Microsoft Office SharePoint contains a deserialization vulnerability (CVE-2026-20963) that allows authenticated users to execute arbitrary code over the network through crafted serialized objects. KEV-listed with public PoC, this CVSS 8.8 vulnerability enables any SharePoint user to escalate to server-level code execution, making it a critical threat for organizations relying on SharePoint for document management and collaboration.
Desktop Windows Manager on Windows 10, Windows 11, and Windows Server 2022 leaks sensitive information to local authenticated users, enabling disclosure of confidential data without modifying or disrupting system functionality. This vulnerability is confirmed actively exploited and affects multiple Windows versions with no patch currently available. An authorized attacker can exploit this with minimal complexity to extract sensitive information from the system.
Eclipse Che che-machine-exec exposes an unauthenticated JSON-RPC/WebSocket API on port 3333 that allows remote command execution and secret exfiltration from other users' developer workspace containers.
Tdarr 2.00.15 media transcoding server has unauthenticated RCE through command injection in the Help terminal. Commands can be chained without any input filtering. PoC available.
VIAVIWEB Wallpaper Admin 1.0 allows unauthenticated PHP file upload through the add_gallery_image.php endpoint. PoC available.
Covenant C2 framework (0.1.3-0.5) allows forging JWT tokens with admin roles due to hardcoded credentials. Attackers can upload and execute DLL payloads for RCE. PoC available.
Webgrind 1.1 has unauthenticated command injection via the dataFile parameter in index.php. The profiling tool executes OS commands directly from URL parameters. PoC available.
Inbit Messenger 4.6.0-4.9.0 has unauthenticated RCE through a stack overflow in the XML protocol on port 10883. PoC available.
Beehive Forum 1.5.2 has host header injection in the forgot password function that allows intercepting password reset tokens. PoC available.
eXtplorer 2.1.14 has an authentication bypass that allows passwordless login. Combined with the file manager's upload capability, this achieves unauthenticated RCE. PoC available.
Inbit Messenger 4.6.0-4.9.0 has a second stack buffer overflow in the network handler. SEH overwrite leads to shellcode execution on Windows. PoC available.
Audio Conversion Wizard v2.01 has a buffer overflow in the registration code field that enables RCE through a crafted payload. PoC available.
ImpressCMS 1.4.4 has weak file upload extension filtering that can be bypassed using alternative PHP extensions (.php2, .php6, .php7, .phps, .pht). PoC available.
Eigent multi-agent workflow CI pipeline (ci.yml) uses pull_request_target with checkout of untrusted PR code, enabling arbitrary code execution with repository write permissions from fork PRs. PoC available, patch available.
WAGO PFC200 G2 PLC (firmware affected) allows privilege escalation through cookie manipulation. Users can modify cookie values to gain admin privileges. PoC available.
phpgurukul News Portal V4.1 allows unauthenticated upload of any file type via upload.php. The third critical vulnerability in this application alongside file deletion and SQL injection. PoC available.
Explorer32++ 1.3.5.531 has a buffer overflow in filename handling that corrupts the SEH chain with filenames over 396 characters. PoC available.
e107 CMS 3.2.1 has multiple XSS vulnerabilities in news comments that allow executing arbitrary JavaScript. Rated CVSS 9.8 suggesting further exploitation potential beyond typical XSS. PoC available.
Flame II HSPA USB Modem has an unquoted service path vulnerability that enables privilege escalation to SYSTEM on Windows. PoC available.
Aero CMS 0.0.1 has SQL injection in the author parameter exploitable through boolean-based, error-based, time-based, and UNION query techniques. PoC available.
Fortinet FortiSIEM (6.7.0 through 7.4.0) has OS command injection via crafted TCP requests. As a SIEM, compromise gives attackers access to all security logs and the ability to suppress alerts. PoC available.
phpgurukul News Portal V4.1 has SQL injection in check_availablity.php. PoC available.
Prowise Reflect 1.0.9 exposes a WebSocket on port 8082 that accepts unauthenticated keyboard injection commands. Malicious web pages can type keystrokes and open applications on the display device. PoC available.
phpgurukul News Portal V4.1 allows unauthenticated arbitrary file deletion via remove_file.php. Attackers can delete any file on the server. PoC available.
Sysax Multi Server 6.95 crashes when the admin password field receives 800 bytes, causing denial of service. PoC available.
Wbce Cms versions up to 1.5.2 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Nanocms versions up to 0.4 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. [CVSS 8.8 HIGH]
Tongyu Ax1800 Firmware versions up to 1.0.0 contains a vulnerability that allows attackers to full compromise of the device (i (CVSS 8.8).
Memory corruption in iccDEV library versions before 2.3.1.2 allows remote attackers to achieve code execution via maliciously crafted ICC color profiles, affecting users who process untrusted profile data. Public exploit code exists for this vulnerability. Organizations using iccDEV should upgrade to version 2.3.1.2 immediately.
An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a crafted HTTP request to various API endpoints. [CVSS 8.6 HIGH]
FSService contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 8.4).
Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. [CVSS 8.4 HIGH]
servermedicontservice contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 8.4).
TrapiServer service contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 8.4).
Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 8.4 HIGH]
Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 8.4 HIGH]
VIVE Runtime Service 1.0.0.4 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. [CVSS 8.4 HIGH]
Mobiletrans versions up to 3.5.9 contains a vulnerability that allows attackers to potentially execute code with elevated system privileges (CVSS 8.4).
Dr.Fone versions up to 12.0.18 contains a vulnerability that allows attackers to execute arbitrary code with elevated system privileges (CVSS 8.4).
Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. [CVSS 8.4 HIGH]
CONTPAQi AdminPAQ 14.0.0 contains an unquoted service path vulnerability in the AppKeyLicenseServer service running with LocalSystem privileges. [CVSS 8.4 HIGH]
its ConnectifyService executable contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 8.4).
SbieSvc Windows service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 8.4).
EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges. [CVSS 8.4 HIGH]
ITeC ITeCProteccioAppServer contains an unquoted service path vulnerability that allows local attackers to execute code with elevated system privileges. Attackers can insert a malicious executable in the service path to gain elevated access during service restart or system reboot. [CVSS 8.4 HIGH]
CoolerMaster MasterPlus 1.8.5 contains an unquoted service path vulnerability in the MPService that allows local attackers to execute code with elevated system privileges. [CVSS 8.4 HIGH]
Splashtop Software Updater Service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 8.4).
Dr.Fone versions up to 11.4.9 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 8.4).
VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access to the administrative interface. [CVSS 8.2 HIGH]