Skip to main content
CVE-2026-12811 LOW POC PATCH Monitor

Reflected cross-site scripting in Suna's authentication endpoint allows remote attackers to execute arbitrary JavaScript in a victim's browser by manipulating the returnURL parameter passed to Next.js router.replace/router.push. All Suna releases from 0.8.0 through 0.8.38 are affected; the flaw spans every auth action (signIn, signUp, resetPassword, signInWithPassword, signUpWithPassword, sendOtpCode, resendMagicLink, installOwner) because none sanitized the returnUrl form field before use. A public proof-of-concept exploit exists (GitHub Gist by TrebledJ); no public exploitation confirmed and the vulnerability is not listed in CISA KEV.

XSS Suna
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-12796 LOW POC Monitor

Insufficient session expiration in LiteLLM's SSO authentication flow exposes deployments running versions 1.82.0 through 1.82.2 to unauthorized persistent session access by low-privileged authenticated users. The flaw resides in the `get_redirect_response_from_openid` function within the OpenID Connect callback handling code, allowing manipulation of the SSO redirect response to bypass session lifetime enforcement. No confirmed active exploitation (not in CISA KEV), but a publicly available proof-of-concept exploit on GitHub lowers the barrier to abuse, and the CVSS 4.0 vector explicitly encodes the exploit availability modifier E:P.

Information Disclosure Litellm
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-12805 LOW POC PATCH Monitor

Heap-based buffer overflow in OFFIS DCMTK's XMLNode::parseFile function (ofstd/libsrc/ofxml.cc) affects all versions through 3.7.0, exploitable by any remote party who can supply a crafted or non-seekable XML input to the parser. The root cause - confirmed by the upstream patch commit - is that the original guard `if (!l)` failed to catch a -1 return from ftell(), allowing a corrupted buffer size to propagate into heap allocation and subsequent write. A public proof-of-concept exploit exists per VulDB and a published Medium writeup; no active exploitation is confirmed via CISA KEV. The CVSS 4.0 score of 2.1 reflects passive-interaction and low-impact ratings, but the presence of public exploit code elevates practical risk for any DCMTK deployment that parses externally influenced XML files.

Buffer Overflow Heap Overflow Dcmtk
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-12770 LOW POC Monitor

Improper authorization in BerriAI LiteLLM versions 1.63.0-1.63.1 allows any authenticated user - holding any valid API key regardless of role - to perform admin-restricted operations on other users' API keys, including blocking, unblocking, and modifying budget limits via the `/key/block`, `/key/unblock`, and `/key/update` endpoints. The root cause, confirmed by GitHub PR #23781, is the complete absence of access-control enforcement on these endpoints despite their admin-only documentation. A publicly available proof-of-concept exploit exists on GitHub; this vulnerability is not in the CISA KEV catalog at time of analysis.

Authentication Bypass Litellm
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-12799 LOW POC Monitor

Improper authorization in BerriAI LiteLLM versions up to 1.82.2 allows authenticated low-privilege users to access user data beyond their permitted scope via the `ui_view_users` management endpoint - an incomplete remediation of the prior CVE-2025-0628 authorization bypass in the same function. A public proof-of-concept exploit is available on GitHub (YLChen-007), confirming practical exploitability. No active exploitation is confirmed (not in CISA KEV), and the authentication requirement (CVSS 4.0 PR:L) constrains the attacker pool to those already holding valid credentials on the target proxy.

Authentication Bypass Litellm
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-12798 LOW POC Monitor

Server-side request forgery in LiteLLM's experimental MCP OpenAPI Spec Loader allows authenticated remote attackers to coerce the server into issuing arbitrary HTTP requests by supplying a malicious `spec_path` value to the `load_openapi_spec_async` function. Affected versions are LiteLLM 1.82.0 through 1.82.2 as confirmed by EUVD. A public proof-of-concept exploit exists on GitHub, though the vulnerability is not in CISA KEV and the CVSS 4.0 score of 2.1 with E:P modifier reflects low-severity, authenticated exploitation with a known but apparently limited threat footprint.

SSRF Litellm
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-12797 LOW POC Monitor

Incorrect authorization in BerriAI LiteLLM's enterprise banned keywords hook allows remote low-privileged authenticated users to bypass prompt content filtering by manipulating the `prompt` argument to the `async_pre_call_hook` function in `enterprise/enterprise_hooks/banned_keywords.py`. All versions in the 1.82.x series up to and including 1.82.5 are confirmed affected. A public proof-of-concept exploit is available via GitHub Gist, materially increasing the risk for enterprise deployments that rely on the banned keywords feature as a compliance or safety enforcement boundary; no confirmed CISA KEV listing exists at time of analysis.

Authentication Bypass Litellm
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-12774 LOW POC Monitor

Server-side request forgery in BerriAI LiteLLM versions up to 1.82.2 allows authenticated remote attackers to induce the proxy server to make arbitrary outbound HTTP requests by manipulating the MCP (Model Context Protocol) Server Connection Testing endpoint. The vulnerable function `_execute_with_mcp_client` in the experimental MCP server component fails to validate or restrict user-supplied connection targets, enabling internal network probing, potential access to cloud metadata services, and circumvention of network segmentation controls. A publicly available proof-of-concept exploit exists (GitHub gist by YLChen-007); no CISA KEV listing was present at time of analysis. The CVSS 4.0 reported score of 2.1 reflects threat-metric downgrade from E:P (proof-of-concept) and should not be taken as indicative of low inherent exploitability - the base network vector with low-privilege access represents a meaningful internal network exposure risk.

SSRF Litellm
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-12772 LOW POC Monitor

Insufficient session expiration in LiteLLM's proxy authentication layer (versions 1.82.0 through 1.82.2) allows remote low-privileged users to reuse or manipulate session tokens generated by the PROXY_ADMIN API Key Generator beyond their intended validity window. The flaw resides in the `authenticate_user` function within `litellm/proxy/auth/login_utils.py`, where session/API key lifecycle management does not enforce expiration correctly per CWE-613. A public proof-of-concept exploit exists (GitHub gist), though no active exploitation has been confirmed via CISA KEV. The CVSS 4.0 score of 2.1 reflects a limited real-world blast radius despite the network-accessible attack vector.

Information Disclosure Litellm
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-12814 LOW POC Monitor

OS command injection in Comfast CF-WR631AX V3 firmware (versions 2.7.0.0 through 2.7.0.8) allows an authenticated remote attacker to execute arbitrary operating system commands by injecting shell metacharacters into the `destination` parameter of the ping configuration API endpoint at /cgi-bin/mbox-config?section=ping_config. A detailed public exploit analysis report is available on GitHub, materially lowering the exploitation barrier, though no CISA KEV listing confirms active in-the-wild campaigns at time of analysis. The vendor was notified prior to disclosure and did not respond, leaving all known firmware versions without a patch.

Command Injection Cf Wr631Ax V3
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
1.2%
CVE-2026-12813 LOW POC Monitor

Server-side request forgery in Activepieces through version 0.83.0 enables authenticated remote attackers to coerce the server into issuing arbitrary HTTP requests to attacker-controlled destinations via the `handleUrlFile` function in the File URL Handler component. The vulnerability spans the entire documented release history from 0.1 to 0.83.0, and a public exploit write-up is available on GitHub, materially lowering the exploitation barrier. The vendor did not respond to responsible disclosure, meaning no patch has been released at time of analysis and no official remediation guidance exists.

SSRF Activepieces
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-12810 LOW POC Monitor

Command injection in the Edimax BR-6478AC V2 router (firmware 1.23) allows network-adjacent authenticated attackers to execute arbitrary OS commands via the `command` argument in POST requests to the `/goform/mp` endpoint. The vulnerability is rooted in insufficient input sanitization in the `mp` form handler, exposing the router's underlying OS to attacker-controlled commands. A public proof-of-concept exploit has been released and the vendor has not responded to disclosure, leaving no patch available - the device remains unmitigated at time of analysis.

Command Injection Br 6478Ac V2
NVD VulDB
CVSS 4.0
2.1
EPSS
1.2%
CVE-2026-12809 LOW POC Monitor

Command injection in Edimax BR-6478AC V2 firmware 1.23 allows remote attackers with low-privilege credentials to execute arbitrary OS commands by embedding shell metacharacters in the `newpass` argument of POST requests to the `/goform/wiz_5in1_redirect` endpoint. A public proof-of-concept exploit exists and is referenced in the VulDB disclosure, making this straightforwardly reproducible. The vendor has not responded to coordinated disclosure, leaving no official patch available - a significant concern for a SOHO network gateway that sits at the perimeter of home and small-office networks.

Command Injection Br 6478Ac V2
NVD VulDB
CVSS 4.0
2.1
EPSS
1.2%
CVE-2026-12808 LOW POC Monitor

Command injection in the Edimax BR-6478AC V2 router (firmware 1.23) allows authenticated remote attackers to execute arbitrary OS commands by manipulating the `interface` argument in POST requests to `/goform/stainfo`. No patch is available - Edimax did not respond to coordinated disclosure - and a public proof-of-concept exploit exists, making this a persistent, unmitigated risk on deployed devices. The vendor-reported CVSS 4.0 score of 2.1 appears to significantly understate actual impact, as unrestricted command injection on embedded router firmware typically enables full system control rather than merely low-severity limited access.

Command Injection Br 6478Ac V2
NVD VulDB
CVSS 4.0
2.1
EPSS
1.2%
CVE-2026-12807 LOW POC Monitor

Command injection in Edimax BR-6478AC V2 firmware 1.23 allows remote attackers with low-privileged web interface access to execute arbitrary OS commands by injecting shell metacharacters into WAN credential parameters submitted via POST to /goform/setWAN. A public proof-of-concept exploit is documented and available, the vendor did not respond to coordinated disclosure, and no patch exists - leaving only compensating controls as mitigation. No public exploit identified at time of analysis in CISA KEV, but the combination of public PoC, zero vendor response, and SOHO device deployment patterns represents materially elevated real-world risk.

Command Injection Br 6478Ac V2
NVD VulDB
CVSS 4.0
2.1
EPSS
1.2%
CVE-2026-12788 LOW POC Monitor

XML External Entity (XXE) injection in zhilink ADP Application Developer Platform 1.0.0 enables authenticated remote attackers to manipulate the XML parser at the /adpweb/a/base/barcodeDetail/import endpoint, potentially exposing local files or facilitating server-side request forgery against internal infrastructure. The CVSS 4.0 vector (PR:L, E:P) confirms low-privilege exploitation with a publicly disclosed proof-of-concept published on Feishu. The vendor did not respond to pre-disclosure contact, leaving no official patch available at time of analysis.

XXE Adp Application Developer Platform
NVD VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-12787 LOW POC Monitor

Unsafe deserialization in zhilink ADP Application Developer Platform 1.0.0 exposes the testConnection endpoint to remote exploitation by low-privilege authenticated users via manipulation of the jdbcUrl parameter. A public exploit has been published (linked via Feishu document) despite vendor non-response to coordinated disclosure. No public exploit identified at time of analysis meets the KEV threshold, but the combination of public PoC, network-accessible endpoint, and no patch raises operational risk - particularly for organizations running this Chinese low-code/RAD platform internally.

Deserialization Adp Application Developer Platform
NVD VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-12776 LOW POC Monitor

SQL injection in Montodel House-Rental-Management exposes database contents and integrity to authenticated remote attackers via the unsanitized ID parameter at /index.php?page=houses. All tracked commits up to 90010017b81265eb1ef3810268909f7719a33863 are affected, with no patched release available as the vendor did not respond to coordinated disclosure. Publicly available exploit code exists (E:P in the CVSS 4.0 vector), lowering the bar for exploitation; however, the required authenticated context and limited per-query impact keep the overall risk score low at CVSS 4.0 2.1.

SQLi PHP House Rental Management
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-12771 LOW POC Monitor

Improper authorization in LiteLLM's M2M JWT Handler (litellm/proxy/auth/user_api_key_auth.py) enables remote attackers holding low-level credentials to bypass authorization controls in versions 1.82.0 through 1.82.2. The flaw resides in the machine-to-machine JWT authentication pathway of the LiteLLM proxy layer, where manipulated JWT inputs cause the handler to make incorrect authorization decisions, potentially granting unauthorized access to proxied LLM API resources. No active exploitation has been confirmed by CISA KEV, though publicly available exploit code exists (GitHub gist by YLChen-007), and the CVSS 4.0 vector carries an E:P temporal modifier reflecting this proof-of-concept availability; overall risk is tempered by high attack complexity.

Authentication Bypass Litellm
NVD VulDB GitHub
CVSS 4.0
1.3
EPSS
0.2%
CVE-2026-12821 LOW Monitor

Path traversal in FlowiseAI Flowise's S3 Document Loader component (packages/components/nodes/documentloaders/S3/S3.ts) enables authenticated remote attackers to manipulate S3 object key inputs to access files outside the intended storage scope. Versions 3.1.0 through 3.1.2 are confirmed affected. Publicly available exploit code exists (E:P in the CVSS 4.0 vector), and the vendor did not respond to responsible disclosure, leaving no vendor-confirmed patch at time of analysis.

Path Traversal Flowise
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-12815 LOW Monitor

OS command injection in Coolify 4.0.0's Image Name Handler allows authenticated remote attackers to execute arbitrary operating system commands by manipulating image name inputs. Coolify is a self-hosted PaaS that orchestrates Docker deployments, making server-side command injection in its image handling pipeline particularly high-impact - the platform typically operates with Docker daemon privileges. Publicly available exploit code exists (CVSS 4.0 E:P, corroborated by a GitHub PoC writeup); no public confirmation of active exploitation is present, and no vendor response to the coordinated disclosure was received.

Command Injection Coolify
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
1.2%
CVE-2026-12804 LOW Monitor

Open redirect in LemonLDAP::NG versions up to and including 2.23.0 allows unauthenticated remote attackers to manipulate the `url` argument within the SAML Common Domain Cookie (CDC) endpoint, causing authenticated SSO users to be silently forwarded to arbitrary attacker-controlled domains. The SSO context makes this particularly high-consequence for phishing: victims trust the identity provider's domain, lowering suspicion of the crafted redirect URL. Publicly available exploit code exists (CVSS 4.0 E:P); no vendor patch has been confirmed, as the vendor was unresponsive to responsible disclosure by VulDB.

Open Redirect Lemonldap Ng
NVD VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-12789 LOW Monitor

SQL injection in ILIAS Learning Management System 11.0 allows a remote, high-privileged attacker to manipulate database queries via the Learning Progress Tracking component. The `troup_table_nav` argument passed to `ilTrQuery::executeQueries` in `components/ILIAS/Tracking/classes/class.ilTrQuery.php` is incorporated into SQL statements without adequate sanitization, enabling low-impact reads and writes against the underlying database. Publicly available exploit code exists (CVSS 4.0 E:P), and the vendor did not respond to pre-disclosure contact, meaning no official patch has been issued.

SQLi PHP Learning Management System
NVD VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2026-12812 LOW Monitor

HTML injection in Radware Cyber Controller's HTML Report Generation component allows authenticated remote attackers to embed arbitrary HTML tags - including script-related content - into generated reports, enabling potential cross-site scripting scenarios targeting users who view those reports. All 10.x releases through 10.11.0 are confirmed affected per ENISA EUVD-2026-38198. A public proof-of-concept exploit has been disclosed (CVSS 4.0 E:P); the vendor was notified but did not respond, leaving no vendor-released patch available at time of analysis.

XSS Cyber Controller
NVD VulDB
CVSS 4.0
2.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy