Session fixation in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 enables remote attackers to pre-set a known session identifier in a victim's browser, then hijack the authenticated session after the victim logs in. The CVSS 4.0 score of 2.9 reflects limited impact scope (low confidentiality, integrity, and availability) combined with high attack complexity, though a public exploit has been released (E:P). No CISA KEV listing indicates no confirmed widespread active exploitation at time of analysis.
Dell PowerProtect Data Domain's handling of a less-trusted data source allows a remote, high-privileged attacker to perform limited information tampering, classified under CWE-348. Affected are multiple release trains spanning versions 7.7.1.0 through 8.7, including LTS2024, LTS2025, and LTS2026 long-term support branches. With a CVSS base score of 2.7 (Low) and no confirmed active exploitation or public proof-of-concept, real-world impact is constrained by the high privilege requirement and the limited integrity-only scope of the vulnerability.
Authorization bypass in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 allows authenticated remote attackers to view student records they are not authorized to access. By manipulating the ID parameter in POST requests to /index.php?action=view_student, a low-privileged user can enumerate or access other students' data. A public proof-of-concept exploit exists per the CVSS 4.0 E:P supplemental metric; no active exploitation confirmed in CISA KEV.
Case-sensitivity bypass in NousResearch hermes-agent through version 2026.4.30 allows authenticated remote attackers to leak limited reasoning content that should have been scrubbed by the Streaming Reasoning Tag Filter. The vulnerability resides in `GatewayStreamConsumer._filter_and_accumulate` within `gateway/stream_consumer.py`, where tag matching fails to account for case variations, permitting reasoning tokens to escape filtration. A public proof-of-concept exploit has been disclosed; however, the vendor has formally declined to issue a patch, classifying the maintenance cost as disproportionate to the assessed risk.
CVE-2026-49838 is a vulnerability reported by Ubuntu with no description, CVSS score, CWE classification, or technical detail available at time of analysis. The CVE identifier falls in the 2026 range, suggesting this may be a recently reserved or embargoed entry. No impact, affected component, or exploitation vector can be determined from the provided data.