CVE-2026-15274
A vulnerability was detected in lo48576 fbxcel up to 0.9.0. This affects an unknown part of the file src/pull_parser/v7400/parser.rs of the
CVSS
3.3
Bajo
EPSS
0.1%
p2
KEV
—
Exploit Today
1
0-100
Publicado: 9 jul 2026 · Última mod.: 10 jul 2026 · CWE-404
0.1%EPSS · 30 días0.1%
2026-07-102026-07-16
A vulnerability was detected in lo48576 fbxcel up to 0.9.0. This affects an unknown part of the file src/pull_parser/v7400/parser.rs of the component Node Header Handler. The manipulation results in denial of service. The attack must be initiated from a local position. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.
- github.comhttps://github.com/lo48576/fbxcel/
- github.comhttps://github.com/lo48576/fbxcel/issues/14
- github.comhttps://github.com/lo48576/fbxcel/pull/15
- vuldb.comhttps://vuldb.com/cve/CVE-2026-15274
- vuldb.comhttps://vuldb.com/submit/852441
- vuldb.comhttps://vuldb.com/vuln/377215
- vuldb.comhttps://vuldb.com/vuln/377215/cti
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2020-288747.5 ALT81.8%
——25reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).8dCVE-2025-97847.5 ALT80.2%
——24A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).17dCVE-2021-414417.4 ALT72.8%
——22A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to reboot the router via sending a specially crafted URL to an authenticated victim. The authenticated victim need to visit this URL, for the router to reboot.8dCVE-2022-351916.5 MED55.6%
——17D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via a crafted HTTP connection request.8dCVE-2024-338447.5 ALT41.2%
——12The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE.8dCVE-2026-146234.3 MED40.8%
——12A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This patch is called 34bc6724acc97dba1f8691e586da95b042cb612d. A patch should be applied to remediate this issue.11d