Skip to main content
CVE-2026-21877 CRITICAL POC PATCH THREAT Act Now

n8n workflow automation (through 1.121.2) allows authenticated users to execute arbitrary code via the n8n service, with scope change enabling full compromise of both self-hosted and cloud instances. EPSS 12.5% indicates high exploitation activity. Patch available.

RCE Code Injection Node.js N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
12.5%
CVE-2026-21891 CRITICAL POC THREAT Emergency

ZimaOS (fork of CasaOS) through 1.5.0 has an authentication bypass where passwords for system service accounts are not properly validated during login. Attackers can access the system using known service account names with any password. PoC available, EPSS 13.6%.

Authentication Bypass Zimaos
NVD GitHub
CVSS 3.1
9.4
EPSS
13.6%
CVE-2026-21858 CRITICAL POC PATCH Act Now

n8n workflow automation (1.65.0 to 1.121.0) allows unauthenticated file access through form-based workflows. A critical CVSS 10.0 vulnerability enabling remote attackers to read sensitive files from the server, with potential for further compromise. PoC available.

Information Disclosure Path Traversal LFI Node.js N8n
NVD GitHub
CVSS 3.1
10.0
EPSS
7.1%
CVE-2025-69258 CRITICAL POC Act Now

Trend Micro Apex Central has a DLL loading vulnerability (LoadLibraryEX) that allows unauthenticated remote attackers to load attacker-controlled DLLs and execute code as SYSTEM. PoC available.

Trend Micro Apex Central
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2017-20216 CRITICAL POC Act Now

FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. [CVSS 9.8 CRITICAL]

PHP Command Injection
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-66913 CRITICAL POC Act Now

JimuReport through 2.1.3 has RCE via user-controlled H2 JDBC URLs. The application passes attacker-supplied JDBC connection strings directly to the H2 driver, which supports directives for arbitrary Java code execution. PoC available.

Java RCE Jimureport
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-67325 CRITICAL POC Act Now

QloApps hotel management system (through 1.7.0) allows unauthenticated web shell upload through the hotel review feature. Attackers can achieve immediate remote code execution. PoC available.

RCE Qloapps
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-61548 CRITICAL POC Act Now

Print Shop Pro WebDesk 18.34 has SQL injection in the hfInventoryDistFormID parameter of GetUnitPrice. Combined with CVE-2025-61546 (negative quantities), this endpoint has two critical vulnerabilities. PoC available, fixed in 19.69.

SQLi Print Shop Pro Webdesk
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-22034 CRITICAL POC PATCH Act Now

Snuffleupagus PHP security module before 0.13.0 can be bypassed when upload validation uses VLD-based scripts without the VLD extension installed. This disables the upload security check entirely, allowing malicious PHP file uploads. PoC available, patch available.

PHP Snuffleupagus
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-21875 CRITICAL POC Act Now

ClipBucket v5 (5.5.2-#187 and below) has blind SQL injection in the channel comment functionality via the obj_id parameter. Unauthenticated attackers can extract the entire database. PoC available.

PHP SQLi Clipbucket
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-22043 CRITICAL POC PATCH Act Now

RustFS (alpha.13 to alpha.78) has a privilege escalation where restricted service accounts can self-issue unrestricted credentials by exploiting a flawed deny_only check in the IAM system. PoC available, patch available.

Privilege Escalation Rustfs
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-61246 CRITICAL POC Act Now

online-shopping-system-php 1.0 has SQL injection in review_action.php via the proId parameter. PoC available.

PHP SQLi Online Shopping System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-68717 CRITICAL POC Act Now

KAYSUS KS-WR3600 router (firmware 1.0.5.9.1) has session validation bypass – if any user is logged in, endpoints accept unauthenticated requests. Attackers piggyback on active sessions to execute privileged actions. PoC available.

Authentication Bypass Ks Wr3600 Firmware
NVD GitHub
CVSS 3.1
9.4
EPSS
0.1%
CVE-2025-66916 CRITICAL POC Act Now

RuoYi-Vue-Plus (through 5.5.1) allows arbitrary file read/write through QLExpress expression evaluation in the snailjob workflow node checker. Attackers can use the File class to access any file on the server. PoC available.

RCE Code Injection Ruoyi Vue Plus
NVD GitHub
CVSS 3.1
9.4
EPSS
0.1%
CVE-2026-21876 CRITICAL POC PATCH Act Now

OWASP Core Rule Set (CRS) before 4.22.0 and 3.3.8 has a bug in rule 922110 that allows WAF bypass on multipart requests. The rule's capture variables get overwritten when processing multiple parts, allowing SQL injection and other attacks to slip through. PoC available, patch available.

Information Disclosure Owasp Modsecurity Core Rule Set
NVD GitHub VulDB Exploit-DB
CVSS 3.1
9.3
EPSS
0.1%
CVE-2025-68715 CRITICAL POC Act Now

Panda Wireless PWRU0 devices (firmware 2.2.9) expose WAN, LAN, and wireless configuration endpoints without authentication. Remote attackers can modify all network settings. PoC available.

Denial Of Service Privilege Escalation Pwru01 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2026-21881 CRITICAL POC PATCH Act Now

Kanboard project management (through 1.2.48) has an authentication bypass when REVERSE_PROXY_AUTH is enabled. The application trusts HTTP headers for authentication without verifying the request came from the reverse proxy. Any attacker can impersonate any user including admins. PoC available, patch available.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-56425 CRITICAL POC Act Now

enaio document management AppConnector (multiple versions) has SMTP command injection via the /osrest/api/organization/s endpoint. Authenticated attackers can inject arbitrary SMTP commands, potentially sending spam or phishing emails through the organization's mail server. PoC available.

Command Injection Enaio
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-61546 CRITICAL POC Act Now

Print Shop Pro WebDesk 18.34 allows purchasing items with negative quantities, creating financial discrepancies. Attackers can generate credits or manipulate pricing through the GetUnitPrice endpoint. PoC available, fixed in 19.69.

Code Injection Print Shop Pro Webdesk
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-67924 CRITICAL Act Now

Corpkit WordPress theme (through 2.0) allows unauthenticated web shell upload via unrestricted file type upload.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2019-25296 CRITICAL Act Now

The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfb_upload_form and lfb_removeFile AJAX actions in versions up to, and including, 9.642. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. Additionally, the attacker can also delete files on the server such as database configuration files, subsequently...

WordPress RCE
NVD WPScan
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-23504 CRITICAL Act Now

Felan Framework for WordPress (through 1.1.3) allows authentication bypass through an alternate path, enabling unauthenticated admin access.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2019-25268 CRITICAL Act Now

NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. [CVSS 9.8 CRITICAL]

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2019-25282 CRITICAL Act Now

V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the 'parent' GET parameter. [CVSS 9.8 CRITICAL]

Open Redirect
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-67911 CRITICAL Act Now

Newsletters WordPress plugin by Tribulant (through 4.11) is vulnerable to PHP object injection through deserialization of untrusted data, potentially leading to RCE via POP chains.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-22234 CRITICAL Act Now

OPEXUS eCasePortal before 9.0.45.0 allows unauthenticated access to the Attachments.aspx endpoint with predictable formid values. Attackers can download, delete, or upload files without authentication.

Authentication Bypass Ecase Portal
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-62877 CRITICAL Act Now

SUSE Harvester virtualization environment (1.5.x, 1.6.x) exposes the OS default SSH login password when using the interactive installer. This affects all hosts provisioned through the interactive method, potentially compromising entire virtualization clusters.

SSH Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-67928 CRITICAL Act Now

Automotive Listings WordPress theme (through 18.6) has blind SQL injection enabling unauthenticated database extraction.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-23993 CRITICAL Act Now

Felan Framework (through 1.1.3) also has SQL injection in addition to the auth bypass (CVE-2025-23504). Two critical vulnerabilities in the same plugin create a devastating attack chain.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-67910 CRITICAL Act Now

Contentstudio WordPress plugin (through 1.3.7) allows unauthenticated web shell upload, enabling immediate server compromise.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-59470 CRITICAL Act Now

Veeam allows Backup Operators to execute code as postgres via malicious interval or order parameters. Another operator-to-RCE escalation path with scope change.

PostgreSQL RCE
NVD
CVSS 3.1
9.0
EPSS
0.2%
CVE-2025-59468 CRITICAL Act Now

Veeam allows Backup Administrators to execute code as postgres via a malicious password parameter. Scope change means OS-level compromise from application-level admin access.

PostgreSQL RCE
NVD
CVSS 3.1
9.0
EPSS
0.1%
CVE-2025-59469 CRITICAL Act Now

Veeam allows Backup or Tape Operators to write files as root on the server. An operator-level role achieving root file write is a severe privilege escalation with scope change.

Information Disclosure Veeam Backup Replication
NVD
CVSS 3.1
9.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy