Skip to main content
CVE-2026-5960 LOW POC Monitor

Information disclosure in code-projects Patient Record Management System 1.0 allows unauthenticated remote attackers to access sensitive patient data via manipulation of the SQL database backup file (/db/hcpms.sql), with publicly available exploit code and user interaction required. The vulnerability affects the SQL Database Backup File Handler component and has moderate CVSS impact (4.3) but is elevated by public exploit availability and the sensitivity of healthcare data exposure.

Information Disclosure Patient Record Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5847 LOW POC Monitor

Code-Projects Movie Ticketing System 1.0 exposes sensitive database information through an unprotected SQL backup file at /db/moviedb.sql, allowing remote unauthenticated attackers to download and read the entire database via simple HTTP request. The vulnerability requires user interaction (UI:P per CVSS4.0) and has a publicly available exploit demonstrating the disclosure technique, though the very low CVSS score of 2.1 reflects limited confidentiality impact in typical deployments.

Information Disclosure Movie Ticketing System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5826 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in code-projects Simple IT Discussion Forum 1.0 allows remote attackers to inject malicious scripts via the Category parameter in /edit-category.php. The vulnerability requires user interaction (reflected XSS) but has a low CVSS base score of 4.3; however, publicly available exploit code exists, increasing practical risk for unpatched installations.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5825 LOW POC Monitor

Stored or reflected cross-site scripting (XSS) in code-projects Simple Laundry System 1.0 allows remote attackers to inject malicious scripts via the userid parameter in /delmemberinfo.php, compromising user session integrity and enabling credential theft or malware distribution. The vulnerability requires user interaction (CVSS UI:R) but carries a CVSS score of 4.3 (low severity). Publicly available exploit code exists and the attack vector is network-accessible with no authentication required (AV:N, PR:N).

PHP XSS
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5848 LOW POC Monitor

Code injection in JimuReport's Data Source Handler allows authenticated high-privilege users to execute arbitrary code via manipulated dbUrl parameters in the DriverManager.getConnection function (versions up to 2.3.0). The vulnerability requires high-privilege authentication but can be exploited remotely with low attack complexity; publicly available exploit code exists and the vendor has acknowledged the issue with a fix planned for an upcoming release.

Code Injection RCE Jimureport
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2026-5840 LOW POC Monitor

SQL injection in PHPGurukul News Portal Project 4.1 allows authenticated remote attackers to manipulate the Username parameter in /admin/check_availability.php, enabling data exfiltration and potential database modification. The vulnerability requires high-privilege administrative access; publicly available exploit code exists and may be actively used in attacks.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-5839 LOW POC Monitor

SQL injection in PHPGurukul News Portal Project 4.1 allows authenticated remote attackers with high privileges to manipulate the sucatdescription parameter in /admin/add-subcategory.php, enabling unauthorized database query execution with limited confidentiality, integrity, and availability impact. Publicly available exploit code exists and the CVSS vector indicates proof-of-concept availability (E:P), though this is a low-severity vulnerability (CVSS 4.7) constrained by high administrative privilege requirements.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-5838 LOW POC Monitor

SQL injection in PHPGurukul News Portal Project 4.1 allows remote authenticated administrators to execute arbitrary SQL queries via the sadminusername parameter in /admin/add-subadmins.php. The vulnerability is publicly disclosed with exploit code available, though exploitation requires high-privilege admin access (PR:H) and carries low to moderate real-world risk despite a CVSS score of 4.7.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-5833 LOW POC PATCH Monitor

Command injection in awwaiid mcp-server-taskwarrior up to version 1.0.1 allows local authenticated attackers to execute arbitrary system commands via manipulation of the Identifier argument in the server.setRequestHandler function of index.ts. Publicly available exploit code exists, and the vendor has released a patched version following responsible disclosure practices. This is a locally-exploitable vulnerability requiring authenticated access with moderate CVSS severity (5.3), but the presence of public exploit code and low attack complexity elevates practical risk.

Command Injection Mcp Server Taskwarrior
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.2%
CVE-2026-5836 LOW POC Monitor

Stored cross-site scripting (XSS) in code-projects Online Shoe Store 1.0 allows authenticated administrators to inject malicious scripts via the product_name parameter in /admin/admin_product.php, affecting other users who view the product data. The vulnerability requires high-privilege admin access and user interaction (clicking/viewing), limiting immediate risk, but publicly available exploit code exists and the issue has been disclosed. With a CVSS score of 2.4 and exploitation probability marked as proof-of-concept (E:P), this is a low-severity issue primarily affecting self-hosted instances of the affected software.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-5835 LOW POC Monitor

Stored cross-site scripting (XSS) in code-projects Online Shoe Store 1.0 allows authenticated attackers with high privileges to inject malicious scripts via the product_name parameter in /admin/admin_football.php, requiring user interaction to execute. The vulnerability has publicly available exploit code and a CVSS score of 2.4, reflecting the requirement for high-privilege authentication and user interaction, though the low EPSS probability and lack of CISA KEV listing suggest limited real-world exploitation despite POC availability.

PHP XSS
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-5834 LOW POC Monitor

Cross-site scripting (XSS) in code-projects Online Shoe Store 1.0 allows authenticated remote attackers with administrative privileges to inject malicious scripts via the product_name parameter in /admin/admin_running.php, requiring user interaction to execute. Publicly available exploit code exists for this vulnerability, though it carries a low CVSS score of 2.4 due to restricted attack vector (high privileges required, user interaction needed) and limited impact (integrity only).

PHP XSS
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-24661 LOW PATCH Monitor

Mattermost Plugins versions 2.1.3.0 and earlier allow remote attackers without authentication to cause denial of service through memory exhaustion by sending oversized JSON payloads to the /changes webhook endpoint. The vulnerability stems from a lack of request body size validation, enabling attackers to exhaust server memory and crash the service. CVSS is 3.7 (low severity) with low exploitability complexity, and no public exploit or active exploitation has been confirmed.

Denial Of Service Mattermost
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-21388 LOW PATCH Monitor

Mattermost Plugins versions 2.3.1 and earlier allow unauthenticated remote attackers to trigger denial of service by sending oversized JSON payloads to the /lifecycle webhook endpoint, causing memory exhaustion due to missing request body size validation. CVSS 3.7 reflects low severity despite network accessibility; EPSS and active exploitation status not independently confirmed from available data.

Denial Of Service Mattermost
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-40077 LOW PATCH GHSA Monitor

Beszel prior to 0.18.7 allows authenticated users to access monitoring data for any system without authorization checks, enabling information disclosure of system details and container metadata through ID enumeration. An authenticated attacker can bypass access controls on API endpoints by supplying a valid system ID (15 character alphanumeric) and optionally a container ID (12 digit hexadecimal), potentially discovering sensitive monitoring information across all systems in the platform despite not having legitimate access.

Information Disclosure Beszel
NVD GitHub
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-40109 LOW PATCH GHSA Monitor

Flux notification-controller prior to version 1.8.3 fails to validate the email claim in Google OIDC tokens used for Pub/Sub push authentication, allowing any valid Google-issued token to trigger unauthorized reconciliations via the gcr Receiver webhook endpoint. An attacker must know or discover the webhook URL (generated from a random token stored in a Kubernetes Secret) to exploit this vulnerability; however, practical impact is severely limited because Flux reconciliations are idempotent and deduplicated, meaning unauthorized requests result in no operational changes to cluster state unless the underlying Git/OCI/Helm sources have been modified.

Google Kubernetes Authentication Bypass
NVD GitHub
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-14551 LOW PATCH Monitor

Ubuntu Subiquity 24.04.4 leaks sensitive user credentials in crash report logs submitted to Launchpad during installation failures, potentially exposing plaintext Wi-Fi passwords and other credentials to unauthorized third parties. The vulnerability affects multiple Ubuntu versions (24.04.4, 25.04, and 25.10) and requires user interaction (submission of a crash report) but carries low real-world exploitation risk due to a CVSS score of 2.7 and absence of active exploitation signals. No public exploit code is known; vendor-released patches are available.

Denial Of Service Ubuntu
NVD GitHub
CVSS 4.0
2.7
EPSS
0.0%
CVE-2025-15480 LOW PATCH Monitor

ubuntu-desktop-provision version 24.04.4 leaks user password hashes in crash report logs submitted to Launchpad during installation failures. An unauthenticated remote attacker can obtain sensitive credentials if a user opts to report the installation failure, requiring user interaction to trigger the vulnerability but resulting in direct exposure of authentication material. Patch available from Canonical via GitHub pull requests; EPSS and KEV status not actively exploited at time of analysis.

Denial Of Service Ubuntu
NVD GitHub
CVSS 4.0
2.7
EPSS
0.0%
CVE-2026-35624 LOW PATCH Monitor

OpenClaw before version 2026.3.22 uses room names instead of stable tokens for Nextcloud Talk room authorization, allowing authenticated attackers to bypass allowlist policies by creating similarly named rooms and gaining unauthorized access to protected conversations. The vulnerability requires low privileges and high attack complexity but poses a direct confidentiality and integrity risk to room access controls. No public exploit code or active exploitation has been reported.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2026-35617 LOW PATCH Monitor

OpenClaw before version 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement where attackers with authenticated access can manipulate space display names to rebind group policies and gain unauthorized access to protected resources. The vulnerability requires authenticated access and high attack complexity but affects confidentiality and integrity of protected data. A vendor patch has been released.

Google Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-5187 LOW Monitor

Heap out-of-bounds write in wolfSSL's DecodeObjectId() function in wolfcrypt/src/asn.c allows authenticated remote attackers to trigger memory corruption through two distinct mechanisms: insufficient bounds checking when outSz equals 1, and confusion between buffer byte size and element count across multiple callers, permitting crafted OIDs with 33+ arcs to overflow a 32-arc buffer. CVSS 2.3 reflects low impact (data modification only, no confidentiality loss), but the vulnerability affects cryptographic certificate and message parsing across all wolfSSL versions up to 5.9.0. No public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-39957 LOW PATCH Monitor

SQL operator-precedence bug in Lychee prior to 7.5.4 allows authenticated users with upload permission to bypass ownership filters and retrieve all user-group-based sharing permissions across the instance, including private albums owned by other users. The vulnerability exists in SharingController::listAll() where an orWhereNotNull clause escapes the ownership filter applied by a when() block. This affects any non-admin user who owns at least one album, creating an information disclosure risk that exposes sharing metadata for the entire Lychee instance.

Authentication Bypass Lychee
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-5448 LOW PATCH Monitor

wolfSSL versions before 5.9.1 contain a heap buffer overflow in the X.509 date parsing functions wolfSSL_X509_notAfter and wolfSSL_X509_notBefore when processing crafted certificates through the compatibility layer API. The vulnerability has a CVSS score of 2.3 with attack vector requiring adjacent network access and persistence, affecting only direct API calls and not standard TLS or certificate verification operations. No public exploit code or active exploitation has been identified at the time of analysis.

Heap Overflow Buffer Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-5392 LOW PATCH Monitor

Heap out-of-bounds read in wolfSSL versions prior to 5.9.1 allows unauthenticated attackers on an adjacent network to trigger information disclosure via a crafted PKCS7 message that bypasses bounds checking in the indefinite-length end-of-content verification loop. The vulnerability has a low CVSS score of 2.3 due to restricted attack vector (adjacent network only) and limited integrity impact, with no public exploit code identified at time of analysis.

Information Disclosure Buffer Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-34945 LOW PATCH GHSA Monitor

Wasmtime's Winch compiler in versions 25.0.0 through 36.0.6, 42.0.1, and 43.0.0 incorrectly translates the WebAssembly table.size instruction for 64-bit tables under the memory64 proposal, allowing WebAssembly guests to read sensitive data from the host's stack. The vulnerability stems from static typing the return value as 32-bit instead of consulting the table's actual index type, which when combined with Winch's multi-value return ABI mechanics enables stack data disclosure. This is fixed in Wasmtime 36.0.7, 42.0.2, and 43.0.1; no public exploit code or active exploitation has been identified at time of analysis, but the low CVSS score (2.3) reflects limited real-world impact due to authentication requirements and limited technical scope.

Information Disclosure Wasmtime
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-34988 LOW PATCH GHSA Monitor

Wasmtime's pooling allocator leaks linear memory contents between WebAssembly instances when configured with specific non-default settings (memory_guard_size=0, memory_reservation<4GiB, max_memory_size=memory_reservation). Affected versions 28.0.0 through 36.0.6, 42.0.0-42.0.1, and 43.0.0 allow authenticated local attackers with high attack complexity to read sensitive data from previously-mapped memory due to incorrect virtual memory permission reset logic. Vendor-released patches: 36.0.7, 42.0.2, and 43.0.1. No public exploit identified at time of analysis.

Buffer Overflow Wasmtime
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-5778 LOW Monitor

Integer underflow in wolfSSL's packet sniffer (versions up to 5.9.0) allows remote attackers to crash applications during AEAD decryption by sending malformed TLS Application Data records with insufficient length for the explicit IV and authentication tag. The vulnerability wraps a 16-bit length value to an unexpectedly large integer, triggering an out-of-bounds read in decryption routines. While the CVSS score is low (2.1) due to limited practical impact (availability only), the attack requires no victim interaction beyond network exposure and affects any system passively inspecting encrypted TLS traffic through wolfSSL's ssl_DecodePacket function.

Buffer Overflow Integer Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-5772 LOW Monitor

Stack buffer over-read in wolfSSL's MatchDomainName function allows authenticated remote attackers to cause denial of service through a crafted wildcard hostname during TLS certificate validation when the LEFT_MOST_WILDCARD_ONLY flag is enabled. The vulnerability reads one byte past the allocated buffer when a wildcard character exhausts the entire hostname string, triggering a potential crash with very low real-world exploitation probability (EPSS and CVSS indicate limited practical risk).

Buffer Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5823 LOW Monitor

SQL injection in itsourcecode Construction Management System 1.0 via the Home parameter in /borrowed_tool_report.php allows authenticated remote attackers to execute arbitrary SQL queries with limited impact on confidentiality, integrity, and availability. The vulnerability has a public exploit and CVSS score of 5.3, making it a moderate-severity issue requiring authentication but presenting real exploitation risk given POC availability.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5987 LOW Monitor

Improper neutralization of special elements in FreeMarker template processing within Sanluan PublicCMS up to version 6.202506.d allows high-privileged remote attackers to cause information disclosure through manipulation of the AbstractFreemarkerView.doRender function. The vulnerability has a CVSS score of 5.1 with publicly available exploit code, though exploitation requires administrative privileges (PR:H). CISA KEV status not confirmed; however, the disclosure of exploit code and vendor non-response indicate moderate real-world risk despite the high privilege requirement.

Information Disclosure Java
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-40072 LOW PATCH Monitor

Server-Side Request Forgery in web3.py 6.0.0b3 through 7.14.x and 8.0.0b1 enables malicious smart contracts to force the library to issue HTTP requests to arbitrary destinations via CCIP Read (EIP-3668) URL templates without destination validation. The vulnerability affects all applications using web3.py's .call() method against untrusted contract addresses, as CCIP Read is enabled by default, allowing attackers to target internal network services and cloud metadata endpoints. The issue is remedied in versions 7.15.0 and 8.0.0b2.

SSRF Python
NVD GitHub VulDB
CVSS 4.0
1.7
EPSS
0.0%
CVE-2026-34983 LOW PATCH GHSA Monitor

Wasmtime 43.0.0 contains a use-after-free vulnerability in the Linker cloning mechanism that allows host embedders to trigger memory corruption through a specific sequence of API calls: cloning a wasmtime::Linker, dropping the original instance, and then using the cloned instance. This vulnerability is not exploitable by guest WebAssembly programs and requires deliberate misuse of the host API. The flaw is fixed in Wasmtime 43.0.1. Despite the use-after-free nature (CWE-416), the CVSS 4.0 score of 1.0 reflects the extremely limited attack surface: physical or local access is required (AV:P), attack complexity is high (AC:H), high privilege level is needed (PR:H), and user interaction is required (UI:A), resulting in minimal confidentiality, integrity, and availability impact.

Memory Corruption Information Disclosure Use After Free Wasmtime
NVD GitHub VulDB
CVSS 4.0
1.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy