Skip to main content
CVE-2026-10061 LOW POC Monitor

Command injection in TRENDnet TEW-432BRP firmware 3.10B20 allows a low-privileged, network-based attacker to execute arbitrary OS commands on the device by manipulating the peerPin argument submitted to the formWPS CGI handler at /goform/formWPS. A public proof-of-concept exploit is available on GitHub, confirmed by the E:P modifier in the CVSS 4.0 vector. No patch has been or will ever be released - the vendor explicitly confirmed this router reached end-of-life in 2009, making permanent device replacement the only viable remediation.

Command Injection Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-10060 LOW POC Monitor

Command injection in TRENDnet TEW-432BRP firmware 3.10B20 allows network-reachable authenticated attackers to execute arbitrary OS commands by injecting shell metacharacters into the ip, mask, or gateway parameters of the formSetRoute CGI handler at /goform/formSetRoute. A public proof-of-concept exploit has been disclosed on GitHub. No patch will ever be released - TRENDnet has explicitly confirmed the device reached end-of-life in 2009 and is unable to replicate or remediate the vulnerability, making permanent residual risk the defining characteristic of this CVE.

Command Injection Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-49381 LOW PATCH Monitor

Stored cross-site scripting in JetBrains TeamCity's SAML login page allows a high-privileged attacker to inject persistent malicious scripts that execute in victims' browsers upon visiting the login page. All TeamCity versions prior to 2026.1 are affected. The changed scope (S:C) in the CVSS vector indicates the injected payload can affect browser sessions beyond the immediate component, though confidentiality impact is rated low and no integrity or availability loss is assessed. No public exploit code and no CISA KEV listing have been identified at time of analysis.

XSS Teamcity
NVD VulDB
CVSS 3.1
3.4
EPSS
0.0%
CVE-2026-49370 LOW PATCH Monitor

Information disclosure in JetBrains YouTrack before version 2026.1.13162 exposes sensitive data through fetchApp requests, exploitable by a high-privileged user with required interaction. The CVSS vector (PR:H/UI:R/S:C) indicates this requires an authenticated administrator-level account, some form of user interaction, and crosses a security scope boundary - meaning disclosed data may reach an unintended security context. No public exploit exists and no KEV listing is present; this is a low-severity (CVSS 3.4) internal information leakage issue most relevant to hardened or compliance-sensitive YouTrack deployments.

Information Disclosure Youtrack
NVD VulDB
CVSS 3.1
3.4
EPSS
0.0%
CVE-2026-49383 LOW PATCH Monitor

XXE injection in IntelliJ IDEA's UI Designer form parser exposes local file contents to disclosure when a developer opens a maliciously crafted `.form` file in any version prior to 2026.1. The vulnerability arises because the XML parser fails to restrict external entity references (CWE-611), enabling an attacker-supplied document to read arbitrary local files accessible to the IDE process. No public exploit or CISA KEV listing exists at time of analysis; the low CVSS score of 3.3 reflects the local attack vector and requirement for user interaction, limiting real-world impact compared to network-exploitable XXE.

XXE Intellij Idea
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-45324 LOW PATCH Monitor

Double free memory corruption in Rizin's byte_pattern_search() function (librz/core/cmd/cmd_search.c) arises from incorrect pointer ownership declarations, allowing a low-privileged local attacker with physical access to cause low-integrity and low-availability impacts under high-complexity conditions requiring user interaction. The CVSS score of 3.3 (Low) reflects the extremely constrained attack surface: physical presence, high complexity, and mandatory user interaction all limit practical exploitability. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Rizin
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-45613 LOW Monitor

Heap out-of-bounds read in Rizin's OMF binary parser exposes heap memory contents when a user opens a maliciously crafted Object Module Format file. An off-by-one bounds check error in the `rz_bin_omf_get_entry` function within `librz/bin/format/omf/omf.c` allows array access one element past the end of the allocated sections array, resulting in limited confidentiality impact (heap data disclosure). No public exploit exists and this is not listed in CISA KEV; the CVSS score of 3.3 accurately reflects constrained real-world risk due to local-only access and mandatory user interaction.

Information Disclosure Buffer Overflow Rizin
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-49380 LOW PATCH Monitor

Open redirect in JetBrains TeamCity's SAML authentication plugin (all versions before 2026.1) allows a remote unauthenticated attacker to redirect authenticated users to arbitrary external URLs during the SAML login flow. The vulnerability carries a CVSS 3.1 score of 3.1 (Low), reflecting high attack complexity and mandatory user interaction - limiting realistic exploitation to targeted phishing scenarios against TeamCity users leveraging SAML SSO. No public exploit code exists and no active exploitation has been confirmed.

Open Redirect
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-47203 LOW PATCH GHSA Monitor

Brute force regulation bypass in Authelia's Basic Auth flow (versions 4.38.0-4.39.19) allows unauthenticated remote attackers to partially circumvent account lockout controls by submitting login attempts using case variants of a target username (e.g., 'john', 'John', 'JOHN'). Because Authelia passes the raw Authorization header username to the regulation system without canonicalization, and LDAP backends treat these as the same identity while the regulation SQL queries treat them as distinct, each casing variant occupies a separate ban bucket - multiplying the effective attempt quota before lockout triggers. No public exploit identified at time of analysis, and the CVSSv4 weighted score of 2.9 (Low) reflects the narrow exploitation conditions required and the lack of attacker feedback during exploitation.

Information Disclosure Nginx
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2026-45151 LOW Monitor

Null pointer dereference in NanoMQ MQTT Broker 0.24.8 and earlier causes a denial-of-service condition via the QUIC transport layer. The function quic_stream_recv fails to return after completing an asynchronous I/O operation with an error when a substream is in reopen state, proceeding to lock c->mtx against a null substream pointer. An unauthenticated remote attacker can crash the broker process, disrupting edge messaging services. No public exploit identified at time of analysis beyond proof-of-concept code reflected in the CVSS 4.0 E:P metric; not listed in CISA KEV.

Null Pointer Dereference Denial Of Service Nanomq
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.0%
CVE-2026-10078 LOW Monitor

Credential exposure in Red Hat Quay 3's config-tool GitLab OAuth validator allows OAuth client_id and client_secret to leak into system logs. The config-tool incorrectly appends these sensitive values as URL query parameters on POST requests to the GitLab endpoint, causing them to appear in server access logs, reverse proxy logs, and monitoring infrastructure. A highly privileged attacker with read access to those log systems can harvest the exposed OAuth credentials and use them for unauthorized GitLab API access. No public exploit code exists and this is not listed in CISA KEV.

Information Disclosure Gitlab
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-34507 LOW PATCH Monitor

Policy bypass in OpenClaw's QQBot admin command handling allows authenticated low-privilege network users to circumvent DM-only and allowFrom authorization checks, routing restricted admin commands from unauthorized senders or contexts. Affected versions are all OpenClaw releases prior to 2026.4.29. The CVSS 4.0 score of 2.3 reflects limited confidentiality and integrity impact with no availability impact, and no public exploit has been identified at time of analysis.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-32906 LOW PATCH Monitor

Privilege escalation in OpenClaw's Slack plugin approval workflow allows authenticated users holding limited exec permissions to bypass operator-configured approval splits by resolving plugin approvals through the exec approver gate - approving actions outside their intended authorization boundary. All OpenClaw versions before 2026.5.12 are affected when the Slack plugin is deployed with approval split configurations. No public exploit code has been identified and this vulnerability is not listed in CISA KEV; the CVSS 4.0 score of 2.3 accurately reflects its narrow real-world impact, constrained by prerequisites and a low impact ceiling.

Privilege Escalation Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-33386 LOW Monitor

Cross-site scripting in QuickCMS allows a network-adjacent unauthenticated attacker to inject and execute arbitrary JavaScript in a victim user's browser by intercepting the CMS's unencrypted HTTP request to the opensolution.org plugin list endpoint. Any QuickCMS deployment running an unpatched version of 6.8 that fetches plugin listings over plain HTTP is affected. No public exploit code or CISA KEV listing exists at time of analysis, and the low CVSS 4.0 score of 2.3 reflects the adjacent-network and MITM prerequisites that significantly constrain realistic attacker reach.

XSS
NVD
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-10064 LOW Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP firmware 3.10B20 allows a low-privileged remote attacker to corrupt memory via a manipulated `special_name` argument submitted to the `/goform/formSetPortTr` endpoint. The affected device reached end-of-life in 2009, and the vendor has explicitly declined to issue a patch, meaning no fix will ever be released. Publicly available exploit code exists (E:P per CVSS 4.0 vector), raising the practical risk for any deployment where this device remains internet-accessible or reachable by untrusted users.

Buffer Overflow Tew 432Brp Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4387 LOW PATCH Monitor

StrongDM Desktop Application on Microsoft Windows exposes authentication secrets - including JSON Web Tokens and asymmetric key material - by writing them in cleartext to C:\Users\<username>\.sdm\state.kv, a per-user state file protected solely by default NTFS user-level permissions. Versions prior to Desktop Application 23.74.0 and Desktop Client 53.77.0 are affected. A local attacker meeting the required access prerequisites could read this file and extract live credentials, potentially enabling impersonation of the victim against StrongDM-managed infrastructure. No public exploit code exists and the vulnerability is not in the CISA KEV catalog; the low CVSS 4.0 score of 2.0 reflects the constrained local attack surface and required attack conditions.

Microsoft Information Disclosure
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-49318 LOW Monitor

PIN screen authentication bypass in the 2025 Indian Motorcycle Scout Bobber + Tech Infotainment / Digital Round display allows a physically proximate attacker to reach the fully unlocked user interface without entering a PIN. The system's boot-sequence logic (CWE-696) uses the mere presence of Wireless Control Module (WCM) CAN bus traffic as a proxy for immobilizer-fitment, and silently drops the PIN gate when no WCM messages appear - a condition an attacker can manufacture by suppressing the WCM via a CAN bus-off technique during the boot window. No public exploit has been identified at time of analysis, and this is not listed in CISA KEV.

Authentication Bypass Scout Bobber Tech
NVD VulDB
CVSS 4.0
1.0
EPSS
0.0%
CVE-2026-49317 LOW Monitor

PIN entry bypass in the Indian Motorcycle Scout Bobber + Tech 2025 infotainment system allows an attacker with physical proximity to the vehicle to access the fully unlocked infotainment interface without entering the correct PIN. The root cause (CWE-696, Incorrect Behavior Order) is that the system treats the presence of Wireless Control Module (WCM) CAN bus traffic during its startup boot window as a proxy for immobilizer detection, and skips PIN enforcement entirely when no WCM messages are observed - a condition an attacker can manufacture by silencing the WCM. Reported by ASRG with no public exploit code and no CISA KEV listing; specific timing and protocol details have been withheld pending vendor remediation.

Authentication Bypass Scout Bobber Tech
NVD VulDB
CVSS 4.0
1.0
EPSS
0.0%
CVE-2026-40528 LOW PATCH Monitor

Stack and heap buffer overruns in OpenSC's pkcs15-init tooling corrupt memory when processing a maliciously crafted PKCS#15 profile configuration file. Affected versions prior to 0.27.0 contain no length validation in the do_key_value() function before a memcpy into the fixed-size keybuf buffer, allowing overflow when a key value entry begins with '=' and exceeds sizeof(keybuf) bytes. Exploitation is severely constrained by a CVSS 4.0 score of 1.0 - physical access, high attack complexity, and user interaction are all required - and no public exploit or CISA KEV listing exists at time of analysis.

Buffer Overflow Stack Overflow Opensc
NVD GitHub VulDB
CVSS 4.0
1.0
EPSS
0.0%
CVE-2026-40510 LOW PATCH Monitor

Stack buffer overflow in OpenSC's PIV card handler allows a physically present attacker to corrupt memory by presenting a crafted PIV smart card or USB device that returns a URL field exceeding 118 bytes in the Key History Object ASN.1 response, triggering the overflow in `piv_process_history()` within `src/libopensc/card-piv.c`. All OpenSC versions prior to 0.27.0-rc1 are affected; the vulnerability is confirmed by the vendor fix in commit 3f24f0b and PR #3558. With a CVSS 4.0 score of 1.0 (AV:P/AC:H/UI:P), exploitation is severely constrained by mandatory physical access and high attack complexity, with no CISA KEV listing and no public exploit identified at time of analysis.

Buffer Overflow Stack Overflow Opensc
NVD GitHub VulDB
CVSS 4.0
1.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy