Skip to main content
CVE-2026-15376 LOW POC Monitor

Improper authorization in Eleveo Call Recording Software 9.7.0 allows remote authenticated users to access the /callrec/statisticReportAction.do endpoint beyond their privilege level, enabling unauthorized read, write, and availability impact on sensitive call statistics and reporting data. The vendor was notified but did not respond, leaving version 9.7.0 unpatched. A proof-of-concept exploit is publicly available, raising immediate risk for any organization running this version of the software.

Authentication Bypass Call Recording Software
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-15374 LOW POC Monitor

Improper authorization in Eleveo Call Recording Software 9.7.0 allows remote authenticated low-privileged users to manipulate the role and group management endpoint (/callrec/roleAddAction.do), bypassing access controls without proper privilege checks. A publicly available exploit exists for this flaw, raising practical risk despite the relatively low CVSS 4.0 score of 2.1 (inflated downward by the E:P threat metric). The vendor was unresponsive to coordinated disclosure, meaning no official patch or acknowledgment exists at time of analysis.

Authentication Bypass Call Recording Software
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-15373 LOW POC Monitor

Improper authorization in Eleveo Call Recording Software 9.7.0 allows remote low-privileged users to manipulate the 'role' parameter in the /callrec/userAddAction.do endpoint, potentially enabling unauthorized role assignment during user creation. The vulnerability carries a CVSS 4.0 score of 2.1 with low-impact metrics across confidentiality, integrity, and availability, though the real-world risk of privilege escalation through role manipulation may be underrepresented by that score. A proof-of-concept exploit is publicly available; no vendor patch exists as the vendor did not respond to responsible disclosure.

Authentication Bypass Call Recording Software
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-15377 LOW POC Monitor

Improper authorization in Eleveo Call Recording Software 9.7.0 exposes the /callrec/sendlogfile endpoint to low-privileged authenticated remote attackers, enabling unauthorized access to log file functionality with confirmed confidentiality impact. The flaw (CWE-285) stems from missing or bypassable authorization checks on a sensitive operational endpoint within the call recording platform. A publicly available proof-of-concept exploit exists, and the vendor failed to respond to coordinated disclosure - no patch has been released.

Authentication Bypass Call Recording Software
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-15317 LOW POC Monitor

Server-side request forgery in Sipeed PicoClaw up to version 0.2.9 allows remote attackers to manipulate the WebFetchTool.Execute function within the Guarded Web Fetch Flow component, causing the server to issue arbitrary outbound requests on behalf of the attacker. The vulnerability carries a CVSS 4.0 base score of 2.1, reflecting limited confidentiality, integrity, and availability impact with no subsequent-system scope change. A public exploit has been released (E:P confirmed), but no vendor patch exists - the upstream GitHub issue was closed automatically due to inactivity, not resolution.

SSRF Picoclaw
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-15329 LOW POC Monitor

Information disclosure in zhayujie CowAgent up to version 2.1.0 exposes sensitive data to low-privileged authenticated remote attackers through the BrowserTool._do_navigate function in the Browser Tool component. Publicly available proof-of-concept exploit code exists via a GitHub issue report, though no patch has been released as the project maintainer has not yet responded to responsible disclosure. The CVSS 4.0 score of 2.1 and impact limited to low confidentiality exposure place this at the lower end of priority, tempered by the authentication requirement and niche product footprint.

Information Disclosure Cowagent
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-15320 LOW POC Monitor

Missing authorization in Sipeed PicoClaw up to version 0.2.9 permits remote low-privileged attackers to invoke the rt.ReloadConfig function in pkg/channels/pico/pico.go by manipulating the message.send argument without proper authorization checks. The integrity and availability of the affected system are both at limited risk, as the CVSS 4.0 vector confirms no confidentiality exposure but allows unauthorized configuration reload or disruption. A public exploit exists (E:P), though the GitHub issue tracking the report was closed automatically due to inactivity, indicating no vendor remediation has been issued.

Authentication Bypass Picoclaw
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-15318 LOW POC Monitor

Incorrect authorization in Sipeed PicoClaw's MQTT Channel Handler (pkg/channels/mqtt/mqtt.go) through version 0.2.9 allows remote low-privileged attackers to bypass access controls by manipulating the `client_id` argument, enabling unauthorized access to MQTT channels belonging to other clients. A public proof-of-concept exploit exists via the referenced GitHub issue, elevating practical risk beyond the moderate CVSS 4.0 score of 5.3. No vendor patch has been released - the upstream GitHub issue was closed automatically due to inactivity - leaving affected deployments without an official remediation path.

Authentication Bypass Picoclaw
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-15375 LOW POC Monitor

Improper authorization in Eleveo Call Recording Software 9.7.0 allows low-privileged authenticated remote users to bypass access controls on the LDAP User Interface endpoint `/callrec/users_ldap.jsp`, exposing restricted LDAP directory user data without appropriate privilege verification. A public proof-of-concept exploit has been disclosed via Google Drive and the vendor has not responded to responsible disclosure, leaving no official patch or advisory available. The CVSS 4.0 base score of 2.1 reflects narrow confidentiality-only impact, but POC availability and vendor silence increase practical urgency for affected deployments.

Authentication Bypass Call Recording Software
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-15326 LOW POC Monitor

Path traversal in halo-dev/halo through version 2.24.2 allows authenticated administrators to write files outside the intended theme directory by supplying a crafted `metadata.name` value during theme installation. The flaw resides in the `ThemeUtils.unzipThemeTo()` function in `ThemeUtils.java`, which fails to sanitize the metadata name before constructing extraction paths. A public proof-of-concept exploit exists, but real-world impact is substantially constrained by the PR:H prerequisite - the attacker must already hold admin-level credentials - yielding a CVSS 4.0 score of only 2.0 and no CISA KEV listing.

Java Path Traversal Halo
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.4%
CVE-2026-15321 LOW POC PATCH Monitor

Stored cross-site scripting in MyEMS up to 6.4.0 allows a high-privileged attacker to inject malicious script via the `new_values['data']` argument in the `on_post` function of `myems-api/core/svg.py` within the Admin Backend, which then executes in a victim administrator's browser upon viewing the affected SVG content. The CVSS 4.0 score of 1.9 reflects the limited real-world impact: exploitation requires existing administrative access and victim interaction, constraining this to a privilege-abuse scenario rather than an external intrusion vector. A public proof-of-concept exists via GitHub issue #412, and a vendor-released patch is available in version 6.5.0.

XSS Myems
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.2%
CVE-2026-15028 LOW Monitor

Heap overflow in libarchive's PAX extended header parser allows exploitation via a maliciously crafted tar archive containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation of the affected system could result in a denial of service condition or, in more serious cases, arbitrary code execution under the privileges of the process invoking libarchive. No public exploit code or active exploitation has been confirmed at time of analysis, though a GitHub pull request (#3253) indicating an upstream fix is available suggests the issue is reproducible and patch-ready. The official CVSS score of 3.9 (Low) conflicts materially with the vendor-applied RCE tag, a discrepancy that warrants independent validation.

Denial Of Service RCE Heap Overflow Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
3.9
EPSS
0.3%
CVE-2026-59791 LOW PATCH Monitor

CSS injection via Mermaid diagram rendering in JetBrains YouTrack before version 2026.2.17012 permits authenticated low-privilege users to embed malicious CSS into diagram content that executes in the browsers of other users who view the affected page. The CVSS score of 3.5 (Low) reflects the dual gating conditions of required authentication and victim interaction, substantially constraining real-world impact to UI manipulation rather than data exfiltration or code execution. No public exploit code or active exploitation has been identified at time of analysis.

XSS Youtrack
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2026-13235 LOW PATCH Monitor

Forceful browsing exposure in Drupal's AI (Artificial Intelligence) contributed module permits high-privileged authenticated users to access protected resources without proper authorization checks, affecting versions 0.0.0-1.2.17, 1.3.0-1.3.8, and 1.4.0-1.4.3. The vulnerability stems from CWE-862 (Missing Authorization), where path-level access controls are not enforced on certain AI module endpoints, allowing an authenticated user with high privileges to traverse to unauthorized resources. No public exploit code exists, EPSS sits at 0.14% (4th percentile), and CISA SSVC confirms no active exploitation, placing this firmly in the low-urgency tier despite its network-accessible attack vector.

Authentication Bypass Ai Artificial Intelligence
NVD VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2026-13233 LOW PATCH Monitor

Server-Side Request Forgery in the Drupal OpenAI Provider module enables authenticated administrators to force the server to issue HTTP requests to attacker-controlled destinations, potentially reaching internal network resources beyond the intended API boundary. Affected versions span 0.0.0 through 1.1.1 and 1.2.0 through 1.2.2; a vendor patch is available via Drupal security advisory SA-CONTRIB-2026-053. No public exploit code exists, EPSS sits at 0.14% (4th percentile), and SSVC confirms exploitation status as none - all signals converge on a low operational priority despite the network-accessible attack vector.

SSRF Openai Provider
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2026-11909 LOW PATCH Monitor

Missing Authorization in Drupal's Examples for Developers module (versions 0.0.0 through 4.0.5) permits forceful browsing by an already highly-privileged authenticated attacker, exposing restricted paths with limited confidentiality and integrity impact. All available signals converge on minimal real-world risk: CVSS scores 3.3 (Low), EPSS sits at 0.14% (4th percentile), SSVC reports no known exploitation and non-automatable attack conditions, and neither active exploitation nor public proof-of-concept code has been identified. A vendor patch is available at version 4.0.6.

Authentication Bypass Examples For Developers
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2026-13232 LOW PATCH Monitor

Incorrect authorization in the Drupal Advanced Content Feedback (admin_feedback) contributed module allows authenticated low-privilege users to perform forceful browsing, accessing restricted feedback resources without proper authorization checks. All module releases from 0.0.0 up to (but not including) 2.8.0 are affected. No public exploit code exists and no active exploitation has been identified; EPSS sits at the 4th percentile, consistent with the SSVC assessment of zero current exploitation.

Authentication Bypass Advanced Content Feedback Aka Admin Feedback
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2026-55807 LOW PATCH Monitor

Server-Side Request Forgery in Drupal Core allows authenticated low-privilege users to coerce the application server into issuing unauthorized HTTP requests to internal or restricted network destinations. All active 10.6.x and 11.x release branches are affected, along with end-of-life 11.0.x and 11.1.x branches, covering a broad swath of production Drupal deployments. No public exploit code has been identified and EPSS sits at the 3rd percentile, but the large Drupal deployment footprint elevates aggregate exposure even at low per-instance exploitation probability.

SSRF Drupal Core
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2026-59180 LOW PATCH Monitor

HTTP redirect handling in Apprise prior to 1.11.0 leaks user-configured secrets - including Authorization headers, bearer tokens, custom headers, and service API keys - by blindly resending them on redirected requests to attacker-controlled endpoints. Any deployment using Apprise's HTTP-based notification plugins or its HTTP attachment and config loaders (apprise/attachment/http.py, apprise/config/http.py) is affected. An on-path attacker or a compromised notification destination can silently harvest these credentials. No public exploit has been identified at time of analysis, and EPSS data is not present in the source intel, but the credential-theft impact on third-party service integrations elevates real-world risk above the Low CVSS score suggests.

Information Disclosure Apprise
NVD GitHub VulDB
CVSS 3.1
3.1
EPSS
0.2%
CVE-2026-55782 LOW PATCH Monitor

Memory exhaustion in NanaZip's WebAssembly archive handler (prior to 6.5.1749.0) allows a crafted .wasm file to trigger multi-gigabyte heap allocations by supplying oversized 32-bit NameSize or Information.Size fields that are consumed without bounds validation in NanaZip.Codecs.Archive.WebAssembly.cpp. When a user opens or lists such an archive, NanaZip attempts to satisfy the inflated allocations via std::string or std::vector paths, exhausting process memory and causing a crash. No active exploitation or public exploit code has been identified at time of analysis; the impact is strictly limited to NanaZip process availability with no confidentiality or integrity consequence.

Denial Of Service Microsoft Nanazip
NVD GitHub VulDB
CVSS 4.0
2.4
EPSS
0.1%
CVE-2026-55780 LOW PATCH Monitor

Process crash via uncaught C++ exception in NanaZip's .NET single-file bundle handler affects all versions prior to 6.5.1749.0 on Windows. The extraction buffer is sized from the bundle entry's Size field, which is validated only for sign - not against the actual file content - allowing a crafted archive to trigger an attacker-controlled allocation whose resulting std::bad_alloc or std::length_error propagates across the COM STDMETHODCALLTYPE ABI boundary and terminates the NanaZip process. Impact is limited to denial of service; no public exploit has been identified at time of analysis, and the vendor has released a fix in version 6.5.1749.0.

Denial Of Service Microsoft Nanazip
NVD GitHub
CVSS 4.0
2.4
EPSS
0.1%
CVE-2026-55781 LOW PATCH Monitor

Memory exhaustion in NanaZip's UFS/FFS archive handler (all versions prior to 6.5.1749.0) allows a local low-privilege attacker to terminate the NanaZip process by delivering a crafted disk image that a user opens. The root cause is missing upper-bound validation of the `fs_fsize` fragment size field in the UFS superblock - unlike `fs_bsize`, which is checked against MINBSIZE, `fs_fsize` flows unchecked into indirect-block, directory, and extraction buffer allocation calculations, enabling a tiny image file to trigger multi-gigabyte heap allocation requests. No public exploit has been identified and this vulnerability is not listed in CISA KEV; the CVSS 4.0 score of 2.4 (Low) reflects the constrained local, user-interaction-required attack path with availability-only impact.

Denial Of Service Microsoft Nanazip
NVD GitHub
CVSS 4.0
2.4
EPSS
0.1%
CVE-2026-55783 LOW PATCH Monitor

NULL pointer dereference in NanaZip's custom archive handlers crashes the application when a user tests or extracts archives of seven specific formats. All NanaZip versions prior to 6.5.1749.0 are affected; the seven vulnerable handlers cover WebAssembly, ElectronAsar, Zealfs, Romfs, Ufs, Littlefs, and DotNetSingleFile archive types. Impact is limited to a process crash (denial of service) with no confidentiality or integrity consequence; no public exploit or active exploitation has been identified at time of analysis.

Denial Of Service Microsoft Null Pointer Dereference Nanazip
NVD GitHub
CVSS 4.0
2.4
EPSS
0.1%
CVE-2026-47199 LOW PATCH Monitor

Frappe framework's check_safe_sql_query function fails to block SELECT INTO OUTFILE statements, allowing authenticated low-privileged users to write arbitrary files to the server filesystem on self-hosted MySQL deployments where the database user holds the MySQL FILE privilege. Affected branches are v15 prior to 15.108.0 and v16 prior to 16.18.3; fixes are released at both version targets. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, with a CVSS 4.0 base score of 2.3 reflecting the narrow, non-default exploitation conditions captured by AT:P.

SQLi Frappe
NVD GitHub
CVSS 4.0
2.3
EPSS
0.4%
CVE-2026-15332 LOW Monitor

Missing authorization in zhayujie CowAgent up to version 2.1.0 allows remote attackers with low-privilege accounts to bypass access controls at the Message Endpoint defined in channel/channel.py, potentially enabling unauthorized access to or manipulation of messaging data. The CVSS 4.0 vector confirms network-accessible exploitation requiring only low privileges, with low-level confidentiality, integrity, and availability impacts on the vulnerable system. A public proof-of-concept exploit has been released per VulDB, and the project maintainer has not yet responded to the coordinated disclosure filed via GitHub issue #2874.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-56813 LOW PATCH Monitor

Cookie attribute injection in elixir-plug's Plug library allows a remote attacker who can supply values reflected into `Set-Cookie` headers to inject the `;` delimiter and override attributes such as `Domain`, `Path`, `Secure`, and `HttpOnly`. Applications calling `Plug.Conn.put_resp_cookie/4` with user-controlled data - for example, reflecting a username or preference value - are exposed to session fixation and cookie tossing across five supported release lines (0.1.0 through 1.20.2). No public exploit code or CISA KEV listing is present at time of analysis, but the attack is mechanically straightforward wherever the vulnerable code pattern exists.

Code Injection
NVD GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-58225 LOW PATCH Monitor

SQL injection in Postgrex.Notifications' reconnect replay path allows an attacker who can supply untrusted input as a PostgreSQL LISTEN channel name to corrupt the shared notification connection, silently dropping all channel subscriptions and causing persistent denial of service of the notification subsystem. Affected versions are postgrex 0.16.0 through 0.22.2 in the Elixir ecosystem. No arbitrary SQL execution is possible due to double-quote escaping, and no public exploit or CISA KEV listing exists; the CVSS 4.0 base score of 2.1 reflects the constrained, precondition-heavy impact.

PostgreSQL SQLi Denial Of Service
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy