Skip to main content
CVE-2026-6011 LOW POC PATCH Monitor

Server-side request forgery (SSRF) in OpenClaw's assertPublicHostname handler (src/agents/tools/web-fetch.ts) allows remote attackers to craft requests that bypass hostname validation and reach internal or restricted systems. Affected versions up to 2026.1.26 are vulnerable; the attack requires high complexity but publicly available exploit code exists. Vendor-released patch version 2026.1.29 (commit b623557a2ec7e271bda003eb3ac33fbb2e218505) resolves the issue.

SSRF Openclaw
NVD VulDB GitHub
CVSS 4.0
2.9
EPSS
0.0%
CVE-2026-5999 LOW POC Monitor

Improper authorization in JeecgBoot up to version 3.9.1 allows authenticated remote attackers to bypass access controls in the SysAnnouncementController component, potentially leading to unauthorized data modification and disclosure. The vulnerability has a CVSS score of 6.3 (medium severity) and carries an EPSS severity rating reflecting real-world exploitability; publicly available exploit code exists and the vendor has confirmed the issue with a patch expected in an upcoming release.

Authentication Bypass Jeecgboot
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6035 LOW POC Monitor

Reflected cross-site scripting (XSS) in code-projects Vehicle Showroom Management System 1.0 allows remote attackers to inject malicious scripts via the BRANCH_ID parameter in /BranchManagement/ServiceAndSalesReport.php. The vulnerability requires user interaction (UI:P) but no authentication, with publicly available exploit code disclosed. CVSS 5.3 reflects moderate severity with integrity impact limited to confidentiality of user sessions rather than data modification.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6034 LOW POC Monitor

Reflected cross-site scripting (XSS) in code-projects Vehicle Showroom Management System 1.0 allows remote unauthenticated attackers to inject malicious scripts via the BRANCH_ID parameter in /BranchManagement/ProfitAndLossReport.php, requiring user interaction to execute. Publicly available exploit code exists for this vulnerability, and while the CVSS score of 5.3 is moderate, the low integrity impact combined with user interaction requirement limits practical risk, though XSS vulnerabilities remain routinely exploitable in real-world scenarios.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6032 LOW POC Monitor

Reflected cross-site scripting (XSS) in code-projects Simple Laundry System 1.0 allows unauthenticated remote attackers to inject arbitrary JavaScript via the serviceId parameter in /checkcheckout.php, requiring user interaction to execute. Publicly available exploit code exists for this vulnerability, and the low CVSS score of 4.3 reflects the need for user click-through and limited scope (integrity impact only), though the attack vector is network-accessible and requires no special privileges or authentication.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6000 LOW POC Monitor

Information disclosure in code-projects Online Library Management System 1.0 allows unauthenticated remote attackers to access sensitive data from SQL database backup files via the /sql/library.sql component, requiring user interaction (clicking a link or similar action). The vulnerability has a publicly available exploit and carries a CVSS score of 4.3 with an exploit proof-of-concept (E:P) rating, making it a low-to-moderate priority issue with confirmed public discoverability but limited real-world attack surface due to interaction requirements.

Information Disclosure Online Library Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6033 LOW POC Monitor

SQL injection in CodeAstro Online Classroom 1.0 allows authenticated remote attackers to manipulate the fname parameter in /updatedetailsfromstudent.php to execute arbitrary SQL queries, achieving limited confidentiality and integrity impact. The vulnerability has publicly available exploit code and a CVSS score of 5.3, representing a moderate risk requiring authentication to exploit.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6030 LOW POC Monitor

SQL injection in itsourcecode Construction Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the toolname parameter in /del1.php, potentially compromising data confidentiality, integrity, and availability. Publicly available exploit code exists, and the vulnerability has been assigned CVSS 6.3 with confirmed exploitability indicators (E:P rating).

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6010 LOW POC Monitor

SQL injection in CodeAstro Online Classroom allows authenticated remote attackers to execute arbitrary SQL queries via the Q1 parameter in /OnlineClassroom/takeassessment2.php, enabling data exfiltration and modification with CVSS 6.3 severity; publicly available exploit code exists and the vulnerability affects all versions of the product.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6007 LOW POC Monitor

SQL injection in itsourcecode Construction Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the equipname parameter in /del.php, enabling data exfiltration, modification, and potential denial of service. Publicly available exploit code exists, and the vulnerability carries a CVSS score of 6.3 with confirmed exploitation potential (E:P rating).

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6006 LOW POC Monitor

SQL injection in code-projects Patient Record Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /edit_hpatient.php, leading to unauthorized data access, modification, and potential denial of service. Publicly available exploit code exists (CVSS 6.3, attack vector network, low complexity, requires valid credentials). This is not confirmed as actively exploited by CISA but poses immediate risk given public POC availability and low exploitation complexity.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6005 LOW POC Monitor

SQL injection in code-projects Patient Record Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL commands via the hem_id parameter in /hematology_print.php, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has a CVSS score of 6.3 (medium) with publicly available exploit code, though no CISA KEV confirmation indicates active widespread exploitation at time of analysis.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6003 LOW POC Monitor

Stored cross-site scripting (XSS) in code-projects Simple IT Discussion Forum 1.0 allows authenticated remote attackers with administrative privileges to inject malicious scripts via the fname parameter in /admin/user.php, affecting user interactions through reflected XSS. The vulnerability has a CVSS score of 2.4 but carries a public exploit, though the low CVSS reflects the requirement for high-privilege authentication and user interaction to trigger the payload.

XSS PHP
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-40184 LOW PATCH Monitor

TREK collaborative travel planner versions before 2.7.2 serve uploaded user photos without authentication, allowing unauthenticated remote attackers to enumerate and access private photo collections through direct URL access. The vulnerability is restricted to information disclosure with low impact due to attack complexity constraints, though it exposes sensitive travel-related imagery that users expect to be private.

Authentication Bypass Trek
NVD GitHub
CVSS 3.1
3.7
EPSS
0.1%
CVE-2026-40097 LOW PATCH GHSA Monitor

Step CA versions 0.24.0 through 0.30.0-rc2 suffer a denial-of-service vulnerability where an attacker can trigger an index out-of-bounds panic by sending a crafted TPM attestation key certificate with an empty Extended Key Usage extension during device-attest-01 ACME challenges. The vulnerability affects only deployments that have explicitly configured TPM device attestation; organizations using Step CA for standard certificate management are unaffected. While the CVSS score is low (3.7), the attack is unauthenticated and remotely triggerable, potentially causing service disruption in vulnerable configurations.

Buffer Overflow Certificates
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-40194 LOW PATCH GHSA Monitor

phpseclib's SSH2 packet authentication uses PHP's non-constant-time != operator to compare HMACs, enabling timing-based information disclosure attacks on SSH sessions. The vulnerability affects phpseclib versions prior to 1.0.28, 2.0.53, and 3.0.51. An unauthenticated remote attacker can exploit variable-time comparison behavior to infer valid HMAC values through precise timing measurements, potentially compromising the confidentiality of SSH communications. No public exploit code or active exploitation has been confirmed, but this is a cryptographic timing vulnerability with proven scalability via benchmarking.

PHP Information Disclosure
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-33551 LOW PATCH Monitor

OpenStack Keystone 14 through 29.x allows authenticated users with restricted application credentials to create EC2 credentials that inherit the parent user's full S3 permissions, bypassing role restrictions. This privilege escalation affects only deployments combining restricted application credentials with the EC2/S3 compatibility API (swift3/s3api), and requires valid authentication credentials and moderate attack complexity to exploit.

Authentication Bypass Keystone
NVD VulDB
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-40228 LOW Monitor

systemd-journald in systemd 259 allows local attackers to send ANSI escape sequences to terminals of arbitrary users via the logger utility when ForwardToWall=yes is enabled, enabling terminal manipulation and information disclosure attacks with low CVSS impact but realistic local access requirements.

Information Disclosure Systemd
NVD VulDB
CVSS 3.1
2.9
EPSS
0.0%
CVE-2026-5188 LOW Monitor

Integer underflow in wolfSSL's ASN.1 certificate parser allows remote attackers to trigger information disclosure and potential memory access violations when processing malformed X.509 certificates with oversized Subject Alternative Name extensions. The vulnerability affects wolfSSL versions up to 5.9.0 but only impacts systems using the non-default original ASN.1 parsing implementation; no public exploit code or active exploitation has been identified at time of analysis.

Information Disclosure Integer Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-35648 LOW PATCH Monitor

OpenClaw before version 2026.3.22 allows policy bypass through unvalidated queued node actions, enabling attackers to execute unauthorized commands by exploiting stale allowlists or policy declarations that persist after policy changes. The vulnerability requires network access and high attack complexity but no authentication, resulting in integrity impact without exposing confidentiality or availability. No public exploit code or active exploitation has been confirmed.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy