What is CVE-2026-37748?

CVE-2026-37748 is a vulnerability in N/a. Published 2026-04-21.

Is CVE-2026-37748 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2026-37748

Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/admin_user_insert.php and vms/php/update_1.php. The move_uploaded_file() function is called without any MIME type, extension, or content valid…

EPSS: 0.001 (34.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

menevarad007/CVE-2026-37748

References

github.com/sanjay1313/Visitor-Management-System
github.com/menevarad007/CVE-2026-37748

Frequently asked questions

What is CVE-2026-37748?: CVE-2026-37748 is a vulnerability in N/a. Published 2026-04-21.
Is CVE-2026-37748 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.