Skip to main content
CVE-2026-9306 LOW POC Monitor

Authorization bypass in QuantumNous new-api versions up to 0.12.1 allows remote attackers to access Midjourney image relay endpoints without proper authentication. The vulnerability resides in RelayMidjourneyImage and GetByOnlyMJId functions within relay-router.go. Despite high attack complexity (CVSS AC:H) and CVSS score of only 3.7, a publicly available proof-of-concept exploit exists (disclosed via GitHub Gist), reducing the technical barrier. The vendor did not respond to early disclosure attempts. EPSS data not provided, but the combination of public exploit and unauthenticated network access (PR:N) warrants attention for organizations using this API gateway for Midjourney integration.

Authentication Bypass New Api
NVD VulDB GitHub
CVSS 4.0
2.9
EPSS
0.0%
CVE-2026-9343 LOW POC Monitor

OS command injection in Edimax EW-7438RPn firmware (versions up to 1.31) allows authenticated remote attackers to execute arbitrary system commands via the pinCode parameter in the formWpsStart function. Public exploit code is available on GitHub, enabling low-complexity attacks against the WPS configuration interface. The vendor has not responded to vulnerability disclosure, leaving no official patch available. EPSS data not provided, but public POC availability significantly increases exploitation risk for internet-exposed devices with weak admin credentials.

Command Injection Ew 7438Rpn
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.9%
CVE-2026-9297 LOW POC Monitor

Command injection in the Edimax BR-6428NS 1.10 wireless router's web management interface allows a remotely authenticated attacker to execute arbitrary OS commands by manipulating the repeaterSSID parameter in a POST request to /goform/formWlbasic. A publicly available proof-of-concept exploit exists, raising the practical risk above what the moderate CVSS score of 6.3 alone suggests. The vendor was notified prior to disclosure but did not respond, meaning no vendor-supplied patch exists at time of analysis.

Command Injection Br 6428Ns
NVD VulDB
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-9296 LOW POC Monitor

Command injection in Edimax BR-6428NS firmware version 1.10 exposes the device's operating system to remote command execution via the /goform/formWlanM POST request handler. An authenticated remote attacker (PR:L per CVSS) can manipulate any of 29+ wireless calibration and ATE parameters - including ateFunc, ateGain, e2pTxPower series, and readE2P - to inject arbitrary shell commands into the device OS. No vendor patch exists as Edimax did not respond to responsible disclosure; a publicly available exploit exists, and the breadth of vulnerable parameters indicates a systemic absence of input sanitization across the wlanM form handler.

Command Injection Br 6428Ns
NVD VulDB
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-9302 LOW POC Monitor

Remote code injection in vps-inventory-monitoring allows authenticated attackers to execute arbitrary PHP code through the VpsTest console command. The vulnerability exists in the eval() function within VpsTest.php, exploitable by manipulating the 'vf' parameter with low attack complexity. Publicly available exploit code exists (GitHub POC published), and the maintainer has not responded to early disclosure attempts. CVSS 6.3 reflects moderate impact across confidentiality, integrity, and availability, with EPSS data unavailable but risk elevated by confirmed POC and unresponsive vendor.

PHP Code Injection RCE
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-9301 LOW POC PATCH Monitor

Memory corruption in OMEC Project AMF (Access and Mobility Management Function) versions up to 2.1.1 allows authenticated remote attackers to corrupt memory by sending malformed NGReset messages to the 5G core network component. The vulnerability stems from insufficient validation of PLMN ID strings in SUCI (Subscription Concealed Identifier) processing within the NGReset message handler. Public exploit code exists (GitHub issue #678), and vendor patch is available (PR #666 upgrading to version 2.2.0). EPSS data not available but exploit code publication increases real-world exploitation likelihood for targeted attacks against 5G core infrastructure.

Buffer Overflow Amf
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9300 LOW POC PATCH Monitor

Memory corruption in the omec-project AMF (Access and Mobility Management Function) NGSetupRequest Handler allows network-adjacent authenticated attackers to corrupt process memory via crafted NGAP messages or malformed SUCI values, affecting confidentiality, integrity, and availability. The vulnerability stems from missing nil-pointer guards in the NGAP dispatcher and absent input validation when parsing Subscription Concealed Identifiers (SUCI) during UE registration and identity response flows. Exploit code has been publicly disclosed (GitHub issue #679), and no public exploit identified at time of analysis confirms active KEV exploitation, though the CVSS temporal vector E:P confirms proof-of-concept availability.

Buffer Overflow Amf
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9299 LOW POC PATCH Monitor

Memory corruption in omec-project AMF versions up to 2.1.1 exposes 5G core network infrastructure to remote exploitation via crafted NGAP PDUSessionResourceModifyIndication messages, allowing low-privileged attackers to achieve partial confidentiality, integrity, and availability impact on the Access and Mobility Management Function. A publicly available exploit exists (confirmed by CVSS E:P and GitHub issue #681), and an official vendor patch has been released in version 2.2.0 via PR #666. No CISA KEV listing was identified at time of analysis, so active widespread exploitation is not confirmed.

Buffer Overflow Amf
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9298 LOW POC PATCH Monitor

Memory corruption in omec-project AMF (Access and Mobility Management Function) through version 2.1.1 allows authenticated remote attackers to corrupt memory by sending crafted NGAP or NAS messages targeting the PathSwitchRequest handler and related message processing paths. The CVSS vector (AV:N/AC:L/PR:L/UI:N/C:L/I:L/A:L) indicates low-complexity network exploitation requiring only low-privilege credentials, with partial impacts across confidentiality, integrity, and availability. Publicly available exploit code exists (confirmed by GitHub issue #680 and the E:P temporal modifier); no active exploitation is confirmed in CISA KEV.

Buffer Overflow Amf
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9342 LOW POC Monitor

SQL injection in SourceCodester Hospitals Patient Records Management System 1.0 allows authenticated attackers to extract, modify, or delete database records via the ID parameter in /admin/patients/view_history.php. The vulnerability requires low-privilege authenticated access (PR:L) but has low attack complexity (AC:L) and can be exploited remotely. Publicly available exploit code exists on GitHub (referenced in VulDB entry), enabling immediate weaponization by threat actors. EPSS data not available, and the vulnerability is not currently listed in CISA KEV, indicating exploitation may be limited or targeted rather than widespread. The CVSS 6.3 (Medium) rating reflects partial impact across confidentiality, integrity, and availability (C:L/I:L/A:L).

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9305 LOW POC Monitor

SQL injection in QuantumNous new-api versions up to 0.12.1 allows authenticated remote attackers to manipulate database queries through the SearchUserTopUps and SearchAllTopUps functions in the self endpoint. The vulnerability exists in model/topup.go with confirmed public exploit code available on GitHub. With EPSS data unavailable and CVSS 6.3 (medium severity), the primary risk stems from the low-complexity exploitation requiring only low-level authentication, enabling attackers to exfiltrate sensitive data, modify records, or potentially execute denial-of-service attacks against the database layer.

SQLi New Api
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9303 LOW POC Monitor

Cross-site request forgery (CSRF) in Cal.com cal.diy versions up to 4.9.4 enables remote attackers to perform unauthorized actions on behalf of authenticated users through specially crafted requests. Public exploit code is available via GitHub Gist, lowering the barrier for exploitation. The vendor was notified but has not responded or released a patch, leaving users dependent on compensating controls. EPSS data unavailable, but the combination of low attack complexity (AC:L), no authentication requirement (PR:N), and available exploit code (E:P) elevates practical exploitation risk above the base CVSS score of 4.3.

CSRF Cal Diy
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9304 LOW POC Monitor

Server-side request forgery in Cal.com cal.diy versions up to 4.9.4 enables authenticated attackers to make the server perform arbitrary HTTP requests to internal or external systems via the Logo API endpoint. The vulnerable validateUrlForSSRF function in apps/web/app/api/logo/route.ts insufficiently validates user-supplied URLs, allowing bypass of SSRF protections. Public exploit code exists (EPSS data not provided), though exploitation complexity is high (CVSS AC:H) requiring low-level privileges and technical sophistication. The vendor received early notification but has not responded or released a patch.

SSRF Cal Diy
NVD VulDB GitHub
CVSS 4.0
1.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy