Skip to main content
CVE-2018-25336 MEDIUM POC This Month

Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Joomla Extension Jcart For Opencart
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25324 MEDIUM POC This Month

Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE LFI Apache PHP
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25327 MEDIUM POC This Month

Joomla!. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Js Jobs
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-8759 MEDIUM POC This Month

Expression language injection in Beetl template engine versions up to 3.20.2 enables remote attackers to execute arbitrary expressions through the SpELFunction component. The vulnerability stems from improper neutralization of special elements in Spring Expression Language (SpEL) processing, with publicly available exploit code and no vendor response despite early notification. CVSS 7.3 indicates moderate severity with confirmed remote exploitability.

Java Information Disclosure
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-8757 MEDIUM POC This Month

Path traversal in adenhq Hive versions up to 0.11.0 allows unauthenticated remote attackers to read arbitrary files via the _read_events_tail function in the Delete Request Handler. This network-accessible vulnerability requires no user interaction and has a publicly available proof-of-concept exploit. The vendor has not responded to disclosure attempts, leaving users without an official patch. EPSS data unavailable; CVSS 5.5 reflects limited confidentiality/integrity impact but ease of exploitation warrants prioritization for internet-facing deployments.

Path Traversal Hive
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-8737 MEDIUM POC This Month

Authentication bypass in Sanluan PublicCMS 5.202506.d allows remote unauthenticated attackers to access arbitrary user trade address data via manipulation of userId/id parameters in the TradeAddressListDirective component. Public exploit code exists (CVSS E:P), enabling unauthorized disclosure of confidential address information including names, phone numbers, and shipping details. EPSS data unavailable; not listed in CISA KEV. Vendor non-responsive to disclosure.

Authentication Bypass Java
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8738 MEDIUM POC This Month

Business logic flaws in PublicCMS 5.202506.d trade payment controller allow unauthenticated remote attackers to manipulate payment processing workflows, potentially enabling payment bypass or unauthorized transaction modifications. Publicly available exploit code exists demonstrating the attack. The vulnerability affects three payment-related functions (TradeOrderController.pay, TradePaymentController.pay, AccountGatewayComponent.pay) in the publiccms-trade module. Vendor was notified but did not respond, and no patch has been announced.

Java Information Disclosure
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8758 MEDIUM POC This Month

Unrestricted file upload in Metasoft MetaCRM (versions up to 6.4.0 Beta06) allows remote unauthenticated attackers to upload arbitrary files via the /common/jsp/upload3.jsp endpoint. A publicly disclosed exploit exists (CVSS E:P), enabling attackers to upload malicious files without authentication (PR:N), potentially leading to remote code execution. The vendor did not respond to coordinated disclosure, leaving users vulnerable. EPSS data not available, but the combination of network accessibility, no authentication requirement, and public exploit code indicates elevated real-world risk despite the moderate 5.5 CVSS score.

File Upload Metacrm
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8725 MEDIUM POC This Month

Server-side request forgery in CoreWorxLab CAAL versions up to 1.6.0 enables unauthenticated remote attackers to make arbitrary HTTP requests from the server through the test-hass endpoint in webhooks.py. The vulnerability has publicly available exploit code and allows attackers to access internal resources, potentially leading to data exposure or further compromise of internal systems. EPSS data not available, not currently in CISA KEV despite public exploit availability.

SSRF Caal
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8751 MEDIUM POC This Month

Deserialization vulnerability in H2O-3 machine learning platform versions up to 7402 enables remote code execution through the importBinaryModel function when processing malicious JAR files. The vulnerability allows unauthenticated remote attackers to execute arbitrary code with publicly available exploit code (CVSS 7.3, EPSS not provided). The vendor failed to respond to disclosure attempts, leaving users without an official patch.

Java Deserialization
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8750 MEDIUM POC This Month

Information disclosure in h2oai h2o-3 through version 7402 allows remote unauthenticated attackers to read arbitrary files from the server filesystem via the ImportFile API endpoint. The vulnerability resides in the importFiles function of PersistNFS.java and is confirmed actively exploited with publicly available exploit code (CVSS:4.0 E:P). Despite early vendor notification, h2oai has not responded or issued a patch, leaving deployments at risk of credential theft, source code exposure, or configuration file access.

Java Information Disclosure
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8752 MEDIUM POC This Month

Improper access controls in H2O-3's Rapids setproperty primitive allow remote unauthenticated attackers to modify system properties via the AstSetProperty.java exec function. The vulnerability permits low-impact integrity violations through manipulation of configuration settings accessible via the Rapids API. Public exploit code is available (VulDB 364379), increasing exploitation risk, though no active exploitation confirmed by CISA KEV at time of analysis. EPSS data not provided. Vendor unresponsive to disclosure attempts.

Authentication Bypass Java
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8739 MEDIUM POC This Month

Hard-coded cryptographic key in Sanluan PublicCMS 5.202506.d allows remote attackers to compromise data integrity through the SafeConfigComponent's getSignKey function. The vulnerability (CWE-321) enables manipulation of the privatefile_key argument, permitting unauthenticated network-based attacks with low complexity. Public exploit code is available per VulDB submission 809917, significantly lowering the skill barrier for exploitation despite the medium CVSS 5.5 score. EPSS data unavailable; not listed in CISA KEV, suggesting targeted rather than widespread exploitation at time of analysis.

Java Information Disclosure
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8734 MEDIUM POC This Month

SQL injection in Oinone Pamirs versions up to 7.2.0 allows remote unauthenticated attackers to read, modify, or delete database records via the queryListByWrapper interface. The RSQLToSQLNodeConnector.makeVariable function fails to properly sanitize input, enabling direct database manipulation. A publicly available proof-of-concept exploit exists (GitHub issue #12), and the vendor has not responded to disclosure attempts. EPSS data unavailable, not listed in CISA KEV. CVSS 5.5 (Medium) reflects confidentiality, integrity, and availability impacts all rated Low with network-accessible, low-complexity exploitation requiring no authentication.

SQLi Pamirs
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2018-25334 MEDIUM POC This Month

Zechat 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Zechat
NVD Exploit-DB VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2018-25337 MEDIUM POC This Month

Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Joomla Extension Joomocshop
NVD Exploit-DB VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2018-25321 MEDIUM POC This Month

TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF TP-Link
NVD Exploit-DB VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2018-25331 MEDIUM POC This Month

Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2026-8723 MEDIUM PATCH GHSA This Month

The qs Node.js library (versions 6.11.1 through 6.15.1) crashes with a synchronous TypeError when stringify is called with both arrayFormat: 'comma' and encodeValuesOnly: true on arrays containing null or undefined elements. Applications using these non-default options together will experience request failures (typically 500 errors in web frameworks) when processing user input with null array values. The vulnerability was introduced in commit 4c4b23d (PR #463, January 2023) and patched in v6.15.2 (commit 21f80b3). No public exploit or CISA KEV listing identified at time of analysis, though exploitation requires only crafting JSON input with null array elements.

Denial Of Service Node.js Null Pointer Dereference
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-8756 MEDIUM This Month

Path traversal in fishaudio Bert-VITS2's Gradio web interface allows remote unauthenticated attackers to read or write arbitrary files on the server filesystem via the generate_config function's data_dir parameter. Public exploit code exists (disclosed via VulDB and GitHub Gist). EPSS data unavailable; CVSS 5.5 (Medium) but CVSS 4.0 vector shows network-accessible, no authentication required (AV:N/PR:N), making this readily exploitable against any internet-exposed instance. Vendor non-responsive to early disclosure attempt, indicating no official patch available.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-8768 MEDIUM This Month

Server-side request forgery in Vercel AI SDK versions up to 3.0.97 allows remote unauthenticated attackers to forge requests from the server to arbitrary internal or external resources via the validateDownloadUrl function in provider-utils. Publicly available exploit code exists (CVSS E:P). EPSS data not available, not listed in CISA KEV. Vendor unresponsive to disclosure, indicating no official patch or advisory at time of analysis. Organizations using affected versions for AI model downloads or blob handling should implement immediate compensating controls.

SSRF Ai Vercel
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8755 MEDIUM This Month

Path traversal in fishaudio Bert-VITS2's hiyoriUI.py allows unauthenticated remote attackers to access arbitrary files outside the intended model directory via the _get_all_models function. Public exploit code exists (GitHub Gist). The project uses rolling releases with no versioned patches, and the vendor has not responded to disclosure attempts. EPSS data unavailable; not listed in CISA KEV, suggesting limited real-world exploitation despite public POC.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy