Skip to main content
CVE-2026-8777 LOW POC Monitor

Command injection in Edimax BR-6428NS firmware v1.10 allows authenticated remote attackers to execute arbitrary system commands via the stadrv_ssid parameter in POST requests to /goform/formStaDrvSetup. Public exploit code is available (documented in VulDB and researcher's Notion page), enabling low-complexity attacks against networks where attackers have obtained low-privilege credentials. The vendor received early disclosure but provided no response, leaving no official patch timeline.

Command Injection Br 6428Ns
NVD VulDB
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-8774 LOW POC Monitor

Command injection in Edimax BR-6228NC version 1.22 allows authenticated remote attackers to execute arbitrary OS commands by manipulating the 'command' parameter in POST requests to /goform/mp endpoint. Public exploit code exists, increasing exploitation risk despite requiring low-privilege authentication. EPSS data not available, but the presence of working exploit demonstrates confirmed weaponization. Vendor has not responded to disclosure and no patch has been announced.

Command Injection Br 6228Nc
NVD VulDB
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-8783 LOW POC PATCH Monitor

Null pointer dereference in OMEC Project AMF (Access and Mobility Management Function) versions up to 2.1.3-dev allows authenticated remote attackers to trigger denial of service via crafted NGAP UERadioCapabilityCheckResponse messages. The vulnerability exists in ngap/dispatcher.go where insufficient null pointer validation permits exploitation through the 5G network interface. Public exploit code exists (GitHub issue #675), and vendor-released patch v2.2.0 is available via PR #666, which also addresses multiple related security issues in NGAP message handling and mobile identity parsing.

Denial Of Service Null Pointer Dereference Amf
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8782 LOW POC PATCH Monitor

Remote denial of service in omec-project AMF versions up to 2.1.3-dev allows authenticated attackers to crash the Access and Mobility Management Function via crafted NGAP messages that trigger null pointer dereference in ngap/handler.go. Public exploit code exists (GitHub issue #674). Affects OMEC 5G core network deployments. Patched in version 2.2.0 via PR #666, which addresses multiple security issues including malformed SUCI handling and missing null checks across NGAP message parsing.

Denial Of Service Null Pointer Dereference Amf
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8781 LOW POC PATCH Monitor

Null pointer dereference in OMEC Project AMF versions up to 2.1.3-dev allows remote authenticated attackers to trigger denial of service via crafted NGAP messages to the RANConfiguration function. The vulnerability (CVE-2026-8781) affects the Access and Mobility Management Function component of the Open Mobile Evolved Core, a critical element in 5G networks. Publicly available exploit code exists (GitHub issue #673), but CVSS 2.1 (Low) reflects limited availability impact and low-privilege authentication requirement. Vendor-released patch: version 2.2.0 (GitHub PR #666).

Denial Of Service Null Pointer Dereference Amf
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8780 LOW POC PATCH Monitor

Memory corruption in omec-project AMF versions up to 2.1.3-dev allows authenticated remote attackers to trigger low-severity availability impact via malformed NGAP messages. The vulnerability resides in ngap/dispatcher.go where insufficient null-pointer validation and input sanitization in the NGAP message handler permits memory corruption. Public exploit code exists (GitHub issue #670) with vendor-released fix in version 2.2.0. Despite CVSS 2.1 base score, exploitation probability is low (CVSS:4.0 E:P indicates POC exists) and impact limited to partial availability degradation - authentication required (PR:L) and no confidentiality or integrity impact (VC:N/VI:N).

Buffer Overflow Amf
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8779 LOW POC PATCH Monitor

Memory corruption in OMEC Project's Access and Mobility Management Function (AMF) allows authenticated remote attackers to crash the 5G core network component by sending crafted NGAP NG Setup Request messages with malformed InformationElement fields. Affects OMEC AMF versions up to 2.1.3-dev. Publicly available exploit code exists (GitHub issue #671), and vendor patch released in version 2.2.0. CVSS 4.3 (Low severity) reflects low availability impact, requiring authentication (PR:L), but real-world risk is moderate for 5G network operators given public POC and critical infrastructure role of AMF in mobile core networks.

Buffer Overflow Amf
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8786 LOW POC Monitor

Authorization bypass in Tencent WeKnora's Config API endpoint allows authenticated attackers to access unauthorized knowledge bases by manipulating the kbId parameter in getKnowledgeBaseForInitialization function. Affects all versions up to 0.3.6. Publicly available exploit code exists via GitHub Gist, enabling low-complexity attacks with network access. CVSS 6.3 reflects moderate impact across confidentiality, integrity, and availability. EPSS data not available, but public POC increases exploitation likelihood. Vendor unresponsive to disclosure, indicating no official patch timeline.

Authentication Bypass Weknora
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8784 LOW POC PATCH Monitor

Symlink following in cramfs-tools 2.2 and earlier allows local privileged attackers to manipulate file ownership or timestamps on arbitrary filesystem locations during cramfs extraction. The vulnerability exists in the change_file_status function in cramfsck.c, which performs metadata operations (chown, chmod, utime) without validating that extracted paths are not symbolic links pointing outside the extraction directory. A publicly available exploit exists (GitHub issue #13), and the vendor has released patch commit b4a3a695c. EPSS data not available; not listed in CISA KEV. CVSS 4.2 reflects the local high-privilege requirement, though real-world risk depends heavily on whether cramfs extraction occurs in privileged contexts.

Information Disclosure Cramfs Tools
NVD VulDB GitHub
CVSS 4.0
1.8
EPSS
0.0%
CVE-2026-3495 LOW PATCH Monitor

Cross-site scripting (XSS) in Mattermost Server 10.11.0-10.11.13 and 11.5.0-11.5.1 enables authenticated administrators to inject JavaScript code through unescaped variables in error page templates. Exploitation requires high-privilege (PR:H) administrative access to site configuration settings, limiting real-world risk despite network-based attack vector (AV:N). No active exploitation confirmed (not in CISA KEV). EPSS data not available for recent CVE. This is a stored XSS vulnerability affecting administrative workflows rather than end users.

Mattermost XSS
NVD VulDB
CVSS 3.1
3.8
EPSS
0.0%
CVE-2026-45683 LOW PATCH GHSA Monitor

Kernel memory disclosure in OpenTelemetry eBPF Instrumentation (OBI) versions prior to 0.9.0 allows a local authenticated process to exfiltrate arbitrary kernel memory into the OBI telemetry pipeline by supplying a crafted kernel-space pointer to the Java TLS ioctl kprobe. The BPF probe hooks do_vfs_ioctl and incorrectly uses bpf_probe_read - which can dereference any memory address, kernel or user - instead of the boundary-enforcing bpf_probe_read_user, causing the kernel bytes to be emitted via bpf_ringbuf_output into downstream telemetry. Publicly available exploit code exists (PoC published in the GitHub security advisory); no confirmed active exploitation (CISA KEV) has been identified at time of analysis.

Information Disclosure Java
NVD GitHub
CVSS 3.1
3.8
EPSS
0.0%
CVE-2026-4273 LOW PATCH Monitor

Authenticated attackers can bypass token rotation in Mattermost's remote cluster invite confirmation process by reusing original invite tokens. The flaw affects Mattermost Server versions 11.5.x through 11.5.1 and 10.11.x through 10.11.13, allowing token reuse despite intended security controls. While rated low severity (CVSS 3.7), this represents an authentication bypass vulnerability (CWE-863) that undermines session management security. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis.

Mattermost Authentication Bypass
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-4643 LOW Monitor

Mattermost Desktop App can be crashed remotely by malicious server administrators or plugin developers exploiting insufficient isolation of server-rendered content. Authenticated attackers with low-privilege server access who can control rendered content (via compromised server, malicious plugin, or modified server responses) can invoke window.close() to terminate the desktop client, causing a client-side denial of service. EPSS data not available; no public exploit code identified at time of analysis. CVSS 3.5 (Low severity) reflects limited impact scope - disruption to individual user sessions rather than system-wide compromise.

Mattermost Denial Of Service
NVD VulDB
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-6333 LOW PATCH Monitor

Server-Side Request Forgery in Mattermost 10.11.x through 11.5.1 allows authenticated attackers with slash command access to redirect custom slash command responses to attacker-controlled servers by manipulating the Host header. The vulnerability requires low-privileged authentication and high attack complexity (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N), resulting in a CVSS score of 3.5. No public exploit code or active exploitation via CISA KEV has been identified at time of analysis. Vendor advisory available at mattermost.com/security-updates provides remediation guidance.

Mattermost SSRF
NVD VulDB
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-6334 LOW PATCH Monitor

OAuth authorization code interception in Mattermost 10.11.x through 10.11.13 and 11.5.x through 11.5.1 allows authenticated OAuth clients to redeem authorization codes issued to different clients. An attacker controlling a malicious OAuth application can intercept and exchange authorization codes meant for legitimate applications, potentially gaining unauthorized access to user data or sessions. CVSS score of 3.1 reflects high attack complexity and required privileges, with EPSS data not provided. Vendor patch released per Mattermost advisory MMSA-2026-00570.

Mattermost Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-4286 LOW PATCH Monitor

Authorization bypass in Mattermost 10.11.x through 10.11.13 and 11.5.x through 11.5.1 allows authenticated users with 'Manage Playbook Configurations' permission to reassign playbooks to arbitrary teams via PUT API, circumventing team membership restrictions. This access control flaw enables lateral privilege escalation across team boundaries without proper authorization checks. EPSS exploitation probability data not available; no confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis.

Mattermost Authentication Bypass
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-47090 LOW PATCH Monitor

Terminal injection in Claude HUD through version 0.0.12 allows an attacker who controls a Git branch name or working directory path to embed arbitrary ANSI escape sequences into terminal sessions via unsanitized OSC 8 hyperlink construction. When a user runs Claude HUD in an affected terminal emulator and clicks a rendered project or branch hyperlink, injected sequences—including OSC 52 clipboard writes and forged prompts—are processed by the terminal. The vulnerability has no public exploit identified at time of analysis and is not listed in CISA KEV, but the clipboard-poisoning vector carries meaningful risk for developers routinely cloning untrusted repositories.

RCE Claude Hud
NVD GitHub
CVSS 4.0
2.4
EPSS
0.0%
CVE-2026-45244 LOW PATCH Monitor

Missing authorization in the Summarize browser extension (versions prior to 0.15.1/0.15.2, CPE: cpe:2.3:a:steipete:summarize) allows remote unauthenticated attackers to execute browser automation actions - including navigation and debugger-backed operations - without triggering per-call user approval. Exploitation requires the extension automation feature to be enabled and the user to interact with attacker-controlled content (UI:R per CVSS), making this a prompt-injection-driven authorization bypass rather than a standalone remote attack. No public exploit has been identified at time of analysis, and the vendor released a patch in v0.15.2 as reported by VulnCheck.

Authentication Bypass Summarize
NVD GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8773 LOW Monitor

Argument injection in litemall Database Setting Handler allows authenticated administrators with high privileges to inject malicious arguments into database backup/load operations, potentially exposing sensitive database credentials or altering backup behavior. Publicly disclosed exploit code exists (CVSS:4.0 E:P), but vendor has not responded to disclosure. EPSS data not available; low CVSS base score (2.0) reflects high privilege requirement (PR:H) limiting widespread exploitation despite network attack vector.

Java Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-8772 LOW Monitor

SQL injection in linlinjava litemall 1.8.0 and earlier allows high-privileged remote attackers to read and modify database contents via crafted requests to multiple Admin Endpoint functions. Public exploit code available (EPSS probability unknown from provided data). Attack requires administrative credentials (PR:H) but achieves confidentiality, integrity, and availability impact on vulnerable component (VC:L/VI:L/VA:L). Despite CVSS 4.0 score of 2.0 (Low severity due to high privilege requirement), the existence of public POC and lack of vendor response elevates practical risk for installations where admin accounts may be compromised.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-33637 LOW PATCH GHSA Monitor

Off-host request forgery in the Faraday Ruby HTTP client library (versions 2.0.0-2.14.1) allows a remote unauthenticated attacker who can influence the per-request target to redirect HTTP requests - along with connection-scoped `Authorization` headers - to an arbitrary attacker-controlled host. This is a bypass of the February 2026 patch for CVE-2026-25765 (GHSA-33mh-2634-fwr2): the prior fix sanitized `String` inputs to `Faraday::Connection#build_exclusive_url` but failed to handle `URI` objects, which Ruby's URI parser resolves differently. Publicly available exploit code (proof-of-concept) exists and was independently confirmed against an external HTTP collector, demonstrating real-world credential exfiltration.

SSRF Apple
NVD GitHub
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy