Skip to main content
CVE-2025-61492 CRITICAL POC Act Now

terminal-controller-mcp 0.1.7, an MCP (Model Context Protocol) server for terminal control, has command injection in execute_command that allows arbitrary command execution. Maximum CVSS 10.0 with scope change – compromising the MCP server grants control over all connected AI agents.

Command Injection Terminal Controller Mcp
NVD GitHub
CVSS 3.1
10.0
EPSS
0.7%
CVE-2025-15471 CRITICAL POC Act Now

TRENDnet TEW-713RE WiFi range extender (v1.02) has OS command injection in /goformX/formFSrvX via the SZCMD parameter. Public exploit available, vendor unresponsive. The device likely will not receive a patch.

Command Injection Tew 713re Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2025-69264 CRITICAL POC PATCH Act Now

Arbitrary code execution in the pnpm package manager (versions 10.0.0 through 10.25) lets a git-hosted dependency run code on a developer or CI machine during pnpm install, bypassing the v10 default protection that disables dependency lifecycle scripts. Although v10 blocks postinstall via the onlyBuiltDependencies allowlist, git dependencies still run prepare, prepublish, and prepack scripts during the fetch phase, giving remote code execution without user approval. Publicly available exploit code exists (GitHub advisory GHSA-379q-355j-w6rj), but EPSS is low (0.11%) and the issue is not listed in CISA KEV; it is fixed in version 10.26.0.

RCE Pnpm
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-68705 CRITICAL POC PATCH Act Now

RustFS (alpha.13 to alpha.78) has a path traversal in /rustfs/rpc/read_file_stream that allows reading arbitrary files on the server. PoC available, fixed in alpha.79.

Path Traversal Rustfs
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-21855 CRITICAL POC Act Now

Tarkov Data Manager has reflected XSS in the toast notification system. Attackers can craft URLs that execute arbitrary JavaScript in the victim's browser, stealing session tokens. PoC available, fixed in January 2025.

XSS Tarkov Data Manager
NVD GitHub
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-69222 CRITICAL POC PATCH Act Now

LibreChat 0.8.1-rc2 has SSRF in the Actions feature that allows authenticated users to make the server perform requests to internal networks. By configuring agents with malicious OpenAPI specifications, attackers can scan internal infrastructure and access internal services. PoC available, patch available.

Docker SSRF AI / ML Librechat
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-21688 HIGH POC PATCH This Week

Type confusion in iccDEV library versions before 2.3.1.2 allows unauthenticated attackers to achieve remote code execution with user interaction by crafting malicious ICC color profiles. Public exploit code exists for this vulnerability affecting organizations that process color management profiles through the iccDEV libraries. A patch is available in version 2.3.1.2 with no known workarounds prior to upgrading.

Code Injection Iccdev
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-22047 HIGH POC PATCH This Week

Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color profiles, affecting applications that use the iccDEV library to manage color data. Public exploit code exists for this vulnerability, enabling attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. Update to version 2.3.1.2 or later to remediate.

Code Injection Iccdev
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-21693 HIGH POC PATCH This Week

Type confusion in iccDEV versions before 2.3.1.2 allows attackers to corrupt memory and achieve high-impact outcomes including code execution, data theft, and denial of service when processing malicious ICC color profiles. The vulnerability exists in the CIccSegmentedCurveXml::ToXml() function and affects any application using the iccDEV library to handle color management data. Public exploit code exists for this vulnerability, though a patch is available in version 2.3.1.2 and later.

Code Injection Iccdev
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-21692 HIGH POC PATCH This Week

Type confusion in iccDEV versions before 2.3.1.2 allows unauthenticated attackers to achieve remote code execution through malicious ICC color profiles processed by the ToXmlCurve() function. Public exploit code exists for this vulnerability, affecting any application or system using the vulnerable iccDEV library to parse color management profiles. A patch is available in version 2.3.1.2 and should be applied immediately.

Code Injection Iccdev
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-21682 HIGH POC This Week

Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color profiles, affecting applications that use the library to handle color management data. An attacker can trigger the vulnerability through a crafted profile file requiring only user interaction to open, potentially achieving complete system compromise. Public exploit code exists and no patch is currently available.

Code Injection Iccdev
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-21679 HIGH POC PATCH This Week

Heap buffer overflow in iccDEV versions prior to 2.3.1.2 allows remote attackers to execute arbitrary code through the CIccLocalizedUnicode::GetText() function with minimal attack complexity. The vulnerability affects users of the ICC color profile manipulation library and has public exploit code available. Organizations using vulnerable versions should upgrade to 2.3.1.2 or later immediately.

Code Injection Iccdev
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-69263 HIGH POC PATCH This Week

Supply-chain integrity bypass in pnpm package manager (versions ≤10.26.2, per description; GHSA states <10.26.0) allows malicious package authors to serve different tarball content on each install because HTTP/HTTPS tarball and git-hosted tarball dependencies are recorded in the lockfile without integrity hashes. Publicly available exploit code exists in the GHSA-7vhp-vf5g-r2fw advisory PoC, though EPSS remains low at 0.01% and the issue is not on CISA KEV. Any project transitively depending on a package that uses an HTTP/git tarball is exposed, and a committed lockfile offers no protection.

Pnpm Information Disclosure
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-61489 MEDIUM POC THREAT This Month

A command injection vulnerability in the shell_exec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string. [CVSS 6.5 MEDIUM]

Command Injection Mcp Shell
NVD GitHub
CVSS 3.1
6.5
EPSS
11.1%
CVE-2025-69262 HIGH POC PATCH This Week

{VAR} substitution inside .npmrc tokenHelper settings combined with spawnSync invoked with shell: true. The bug primarily threatens CI/CD build environments where untrusted inputs may flow into env vars or .npmrc files, and publicly available exploit code exists, though it is not listed in CISA KEV and EPSS is very low at 0.08%.

RCE Command Injection Pnpm
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-21678 HIGH POC PATCH This Week

Heap buffer overflow in iccDEV versions prior to 2.3.1.2 allows local attackers with user interaction to achieve arbitrary code execution through malicious ICC color profile manipulation in the IccTagXml() function. Public exploit code exists for this vulnerability, which affects all users of the vulnerable iccDEV libraries and tools. A patch is available in version 2.3.1.2.

Code Injection Iccdev
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-13801 HIGH POC This Week

The Yoco Payments plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.8.8 via the file parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. [CVSS 7.5 HIGH]

WordPress Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-0669 HIGH POC PATCH This Week

The MediaWiki CSS extension in versions 1.39, 1.43, and 1.44 contains a path traversal vulnerability that allows unauthenticated remote attackers to read arbitrary files from the server. Public exploit code exists for this vulnerability, enabling attackers to access sensitive information outside the intended directory restrictions. A patch is available and should be applied immediately to affected installations.

Mediawiki Path Traversal Css Red Hat
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-67366 HIGH POC This Week

Filesystem-Mcp versions up to 0.5.8 contains a vulnerability that allows attackers to bypass directory restrictions by leveraging symlinks within the allowed director (CVSS 7.5).

Path Traversal AI / ML Filesystem Mcp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-67364 HIGH POC This Week

fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fast_read_file. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. [CVSS 7.5 HIGH]

Path Traversal AI / ML Fast Filesystem Mcp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-15472 HIGH POC This Week

A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL  of the file uapply.cgi of the component httpd . [CVSS 7.2 HIGH]

Command Injection Tew 811dru Firmware
NVD VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2025-9611 HIGH POC PATCH This Week

Missing Origin/Host header validation in Microsoft's Playwright MCP Server (versions before 0.0.40) lets a remote web page reach a developer's locally bound MCP HTTP endpoint through a DNS rebinding attack, causing unauthorized invocation of MCP tool endpoints that drive an automated browser. Publicly available exploit code exists (a proof-of-concept gist and a VulnCheck advisory), though the flaw is not listed in CISA KEV and EPSS probability is low (0.25%, 48th percentile). Exploitation requires that a victim with the server running visit an attacker-controlled page, so this is opportunistic rather than mass-scannable.

Microsoft Authentication Bypass
NVD GitHub
CVSS 4.0
7.2
EPSS
0.2%
CVE-2026-21856 HIGH POC PATCH This Week

The Tarkov Data Manager is a tool to manage the Tarkov item data. [CVSS 7.2 HIGH]

MySQL SQLi Tarkov Data Manager
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-21687 HIGH POC PATCH This Week

iccDEV versions before 2.3.1.2 contain undefined behavior in the CIccTagCurve constructor that allows attackers to cause denial of service or data integrity issues when processing malicious ICC color profiles. The vulnerability requires user interaction to trigger and affects anyone using the library to handle color management profiles, with public exploit code already available. Administrators should upgrade to version 2.3.1.2 immediately as no workarounds exist.

Code Injection Iccdev
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-21686 HIGH POC PATCH This Week

Undefined behavior in iccDEV's ICC color profile validation function (versions before 2.3.1.2) allows attackers to cause denial of service or integrity violations when processing specially crafted color profiles. The vulnerability requires user interaction to trigger and affects any application using the iccDEV library to handle ICC profiles. Public exploit code exists for this vulnerability; patched version 2.3.1.2 is available.

Code Injection Iccdev
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-21685 HIGH POC PATCH This Week

iccDEV versions before 2.3.1.2 contain undefined behavior in the CIccTagLut16::Read() function that allows attackers to cause denial of service or data corruption when processing specially crafted ICC color profiles. The vulnerability requires user interaction to exploit and affects applications using the iccDEV library to handle color management profiles. Public exploit code exists for this issue, though a patch is available in version 2.3.1.2.

Code Injection Iccdev
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-21684 HIGH POC PATCH This Week

Undefined behavior in iccDEV versions before 2.3.1.2 allows remote attackers to cause denial of service or data corruption through maliciously crafted ICC color profiles processed by the library. The vulnerability requires user interaction to open a malicious profile and public exploit code exists. Organizations using iccDEV should upgrade to version 2.3.1.2 or later.

Code Injection Iccdev
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-69220 HIGH POC PATCH This Week

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. [CVSS 7.1 HIGH]

Authentication Bypass AI / ML Librechat
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-22189 MEDIUM POC This Month

Panda3D egg-mkfont (through 1.10.16) has a stack buffer overflow via an unbounded sprintf() with attacker-controlled glyph pattern input. PoC available.

Buffer Overflow Stack Overflow RCE Panda3d
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-22188 MEDIUM POC This Month

Panda3D's deploy-stub executable up to version 1.10.16 is vulnerable to denial of service through unvalidated stack allocation based on command-line argument counts, allowing local attackers to crash the application by supplying excessive arguments. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw can trigger reliable crashes and undefined behavior during Python interpreter initialization.

Python Denial Of Service Panda3d
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-21504 MEDIUM POC PATCH This Month

Heap buffer overflow in iccDEV's ToneMap parser (versions prior to 2.3.1.2) allows local attackers with user interaction to achieve information disclosure and denial of service, with potential for code execution. Public exploit code exists for this vulnerability. Update to version 2.3.1.2 or later to remediate.

Buffer Overflow Iccdev
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-13418 MEDIUM POC This Month

The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'plan_icons' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.9%
CVE-2026-21689 MEDIUM POC PATCH This Month

Denial of service in iccDEV versions before 2.3.1.2 allows unauthenticated attackers to crash applications processing ICC color profiles through a type confusion vulnerability in the XML profile parser. Public exploit code exists for this vulnerability. Users of the iccDEV library should upgrade to version 2.3.1.2 to remediate the issue.

Code Injection Iccdev
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-21680 MEDIUM POC This Month

iccDEV versions prior to 2.3.1.2 contain a null pointer dereference vulnerability in ICC color profile processing that causes denial of service when malicious or malformed profiles are processed. Public exploit code exists for this vulnerability, and no patched version is currently available. Users of the iccDEV library who handle untrusted color profiles are at risk of application crashes.

Null Pointer Dereference Iccdev
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21857 MEDIUM POC PATCH This Month

Arbitrary file disclosure in REDAXO's Backup addon allows authenticated users with backup permissions to read any file within the webroot by bypassing directory validation in the file export function. An attacker can manipulate the EXPDIR parameter with path traversal sequences to include unauthorized files in exported archives. Public exploit code exists; a patch is available in version 5.20.2 and later.

PHP Path Traversal Redaxo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21690 MEDIUM POC PATCH This Month

iccDEV before version 2.3.1.2 contains a type confusion vulnerability in the XML tag processing function that allows attackers to trigger information disclosure, data modification, or denial of service when processing specially crafted ICC color profiles. Public exploit code exists for this vulnerability, affecting users who process untrusted color profile files with the iccDEV library. A patch is available in version 2.3.1.2 and should be applied immediately.

Code Injection Iccdev
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-66686 MEDIUM POC This Month

A stored Cross-Site Scripting (XSS) vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. [CVSS 6.1 MEDIUM]

XSS Privilege Escalation Information Disclosure Perch
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-0670 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) in MediaWiki's ProofreadPage extension (versions 1.39, 1.43, 1.44, 1.45) allows attackers to inject malicious scripts through improper input sanitization during web page generation. Public exploit code exists for this vulnerability, which requires user interaction to trigger. A patch is available to remediate the issue.

Mediawiki XSS Proofread Page
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-21503 MEDIUM POC PATCH This Month

iccDEV versions before 2.3.1.2 are vulnerable to a null pointer dereference in the CIccTagSparseMatrixArray function when processing ICC color profiles, allowing local attackers with user interaction to cause denial of service or data corruption. Public exploit code exists for this vulnerability. Users should upgrade to version 2.3.1.2 or later to remediate the issue.

Null Pointer Dereference Iccdev
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-21854 CRITICAL PATCH Act Now

Tarkov Data Manager's login endpoint can be bypassed using JavaScript prototype property access combined with loose equality type coercion. Any unauthenticated user can gain full admin access. Fixed in January 2025 commits.

Authentication Bypass Tarkov Data Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-15018 CRITICAL Act Now

Optional Email plugin for WordPress (through 1.3.11) has a privilege escalation via a filter that leaks predictable password reset keys. The 'random_password' filter affects not just registration but also password reset key generation, making reset tokens guessable.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-47552 CRITICAL Act Now

DZS Video Gallery WordPress plugin (through 12.37) is vulnerable to PHP object injection through insecure deserialization. An unauthenticated attacker can inject arbitrary PHP objects, potentially achieving code execution through POP chains.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-12543 CRITICAL PATCH Act Now

Undertow HTTP server (used in WildFly, JBoss EAP) fails to validate Host headers, enabling cache poisoning, internal network scanning, and session hijacking. Affects a widely-used Java application server component.

Java Information Disclosure Process Automation Jboss Enterprise Application Platform Expansion Pack Jboss Enterprise Application Platform +5
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-0643 MEDIUM POC This Month

House Rental And Property Listing Project versions up to 1.0 is affected by improper access control (CVSS 7.3).

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-21505 MEDIUM POC PATCH This Month

iccDEV versions prior to 2.3.1.2 suffer from denial of service due to undefined behavior triggered by invalid enum values in ICC color profile processing. A local attacker with user interaction can crash the application or cause system instability, and public exploit code exists. The vulnerability affects users of the iccDEV library on affected systems, with patches available in version 2.3.1.2 and later.

Code Injection Iccdev
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21501 MEDIUM POC PATCH This Month

Local denial of service in iccDEV versions prior to 2.3.1.2 stems from a stack overflow in the calculator parser component, allowing unauthenticated users to crash the application through crafted input. Public exploit code exists for this vulnerability, which affects Stack Overflow and Iccdev products. A patch is available in version 2.3.1.2 and should be applied immediately.

Stack Overflow Iccdev
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21500 MEDIUM POC PATCH This Month

iccDEV versions prior to 2.3.1.2 are vulnerable to stack overflow through malformed XML calculator macro expansion, allowing local attackers to trigger a denial of service condition. Public exploit code exists for this vulnerability, which affects ICC color profile manipulation tools used in Stack Overflow and Iccdev products. A patch is available in version 2.3.1.2 and should be applied promptly to mitigate exploitation risk.

Stack Overflow Iccdev
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21502 MEDIUM POC PATCH This Month

iccDEV versions prior to 2.3.1.2 are vulnerable to denial of service through a null pointer dereference in the XML tag parser, allowing local attackers with user interaction to crash the application. Public exploit code exists for this vulnerability, and a patch is available in version 2.3.1.2.

Null Pointer Dereference Iccdev
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21499 MEDIUM POC PATCH This Month

iccDEV versions prior to 2.3.1.2 are susceptible to denial of service through a null pointer dereference in the XML parser, allowing local attackers with user interaction to crash the application. Public exploit code exists for this vulnerability, and a patch is available in version 2.3.1.2 and later.

Null Pointer Dereference Iccdev
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21498 MEDIUM POC PATCH This Month

iccDEV versions prior to 2.3.1.2 suffer from a null pointer dereference in the XML calculator parser that allows local attackers to crash the application and cause a denial of service. Public exploit code exists for this vulnerability. A patch is available in version 2.3.1.2 and later.

Null Pointer Dereference Iccdev
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy