Skip to main content
CVE-2026-45154 LOW PATCH Monitor

Nextcloud Collectives versions 2.6.0 through 4.3.0 (exclusive) exposes deleted collective pages to unauthorized guests via a missing permission check in the public trash controller. Guests granted view-only access to a shared collective can bypass deletion-based access controls by directly querying trashbin endpoints, reading content that was intentionally removed. CVSS scores this at 2.6 (Low) with no public exploit identified at time of analysis and no CISA KEV listing, placing real-world priority at the lower end of the risk spectrum.

Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
2.6
EPSS
0.0%
CVE-2026-49433 LOW PATCH HOSTED Monitor

Cross-site request forgery in the DeepAI platform's account management API allows unauthenticated remote attackers to change an authenticated user's registered email address, enabling full account takeover. The POST endpoint at https://api.deepai.org/change_user_email accepts state-changing requests without any CSRF token or origin validation, meaning a browser will automatically include session credentials when the request is triggered from a third-party page. The vulnerability was fixed server-side on 2026-05-20 per the CVE description; no public exploit or CISA KEV listing is associated with this CVE at time of analysis.

CSRF Api Deepai Org
NVD
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-10241 LOW Monitor

Server-side request forgery in JeecgBoot versions up to 3.9.1 allows authenticated remote attackers to manipulate the `FileDownloadUtils.download2DiskFromNet` function via the `/airag/app/debug` endpoint, coercing the server into issuing arbitrary HTTP requests - including to cloud instance metadata services that may expose cloud credentials. Publicly available exploit code exists (confirmed by CVSS 4.0 E:P modifier and CVE description), though no active exploitation is confirmed by CISA KEV. The CVSS 4.0 score of 2.1 reflects constrained scope and the low-privilege authentication requirement, but defenders on cloud infrastructure using IMDSv1 should treat the real-world impact as potentially higher than the score suggests.

SSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10240 LOW Monitor

Server-side request forgery in JeecgBoot up to 3.9.2 allows low-privileged remote attackers to make the application server issue arbitrary outbound HTTP requests via the unvalidated `baseUrl` parameter in the `/airag/airagModel/test` endpoint. Publicly available exploit code exists (E:P in CVSS 4.0 vector), though no active exploitation has been confirmed by CISA KEV. Impact is rated low across confidentiality, integrity, and availability (VC:L/VI:L/VA:L), but SSRF primitives in low-code platforms can enable internal network reconnaissance and lateral movement against services inaccessible from the internet. No vendor-released patch has been issued at time of analysis - a fix is planned for an upcoming release.

SSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10239 LOW Monitor

Server-side request forgery in JeecgBoot up to version 3.9.2 allows remote authenticated attackers to induce the server to issue arbitrary outbound HTTP requests via the WordUtil.addImage function at the /airag/word/edit endpoint. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N) confirms network-accessible, low-complexity exploitation requiring only low-privilege credentials with no user interaction needed. Publicly available exploit code exists (E:P in CVSS vector; publicly disclosed per description), and no vendor-released patch has been issued at time of analysis - only a fix planned for an upcoming release.

SSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10242 LOW Monitor

SQL injection in itsourcecode Content Management System 1.0 exposes the /instructions.php endpoint to database manipulation via the unsanitized topic_id parameter. Low-privileged remote attackers can read, modify, or delete data within the application's database scope. A public proof-of-concept exploit has been published (VulDB submission 823558 / GitHub issue), lowering the exploitation barrier, though the CVSS 4.0 score of 2.1 reflects limited blast radius due to low-impact CIA triad ratings and the low-privilege prerequisite.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10204 LOW Monitor

SQL injection in OFCMS 1.1.3 enables authenticated remote attackers to manipulate database queries through the JSON Query Interface exposed in SysUserController.java. Publicly available exploit code exists (confirmed by CVSS 4.0 E:P modifier and the CVE description), raising the practical risk above what the low CVSS 4.0 score of 2.1 implies. The project maintainers were notified via a Gitee issue report but have not responded, meaning no vendor patch exists at time of analysis - defenders must rely entirely on compensating controls.

Java SQLi
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10203 LOW Monitor

SQL injection in OFCMS 1.1.3's JSON Query Interface allows authenticated remote attackers to manipulate database queries via the `Query` function in `SystemParamController.java`. A public proof-of-concept exploit has been released (CVSS E:P confirmed), while the vendor has not responded to the responsible disclosure report, leaving the vulnerability unpatched. The CVSS 4.0 score of 2.1 reflects low-privilege authentication requirements and limited blast radius, but the existence of public exploit code and the absence of any vendor patch elevates practical concern for deployments with internet-exposed admin interfaces.

Java SQLi
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10202 LOW Monitor

SQL injection in OFCMS 1.1.3 allows remote low-privileged attackers to manipulate database queries through the Query function of SystemDictController.java's JSON Query Interface. Attackers with a valid low-privilege account can send crafted input to this endpoint to read, modify, or partially disrupt data within the application's database scope. No public exploit identified at time of analysis beyond publicly available proof-of-concept code; the project maintainer has not responded to the responsible disclosure filed via Gitee issue, leaving the vulnerability unpatched.

Java SQLi
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10265 LOW Monitor

SQL injection in itsourcecode Content Management System 1.0 allows authenticated remote attackers to manipulate database queries via the topic_id parameter in /admin/edit_topic.php. The CVSS 4.0 vector (PR:L) confirms a low-privileged authenticated account is sufficient to trigger the injection, which yields limited but real confidentiality, integrity, and availability impact against the underlying database component. Publicly available exploit code exists (E:P), though no active exploitation has been confirmed by CISA KEV.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10237 LOW Monitor

SQL injection in SourceCodester Water Billing Management System 1.0 exposes the User Management Module to database manipulation by authenticated administrators via the ID parameter at /admin/?page=user/manage_user. A publicly available proof-of-concept exploit exists per the CVSS E:P supplemental metric and a researcher's GitHub advisory. Despite network reachability, practical impact is low across confidentiality, integrity, and availability, and exploitation is gated behind high administrative privileges, earning a CVSS 4.0 base score of 2.0.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-10264 LOW Monitor

Path traversal in whatsapp-mcp 0.0.1 exposes arbitrary server files to authenticated adjacent-network attackers via the `mediaPath` argument of the Send API endpoint (`/api/send`). The `sendWhatsAppMessage` function in `whatsapp-bridge/main.go` passed the caller-supplied path directly to `os.ReadFile()` without sanitization, allowing traversal sequences to reference files outside any intended directory. A proof-of-concept exploit has been publicly disclosed (CVSS 4.0 E:P), though no active exploitation is confirmed and no CISA KEV listing exists. The overall CVSS 4.0 score of 2.0 reflects narrow real-world impact: adjacent-network exposure only, low confidentiality loss, and no integrity or availability impact.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-47191 LOW PATCH GHSA Monitor

Integrity bypass in Siemens kas (pip/kas < 5.3) allows an attacker who controls a referenced external git repository to substitute arbitrary commit content by creating a branch whose name matches the commit SHA recorded in a kas configuration file. Because kas passed the raw SHA string to `git checkout` without forcing disambiguation to a commit object, git resolves a branch of that name instead of the pinned commit, defeating the integrity guarantee users rely on. The primary impact falls on SHA-256 commit IDs; SHA-1 commits face a related but distinct risk through hash-collision substitution. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV.

Jwt Attack Information Disclosure Siemens
NVD GitHub
EPSS
0.0%
CVE-2026-47425 MEDIUM PATCH GHSA This Month

Arbitrary file write via path traversal in rattler's noarch:python entry-point installer allows a malicious conda package to write executable files outside the install prefix on both Unix and Windows. Any user of rattler < 0.43.2, pixi < 0.69.0, or rattler-build < 0.65.0 who installs a crafted noarch:python package is affected - no special configuration or flag opt-in is required. The attacker-controlled file is written with mode 0o775 on Unix or as a copied launcher .exe on Windows, enabling code execution when the entry-point is subsequently invoked. No public exploit code is identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Microsoft Path Traversal Python
NVD GitHub
EPSS
0.1%
Prev Page 8 of 8

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy