Skip to main content
CVE-2026-9515 LOW POC Monitor

OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows a remote, low-privileged attacker to execute arbitrary operating system commands on the device by manipulating the plugin_version parameter in the setUnloadUserData function of /cgi-bin/cstecgi.cgi. A public proof-of-concept exploit exists on GitHub, and the EPSS percentile (87th) indicates this CVE carries meaningfully higher exploitation likelihood than the majority of published vulnerabilities despite its low CVSS 4.0 base score of 2.1. No public exploit identified as actively exploited (CISA KEV), but POC availability on a network-accessible embedded device warrants prompt attention in exposed deployments.

Command Injection Ca750 Poe
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-9514 LOW POC Monitor

OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows authenticated remote attackers to execute arbitrary operating system commands by manipulating network diagnostic parameters in the device's CGI handler. The vulnerable function setNetworkDiag, reachable at /cgi-bin/cstecgi.cgi, passes attacker-controlled values for NetDiagHost, NetDiagPingNum, NetDiagPingSize, NetDiagPingTimeOut, and NetDiagTracertHop directly into OS command execution without sanitization. A public proof-of-concept exploit exists on GitHub; the EPSS score of 2.95% at the 87th percentile indicates elevated exploitation likelihood relative to the broader CVE population, though SSVC assessment rates the attack as not automatable.

Command Injection Ca750 Poe
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-9513 LOW POC Monitor

OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows a low-privileged remote attacker to execute arbitrary system commands on the device by manipulating the host_time argument passed to the NTPSyncWithHost function within the CGI-based Setting Handler. A public proof-of-concept exploit is available on GitHub, lowering the bar for exploitation. Despite being an OS command injection - a class of vulnerability typically associated with high-severity scores - the vendor CVSS 4.0 score of 2.1 reflects unusually low impact ratings (VC:L/VI:L/VA:L) that security teams should independently verify, as the 87th-percentile EPSS score signals that this CVE's characteristics are consistent with real-world exploitation interest.

Command Injection Ca750 Poe
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-9512 LOW POC Monitor

OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows a network-reachable, low-privilege authenticated attacker to execute arbitrary operating system commands by injecting shell metacharacters into the admuser or admpass arguments of the setPasswordCfg function within /cgi-bin/cstecgi.cgi. A public proof-of-concept exploit has been published on GitHub, materially lowering the bar for exploitation. No vendor-released patch has been identified at time of analysis, leaving affected deployments dependent on compensating controls.

Command Injection Ca750 Poe
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-9511 LOW POC Monitor

OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows authenticated remote attackers to execute arbitrary OS commands by manipulating the webWlanIdx argument within the setWebWlanIdx function of /cgi-bin/cstecgi.cgi. A publicly available proof-of-concept exploit hosted on GitHub exists, materially lowering the skill threshold for exploitation despite the low CVSS 4.0 score of 2.1. No public exploit identified at time of analysis as confirmed actively exploited (CISA KEV), but EPSS places this at the 85th percentile, signaling elevated exploitation likelihood relative to the broader CVE population.

Command Injection Ca750 Poe
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.3%
CVE-2026-9441 LOW POC Monitor

Command injection in Edimax BR-6478AC 1.23 exposes the router's web management interface to remote exploitation via a crafted POST request targeting the formiNICbasic endpoint. The rootAPmac parameter - likely used for wireless bridging MAC address configuration - is passed unsanitized to a system-level command, allowing an authenticated attacker with low privileges to inject arbitrary OS commands. A public proof-of-concept exploit has been released; the vendor was notified but did not respond, leaving the vulnerability unpatched. While not listed in CISA KEV, the EPSS score of 0.84% at the 75th percentile and confirmed POC availability represent a meaningful risk for exposed devices.

Command Injection Br 6478Ac
NVD VulDB
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-9440 LOW POC Monitor

Command injection in the Edimax BR-6478AC 1.23 wireless router's formAccept POST handler allows an authenticated remote attacker to execute arbitrary OS commands by injecting shell metacharacters into the submit-url argument at /goform/formAccept. A public proof-of-concept exploit is documented via a Notion writeup, lowering the bar for exploitation; the vendor did not respond to responsible disclosure, leaving no patch available. No public exploit identified at time of analysis conflicts with KEV status - active exploitation is not confirmed by CISA, but EPSS at 0.84% (75th percentile) signals above-average relative exploitation interest given the public POC.

Command Injection Br 6478Ac
NVD VulDB
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-9439 LOW POC Monitor

Command injection in the Edimax BR-6675nD 1.12 router's web management interface allows a low-privileged remote attacker to execute arbitrary OS commands by submitting a crafted value for the `interface` parameter to the `/goform/stainfo` endpoint. A public proof-of-concept exploit is available on Notion and documented via VulDB, lowering the bar for exploitation. No vendor patch has been issued; the vendor did not respond to coordinated disclosure, leaving affected deployments without an official fix.

Command Injection Br 6675Nd
NVD VulDB
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-9437 LOW POC Monitor

OS command injection in DTStack Taier 1.4.0 permits remote low-privileged authenticated attackers to execute arbitrary operating system commands by injecting shell metacharacters into the `sqlText` parameter, which is passed unsanitized to Java's `Runtime.exec()` within the REST API. A public proof-of-concept exploit has been disclosed on GitHub. No vendor patch exists - the vendor did not respond to responsible disclosure - leaving all Taier 1.4.0 deployments without an official remediation path at time of analysis.

Command Injection Taier
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-9424 LOW POC Monitor

OS command injection in Edimax EW-7438RPn 1.31 allows a low-privileged, remote attacker to execute arbitrary commands on the device by manipulating any of approximately 29 parameters passed to the formWlanMP function via the /goform/formWlanMP endpoint. The vulnerable parameters - including ateFunc, ateGain, ateTxCount, and e2pTxPower series - are characteristic of ATE (Automatic Test Equipment) manufacturing-mode calibration parameters left accessible in the production firmware. A public proof-of-concept exploit has been published on GitHub, and the vendor did not respond to the disclosure; no patch is available. No public exploit identified as confirmed actively exploited (CISA KEV), though the public PoC elevates real-world risk.

Command Injection Ew 7438Rpn
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-9438 LOW POC Monitor

Resource injection in yashpokharna2555's StudentManagementSystem allows low-privileged remote attackers to manipulate the ID parameter in courseDel.php to control which course records are deleted or affected, resulting in unauthorized data integrity and availability impact. The flaw affects the specific git commit cb2f558ddf8d19396de0f92abf2d224d46a0a203 and exploit code is publicly available via a GitHub issue. No patch has been released, and the project maintainer has not responded to the disclosure.

PHP Information Disclosure Studentmanagementsystem
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9484 LOW POC Monitor

Improper authorization in SourceCodester Student Grades Management System 1.0 allows authenticated remote attackers to manipulate the classroom_id parameter within classroom.php to access or modify classroom enrollment data beyond their authorized scope. The vulnerability affects the getClassroomStudents and removeStudentFromClassroom functions, enabling unauthorized listing of enrolled students or removal of students from classrooms the attacker does not administer. A publicly available proof-of-concept exploit exists on GitHub, though EPSS places exploitation probability at just 0.04% (13th percentile), and the vulnerability is not currently listed in the CISA KEV catalog.

PHP Authentication Bypass Student Grades Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9473 LOW POC Monitor

Path traversal in jimeng-mcp 1.10.0 allows low-privileged remote attackers to read and write files outside the intended directory by supplying crafted filePath arguments to four distinct API functions: getFileContent, uploadCoverFile, generateImage, and generateVideo in src/api.ts. A publicly available proof-of-concept exploit exists, disclosed via GitHub issue #15, though EPSS at 0.04% (13th percentile) indicates minimal observed mass-exploitation activity to date. No patch has been released and the vendor has not responded to the responsible disclosure, leaving deployments without an official remediation path.

Path Traversal Jimeng Mcp
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9472 LOW POC Monitor

Path traversal in dazeb markdown-downloader exposes server-side file systems to low-privileged remote attackers through unsanitized input in three functions within src/index.ts. The affected functions - download_markdown, list_downloaded_files, and create_subdirectory - fail to restrict directory scope, allowing authenticated users with low privileges to read or write files outside intended boundaries. No public exploit identified at time of analysis as a KEV entry, but publicly available exploit code exists via a GitHub issue report, and the project maintainer has not acknowledged or patched the disclosure.

Path Traversal Markdown Downloader
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9468 LOW POC Monitor

Path traversal in dazeb cline-mcp-memory-bank exposes host filesystems to authenticated remote attackers via unsanitized user input in the `handleInitializeMemoryBank` function of `src/index.ts`. All versions up to and including commit 55c81b9cf6c16700983c84dc4cdea3cafa19a75f are affected, covering the entire release history of this rolling-release MCP memory tool. A public proof-of-concept exploit exists via the project's GitHub issue tracker, though EPSS scoring (0.04%, 13th percentile) and SSVC's non-automatable classification suggest limited mass exploitation risk at time of analysis.

Path Traversal Cline Mcp Memory Bank
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9498 LOW POC Monitor

Server-side template injection (SSTI) in Dromara lamp-cloud versions 5.6.0 through 5.6.2 exposes the Message Template Handler to remote exploitation by authenticated low-privileged users who can inject malicious Groovy expressions via the DefMsgTemplate.content parameter. The vulnerable function GroovyClassLoader.parseClass compiles and executes attacker-controlled input as Groovy code at runtime. A public proof-of-concept exploit has been disclosed on GitHub, and the vendor has not responded to the coordinated disclosure, leaving no official patch available at time of analysis.

Information Disclosure Ssti Lamp Cloud
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9467 LOW POC Monitor

Path traversal in debugmcp mcp-debugger through version 0.20.0 enables authenticated remote attackers with low-privilege access to read arbitrary files outside the intended directory via the `handleGetSourceContext` function in `src/server.ts`. Impact is restricted to limited confidentiality exposure on the vulnerable system (CVSS VC:L) with no integrity or availability consequence, yielding a CVSS 4.0 score of 2.1. A public proof-of-concept exploit exists on GitHub, though the EPSS score remains at 0.04% (12th percentile) and the issue is absent from the CISA KEV catalog, indicating exploitation has not been observed at meaningful scale. The vendor did not respond to responsible disclosure, meaning no official patch is available.

Path Traversal Mcp Debugger
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9483 LOW POC Monitor

Improper authorization in SourceCodester Student Grades Management System 1.0 permits authenticated remote attackers to access or manipulate grade records belonging to other students by tampering with the student_id parameter in grades.php. The flaw (CWE-285) reflects a failure to enforce object-level authorization, allowing a low-privileged user to cross access boundaries to other students' data. A publicly available proof-of-concept exists on GitHub, though EPSS sits at 0.04% (11th percentile) and SSVC classifies exploitation as none, indicating no evidence of active exploitation in the wild despite the POC.

PHP Authentication Bypass Student Grades Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9445 LOW POC Monitor

Unrestricted file upload in SourceCodester Simple POS and Inventory System 1.0 allows authenticated remote attackers to upload arbitrary files through the image argument of /admin/addproduct.php, potentially enabling web shell deployment and remote code execution. A publicly available proof-of-concept exploit exists (GitHub gist), and SSVC confirms exploitation: poc status. Despite the severe nature of CWE-434 unrestricted upload flaws, EPSS sits at 0.04% (11th percentile) and CISA has not added this to KEV, indicating limited observed exploitation in the wild at time of analysis.

PHP File Upload Simple Pos And Inventory System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9412 LOW POC Monitor

Improper access control across multiple backend endpoints in SourceCodester Indian Invoicing System 1.0 permits authenticated low-privilege users to reach restricted functionality beyond their authorization level. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N) confirms remote exploitation requiring only low-level credentials, with confidentiality, integrity, and availability all assessed at low impact across the vulnerable system. A publicly available proof-of-concept exploit exists (hosted on GitHub), though EPSS remains at 0.04% (11th percentile) and the vulnerability is not in the CISA KEV catalog, indicating no confirmed widespread exploitation at time of analysis.

Authentication Bypass Indian Invoicing System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9448 LOW POC Monitor

Reflected cross-site scripting in code-projects Employee Management System 1.0 allows remote unauthenticated attackers to inject arbitrary JavaScript into victim browsers via the unsanitized `id` parameter in `/applyleave.php`. The attack requires victim interaction (UI:P per CVSS 4.0), meaning a victim must visit or be socially engineered into clicking a crafted URL. Publicly available exploit code exists on GitHub (no public exploit identified at time of analysis for widespread KEV-confirmed exploitation), though EPSS at 0.03% (10th percentile) signals negligible observed exploitation activity at scale.

PHP XSS Employee Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9419 LOW POC Monitor

Reflected cross-site scripting in code-projects Employee Management System 1.0 allows unauthenticated remote attackers to inject and execute arbitrary JavaScript in a victim's browser by manipulating the `ID` parameter of `/empproject.php`. A publicly available proof-of-concept exploit exists on GitHub, lowering the barrier to exploitation, though user interaction is required to trigger the payload. No active exploitation has been confirmed by CISA KEV, and the EPSS score of 0.03% places this in the bottom 10th percentile of exploitation likelihood, consistent with the low CVSS 4.0 score of 2.1.

PHP XSS Employee Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9418 LOW POC Monitor

Reflected cross-site scripting in code-projects Employee Management System 1.0 allows remote unauthenticated attackers to inject malicious scripts into victim browsers via the unsanitized 'ID' parameter in /changepassemp.php. Exploitation requires user interaction (UI:P per CVSS 4.0), limiting mass exploitation, but a publicly available proof-of-concept exploit exists on GitHub. No patch has been identified from the vendor; EPSS of 0.03% (10th percentile) indicates low observed exploitation probability, and this CVE is not listed in the CISA KEV catalog.

PHP XSS Employee Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9417 LOW POC Monitor

Cross-site scripting in code-projects Employee Management System 1.0 allows remote, unauthenticated attackers to inject malicious scripts via the ID parameter of /myprofileup.php, requiring only passive user interaction to execute. A publicly available proof-of-concept exploit exists on GitHub, though EPSS at 0.03% (10th percentile) and SSVC's 'not automatable' rating indicate minimal observed real-world exploitation activity. The vulnerability is limited to partial integrity impact on the vulnerable system with no confidentiality or availability impact, consistent with the CVSS 4.0 score of 2.1.

PHP XSS Employee Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9416 LOW POC Monitor

Reflected cross-site scripting in code-projects Employee Management System 1.0 allows remote unauthenticated attackers to inject and execute malicious JavaScript in a victim's browser by manipulating the `id` parameter of `/myprofile.php`. Exploitation requires passive user interaction (UI:P) - the victim must load a crafted URL - which constrains automated attack chains. A public proof-of-concept is confirmed available on GitHub, though the EPSS score of 0.03% (10th percentile) indicates minimal real-world exploitation activity; the vulnerability is not listed in CISA KEV.

PHP XSS Employee Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9415 LOW POC Monitor

Reflected cross-site scripting in code-projects Employee Management System 1.0 allows remote unauthenticated attackers to inject and execute malicious scripts in a victim's browser via the ID parameter of /eloginwel.php. Exploitation requires user interaction (UI:P per CVSS 4.0), limiting automatable mass exploitation, though a publicly available proof-of-concept lowers the technical bar for targeted attacks. No vendor patch has been identified at time of analysis, and the EPSS score of 0.03% (10th percentile) indicates low observed exploitation probability despite POC availability.

PHP XSS Employee Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9413 LOW POC Monitor

Reflected cross-site scripting (XSS) in SourceCodester Indian Invoicing System 1.0 allows unauthenticated remote attackers to inject and execute malicious scripts in a victim's browser by manipulating the `msg` parameter in `/Invoicing/category.php`. A proof-of-concept exploit is publicly available on GitHub. Despite the public POC, EPSS stands at just 0.03% (10th percentile) and the vulnerability is absent from CISA KEV, reflecting the narrow deployment footprint of this niche PHP invoicing application and the user-interaction requirement that limits automated exploitation.

PHP XSS Indian Invoicing System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9451 LOW POC Monitor

SQL injection in code-projects Employee Management System 1.0 allows remote low-privileged attackers to manipulate the `ID` parameter in `/process/applyleaveprocess.php`, enabling unauthorized database read and write operations with partial impact across confidentiality, integrity, and availability. A publicly available proof-of-concept exploit exists on GitHub, though no confirmed active exploitation (CISA KEV) has been recorded. EPSS at 0.03% (8th percentile) and an SSVC assessment of 'not automatable' indicate low broad exploitation likelihood, though the accessible POC meaningfully lowers the barrier for targeted manual attacks against organizations running this application.

PHP SQLi Employee Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9450 LOW POC Monitor

SQL injection in the /psubmit.php endpoint of code-projects Employee Management System 1.0 enables authenticated remote attackers to manipulate the pid parameter and inject arbitrary SQL commands against the backend database. A public proof-of-concept exploit has been released on GitHub, reducing the skill barrier for exploitation against unpatched deployments. Despite a low CVSS 4.0 base score of 2.1 reflecting partial impact scope and low-privilege requirements, the combination of network accessibility and public PoC warrants prompt remediation for any internet-facing instance; no public exploit identified meets CISA KEV criteria, and no vendor-released patch has been confirmed at time of analysis.

PHP SQLi Employee Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9449 LOW POC Monitor

SQL injection in code-projects Employee Management System 1.0 exposes the /changepassemp.php password-change endpoint to database manipulation by authenticated low-privilege users over the network. The CVSS 4.0 score of 2.1 reflects limited, non-cascading impact - partial confidentiality, integrity, and availability degradation confined to the vulnerable component with no downstream system scope change. A publicly available proof-of-concept exploit exists on GitHub, though the EPSS score of 0.03% (8th percentile) and SSVC 'automatable: no' classification indicate this is unlikely to see widespread opportunistic exploitation; no public exploit identified at time of analysis corroborating active KEV-level campaigns.

PHP SQLi Employee Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9411 LOW POC Monitor

SQL injection in SourceCodester Indian Invoicing System 1.0 allows a remote, low-privileged authenticated attacker to manipulate database queries through the customer_name and category parameters in /Invoicing/IGST_Invoice.php. The vulnerability yields partial confidentiality, integrity, and availability impact against the underlying database. No public exploit identified at time of analysis is incorrect - publicly available exploit code exists (GitHub gist), though the application is a niche, open-source invoicing tool with limited deployment footprint and no confirmed active exploitation in the wild.

PHP SQLi Indian Invoicing System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9410 LOW POC Monitor

Improper authorization in Sushmi-pal Invoice-System (up to commit a0a3faa16dee2621b231ae227333f5761607283b) enables authenticated low-privileged users to manipulate the `ID` parameter on the `/profile` endpoint to access or modify profile records belonging to other users - a classic horizontal privilege escalation pattern. The CVSS 4.0 score is 2.1 (Low), reflecting constrained integrity-only impact with no confidentiality or availability consequence, and a proof-of-concept exploit has been publicly disclosed on GitHub. No patch exists; the vendor did not respond to responsible disclosure, and no public exploit is confirmed in CISA KEV.

Authentication Bypass Invoice System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9409 LOW POC Monitor

Improper authorization in Sushmi-pal Invoice-System exposes its User Management Handler to privilege escalation by authenticated remote attackers who manipulate the `role` argument on the `/user` endpoint. Affected instances include all code up to commit a0a3faa16dee2621b231ae227333f5761607283b; the project uses a rolling release model with no discrete versioning. A publicly available proof-of-concept exploit exists on GitHub, though EPSS sits at just 0.03% and SSVC rates the attack as non-automatable with only partial technical impact - no confirmed active exploitation (CISA KEV) has been identified.

Authentication Bypass Invoice System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9486 LOW POC Monitor

Cross-site request forgery in SourceCodester Student Grades Management System 1.0 enables remote attackers to perform unauthorized state-changing actions - such as modifying student grade records - by tricking authenticated users into visiting a malicious page. The CVSS 4.0 score of 2.1 reflects constrained impact: integrity loss is low (VI:L), and there is no confidentiality or availability consequence. A publicly available proof-of-concept exploit exists on GitHub (corroborated by E:P in the CVSS vector), though EPSS at 0.02% (4th percentile) signals negligible observed exploitation activity and no public exploit identified at time of analysis has matured into confirmed active exploitation.

CSRF Student Grades Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9423 LOW POC Monitor

Command injection in Edimax BR-6675nD firmware 1.12 enables remote attackers with administrative credentials to execute arbitrary OS commands via the `command` argument in POST requests to the `/goform/mp` endpoint. Although a public exploit exists (referenced via a Notion-hosted POC), exploitation is constrained by the requirement for high-privilege authentication (CVSS PR:H), keeping the CVSS 4.0 score at 2.0 and EPSS at 0.23%. No vendor patch is available - the vendor did not respond to pre-disclosure contact - leaving devices persistently unmitigated at the firmware level.

Command Injection Br 6675Nd
NVD VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2026-9464 LOW POC Monitor

Server-side request forgery in YunaiV yudao-cloud 2026.03 allows authenticated administrators to force the server to issue arbitrary HTTP requests via the IoT data sink creation endpoint. The vulnerability exists in the IotDataSinkHttpConfig function exposed at /admin-api/iot/data-sink/create, where attacker-controlled URL parameters are passed to an outbound HTTP client without adequate validation. A proof-of-concept exploit has been publicly disclosed on GitHub; however, the CVSS 4.0 base score of 2.0 and a 0.03% EPSS probability reflect the significant limiting factor of requiring high-privilege authentication, and no KEV listing indicates no confirmed active exploitation at time of analysis.

SSRF Yudao Cloud
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-9485 LOW POC Monitor

Cross-site scripting in SourceCodester Student Grades Management System 1.0 allows a low-privileged authenticated attacker to inject malicious JavaScript via the unvalidated 'Remarks' parameter in students.php, executing arbitrary scripts in the context of a victim's browser session upon passive viewing. A public proof-of-concept exists on GitHub; however, this CVE is not listed in the CISA KEV catalog and the EPSS score of 0.03% (9th percentile) reflects very low real-world exploitation probability. SSVC assessment corroborates this with 'Exploitation: none' and 'Automatable: no,' consistent with the required user-interaction constraint.

PHP XSS Student Grades Management System
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-9471 LOW POC Monitor

Cross-site scripting in yashpokharna2555's StudentManagementSystem (PHP) allows authenticated remote attackers to inject malicious client-side scripts via the FIRST_NAME parameter in /student.php, executing in victim browsers upon record viewing. The CVSS 4.0 score of 2.0 (Low) reflects the requirement for prior authentication (PR:L) and user interaction (UI:P), significantly constraining real-world impact. Publicly available exploit code exists via a GitHub issue report; no vendor patch has been issued and the maintainer has not responded to the disclosure.

PHP XSS Studentmanagementsystem
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-9414 LOW POC Monitor

Stored cross-site scripting in SourceCodester Indian Invoicing System versions 0.x and 1.0 allows a low-privileged authenticated attacker to inject malicious JavaScript via the `customer_name` parameter in `/Invoicing/add_order.php`, which is persisted to the database and executed in the browsers of users who subsequently view the rendered invoice template. A public proof-of-concept exploit is available on GitHub (gist by c4ttr4ck), though EPSS sits at only 0.03% (9th percentile) and the vulnerability is not listed in CISA KEV, indicating no confirmed widespread exploitation. Impact is limited to partial integrity on the vulnerable system with no confidentiality or availability consequences, consistent with the CVSS 4.0 score of 2.0.

PHP XSS Indian Invoicing System
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-9446 LOW POC Monitor

SQL injection in SourceCodester Simple POS and Inventory System 1.0 allows remote authenticated administrators to manipulate database queries via the ID parameter in /admin/edit_customer.php. The vulnerability is tagged CWE-89 and carries a CVSS 4.0 base score of 2.0, reflecting the high privilege requirement that significantly limits the attacker pool to those with existing admin access. Publicly available exploit code exists (hosted on GitHub Gist), though EPSS remains very low at 0.03% (8th percentile), and no CISA KEV listing is present - indicating no confirmed widespread exploitation at time of analysis.

PHP SQLi Simple Pos And Inventory System
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-9444 LOW POC Monitor

SQL injection in SourceCodester Simple POS and Inventory System 1.0 allows a remote, high-privileged (admin-level) attacker to manipulate database queries via the unsanitized 'ID' GET parameter in /admin/deleteproduct.php. Successful exploitation yields partial read, write, and availability impact on the underlying database. No public exploit identified at time of analysis is incorrect - publicly available exploit code exists (GitHub gist), though no confirmed active exploitation (KEV) has been observed, and the EPSS score of 0.03% reflects minimal real-world exploitation pressure.

PHP SQLi Simple Pos And Inventory System
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-9503 LOW POC PATCH Monitor

Null pointer dereference in GNU LibreDWG (all versions through 0.14) allows a local, low-privileged attacker to crash any application that uses the library to parse a maliciously crafted DWG file, resulting in a denial-of-service condition with no confidentiality or integrity impact. The affected code path is within the DWG 2004 compressed-section handler in src/decode.c, where missing bounds checks on section entry address fields permit invalid memory access. A public proof-of-concept exploit file exists; however, the vulnerability is not listed in CISA KEV, EPSS sits at 0.01% (2nd percentile), and SSVC rates it non-automatable with only partial technical impact, collectively indicating negligible in-the-wild exploitation risk at time of analysis.

Denial Of Service Null Pointer Dereference Libredwg
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-9502 LOW POC PATCH Monitor

Heap-based buffer overflow in GNU LibreDWG's dwgread utility (versions 0.1 through 0.14) allows a local attacker with low privileges to corrupt heap memory by supplying a specially crafted R2004-format DWG file. The vulnerable function decompress_R2004_section in src/decode.c fails to validate decompression offset and size parameters before writing, enabling out-of-bounds heap writes with partial confidentiality, integrity, and availability impact. Publicly available exploit code exists as a crafted DWG file; however, no active exploitation is confirmed (not in CISA KEV), EPSS is 0.01% (2nd percentile), and the local-only attack vector sharply constrains real-world risk.

Heap Overflow Buffer Overflow Libredwg
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-9501 LOW POC PATCH Monitor

Reachable assertion (CWE-617) in GNU LibreDWG's `decompress_R2004_section` function allows a local low-privileged attacker to crash the `dwgread` utility by supplying a malformed R2004-format DWG file with out-of-bounds decompression parameters. All releases from 0.1 through 0.14 are confirmed affected. Publicly available exploit code exists, though EPSS sits at 0.01% (2nd percentile) and no active exploitation is confirmed - consistent with the strictly local, no-code-execution impact profile.

Denial Of Service Libredwg
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-9500 LOW POC Monitor

Heap-based buffer overflow in GNU LibreDWG's read_2004_compressed_section function (src/decode.c) exposes users of the dwgread utility to partial confidentiality, integrity, and availability compromise when processing a maliciously crafted DWG file. All released versions from 0.1 through 0.14 are affected, and a publicly available proof-of-concept exploit file exists on GitHub. No vendor patch has been issued; the project has not responded to the responsible disclosure despite early notification via issue report.

Heap Overflow Buffer Overflow Libredwg
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-9504 LOW POC PATCH Monitor

Out-of-bounds read in GNU LibreDWG's dwggrep utility exposes heap memory when processing maliciously crafted DWG files containing LTYPE objects with unterminated wide-character dash text strings. Affected versions span 0.1 through 0.14 (CPE: cpe:2.3:a:gnu:libredwg). A local authenticated attacker can trigger partial information disclosure by supplying a crafted DWG file to the dwggrep command-line tool; a public proof-of-concept DWG payload exists, though EPSS of 0.01% (2nd percentile) and absence from CISA KEV indicate no widespread exploitation activity at time of analysis.

Information Disclosure Buffer Overflow Libredwg
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-48847 LOW PATCH Monitor

Pre-authentication arbitrary file deletion in Roundcube Webmail 1.6.x (before 1.6.16) and 1.7.x (before 1.7.1) is achievable by unauthenticated network attackers via session poisoning of Redis or Memcache storage backends. The root cause (CWE-669: Incorrect Resource Transfer Between Spheres) lies in the application improperly trusting session data read from an external cache tier, allowing crafted entries to bypass pre-authentication controls and trigger file deletion operations. No public exploit has been identified at time of analysis, and EPSS stands at 0.06%, though Roundcube installations are historically targeted by espionage-motivated threat actors and patching is strongly recommended.

Authentication Bypass Redis Webmail
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.1%
CVE-2026-48852 LOW PATCH Monitor

Assertion failure in ECDSA signature verification within PuTTY 0.71 through 0.83 allows a network-positioned attacker to crash the PuTTY client, producing a denial-of-service condition. The vulnerability (CWE-617: Reachable Assertion) carries a CVSS 3.7 Low score with no confidentiality or integrity impact - availability impact is limited to the client process itself. No public exploit code exists and no active exploitation has been identified; SSVC rates exploitation as none and the EPSS score of 0.04% (12th percentile) confirms minimal current exploitation probability.

Denial Of Service Putty
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-48850 LOW PATCH Monitor

Double free in PuTTY's RSA key exchange implementation affects versions 0.72 through 0.83, creating a memory corruption condition that can crash the client when connecting to a server that negotiates RSA KEX. The CVSS vector (AV:N/AC:H/PR:N/UI:N/A:L) reflects a network-reachable but high-complexity trigger with only limited availability impact, consistent with a difficult-to-reproduce crash rather than reliable code execution. No active exploitation is confirmed per CISA KEV, SSVC reports exploitation status as none, and EPSS sits at 0.04% (12th percentile), indicating low real-world exploitation pressure at time of analysis.

Information Disclosure Putty
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-48851 LOW PATCH Monitor

PuTTY's trust sigil mechanism - the application icon displayed to distinguish legitimate remote TELNET output from locally-injected spoofed content - fails to reset trust state between proxy authentication and the start of the main TELNET session in versions 0.77 through 0.83. Under CWE-451 (UI Misrepresentation of Critical Information), an attacker positioned to control or influence a TELNET proxy could present deceptive terminal content to the user bearing the trusted indicator, achieving low-integrity impact by misleading the user about the source or authenticity of displayed data. No public exploit exists, EPSS is 0.03% (9th percentile), CISA SSVC rates exploitation as none, and the overall CVSS score is 3.1 (Low), reflecting high attack complexity and narrow real-world applicability.

Information Disclosure Putty
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy