Skip to main content
CVE-2026-7721 LOW POC Monitor

Command injection in Totolink WA300 firmware version 5.2cu.7112_B20190227 allows authenticated remote attackers to execute arbitrary commands via the hostTime parameter in the NTPSyncWithHost function accessible through /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, though actual real-world exploitation risk is mitigated by the requirement for authenticated access and the low impact scope (limited to confidentiality, integrity, and availability of the application itself, with no system-wide impact).

Command Injection Wa300
NVD VulDB
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-7720 LOW POC Monitor

Command injection in Totolink WA300 5.2cu.7112_B20190227 allows authenticated remote attackers to execute arbitrary commands via the langType parameter in the setLanguageCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, though the low CVSS 2.1 score reflects limited scope (only low confidentiality and integrity impact, no system integrity or availability impact) and authentication requirement, reducing real-world attack surface.

Command Injection Wa300
NVD VulDB
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-7718 LOW POC Monitor

Command injection in Totolink WA300 firmware version 5.2cu.7112_B20190227 allows authenticated remote attackers to execute arbitrary commands via the webWlanIdx parameter in the setWebWlanIdx function of /cgi-bin/cstecgi.cgi. The vulnerability requires valid user credentials but no user interaction, with publicly available exploit code demonstrating the attack.

Command Injection Wa300
NVD VulDB
CVSS 4.0
2.1
EPSS
2.3%
CVE-2026-7730 LOW POC Monitor

OS command injection in privsim mcp-test-runner 0.2.0 allows authenticated remote attackers to execute arbitrary operating system commands via manipulation of the command argument passed to child_process.spawn in the MCP Interface component. The vulnerability affects version 0.2.0 with CVSS 6.3 (network-exploitable, low attack complexity, low-privileged access required). Publicly available exploit code exists and the vendor has not yet responded to early disclosure notification.

Command Injection Mcp Test Runner
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.7%
CVE-2026-7779 LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 affects the authentication-subscription endpoint handler, allowing authenticated remote attackers to manipulate the udm_nudr_dr_handle_subscription_authentication function and cause service unavailability. Public exploit code exists and the vulnerability has been reported to the project without a confirmed vendor response or patch release.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-7738 LOW POC Monitor

Path traversal in puchunjie doc-tools-mcp 1.0.18 MCP Interface allows authenticated remote attackers to access arbitrary files on the system via manipulation of the filePath argument in create_document and open_document functions. The vulnerability has a low CVSS score (2.1) due to authentication requirements and limited confidentiality impact, but publicly available exploit code exists. The vendor has not responded to the early disclosure.

Path Traversal Doc Tools Mcp
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-7728 LOW POC PATCH Monitor

Path traversal in ryanjoachim mcp-rtfm 0.1.0 allows authenticated remote attackers to read, write, and delete arbitrary files by manipulating the docFile parameter in the get_doc_content, read_doc, update_doc, and related MCP interface functions. Publicly available exploit code exists, and the vulnerability affects all versions of the product without a patched release identifier provided. An authenticated user can exploit this with no user interaction required via network access to escape the intended .handoff_docs directory and access files outside the designated documentation scope.

Path Traversal Mcp Rtfm
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-7725 LOW POC PATCH Monitor

Argument injection in Prefect up to 3.6.25.dev6 allows authenticated attackers to execute arbitrary git commands via specially crafted commit_sha or directories parameters in the GitRepository Pull Handler (src/prefect/runner/storage.py). An attacker can inject git flags like --upload-pack or --config to achieve remote code execution with the privileges of the Prefect runner process. Publicly available exploit code exists, and the vendor has released a patched version (3.6.25.dev7) that validates commit SHA format and adds command-line argument separators to block injection.

Code Injection Prefect
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-7715 LOW POC Monitor

Path traversal in ravenwits mcp-server-arangodb up to version 0.4.7 allows authenticated remote attackers to manipulate the outputDir argument in the arango_backup function, enabling unauthorized file system access with limited confidentiality and integrity impact. The vulnerability affects the MCP Interface component and has publicly available exploit code; however, the low CVSS score (2.1) reflects constrained real-world risk due to the requirement for authenticated access and limited technical impact scope.

Path Traversal Mcp Server Arangodb
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-7729 LOW POC PATCH Monitor

Server-side request forgery (SSRF) in pixelsock directus-mcp 1.0.0 allows authenticated remote attackers to manipulate the fileUrl argument in the validateUrl function, enabling requests to internal resources including cloud metadata services and private networks. Publicly available exploit code exists and a patch awaiting acceptance is available on GitHub. CVSS 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) reflects moderate impact with authentication requirement.

SSRF Directus Mcp
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7781 LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 affects the AMF 3GPP access endpoint handler (udm_nudm_uecm_handle_amf_registration_update function), allowing authenticated remote attackers to crash the UDM service via malformed registration update messages. Publicly available exploit code exists, and the vendor was notified early but has not released a patch as of the analysis date.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7780 LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 affects the udm_state_operational function in the smf-registrations endpoint, allowing authenticated remote attackers to manipulate the function and cause service unavailability. The vulnerability has publicly available exploit code and carries a low CVSS score of 2.1 due to required authentication and limited availability impact, though the project has not yet responded to early disclosure.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7732 LOW POC Monitor

Unrestricted file upload in code-projects BloodBank Managing System 1.0 via request_blood.php allows authenticated remote attackers to upload arbitrary files with limited impact. The vulnerability requires valid user credentials (PR:L per CVSS vector) but has low confidentiality, integrity, and availability impact (VC:L/VI:L/VA:L). Publicly available exploit code exists; however, the low CVSS score (2.1) and confined impact scope suggest this poses minimal risk despite public disclosure.

PHP File Upload
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7782 LOW POC Monitor

Authorization bypass in CodeCanyon Perfex CRM up to 3.4.1 allows authenticated remote attackers to access projects belonging to other tenants via manipulation of the ID parameter in the Clients::project function. The vulnerability requires valid user credentials but grants access to cross-tenant data with low confidentiality, integrity, and availability impact. Publicly available exploit code exists for this flaw.

Authentication Bypass PHP
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7746 LOW POC Monitor

SQL injection in SourceCodester Web-based Pharmacy Product Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /product_expiry/edit-admin.php, enabling unauthorized data access, modification, and deletion. The vulnerability has a publicly available exploit and CVSS 6.3 base score reflects moderate impact with low attack complexity; however, authentication is required, limiting exposure to users with valid credentials.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7745 LOW POC Monitor

SQL injection in CodeAstro Online Classroom 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via a crafted deleteid parameter in the /OnlineClassroom/facultydetails endpoint, enabling data exfiltration and potential database manipulation. The vulnerability has public exploit code available and CVSS 6.3 (medium severity) reflects the requirement for prior authentication and limited scope, though the exploitation probability is rated probable by scoring metadata.

SQLi Online Classroom
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7744 LOW POC Monitor

SQL injection in CodeAstro Online Classroom 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the fname parameter in the /OnlineClassroom/addnewstudent endpoint, resulting in unauthorized data access, modification, and denial of service. Public exploit code is available and the vulnerability carries a CVSS score of 6.3 with proof-of-concept code confirmed accessible on GitHub.

SQLi Online Classroom
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7743 LOW POC Monitor

SQL injection in CodeAstro Online Classroom 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the deleteid parameter in the /OnlineClassroom/studentdetails endpoint, enabling unauthorized data access, modification, and potential denial of service. The vulnerability has publicly available exploit code and confirmed exploitation potential, affecting all versions up to 1.0.

SQLi Online Classroom
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7742 LOW POC Monitor

SQL injection in CodeAstro Online Classroom 1.0 allows authenticated remote attackers to manipulate the fid parameter in the /OnlineClassroom/facultylogin endpoint, leading to unauthorized data access, modification, and denial of service. The vulnerability has a publicly available proof-of-concept exploit and is likely to be actively exploited given the moderate CVSS score (6.3) and confirmed POC availability.

SQLi Online Classroom
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7741 LOW POC Monitor

SQL injection in CodeAstro Online Classroom 1.0 allows authenticated remote attackers to manipulate the sid parameter in the /OnlineClassroom/studentlogin endpoint, enabling data exfiltration and modification with low complexity exploitation. Public exploit code is available, increasing real-world risk despite the moderate CVSS score of 6.3.

SQLi Online Classroom
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7731 LOW POC Monitor

SQL injection in code-projects BloodBank Managing System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the G_STATE_ID parameter in get_state.php, potentially exfiltrating sensitive patient or blood bank data. The vulnerability has low confidentiality and integrity impact but carries exploitability risk (E:P in CVSS 4.0) and publicly available exploit code, making it a practical concern for deployed instances despite the low CVSS score of 2.1.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7716 LOW POC Monitor

SQL injection in code-projects Gym Management System in PHP allows authenticated remote attackers to manipulate the 'day' parameter in /index.php, enabling arbitrary SQL query execution with limited confidentiality and integrity impact. The vulnerability carries a CVSS score of 2.1 and requires prior authentication (PR:L); publicly available exploit code exists but active exploitation confirmation is absent from CISA KEV data.

Microsoft PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7783 LOW POC Monitor

SQL injection in CodeCanyon Perfex CRM up to version 3.4.1 allows authenticated remote attackers to execute arbitrary SQL queries via the Admin Kanban Endpoint's AbstractKanban::applySortQuery function. The vulnerability stems from improper sanitization of the sort query argument and can lead to unauthorized data access, modification, and potential system compromise. Publicly available exploit code exists, increasing real-world risk.

PHP SQLi
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7740 LOW POC Monitor

Denial of service in tsMuxer up to version 2.7.0 via improper handling of the track_id argument in the VvcVpsUnit::setFPS function allows local authenticated attackers to trigger an availability impact. Publicly available exploit code exists; however, the vulnerability affects only unsupported legacy versions and requires local access with user-level privileges, limiting real-world exposure.

Denial Of Service Tsmuxer
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-7739 LOW POC Monitor

Denial of service in tsMuxer up to version 2.7.0 via improper input validation in the HevcVpsUnit::setFPS function allows local authenticated attackers to crash the application by manipulating the track_id argument. The vulnerability affects only unsupported product versions and carries a very low CVSS score (1.9), though publicly available exploit code exists.

Denial Of Service Tsmuxer
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-7724 LOW POC PATCH Monitor

Time-of-check time-of-use (TOCTOU) vulnerability in Prefect's validate_restricted_url function allows remote attackers with low privileges to bypass Server-Side Request Forgery (SSRF) protections via DNS rebinding attacks during webhook and notification delivery. Publicly available exploit code exists. The vulnerability affects Prefect versions up to 3.6.28.dev1 and is fixed in 3.6.28.dev2.

Information Disclosure Prefect
NVD VulDB GitHub
CVSS 4.0
1.3
EPSS
0.1%
CVE-2026-43863 LOW PATCH Monitor

Mutt before version 2.3.2 contains an infinite loop in the data_object_to_stream function within crypt-gpgme.c that can be triggered during GPG encryption operations, leading to denial of service. The vulnerability affects remote attackers under high-complexity conditions (requiring specific GPG-encrypted message handling), and is publicly documented via a GitHub commit but has no active exploitation confirmed. The fix changes the loop condition from checking non-zero read results to explicitly checking for positive read values (> 0), preventing infinite iteration when gpgme_data_read returns zero or negative values.

Denial Of Service Mutt
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-43862 LOW PATCH Monitor

Mutt before 2.3.2 mishandles the IMAP GSS security level due to improper integer casting and insufficient bounds checking, allowing remote attackers to trigger memory corruption and information disclosure via a crafted IMAP server response during GSS-API authentication. The vulnerability requires high attack complexity (malicious IMAP server) but affects all versions prior to 2.3.2.

Information Disclosure Memory Corruption Mutt
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-43861 LOW PATCH Monitor

mutt before version 2.3.2 fails to validate null bytes during URL percent-decoding, allowing remote attackers to inject embedded null characters into decoded URLs, potentially causing information disclosure through truncation of validation checks or bypassing of security filters that rely on string length.

Information Disclosure Mutt
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-43860 LOW PATCH Monitor

mutt before version 2.3.2 truncates the IMAP CRAM-MD5 authentication hash by one byte due to incorrect use of strfcpy instead of memcpy, potentially allowing attackers to bypass or weaken authentication on IMAP connections through off-by-one string handling errors.

Information Disclosure Mutt
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-43859 LOW PATCH Monitor

Mutt before 2.3.2 uses an unsafe string copy function (strfcpy) instead of memcpy when handling MD5 digest data in IMAP CRAM authentication, allowing attackers to potentially forge IMAP credentials by triggering buffer manipulation during the authentication handshake. The vulnerability requires manual connection attempt to a malicious IMAP server and affects network IMAP authentication flows, though the low CVSS score (3.7) reflects high attack complexity and integrity impact only.

Information Disclosure Mutt
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-43864 LOW PATCH Monitor

Mutt mail client before version 2.3.2 crashes due to a null pointer dereference in the show_sig_summary function when processing GPG signatures, causing denial of service. The vulnerability requires local access and user interaction to trigger (viewing a malicious email with a crafted signature), resulting in application termination with minimal real-world impact. CVSS score of 2.5 reflects low severity; no public exploit or active exploitation confirmed.

Null Pointer Dereference Denial Of Service Mutt
NVD GitHub VulDB
CVSS 3.1
2.5
EPSS
0.0%
CVE-2026-6499 LOW Monitor

Incorrect permission assignment in OpenConcerto 1.7.5 enables local authenticated users with UI interaction to modify critical binary files, potentially allowing privilege escalation or persistent code execution through binary replacement. CVSS score of 2.4 (Low) reflects the local-only attack vector and requirement for user interaction, though the vulnerability creates a persistent integrity risk for affected deployments.

Information Disclosure Openconcerto
NVD VulDB
CVSS 4.0
2.4
EPSS
0.0%
CVE-2026-42245 LOW PATCH GHSA Monitor

net-imap ResponseReader exhibits quadratic time complexity O(n²) when parsing IMAP responses containing multiple string literals, allowing hostile IMAP servers to exhaust client CPU and block other threads via denial of service. A maliciously crafted response can consume 100-200ms per regex scan repeated hundreds of thousands of times per megabyte, holding the Global VM lock and starving concurrent threads despite staying within max_response_size limits. Vendor-released patches available in versions 0.4.24, 0.5.14, and 0.6.4.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2026-42183 LOW PATCH GHSA Monitor

Denial of service via nil pointer dereference in Argo Workflows 4.0.0-4.0.4 affects SSO users with RBAC namespace delegation enabled when their identity claims match a namespace-level RBAC rule but not an SSO-namespace rule. The gatekeeper.go rbacAuthorization() function unconditionally dereferences a nil serviceAccount pointer when comparing rule precedence, causing an HTTP 500 panic on every API request from the affected user. Live-tested exploit confirmed on v4.0.4 with Dex OIDC provider; vendor patch released as v4.0.5.

Denial Of Service Null Pointer Dereference
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-40243 LOW PATCH GHSA Monitor

Broken TLS certificate verification in Incus OVN database connections accepts peer-supplied certificate roots instead of anchoring trust in the configured CA certificate, allowing an attacker positioned on the management network to impersonate the OVN northbound or southbound database. While mTLS prevents full man-in-the-middle attacks and OVN control planes typically run on the same servers as Incus (limiting network attack surface), the flaw collapses the intended CA-based authentication boundary on critical control-plane database connections. Affected versions below 7.0.0 are vulnerable; no active exploitation confirmed in CISA KEV at time of analysis.

Authentication Bypass
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-7713 LOW Monitor

Improper authorization in Calibre-Web-Automated versions up to 4.0.6 allows authenticated remote attackers to generate or revoke Kobo authentication tokens for arbitrary users via an Insecure Direct Object Reference (IDOR) vulnerability in the kobo_auth.py component. An attacker with valid login credentials can request /kobo_auth/generate_auth_token/<victim_user_id> to obtain tokens authorizing Kobo sync as any other user, or revoke their tokens to deny service. Publicly available exploit code exists and the vulnerability is confirmed patched in version 4.0.7.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-7712 LOW Monitor

Unsafe deserialization in MindsDB pickle.loads function allows authenticated remote attackers to achieve limited information disclosure and integrity compromise via crafted serialized objects. The vulnerability affects MindsDB up to version 26.01, requires valid credentials (PR:L), and has publicly available exploit code; however, the low CVSS score (2.1) and limited scope indicate restricted real-world impact despite network accessibility.

Deserialization
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy