terminal-controller-mcp 0.1.7, an MCP (Model Context Protocol) server for terminal control, has command injection in execute_command that allows arbitrary command execution. Maximum CVSS 10.0 with scope change – compromising the MCP server grants control over all connected AI agents.
TRENDnet TEW-713RE WiFi range extender (v1.02) has OS command injection in /goformX/formFSrvX via the SZCMD parameter. Public exploit available, vendor unresponsive. The device likely will not receive a patch.
Arbitrary code execution in the pnpm package manager (versions 10.0.0 through 10.25) lets a git-hosted dependency run code on a developer or CI machine during pnpm install, bypassing the v10 default protection that disables dependency lifecycle scripts. Although v10 blocks postinstall via the onlyBuiltDependencies allowlist, git dependencies still run prepare, prepublish, and prepack scripts during the fetch phase, giving remote code execution without user approval. Publicly available exploit code exists (GitHub advisory GHSA-379q-355j-w6rj), but EPSS is low (0.11%) and the issue is not listed in CISA KEV; it is fixed in version 10.26.0.
RustFS (alpha.13 to alpha.78) has a path traversal in /rustfs/rpc/read_file_stream that allows reading arbitrary files on the server. PoC available, fixed in alpha.79.
Tarkov Data Manager has reflected XSS in the toast notification system. Attackers can craft URLs that execute arbitrary JavaScript in the victim's browser, stealing session tokens. PoC available, fixed in January 2025.
LibreChat 0.8.1-rc2 has SSRF in the Actions feature that allows authenticated users to make the server perform requests to internal networks. By configuring agents with malicious OpenAPI specifications, attackers can scan internal infrastructure and access internal services. PoC available, patch available.
Tarkov Data Manager's login endpoint can be bypassed using JavaScript prototype property access combined with loose equality type coercion. Any unauthenticated user can gain full admin access. Fixed in January 2025 commits.
Optional Email plugin for WordPress (through 1.3.11) has a privilege escalation via a filter that leaks predictable password reset keys. The 'random_password' filter affects not just registration but also password reset key generation, making reset tokens guessable.
DZS Video Gallery WordPress plugin (through 12.37) is vulnerable to PHP object injection through insecure deserialization. An unauthenticated attacker can inject arbitrary PHP objects, potentially achieving code execution through POP chains.
Undertow HTTP server (used in WildFly, JBoss EAP) fails to validate Host headers, enabling cache poisoning, internal network scanning, and session hijacking. Affects a widely-used Java application server component.
Authentication bypass in OpenFlagr (the openflagr/flagr feature-flag service) versions up to and including 1.1.18 lets remote unauthenticated attackers reach protected API endpoints by exploiting flawed path normalization in the HTTP middleware's prefix whitelist. Attackers can read and modify feature flags and export sensitive configuration data with no credentials. A public technical writeup ('0day speedrun') exists, but there is no public exploit identified as weaponized and no active exploitation has been confirmed; EPSS is low at 0.13%.
WPCHURCH WordPress plugin (through 2.7.0) has blind SQL injection with scope change, enabling unauthenticated extraction of the full WordPress database.
Uniffle HTTP client (before 0.10.0) trusts all SSL certificates and disables hostname verification by default, exposing all REST API communication between the CLI and Coordinator to man-in-the-middle attacks.