Skip to main content
CVE-2026-10127 LOW POC Monitor

Authenticated command injection in Edimax BR-6478AC 1.23 firmware allows network-adjacent attackers with low-privilege credentials to execute arbitrary OS commands via the rootAPmac parameter in the formStaDrvSetup POST handler at /goform/formStaDrvSetup. The CVSS temporal vector confirms a public proof-of-concept (E:P) with reasonable confidence in the report (RC:R), while remediation level remains undefined (RL:X), indicating no vendor patch has been publicly acknowledged. No public exploit identified at time of analysis as confirmed actively exploited (CISA KEV), but publicly available exploit code exists, elevating practical risk for deployed devices.

Command Injection Br 6478Ac
NVD VulDB
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-10116 LOW POC PATCH Monitor

Timer pool exhaustion in Open5GS up to 2.7.7 allows an authenticated remote attacker with low privileges to crash the UE authentication service via rapid HTTP/2 stream resets against the ue-authentications SBI endpoint. The root cause is CWE-404: response timers for outbound SBI transactions are not released when the originating inbound HTTP/2 stream closes prematurely (via RST_STREAM or connection drop), causing the timer pool to exhaust when a peer resets streams rapidly while upstream network functions are slow or unresponsive. No public exploit identified at time of analysis as KEV status, but a publicly available exploit code exists via GitHub issue #4473, and an upstream fix is available in PR #4578.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-10115 LOW POC PATCH Monitor

Denial-of-service via reachable assertion in Open5GS NRF (Network Repository Function) up to version 2.7.7 allows an authenticated low-privilege network peer to crash the NRF process with SIGABRT by submitting a crafted NFProfile registration payload with oversized inner-list arrays in SMF or AMF info sections. The NRF is a critical singleton service registry in 5G Service-Based Architecture - crashing it disrupts NF discovery for the entire 5G core, making the practical operational impact greater than the A:L CVSS impact rating alone suggests. Publicly available exploit code exists (GitHub issue #4469 and CVSS temporal E:P), though no confirmed active exploitation via CISA KEV has been recorded at time of analysis.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-10113 LOW POC PATCH Monitor

Denial of service in Open5GS NRF (Network Repository Function) through version 2.7.7 allows an authenticated network peer to crash the NRF process with SIGABRT by submitting a crafted SMF or AMF NF-profile registration containing oversized inner-loop arrays. The NRF's shared NF-profile parser in lib/sbi/nnrf-handler.c used reachable ogs_assert() calls - rather than graceful bounds checks - to enforce limits on DNN entries per S-NSSAI slice and TAC range entries per TAI range, making them triggerable by peer-supplied payloads. Publicly available exploit code exists (GitHub issue #4467); the CVSSv4 score of 2.1 reflects scoped low-availability impact but understates operational risk given the NRF's central role in 5G core service discovery.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-10117 LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 is triggerable by a low-privileged remote attacker via the `ogs_pool_id_calloc` function in the SBI nghttp2-server library, causing availability degradation of 5G core network functions. The CVSS temporal modifiers confirm both a public proof-of-concept (E:P) and an official remedy (RL:O). No public exploit identified at time of analysis as confirmed by CISA KEV, but the publicly available PoC on GitHub (issue #4474) materially lowers the exploitation barrier for actors with access to SBI endpoints.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10114 LOW POC Monitor

Out-of-bounds write in Open5GS versions up to 2.7.7 allows a remote, low-privileged attacker to crash the NRF (Network Repository Function) component by sending a malformed SCP info payload, resulting in a denial-of-service condition. The vulnerability resides in the handle_scp_info function within the Shared NF-profile Parser (lib/sbi/nnrf-handler.c), a critical parsing path for 5G service-based interface communication. A public proof-of-concept exploit has been disclosed via the project's GitHub issue tracker, materially lowering the bar for exploitation against unpatched deployments.

Memory Corruption Buffer Overflow Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10152 LOW POC Monitor

Improper access control in TaleLin lin-cms-spring-boot through version 0.2.1 allows authenticated remote attackers to bypass authorization enforcement on the book API endpoint, gaining unauthorized read, write, and functional access to book resources. The flaw is rooted in BookController.java and tagged as an authentication bypass, suggesting privilege escalation beyond what the standard CVSS PR:L signal alone implies. A publicly available exploit exists via GitHub issue #336, no vendor patch has been released, and the maintainer has not responded to responsible disclosure - conditions that collectively elevate operational urgency despite the medium CVSS score of 6.3.

Java Authentication Bypass
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10153 LOW POC Monitor

Reflected cross-site scripting in westboy CicadasCMS allows remote unauthenticated attackers to inject arbitrary JavaScript into a victim's browser via the unvalidated 's' search parameter in the Search function. All code up to and including commit 2431154dac8d0735e04f1fd2a3c3556668fc8dab is affected, with no patch released as of analysis - the vendor has not responded to the responsible disclosure. A publicly available exploit exists (CVSS E:P confirmed), elevating the urgency despite the moderate CVSS base score of 4.3.

XSS Cicadascms
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10112 LOW POC Monitor

Cross-site scripting in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0 allows a high-privileged authenticated attacker to inject malicious script into the Name argument on the Dashboard Page, which executes in the browser of any user who subsequently views the affected page. The vulnerability requires both elevated privileges and victim interaction, placing real-world impact firmly in the low-to-negligible range despite network reachability. No public exploit identified at time of analysis as actively weaponized (no CISA KEV listing), though publicly available exploit code exists via a GitHub issue disclosure.

XSS Student Management System
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy