Skip to main content
CVE-2025-69542 CRITICAL POC Act Now

D-Link DIR-895L router has command injection in the DHCP daemon via the hostname parameter during lease renewal. Any device requesting a DHCP lease with a malicious hostname achieves root code execution on the router. PoC available.

D-Link Command Injection Dir 895la1 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2025-15501 CRITICAL POC Act Now

Sangfor O&M Management System (through 3.0.8) has a second command injection in /isomp-protocol/protocol/getCmd, also via sessionPath. Public exploit with higher EPSS (1.2%) than the first vulnerability.

Command Injection Operation And Maintenance Security Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2025-70161 CRITICAL POC Act Now

EDIMAX BR-6208AC V2 router allows command injection through the pppUserName field via system() without sanitization. PoC available.

Command Injection Br 6208ac Firmware RCE
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-15500 CRITICAL POC Act Now

Sangfor Operation and Maintenance Management System (through 3.0.8) has OS command injection in /isomp-protocol/protocol/getHis via the sessionPath parameter. Public exploit available, vendor unresponsive.

Command Injection Operation And Maintenance Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-14598 CRITICAL POC Act Now

BeeS Software BET Portal has SQL injection in the login functionality, allowing unauthenticated attackers to bypass authentication and extract database contents. PoC available.

SQLi Bet E Portal
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-15499 HIGH POC This Week

Operation And Maintenance Management System versions up to 3.0.8. is affected by command injection (CVSS 8.8).

Java Command Injection Operation And Maintenance Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-66744 HIGH POC This Week

In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service system is vulnerable to path traversal, allowing unauthorized access to sensitive information within the system [CVSS 7.5 HIGH]

Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
6.6%
CVE-2025-67133 HIGH POC This Week

Vida V1 Pro Firmware versions up to 2.0.7 is affected by uncontrolled resource consumption (CVSS 7.5).

Denial Of Service Vida V1 Pro Firmware
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-56225 HIGH POC PATCH This Week

fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file. [CVSS 7.5 HIGH]

Null Pointer Dereference Fluidsynth Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-67004 MEDIUM POC This Month

** Disputed ** An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly. [CVSS 6.5 MEDIUM]

Information Disclosure Couchcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-64093 CRITICAL Act Now

Unauthenticated command injection via the hostname field enabling remote code execution with CVSS 10.0 and scope change. A separate vulnerability from CVE-2025-64090.

RCE Icx510 Firmware Icx500 Firmware
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-64090 CRITICAL Act Now

Command injection via the hostname field allowing authenticated code execution with maximum CVSS 10.0 and scope change.

Command Injection RCE IoT Tcis 3 Firmware
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-69425 CRITICAL Act Now

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static token. An attacker who extracts these credentials from the appliance or a compromised device can generate valid authentication tokens and execute arbitrary OS commands with root privileges, resulting in complete system compr...

Authentication Bypass
NVD
CVSS 4.0
10.0
EPSS
0.0%
CVE-2025-70974 CRITICAL PATCH Act Now

Fastjson before 1.2.48 has a well-known autoType deserialization vulnerability enabling JNDI injection and RCE. Exploited in the wild since 2023 through GodzillaWebShell. Maximum CVSS 10.0 with scope change.

Java Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2025-69426 CRITICAL Act Now

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY allocation, an attacker can authenticate using the hardcoded credentials and establish SSH local port forwarding to access the Docker socket. By mounting the host filesystem via Docker, an attacker can...

Docker RCE
NVD
CVSS 4.0
10.0
EPSS
0.0%
CVE-2026-22584 CRITICAL PATCH Act Now

Salesforce Uni2TS time series forecasting library (through 1.2.0) has a code injection vulnerability that allows leveraging executable code in non-executable files across all platforms.

Linux Windows macOS Code Injection Uni2ts
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-66050 CRITICAL Act Now

Vivotek IP7137 camera ships without any admin password by default, and users are not informed they should set one. End-of-life product with no expected fix – all deployed cameras are likely exposed.

Denial Of Service Ip7137 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-14736 CRITICAL Act Now

Frontend Admin by DynamiApps WordPress plugin (through 3.28.25) allows unauthenticated privilege escalation to administrator via insufficient role validation. Attackers can register as admins and take full control of the site.

WordPress Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-13761 CRITICAL Act Now

Cross-site scripting in GitLab CE/EE (18.6 before 18.6.3 and 18.7 before 18.7.1) lets an unauthenticated attacker run arbitrary JavaScript in the browser of a logged-in victim who is lured to a specially crafted webpage, enabling session theft and actions performed as that authenticated user. The flaw carries a critical CVSS 9.6 with a scope change, reflecting impact that crosses from the vulnerable component into the victim's authenticated session. No public exploit identified at time of analysis, and EPSS is very low (0.04%, 12th percentile), but the vendor-confirmed nature and HackerOne report indicate a credible, validated issue.

Gitlab XSS RCE
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-22713 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) in MediaWiki's GrowthExperiments extension (versions 1.39, 1.43, 1.44, 1.45) allows authenticated attackers to inject malicious scripts through improper input validation, with public exploit code available. An attacker with user privileges can exploit this vulnerability to perform actions on behalf of other users or steal sensitive information due to the low complexity attack vector and user interaction requirement. A patch is available for affected installations.

Mediawiki XSS Growthexperiments
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-22710 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) in MediaWiki's Wikibase extension allows authenticated attackers to inject malicious scripts through improper input handling during page generation, affecting versions 1.39, 1.43, 1.44, and 1.45. Exploitation requires user interaction and results in limited confidentiality and integrity impact within the affected application context. A patch is available and public exploit code exists for this vulnerability.

Mediawiki XSS Wikibase
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-14741 CRITICAL Act Now

Frontend Admin by DynamiApps (through 3.28.25) also allows unauthenticated deletion of arbitrary posts, pages, products, taxonomy terms, and user accounts due to missing capability checks.

WordPress PHP
NVD
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-69194 HIGH PATCH This Week

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. [CVSS 8.8 HIGH]

Path Traversal Wget2 Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-22194 HIGH This Week

GestSup through version 3.2.60 fails to implement CSRF protections, enabling attackers to forge requests that execute actions with a victim's privileges when they visit a malicious site. An unauthenticated attacker can exploit this to create privileged administrative accounts by targeting logged-in users, with no patch currently available to remediate the vulnerability.

CSRF Gestsup
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-64091 HIGH This Week

This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device. [CVSS 8.6 HIGH]

Command Injection Tcis 3 Firmware
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-0830 HIGH This Week

Kiro IDE versions before 0.6.18 are vulnerable to command injection when processing maliciously named workspace folders in the GitLab Merge-Request helper, allowing local attackers with user interaction to execute arbitrary commands with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user interaction to open a crafted workspace, but no patch is currently available and exploitation requires minimal complexity. Users should restrict workspace access and avoid opening untrusted workspace folders until an update is released.

Gitlab Command Injection
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-22712 MEDIUM POC PATCH This Month

Improper output encoding in MediaWiki's Approved Revs extension through magic word replacement allows unauthenticated attackers to manipulate input data and conduct content injection attacks. Affected versions 1.39, 1.43, 1.44, and 1.45 are vulnerable to this network-accessible flaw that requires user interaction, and public exploit code exists. A patch is available to remediate the vulnerability.

Mediawiki Approved Revs
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-67070 HIGH This Week

A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unauthenticated attacker to bypass the multi-factor authentication (MFA) mechanism during the password recovery process. [CVSS 8.2 HIGH]

Authentication Bypass
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-22197 HIGH This Week

GestSup versions before 3.2.60 allow authenticated attackers to execute SQL injection attacks through insufficiently sanitized filtering and sorting parameters in the asset list functionality, potentially enabling unauthorized database access or modification. The vulnerability requires valid credentials to exploit but has no available patch, leaving affected installations vulnerable to data breach or manipulation depending on database permissions.

SQLi Gestsup
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-22196 HIGH This Week

GestSup prior to version 3.2.60 is vulnerable to SQL injection in the ticket creation feature, allowing authenticated attackers to execute arbitrary database queries through unsanitized user input. An attacker with valid credentials can read or modify sensitive database contents depending on the database permission level. No patch is currently available.

SQLi Gestsup
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-22195 HIGH This Week

Authenticated attackers can exploit SQL injection in GestSup's search functionality (versions before 3.2.60) to manipulate database queries and access or modify sensitive data. The vulnerability stems from insufficient input validation on user-controlled search parameters in SQL statements. With no patch currently available, affected organizations should implement database access controls and monitor for suspicious search activity.

SQLi Gestsup
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-20976 HIGH This Week

Galaxy Store versions up to 4.6.02 contains a vulnerability that allows attackers to execute arbitrary script (CVSS 7.8).

RCE Samsung Galaxy Store
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20971 HIGH POC This Week

Arbitrary code execution in the Android PROCA driver before the January 2026 security update results from a use-after-free vulnerability accessible to local attackers with basic privileges. An attacker with local access can exploit this memory safety flaw to execute arbitrary code with elevated privileges on affected devices. No patch is currently available for this high-severity vulnerability.

Use After Free Android
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20970 HIGH This Week

Android versions up to 15.0 contains a vulnerability that allows attackers to execute the privileged APIs (CVSS 7.8).

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-69195 HIGH PATCH This Week

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. [CVSS 7.6 HIGH]

Buffer Overflow Stack Overflow Memory Corruption Denial Of Service Wget2 +2
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-66049 HIGH This Week

Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security.  The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected t...

Information Disclosure Ip7137 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64092 HIGH This Week

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database. [CVSS 7.5 HIGH]

SQLi Icx500 Firmware Icx510 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-15035 HIGH This Week

Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤ build 20250107. [CVSS 7.3 HIGH]

TP-Link Archer Axe75 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-66052 HIGH This Week

Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "system_ntpIt" used by "/cgi-bin/admin/setparam.cgi" endpoint is not sanitized properly, allowing a user with administrative privileges to perform an attack. [CVSS 7.2 HIGH]

Command Injection Ip7137 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-14937 HIGH This Week

Frontend Admin by DynamiApps (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 7.2).

WordPress XSS PHP
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-15057 HIGH This Week

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fh` (fingerprint) parameter in all versions up to, and including, 5.3.3. This is due to insufficient input sanitization and output escaping on the fingerprint value stored in the database. [CVSS 7.2 HIGH]

WordPress Industrial XSS PHP
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-15055 HIGH This Week

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'notes' and 'resource' parameters in all versions up to, and including, 5.3.4 due to insufficient input sanitization and output escaping. [CVSS 7.2 HIGH]

WordPress Industrial XSS PHP
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-14657 HIGH This Week

The Eventin - Event Manager, Events Calendar, Event Tickets and Registrations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'post_settings' function in all versions up to, and including, 4.0.51. [CVSS 7.2 HIGH]

WordPress PHP
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-14803 MEDIUM This Month

The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and escape some of its settings. The NEX-Forms WordPress plugin before 9.1.8 can be configured in such a way that could allow subscribers to perform Stored Cross-Site Scripting. [CVSS 6.8 MEDIUM]

WordPress XSS PHP
NVD WPScan
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-20968 MEDIUM This Month

Arbitrary code execution in Android's DualDAR component prior to the January 2026 security patch stems from a use-after-free memory vulnerability that can be exploited by local attackers with elevated privileges. An attacker with high-level device access could leverage this flaw to execute arbitrary code with system-level permissions. No patch is currently available, leaving affected devices vulnerable until the SMR January 2026 Release 1 update is deployed.

Use After Free Android
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-66715 MEDIUM This Month

A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows attackers to execute arbitrary code via a crafted DLL file. [CVSS 6.5 MEDIUM]

Command Injection RCE Odis
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-66051 MEDIUM This Month

Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP request. [CVSS 6.5 MEDIUM]

Path Traversal Ip7137 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-46298 MEDIUM This Month

The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. [CVSS 6.5 MEDIUM]

Apple Buffer Overflow
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-46645 MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. [CVSS 6.5 MEDIUM]

Command Injection Data Domain Operating System
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-60538 MEDIUM This Month

A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack. [CVSS 6.5 MEDIUM]

Authentication Bypass Shiori Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy