Skip to main content
CVE-2018-25361 HIGH POC This Week

Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Soroush Messenger
NVD Exploit-DB VulDB
CVSS 4.0
7.0
EPSS
0.0%
CVE-2018-25370 MEDIUM POC This Month

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25378 MEDIUM POC This Month

Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Notebook Pro
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25369 MEDIUM POC This Month

Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Visual Ping
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25367 MEDIUM POC This Month

NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the geometry name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Openvsp
NVD Exploit-DB GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-8376 CRITICAL PATCH Act Now

Heap-based buffer overflow in Perl interpreters up to and including 5.43.10 on 32-bit builds lets a caller that compiles an attacker-controlled regular expression corrupt heap memory at regex compile time, with potential for code execution. The flaw stems from an integer overflow in Perl_study_chunk when optimizing a repeated fixed substring, and is rated CVSS 9.8 by NVD. EPSS is very low (0.02%, 5th percentile) and there is no public exploit identified at time of analysis; the issue is limited to 32-bit Perl builds and applications that feed untrusted input into regex compilation.

Buffer Overflow Perl Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-9453 MEDIUM POC This Month

Command injection in FoundDream miniclawd's SkillsLoader component exposes systems to remote unauthenticated arbitrary command execution via unsanitized manipulation of the `requires.bins` argument in `/src/application/skills-loader.ts`. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms zero-barrier remote exploitation with no authentication or user interaction required, and SSVC classifies the attack as automatable with partial technical impact. A public exploit (POC) exists via GitHub issue tracker, the vendor has not responded to disclosure, and no patch has been released - leaving affected deployments with no official remediation path.

Command Injection Miniclawd
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
1.0%
CVE-2026-9452 MEDIUM POC This Month

OS command injection in FoundDream miniclawd allows remote unauthenticated attackers to execute arbitrary system commands via the ExecTool.execute function in /src/tools/exec.ts. All versions up to commit 2d65665046e2222eeea76cafc8570ed546a8c125 are affected, and because the project uses no versioning scheme, the full exposure window cannot be bounded by a release number. A publicly available proof-of-concept exploit exists (disclosed via GitHub issue), and the project maintainer has not responded to the responsible disclosure, meaning no patch is available at time of analysis.

Command Injection Miniclawd
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
1.0%
CVE-2026-9474 MEDIUM POC This Month

SQL injection in yashpokharna2555 StudentManagementSystem's /studentdel.php endpoint allows remote unauthenticated attackers to manipulate the ID parameter within the confirm_logged_in function, enabling arbitrary SQL query execution against the backend database. All commits up to cb2f558ddf8d19396de0f92abf2d224d46a0a203 of this PHP-based academic application are affected, with no patched release available due to its rolling-release model and vendor non-response. A public exploit exists per GitHub issue #5, and SSVC flags the attack as automatable, though the EPSS score of 0.03% reflects limited real-world scanning activity likely attributable to the application's narrow deployment footprint.

PHP SQLi Studentmanagementsystem
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-9470 MEDIUM POC This Month

SQL injection in yashpokharna2555's StudentManagementSystem (commit cb2f558) exposes the confirm_logged_in function in student_trans.php to unauthenticated remote attackers who can manipulate FIRST_NAME, Last_Name, and EMAIL parameters to execute arbitrary SQL against the backend database. A public exploit has been disclosed via GitHub issue #3, confirming exploitability requires minimal skill; however, EPSS at 0.03% (9th percentile) indicates very low observed real-world exploitation activity, likely reflecting the narrow deployment footprint of this niche open-source PHP project rather than any technical barrier. No patch is available at time of analysis, as the maintainer has not responded to the coordinated disclosure.

PHP SQLi Studentmanagementsystem
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-9469 MEDIUM POC This Month

SQL injection in the PHP-based yashpokharna2555/StudentManagementSystem exposes the /success.php endpoint to remote unauthenticated database attacks via the unsanitized 'User' argument. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms exploitation requires no authentication, no user interaction, and no special network position. A publicly available exploit exists via a GitHub issue report; the project maintainer has been notified but has not responded, and no patch has been released. Despite POC availability, EPSS sits at 0.03% (9th percentile), reflecting the niche, low-adoption nature of this project rather than a reduced technical severity.

PHP SQLi Studentmanagementsystem
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-9447 MEDIUM POC This Month

SQL injection in SourceCodester Simple POS and Inventory System 1.0 exposes the application to unauthenticated remote data extraction and manipulation via the Name parameter in /user/search.php. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no authentication or user interaction is required, and a publicly available proof-of-concept exploit (GitHub gist) lowers the bar for exploitation. No active exploitation has been confirmed in CISA KEV, and the EPSS score of 0.03% (9th percentile) indicates limited real-world exploitation activity at time of analysis despite the public POC.

PHP SQLi Simple Pos And Inventory System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-9466 MEDIUM POC This Month

Weak password recovery in Tiandy Easy7 Integrated Management Platform 7.17.0 exposes the `/rest/user/updateUserPassword` API endpoint to unauthenticated remote manipulation, enabling an attacker to interfere with the password update process and achieve unauthorized integrity impact on user credentials (CWE-640). The CVSS 4.0 vector confirms unauthenticated network access with no prerequisites, and a public exploit has been disclosed via Feishu documentation. Despite the public POC, EPSS sits at 0.03% (8th percentile), indicating no widespread automated exploitation has been observed; the vendor did not respond to coordinated disclosure, leaving the flaw unpatched.

Information Disclosure Easy7 Integrated Management Platform
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-9465 MEDIUM POC This Month

Unauthenticated SQL injection in Tiandy Easy7 Integrated Management Platform 7.17.0 exposes database contents to remote attackers via the strTBName parameter of the GetDBDataEx.jsp web service endpoint. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no authentication or user interaction is required, and exploit code has been made publicly available, raising the operational risk despite a relatively low EPSS score of 0.03%. The vendor was notified prior to public disclosure but did not respond, and no vendor-released patch has been identified at time of analysis.

SQLi Easy7 Integrated Management Platform
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-9058 CRITICAL PATCH Act Now

Szafir SDK returns a success status code from the cryptographic digital signature verification process (i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified") even when the trust status of the signer's certificate could not be established (i.e. /VerifyingTaskItem/Signature/VerificationResult/SigningCertificate/@certificateType == "nondetermined"). This causes consuming applications to incorrectly treat the signature as valid despite an unverified certificate chain, enabling authentication bypass and user impersonation. This issue was fixed in version 463.

Authentication Bypass Szafir Sdk
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-42773 CRITICAL Act Now

Blind SQL injection in the eMagicOne Store Manager WordPress plugin (versions up to and including 1.3.2) allows remote unauthenticated attackers to inject malicious SQL through improperly sanitized parameters. With a CVSS 9.3 score and changed scope, successful exploitation can expose confidential database contents across the WordPress installation, though EPSS remains very low (0.03%) and no public exploit identified at time of analysis.

SQLi Emagicone Store Manager
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-42774 CRITICAL Act Now

SQL injection in Crocoblock JetEngine (a WordPress plugin) through version 3.8.8.1 allows remote unauthenticated attackers to inject crafted SQL into backend queries, leading to high-impact confidentiality disclosure and limited availability impact with a scope change to other components. The flaw carries a CVSS 9.3 rating and was disclosed by Patchstack, but there is no public exploit identified at time of analysis and EPSS is very low at 0.03%.

SQLi Jetengine
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2018-25363 MEDIUM POC This Month

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP
NVD Exploit-DB GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-2651 CRITICAL PATCH GHSA Act Now

Cross-user artifact overwrite in MLflow versions prior to 3.10.0 allows authenticated users with --serve-artifacts mode enabled to abuse unprotected multipart upload (MPU) endpoints under /mlflow-artifacts/mpu/* and tamper with models owned by other users, enabling model supply chain poisoning and arbitrary code execution when poisoned models are deserialized. The SSVC framework classifies this as having a public proof-of-concept with total technical impact, though EPSS exploitation probability is currently only 0.05% (16th percentile) and no public exploit identified at time of analysis as actively weaponized.

Authentication Bypass RCE Mlflow Mlflow
NVD GitHub
CVSS 3.1
9.0
EPSS
0.1%
CVE-2026-45216 HIGH This Week

Privilege escalation in the StoreApps Smart Manager WordPress plugin (versions up to and including 8.85.0) allows authenticated low-privilege users to elevate themselves to higher-privileged roles due to incorrect privilege assignment (CWE-266). The flaw was reported by Patchstack and carries a CVSS 3.1 score of 8.8, though there is no public exploit identified at time of analysis and EPSS is very low at 0.04%. Affected WooCommerce stores running this plugin should treat this as a meaningful internal-risk issue because any subscriber, customer, or shop-manager account could be leveraged to seize administrator control.

Privilege Escalation Smart Manager
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-47073 HIGH POC PATCH GHSA This Week

Denial of service in benoitc hackney (Erlang HTTP client) versions 2.0.0 through 4.0.0 allows a malicious WebSocket server to exhaust client memory via three unbounded buffer paths in src/hackney_ws.erl. An attacker controlling the server the hackney client connects to can drive the Erlang VM to OOM by streaming bytes without terminator, declaring a giant RFC 6455 frame length, or sending endless non-final continuation fragments. Publicly available exploit code exists per SSVC, EPSS is low at 0.09%, and a vendor patch is available in 4.0.1.

Denial Of Service Hackney
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-47067 HIGH POC PATCH GHSA This Week

Denial of service in benoitc hackney (Erlang HTTP client) 2.0.0 through 4.0.0 allows remote unauthenticated attackers to crash the BEAM VM by supplying URLs with attacker-chosen scheme prefixes, exhausting the non-garbage-collected atom table (default limit 1,048,576). Exploitation is automatable per SSVC and affects any application that parses untrusted URLs via hackney - including request targets, configured webhook URLs, or Location redirect headers. No public exploit identified at time of analysis and EPSS is low (0.04%), but a vendor patch is available in 4.0.1.

Denial Of Service Hackney
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-47066 HIGH POC PATCH GHSA This Week

Denial-of-service in benoitc's hackney Erlang HTTP client (versions 2.0.0-beta.1 through 4.0.0) allows any HTTP origin server to pin a client process at 100% CPU by returning a malformed Alt-Svc response header. The flaw is a CWE-835 infinite loop in the Alt-Svc parser, triggerable by a single byte such as '!' in the header value. No public exploit identified at time of analysis, EPSS is low (0.04%), but SSVC rates exploitation as POC and the attack is automatable; a vendor patch is available in 4.0.1.

Denial Of Service Hackney
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-8652 HIGH This Week

An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product’s web console, they may be able to execute arbitrary OS commands via adjacent network.

Command Injection Aterm Mr51Fn Aterm Cm51Fd
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2026-48837 HIGH This Week

Blind SQL injection in the Unlimited Elements For Elementor WordPress plugin (versions up to and including 2.0.8) allows authenticated low-privilege attackers to inject arbitrary SQL into backend database queries. The flaw was reported by Patchstack and carries a CVSS 3.1 score of 8.5 due to scope change and high confidentiality impact, though no public exploit identified at time of analysis and EPSS probability remains low at 0.03%. The scope change (S:C) indicates the injection crosses a trust boundary, amplifying impact beyond the vulnerable component.

SQLi Unlimited Elements For Elementor Elementor
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-9489 HIGH This Week

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTEM privileges and to delete arbitrary files with SYSTEM privileges. By leveraging this, an attacker can execute arbitrary code on the target system with elevated privileges.

Microsoft Path Traversal RCE Privilege Escalation
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-7766 HIGH PATCH This Week

Kenik Camera management Panel is vulnerable to Path Traversal vulnerability. An unauthenticated attacker can send GET request with arbitrary file path and read corresponding files located on the server. The issue was fixed in version 2026-04-23 of the KG-5260xxxx-IL-(G)2 cameras. Rest of the products were fixed in version 2025-04-21.

Path Traversal Kg 5230Tas Il 3 Kg 5230Tas Il G3 Kg 5230Das Il G3 Kg 5260Tzas Il 3 +4
NVD
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-47077 HIGH POC PATCH GHSA This Week

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackney_h3:await_response_loop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every received chunk, housekeeping message, or settings frame - it is not a wall-clock deadline. A malicious HTTP/3 server that emits one small chunk every Timeout - 1 ms with Fin = false and never sends a final frame keeps the loop alive indefinitely while the accumulation buffer grows linearly without bound, eventually exhausting the BEAM process heap and causing an out-of-memory condition. This issue affects hackney: from 2.0.0 before 4.0.1.

Denial Of Service Hackney
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-47071 HIGH POC PATCH GHSA This Week

Denial of service in benoitc hackney (Erlang HTTP client) versions 0.10.0 through 4.0.0 lets a hostile SOCKS5 or HTTP CONNECT proxy hang the connecting Erlang process indefinitely during the TLS upgrade phase. Because the caller-supplied timeout was not forwarded to ssl:connect/2, which defaults to infinity, recv_timeout and connect_timeout options are silently bypassed. Publicly available exploit code exists per SSVC, EPSS is low (0.04%), and a vendor patch is available in 4.0.1.

Denial Of Service Hackney
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-48842 HIGH PATCH This Week

Pre-authentication SQL injection in Roundcube Webmail's virtuser_query plugin allows unauthenticated remote attackers to bypass input sanitization through a preg_replace() backslash escape flaw and inject arbitrary SQL against the backing database. Versions 1.6.x prior to 1.6.16 and 1.7.x prior to 1.7.1 are affected. Vendor patches are available, no public exploit identified at time of analysis, and EPSS is low (0.08%), but SSVC rates technical impact as total.

SQLi Webmail
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-45361 HIGH PATCH GHSA This Week

Man-in-the-middle exposure in Apache Airflow's `apache-airflow-providers-google` package (versions prior to 22.0.0) stems from the `ComputeEngineSSHHook` shipping with `paramiko.AutoAddPolicy` as its default missing-host-key policy, silently trusting any SSH host key presented by a Compute Engine VM. An in-path network attacker positioned between the Airflow worker and the GCE instance can intercept or tamper with the SSH session, exposing credentials, DAG-driven commands, and transferred data. No public exploit identified at time of analysis and EPSS is very low (0.02%), but technical impact is rated total by SSVC.

Google Information Disclosure Apache Apache Airflow Google Provider
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-25193 HIGH PATCH This Week

Credential exposure in Gallagher Command Centre Service installers writes Service Account credentials into installer log files under %programdata%\Gallagher\Command Centre, allowing a local low-privileged user who can read those logs to recover the configured Service Account password. The flaw (CWE-532) affects a broad set of Gallagher Command Centre components including Command Centre Server, Active Directory Sync, Entra ID Sync, Elevator Service, Middleware Framework and others, but only when the operator deviated from the default Network Service account during install. There is no public exploit identified at time of analysis and EPSS is 0.01%, but a successful read yields high-impact credential compromise of a privileged service identity.

Information Disclosure Command Centre Server Active Directory Sync Cardholder Sync Utility Diagnostics Service +11
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-48844 HIGH PATCH This Week

Code injection in Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 allows authenticated attackers to execute arbitrary PHP via the LDAP autovalues option, which previously evaluated user-influenced expressions as code. The upstream maintainers removed code evaluation support entirely in the fixed releases. EPSS sits at 0.05% (14th percentile) and there is no public exploit identified at time of analysis, but the issue is patched and rated CVSS 7.5.

Code Injection Webmail
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-45209 HIGH This Week

Information disclosure in the MyCryptoCheckout WordPress plugin (versions up to and including 2.161) allows remote unauthenticated attackers to access protected data due to a missing authorization check. The flaw stems from incorrectly configured access control security levels, enabling exploitation over the network without privileges or user interaction. No public exploit identified at time of analysis, and EPSS scoring (0.03%, 9th percentile) suggests low near-term exploitation likelihood.

Authentication Bypass Mycryptocheckout
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-45438 HIGH PATCH This Week

Unauthenticated integrity compromise in WebToffee Smart Coupons for WooCommerce (versions before 2.3.0) allows remote attackers to bypass access controls and modify coupon-related data without authentication. The flaw stems from missing authorization checks (CWE-862) on plugin endpoints, and while no public exploit has been identified at time of analysis, SSVC flags the issue as automatable, meaning mass exploitation tooling could emerge rapidly. EPSS is currently low (0.03%) despite the network-exploitable nature of the bug.

Authentication Bypass WordPress Smart Coupons For Woocommerce
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24937 HIGH PATCH This Week

Authenticated code injection in the VideoWhisper Broadcast Live Video WordPress plugin (versions before 7.1.3) lets a high-privileged user execute arbitrary PHP on the underlying host, yielding full confidentiality, integrity, and availability loss on the WordPress instance. No public exploit identified at time of analysis, and EPSS exploitation probability sits at 0.04% (14th percentile), but SSVC rates the technical impact as total. A vendor patch is available in 7.1.3.

Code Injection RCE Broadcast Live Video
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-48848 HIGH PATCH This Week

CSS injection in Roundcube Webmail 1.6.x (before 1.6.16) and 1.7.x (before 1.7.1) allows remote attackers to bypass the HTML sanitizer by embedding an SVG document with an animate element whose attributeName references style, enabling cross-site scripting style attacks against mail recipients. The flaw carries a CVSS 7.2 (changed scope) with no privileges or user interaction required beyond viewing a crafted message, no public exploit identified at time of analysis, and an EPSS of 0.04% (14th percentile) indicating low predicted exploitation volume despite the trivially-triggerable attack vector.

XSS Webmail
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-48843 HIGH PATCH This Week

Server-Side Request Forgery and information disclosure in Roundcube Webmail 1.6.14-1.6.15 and 1.7.0 allows remote attackers to force the webmail server to fetch internal network resources by embedding malicious stylesheet links in HTML email messages. The flaw is a regression of CVE-2026-35540 caused by insufficient CSS sanitization, and while no public exploit identified at time of analysis, the EPSS score sits at a low 0.03% (9th percentile) despite the vulnerability being trivially triggerable by sending a crafted email.

Information Disclosure SSRF Webmail
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-42782 HIGH PATCH GHSA This Week

Code execution via Groovy sandbox bypass in Apache Syncope 3.0 through 3.0.16, 4.0 through 4.0.5, and 4.1.0 allows a high-privileged administrator holding Implementations entitlements to run untrusted code outside the sandbox. By placing payload logic in a Groovy class static initializer, the attacker reaches a non-sandboxed execution path, yielding full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and EPSS is very low (0.02%, 6th percentile), consistent with a privilege-gated, not mass-scanned, issue.

Information Disclosure Apache
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-39436 HIGH This Week

Cross-Site Request Forgery in the CformsII WordPress plugin (bgermann) through version 15.1.3 allows remote unauthenticated attackers to coerce an authenticated victim into submitting forged state-changing requests, resulting in limited integrity loss and high availability impact. No public exploit identified at time of analysis and EPSS sits at 0.01% (4th percentile), indicating very low near-term exploitation probability, and SSVC marks exploitation as none. Patchstack tracks the issue and EUVD-2026-31766 mirrors the advisory.

CSRF Cformsii
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-47072 MEDIUM POC PATCH GHSA This Month

CRLF injection in hackney (Erlang HTTP client, versions 2.0.0-4.0.1) enables header injection into outbound WebSocket upgrade requests when caller-supplied options - host, path, ExtraHeaders, or protocols - contain unsanitized user input. The vulnerable code in src/hackney_ws.erl splices these values verbatim via binary concatenation into a raw HTTP/1.1 upgrade request with no CR, LF, or NUL filtering at any of the four injection sites. No active exploitation is confirmed (not in CISA KEV), though SSVC assesses exploitation status as 'poc' and the fix commit includes a functional test that doubles as a proof-of-concept; EPSS remains very low at 0.05% (15th percentile), consistent with an indirect, application-mediated attack path rather than mass exploitation.

RCE Hackney
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-47076 MEDIUM POC PATCH GHSA This Month

SSRF allowlist bypass in hackney (Erlang HTTP client) versions 0.13.0 through before 4.0.1 allows attackers who control URL input to circumvent application-level SSRF protections by supplying percent-encoded IP addresses as hostnames. The parser differential lies in hackney_url:normalize/2 decoding the host component post-parse: OTP's uri_string:parse/1 and inet:parse_address/1 see %31%36%39%2E%32%35%34%2E%31%36%39%2E%32%35%34 as a non-IP string (allowlist passes), while hackney then decodes it to 169.254.169.254 and establishes the TCP connection. A proof-of-concept exists per SSVC assessment; no active exploitation is confirmed in CISA KEV, and EPSS is very low at 0.01% (2nd percentile).

SSRF Hackney
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-47075 MEDIUM POC PATCH GHSA This Month

HTTP Request Splitting via CRLF injection in hackney, the Erlang/Elixir HTTP client library, allows an attacker who controls URL input to inject arbitrary HTTP headers or split HTTP/1.1 requests by embedding raw carriage return (\r) or line feed (\n) characters in the query string. The root cause is that hackney_url:make_url/3 passes the query binary directly into the HTTP/1.1 request target without percent-encoding RFC 3986-prohibited characters, violating the grammar defined in RFC 3986 §3.4. All hackney versions from 0 through 4.0.0 are affected; a proof-of-concept exists per SSVC assessment, though no active exploitation is confirmed and the EPSS score (0.02%, 6th percentile) indicates low widespread exploitation probability at time of analysis.

RCE Hackney
NVD GitHub VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-9490 MEDIUM This Month

A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user to connect and send a specially crafted message (message type 0x03) to the pipe, causing the service to crash with exit code 1067 (ERROR_PROCESS_ABORTED). To mitigate this potential local service disruption, Acer requires users to update the software to the latest version.

Privilege Escalation Care Center
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-9515 LOW POC Monitor

OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows a remote, low-privileged attacker to execute arbitrary operating system commands on the device by manipulating the plugin_version parameter in the setUnloadUserData function of /cgi-bin/cstecgi.cgi. A public proof-of-concept exploit exists on GitHub, and the EPSS percentile (87th) indicates this CVE carries meaningfully higher exploitation likelihood than the majority of published vulnerabilities despite its low CVSS 4.0 base score of 2.1. No public exploit identified as actively exploited (CISA KEV), but POC availability on a network-accessible embedded device warrants prompt attention in exposed deployments.

Command Injection Ca750 Poe
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-9514 LOW POC Monitor

OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows authenticated remote attackers to execute arbitrary operating system commands by manipulating network diagnostic parameters in the device's CGI handler. The vulnerable function setNetworkDiag, reachable at /cgi-bin/cstecgi.cgi, passes attacker-controlled values for NetDiagHost, NetDiagPingNum, NetDiagPingSize, NetDiagPingTimeOut, and NetDiagTracertHop directly into OS command execution without sanitization. A public proof-of-concept exploit exists on GitHub; the EPSS score of 2.95% at the 87th percentile indicates elevated exploitation likelihood relative to the broader CVE population, though SSVC assessment rates the attack as not automatable.

Command Injection Ca750 Poe
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-9513 LOW POC Monitor

OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows a low-privileged remote attacker to execute arbitrary system commands on the device by manipulating the host_time argument passed to the NTPSyncWithHost function within the CGI-based Setting Handler. A public proof-of-concept exploit is available on GitHub, lowering the bar for exploitation. Despite being an OS command injection - a class of vulnerability typically associated with high-severity scores - the vendor CVSS 4.0 score of 2.1 reflects unusually low impact ratings (VC:L/VI:L/VA:L) that security teams should independently verify, as the 87th-percentile EPSS score signals that this CVE's characteristics are consistent with real-world exploitation interest.

Command Injection Ca750 Poe
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-9512 LOW POC Monitor

OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows a network-reachable, low-privilege authenticated attacker to execute arbitrary operating system commands by injecting shell metacharacters into the admuser or admpass arguments of the setPasswordCfg function within /cgi-bin/cstecgi.cgi. A public proof-of-concept exploit has been published on GitHub, materially lowering the bar for exploitation. No vendor-released patch has been identified at time of analysis, leaving affected deployments dependent on compensating controls.

Command Injection Ca750 Poe
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-27768 MEDIUM PATCH This Month

SQL injection in Genetec Security Center's Access Manager role enables a remote attacker with high privileges to achieve full confidentiality, integrity, and availability impact against the underlying database. The vulnerability spans multiple major release branches (5.9 through 5.13) of this widely deployed physical security management platform, covering access control, video surveillance, and license plate recognition environments. Vendor-released patches are confirmed available for the 5.12 and 5.13 branches; no public exploit has been identified at time of analysis and SSVC assessment confirms no current exploitation activity.

SQLi Genetec Security Center
NVD VulDB
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-9511 LOW POC Monitor

OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows authenticated remote attackers to execute arbitrary OS commands by manipulating the webWlanIdx argument within the setWebWlanIdx function of /cgi-bin/cstecgi.cgi. A publicly available proof-of-concept exploit hosted on GitHub exists, materially lowering the skill threshold for exploitation despite the low CVSS 4.0 score of 2.1. No public exploit identified at time of analysis as confirmed actively exploited (CISA KEV), but EPSS places this at the 85th percentile, signaling elevated exploitation likelihood relative to the broader CVE population.

Command Injection Ca750 Poe
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.3%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy