Skip to main content
CVE-2026-34356 HIGH PATCH This Week

Denial of service in Apache HTTP Server versions 2.4.0 through 2.4.67 stems from a heap-based buffer overflow triggered when the server processes responses from a malicious backend while ProxyPassReverseCookieDomain or ProxyPassReverseCookiePath directives are in use. Remote attackers controlling or compromising an upstream backend can crash the front-end Apache process, impacting availability of the reverse proxy without affecting confidentiality or integrity. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Heap Overflow Apache Buffer Overflow Suse Apache HTTP Server +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22164 HIGH This Week

Kernel heap memory corruption in Imagination Technologies Graphics DDK allows a non-privileged local user to crash or destabilize the kernel by issuing crafted GPU system calls. The flaw affects Graphics DDK 24.2 RTM, 25.1 RTM through 25.3 RTM, and 26.1 RTM, and impacts any device shipping the affected PowerVR/IMG GPU driver stack. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Heap Overflow Buffer Overflow Graphics Ddk
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-44890 HIGH PATCH GHSA This Week

Remote denial of service in Netty's netty-codec-redis module (versions <= 4.1.134.Final and 4.2.0.Final through 4.2.14.Final) allows unauthenticated attackers to exhaust direct memory by sending crafted RESP protocol payloads lacking the required \r\n terminator across multiple concurrent connections. The RedisDecoder buffers digit streams indefinitely while awaiting a line terminator, eventually triggering OutOfDirectMemoryError and preventing legitimate connections from being processed. No public exploit identified at time of analysis, but the vendor advisory GHSA-6ghj-frrj-jjj3 confirms the issue and patched releases are available.

Denial Of Service Redis
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-44250 HIGH PATCH GHSA This Week

Denial of service in Netty's netty-codec-redis module (versions <= 4.1.134.Final and 4.2.0.Final through 4.2.14.Final) allows remote unauthenticated attackers to exhaust JVM heap memory by sending Redis payloads with unbounded nested array headers. The RedisArrayAggregator allocates a new AggregateState and ArrayList for every nested array header without enforcing a depth limit, so a continuous stream of `*1\r\n` headers triggers an OutOfMemoryError. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service Redis
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46306 HIGH PATCH This Week

Denial of service in the Linux kernel flow dissector allows remote attackers to trigger an unaligned access exception by sending crafted PPPoE Protocol Field Compression (PFC) frames to an Ethernet interface on alignment-sensitive architectures such as MIPS. The flaw affects kernels from 6.0 onward where Receive Packet Steering (RPS) or similar features invoke the flow dissector on incoming frames, and no PPPoE session needs to be active on the targeted interface. EPSS is very low (0.02%) and there is no public exploit identified at time of analysis, but the vendor has released patched kernel versions.

Debian Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46304 HIGH PATCH This Week

Denial of service in the Linux kernel's NVMe-over-TCP target (nvmet_tcp) module allows remote initiators to trigger a recursive nvmet-wq workqueue flush during controller teardown, producing a lockdep-flagged deadlock condition in nvmet_ctrl_free(). The flaw affects systems exposing NVMe-TCP targets where controller release work and async_event_work are both queued on the same nvmet workqueue. EPSS is 0.02% (7th percentile) and there is no public exploit identified at time of analysis; vendor patches have been issued across multiple stable branches.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-44894 HIGH PATCH GHSA This Week

Traffic amplification in Netty's QUIC codec (io.netty:netty-codec-classes-quic versions 4.2.0.Final through 4.2.14.Final) allows remote unauthenticated attackers to weaponize Netty-based QUIC servers as DDoS reflectors. The default NoQuicTokenHandler's validateToken() unconditionally returns 0, which the server misinterprets as a successfully Retry-validated client address, bypassing RFC 9000's 3× anti-amplification limit and causing the server to reflect full-size handshake flights (including certificates) toward a spoofed victim IP. No public exploit identified at time of analysis, but the fix is published in Netty 4.2.15.Final.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-48913 HIGH PATCH This Week

Use-after-free in the mod_http2 module of Apache HTTP Server versions 2.4.55 through 2.4.67 allows remote attackers to trigger memory corruption when the server's file handle pool is exhausted. The flaw carries a CVSS 7.3 (low impact across confidentiality, integrity, and availability) and is reachable over the network without authentication or user interaction, though no public exploit identified at time of analysis. Tagging emphasizes denial-of-service and memory corruption as the primary realistic outcomes.

Denial Of Service Use After Free Memory Corruption Apache Suse +1
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-44185 HIGH PATCH This Week

Buffer over-read in Apache HTTP Server 2.4.0 through 2.4.67 allows remote attackers to trigger memory disclosure or limited integrity and availability impact via outbound OCSP requests sent to an attacker-controlled OCSP responder. The flaw stems from improper bounds handling (CWE-126) when parsing OCSP response data, and currently shows no public exploit identified at time of analysis despite a CVSS 7.3 rating reflecting unauthenticated network reachability with low complexity.

Apache Buffer Overflow Apache Http Server
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-44186 HIGH PATCH This Week

Denial of service in Apache HTTP Server versions 2.4.0 through 2.4.67 stems from an infinite loop condition in the mod_proxy_ftp module when interacting with an attacker-controlled backend FTP server. Remote attackers can degrade availability and partially impact confidentiality and integrity without authentication, though exploitation requires a proxied request path to a malicious FTP backend. No public exploit identified at time of analysis, and EPSS is very low at 0.02%.

Denial Of Service Apache Apache HTTP Server
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-11577 HIGH This Week

{realm}/partialImport endpoint to bypass Fine-Grained Admin Permissions (FGAP) and promote themselves to full realm administrator. The flaw is an improper authorization check (CWE-863) on imported users carrying realm-admin role mappings. No public exploit identified at time of analysis, and the issue is not on CISA KEV.

Authentication Bypass Red Hat Build Of Keycloak Red Hat Data Grid 8 Red Hat Jboss Enterprise Application Platform 8 Red Hat Jboss Enterprise Application Platform Expansion Pack +1
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-46657 HIGH PATCH This Week

Authentication bypass in Bludit CMS versions prior to 3.22.0 allows deactivated user accounts to retain authenticated access through persistent 'Remember Me' cookies, because the disable-account workflow fails to invalidate tokenAuth and tokenRemember values stored in the JSON database. Any user who previously logged in with the persistent session option can continue to act with their original privileges even after an administrator disables them. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Bludit
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-48507 HIGH POC PATCH GHSA This Week

Privilege escalation via authorization bypass in Snipe-IT versions prior to 8.6.0 allows any authenticated user holding only the granular `users.edit` permission to disable administrator and superuser accounts through the bulk-edit endpoint, effectively locking all admins out of the instance. By toggling the `activated` and `ldap_import` flags on admin targets, a low-privileged actor denies admins both interactive login and password-reset recovery. No public exploit identified at time of analysis, but the upstream fix and detailed advisory disclose the exact attack surface.

Authentication Bypass Snipe It
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-46293 HIGH PATCH This Week

Out-of-bounds memory access in the Linux kernel's Microchip PolarFire SoC clock conditioning circuit driver (clk-mpfs-ccc) occurs during registration of the final clock outputs, because the driver's hws array is sized only for two PLLs and their four dividers while the defined clock IDs also enumerate two unsupported DLLs and their outputs. On affected Microchip PolarFire SoC hardware this leads to reads past the allocated array (flagged by UBSAN), enabling information disclosure or a kernel crash. There is no public exploit identified at time of analysis and EPSS exploitation probability is negligible (0.02%).

Linux Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-34194 HIGH This Week

Local privilege escalation and integrity compromise in Imagination Technologies Graphics DDK (GPU driver) allows non-privileged users to corrupt sparse memory mapping state via improper GPU system calls, leading to out-of-bounds memory access. The flaw stems from implicit scaling errors in pointer arithmetic across buffers of differing sizes (CWE-468), affecting DDK releases 24.2 RTM, 25.1-25.3 RTM, and 26.1 RTM. No public exploit identified at time of analysis, but the local attack vector with low complexity makes this attractive for sandbox escape chains on Android/Linux devices using PowerVR GPUs.

Information Disclosure Graphics Ddk
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-46443 HIGH PATCH GHSA This Week

Information disclosure in FlowiseAI Flowise prior to version 3.1.2 allows authenticated users to retrieve encrypted credential blobs (API keys, passwords, OAuth tokens for OpenAI, AWS, etc.) by querying the credentials API with a credentialName filter. The /api/v1/credentials endpoint correctly strips the encryptedData field on unfiltered queries but omits this sanitization on the filtered code path, exposing AES-encrypted secrets to any authenticated caller. No public exploit identified at time of analysis, though a working curl reproduction is published in the GHSA advisory.

Information Disclosure Flowise
NVD GitHub VulDB
CVSS 4.0
7.0
EPSS
0.0%
CVE-2026-46299 HIGH PATCH This Week

Local denial of service in the Linux kernel hfsplus filesystem driver occurs when hfsplus_fill_super() fails to release tree->tree_lock on an error path during HFS+ mount, causing a 'held lock freed' warning and potential lockdep-detected kernel instability. The flaw affects systems with CONFIG_HFSPLUS_FS enabled and is triggered when hfsplus_cat_build_key() returns an error during superblock initialization. No public exploit identified at time of analysis, and EPSS is very low (0.02%).

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-46309 HIGH PATCH This Week

Information disclosure in the Linux kernel's Intel Xe DRM graphics driver (drm/xe) allows a local user to read stale data from previously freed memory pages belonging to other processes. The xe_vm_madvise_ioctl() handler failed to reject PAT indices set to XE_COH_NONE (non-coherent) coherency mode on CPU-cached buffer objects, letting a GPU bypass dirty CPU caches and read sensitive content directly from DRAM before the kernel's page-clearing writeback completes. There is no public exploit identified at time of analysis, and EPSS rates exploitation probability at just 0.02%, consistent with a local, race-dependent leak rather than a widely weaponized flaw.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-11555 LOW POC Monitor

Least privilege violation in the D-Link DGS-1100-08PD managed switch firmware version 1.00.006 allows remote unauthenticated attackers to achieve low-integrity impact through improper processing of the Boa web server configuration file /etc/boa.conf via the device's web interface. The CVSS 4.0 score is 2.9 (Low), reflecting high attack complexity (AC:H) and constrained impact (VI:L only), though a publicly available proof-of-concept lowers the barrier for skilled attackers. No active exploitation has been confirmed in CISA KEV, making this a low-priority but trackable risk for network operators deploying this switch model.

Information Disclosure D-Link
NVD VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2026-47693 MEDIUM PATCH GHSA This Month

CSV Injection in Poweradmin's log export functionality allows a high-privileged attacker to embed spreadsheet formulas in usernames that execute when an administrator exports activity logs and opens the resulting CSV in Excel, LibreOffice Calc, or Google Sheets. All four log export controllers pass username fields directly to PHP's fputcsv() without neutralizing formula trigger characters (=, +, -, @), enabling phishing via rendered hyperlinks and silent data exfiltration via =IMPORTXML() or similar functions targeting victim administrators. Publicly available exploit code exists per GHSA-3h6h-67x3-cv5x; the vulnerability is not listed in CISA KEV.

Google PHP Information Disclosure Microsoft Docker
NVD GitHub
CVSS 3.1
6.9
EPSS
0.0%
CVE-2026-45673 MEDIUM PATCH GHSA This Month

DNS cache poisoning in Netty's resolver component (io.netty:netty-resolver-dns) enables remote unauthenticated attackers to redirect downstream application traffic to attacker-controlled IPs through a Kaminsky-style spoofing attack. The vulnerability combines two compounding weaknesses present in the default configuration: DNS transaction IDs shuffled with a mathematically predictable Linear Congruential Generator (ThreadLocalRandom), and a static UDP source port resulting from the default ChannelPerResolver channel strategy. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV, but the Netty project rated it high severity and released fixes in versions 4.1.135.Final and 4.2.15.Final.

Information Disclosure Java Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-10544 MEDIUM This Month

Command injection (CWE-78) in Devolutions Server's built-in PAM provider password rotation templates allows an attacker with vault write access to execute arbitrary OS commands on systems managed by the affected PAM provider. Affected versions include 2026.2.4.0 and all releases at or below 2026.1.20.0, reported directly by the vendor Devolutions. No public exploit code has been identified and this vulnerability is not listed in CISA KEV at time of analysis, but the high-value nature of a PAM platform managing privileged credentials on downstream systems means the practical blast radius substantially exceeds what the CVSS C:L/I:L scores suggest.

Hashicorp Command Injection Server
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11611 MEDIUM This Month

Denial of service in Red Hat 389 Directory Server's Content Synchronization persistent search plugin enables authenticated network clients to exhaust server memory by initiating a sync operation and halting consumption of responses, causing unbounded queue growth until the server becomes unavailable. Compounding this, race conditions in the plugin's thread lifecycle management can independently trigger server crashes during connection teardown or graceful shutdown. Affected across Red Hat Directory Server 11, 12, and 13 as well as the bundled 389-ds-base package on RHEL 6 through 10. No public exploit identified at time of analysis and no CISA KEV listing.

Denial Of Service Red Hat Directory Server 11 Red Hat Directory Server 12 Red Hat Directory Server 13 Red Hat Enterprise Linux 10 +4
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-43951 MEDIUM PATCH This Month

Out-of-bounds read in Apache HTTP Server 2.4.0 through 2.4.67 arises from an interaction between mod_headers, mod_mime, and multi-language content negotiation, allowing unauthenticated remote attackers to trigger memory reads beyond allocated buffer boundaries. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) confirms low-complexity, unauthenticated network exploitation yielding limited confidentiality and integrity impact with no availability consequence. No active exploitation confirmed in CISA KEV, and no public exploit code has been identified at time of analysis.

Information Disclosure Apache Buffer Overflow Apache HTTP Server Red Hat
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-10786 MEDIUM This Month

Cleartext credential exposure in Devolutions Server allows an authenticated low-privileged user to retrieve plaintext credentials stored for configured ticketing integrations via a crafted API request. Affected versions include Devolutions Server 2026.2.4.0 and all 2026.1.x releases up to and including 2026.1.20.0. No public exploit or active exploitation (CISA KEV) has been identified at time of analysis; the vulnerability was self-disclosed by Devolutions via advisory DEVO-2026-0015.

Information Disclosure Server
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2020-37248 MEDIUM PATCH This Month

OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Offlineimap
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3011 MEDIUM This Month

Stored Cross-Site Scripting in WPZOOM's Recipe Card Blocks Lite WordPress plugin (all versions through 3.4.13) allows authenticated attackers with Author-level access or higher to inject persistent malicious scripts into published posts and recipe print views. The vulnerability is a sanitization bypass: the `WPZOOM_Helpers::deserialize_block_attributes` method re-decodes unicode-escaped character sequences back into raw HTML after WordPress's sanitization pipeline has already run, permitting crafted payloads in the recipe block's 'summary' and 'notes' attributes to survive sanitization and execute in victims' browsers. No public exploit code or CISA KEV listing exists at time of analysis, but the CVSS Changed Scope (S:C) rating reflects cross-user impact, including potential administrator session hijacking.

XSS WordPress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-43966 MEDIUM This Month

HTTP response splitting in ninenines cowlib allows network-accessible attackers to inject arbitrary HTTP headers when applications route untrusted input through the library's structured-field encoder. The root cause is an encoder/decoder asymmetry in cow_http_struct_hd:escape_string/2: it escapes only backslash and double-quote, emitting all other bytes verbatim - including CR (0x0D) and LF (0x0A) - while the matching parser only accepts printable ASCII. Any Cowboy or Gun application that builds a structured HTTP header from attacker-controlled input via cow_http_struct_hd:item/1 or cow_http_hd:wt_protocol/1 is affected. No public exploit has been identified and this CVE does not appear in CISA KEV, but upstream fixes are available as commits to both Cowboy and Gun.

Code Injection Cowlib
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-7765 MEDIUM PATCH This Month

Incorrect authorization in Checkmk's User Messages dashboard widget exposes the dashboard creator's personal messages to any party possessing a valid public dashboard share token. The message-fetching endpoints resolve messages using the dashboard creator's identity rather than the requesting party's identity, meaning that direct API calls with a share token return the issuer's private messages regardless of whether the User Messages widget is actually present on the shared dashboard. All Checkmk deployments running versions prior to 2.5.0p5 that use the public dashboard sharing feature are affected. No public exploit has been identified and the vulnerability is not listed in CISA KEV at time of analysis.

Authentication Bypass Checkmk
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-43972 MEDIUM PATCH This Month

Cross-origin cookie injection in ninenines gun (versions 2.0.0 through 2.3.x) allows a malicious or compromised HTTP/2 server to plant cookies scoped to arbitrary third-party domains into the client's shared cookie store. The gun_http2 module fails to validate the :authority pseudo-header in incoming PUSH_PROMISE frames before passing the server-supplied value to the cookie-setting path, violating RFC 7540 §10.6 and RFC 9113 §8.4. This enables session fixation attacks against third-party domains and may lead to account takeover if planted cookies override legitimate session tokens; no public exploit identified at time of analysis. Note: the 'RCE' tag present in source intelligence is not supported by any available data and appears to be erroneous metadata.

RCE Gun
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-47721 MEDIUM GHSA This Month

Privilege escalation in FUXA's Scheduler API allows authenticated operator-level users to create or modify scheduled actions restricted to administrators, reaching PLC write and server-side script execution surfaces in SCADA deployments. The vulnerability (CWE-862) exists because POST /api/scheduler and DELETE /api/scheduler lacked the authJwt.haveAdminPermission() check applied to every other privileged write endpoint. Uniquely dangerous in OT environments: the scheduled-action model means an attacker does not need to maintain an active session - a repeating schedule persistently re-applies unauthorized setpoint or script changes even after manual admin remediation.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-11470 LOW POC PATCH Monitor

Path traversal in hsweb-framework up to version 5.0.1 allows authenticated remote attackers to write files outside the intended upload directory by manipulating the filename argument in the file upload component. The root cause is insufficient sanitization of path sequences — including URL-encoded variants (`..%2F`) and Windows-style backslashes (`..\`) — in the `denied` function of `FileUploadProperties.java`. A public exploit has been disclosed via GitHub issue #344, and a patch commit is available; no KEV listing indicates opportunistic rather than confirmed mass exploitation.

File Upload Path Traversal Java
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-11494 LOW POC Monitor

Least-privilege violation in TOTOLINK AC1200 T8 firmware 4.1.5cu.8611 exposes the vsftpd FTP service to unauthorized integrity manipulation by low-privileged authenticated network users. The /etc/vsftpd.conf configuration grants excessive permissions beyond the principle of least privilege (CWE-272), allowing a low-privilege authenticated attacker to perform write operations they should not be authorized to execute. A proof-of-concept exploit has been publicly disclosed; the vulnerability is not confirmed in CISA KEV, but the CVSS temporal vector (E:P, RC:R) reflects publicly available exploit code with reasonable confidence in the report.

Information Disclosure Ac1200 T8
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-11476 LOW POC Monitor

Privilege escalation in Kushan2k student-management-system allows authenticated remote attackers to grant themselves administrator rights by manipulating the `isadmin` parameter in the Profile Update Endpoint. The `edit-admin` function in `controllers/AdminController.php` performs no server-side authorization check on this parameter, enabling any low-privileged account holder to self-elevate to admin. A publicly available exploit exists per VulDB and a GitHub issue disclosure; the vendor has not yet responded, and no patch has been released under the rolling-release model.

PHP Authentication Bypass
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-11510 LOW POC Monitor

SQL injection in CodeAstro Leave Management System 1.0 exposes the application's database to remote authenticated attackers via the `type_of_leave` parameter in `/admin/add_leave.php`. The vulnerability (CWE-89) allows manipulation of backend SQL queries, potentially enabling data extraction, modification, or destruction. A publicly available exploit exists per VulDB report and a referenced GitHub proof-of-concept, elevating practical risk despite the low CVSS 4.0 base score of 2.1.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-11508 LOW POC Monitor

SQL injection in CodeAstro Leave Management System 1.0 allows low-privileged authenticated remote attackers to manipulate database queries via the `Name` parameter in the admin endpoint `/admin/search_staff_to_assign_pc.php`. Per the CVSS 4.0 vector, impact is limited to low confidentiality, integrity, and availability on the vulnerable system (VC:L/VI:L/VA:L) with no scope change to subsequent systems. Publicly available exploit code exists via a GitHub issue, though no active exploitation is confirmed in CISA KEV, and no vendor-released patch has been identified at time of analysis.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-11507 LOW POC Monitor

SQL injection in CodeAstro Leave Management System 1.0 exposes the /admin/delete_leave_type.php endpoint to arbitrary database query manipulation via the unsanitized leave_type parameter. The CVSS 4.0 vector (PR:L) confirms that a low-privileged authenticated user can remotely trigger the injection without user interaction or additional attack complexity. A publicly available exploit exists on GitHub (no public exploit identified in CISA KEV), and the CVSS 4.0 score of 2.1 reflects limited confidentiality, integrity, and availability impact confined to the vulnerable component with no lateral scope change.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-11506 LOW POC Monitor

SQL injection in CodeAstro Leave Management System 1.0 allows remote authenticated attackers to manipulate database queries via the Name parameter in /admin/search_staff_for_deletion.php. The vulnerability is a classic CWE-89 unsanitized input flaw in a PHP-based web application, enabling read, write, and limited availability impact against the underlying database. Publicly available exploit code exists per VulDB disclosure; no KEV listing indicates opportunistic rather than targeted exploitation at this time.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-11495 LOW POC Monitor

SQL injection in CodeAstro Ingredients Stock Management System 1.0 exposes the `/Ingredients-Stock/add_stock.php` endpoint to authenticated remote attackers who can manipulate the `ID` parameter to execute arbitrary SQL commands against the backend database. The attack is network-accessible with low complexity, enabling unauthorized data exfiltration, record manipulation, and potential escalation within the database tier. Publicly available exploit code exists (E:P in CVSS temporal vector), materially lowering the barrier to exploitation; no CISA KEV listing has been identified at time of analysis.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-11477 LOW POC PATCH Monitor

Open redirect in hs-web hsweb-framework's OAuth2Client component (versions up to 5.0.1) allows remote unauthenticated attackers to redirect victims to attacker-controlled URLs by supplying a crafted redirect_uri during OAuth2 authorization flows. The root cause is a naive prefix-based string comparison using startsWith() in OAuth2Client.java, which trivially allows bypass via domain-prefix spoofing (e.g., registering https://app.example.com.attacker.com when the legitimate URI is https://app.example.com). Publicly available exploit code exists per GitHub issue #354 and CVSS E:P; no public exploit identified at time of analysis in CISA KEV, and the CVSS 4.0 score of 2.1 reflects the limited impact and required user interaction.

Open Redirect Java
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-29170 MEDIUM PATCH This Month

Cross-site scripting in Apache HTTP Server's mod_proxy_ftp module allows a network-accessible attacker to inject malicious scripts into HTML directory listings generated when the server proxies FTP directory contents. Affected are all versions of Apache HTTP Server up to and including 2.4.67, in both forward and reverse proxy configurations. No public exploit code has been identified at time of analysis, and CISA KEV listing is absent, but the Changed scope (S:C) in the CVSS vector means injected scripts execute in victims' browsers under the origin of the proxy host, elevating the effective impact beyond the medium base score.

XSS Apache Red Hat Suse Apache HTTP Server
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-11492 LOW POC Monitor

Least privilege violation in D-Link DIR-823G firmware version 1.0.2B05 exposes the vsftpd FTP daemon configuration file (/etc/vsftpd.conf) to manipulation by network-accessible, low-privileged authenticated users, enabling unauthorized modification of FTP service behavior. The CVSS vector (AV:N/AC:L/PR:L/UI:N/I:L) confirms this is remotely exploitable with low complexity by any authenticated user, resulting in limited integrity impact. A publicly available proof-of-concept exploit has been released per VulDB reporting (E:P), though no active exploitation has been confirmed in CISA KEV at this time.

Information Disclosure D-Link
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-11475 LOW POC Monitor

SQL injection in the `getStatus` function of `controllers/GradeController.php` within Kushan2k's student-management-system exposes the Certificate Verification Endpoint to database manipulation by low-privileged remote attackers via the `nic` parameter. A publicly available exploit (proof-of-concept via GitHub issue) lowers the practical bar for abuse despite the CVSS 4.0 base score of 2.1. No patch has been released, and the maintainer has not responded to responsible disclosure, leaving all deployments through commit f16a4ceaddd6729c4b306ed4641cda3176c1ef2a unprotected.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-11585 LOW POC Monitor

SQL injection in CodeAstro Student Attendance Management System 1.0 exposes the backend database to manipulation by authenticated remote attackers via the `classId` parameter in `/attendance-php/Admin/createClassArms.php`. An attacker with low-privilege authenticated access to the admin panel can craft malicious SQL payloads to read, alter, or delete database records - impacting confidentiality, integrity, and availability (C:L/I:L/A:L per CVSS). A public proof-of-concept exploit exists (GitHub issue, VulDB reference), elevating practical risk beyond the moderate CVSS score of 6.3 alone. No CISA KEV listing has been identified at time of analysis.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-11584 LOW POC Monitor

SQL injection in CodeAstro Student Attendance Management System 1.0 exposes the /attendance-php/Admin/createClass.php?action=edit endpoint to database manipulation via an unsanitized ID parameter. Authenticated remote attackers with low-privilege access can exploit this to read, modify, or partially disrupt database contents. A public exploit exists (reported via GitHub), though the CVSS 4.0 score of 2.1 reflects constrained real-world impact due to limited scope change and low-severity confidentiality/integrity/availability ratings - no public exploit identified in CISA KEV at time of analysis.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-11583 LOW POC Monitor

SQL injection in CodeAstro Student Attendance Management System 1.0 allows low-privileged authenticated remote attackers to manipulate backend database queries via the unsanitized `className` parameter in `/attendance-php/Admin/createClass.php`. A publicly available proof-of-concept exploit (CVSS E:P) lowers the barrier to exploitation, though the CVSS 4.0 score of 2.1 (Low) reflects constrained impact scope - all confidentiality, integrity, and availability impacts are rated Low with no scope change. No confirmed active exploitation (not in CISA KEV) has been identified at time of analysis.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-11559 LOW POC Monitor

SQL injection in CodeAstro Payroll System 1.0 exposes database records to manipulation via the ID parameter in /view_account.php, allowing a low-privileged authenticated remote attacker to read, alter, or partially disrupt payroll data. A public proof-of-concept exploit is available via GitHub, as reported by VulDB. Despite network accessibility and public PoC, the CVSS 4.0 score of 2.1 reflects constrained impact - limited to the vulnerable component with no lateral scope - and a mandatory low-privilege authentication prerequisite that tempers broad exploitation risk.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-11558 LOW POC Monitor

SQL injection in CodeAstro Payroll System 1.0 exposes payroll data to manipulation by authenticated low-privilege users via unsanitized input in the salary calculation endpoint. The vulnerability affects the `rate` and `salary_rate` parameters of `/home_salary.php`, where attacker-controlled values are passed directly into SQL queries without sanitization. Publicly available exploit code exists per GitHub references, though the vulnerability is not listed in the CISA KEV catalog and carries a CVSS 4.0 base score of only 2.1, reflecting constrained real-world impact due to authentication requirements and limited CIA impact ratings.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-11554 LOW POC Monitor

Least privilege violation in TOTOLINK CP450 router firmware 4.1.0cu.747 allows low-privileged remote attackers to perform unauthorized integrity-affecting actions via the vsftpd FTP service, whose configuration in /etc/vsftpd.conf grants excessive permissions beyond operational necessity. The vulnerability carries a low CVSS 4.0 score of 2.1, reflecting constrained impact limited to low integrity effects on the vulnerable system with no confidentiality or availability consequence. A publicly available proof-of-concept exploit exists, and no CISA KEV listing has been confirmed, indicating no known active widespread exploitation at time of analysis.

Information Disclosure Cp450
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-11533 LOW POC Monitor

Improper authorization in the imvks786 student_management_system PHP application allows authenticated low-privileged remote attackers to delete student records they are not authorized to remove via manipulation of the `del` parameter at the /see.php Student Deletion Endpoint. The vulnerability (CWE-285) stems from the application failing to verify that the requesting user holds sufficient privileges to perform the deletion action, effectively enabling horizontal or vertical privilege escalation within the data management scope. No public exploit identified at time of analysis via CISA KEV, though publicly available exploit code exists per the referenced GitHub issue disclosure.

PHP Authentication Bypass
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy