Skip to main content
CVE-2026-14609 LOW Monitor

Session fixation in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 enables remote attackers to pre-set a known session identifier in a victim's browser, then hijack the authenticated session after the victim logs in. The CVSS 4.0 score of 2.9 reflects limited impact scope (low confidentiality, integrity, and availability) combined with high attack complexity, though a public exploit has been released (E:P). No CISA KEV listing indicates no confirmed widespread active exploitation at time of analysis.

Session Fixation Information Disclosure Cet Automated Grading System With Ai Predictive Analytics
NVD VulDB
CVSS 4.0
2.9
EPSS
0.3%
CVE-2026-46466 LOW PATCH Monitor

Dell PowerProtect Data Domain's handling of a less-trusted data source allows a remote, high-privileged attacker to perform limited information tampering, classified under CWE-348. Affected are multiple release trains spanning versions 7.7.1.0 through 8.7, including LTS2024, LTS2025, and LTS2026 long-term support branches. With a CVSS base score of 2.7 (Low) and no confirmed active exploitation or public proof-of-concept, real-world impact is constrained by the high privilege requirement and the limited integrity-only scope of the vulnerability.

Dell Information Disclosure Powerprotect Data Domain
NVD VulDB
CVSS 3.1
2.7
EPSS
0.1%
CVE-2026-14608 LOW Monitor

Authorization bypass in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 allows authenticated remote attackers to view student records they are not authorized to access. By manipulating the ID parameter in POST requests to /index.php?action=view_student, a low-privileged user can enumerate or access other students' data. A public proof-of-concept exploit exists per the CVSS 4.0 E:P supplemental metric; no active exploitation confirmed in CISA KEV.

Authentication Bypass PHP
NVD VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-14617 LOW Monitor

Case-sensitivity bypass in NousResearch hermes-agent through version 2026.4.30 allows authenticated remote attackers to leak limited reasoning content that should have been scrubbed by the Streaming Reasoning Tag Filter. The vulnerability resides in `GatewayStreamConsumer._filter_and_accumulate` within `gateway/stream_consumer.py`, where tag matching fails to account for case variations, permitting reasoning tokens to escape filtration. A public proof-of-concept exploit has been disclosed; however, the vendor has formally declined to issue a patch, classifying the maintenance cost as disproportionate to the assessed risk.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.2%
CVE-2026-49838 MEDIUM POC PATCH GHSA This Month

CVE-2026-49838 is a vulnerability reported by Ubuntu with no description, CVSS score, CWE classification, or technical detail available at time of analysis. The CVE identifier falls in the 2026 range, suggesting this may be a recently reserved or embargoed entry. No impact, affected component, or exploitation vector can be determined from the provided data.

Information Disclosure
NVD GitHub
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy