177 CVEs tracked today. 12 Critical, 67 High, 63 Medium, 35 Low.
-
CVE-2026-41635
CRITICAL
CVSS 9.8
Remote code execution in Apache MINA 2.0.0-2.0.27, 2.1.0-2.1.10, and 2.2.0-2.2.5 allows unauthenticated network attackers to execute arbitrary code by exploiting unsafe deserialization in AbstractIoBuffer.resolveClass(). The vulnerability bypasses classname allowlist protections due to incomplete validation of static classes and primitive types. CVSS 9.8 critical severity reflects trivial network-based exploitation requiring no authentication or user interaction. Applications using IoBuffer.getObject() are affected. Vendor-released patches available in versions 2.0.28, 2.1.11, and 2.2.6.
RCE
Apache
Deserialization
Red Hat
-
CVE-2026-41462
CRITICAL
CVSS 9.3
ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL expressions through the username fie...
Information Disclosure
SQLi
-
CVE-2026-41409
CRITICAL
CVSS 9.8
Remote unauthenticated attackers can execute arbitrary code in Apache MINA 2.0.0-2.0.27, 2.1.0-2.1.10, and 2.2.0-2.2.5 through unsafe deserialization in AbstractIoBuffer.getObject(). This is an incomplete fix bypass for CVE-2024-52046 where the classname allowlist validation occurs after static initializers execute, enabling attackers to trigger malicious code execution before security controls engage. Apache confirmed the flaw affects applications calling IoBuffer.getObject() and released patches in versions 2.0.28, 2.1.11, and 2.2.6. CVSS 9.8 critical score reflects network-accessible unauthenticated exploitation with complete system compromise potential.
Apache
Deserialization
Red Hat
-
CVE-2026-40860
CRITICAL
CVSS 9.8
JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject() without applying any ObjectInputFilter, class allowlist or class denylist. Because this code path is ...
RCE
Apache
Deserialization
Red Hat
-
CVE-2026-40453
CRITICAL
CVSS 9.9
The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call was not applied to five non-HTTP HeaderFilterStrategy imple...
RCE
Apache
Google
Microsoft
Red Hat
-
CVE-2026-35903
CRITICAL
CVSS 9.8
Authentication bypass in MERCURY MIPC252W IP camera 1.0.5 allows remote unauthenticated attackers to hijack authenticated RTSP sessions and execute unauthorized camera control commands. After an initial valid Digest authentication in a DESCRIBE request, the device fails to validate subsequent RTSP request credentials (SETUP, PLAY, TEARDOWN), accepting empty or invalid Authorization headers as long as session parameters match. This enables complete camera takeover including video stream access, configuration changes, and service disruption without credential brute-forcing. EPSS score of 0.01% suggests minimal observed exploitation activity, though the attack complexity is low (AV:N/AC:L/PR:N) and public PoC exists on GitHub.
Authentication Bypass
-
CVE-2026-33454
CRITICAL
CVSS 9.4
The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component (MailHeaderFilterStrategy) only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a res...
Apache
Deserialization
Microsoft
Red Hat
-
CVE-2026-33453
CRITICAL
CVSS 10.0
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component.
Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution when routes forward CoAP requests to header-sensit...
RCE
Apache
Command Injection
Microsoft
Red Hat
-
CVE-2026-31255
CRITICAL
CVSS 9.8
Remote unauthenticated command injection in Tenda AC18 router firmware V15.03.05.05_multi allows complete device compromise via the SetSambaCfg interface. Attackers can execute arbitrary system commands by manipulating the guestuser parameter in HTTP requests to /goform/SetSambaCfg. CVSS 9.8 critical severity with network attack vector and no authentication required. EPSS score of 0.06% (19th percentile) suggests low observed exploitation despite extreme technical severity. Publicly documented exploit proof-of-concept exists on GitHub.
Command Injection
Tenda
-
CVE-2026-30352
CRITICAL
CVSS 9.8
A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter.
RCE
Command Injection
-
CVE-2026-28747
HIGH
CVSS 7.3
A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed.
Authentication Bypass
-
CVE-2026-22337
CRITICAL
CVSS 9.8
Remote unauthenticated attackers can escalate privileges to administrator level in Directorist Social Login WordPress plugin versions prior to 2.1.4 through incorrect privilege assignment during social authentication flows. Exploitation requires no authentication or user interaction, enabling complete site takeover via social login mechanisms. CVSS 9.8 (Critical) reflects network-based attack vector with no complexity barriers. No public exploit code or CISA KEV listing identified at time of analysis, but Patchstack reporting suggests vulnerability may be under researcher scrutiny.
Privilege Escalation
-
CVE-2026-22336
CRITICAL
CVSS 9.3
Unauthenticated SQL injection in Directorist Booking WordPress plugin allows remote attackers to extract sensitive database contents and cause limited denial of service. The vulnerability affects all versions prior to 3.0.2 and can be exploited remotely with low complexity and no authentication (CVSS:3.1 AV:N/AC:L/PR:N/UI:N). Patchstack has published details confirming the vulnerability exists in version 2.4.1 and earlier, with a vendor-released patch available in version 3.0.2. No CISA KEV listing or public exploit code identified at time of analysis.
SQLi
-
CVE-2026-42379
HIGH
CVSS 7.7
Sensitive data exposure in Templately WordPress plugin ≤3.6.1 allows authenticated attackers to retrieve embedded sensitive information via network requests. The vulnerability exhibits scope change (S:C) indicating potential cross-boundary impact, with high confidentiality impact but no integrity or availability effects. CVSS 7.7 severity driven by network accessibility and low attack complexity. No CISA KEV listing indicates no confirmed widespread exploitation. Reported by Patchstack's audit team with reference to their vulnerability database entry.
Information Disclosure
-
CVE-2026-41465
HIGH
CVSS 7.1
ProjeQtor versions 7.0 through 12.4.3 contains a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against directory traversal sequences before constructing file paths. Authenticated attackers can inject directory traversal sequence...
PHP
Path Traversal
-
CVE-2026-41464
HIGH
CVSS 7.1
ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive data belonging to other users including password hashes and API keys. Attackers can bypass access con...
PHP
Authentication Bypass
Privilege Escalation
Information Disclosure
-
CVE-2026-41463
HIGH
CVSS 8.7
ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write files outside the intended extraction directory by crafting ZIP archives with directory traversal sequences. At...
PHP
RCE
Path Traversal
-
CVE-2026-40972
HIGH
CVSS 7.5
Timing attack against Spring Boot DevTools remote secret comparison allows adjacent network attackers to recover the shared secret and achieve remote code execution by uploading malicious classes. Affects Spring Boot 2.7.x through 4.0.x when DevTools remote feature is enabled. Attacker must be on same network segment (AV:A) and overcome high attack complexity (timing-based cryptographic weakness), but requires no authentication or user interaction. CVSS 7.5 severity reflects adjacent vector limitation; real-world risk depends heavily on whether DevTools remote restart is enabled in production (not recommended practice) and network segmentation. No confirmed active exploitation (not in CISA KEV). Vendor-released patches available across all affected branches.
RCE
Java
Red Hat
-
CVE-2026-40858
HIGH
CVSS 8.8
The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can write to the Infinispan cache used by a Camel application can inject a cr...
RCE
Apache
Java
Deserialization
Red Hat
-
CVE-2026-40514
HIGH
CVSS 8.2
SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000 possibl...
Information Disclosure
Oracle
-
CVE-2026-40473
HIGH
CVSS 8.8
The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput (f...
RCE
Apache
Java
Deserialization
Red Hat
-
CVE-2026-40048
HIGH
CVSS 7.8
The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `<keyId>.key` files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to `java.security.KeyPair` is evaluated only after `readObj...
RCE
Apache
Java
Path Traversal
Deserialization
-
CVE-2026-40022
HIGH
CVSS 8.2
When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-platform-http-main) and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and JWTAuthenticationCon...
Apache
Information Disclosure
Red Hat
-
CVE-2026-38934
HIGH
CVSS 8.8
Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settings_process.php
PHP
CSRF
-
CVE-2026-33277
HIGH
CVSS 8.7
Command injection in LogonTracer versions prior to 2.0.0 allows authenticated users to execute arbitrary OS commands on the server. LogonTracer, a JPCERT/CC-developed log analysis tool for investigating lateral movement in Windows Active Directory environments, contains an insufficiently sanitized input handler that permits shell command injection. Authentication is required (PR:L), but once logged in, attackers can achieve complete system compromise with high confidentiality, integrity, and availability impact (VC:H/VI:H/VA:H). No active exploitation confirmed at time of analysis, though the CVSS 4.0 score of 8.7 and low attack complexity (AC:L) indicate significant risk for organizations running vulnerable versions.
Command Injection
-
CVE-2026-32688
HIGH
CVSS 8.7
Atom table exhaustion in plug_cowboy 2.0.0-2.8.0 allows remote denial of service via HTTP/2. Unauthenticated attackers can crash the Erlang VM by sending HTTP/2 requests with unique :scheme pseudo-header values, permanently filling the non-garbage-collected atom table until the system_limit is reached. Affects only HTTP/2 connections; HTTP/1.1 is not vulnerable. CVSS 8.7 (High) with network attack vector, low complexity, and no required privileges. No active exploitation confirmed (not in CISA KEV), but exploit is trivial given the publicly documented attack mechanism in the GitHub advisory.
Denial Of Service
-
CVE-2026-31690
HIGH
CVSS 7.8
Buffer overflow in TH1520 AON firmware protocol driver allows local authenticated attackers with low privileges to execute arbitrary code and gain elevated system access. The vulnerability stems from unsafe pointer arithmetic when accessing the 'mode' field through the 'resource' pointer with unchecked offsets in the T-HEAD firmware driver. Patches available across stable kernel branches (6.18.23, 6.19.13, 7.0) with low EPSS score (0.02%) indicating minimal observed exploitation attempts, though CVSS 7.8 reflects high impact if exploited on affected T-HEAD TH1520 systems.
Buffer Overflow
Linux
Memory Corruption
Red Hat
Suse
-
CVE-2026-31688
HIGH
CVSS 7.8
Use-after-free in Linux kernel driver core allows local authenticated users to execute arbitrary code, escalate privileges, or crash the system via race condition in device-driver binding operations. The vulnerability stems from inconsistent locking in driver_match_device() function calls, specifically affecting driver_override functionality where device_lock was not held during bind_store() and __driver_attach() operations. EPSS probability is very low (0.02%, 5th percentile), indicating minimal real-world exploitation observed. No active exploitation confirmed - no CISA KEV listing identified. Patch available in kernel 7.0+ and backport commit dc23806a7c47.
Denial Of Service
Linux
Use After Free
Memory Corruption
Red Hat
-
CVE-2026-31686
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved:
mm/kasan: fix double free for kasan pXds
kasan_free_pxd() assumes the page table is always struct page aligned.
But that's not always the case for all architectures. E.g. In case of
powerpc with 64K pagesize, PUD table (of size...
Information Disclosure
Linux
IBM
Red Hat
Suse
-
CVE-2026-31256
HIGH
CVSS 7.5
Denial of service in MERCURY MIPC252W IP camera firmware 1.0.5 Build 230306 Rel.79931n allows remote unauthenticated attackers to crash the device via malformed RTSP SETUP request. Exploitation triggers a null pointer dereference in the RTSP service during Transport header parsing, forcing an automatic reboot. EPSS score of 0.01% indicates very low observed exploitation probability, and no active exploitation or public proof-of-concept has been identified at time of analysis beyond the researcher's GitHub documentation.
Denial Of Service
Null Pointer Dereference
-
CVE-2026-30351
HIGH
CVSS 7.5
A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences.
Path Traversal
-
CVE-2026-30350
HIGH
CVSS 7.5
An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
Denial Of Service
N A
-
CVE-2026-27172
HIGH
CVSS 8.8
The ConsulRegistry in the camel-consul component (class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method) read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject() without configuring an ObjectInputFilt...
RCE
Apache
Java
Deserialization
-
CVE-2026-25710
HIGH
CVSS 7.0
Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/04/27. positories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new Follow @Openwall on Twitter for new release announcements and other news [<prev day] [month] [year] [list] oss-security mailing ...
Privilege Escalation
Suse
-
CVE-2026-7191
HIGH
CVSS 8.6
Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Content D...
RCE
Node.js
Code Injection
-
CVE-2026-7160
HIGH
CVSS 7.4
A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and...
Command Injection
Tenda
-
CVE-2026-7156
HIGH
CVSS 8.9
A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The attack may be launched remotely. The exploit is now publ...
Command Injection
-
CVE-2026-7155
HIGH
CVSS 8.9
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass leads to os command injection. The attack may be initiated remotel...
Command Injection
-
CVE-2026-7154
HIGH
CVSS 8.9
A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument tty_server can lead to os command injection. The attack can be launched remote...
Command Injection
-
CVE-2026-7153
HIGH
CVSS 8.9
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sys_info results in os command injection. The attack can be...
Command Injection
A8000Ru
-
CVE-2026-7152
HIGH
CVSS 8.9
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument telnet_enabled leads to os command injection. It is possible to launch the attack...
Command Injection
A8000Ru
-
CVE-2026-7151
HIGH
CVSS 7.4
A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and m...
Buffer Overflow
Stack Overflow
Tenda
-
CVE-2026-7140
HIGH
CVSS 8.9
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument HTTP leads to os command injection. The attack may be performed from remote. The exploit has be...
Command Injection
-
CVE-2026-7139
HIGH
CVSS 8.9
A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mode causes os command injection. The attack is possible to be carried out remotely. The exp...
Command Injection
-
CVE-2026-7138
HIGH
CVSS 8.9
A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tz results in os command injection. The attack can be executed remotely. The exploit...
Command Injection
-
CVE-2026-7137
HIGH
CVSS 8.9
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument sambaEnabled leads to os command injection. Remote exploitation of the attack is...
Command Injection
-
CVE-2026-7136
HIGH
CVSS 8.9
A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wanIdx can lead to os command injection. The attack may be launched remotel...
Command Injection
-
CVE-2026-7125
HIGH
CVSS 8.9
OS command injection in Totolink A8000RU 7.1cu.643_b20200521 allows remote unauthenticated attackers to execute arbitrary system commands via the 'merge' parameter in the setWiFiEasyCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists on GitHub (Litengzheng/vuldb_new2), enabling trivial exploitation against internet-facing devices. CVSS 8.9 reflects network attack vector with no authentication required (AV:N/PR:N), and EPSS data suggests moderate real-world exploitation probability given the POC availability and low attack complexity.
Command Injection
-
CVE-2026-7124
HIGH
CVSS 8.9
OS command injection in Totolink A8000RU 7.1cu.643_b20200521 allows remote unauthenticated attackers to execute arbitrary system commands via crafted addrPrefixLen parameter to the setIpv6LanCfg function in /cgi-bin/cstecgi.cgi. CVSS 8.9 (High) with CVSS:4.0 vector indicating network-accessible, low-complexity attack requiring no privileges or user interaction. Publicly available exploit code exists (GitHub POC), enabling weaponization by threat actors. Not currently listed in CISA KEV, suggesting limited observed exploitation despite public disclosure and high severity scoring.
Command Injection
-
CVE-2026-7123
HIGH
CVSS 8.9
OS command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to execute arbitrary system commands via the setIptvCfg parameter in /cgi-bin/cstecgi.cgi. CVSS 8.9 (Critical) with network attack vector and no authentication required. Public exploit code available on GitHub since disclosure, significantly lowering exploitation barrier for attackers targeting internet-facing consumer routers. No vendor patch identified for this end-of-life device at time of analysis.
Command Injection
-
CVE-2026-7122
HIGH
CVSS 8.9
OS command injection in Totolink A8000RU firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to execute arbitrary system commands via the 'enable' parameter in the setUPnPCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (POC confirmed), increasing immediate risk for exposed devices. EPSS data not available, but CVSS 8.9 with network vector (AV:N), no authentication (PR:N), and low complexity (AC:L) indicates trivial remote exploitation against default configurations.
Command Injection
-
CVE-2026-7121
HIGH
CVSS 8.9
OS command injection in Totolink A8000RU 7.1cu.643_b20200521 allows remote unauthenticated attackers to execute arbitrary system commands via the 'wizard' parameter in the setWizardCfg function of /cgi-bin/cstecgi.cgi. Public exploit code exists (CVSS E:P), significantly lowering the barrier to exploitation. EPSS data not available, but the combination of network attack vector (AV:N), no authentication (PR:N), low complexity (AC:L), and published POC indicates elevated real-world risk for internet-exposed devices.
Command Injection
-
CVE-2026-7119
HIGH
CVSS 7.4
OS command injection in Tenda HG3 router version 2.0 allows authenticated remote attackers to execute arbitrary commands with device privileges via the 'countrystr' parameter in /boaform/formCountrystr endpoint. Public exploit code exists (CVSS 4.0 E:P modifier confirms POC availability), enabling authenticated attackers to fully compromise router confidentiality, integrity, and availability. EPSS data unavailable; not currently in CISA KEV catalog, suggesting exploitation may be targeted rather than widespread despite public POC.
Command Injection
Tenda
-
CVE-2026-7106
HIGH
CVSS 8.8
Authenticated attackers with Subscriber-level privileges can escalate to Administrator role in Highland Software Custom Role Manager for WordPress via profile update exploitation. The hscrm_save_user_roles() function lacks capability checks on the personal_options_update hook, allowing low-privilege users to modify arbitrary user roles including their own. Version 1.0.1 released with authorization fixes. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability. EPSS data not provided, no CISA KEV listing identified, indicating limited widespread exploitation despite the severity of self-service privilege escalation to site administrator.
WordPress
Privilege Escalation
-
CVE-2026-7101
HIGH
CVSS 7.4
Buffer overflow in Tenda F456 router firmware version 1.0.0.5 allows authenticated remote attackers to achieve code execution via crafted requests to the /goform/WrlclientSet endpoint. The vulnerability exists in the fromWrlclientSet function of the httpd component. Public exploit code is available on GitHub, increasing practical exploitation risk despite requiring low-privilege authentication (CVSS 7.4, EPSS data not provided).
Buffer Overflow
Tenda
-
CVE-2026-7100
HIGH
CVSS 7.4
Buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to execute arbitrary code or crash the device via crafted HTTP requests to the /goform/Natlimit endpoint. Public exploit code exists on GitHub (Litengzheng/vuldb_new), demonstrating practical exploitability. EPSS data unavailable, but with POC published and AV:N/AC:L indicating straightforward network exploitation, this poses significant risk to internet-exposed router management interfaces with weak or default credentials.
Buffer Overflow
Tenda
-
CVE-2026-7099
HIGH
CVSS 7.4
Remote code execution in Tenda F456 router firmware 1.0.0.5 allows authenticated attackers to trigger buffer overflow via crafted mit_linktype parameter to /goform/QuickIndex endpoint in httpd service. Public exploit code exists on GitHub (Litengzheng/vuldb_new), enabling memory corruption with high impact to confidentiality, integrity, and availability. CVSS 7.4 reflects low attack complexity with network access requiring only low-privilege authentication. No vendor patch identified at time of analysis.
Buffer Overflow
Tenda
-
CVE-2026-7098
HIGH
CVSS 7.4
Remote authenticated attackers can execute arbitrary code on Tenda F456 router version 1.0.0.5 via buffer overflow in the DhcpListClient function of the httpd component. Exploitation requires low-privilege HTTP authentication and targets the web management interface. A public proof-of-concept exploit exists on GitHub (Litengzheng/vuldb_new), enabling straightforward weaponization. EPSS data unavailable, but the combination of remote attack vector, low complexity (AC:L), and publicly disclosed exploit code indicates elevated real-world exploitation risk for internet-exposed devices with default or weak credentials.
Buffer Overflow
Tenda
-
CVE-2026-7097
HIGH
CVSS 7.4
Remote code execution in Tenda F456 router firmware 1.0.0.5 allows authenticated attackers to compromise the device via buffer overflow in the httpd web management interface. Exploitation requires low-privilege credentials but enables complete device takeover (CVSS 7.4). A public proof-of-concept exploit exists on GitHub, significantly lowering the barrier to active exploitation despite requiring authentication.
Buffer Overflow
Tenda
-
CVE-2026-7096
HIGH
CVSS 7.4
OS command injection in Tenda HG3 router version 2.0 (build 300003070) allows authenticated remote attackers to execute arbitrary system commands with router privileges via the fmgpon_loid parameter in the formgponConf administrative function. Public exploit code is available and confirmed usable for attacks per VulDB reporting, significantly lowering the skill barrier for exploitation despite requiring valid administrative credentials.
Command Injection
Tenda
-
CVE-2026-7082
HIGH
CVSS 7.4
Remote authenticated buffer overflow in Tenda F456 1.0.0.5 httpd allows attackers to compromise router integrity and availability via crafted WrlExtraSet requests. Exploitation occurs through the formWrlExtraSet function when manipulating the 'Go' parameter at /goform/WrlExtraSet endpoint. Public exploit code is available on GitHub (Litengzheng/vuldb_new), enabling straightforward weaponization. CVSS 7.4 (High) with CVSS v4.0 Exploit Maturity: Proof-of-Concept confirms exploitability. While requiring low-privilege authentication (PR:L), the network attack vector (AV:N) and low complexity (AC:L) make this accessible to remote attackers with basic router credentials, commonly obtained via credential stuffing or default password exploitation.
Buffer Overflow
Tenda
-
CVE-2026-7081
HIGH
CVSS 7.4
Remote authenticated buffer overflow in Tenda F456 1.0.0.5 router allows complete device compromise via the DHCP server configuration handler. A low-privileged attacker can send a crafted HTTP request with malicious 'dips' parameter to /goform/GstDhcpSetSer, triggering a buffer overflow in the httpd service that enables arbitrary code execution with full system control. Public exploit code is available on GitHub (EPSS exploitation probability data not provided, not listed in CISA KEV at time of analysis).
Buffer Overflow
Tenda
-
CVE-2026-7080
HIGH
CVSS 7.4
Buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to achieve full device compromise through the PPTP user management interface. The vulnerability exists in the fromPPTPUserSetting function within the httpd component, exploitable via manipulation of the 'delno' parameter sent to /goform/PPTPUserSetting. Public exploit code is available on GitHub, significantly lowering the barrier to exploitation, though no CISA KEV listing or widespread exploitation has been confirmed at time of analysis.
Buffer Overflow
Tenda
-
CVE-2026-7079
HIGH
CVSS 7.4
Remote code execution in Tenda F456 router firmware 1.0.0.5 allows authenticated attackers to compromise device integrity and confidentiality via buffer overflow in the WAN configuration interface. The vulnerability exploits the fromAdvSetWan function's improper handling of the wanmode parameter, enabling complete device takeover. Public exploit code exists on GitHub (Litengzheng/vuldb_new), significantly lowering the barrier to exploitation. EPSS data not available, but the combination of network attack vector, low complexity (AC:L), and publicly available POC makes this a realistic threat to exposed management interfaces.
Buffer Overflow
Tenda
-
CVE-2026-7078
HIGH
CVSS 7.4
Buffer overflow in Tenda F456 router version 1.0.0.5 allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the fromSetIpBind function of the httpd daemon's /goform/SetIpBind endpoint, exploitable via malformed 'page' parameter input. Public exploit code exists on GitHub (Litengzheng/vuldb_new), elevating real-world risk despite requiring low-privilege authentication (CVSS 7.4, EPSS data not provided, not in CISA KEV at time of analysis).
Buffer Overflow
Tenda
-
CVE-2026-7069
HIGH
CVSS 7.3
Buffer overflow in D-Link DIR-825 router's miniupnpd service allows authenticated adjacent network attackers to achieve complete device compromise through malicious UPnP SOAP requests. Affects DIR-825 firmware versions up to 3.00b32, which D-Link no longer supports. Public exploit code exists (CVSS:4.0 7.3 High), but EPSS probability remains low at 0.03% (7th percentile), suggesting limited real-world exploitation activity. Remediation options are constrained as the product has reached end-of-life status.
Buffer Overflow
D-Link
-
CVE-2026-7068
HIGH
CVSS 7.4
Stack-based buffer overflow in D-Link DIR-825 firmware 3.00b32's nmbd NetBIOS service allows adjacent network attackers to achieve complete device compromise without authentication. Public exploit code exists (SSVC: POC confirmed), though EPSS probability remains low (0.03%, 7th percentile) indicating limited observed exploitation attempts. This vulnerability affects end-of-life hardware no longer receiving vendor security updates, creating permanent risk for deployed devices.
Buffer Overflow
D-Link
-
CVE-2026-7040
HIGH
CVSS 7.5
Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters.
The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption.
Note that the minify_utf8 function is an alias for minnify.
Buffer Overflow
-
CVE-2026-6970
HIGH
CVSS 7.3
authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the primary group was manua...
Privilege Escalation
Denial Of Service
-
CVE-2026-6741
HIGH
CVSS 8.8
The LatePoint - Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute() method of the connect-customer-to-wp-user ability, which only requires t...
WordPress
Privilege Escalation
Latepoint Calendar Booking Plugin For Appointments And Events
-
CVE-2026-6265
HIGH
CVSS 7.3
Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1
Privilege Escalation
Microsoft
-
CVE-2026-5943
HIGH
CVSS 7.8
Use-after-free in Foxit PDF Reader and Foxit PDF Editor allows local attackers to execute arbitrary code or crash the application via specially crafted PDF documents. When scripts modify document structures, the software fails to maintain valid object references during page information queries, enabling pointer dereference of freed memory. Successful exploitation requires user interaction to open a malicious PDF file, achieving high confidentiality, integrity, and availability impact with CVSS 7.8. No active exploitation or public exploit code identified at time of analysis, though CVSS vector indicates low attack complexity once victim interaction occurs.
Denial Of Service
Use After Free
Memory Corruption
-
CVE-2026-5941
HIGH
CVSS 7.8
Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows local attackers to crash the application or potentially execute arbitrary code through specially crafted PDF files with malformed form field hierarchies. The vulnerability triggers when parsing logic misidentifies non-signature data as valid signatures, causing invalid memory writes during internal data structure construction. User interaction is required to open the malicious PDF document. No active exploitation has been identified at time of analysis, though the local attack vector and high CVSS score (7.8) warrant attention for endpoint security in environments handling untrusted PDF files.
Denial Of Service
-
CVE-2026-5940
HIGH
CVSS 7.8
Use-after-free in Foxit PDF Reader and Foxit PDF Editor allows arbitrary code execution when specially crafted PDF documents trigger UI refresh operations after comment deletion via scripting. Local attackers can deliver malicious PDFs and achieve code execution with high integrity and confidentiality impact once a user opens the file. CVSS 7.8 indicates high severity but requires user interaction, limiting automated exploitation. No public exploit code or active exploitation confirmed at time of analysis.
Denial Of Service
Use After Free
Memory Corruption
-
CVE-2026-5394
HIGH
CVSS 7.0
An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend.
This issue affects pimcore: 12.3.3.
SQLi
-
CVE-2026-3868
HIGH
CVSS 8.7
Buffer overflow in Moxa Secure Router's HTTPS management interface allows unauthenticated remote attackers to crash the web service via specially crafted requests with malformed length parameters. Exploitation causes denial-of-service requiring device reboot, with no confidentiality or integrity impact. CVSS 8.7 reflects high availability impact to the vulnerable component only. No public exploit code identified at time of analysis, and no evidence of active exploitation (not in CISA KEV).
Buffer Overflow
-
CVE-2026-3006
HIGH
CVSS 7.0
A race condition in WinFsp enables local privilege escalation to SYSTEM through kernel heap overflow. Authenticated local attackers with low privileges can exploit this timing vulnerability to corrupt kernel memory and execute code at the highest privilege level. Patch available in WinFsp v2.2B1 per vendor release notes. EPSS data not available; no CISA KEV listing indicates exploitation not yet confirmed in the wild, though the vulnerability affects a Windows kernel-mode driver used for file system development.
Buffer Overflow
Race Condition
Red Hat
-
CVE-2025-69689
HIGH
CVSS 8.8
The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploited by a local attacker to perform actions with administrator-level privileges.
Privilege Escalation
-
CVE-2025-69428
HIGH
CVSS 7.5
Unauthenticated directory traversal in Pro-Bit versions before 1.77.4 exposes sensitive directories and subdirectories to remote attackers without authentication. The vulnerability allows direct access to protected file system locations via network requests, enabling unauthorized information disclosure. EPSS score of 0.02% (6th percentile) indicates low observed exploitation probability in the wild, and no CISA KEV listing exists at time of analysis, suggesting limited active exploitation despite the CVSS 7.5 severity rating.
Information Disclosure
Path Traversal
-
CVE-2026-42410
MEDIUM
CVSS 6.5
DOM-based cross-site scripting (XSS) in CodexThemes TheGem Theme Elements plugin for Elementor allows authenticated attackers with low privileges to inject malicious scripts that execute in the context of other users' browsers when user interaction occurs. The vulnerability affects versions before 5.12.1.1 and requires authenticated access and user interaction to exploit, limiting real-world risk compared to network-vector XSS but still enabling session hijacking, credential theft, or unauthorized admin actions on WordPress sites using this plugin.
XSS
-
CVE-2026-42371
MEDIUM
CVSS 5.1
uriparser before 1.0.1 suffers a numeric truncation vulnerability in text range comparison that causes denial of service when processing URIs with gigabyte-scale lengths. The flaw occurs because internal range comparisons truncate large numeric values, allowing maliciously crafted oversized URIs to bypass length validation and trigger memory exhaustion or processing failures. Local attackers can exploit this via specially constructed input, though practical exploitation requires an application to accept and process URIs of exceptional size.
Information Disclosure
-
CVE-2026-41467
MEDIUM
CVSS 5.1
ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the file upload functionality where the checkValidFileName() function fails to restrict HTML and HTM file uploads. Authenticated attackers can upload HTML files containing arbitrary JavaScript through the im...
XSS
File Upload
-
CVE-2026-41466
MEDIUM
CVSS 5.1
ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the checkValidHtmlText() function within Security.php that fails to properly sanitize user input by only detecting specific patterns while returning unsanitized strings without output encoding. Attackers can...
PHP
XSS
-
CVE-2026-41081
MEDIUM
CVSS 6.5
Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm
Versions Affected: up to 2.8.7
Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication (the default configuration), the TlsTranspo...
Authentication Bypass
Apache
-
CVE-2026-40971
MEDIUM
CVSS 5.0
When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker.
Affected: Spring Boot 4.0.0-4.0.5 (fix 4.0.6), 3.5.0-3.5.13 (fix 3.5.14) per vendor advisory.
Java
Information Disclosure
-
CVE-2026-40970
MEDIUM
CVSS 5.0
When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server.
Affected: Spring Boot 4.0.0-4.0.5; upgrade to 4.0.6 or later per vendor advisory.
Java
Information Disclosure
Elastic
-
CVE-2026-40557
MEDIUM
CVSS 4.8
Improper certificate validation in Apache Storm Prometheus Reporter versions 2.6.3 to 2.8.6 allows man-in-the-middle attacks across all TLS connections in the Storm daemon when the skip_tls_validation configuration option is enabled. Enabling this setting for Prometheus PushGateway connections inadvertently downgrades the JVM-wide SSL context, causing all subsequent HTTPS communications (ZooKeeper, Thrift, Netty, UI) to trust arbitrary certificates without validation, enabling interception of cluster state, topology submissions, and administrative credentials. No public exploit code identified at time of analysis, and EPSS scoring of 0.01% reflects the requirement for explicit administrator misconfiguration to trigger the vulnerability.
Apache
Information Disclosure
-
CVE-2026-38936
MEDIUM
CVSS 6.1
A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter
PHP
XSS
-
CVE-2026-38935
MEDIUM
CVSS 6.1
A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameter
PHP
XSS
-
CVE-2026-35902
MEDIUM
CVSS 6.2
Denial of service in MERCURY IP camera MIPC252W version 1.0.5 Build 230306 allows unauthenticated local attackers to trigger persistent authentication failure in the RTSP service by sending repeated requests with invalid Digest authentication parameters, preventing legitimate clients from authenticating and causing service unavailability.
Denial Of Service
-
CVE-2026-35901
MEDIUM
CVSS 4.4
A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the same media track within a single RTSP session. This causes the server to reset the RTSP connection, ...
Denial Of Service
-
CVE-2026-33566
MEDIUM
CVSS 5.1
Cypher injection in LogonTracer prior to v2.0.0 allows remote attackers to alter database contents by submitting specially crafted Windows event log data. The vulnerability requires user interaction to load the malicious log data but results in integrity compromise of the underlying database due to improper input sanitization in Cypher query construction.
Microsoft
Code Injection
Nosql Injection
-
CVE-2026-32655
MEDIUM
CVSS 5.3
Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Information Disclosure
Dell
-
CVE-2026-31691
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
igb: remove napi_synchronize() in igb_down()
When an AF_XDP zero-copy application terminates abruptly (e.g., kill -9),
the XSK buffer pool is destroyed but NAPI polling continues.
igb_clean_rx_irq_zc() repeatedly returns the full ...
Information Disclosure
Linux
Red Hat
Intel
Suse
-
CVE-2026-31689
MEDIUM
CVSS 5.5
Denial of service in the Linux kernel EDAC (Error Detection and Correction) subsystem due to improper initialization ordering in edac_mc_alloc(). When memory allocation fails during EDAC memory controller initialization, the error path calls put_device() before device_initialize() is executed, triggering a null pointer dereference in kobject_put() that causes a kernel panic or system crash. This affects Linux systems with EDAC support enabled across multiple kernel versions from 5.19 through 7.0.
Denial Of Service
Linux
Null Pointer Dereference
Red Hat
Suse
-
CVE-2026-31687
MEDIUM
CVSS 5.5
Denial of service in Linux kernel GPIO OMAP driver allows local authenticated users to crash the system via a deadlock condition triggered by improper driver registration from probe() callback. The vulnerability stems from registering the omap_mpuio_driver within omap_gpio_probe(), which violates driver core locking rules and creates a potential deadlock when device_lock enforcement was strengthened in commit dc23806a7c47. EPSS score of 0.03% reflects low exploitation probability despite availability of patched kernel versions.
Information Disclosure
Linux
Red Hat
Suse
-
CVE-2026-30462
MEDIUM
CVSS 4.3
A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal.
Path Traversal
-
CVE-2026-30346
MEDIUM
CVSS 4.3
An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL.
Google
Open Redirect
N A
-
CVE-2026-29971
MEDIUM
CVSS 6.1
Reflected cross-site scripting (XSS) in WebFileSys 2.31.1 allows remote attackers to execute arbitrary JavaScript in victims' browsers via unencoded user input reflected into HTML and JavaScript contexts. Attack requires victim interaction (UI:R) but affects cross-site scope, enabling session hijacking, credential theft, or malware delivery. EPSS score of 0.01% indicates extremely low baseline exploitation probability despite public exploit code availability on GitHub.
XSS
-
CVE-2026-25908
MEDIUM
CVSS 6.7
Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain an Execution with Unnecessary Privileges vulnerability in the AWCC. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Privilege Escalation
Dell
-
CVE-2026-22077
MEDIUM
CVSS 5.6
OPPO Wallet APP contains a trusted domain validation bypass flaw that allows local attackers with user interaction to hijack account tokens and disclose sensitive information. The vulnerability affects all versions of OPPO Wallet APP and exploits improper domain verification in protected interface access controls, enabling token theft through local attack vector.
Information Disclosure
-
CVE-2026-7199
MEDIUM
CVSS 5.5
SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows remote unauthenticated attackers to execute arbitrary database queries via the ID parameter in /ajax.php?action=delete_product. Publicly available exploit code exists (GitHub POC), enabling unauthorized data access, modification, or deletion without authentication. EPSS data not available, but the combination of network attack vector, no authentication requirement, and public exploit significantly elevates real-world exploitation risk for internet-exposed instances.
PHP
SQLi
-
CVE-2026-7194
MEDIUM
CVSS 5.5
A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=save_product. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been mad...
PHP
SQLi
-
CVE-2026-7183
MEDIUM
CVSS 5.5
A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls_pdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may be i...
Information Disclosure
-
CVE-2026-7178
MEDIUM
CVSS 5.5
A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack remote...
SSRF
-
CVE-2026-7177
MEDIUM
CVSS 5.5
A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[...path]/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been r...
SSRF
-
CVE-2026-7159
MEDIUM
CVSS 5.5
A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read_document/list_documents of the file server.py. Performing a manipulation of the argument docs_dir/file_path results in path traversal. The attack is possible to be carried out remotely. The exploit has ...
Path Traversal
-
CVE-2026-7158
MEDIUM
CVSS 5.5
A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function _validate_url_safe of the file src/mcp_url_downloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The atta...
SSRF
-
CVE-2026-7157
MEDIUM
CVSS 5.5
A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aider_mcp_server/server.py of the component aider_ai_code. This manipulation of the argument relative_editable_files causes comm...
Command Injection
-
CVE-2026-7149
MEDIUM
CVSS 5.5
A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function prepare_kaggle_dataset of the file src/kaggle_mcp/server.py. The manipulation of the argument competition_id leads to path traversal. The attack is possible ...
Path Traversal
-
CVE-2026-7147
MEDIUM
CVSS 5.5
A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0. Affected by this issue is some unknown functionality of the file server/routes/llm.js of the component LLM Models API. Performing a manipulation of the argument req.query.base_url results in server-side request forgery. Remote e...
SSRF
-
CVE-2026-7146
MEDIUM
CVSS 5.5
A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to server-s...
SSRF
-
CVE-2026-7145
MEDIUM
CVSS 5.3
A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attack m...
PHP
Authentication Bypass
-
CVE-2026-7132
MEDIUM
CVSS 5.5
A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could ...
PHP
Path Traversal
-
CVE-2026-7131
MEDIUM
CVSS 5.5
A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...
PHP
SQLi
-
CVE-2026-7130
MEDIUM
CVSS 5.5
SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows remote unauthenticated attackers to manipulate the ID parameter in /ajax.php?action=delete_category, enabling arbitrary SQL query execution with confidentiality and integrity impact. CVSS 6.9 reflects network accessibility and low privilege requirements; publicly available exploit code exists per description.
PHP
SQLi
-
CVE-2026-7128
MEDIUM
CVSS 5.5
SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows remote unauthenticated attackers to manipulate the ID parameter in /ajax.php?action=save_type, enabling arbitrary SQL query execution with confidentiality and integrity impact. Publicly disclosed exploit code is available, significantly increasing real-world risk despite the moderate CVSS score of 6.9.
PHP
SQLi
-
CVE-2026-7127
MEDIUM
CVSS 5.5
SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows remote unauthenticated attackers to read, modify, or delete database records via the ID parameter in /ajax.php?action=delete_receiving. Publicly available exploit code (GitHub POC) demonstrates working attack against default installations with no authentication required (CVSS AV:N/AC:L/PR:N). EPSS data not available, but POC publication significantly lowers exploitation barrier for opportunistic attacks against internet-exposed instances.
PHP
SQLi
-
CVE-2026-7126
MEDIUM
CVSS 5.5
SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the ID parameter in /ajax.php?action=save_category. Public exploit code exists on GitHub (y1shiny1shin/vuldb-project), enabling immediate weaponization against unpatched systems. CVSS 7.3 reflects potential for confidentiality, integrity, and availability compromise through database manipulation. No remediation release identified at time of analysis.
PHP
SQLi
-
CVE-2026-7109
MEDIUM
CVSS 5.5
Improper authorization in code-projects Invoice System in Laravel 1.0 allows remote unauthenticated attackers to bypass authentication and access the /item API endpoint, resulting in limited confidentiality impact. The vulnerability has a CVSS score of 5.5 (network-accessible, low attack complexity, no privileges required), and publicly available exploit code exists, increasing real-world risk despite the moderate base score.
Authentication Bypass
-
CVE-2026-7094
MEDIUM
CVSS 5.5
Server-side request forgery in ShadowCloneLabs GlutamateMCPServers allows remote unauthenticated attackers to manipulate the 'url' parameter in the puppeteer_navigate component (src/puppeteer/index.ts), potentially accessing internal resources or conducting network reconnaissance. A publicly available proof-of-concept exploit exists (GitHub). EPSS data not available, but CVSS 7.3 (High) with network vector, low complexity, and no authentication requirements indicates significant accessibility. The vendor has not responded to early disclosure via GitHub issue #8, and no patch timeline exists due to the project's rolling release model.
SSRF
-
CVE-2026-7088
MEDIUM
CVSS 5.5
SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the ID parameter in /ajax.php?action=save_receiving. Publicly available exploit code (GitHub PoC) enables immediate weaponization. CVSS 7.3 reflects network-accessible attack with no authentication required, enabling confidentiality/integrity/availability impact across database operations. EPSS data not provided, but public exploit availability significantly elevates real-world risk for unpatched installations of this open-source PHP application.
PHP
SQLi
-
CVE-2026-7087
MEDIUM
CVSS 5.5
SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows remote unauthenticated attackers to extract, modify, or delete database contents via the ID parameter in /ajax.php?action=save_sales endpoint. Publicly available exploit code exists (GitHub POC), enabling low-complexity attacks with no authentication barriers. EPSS data not available, but public exploit significantly lowers attacker skill threshold. CVSS 7.3 reflects network-exploitable vulnerability with moderate confidentiality, integrity, and availability impacts.
PHP
SQLi
-
CVE-2026-7077
MEDIUM
CVSS 5.5
SQL injection in itsourcecode Courier Management System 1.0 via the ID parameter in /edit_parcel.php allows remote unauthenticated attackers to query, modify, or delete database contents. The CVSS 6.9 score reflects low confidentiality and integrity impact; however, the vulnerability is remotely exploitable with no authentication required and publicly available exploit code exists, making it a practical attack vector against exposed instances.
PHP
SQLi
-
CVE-2026-7076
MEDIUM
CVSS 5.5
SQL injection in itsourcecode Courier Management System 1.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via manipulation of the ID parameter in /edit_branch.php. The vulnerability has publicly disclosed exploit code available and affects confidentiality, integrity, and availability of the underlying database.
PHP
SQLi
-
CVE-2026-7075
MEDIUM
CVSS 5.5
SQL injection in itsourcecode Construction Management System 1.0 allows remote unauthenticated attackers to manipulate the address parameter in /locations.php, enabling arbitrary database queries with confidentiality and integrity impact. Publicly available exploit code exists, increasing real-world risk despite the moderate CVSS score of 6.9.
PHP
SQLi
-
CVE-2026-7074
MEDIUM
CVSS 5.5
SQL injection in itsourcecode Construction Management System 1.0 allows remote unauthenticated attackers to manipulate the code parameter in /execute1.php, enabling database query manipulation and potential data exfiltration or modification. Publicly available exploit code exists, increasing real-world risk despite the moderate CVSS score of 6.9.
PHP
SQLi
-
CVE-2026-7073
MEDIUM
CVSS 5.5
SQL injection in itsourcecode Construction Management System 1.0 via the code parameter in /execute.php allows remote unauthenticated attackers to execute arbitrary SQL queries and potentially access or modify database contents. The vulnerability has a publicly available exploit and is confirmed to have a low confidentiality, integrity, and availability impact according to CVSS v4.0 scoring.
PHP
SQLi
-
CVE-2026-7072
MEDIUM
CVSS 5.5
Remote SQL injection in CodePanda Source canteen_management_system 1.0 allows unauthenticated attackers to manipulate the Username parameter in /api/login.php, enabling arbitrary database queries. Public exploit code is available. The vulnerability affects confidentiality and integrity with low impact scope, making it a practical attack vector for credential harvesting or data exfiltration from the canteen management database.
PHP
SQLi
-
CVE-2026-7071
MEDIUM
CVSS 5.5
CodeAstro Online Job Portal 1.0 exposes file and directory information through the /users/user-cvs/ endpoint via remote unauthenticated access, allowing attackers to enumerate and retrieve sensitive resume and user data. The vulnerability has publicly available exploit code and affects all versions of the application via the CPE cpe:2.3:a:codeastro:online_job_portal:*:*:*:*:*:*:*:*. CVSS 5.5 with confirmed public exploit availability and EPSS exploitation probability indicates moderate real-world risk for deployments accessible over the network.
Information Disclosure
-
CVE-2026-7070
MEDIUM
CVSS 5.5
SQL injection in code-projects Inventory Management System 1.0 allows remote unauthenticated attackers to manipulate the Username parameter in the Login component, leading to unauthorized database access and potential data exfiltration. The vulnerability has a publicly available exploit and CVSS 6.9 score reflecting low confidentiality, integrity, and availability impact without scope expansion. EPSS data unavailable, but public exploit availability elevates practical risk.
SQLi
-
CVE-2026-7067
MEDIUM
CVSS 5.5
Command injection in D-Link DIR-822 A_101 udhcpd DHCP service allows remote unauthenticated attackers to execute arbitrary commands via a malicious Hostname parameter in DHCP requests. The vulnerability affects an end-of-life product with publicly disclosed exploit code available, creating significant risk for organizations unable to migrate away from legacy hardware.
Command Injection
D-Link
-
CVE-2026-6357
MEDIUM
CVSS 5.3
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run befo...
Python
Information Disclosure
Red Hat
Suse
-
CVE-2026-5942
MEDIUM
CVSS 5.5
Use-after-free vulnerability in Foxit PDF Editor and PDF Reader allows local attackers to crash the application by manipulating document page lifecycle events, causing internal component states to desynchronize and subsequent operations to reference invalidated memory objects. Attack requires user interaction to open a malicious PDF file and does not enable information disclosure or code execution; impact is denial of service with CVSS 5.5 (medium severity). No public exploit code or active exploitation confirmed at time of analysis.
Denial Of Service
Use After Free
Memory Corruption
-
CVE-2026-5939
MEDIUM
CVSS 5.5
Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows local attackers to crash the application or execute arbitrary code by opening a crafted XFA PDF file during calculate event processing. The vulnerability requires user interaction (opening a malicious PDF) but impacts both products across all versions listed in CPE data. No public exploit code or active exploitation has been confirmed at this time.
RCE
Use After Free
Memory Corruption
-
CVE-2026-5938
MEDIUM
CVSS 5.5
Modal dialog reentry vulnerability in Foxit PDF Editor and Reader allows local attackers to trigger UI freeze and denial of service by supplying a crafted PDF document with a malicious action chain, requiring user interaction to open the file. The vulnerability stems from improper control flow management in document action handling and results in application unresponsiveness on the main thread. No public exploit code or active exploitation has been identified at the time of analysis.
Denial Of Service
-
CVE-2026-5937
MEDIUM
CVSS 5.5
Unhandled exception in Foxit PDF Editor and Foxit PDF Reader allows local denial of service when a user opens a maliciously crafted PDF file with insufficient parameter verification, causing the application to crash via an uncaught std::invalid_argument exception. The vulnerability requires user interaction (opening a file) and local file access but affects all versions of both products without authentication requirements.
Information Disclosure
-
CVE-2026-5362
MEDIUM
CVSS 4.8
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered.
This issue affects pimcore: v12.3.3.
XSS
-
CVE-2026-3867
MEDIUM
CVSS 6.0
Improper ownership management in Moxa Secure Router allows low-privileged authenticated users to access exported configuration files containing hashed administrative passwords, enabling credential disclosure. The vulnerability is confined to scenarios where configuration files have been exported and requires valid user credentials to exploit; no impact to system integrity or availability has been identified.
Information Disclosure
-
CVE-2026-3087
MEDIUM
CVSS 6.0
If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability.
Path Traversal
Microsoft
-
CVE-2026-3008
MEDIUM
CVSS 6.6
String injection in Notepad++ 8.9.3 leads to memory address disclosure or application crash when processing maliciously crafted input. Attackers can leverage this remotely without authentication (CVSS 4.0 score 10.0, AV:N/PR:N), though desktop application context suggests user interaction required despite UI:N in vector. Publicly available exploit code exists per GitHub repository llgsjsm/cve-2026-3008. Fixed in version 8.9.4 release candidate per community forum discussion. EPSS data not available for 2026 CVE.
Denial Of Service
-
CVE-2025-15626
MEDIUM
CVSS 5.3
Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application
Authentication Bypass
Apple
-
CVE-2026-7196
LOW
CVSS 2.1
SQL injection in CodeAstro Online Classroom 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the deleteid parameter in the /guestdetails endpoint, enabling unauthorized data access, modification, or deletion. The vulnerability has publicly available exploit code and a CVSS score of 6.3 reflecting moderate risk with low attack complexity.
SQLi
-
CVE-2026-7179
LOW
CVSS 1.9
A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function read_null_terminated_string of the file src/binwalk/plugins/winceextract.py of the component WinCE Extraction Plugin. Such manipulation of the argument self.file_name leads to path travers...
Path Traversal
-
CVE-2026-7150
LOW
CVSS 2.1
A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the function generate_favicon_from_url of the file src/auto_favicon/server.py of the component MCP Tool. The manipulation of the argument image_url results in server-side request forge...
SSRF
-
CVE-2026-7148
LOW
CVSS 2.1
A flaw has been found in CodeAstro Online Classroom 1.0. This affects an unknown part of the file /addnewfaculty. Executing a manipulation of the argument fname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
SQLi
-
CVE-2026-7144
LOW
CVSS 2.1
A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file update_passwd_process.php. The manipulation of the argument temp_user results in authorization bypass. The attack can be launched remotely. The exploit has been rele...
PHP
Authentication Bypass
-
CVE-2026-7143
LOW
CVSS 2.1
A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/block_status.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and migh...
PHP
SQLi
-
CVE-2026-7142
LOW
CVSS 2.1
A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function add_or_update_script of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has b...
Information Disclosure
-
CVE-2026-7141
LOW
CVSS 2.9
A vulnerability was found in vllm up to 0.19.0. The affected element is the function has_mamba_layers of the file vllm/v1/kv_cache_interface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attack i...
Information Disclosure
-
CVE-2026-7135
LOW
CVSS 1.9
A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elng_box_read of the file src/isomedia/box_code_base.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The attac...
Buffer Overflow
Information Disclosure
-
CVE-2026-7134
LOW
CVSS 2.0
A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit is publicly available and might be ...
PHP
File Upload
-
CVE-2026-7133
LOW
CVSS 2.0
A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and may...
PHP
File Upload
-
CVE-2026-7129
LOW
CVSS 2.1
Reflected cross-site scripting (XSS) in SourceCodester Pharmacy Sales and Inventory System 1.0 allows remote attackers to inject malicious scripts via the ID parameter in /index.php?page=categories. The vulnerability requires user interaction (clicking a crafted link) but has publicly available exploit code and a low CVSS score (5.3) reflecting limited impact scope, with only low integrity consequences to the victim's session or data.
PHP
XSS
-
CVE-2026-7118
LOW
CVSS 2.1
SQL injection in code-projects Employee Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the id or token parameter in 370project/cancel.php, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has a publicly available proof-of-concept and CVSS score of 6.3 (medium severity) with low attack complexity, though exploitation requires valid user credentials.
PHP
SQLi
-
CVE-2026-7117
LOW
CVSS 2.1
SQL injection in code-projects Employee Management System 1.0 allows authenticated remote attackers to manipulate the id and token parameters in 370project/approve.php, enabling unauthorized database queries with low confidentiality, integrity, and availability impact. Publicly available exploit code exists and CVSS score of 6.3 reflects the attack's network accessibility despite requiring low-level authentication.
PHP
SQLi
-
CVE-2026-7116
LOW
CVSS 2.1
Cross-site scripting (XSS) in code-projects Employee Management System 1.0 allows remote attackers to inject malicious scripts via manipulation of the file 370project/mark.php. The vulnerability requires user interaction (UI:R) but can be exploited over the network without authentication. Publicly available exploit code exists and the flaw has moderate impact on integrity (CVSS 4.3).
PHP
XSS
-
CVE-2026-7115
LOW
CVSS 2.1
SQL injection in code-projects Employee Management System 1.0 allows authenticated remote attackers to manipulate the ID argument in 370project/delete.php, leading to unauthorized database queries with limited confidentiality and integrity impact. Publicly available exploit code exists; CVSS 5.3 reflects moderate risk limited by authentication requirement and restricted data access scope.
PHP
SQLi
-
CVE-2026-7114
LOW
CVSS 2.1
SQL injection in code-projects Employee Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in 370project/edit.php, potentially leading to unauthorized data access or modification. The vulnerability requires valid user credentials (PR:L per CVSS vector) and has publicly available exploit code; however, the limited scope (VC:L, VI:L, VA:L) and requirement for authentication reduce real-world risk compared to the base CVSS score of 5.3.
PHP
SQLi
-
CVE-2026-7113
LOW
CVSS 2.9
Authentication bypass in hermes-agent 0.8.0 webhook endpoint allows remote attackers to bypass authentication controls via manipulation of the _INSECURE_NO_AUTH parameter, resulting in limited confidentiality and integrity impact. The vulnerability requires high attack complexity and has publicly available exploit code; vendor patch is available but the project has not yet merged the fix despite early notification.
Authentication Bypass
-
CVE-2026-7112
LOW
CVSS 2.9
Improper authentication in the API_SERVER_KEY handler of NousResearch hermes-agent 0.8.0 allows remote attackers to bypass authentication checks in the _check_auth function via the API server component. The vulnerability has a CVSS score of 6.3 with high attack complexity, and publicly available exploit code exists. The project has not yet responded to early notification via pull request.
Authentication Bypass
-
CVE-2026-7110
LOW
CVSS 2.0
Cross-site scripting (XSS) in code-projects Invoice System in Laravel 1.0 allows authenticated remote attackers to inject malicious scripts via the item name/description parameter in the /item endpoint. The vulnerability requires user interaction (UI:P) and affects only the integrity of victim data (VI:L), but publicly available exploit code exists and the attack vector is network-accessible.
XSS
-
CVE-2026-7108
LOW
CVSS 2.1
Cross-site request forgery (CSRF) in code-projects Invoice System 1.0 for Laravel allows remote attackers to perform unauthorized actions via crafted requests. The vulnerability requires user interaction (clicking a malicious link) but affects the system's integrity through unvalidated state-changing operations. Exploit code is publicly available, and the CVSS 5.3 score reflects moderate severity with limited integrity impact but no confidentiality or availability harm.
CSRF
-
CVE-2026-7107
LOW
CVSS 2.1
Unrestricted file upload in code-projects Invoice System Laravel 1.0 allows authenticated attackers to upload arbitrary files via the logo parameter in the /company endpoint, enabling remote code execution or malicious file distribution. Public exploit code is available, and the vulnerability requires only low-privilege authenticated access with no user interaction.
Authentication Bypass
File Upload
-
CVE-2026-7103
LOW
CVSS 2.9
Weak cryptographic hash usage in code-projects Chat System 1.0 allows remote attackers to compromise password security through the MD5 Hash Handler in update_user.php. The vulnerability stems from use of MD5 for password hashing, a cryptographically broken algorithm that enables rapid offline cracking of password hashes. Publicly disclosed exploit code exists, though exploitation requires high attack complexity. The vulnerability impacts password confidentiality with low direct severity but creates substantial downstream risks for user account compromise.
PHP
Information Disclosure
-
CVE-2026-7102
LOW
CVSS 2.1
Command injection in Tenda F456 1.0.0.5 httpd allows authenticated remote attackers to execute arbitrary commands via the mac parameter in the /goform/WriteFacMac endpoint. The vulnerability has a publicly available exploit and CVSS 5.3 score with authenticated access requirement (PR:L), limiting immediate widespread risk but affecting exposed or compromised administrative accounts.
Command Injection
Tenda
-
CVE-2026-7095
LOW
CVSS 2.1
Reflected cross-site scripting (XSS) in code-projects Employee Management System 1.0 allows remote unauthenticated attackers to inject malicious scripts via the ID parameter in 370project/edit.php. The vulnerability requires user interaction (link click) but has publicly available exploit code and a moderate CVSS score of 4.3, indicating limited but real integrity impact through client-side script execution.
PHP
XSS
-
CVE-2026-7093
LOW
CVSS 2.1
Code-Projects Invoice System in Laravel 1.0 allows authenticated remote attackers to bypass authorization controls via manipulation of the ID parameter in the /invoice/ endpoint, enabling unauthorized access to invoice data with potential for modification and denial of service. The vulnerability has publicly available exploit code and is actively exploitable against default configurations.
Authentication Bypass
-
CVE-2026-7092
LOW
CVSS 2.1
Improper authorization in code-projects Invoice System in Laravel 1.0 allows authenticated remote attackers to bypass access controls via manipulation of the ID parameter in the Profile Handler (/profile/ endpoint), leading to unauthorized read, modification, and denial of service impacts. Public exploit code is available, elevating real-world exploitation risk despite the moderate CVSS score of 6.3.
Authentication Bypass
-
CVE-2026-7091
LOW
CVSS 2.1
Improper authorization in code-projects Invoice System in Laravel 1.0 allows authenticated remote attackers to bypass access controls on the User Management Handler (/user endpoint), gaining unauthorized read, write, and availability impact. The vulnerability has a published exploit available and affects all versions of the affected product line.
Authentication Bypass
-
CVE-2026-7090
LOW
CVSS 1.9
Stored cross-site scripting (XSS) in code-projects Chat System 1.0 allows high-privilege remote attackers to inject malicious scripts via the msg parameter in /admin/send_message.php, affecting the Chat Interface component. The vulnerability requires admin-level authentication and user interaction (viewing the crafted message), but publicly available exploit code exists and the issue is actively being leveraged. With a CVSS score of 2.4, the impact is limited to integrity violations with no confidentiality or availability loss, but the presence of public POC and active exploitation elevates practical risk despite low severity metrics.
PHP
XSS
-
CVE-2026-7089
LOW
CVSS 2.1
Cross-site scripting (XSS) vulnerability in code-projects Home Service System 1.0 allows remote attackers to inject malicious scripts via the fname and lname parameters in the /booking.php Appointment Booking component. User interaction is required for exploitation. A public exploit is available, and the vulnerability carries moderate risk (CVSS 4.3) with integrity impact through malicious script execution in victim browsers.
PHP
XSS
-
CVE-2026-7086
LOW
CVSS 2.1
Path traversal in HBAI-Ltd Toonflow-app up to version 1.1.1 allows authenticated remote attackers to read arbitrary files via manipulation of the url argument in the updateStoryboardUrl function of the Storyboard Export component. The vulnerability has a publicly available exploit, though the vendor disputes its practical exploitability, arguing the affected interface is designed to accept only local or trusted Docker-configured addresses. CVSS 4.3 reflects low confidence (RC:C) and unconfirmed exploitation probability (E:P).
Docker
Path Traversal
-
CVE-2026-7085
LOW
CVSS 1.3
Path traversal in HBAI-Ltd Toonflow-app up to version 1.1.1 allows authenticated remote attackers to access files outside intended directories via the url parameter in the downloadApp endpoint (src/routes/setting/about/downloadApp.ts). The vulnerability requires high attack complexity and authenticated access; vendor mitigation notes that the update URL is statically compiled in official code and exploitation would require users to modify source code. Publicly disclosed exploit code exists, but real-world exploitability is disputed by the vendor and remains uncertain.
Path Traversal
-
CVE-2026-7084
LOW
CVSS 2.1
Server-side request forgery in HBAI-Ltd Toonflow-app up to version 1.1.1 allows authenticated remote attackers to manipulate the Link parameter in the getCodeByLink endpoint, enabling arbitrary HTTP requests from the server. The vendor acknowledges the /getCodeByLink interface is inherently high-risk and designed to fetch and execute TypeScript code locally; public exploit code exists but vendor questions the practical exploitability of the reported vulnerability.
SSRF
-
CVE-2026-7083
LOW
CVSS 2.0
SQL injection in likeadmin_php up to version 1.9.6 allows high-privilege remote attackers to manipulate SQL queries through the queryResult function in the dataTable Admin API component, potentially exposing or modifying sensitive database content. Public exploit code exists and the vendor has not yet responded to early notification, elevating risk despite the CVSS score of 5.1 reflecting high-privilege authentication requirements.
PHP
SQLi
-
CVE-2025-54505
LOW
CVSS 2.0
A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor unit, potentially resulting in loss of confidentiality.
Information Disclosure
Amd