Skip to main content
CVE-2026-10581 LOW Monitor

Server-side request forgery in DedeCMS 5.7.88 allows low-privileged authenticated remote attackers to make the server issue arbitrary HTTP requests by manipulating the base64-decoded Link argument in /plus/download.php?open=1. Exploitation enables internal network probing, potential access to cloud metadata endpoints (e.g., AWS IMDSv1), and limited confidentiality, integrity, and availability impact (C:L/I:L/A:L per CVSS). Publicly available exploit code exists (CVSS temporal E:P; description confirms exploit publication), though no confirmed active exploitation or CISA KEV listing has been identified at time of analysis.

PHP SSRF
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10302 LOW Monitor

SQL injection in itsourcecode Fees Management System 1.0 exposes authenticated low-privileged users a pathway to manipulate database content via the `id` parameter in `/manage_fee.php`. The vulnerability allows remote attackers with valid application credentials to read, modify, or partially disrupt database records. Publicly available exploit code exists (CVSS 4.0 E:P modifier confirmed), though no active exploitation has been confirmed by CISA KEV. The overall severity is low (CVSS 4.0: 2.1), reflecting limited scope and confidentiality impact.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10301 LOW Monitor

Reflected cross-site scripting in itsourcecode Fees Management System 1.0 allows remote unauthenticated attackers to inject arbitrary JavaScript into a victim's browser by manipulating the `page` argument of index.php. The vulnerability requires passive user interaction - a victim must follow a crafted URL - limiting its scalability, but publicly available exploit code lowers the barrier to abuse. No KEV listing exists; this is a low-severity finding corroborated by a CVSS 4.0 score of 2.1 and an exploit-modified (E:P) supplemental metric.

XSS PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10688 LOW Monitor

Code injection in ahujasid/blender-mcp's execute_blender_code function allows low-privileged remote attackers with passive user interaction to inject and execute arbitrary code through the unsanitized code argument passed to the MCP server endpoint in /src/blender_mcp/server.py. All commits up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b are affected, with no maintainer response to the disclosed GitHub issue #201. A public exploit exists (E:P in CVSS vector; independently confirmed by description), though no public exploit identified at time of analysis for active KEV-tracked campaigns - exploitation remains opportunistic rather than confirmed widespread.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-10528 LOW Monitor

Stack-based buffer overflow in Orthanc DICOM Server up to version 1.12.11 allows a local, low-privileged attacker to crash the server process, causing limited availability impact through the DCMTK parser's DcmItem::read function. The CVSS 4.0 score of 1.9 reflects heavily constrained exploitation conditions: local access only, low-privilege account required, and impact confined to availability with no confidentiality or integrity exposure. Publicly available exploit code exists (confirmed by CVSS 4.0 E:P modifier and CVE description), though no active exploitation has been confirmed by CISA KEV.

Buffer Overflow
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-10514 LOW Monitor

Cross-site scripting in 1Panel-dev CordysCRM versions up to 1.6.2 allows a high-privileged authenticated attacker to inject unescaped HTML payloads through request parameters processed by the Jackson string deserializer in RequestParamTrimConfig.java. The root cause is a global XSS escape toggle (xss.escape.all.enabled) that was disabled by default, meaning all incoming string parameters were returned without HTML sanitization. Publicly available exploit code exists (CVSS E:P, confirmed by VulDB disclosure), though the vulnerability has not been listed in CISA KEV and real-world impact is constrained by the high privilege requirement and passive user interaction dependency.

XSS Java
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-10719 LOW Monitor

Out-of-bounds write in openSeaChest v25.05.3's --showSupportedFormats command allows a high-privileged local attacker to corrupt one byte beyond an allocated buffer by presenting a maliciously crafted NVMe device with a bogus namespace FLBAS (Format LBA Size) value, forcing that byte to 1. Affected platforms include all systems supported by the toolkit. With a CVSS 4.0 score of 1.8, this is a minimal-severity issue requiring both high privileges and a specially crafted physical or emulated NVMe device; no public exploit code or active exploitation has been identified at time of analysis.

Memory Corruption Buffer Overflow
NVD VulDB
CVSS 4.0
1.8
EPSS
0.0%
CVE-2026-10717 LOW Monitor

Out-of-bounds write and read in Seagate's openSeaChest v25.05.3 affects the --showSCSIDefects diagnostic command, allowing memory corruption when parsing abnormally large SCSI defect list responses. A high-privileged local operator running diagnostics against a physically degraded drive with an excessive defect count, or against a maliciously crafted SCSI device returning an oversized defect response, can trigger limited confidentiality, integrity, and availability impact on the diagnostic host. No public exploit and no active exploitation has been identified at time of analysis; this vulnerability was self-reported by Seagate with a CVSS 4.0 base score of 1.8, reflecting the severe exploitation constraints.

Memory Corruption Buffer Overflow
NVD VulDB
CVSS 4.0
1.8
EPSS
0.0%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy