Skip to main content
CVE-2026-5245 LOW POC PATCH Monitor

Stack-based buffer overflow in Cesanta Mongoose mDNS Record Handler (versions up to 7.20) allows remote attackers to trigger memory corruption via malformed mDNS record data in the handle_mdns_record function. The vulnerability requires high attack complexity and network-level access but results in limited confidentiality, integrity, and availability impact. Publicly available exploit code exists; vendor released patched version 7.21 with immediate availability.

Buffer Overflow Stack Overflow Mongoose
NVD VulDB GitHub
CVSS 4.0
2.9
EPSS
0.1%
CVE-2026-5413 LOW POC Monitor

Information disclosure in Newgen OmniDocs up to version 12.0.00 allows remote attackers without authentication to extract sensitive data by manipulating the connectionDetails parameter in the /omnidocs/GetWebApiConfiguration endpoint. The vulnerability has a CVSS score of 6.3 with high attack complexity, and publicly available exploit code exists; however, no confirmed active exploitation has been reported. The vendor did not respond to early disclosure notification.

Information Disclosure Omnidocs
NVD VulDB
CVSS 4.0
2.9
EPSS
0.0%
CVE-2026-5327 LOW POC Monitor

Command injection in efforthye fast-filesystem-mcp up to version 3.5.1 allows authenticated remote attackers to execute arbitrary system commands via the handleGetDiskUsage function in src/index.ts. The vulnerability has a CVSS score of 6.3 (medium) with publicly available exploit code and no vendor patch released despite early notification through issue tracking. Exploitation requires valid authentication credentials but carries low attack complexity.

Command Injection Fast Filesystem Mcp
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.9%
CVE-2026-5354 LOW POC Monitor

Remote authenticated command injection in TrendNet TEW-657BRM 1.00.1 allows manipulation of the policy_name parameter in /setup.cgi vpn_connect function to achieve operating system command execution with limited impact. The affected router has been end-of-life since June 2011 and is no longer supported by the vendor; however, publicly available exploit code exists and the vulnerability demonstrates real command injection capability despite the legacy product status.

Command Injection Tew 657Brm
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-5353 LOW POC Monitor

OS command injection in Trendnet TEW-657BRM 1.00.1 ping_test function allows authenticated remote attackers to execute arbitrary commands via manipulation of the c4_IPAddr parameter in /setup.cgi. Publicly available exploit code exists. The device has been end-of-life since June 2011 and is no longer supported by the vendor, making patching infeasible for affected users.

Command Injection Tew 657Brm
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-5352 LOW POC Monitor

Remote code execution via OS command injection in TrendNet TEW-657BRM 1.00.1 allows authenticated attackers to execute arbitrary commands through the pcdb_list parameter in /setup.cgi. The affected device has been end-of-life since June 2011 with no vendor support; publicly available exploit code exists but real-world impact is limited to legacy, unsupported hardware.

Command Injection Tew 657Brm
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-5351 LOW POC Monitor

OS command injection in TrendNet TEW-657BRM 1.00.1 router allows authenticated remote attackers to execute arbitrary commands via manipulation of the wl_enrolee_pin parameter in the /setup.cgi add_wps_client function. The vendor discontinued this product in June 2011 and provides no support; publicly available exploit code exists but real-world risk is minimal given the product's 14+ year obsolescence and the authentication requirement.

Command Injection Tew 657Brm
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-5328 LOW POC PATCH Monitor

SQL injection in shsuishang modulithshop allows authenticated remote attackers to execute arbitrary SQL queries via manipulation of the sidx/sort parameter in the ProductItemDao Interface listItem function, potentially leading to unauthorized data access, modification, or denial of service. The vulnerability affects the rolling-release product across an unspecified version range; publicly available exploit code exists. CVSS 6.3 with exploitation probability noted (E:P), and a patch is available via upstream commit 42bcb9463425d1be906c3b290cf29885eb5a2324.

Java SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5317 LOW POC PATCH Monitor

Out-of-bounds write in Nothings stb library up to version 1.22 allows remote attackers to corrupt memory and potentially execute code by crafting malicious Vorbis audio files that trigger improper bounds checking in the start_decoder function. Publicly available exploit code exists for this vulnerability, which affects all applications statically linking vulnerable stb_vorbis.c code. The vendor has not responded to disclosure attempts, leaving deployed instances without an official patch.

Buffer Overflow Memory Corruption Stb
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5316 LOW POC PATCH Monitor

Resource exhaustion in Nothings stb library versions up to 1.22 allows unauthenticated remote attackers to cause denial of service through the setup_free function in stb_vorbis.c when processing malformed audio data. The vulnerability has publicly available exploit code and a low CVSS score of 4.3 reflecting limited impact, but represents a real availability risk in applications embedding this widely-used header-only graphics and audio library.

Denial Of Service Stb
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5318 LOW POC PATCH Monitor

Out-of-bounds write in LibRaw's JPEG DHT parser (HuffTable::initval function) allows unauthenticated remote attackers to trigger a denial of service via malformed JPEG image files. LibRaw versions up to 0.22.0 are affected; publicly available exploit code exists. CVSS 4.3 (low severity) reflects denial-of-service impact only, with low attack complexity and no authentication required. Vendor-released patch available in version 0.22.1.

Buffer Overflow Memory Corruption Libraw
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5319 LOW POC Monitor

Reflected cross-site scripting (XSS) in itsourcecode Payroll Management System up to version 1.0 allows remote attackers to inject malicious scripts via the 'page' parameter in /navbar.php. The vulnerability requires user interaction (UI:R per CVSS vector) but carries a low CVSS score of 4.3 due to limited confidentiality impact. Publicly available exploit code exists, increasing real-world risk despite the moderate base score.

PHP XSS
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5321 LOW POC Monitor

Cross-Origin Resource Sharing (CORS) misconfiguration in vanna-ai vanna up to version 2.0.2 allows authenticated remote attackers to establish permissive cross-domain policies with untrusted domains, leading to information disclosure. The vulnerability affects the FastAPI/Flask Server component and has publicly available exploit code; however, the vendor has not responded to early disclosure attempts. With a CVSS score of 5.3 and confirmed public exploit availability, this represents a moderate-risk authentication-gated information exposure issue.

Cors Misconfiguration Information Disclosure Python
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5339 LOW POC Monitor

Command injection in Tenda G103 1.0.0.5 setting handler allows high-privilege remote attackers to execute arbitrary commands via manipulation of multiple GPON authentication parameters (authLoid, authLoidPassword, authPassword, authSerialNo, authType, oltType, usVlanId, usVlanPriority) in the gpon.lua component. Publicly available exploit code exists, though the CVSS:3.1/AV:N/AC:L/PR:H vector indicates attacks require high administrative privileges and deliver limited impact (confidentiality, integrity, availability each L). This is a realistic but constrained threat: exploitation requires authenticated admin-level access to a device already on the network.

Tenda Command Injection
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.5%
CVE-2026-5331 LOW POC Monitor

Path traversal in OpenCart 4.1.0.3 Extension Installer Page allows high-privileged remote attackers to manipulate the installer.php file and traverse the filesystem, potentially accessing or modifying sensitive files outside the intended directory. The vulnerability has publicly available exploit code and affects the extension installation mechanism; vendor has not responded to early disclosure attempts, leaving installations unpatched.

Path Traversal PHP
NVD VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2026-5417 LOW POC PATCH Monitor

Server-side request forgery (SSRF) in Dataease SQLBot up to version 1.6.0 allows high-privileged remote attackers to manipulate the 'address' argument in the Elasticsearch Handler component (get_es_data_by_http function), enabling unauthorized HTTP requests to internal or external systems. The vulnerability has publicly available exploit code and vendor-released patch version 1.7.0 addresses the issue.

SSRF Elastic
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-5370 LOW POC PATCH Monitor

Stored cross-site scripting (XSS) in Krayin Laravel-CRM up to version 2.2 allows authenticated users with low privileges to inject malicious scripts via the composeMail function in the Activities/Notes Module, which are then executed when other users view the content. The vulnerability requires user interaction (UI:P) but has confirmed publicly available exploit code and a vendor-released patch (commit 73ed28d466bf14787fdb86a120c656a4af270153), making it a moderate priority for deployments where multiple users interact with notes and mail features.

XSS Laravel Crm
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-5325 LOW POC Monitor

Stored cross-site scripting (XSS) in SourceCodester Simple Customer Relationship Management System 1.0 allows authenticated remote attackers to inject malicious scripts via the Description parameter in the /create-ticket.php Create Ticket component. The vulnerability requires user interaction (UI:R) to trigger payload execution and has limited impact (integrity only, no confidentiality or availability loss), but publicly available exploit code exists and the issue has been publicly disclosed.

XSS PHP
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-5332 LOW POC Monitor

Stored cross-site scripting (XSS) in Xiaopi Panel 1.0.0 via the param argument in /demo.php allows authenticated remote attackers to inject malicious scripts that execute in users' browsers. The vulnerability affects the WAF Firewall component, has publicly available exploit code, and carries a low CVSS score (3.5) due to requirement for user interaction and limited impact scope, though the vendor has not responded to disclosure.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-5323 LOW POC PATCH Monitor

Server-side request forgery (SSRF) in priyankark a11y-mcp up to version 1.0.5 allows local authenticated attackers to perform arbitrary outbound requests via the A11yServer function in src/index.js, potentially enabling access to internal services or exfiltration of sensitive data. The vulnerability requires local access and user approval (as the tool operates as a local stdio MCP server with no network exposure), and publicly available exploit code exists. Vendor has released patched version 1.0.6 with commit e3e11c9e8482bd06b82fd9fced67be4856f0dffc.

SSRF A11Y Mcp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-5420 LOW POC Monitor

Hard-coded cryptographic keys in Shinrays Games Goods Triple App up to version 1.200 allow local authenticated users to decrypt sensitive data by manipulating AES_IV and AES_PASSWORD parameters in the jRwTX.java component. The vulnerability requires local access and elevated privileges but has low complexity once exploited; publicly available exploit code exists and the vendor has not responded to disclosure attempts.

Java Information Disclosure
NVD VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-26961 LOW PATCH GHSA Monitor

Rack's multipart form data parser uses a greedy regular expression that selects the last boundary parameter from a Content-Type header instead of the first, allowing request smuggling when upstream proxies or WAFs interpret the first boundary. This mismatch enables attackers to bypass upstream inspection by crafting multipart requests with duplicate boundary declarations, causing Rack to parse a different body structure than the intermediary validated. Affected versions are Rack prior to 2.2.23, 3.1.21, and 3.2.6; patches are available for all three release branches.

Information Disclosure Rack
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-43236 LOW PATCH Monitor

Type confusion in macOS memory handling allows local attackers to cause unexpected app termination through crafted user interaction, affecting macOS Sequoia before 15.6, Sonoma before 14.7.7, and Ventura before 13.7.7. With a CVSS score of 3.3 and SSVC exploitation status of 'none', this represents a low-severity local denial-of-service condition requiring user interaction; no public exploit code or active exploitation has been identified.

Apple Information Disclosure Memory Corruption
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35387 LOW PATCH Monitor

OpenSSH before 10.3 incorrectly interprets ECDSA algorithm specifications in PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms configuration options, allowing authenticated users to authenticate using unintended ECDSA variants. The vulnerability requires authenticated network access and high attack complexity, resulting in a low CVSS score of 3.1 with integrity impact but no confidentiality or availability loss. No public exploit code or active exploitation has been documented.

SSH Information Disclosure
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-5360 LOW Monitor

Type confusion in Free5GC 4.2.0's aper component allows remote attackers to trigger memory corruption and information disclosure with high attack complexity and without authentication. The vulnerability stems from improper type handling in ASN.1 parsing and has publicly available exploit code, though active exploitation at scale has not been confirmed. CVSS 6.3 with availability impact and exploit proof-of-concept disclosure warrant timely patching.

Information Disclosure Memory Corruption Free5gc
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.0%
CVE-2026-5246 LOW PATCH Monitor

Authorization bypass in Cesanta Mongoose up to version 7.20 allows remote, unauthenticated attackers to bypass TLS certificate signature verification in the P-384 public key handler (mg_tls_verify_cert_signature function in mongoose.c), potentially enabling man-in-the-middle attacks or unauthorized access. The attack is highly complex (CVSS AC:H) but publicly disclosed exploit code exists, with vendor-released patch available in version 7.21.

Authentication Bypass Mongoose
NVD VulDB GitHub
CVSS 4.0
2.9
EPSS
0.0%
CVE-2026-35388 LOW PATCH Monitor

OpenSSH before 10.3 fails to confirm connection multiplexing in proxy-mode sessions, allowing local attackers with user interaction to bypass intended access controls and potentially manipulate multiplexed connections. The vulnerability affects OpenSSH versions prior to 10.3p1 and requires local access with user interaction (UI:R) on the affected system; while the CVSS score is low (2.5) and integrity impact is limited, the omission of confirmation mechanisms in proxy-mode multiplexing creates a logic flaw that could enable unauthorized session hijacking or redirection in multi-user environments.

Information Disclosure SSH
NVD VulDB
CVSS 3.1
2.5
EPSS
0.0%
CVE-2026-5355 LOW Monitor

Remote authenticated OS command injection in TrendNet TEW-657BRM 1.00.1 router via the vpn_drop function in /setup.cgi allows low-privileged attackers to execute arbitrary commands with limited impact on system confidentiality, integrity, and availability. The vendor confirmed the product reached end-of-life on June 23, 2011, and will not provide support or patches. Public exploit code exists, but this vulnerability affects only discontinued hardware no longer receiving vendor maintenance.

Command Injection Tew 657Brm Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-35038 LOW PATCH GHSA Monitor

Signal K Server prior to version 2.24.0 permits low-privileged authenticated users to bypass prototype boundary filtering via a malformed `from` field, enabling arbitrary read access to internal functions and properties in the global prototype object. This confidentiality breach violates data isolation within the Signal K application and allows attackers to extract sensitive internal state they should not access. The vulnerability requires prior authentication and has been patched in version 2.24.0.

Authentication Bypass Signalk Server
NVD GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-5338 LOW Monitor

Command injection in Tenda G103 1.0.0.5 allows high-privileged remote attackers to execute arbitrary commands via the lanIp parameter in the action_set_system_settings function of system.lua. The vulnerability requires administrative credentials (PR:H) but has publicly available exploit code and impacts system confidentiality, integrity, and availability. CVSS score 5.1 reflects the elevated privilege requirement despite network-based attack vector.

Tenda Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.6%
CVE-2026-5315 LOW PATCH Monitor

Out-of-bounds read in Nothings stb library (stb_truetype.h) up to version 1.26 allows remote attackers to trigger memory access violations via malformed TTF font files, resulting in information disclosure. The vulnerability affects the stbtt__buf_get8 function in the TTF file handler and requires user interaction to exploit. Publicly available exploit code exists, though the vendor has not responded to disclosure notifications. CVSS 5.3 with EPSS probability of exploitation (E:P) indicates moderate real-world risk.

Buffer Overflow Stb Truetype H
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5344 LOW Monitor

Path traversal in Textpattern XML-RPC handler allows authenticated remote attackers to write arbitrary files via the file.name parameter in mt_uploadImage function, enabling potential code execution or sensitive file overwrite. Affects Textpattern up to version 4.9.1, with publicly available exploit code and vendor confirmation of the issue pending fix in an upcoming release.

PHP Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-34743 LOW PATCH Monitor

Buffer overflow in XZ Utils lzma_index_decoder() allows memory corruption when processing Index records with no data entries prior to version 5.8.3. Unauthenticated remote attackers can trigger a heap overflow via crafted compressed data, potentially causing denial of service or memory corruption. The vulnerability has a low CVSS score (1.7) due to attack time requirement and limited impact scope, with no confirmed active exploitation at time of analysis.

Buffer Overflow Heap Overflow Xz
NVD GitHub VulDB
CVSS 4.0
1.7
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy