LTX-GOD

6 exploits Active since Feb 2026
CVE-2026-4536 GITHUB HIGH WRITEUP
Acrel Environmental Monitoring Cloud Platform unrestricted upload
A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
2 stars
CVSS 7.3
CVE-2026-31954 GITHUB NONE WRITEUP
Emlog <=2.6.6 - CSRF
Emlog is an open source website building system. In 2.6.6 and earlier, the delete_async action (asynchronous delete) lacks a call to LoginAuth::checkToken(), enabling CSRF attacks.
2 stars
CVE-2026-3794 GITHUB HIGH WORKING POC
doramart DoraCMS 3.0.x - Auth Bypass
A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Email API. Such manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
2 stars
CVSS 7.3
CVE-2026-3795 GITHUB MEDIUM WORKING POC
DoraCMS 3.0.x - Path Traversal
A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path traversal. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
2 stars
CVSS 6.3
CVE-2026-3025 GITHUB HIGH WORKING POC
ShuoRen Smart Heating 1.0.0 - Unrestricted Upload
A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx. Executing a manipulation of the argument File can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2 stars
CVSS 7.3
CVE-2026-28426 GITHUB HIGH WRITEUP
Statmatic <5.73.11/6.4.0 - Stored XSS
Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, stored XSS vulnerability in svg and icon related components allow authenticated users with appropriate permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This has been fixed in 5.73.11 and 6.4.0.
2 stars
CVSS 8.7