Skip to main content
CVE-2026-8242 LOW POC Monitor

Information disclosure in Industrial Application Software IAS Canias ERP 8.03 allows remote attackers to extract sensitive data through observable response discrepancies in the Login RMI Interface doAction function. The vulnerability requires high attack complexity but can be exploited without authentication or user interaction. Publicly available exploit code exists, though the vendor has not responded to early disclosure notifications.

Information Disclosure Canias Erp
NVD VulDB GitHub
CVSS 4.0
2.9
EPSS
0.0%
CVE-2026-8230 LOW POC Monitor

OS command injection in Wavlink NU516U1 240425 via the ipaddr parameter in /cgi-bin/login.cgi allows authenticated remote attackers to execute arbitrary system commands with limited impact (confidentiality, integrity, availability). The vulnerability requires valid credentials (PR:L) but can be exploited over the network without user interaction. Publicly available exploit code exists, and the vendor was notified during coordinated disclosure.

Command Injection Nu516U1
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-8229 LOW POC Monitor

Remote command injection in Wavlink NU516U1 240425 allows authenticated attackers to execute arbitrary OS commands via manipulation of the AuthMethod or EncrypType arguments in the WifiBasic function of /cgi-bin/wireless.cgi. Publicly available exploit code exists, and the vendor was notified early of the disclosure.

Command Injection Nu516U1
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-8228 LOW POC Monitor

OS command injection in Wavlink NU516U1 240425 wireless configuration module allows authenticated remote attackers to execute arbitrary system commands via manipulation of the wlan_conf/Channel/skiplist/ieee_80211h parameter in /cgi-bin/wireless.cgi. Publicly available exploit code exists, and the vendor was notified early of disclosure. CVSS 6.3 reflects the moderate impact of command execution under authenticated conditions.

Command Injection Nu516U1
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-8227 LOW POC Monitor

Remote OS command injection in Wavlink NU516U1 240425 via the wzdapMesh function in /cgi-bin/adm.cgi allows authenticated remote attackers to execute arbitrary operating system commands with limited system impact. Publicly available exploit code exists, and the vendor has been notified of the disclosure.

Command Injection Nu516U1
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-8217 LOW POC Monitor

OS command injection via Runtime.getRuntime.exec in Canias ERP 8.03 RMI Interface allows authenticated remote attackers to execute arbitrary operating system commands by manipulating the troiaCode argument. The vulnerability carries low confidentiality, integrity, and availability impact (CVSS 2.1), but publicly available exploit code exists and the vendor has not responded to early disclosure.

Command Injection Canias Erp
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-8235 LOW POC PATCH Monitor

OS command injection in 8421bit MiniClaw 0.8.0 and 0.9.0 allows local authenticated attackers to execute arbitrary system commands via the resolveSkillScriptPath function in the System Command Handler (src/kernel.ts). The vulnerability stems from unsafe command construction using string concatenation with unsanitized user input passed to shell execution. Publicly available exploit code exists, and a patch has been released by the vendor.

Command Injection Miniclaw
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
1.1%
CVE-2026-8252 LOW POC Monitor

Null pointer dereference in Open5GS Session Management Function (SMF) up to version 2.7.7 allows authenticated remote attackers to cause denial of service by manipulating the smf_nsmf_handle_create_data_in_hsmf function. Publicly available exploit code exists, and the project has been notified but has not yet released a patch.

Denial Of Service Null Pointer Dereference Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8251 LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 allows authenticated remote attackers to crash the Service Mobile Function (SMF) component via manipulation of the update_authorized_pcc_rule_and_qos function in the Policy and Charging Control (PCC) handler. The vulnerability has a CVSS score of 2.1 with low availability impact; publicly available exploit code exists, and the project maintainers have not yet responded to early disclosure.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8250 LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 via the smf_n4_build_qos_flow_to_modify_list function in the SMF (Session Management Function) component allows remote authenticated attackers to crash the service with low attack complexity. The vulnerability has been publicly disclosed with exploit code available; the vendor was notified early but has not yet released a fix.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8249 LOW POC Monitor

Denial of service vulnerability in Open5GS up to version 2.7.7 allows authenticated remote attackers to crash the Service Measurement Function (SMF) component via improper handling in the update_authorized_pcc_rule_and_qos function. The vulnerability has a publicly available exploit and moderate CVSS score (4.3) but is limited to authenticated access and results in availability impact only. The vendor has not yet released a patch despite early notification through a GitHub issue.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8248 LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 allows authenticated remote attackers to crash the Service Mobility Function (SMF) component via manipulation of the update_authorized_pcc_rule_and_qos function in npcf-handler.c. Publicly available exploit code exists, and the vendor has not released a patch despite early notification through issue tracking.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8231 LOW POC Monitor

SQL injection in CodeAstro Online Catering Ordering System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /deleteorder.php, with publicly available exploit code disclosed. Despite a low CVSS score of 2.1 due to authentication requirements and limited impact scope, the vulnerability enables data exfiltration or manipulation within the application's database with minimal attack complexity.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8218 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in Devs Palace ERP Online up to version 4.0.0 allows authenticated high-privilege users to inject malicious scripts via the /inventory/purchase_return_save endpoint. The vulnerability requires user interaction (UI:P) to trigger, and publicly available exploit code exists. The vendor has not responded to disclosure attempts, leaving affected installations without official guidance or patches.

XSS Erp Online
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-8253 LOW POC Monitor

Stored cross-site scripting (XSS) in Devs Palace ERP Online up to version 4.0.0 allows high-privileged users to inject malicious scripts via the /inventory/purchase_save endpoint, affecting the confidentiality of other users' sessions. The vulnerability requires administrative-level privileges and user interaction (UI:R), resulting in a low CVSS score of 2.4, though publicly available exploit code exists and the vendor has not responded to disclosure attempts.

XSS Erp Online
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-8219 LOW POC Monitor

Stored cross-site scripting (XSS) in Devs Palace ERP Online up to version 4.0.0 allows high-privileged authenticated users to inject malicious scripts via the /inventory/supplier-save endpoint, affecting data integrity and confidentiality of other users viewing the supplier data. The vulnerability requires user interaction (UI:P) and high-level privileges (PR:H), limiting its exploitation scope; however, publicly available exploit code exists and the vendor has not responded to disclosure.

XSS Erp Online
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-8233 LOW Monitor

Improper access controls in Dotouch XproUPF 2.0.0 (release 088aa7c4) allow local authenticated attackers to bypass authentication mechanisms and gain unauthorized access to restricted functionality within the UPF component. The vulnerability requires high attack complexity and valid user credentials but affects confidentiality, integrity, and availability of the affected system. No public exploit code or active exploitation has been identified at time of analysis.

Authentication Bypass Xproupf
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8221 LOW Monitor

Cross-site scripting (XSS) in Devs Palace ERP Online through version 4.0.0 allows high-privileged authenticated users to inject malicious scripts via the /inventory/item-save endpoint, requiring user interaction (UI:P) for exploitation. Public exploit code is available, and the vendor has not responded to early disclosure notification, leaving affected deployments without an official patch and at risk of account compromise or session hijacking by attackers with high administrative privileges.

XSS
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-8220 LOW Monitor

Reflected cross-site scripting in Devs Palace ERP Online up to version 4.0.0 allows authenticated high-privilege users to inject malicious scripts via the /inventory/customer-save endpoint, requiring user interaction to execute. Despite public exploit availability and early vendor notification, no patch or vendor response has been documented. CVSS score of 1.9 reflects high authentication requirements and limited impact scope, though the presence of public exploit code indicates practical demonstration of the vulnerability.

XSS
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy