Skip to main content
CVE-2025-61492 CRITICAL POC Act Now

terminal-controller-mcp 0.1.7, an MCP (Model Context Protocol) server for terminal control, has command injection in execute_command that allows arbitrary command execution. Maximum CVSS 10.0 with scope change – compromising the MCP server grants control over all connected AI agents.

Command Injection Terminal Controller Mcp
NVD GitHub
CVSS 3.1
10.0
EPSS
0.7%
CVE-2025-15471 CRITICAL POC Act Now

TRENDnet TEW-713RE WiFi range extender (v1.02) has OS command injection in /goformX/formFSrvX via the SZCMD parameter. Public exploit available, vendor unresponsive. The device likely will not receive a patch.

Command Injection Tew 713re Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2025-69264 CRITICAL POC PATCH Act Now

Arbitrary code execution in the pnpm package manager (versions 10.0.0 through 10.25) lets a git-hosted dependency run code on a developer or CI machine during pnpm install, bypassing the v10 default protection that disables dependency lifecycle scripts. Although v10 blocks postinstall via the onlyBuiltDependencies allowlist, git dependencies still run prepare, prepublish, and prepack scripts during the fetch phase, giving remote code execution without user approval. Publicly available exploit code exists (GitHub advisory GHSA-379q-355j-w6rj), but EPSS is low (0.11%) and the issue is not listed in CISA KEV; it is fixed in version 10.26.0.

RCE Pnpm
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-68705 CRITICAL POC PATCH Act Now

RustFS (alpha.13 to alpha.78) has a path traversal in /rustfs/rpc/read_file_stream that allows reading arbitrary files on the server. PoC available, fixed in alpha.79.

Path Traversal Rustfs
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-21855 CRITICAL POC Act Now

Tarkov Data Manager has reflected XSS in the toast notification system. Attackers can craft URLs that execute arbitrary JavaScript in the victim's browser, stealing session tokens. PoC available, fixed in January 2025.

XSS Tarkov Data Manager
NVD GitHub
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-69222 CRITICAL POC PATCH Act Now

LibreChat 0.8.1-rc2 has SSRF in the Actions feature that allows authenticated users to make the server perform requests to internal networks. By configuring agents with malicious OpenAPI specifications, attackers can scan internal infrastructure and access internal services. PoC available, patch available.

Docker SSRF AI / ML Librechat
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-21854 CRITICAL PATCH Act Now

Tarkov Data Manager's login endpoint can be bypassed using JavaScript prototype property access combined with loose equality type coercion. Any unauthenticated user can gain full admin access. Fixed in January 2025 commits.

Authentication Bypass Tarkov Data Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-15018 CRITICAL Act Now

Optional Email plugin for WordPress (through 1.3.11) has a privilege escalation via a filter that leaks predictable password reset keys. The 'random_password' filter affects not just registration but also password reset key generation, making reset tokens guessable.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-47552 CRITICAL Act Now

DZS Video Gallery WordPress plugin (through 12.37) is vulnerable to PHP object injection through insecure deserialization. An unauthenticated attacker can inject arbitrary PHP objects, potentially achieving code execution through POP chains.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-12543 CRITICAL PATCH Act Now

Undertow HTTP server (used in WildFly, JBoss EAP) fails to validate Host headers, enabling cache poisoning, internal network scanning, and session hijacking. Affects a widely-used Java application server component.

Java Information Disclosure Process Automation Jboss Enterprise Application Platform Expansion Pack Jboss Enterprise Application Platform +5
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-0650 CRITICAL PATCH Act Now

Authentication bypass in OpenFlagr (the openflagr/flagr feature-flag service) versions up to and including 1.1.18 lets remote unauthenticated attackers reach protected API endpoints by exploiting flawed path normalization in the HTTP middleware's prefix whitelist. Attackers can read and modify feature flags and export sensitive configuration data with no credentials. A public technical writeup ('0day speedrun') exists, but there is no public exploit identified as weaponized and no active exploitation has been confirmed; EPSS is low at 0.13%.

Authentication Bypass Information Disclosure
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-32303 CRITICAL Act Now

WPCHURCH WordPress plugin (through 2.7.0) has blind SQL injection with scope change, enabling unauthenticated extraction of the full WordPress database.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-68637 CRITICAL Act Now

Uniffle HTTP client (before 0.10.0) trusts all SSL certificates and disables hostname verification by default, exposing all REST API communication between the CLI and Coordinator to man-in-the-middle attacks.

TLS Uniffle
NVD
CVSS 3.1
9.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy