting in reads beyond packet boundaries. No public exploit code or active exploitation has been identified; vendor-released patch v1.8.1 is available.

Buffer Overflow Information Disclosure Btstack
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-28526 LOW PATCH Monitor

BlueKitchen BTstack AVRCP Controller handlers read beyond buffer boundaries when processing specially crafted VENDOR_DEPENDENT responses, allowing nearby Bluetooth Classic attackers with a paired connection to trigger an out-of-bounds read that may crash resource-constrained devices. The vulnerability affects all versions prior to v1.8.1, has a CVSS score of 2.1 (very low severity) due to limited availability impact and requirement for paired connection plus user interaction, and no public exploit code or active exploitation has been identified.

Buffer Overflow Information Disclosure Btstack
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-28528 LOW PATCH Monitor

Out-of-bounds read in BlueKitchen BTstack AVRCP Browsing Target GET_FOLDER_ITEMS handler allows paired Bluetooth Classic attackers to cause denial of service and corrupt attribute bitmap state through insufficient bounds validation on the attr_id parameter. Attack requires proximity (Bluetooth range) and an established pairing relationship. CVSS score of 2.1 reflects limited impact (no confidentiality loss, minor integrity and availability degradation) despite low attack complexity; no active exploitation reported at time of analysis.

Buffer Overflow Information Disclosure Btstack
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5148 LOW Monitor

SQL injection in YunaiV yudao-cloud up to version 2026.01 allows authenticated remote attackers to execute arbitrary SQL queries via the toMail parameter in the /admin-api/system/mail-log/page endpoint, enabling data exfiltration and potential database manipulation. The vulnerability carries a CVSS score of 5.1 with moderate confidentiality and integrity impact. Public exploit code is available, and the vendor has not responded to early disclosure efforts, leaving organizations dependent on self-patching or workarounds.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy