Skip to main content
CVE-2026-10815 LOW POC Monitor

Missing authorization on the Admin Dashboard endpoint of LakshayD02's Hostel-Management-System-PHP allows low-privileged authenticated users to manipulate the ID parameter in hostel/index.php to access or modify records beyond their permitted scope. All commits up to f87e67c283bab6f718faf2fec6ae39a13bd7036b are affected; the project uses no formal versioning, so no unaffected release exists. Publicly available exploit code exists, and the project maintainer had not responded to coordinated disclosure at time of reporting.

PHP Authentication Bypass
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10811 LOW POC Monitor

SQL injection in itsourcecode Fees Management System 1.0 exposes the `/receipt.php` endpoint to database manipulation by authenticated remote attackers via the `ef_id` parameter. The CVSS temporal metric E:P confirms a publicly available exploit, disclosed via a GitHub issue, meaning exploitation is accessible to low-skilled attackers. No CISA KEV listing is present, but the combination of public POC, network-reachable attack vector, and low attack complexity makes this a credible threat for any internet-facing deployment of this PHP application.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10810 LOW POC Monitor

Reflected cross-site scripting in itsourcecode Fees Management System 1.0 allows remote unauthenticated attackers to inject arbitrary JavaScript into a victim's browser session by manipulating the 'page' parameter in /navbar.php. The attack requires user interaction - a victim must follow a crafted URL - limiting mass exploitation, but publicly available exploit code (referenced via a GitHub issue) lowers the barrier for targeted phishing campaigns. No CISA KEV listing; EPSS data was not provided, though the combination of no authentication requirement and public POC warrants prompt attention for exposed deployments.

PHP XSS
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10809 LOW POC Monitor

SQL injection in itsourcecode Fees Management System 1.0 allows authenticated remote attackers with low privileges to manipulate database queries via the `ID` parameter in `/manage_user.php`. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms network-accessible exploitation requiring only a low-privilege account, with confidentiality, integrity, and availability all partially impacted. A public proof-of-concept exploit is available (E:P in CVSS temporal metrics, corroborated by a GitHub issue), though no active exploitation has been confirmed via CISA KEV. No vendor-released patch has been identified at time of analysis.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10808 LOW POC Monitor

SQL injection in itsourcecode Fees Management System 1.0 allows low-privileged remote attackers to manipulate database queries via the `ID` parameter in `/manage_student.php`, resulting in partial compromise of confidentiality, integrity, and availability. The affected product is a PHP-based academic fee tracking application; exploitation requires a valid low-privilege account but no additional user interaction. A publicly available proof-of-concept exploit (referenced via GitHub) lowers the bar for opportunistic exploitation, though no confirmed active exploitation (CISA KEV) has been recorded at time of analysis.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10807 LOW POC Monitor

Unrestricted file upload in Stumasy (mjperpinosa) allows a low-privileged authenticated attacker to upload arbitrary files through the profile image change endpoint, potentially enabling server-side code execution. The vulnerable parameter `pr_profile_image` in `application/PHP/objects/profiles/change_profile_image.php` performs no meaningful file type validation, making it trivial to submit non-image payloads including PHP webshells. A publicly available exploit exists via the project GitHub issue tracker; the vendor has not responded to the disclosure, and no patch has been released. No CISA KEV listing at time of analysis.

PHP File Upload
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10806 LOW POC Monitor

Unrestricted file upload in mjperpinosa's stumasy PHP application allows authenticated remote attackers to upload arbitrary and potentially dangerous file types via the up_file_to_post parameter in add_post.php, enabling likely remote code execution through web shell deployment. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms network-reachable exploitation requiring only low-privilege authentication with no user interaction. A publicly available proof-of-concept exploit exists (disclosed via GitHub issue), and the vendor has not responded to the responsible disclosure - no patch is available at time of analysis.

PHP File Upload
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10814 LOW POC PATCH Monitor

Weak hashing in milvus-io/milvus up to 2.6.13 exposes the Grantee ID Hash Handler in the KV metadata catalog (internal/metastore/kv/rootcoord/kv_catalog.go), allowing a low-privileged local attacker to predict or forge 16-character grantee IDs used in RBAC privilege assignments backed by etcd. Successful exploitation - rated high complexity - could result in unauthorized manipulation of access control metadata, yielding low-level confidentiality, integrity, and availability impact on the affected Milvus instance. A proof-of-concept has been publicly disclosed via GitHub issue #49857, though no active exploitation is confirmed in CISA KEV.

Information Disclosure Milvus
NVD VulDB GitHub
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-10801 LOW POC PATCH Monitor

Cache key collision in modelscope ms-swift up to 4.2.0 allows a local, low-privileged attacker to cause PIL image integrity failures via the Template._save_pil_image function in swift/template/base.py. The root cause is that the image cache key was computed by hashing only raw pixel bytes (image.tobytes()), without incorporating image metadata such as dimensions or color mode - meaning two structurally different images (e.g., 120×80 vs 80×120) sharing identical byte payloads produce the same SHA-256 cache key and thus collide to the same cached file path. No public exploit identified at time of analysis beyond the publicly disclosed proof-of-concept; no active exploitation confirmed (not listed in CISA KEV).

Information Disclosure Ms Swift
NVD VulDB GitHub
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-10813 LOW POC PATCH Monitor

Weak hash truncation in LMCache up to 0.4.6 allows a local low-privilege attacker to induce KV cache collisions by exploiting the severely constrained 16-bit integer output of `hex_hash_to_int16` in the vLLM integration's KV Cache Handler. The function masks multimodal content hash identifiers to at most 65,536 unique values, making engineered collisions feasible and causing incorrect cached KV entries to be served, affecting both cache integrity and availability. A proof-of-concept has been published on GitHub (issue #3301); no public exploit confirmed in active exploitation and no CISA KEV listing exists.

Information Disclosure Lmcache
NVD VulDB GitHub
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-10812 LOW POC PATCH Monitor

Cache poisoning in zilliztech GPTCache (up to version 0.1.44) allows a local, low-privileged attacker to corrupt LLM response cache entries by exploiting weak image fingerprinting in the Cache Key Handler. The `BufferedReader.peek()` method in `gptcache/processor/pre.py` only reads the first ~8192 bytes of an image file to construct a cache key, meaning two distinct images sharing an identical header prefix generate the same cache key and collide. An attacker can submit a crafted image whose header matches a previously cached image, causing GPTCache to return a poisoned (wrong) LLM response for subsequent queries. Publicly available exploit code exists per the GitHub issue and included PoC; no active exploitation confirmed in CISA KEV at time of analysis.

Information Disclosure Gptcache
NVD VulDB GitHub
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-48011 LOW PATCH GHSA Monitor

Timing-based administrator username enumeration in Shopware's OAuth token endpoint exposes valid admin accounts to unauthenticated remote attackers. The flaw exists in shopware/platform and shopware/core packages across the 6.6.x and 6.7.x branches, where the API endpoint api/oauth/token responds measurably faster for non-existent usernames than for valid ones due to skipping the Argon2id password_verify() call. A publicly available proof-of-concept exploit exists; while not confirmed actively exploited in CISA KEV, the POC lowers the barrier for targeted brute-force, credential stuffing, and spear phishing campaigns against Shopware admin panels. CVSS rates this 3.7 (AC:H), reflecting that reliable exploitation requires statistical timing analysis across many requests.

PHP Information Disclosure
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-52609 LOW Monitor

Missing HTTP security response headers in HCL iControl fail to instruct client browsers to engage their built-in XSS filtering mechanisms, creating an exploitable gap classified under CWE-693 (Protection Mechanism Failure). The flaw is network-accessible and requires no authentication (PR:N per CVSS), but carries a CVSS 3.7 Low score due to high attack complexity (AC:H) and limited integrity-only impact (I:L). No public exploit code exists and this vulnerability is not listed in CISA KEV, placing it in the compliance/hardening category rather than immediate critical risk.

XSS Icontrol
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-62338 LOW Monitor

Local information exposure in HCL BigFix Cloud Lifecycle Management stems from insufficient input validation, allowing a locally authenticated low-privileged user to access data they should not be authorized to view. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms exploitation requires local system access and a low-privilege account. No active exploitation has been confirmed and no public exploit code is known at time of analysis. Despite a tag of 'Authentication Bypass,' the PR:L vector indicates some authentication is required - this discrepancy should be clarified with the vendor advisory.

Authentication Bypass Information Disclosure Bigfix Cloud Lifecycle Management
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-52611 LOW Monitor

Stack trace disclosure in HCL iControl v4.0.0 exposes internal application details to authenticated remote attackers via unhandled JavaScript exceptions. The application fails to catch a runtime error when attempting to read the 'dashboard' key from an undefined object, returning a full stack trace to the requesting client. No public exploit exists and no active exploitation has been observed; CVSS scores this Low (3.1), reflecting strictly limited confidentiality impact with no integrity or availability consequences.

Information Disclosure Icontrol
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-52608 LOW Monitor

HCL iControl exposes session cookies without the Secure or SameSite attributes set, and with the cookie path scoped to root, enabling network-adjacent attackers with authenticated sessions to perform limited integrity modifications under high-complexity conditions. The missing Secure attribute allows cookies to be transmitted over unencrypted HTTP channels, while the absent SameSite attribute opens a cross-site request forgery vector. CVSS scores this at 3.1 (Low); no public exploit code exists and it is not listed in CISA KEV.

Information Disclosure Icontrol
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-50266 LOW PATCH Monitor

Incorrect RBAC policy in OpenStack Neutron before 28.0.1 allows an authenticated project manager to set device_owner on ports of shared networks they do not own to privileged network-service values (e.g., 'network:dhcp'), obtaining trusted network-service port behavior without owning the underlying network. Depending on backend and deployment configuration, this enables DHCP, MAC, or IP spoofing against co-tenants sharing that network, effectively bypassing anti-spoofing and security group protections. This is a confirmed regression of CVE-2015-5240 (OSSA-2015-018); no public exploit or active exploitation (CISA KEV) has been identified at time of analysis.

Authentication Bypass Neutron
NVD VulDB
CVSS 3.1
2.2
EPSS
0.0%
CVE-2026-10875 LOW Monitor

SQL injection in projectworlds Online Art Gallery Shop 1.0 exposes the admin panel to database manipulation via the unsanitized `social_twitter` parameter in `/admin/adminHome.ph`. Authenticated remote attackers with low-privilege credentials can craft malicious SQL payloads to read, modify, or corrupt backend database contents. A publicly available proof-of-concept exploit exists per the CVSS 4.0 E:P metric and the CVE description; however, no active exploitation has been confirmed in CISA KEV, and the overall CVSS 4.0 score of 2.1 reflects limited blast radius confined to the vulnerable system.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10874 LOW Monitor

SQL injection in projectworlds Online Art Gallery Shop 1.0 enables remote low-privileged attackers to manipulate the `social_insta` parameter within `/admin/adminHome.php`, achieving limited read, write, and availability impact against the underlying database. Publicly available exploit code exists (CVSS 4.0 E:P), though the overall CVSS 4.0 score of 2.1 reflects a constrained impact scope - no subsequent system compromise is possible. This is not listed in the CISA KEV catalog; exploitation requires authenticated access rather than open unauthenticated attack.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10802 LOW Monitor

Uncontrolled resource consumption in KeystoneJS's GraphQL API endpoint allows a remotely authenticated attacker with low-privilege credentials to degrade server availability by submitting deeply nested GraphQL queries that exhaust CPU or memory without bound. Versions up to snapshot 20260319 of the @keystone-6/core package are affected. A public proof-of-concept exists (CVSS E:P), though the vulnerability is not listed in CISA KEV and carries a CVSS 4.0 score of 2.1 - indicating limited real-world severity under most deployments.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10800 LOW PATCH Monitor

Hash collision weakness in PaddlePaddle FastDeploy up to version 2.4.1 allows a local attacker with low privileges to cause the MultimodalHasher component to produce identical SHA-256 digests for semantically distinct numpy arrays that share raw byte content but differ in shape or dtype. This breaks the uniqueness guarantee of the hash_features function in fastdeploy/multimodal/hasher.py, enabling integrity violations in multimodal data pipelines relying on this component for deduplication or identity checks. No public exploit exists and no active exploitation is confirmed; the CVSS 4.0 score of 2.0 accurately reflects constrained real-world risk given local-only access and high attack complexity.

Information Disclosure Fastdeploy
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-10804 LOW PATCH Monitor

Hash collision vulnerability in Streamlit's caching layer (versions up to 1.53.0) allows a local low-privileged attacker to poison the application cache by supplying crafted PIL palette-mode images or large dataframes that produce identical hash digests for distinct objects. The root cause is twofold: PIL 'P'-mode (palette-indexed) images excluded palette data from the hash computation entirely, and fixed seed values (random_state=0) were used when sampling large pandas, numpy, and polars objects - both enabling deterministic hash collisions. No public exploit identified at time of analysis beyond the public disclosure of the issue. EPSS data is not available, but the CVSS 1.1 score (AV:L/AC:H/PR:L) places real-world risk as very low.

Information Disclosure Streamlit
NVD GitHub VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-10783 LOW PATCH Monitor

Cache key collision in Gradio 6.14.0's audio processing component allows a local low-privileged attacker to trigger information disclosure by exploiting incomplete hash inputs in the `save_audio_to_cache` function. Two audio arrays with identical raw bytes but differing metadata (sample rate, format, dtype, or shape) resolve to the same cache directory path, causing one cached audio file to overwrite or be served in place of another. Publicly available exploit code exists per the CVSS 4.0 E:P modifier and CVE description, though no active exploitation has been confirmed via CISA KEV. The CVSS 4.0 score of 1.1 accurately reflects the narrow real-world impact given the mandatory local access and high attack complexity.

Information Disclosure Gradio
NVD GitHub VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-10803 LOW PATCH Monitor

Dataset digest computation in MLflow up to version 3.10.0 uses MD5 - a cryptographically broken algorithm - to fingerprint datasets, enabling a local attacker to craft colliding inputs that undermine dataset integrity tracking. Affected functions include compute_pandas_digest, compute_numpy_digest, and hash_dict_of_arrays in mlflow/data/digest_utils.py, which use a truncated 8-character MD5 digest that further reduces the collision space. Publicly available exploit code exists; this vulnerability is not confirmed actively exploited per CISA KEV, and the CVSS 4.0 score of 1.1 reflects the constrained local-only attack surface.

Information Disclosure Mlflow
NVD GitHub VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-47192 LOW PATCH GHSA Monitor

Late signature validation in Siemens kas (pip/kas >= 4.8, < 5.3) allows an attacker who has already compromised a referenced upstream repository to substitute the cryptographic key used to validate that repository's tag signatures, effectively bypassing integrity checks entirely. Because kas processes and applies configuration includes from external repositories before verifying their signatures, a malicious repository can redirect the signature-validation key to one under attacker control. No public exploit code has been identified at time of analysis, and exploitation requires a highly specific multi-condition scenario including prior supply-chain access to a referenced upstream repo. Vendor-released patch version 5.3 resolves all related attack vectors.

Information Disclosure Jwt Attack Siemens
NVD GitHub
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy