Skip to main content
CVE-2026-7469 LOW POC Monitor

Command injection in Tenda 4G300 US version 1.01.42 allows authenticated remote attackers to execute arbitrary system commands via the delflag parameter in the /goform/DelFil endpoint. The vulnerability affects the sub_425A28 function and has publicly available exploit code; CVSS 6.3 reflects authenticated access requirement but moderate impact scope.

Tenda Command Injection
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.7%
CVE-2026-7502 LOW POC PATCH Monitor

LinkStack up to version 4.8.6 contains an authorization bypass vulnerability in the saveLink function of UserController.php that allows authenticated attackers to modify links belonging to other users via insecure direct object references (IDOR). The vulnerability affects the Management Endpoint and enables remote attackers with valid credentials to manipulate or delete arbitrary user links, with publicly available exploit code and an unmerged patch awaiting acceptance.

Authentication Bypass PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7447 LOW POC Monitor

SQL injection in SourceCodester Pet Grooming Management Software 1.0 allows authenticated remote attackers to manipulate the type, length, or business parameters in /admin/update_customer.php, enabling unauthorized database queries with limited confidentiality and integrity impact. The vulnerability requires login credentials (PR:L) but carries low overall severity (CVSS 2.1); however, publicly available exploit code exists and the attack vector is network-accessible, making it a practical risk for multi-tenant or shared hosting deployments.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7501 LOW POC PATCH Monitor

Stored cross-site scripting (XSS) in LinkStack up to version 4.8.6 allows authenticated users to inject malicious scripts via the pageDescription parameter in the editPage function, which are then stored and executed in the browsers of users viewing the affected page. The vulnerability requires user interaction (victim must view the page) and authenticated access, limiting its scope to authenticated attackers, but publicly available exploit code exists and the vendor has provided a fix via pull request #974.

PHP XSS
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-40686 LOW PATCH Monitor

Out-of-bounds read in Exim before 4.99.2 when UTF-8 operators are enabled allows remote unauthenticated attackers to leak sensitive information through error messages by sending email with malformed UTF-8 trailing characters in headers. The vulnerability has high attack complexity due to the requirement for UTF-8 operator enablement and specific malformed input crafting, but requires no user interaction and operates over the network on default deployments.

Information Disclosure Buffer Overflow Exim
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-3832 LOW PATCH Monitor

GnuTLS with OCSP verification enabled incorrectly accepts revoked server certificates when presented with specially crafted multi-record OCSP responses during TLS handshakes, allowing attackers to bypass certificate revocation checks and establish connections to compromised servers. The vulnerability requires high attack complexity and specific OCSP configuration, affecting Red Hat Enterprise Linux 6-10, Red Hat Hardened Images, and OpenShift Container Platform 4. No public exploit code or active exploitation has been identified at the time of analysis.

Information Disclosure Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +3
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-33446 LOW PATCH Monitor

Buffer overflow in the authentication subsystem of Absolute Secure Access prior to version 14.50 allows remote attackers controlling a malicious server to send specially crafted packets that corrupt memory, potentially causing denial of service. The vulnerability requires high attack complexity and user interaction, resulting in low confidentiality, integrity, and availability impact. No public exploit code or active exploitation has been identified at the time of analysis.

Buffer Overflow Secure Access
NVD VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2026-33447 LOW PATCH Monitor

Buffer overflow in Secure Access message parsing prior to version 14.50 allows remote attackers with control of a modified server to send specially crafted packets that corrupt memory, potentially causing denial of service or limited information disclosure. Attack requires network access, high complexity, and user interaction; CVSS 2.3 reflects limited real-world impact despite the vulnerability class.

Buffer Overflow Stack Overflow Secure Access
NVD VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-33450 LOW PATCH Monitor

Out-of-bounds read in Absolute Secure Access macOS client prior to version 14.50 allows remote attackers with control of a modified server to send malformed packets triggering denial of service. The vulnerability requires high attack complexity (modified server infrastructure and user interaction) and results in availability impact only, with a low CVSS score of 2.3 reflecting limited real-world severity despite network accessibility.

Buffer Overflow Apple Information Disclosure
NVD VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-33449 LOW PATCH Monitor

Buffer overflow in Absolute Secure Access prior to version 14.50 allows remote attackers to cause denial of service by sending a cryptographically valid message to the client, potentially overwriting memory. The vulnerability requires network access and user interaction (UI:P), making it a moderate-complexity attack with low availability impact. Vendor has released a patch available as of the CVE disclosure.

Denial Of Service Buffer Overflow Stack Overflow Secure Access
NVD VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-7510 LOW Monitor

Authorization bypass in OWASP DefectDojo up to version 2.55.4 allows authenticated users to manipulate objects in Benchmark, Engagement, Product, and Survey components by directly accessing resources via unvalidated object IDs, bypassing ownership checks. The vulnerability affects multiple endpoints that retrieve objects without verifying the requesting user has authorization to access the specific resource, enabling lateral privilege escalation and unauthorized data modification. Publicly disclosed exploit code exists, and the vulnerability requires network access with valid authentication credentials to exploit.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7508 LOW Monitor

Code injection in Bootstrap CMS 0.9.0-alpha page creation handler allows authenticated remote attackers to inject arbitrary code via the body parameter in resources/views/pages/show.blade.php, with publicly available exploit code and a CVSS score of 2.1 reflecting low confidentiality/integrity impact. The vulnerability affects an unmaintained product with an inactive code repository, limiting real-world exposure but enabling opportunistic exploitation of legacy deployments.

PHP Code Injection
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7429 LOW Monitor

Reflected cross-site scripting in SSCMS v7.4.0 allows authenticated attackers to inject arbitrary JavaScript through crafted STL template payloads in the /api/stl/actions/dynamic endpoint. The vulnerability arises from improper output encoding when decrypted STL templates are returned in JSON responses, enabling session hijacking, credential theft via phishing, and unauthorized user actions. User interaction is required to trigger the payload, limiting but not eliminating real-world risk.

XSS Sscms
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-13030 LOW Monitor

Remote code execution in django-mdeditor (all versions prior to commit 3e80f9e) allows unauthenticated attackers to upload malicious files via the image upload endpoint. The vulnerability combines missing authentication (CWE-306) with insufficient filename sanitization, enabling arbitrary code execution when uploaded files are accessed. Exploit code is publicly available (CVSS E:P), though user interaction is required (UI:R). EPSS data not available, not listed in CISA KEV at time of analysis.

Authentication Bypass RCE Python
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy