Skip to main content
CVE-2026-14725 LOW POC Monitor

Insufficient session expiration in SourceCodester Online Boat Reservation System 1.0 allows a remote, low-privileged attacker to reuse a previously issued session token after it should have been invalidated, gaining unauthorized access to authenticated application functionality. The CWE-613 root cause indicates the application fails to properly terminate sessions on logout or timeout. A publicly available exploit demonstrates the flaw, as confirmed by a Medium writeup linked in the references.

Information Disclosure Online Boat Reservation System
NVD VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-14698 LOW POC Monitor

Unrestricted file upload in SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0 allows low-privileged remote attackers to upload arbitrary file types via the upload_files.php endpoint, with potential for remote code execution through PHP webshell deployment given the application's PHP runtime environment. The vulnerability is rooted in CWE-434 and carries a network-accessible attack vector with no special configuration required beyond a valid user account. A public proof-of-concept exploit is confirmed available on Pastebin; no CISA KEV listing has been identified at time of analysis.

PHP File Upload Syllabus Aligned Learning Management And Examination System
NVD VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-14774 LOW POC Monitor

SQL injection in itsourcecode Hospital Management System 1.0 exposes the `/paymentdischarge.php` endpoint to database manipulation via the unsanitized `patientid` parameter. Low-privileged authenticated attackers can exploit this remotely with no user interaction required, achieving limited read, write, and availability impact against the underlying database. No public KEV listing, but a proof-of-concept exploit is publicly disclosed on GitHub, meaningfully lowering the bar for opportunistic exploitation in any internet-exposed deployment.

SQLi PHP Hospital Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-14773 LOW POC Monitor

SQL injection in itsourcecode Hospital Management System 1.0 exposes the /payment.php endpoint to database manipulation via an unsanitized `patientid` parameter, exploitable by any authenticated low-privilege user over the network. The CVSS 4.0 vector (PR:L, AV:N) confirms remote exploitation is feasible with only a basic account, and partial confidentiality, integrity, and availability impact is expected against the underlying database. Publicly available exploit code exists on GitHub, materially lowering the skill threshold for exploitation despite the moderate 5.3 CVSS score.

SQLi PHP Hospital Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-14766 LOW POC Monitor

SQL injection in CodeAstro Apartment Visitor Management System 1.0 exposes the `/apartment-visitor/search-result.php` endpoint to remote exploitation via the `searchdata` POST parameter, allowing low-privileged authenticated attackers to read, modify, or partially disrupt underlying database contents. A public proof-of-concept exploit exists on GitHub, lowering the skill barrier for opportunistic attacks against any internet-facing deployment. No CISA KEV listing has been confirmed, and the CVSS 4.0 score of 5.3 reflects a limited partial-impact scope; however, the POC's availability meaningfully elevates real-world exploitation probability above what the score alone suggests.

SQLi PHP Apartment Visitor Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-14751 LOW POC Monitor

SQL injection in stumasy's notes search functionality exposes authenticated remote attackers to database manipulation via the unsanitized `field_name` parameter in `Notes_controller::search_scratch_data`. The affected PHP application by developer mjperpinosa has a publicly available proof-of-concept exploit filed as GitHub issue #7, and the maintainer has not responded to disclosure, leaving all users on any commit through 327d1b0f2915ba79d7ef8ebb74553e987609d9be without a remediation path. No public exploit identified at time of analysis meets the KEV threshold, but the confirmed POC and absence of vendor response meaningfully elevate operational risk.

SQLi PHP Stumasy
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-14717 LOW POC Monitor

SQL injection in itsourcecode Hospital Management System 1.0 allows remote attackers with low-level privileges to manipulate the `loginid` parameter in `/patientlogin.php`, enabling unauthorized database read, modification, or deletion operations. The vulnerability scores 5.3 on CVSS 4.0 and is compounded by a publicly available proof-of-concept exploit published on GitHub, materially lowering the barrier to opportunistic attack. No CISA KEV listing has been identified, but the public POC and low attack complexity make any internet-exposed deployment an actionable target.

SQLi PHP Hospital Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-14706 LOW POC Monitor

SQL injection in code-projects Online Examination 1.0 allows authenticated remote attackers to manipulate database queries through multiple unsanitized parameters in the Quiz Creation Feature. The endpoint /update.php?q=addquiz accepts user-supplied input for the name, total, right, wrong, time, tag, and desc arguments without adequate sanitization, enabling read and write access to the underlying database. A public proof-of-concept exploit exists on GitHub, though the application's extremely limited deployment footprint constrains real-world impact.

SQLi PHP Online Examination
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-14703 LOW POC Monitor

SQL injection in itsourcecode Hospital Management System 1.0 allows authenticated remote attackers to manipulate the `editid` parameter in `/patientorder.php`, potentially exposing or modifying patient order records and underlying database contents. The CVSS 4.0 vector (PR:L, E:P) confirms low-privilege authentication is required and that a public exploit has been disclosed via GitHub. While the base impact metrics are rated Low across confidentiality, integrity, and availability, the sensitivity of healthcare data in scope and the trivially available proof-of-concept raise practical risk above what the numeric score alone suggests.

SQLi PHP Hospital Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-14701 LOW POC Monitor

SQL injection in code-projects Internship Management System 1.0 exposes authenticated employer accounts to database query manipulation via the `Current` parameter in the password change endpoint (`employer/details/change_password.php`). The flaw carries a CVSS 4.0 score of 5.3, is rooted in unsanitized PHP input passed directly into SQL queries (CWE-89), and has a publicly available proof-of-concept exploit on GitHub. No public exploit identified as confirmed in CISA KEV, but the combination of low attack complexity and public PoC meaningfully raises real-world exploitation likelihood against any internet-exposed deployment.

SQLi PHP Internship Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-14694 LOW POC Monitor

SQL injection in SourceCodester Multi-Vendor Online Grocery Management System 1.0 allows a remote low-privileged attacker to manipulate database queries via the `ID` POST parameter in the `cancel_order` function of `classes/Master.php`. The flaw is a classic CWE-89 unsanitized parameter passed directly into a SQL statement, enabling data extraction, modification, or potential authentication bypass within the application database. A publicly available proof-of-concept exploit exists (GitHub issue linked in references), raising the practical risk beyond the conservative CVSS 4.0 base score of 2.1.

SQLi PHP Multi Vendor Online Grocery Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-14692 LOW POC Monitor

SQL injection in SourceCodester Multi-Vendor Online Grocery Management System versions 1.0 and 5.7.26 allows remote authenticated attackers to manipulate backend database queries through unsanitized POST parameters passed to the `save_shop_type` function in `classes/Master.php`. A public proof-of-concept exploit is available via GitHub, lowering the exploitation barrier for any actor who has obtained application credentials. The CVSS 4.0 score of 2.1 reflects partial confidentiality, integrity, and availability impact rather than full database compromise, and no patch has been confirmed available at time of analysis.

SQLi PHP Multi Vendor Online Grocery Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-14689 LOW POC Monitor

SQL injection in CodeAstro Apartment Visitor Management System 1.0 enables remote, low-privilege authenticated attackers to manipulate backend database queries via the `apartmentno` parameter in `/apartment-visitor/add-apartment.php`. The CVSS 4.0 score of 2.1 reflects a constrained impact scope (low C/I/A on the vulnerable system, no downstream system impact), but the presence of a publicly available proof-of-concept lowers the exploitation bar significantly. Real-world impact could extend beyond the CVSS score if the database user holds elevated permissions, potentially enabling unauthorized data extraction or record manipulation across the application's dataset. No public exploit identified via CISA KEV; no vendor patch identified at time of analysis.

SQLi PHP Apartment Visitor Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-14686 LOW POC Monitor

Incorrect comparison in HdrHistogram's DoubleHistogram.recordValue() range check allows a local, low-privileged attacker to manipulate histogram integrity by recording out-of-range values that bypass the bounds check. Versions up to and including 2.2.2 are affected. No public exploit identified at time of analysis - publicly available exploit code exists, and the project maintainer has not responded to the responsible disclosure, leaving the vulnerability unpatched.

Java Information Disclosure Hdrhistogram
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.2%
CVE-2026-14759 LOW POC PATCH Monitor

Heap-based buffer overflow in radare2's Java binary parser (all versions up to 6.1.6) allows a local, low-privileged attacker to crash the tool by supplying a crafted Java class file with a malformed Line Number Table attribute. The vulnerable function `r_bin_java_inner_classes_attr_calc_size()` in `shlr/java/class.c` miscalculates buffer sizes, resulting in a heap write beyond allocated bounds and a denial-of-service outcome. A public proof-of-concept exists via GitHub issue #26043; no active exploitation has been confirmed by CISA KEV, and impact is confined to availability with no confidentiality or integrity effects.

Heap Overflow Java Buffer Overflow Radare2
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-14760 LOW POC PATCH Monitor

Use-after-free in radare2's regprofile handler crashes the application for local users on versions up to 6.1.6. The vulnerable function r_core_seek_arch_bits in libr/core/disasm.c mismanages memory during architecture bit-seeking operations, allowing a local attacker with standard user privileges to trigger application termination. No confidentiality or integrity impact is present; this is a denial-of-service class finding with a publicly available proof-of-concept and no confirmed active exploitation in the wild.

Memory Corruption Denial Of Service Use After Free Radare2
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-14736 MEDIUM This Month

Unrestricted file upload in Ruijie RG-UAC unified access controller appliances (all versions through 1.0-R1.8.2.p5) allows unauthenticated remote attackers to upload arbitrary files via the upload_image parameter in user_auth_commit.php. The combination of an authentication bypass (CWE-284) and unrestricted file type acceptance creates a pathway to persistent server-side code execution if uploaded content reaches an executable web path. A public proof-of-concept exploit exists, elevating the urgency of remediation despite the absence of a CISA KEV listing.

Authentication Bypass File Upload PHP
NVD VulDB
CVSS 4.0
5.5
EPSS
0.5%
CVE-2026-14735 MEDIUM This Month

SQL injection in code-projects Smart Parking System 1.0 exposes the `/parkings/parkings.php` endpoint to remote unauthenticated exploitation via unsanitized `street`, `city`, and `status` parameters. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms zero-barrier network access with no authentication or user interaction required. A public proof-of-concept has been disclosed via a Medium article specifically documenting escalation from SQL injection to arbitrary file read, materially increasing real-world risk beyond the moderate base score of 5.5.

SQLi PHP
NVD VulDB
CVSS 4.0
5.5
EPSS
0.4%
CVE-2026-14734 MEDIUM This Month

SQL injection in SourceCodester Class and Exam Timetabling System 1.0 exposes the application's database to remote, unauthenticated attackers through the unsanitized ID parameter in /edit_product.php. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms trivial remote access with no prerequisites, yielding low-rated but real confidentiality, integrity, and availability impact against the underlying database. No public exploit identified at time of analysis is contradicted by the description and E:P supplemental metric - a public exploit exists, elevating the practical risk above what the 5.5 base score alone suggests for any internet-exposed instance.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.4%
CVE-2026-14753 MEDIUM This Month

Authorization bypass in stumasy, a PHP-based student management system, exposes the Note Handler and Assignment Handler endpoints at /PHP/objects/notes to unauthenticated remote exploitation by manipulating the assignment_item_id parameter. The flaw (CWE-285: Improper Authorization) allows an attacker to read, modify, or otherwise interact with notes and assignment records belonging to other users without possessing the required authorization. Public exploit code exists per the CVSS 4.0 E:P threat metric, and the project maintainer has not responded to the disclosure, meaning no patch is available at time of analysis.

Authentication Bypass PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-14772 MEDIUM This Month

SQL injection in SourceCodester Class and Exam Timetabling System 1.0 exposes the /edit_course1.php endpoint to remote, unauthenticated database manipulation via an unsanitized ID parameter. The CVSS 4.0 vector (PR:N, AV:N, AC:L) confirms no authentication is required and the attack is trivially executable over the network. Exploit code has been publicly disclosed per VulDB submission and a GitHub issue report, with the E:P modifier in the CVSS 4.0 vector corroborating proof-of-concept availability - though no CISA KEV listing indicates confirmed active exploitation at time of analysis.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-14770 MEDIUM This Month

SQL injection in SourceCodester Class and Exam Timetabling System 1.0 exposes the application's database to unauthenticated remote attackers via the unsanitized ID parameter in /edit_room.php. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no authentication or special conditions are required, and the E:P supplemental metric confirms public exploit code exists. An attacker can read, modify, or partially disrupt the underlying database without any prior access to the application.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-14768 MEDIUM This Month

SQL injection in code-projects Real State Services 1.0 exposes the `/builderHome.php` endpoint to unauthenticated remote attackers who can manipulate database queries via the unsanitized `loc` parameter. A public proof-of-concept exploit exists (referenced via GitHub), lowering the exploitation barrier to script-kiddie level. No KEV listing exists, and the product's limited real-world deployment constrains overall population risk despite the trivial attack conditions.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-14762 MEDIUM This Month

SQL injection in code-projects Hotel and Tourism Reservation 1.0 exposes the backend database through the Room Management Page at /admin/rooms.php, where the `delete` parameter is passed unsanitized into SQL queries. Remote attackers can exploit this to read, modify, or potentially delete database records. Publicly available exploit code exists per the GitHub advisory by anubhavv106, raising the operational risk despite the moderate CVSS 4.0 score of 5.5 and absence of a CISA KEV listing.

SQLi PHP
NVD VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-14754 MEDIUM This Month

SQL injection in code-projects Hotel and Tourism Reservation 1.0 exposes the admin panel endpoint /admin/add_room.php to database manipulation via multiple unsanitized parameters. A proof-of-concept exploit has been publicly documented in a Medium article, lowering the barrier for opportunistic exploitation. The CVSS 4.0 vector rates this as network-reachable with no authentication required (PR:N), though this conflicts with the admin-panel location of the endpoint - a discrepancy that should be verified, as exploitation scope depends entirely on whether the admin interface enforces access controls.

SQLi PHP
NVD VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-14733 MEDIUM This Month

SQL injection in SourceCodester Class and Exam Timetabling System 1.0 exposes the application's database to unauthenticated remote attackers through the unsanitized 'ID' parameter in /edit_coursea.php. The CVSS 4.0 E:P modifier and the CVE description both confirm that public exploit code exists, lowering the bar for opportunistic exploitation. Impact is assessed as limited across confidentiality, integrity, and availability (all Low), but the absence of authentication requirements makes this accessible to any network-reachable attacker.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-14732 MEDIUM This Month

SQL injection in SourceCodester Class and Exam Timetabling System 1.0 exposes the application's database through the unsanitized ID parameter in /edit_exam.php, reachable by unauthenticated remote attackers. The exploit has been publicly disclosed (CVSS 4.0 E:P), allowing any actor with network access to enumerate, read, or manipulate database contents. No KEV listing is present; exploitation appears opportunistic rather than targeted, consistent with the niche deployment footprint of this product.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-10657 MEDIUM PATCH This Month

Out-of-bounds read in Zephyr RTOS's mDNS detection logic crashes devices resolving short-suffix hostnames when CONFIG_MDNS_RESOLVER is compiled in. The flaw in dns_resolve_name_internal() reads a fixed 7 bytes from a suffix pointer regardless of the actual string length, causing a 1-2 byte over-read past the NUL terminator for suffixes like .org, .com, .net, or .io. Under the specific runtime condition of a tightly-sized allocation adjacent to an unmapped boundary (guard page, MPU domain, or ASAN), the over-read faults and crashes the device; no public exploit has been identified at time of analysis and CVSS 3.7 with AC:H accurately reflects the narrow crash preconditions.

Denial Of Service Buffer Overflow Information Disclosure Zephyr
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-59519 MEDIUM This Month

Sensitive data exposure in Softaculous FormLayer WordPress plugin through version 1.0.6 allows remote unauthenticated attackers to retrieve embedded sensitive information from data transmitted by the plugin. The root cause (CWE-201) indicates the plugin inserts sensitive content - potentially API keys, tokens, or internal configuration - into outbound data visible to requesting clients. No public exploit code and no active exploitation have been identified at time of analysis, though the CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms trivial remote accessibility.

Information Disclosure Formlayer
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-59511 MEDIUM This Month

Sensitive data exposure in Exclusive Addons Elementor (WordPress plugin by Tim Strifler) through version 2.7.9.9 enables unauthenticated remote attackers to retrieve sensitive information embedded within HTTP responses. The CWE-201 root cause indicates the plugin incorrectly includes sensitive data in outbound responses accessible to any network client without authentication, as confirmed by the CVSS vector (PR:N/UI:N). No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, though the network-accessible, zero-prerequisite attack surface warrants prompt patching on internet-facing WordPress installations.

Information Disclosure Exclusive Addons Elementor
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-49099 MEDIUM PATCH This Month

Header injection in Apache Camel's camel-salesforce component allows any HTTP client to override SOQL queries, SOSL searches, Salesforce object targets, and Apex REST endpoints by setting non-Camel-prefixed Exchange headers that the framework's HttpHeaderFilterStrategy fails to block. Routes that bridge an HTTP consumer (such as platform-http) into a salesforce: producer are the attack surface; when that HTTP consumer is unauthenticated, exploitation requires zero attacker credentials. All injected operations execute under the configured Salesforce integration user's permissions, which are typically broad, enabling unauthorized data exfiltration or destructive CRUD and Apex calls across the organization's Salesforce instance. No public exploit has been identified and the vulnerability is not listed in the CISA KEV catalog at time of analysis.

Authentication Bypass Microsoft Apache Camel
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-49098 MEDIUM PATCH This Month

Header injection in Apache Camel's camel-kafka component allows HTTP clients to redirect Kafka messages to arbitrary topics in routes that bridge an HTTP consumer into a Kafka producer. The kafka.OVERRIDE_TOPIC, kafka.OVERRIDE_TIMESTAMP, and kafka.PARTITION_KEY Exchange header constants used non-CamelKafka-prefixed names, causing them to bypass HttpHeaderFilterStrategy - which blocks only the Camel/camel namespace - while remaining readable by KafkaProducer.evaluateTopic() as authoritative control directives. No public exploit code has been identified and no CISA KEV listing exists at time of analysis, but when the HTTP ingress is unauthenticated the attack requires only a standard HTTP client and a known Kafka topic name.

Microsoft Apache Information Disclosure Camel
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-48206 MEDIUM PATCH This Month

Authorization bypass in Apache Camel's camel-jira component (versions 4.0.0 through pre-4.21.0) allows unauthenticated HTTP clients - in routes that bridge an HTTP consumer to a jira: producer - to drive arbitrary JIRA issue operations using the endpoint's configured service-account credentials, including deleting or transitioning issues, creating issues in unauthorized projects, modifying fields, and manipulating watchers. The root cause is that JIRA control header constants (IssueKey, ProjectKey, IssueTransitionId, linkType, and others) use non-Camel-prefixed string values, bypassing the HttpHeaderFilterStrategy which only guards the 'Camel/'/'camel' header namespace at the HTTP boundary. Fixes are confirmed in 4.14.8, 4.18.3, and 4.21.0; no public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA KEV.

Atlassian Microsoft Apache Authentication Bypass Camel
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-56139 MEDIUM PATCH This Month

Information disclosure in Apache Camel's camel-undertow HTTP server consumer (versions 4.0.0 through 4.21.0) exposes complete Java stack traces to unauthenticated HTTP clients whenever a route processing exception occurs, due to a misconfigured default and a code-level bypass. Unlike every other Camel HTTP server component (camel-http, camel-jetty, camel-servlet, camel-platform-http), all of which default muteException to true, camel-undertow defaulted this option to false - and for Rest DSL consumers the option was silently ignored entirely due to a hard-coded false in RestUndertowHttpBinding, meaning muteException=true gave false confidence without actual protection. No public exploit has been identified at time of analysis; however exploitation requires only the ability to send a malformed HTTP request to a reachable endpoint, making this trivially accessible to any network-level attacker.

Apache Java Information Disclosure Camel
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-49365 MEDIUM PATCH This Month

Stack trace disclosure in Apache Camel's camel-netty-http component (versions 4.0.0-4.21.0 across three release streams) exposes full Java Throwable stack traces to unauthenticated HTTP clients whenever a route processing error occurs under the default configuration. The root cause is an insecure default: the muteException option backed by an uninitialized Java primitive boolean defaulted to false in camel-netty-http while all other Camel HTTP server components (camel-http, camel-jetty, camel-servlet, camel-platform-http) correctly default it to true. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, but the low-effort triggering condition - any malformed request that causes a route exception - makes opportunistic enumeration straightforward against exposed endpoints.

Apache Java Information Disclosure Camel
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-14742 LOW POC PATCH Monitor

Weak hashing in LangGraph's Task Result Cache exposes low-privilege authenticated users to hash collision attacks that can leak cached task results across isolation boundaries. All LangGraph versions through 1.2.4 are affected via the `_freeze` function in `libs/langgraph/langgraph/_internal/_cache.py`. A public proof-of-concept is disclosed at GitHub issue #8009, though the CVSS 4.0 score of 2.3 and AC:H rating reflect genuinely high exploitation difficulty; this is not listed in CISA KEV and no active exploitation has been reported.

Information Disclosure Langgraph
NVD VulDB GitHub
CVSS 4.0
1.3
EPSS
0.2%
CVE-2026-14702 LOW POC PATCH Monitor

Insufficiently random temporary file naming in markdownify-mcp (zcaceres, versions through 1.1.0) exposes transiently written content to local users who can predict or race the generated file path. The saveToTempFile function in src/Markdownify.ts affects the webpage-to-markdown, youtube-to-markdown, and bing-search-to-markdown conversion pipelines, allowing a co-located attacker to read converted content before cleanup. No active exploitation has been confirmed (not in CISA KEV), though a proof-of-concept is publicly available; the overall risk is low given the local-only, high-complexity attack requirements reflected in the CVSS 4.0 score of 2.0.

Information Disclosure Markdownify Mcp
NVD VulDB GitHub
CVSS 4.0
1.1
EPSS
0.1%
CVE-2026-14781 MEDIUM This Month

Keycloak's OIDC broker incorrectly applies the email_verified claim from the id_token to whichever email address is returned by the userinfo endpoint, even when those two sources disagree. An attacker who controls or compromises an upstream OIDC identity provider can exploit this desynchronization - configured with trustEmail=true - to mark an arbitrary, attacker-chosen email address as verified in Keycloak's database. The practical consequence is bypassing email verification workflows or triggering account linkage/takeover in applications that trust the email_verified flag from Keycloak for identity decisions. No public exploit code exists and no CISA KEV listing applies at time of analysis.

Authentication Bypass Red Hat Build Of Keycloak Red Hat Data Grid 8 Red Hat Jboss Enterprise Application Platform Expansion Pack Red Hat Single Sign On 7 +1
NVD VulDB
CVSS 3.1
4.8
EPSS
0.2%
CVE-2026-14699 MEDIUM PATCH This Month

Symlink following in zcaceres markdownify-mcp up to version 1.1.0 allows a local low-privilege user to read files outside the intended directory boundary by exploiting insufficient path resolution in the `assertPathAllowed` function of `src/Markdownify.ts`. The function evaluates the user-supplied symbolic path rather than its canonicalized target, enabling an attacker to bypass the path restriction check and disclose arbitrary local files. No public exploit code exists at time of analysis, the vulnerability is not listed in CISA KEV, and a fix is pending as an unmerged pull request.

Information Disclosure Markdownify Mcp
NVD VulDB GitHub
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-14723 MEDIUM PATCH This Month

Unsafe deserialization in AD-Security AD_Miner 1.9.0 allows a local low-privilege attacker to achieve code execution by supplying a crafted serialized payload as the sys.argv[1] argument to the Cache Handler's request_a function in analyse_cache.py. The attack is strictly local with no network exposure, and impacts confidentiality, integrity, and availability at a low level within the vulnerable process. No public exploit has been identified; an upstream fix exists as GitHub PR #239 but awaits acceptance, meaning no released patched version is currently available.

Deserialization Ad Miner
NVD VulDB GitHub
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-10656 MEDIUM PATCH This Month

NULL pointer dereference in the Zephyr RTOS MAX32xxx USB device controller driver (udc_max32.c) crashes devices running Zephyr v4.4.0 when a physically connected USB host aborts an in-flight EP0 control transfer by sending a new SETUP packet - a completely legal USB protocol action. The race condition between interrupt-queued transfer-completion events and asynchronous FIFO draining by the driver thread causes net_buf_add(NULL, ...) when udc_buf_get() returns NULL on an empty FIFO, producing a near-NULL pointer dereference and device fault. No active exploitation has been confirmed (not in CISA KEV), and no public proof-of-concept code has been identified at time of analysis; real-world risk is constrained by the physical access prerequisite and the specific MAX32xxx hardware dependency.

Denial Of Service Null Pointer Dereference Zephyr
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.2%
CVE-2026-59520 MEDIUM This Month

Cross-Site Request Forgery in the CrawlWP SEO WordPress plugin (versions through 3.0.16) allows an unauthenticated attacker to perform unauthorized state-changing actions on behalf of an authenticated site administrator. Exploitation requires social engineering - a logged-in admin must be tricked into visiting a malicious page that silently submits a forged request. The integrity impact is low, limited to unauthorized configuration changes within the plugin's functionality. No public exploit code or active exploitation has been identified at time of analysis, consistent with the vulnerability's low CVSS base score of 4.3.

CSRF Crawlwp Seo
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-56140 CRITICAL PATCH Act Now

Improper input validation (CWE-20) in the camel-aws2-sns component of Apache Camel stems from a missing inbound HeaderFilterStrategy rule on Sns2HeaderFilterStrategy, mirroring the flaw fixed in the sibling camel-aws2-sqs component (CVE-2026-46456). However, camel-aws2-sns is producer-only - Sns2Endpoint throws UnsupportedOperationException on createConsumer - so no externally-supplied SNS message attributes are ever mapped inbound into a Camel Exchange, leaving the missing filter rule unreachable by any attacker. Despite the NVD CVSS 9.8 rating, the vendor explicitly classifies this as a defense-in-depth alignment with no known exploit path, and EPSS scores it at just 0.16% (6th percentile); no public exploit identified at time of analysis.

Microsoft Code Injection Apache Camel
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-12386 LOW PATCH Monitor

Buffer overflow via improper null termination in Pardus Pen affects versions up to and including 4.1.5, with a fix available in 4.2.1. A local, low-privileged user who interacts with crafted input can trigger a CWE-170 null termination error causing out-of-bounds memory reads, resulting in limited confidentiality exposure and availability disruption. No public exploit code and no CISA KEV listing are associated with this CVE; the vulnerability was disclosed by TR-CERT (Turkey's national CERT) and carries a low CVSS base score of 3.9.

Buffer Overflow Pardus Pen
NVD VulDB
CVSS 3.1
3.9
EPSS
0.1%
CVE-2026-14767 LOW Monitor

SQL injection in CodeAstro Ecommerce Website 1.0 exposes the order confirmation endpoint to authenticated remote attackers who can manipulate the unsanitized `invoice_no` POST parameter to alter backend SQL queries. Exploitation is constrained to authenticated customer accounts (PR:L per CVSS 4.0 vector) but requires no additional configuration or user interaction. A public proof-of-concept has been released via GitHub Gist (E:P), lowering the technical bar for abuse despite a low CVSS 4.0 score of 2.1; no confirmed active exploitation or CISA KEV listing exists at time of analysis.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-14731 LOW Monitor

SQL injection in itsourcecode Hospital Management System 1.0 exposes the `/patientreport.php` endpoint to remote manipulation via the `editid` parameter, allowing an authenticated attacker to craft arbitrary SQL statements against the backend database. The CVSS 4.0 base score is 2.1 (Low), reflecting constrained confidentiality, integrity, and availability impact, with no scope change to adjacent systems. Publicly available exploit code exists (E:P per the CVSS 4.0 threat metric), though no active exploitation has been confirmed via CISA KEV.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-14730 LOW Monitor

SQL injection in itsourcecode Hospital Management System 1.0 exposes the patient database to authenticated low-privilege attackers via the `patientname` parameter in `/patientprofile.php`. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L) confirms network-accessible exploitation with no attack complexity, while the E:P supplemental metric confirms publicly available proof-of-concept exploit code. No vendor patch has been released, leaving deployments reliant on compensating controls; however, real-world risk is bounded by the product's extremely limited production footprint as an educational PHP project.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-14752 LOW Monitor

Cross-site scripting in stumasy's dictionary notes feature allows a low-privileged, remote attacker to inject malicious JavaScript via the unsanitized `reference` argument of the `add_definition` function. The vulnerability affects the PHP web application at commit 327d1b0f2915ba79d7ef8ebb74553e987609d9be and earlier, with exploit code publicly disclosed via VulDB submission 849495. Real-world impact is constrained by the requirement for prior authentication and victim interaction, but no vendor patch exists and the project maintainer has not responded to the responsible disclosure.

XSS PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2026-14684 LOW Monitor

Uncontrolled memory allocation in HdrHistogram versions up to 2.2.2 allows a local low-privileged attacker to cause denial of service by passing a crafted byte buffer to the AbstractHistogram.decodeFromByteBuffer method with a malicious numberOfSignificantValueDigits value. The affected Java library fails to validate this argument before using it to drive heap allocation, allowing JVM memory exhaustion in any application that processes attacker-influenced histogram data. Publicly available exploit code exists; no patch has been released as the project maintainer has not responded to the coordinated disclosure.

Java Denial Of Service
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-14685 LOW Monitor

State corruption in HdrHistogram up to version 2.2.2 allows a local, low-privileged attacker to manipulate the Count argument of the recordValueWithCount function in AbstractHistogram.java, resulting in low-integrity corruption of histogram state. The flaw affects the core metrics-recording logic of this Java library. A proof-of-concept exploit has been publicly disclosed; the project maintainer was notified via a GitHub issue but has not yet responded with a fix, leaving affected deployments without a vendor patch.

Java Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy