Skip to main content
CVE-2026-20963 CRITICAL POC KEV EUVD KEV PATCH THREAT Emergency

Microsoft Office SharePoint contains a deserialization vulnerability (CVE-2026-20963) that allows authenticated users to execute arbitrary code over the network through crafted serialized objects. KEV-listed with public PoC, this CVSS 8.8 vulnerability enables any SharePoint user to escalate to server-level code execution, making it a critical threat for organizations relying on SharePoint for document management and collaboration.

Microsoft Deserialization
NVD VulDB
CVSS 3.1
9.8
EPSS
1.6%
Threat
5.0
CVE-2025-12548 CRITICAL POC PATCH Act Now

Eclipse Che che-machine-exec exposes an unauthenticated JSON-RPC/WebSocket API on port 3333 that allows remote command execution and secret exfiltration from other users' developer workspace containers.

SSH Authentication Bypass Red Hat
NVD
CVSS 3.1
9.0
EPSS
0.3%
CVE-2022-50919 CRITICAL POC Act Now

Tdarr 2.00.15 media transcoding server has unauthenticated RCE through command injection in the Help terminal. Commands can be chained without any input filtering. PoC available.

Python RCE Tdarr
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-50893 CRITICAL POC Act Now

VIAVIWEB Wallpaper Admin 1.0 allows unauthenticated PHP file upload through the add_gallery_image.php endpoint. PoC available.

PHP RCE Wallpaper Admin
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-36911 CRITICAL POC Act Now

Covenant C2 framework (0.1.3-0.5) allows forging JWT tokens with admin roles due to hardcoded credentials. Attackers can upload and execute DLL payloads for RCE. PoC available.

RCE Covenant
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-54339 CRITICAL POC Act Now

Webgrind 1.1 has unauthenticated command injection via the dataFile parameter in index.php. The profiling tool executes OS commands directly from URL parameters. PoC available.

PHP Command Injection Webgrind
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-54329 CRITICAL POC Act Now

Inbit Messenger 4.6.0-4.9.0 has unauthenticated RCE through a stack overflow in the XML protocol on port 10883. PoC available.

Stack Overflow Inbit Messenger
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-50910 CRITICAL POC Act Now

Beehive Forum 1.5.2 has host header injection in the forgot password function that allows intercepting password reset tokens. PoC available.

Code Injection Beehive Forum
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-54335 CRITICAL POC Act Now

eXtplorer 2.1.14 has an authentication bypass that allows passwordless login. Combined with the file manager's upload capability, this achieves unauthenticated RCE. PoC available.

PHP Authentication Bypass Extplorer
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-54330 CRITICAL POC Act Now

Inbit Messenger 4.6.0-4.9.0 has a second stack buffer overflow in the network handler. SEH overwrite leads to shellcode execution on Windows. PoC available.

Windows Buffer Overflow Stack Overflow Inbit Messenger
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-50922 CRITICAL POC Act Now

Audio Conversion Wizard v2.01 has a buffer overflow in the registration code field that enables RCE through a crafted payload. PoC available.

RCE Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-50912 CRITICAL POC Act Now

ImpressCMS 1.4.4 has weak file upload extension filtering that can be bypassed using alternative PHP extensions (.php2, .php6, .php7, .phps, .pht). PoC available.

PHP Impresscms
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-22869 CRITICAL POC PATCH Act Now

Eigent multi-agent workflow CI pipeline (ci.yml) uses pull_request_target with checkout of untrusted PR code, enabling arbitrary code execution with repository write permissions from fork PRs. PoC available, patch available.

Github AI / ML Eigent
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2022-50926 CRITICAL POC Act Now

WAGO PFC200 G2 PLC (firmware affected) allows privilege escalation through cookie manipulation. Users can modify cookie values to gain admin privileges. PoC available.

Golang Privilege Escalation
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-69992 CRITICAL POC Act Now

phpgurukul News Portal V4.1 allows unauthenticated upload of any file type via upload.php. The third critical vulnerability in this application alongside file deletion and SQL injection. PoC available.

PHP News Portal
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-54334 CRITICAL POC Act Now

Explorer32++ 1.3.5.531 has a buffer overflow in filename handling that corrupts the SEH chain with filenames over 396 characters. PoC available.

Buffer Overflow Explorer
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2022-50905 CRITICAL POC Act Now

e107 CMS 3.2.1 has multiple XSS vulnerabilities in news comments that allow executing arbitrary JavaScript. Rated CVSS 9.8 suggesting further exploitation potential beyond typical XSS. PoC available.

PHP XSS E107
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2022-50935 CRITICAL POC Act Now

Flame II HSPA USB Modem has an unquoted service path vulnerability that enables privilege escalation to SYSTEM on Windows. PoC available.

Windows
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2022-50895 CRITICAL POC Act Now

Aero CMS 0.0.1 has SQL injection in the author parameter exploitable through boolean-based, error-based, time-based, and UNION query techniques. PoC available.

SQLi Aerocms
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-64155 CRITICAL POC Act Now

Fortinet FortiSIEM (6.7.0 through 7.4.0) has OS command injection via crafted TCP requests. As a SIEM, compromise gives attackers access to all security logs and the ability to suppress alerts. PoC available.

Fortinet Command Injection Fortisiem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-69991 CRITICAL POC Act Now

phpgurukul News Portal V4.1 has SQL injection in check_availablity.php. PoC available.

PHP SQLi News Portal
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2022-50925 CRITICAL POC Act Now

Prowise Reflect 1.0.9 exposes a WebSocket on port 8082 that accepts unauthenticated keyboard injection commands. Malicious web pages can type keystrokes and open applications on the display device. PoC available.

CSRF Reflect
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-69990 CRITICAL POC Act Now

phpgurukul News Portal V4.1 allows unauthenticated arbitrary file deletion via remove_file.php. Attackers can delete any file on the server. PoC available.

PHP News Portal
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2023-54337 CRITICAL POC Act Now

Sysax Multi Server 6.95 crashes when the admin password field receives 800 bytes, causing denial of service. PoC available.

Denial Of Service Multi Server
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-68271 CRITICAL PATCH Act Now

OpenC3 COSMOS (space mission control software, 5.0.0-6.10.1) has unauthenticated RCE through the JSON-RPC API. String parameters are evaluated as Ruby code via convert_to_value. Maximum CVSS 10.0 with scope change.

Ruby RCE
NVD GitHub
CVSS 3.1
10.0
EPSS
0.3%
CVE-2025-47855 CRITICAL Act Now

Fortinet FortiFone 7.0.0-7.0.1 and 3.0.13-3.0.23 allows unauthenticated attackers to download the complete device configuration via crafted HTTP/HTTPS requests. Configuration files contain credentials and network settings.

Fortinet
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2025-40805 CRITICAL Act Now

An API authentication bypass allows unauthenticated attackers to impersonate legitimate users. Maximum CVSS 10.0 with scope change. Requires knowledge of a legitimate user's identity.

Authentication Bypass IoT Industrial
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-0881 CRITICAL PATCH Act Now

Firefox Messaging System component has a sandbox escape vulnerability. Maximum CVSS 10.0 with scope change. Affects Firefox < 147 and Thunderbird < 147.

Authentication Bypass Mozilla Thunderbird
NVD VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-22871 CRITICAL PATCH Act Now

GuardDog security scanner before 2.7.1 has a path traversal in safe_extract() that allows malicious PyPI packages to write files outside the extraction directory. Ironic vulnerability in a tool designed to detect malicious packages. Patch available.

RCE Path Traversal AI / ML Guarddog
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-0501 CRITICAL Act Now

SAP S/4HANA General Ledger (Private Cloud and On-Premise) has SQL injection allowing authenticated users to read, modify, and delete backend database data with scope change (CVSS 9.9). Financial data is directly at risk.

SAP
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-23478 CRITICAL Act Now

Cal.com scheduling software (3.1.6 to 6.0.7) has a critical authentication bypass in the NextAuth JWT callback. Attackers can gain full access to any user account by supplying a target email via session.update(). Fixed in 6.0.7.

Information Disclosure Cal.Com
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-65783 CRITICAL Act Now

Hub v2.0 property management system allows unauthenticated arbitrary file upload via /utils/uploadFile. Malicious PDF files can be uploaded and may achieve code execution.

File Upload RCE Hub
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-10915 CRITICAL Act Now

Dreamer Blog WordPress theme (through 1.2) allows unauthenticated arbitrary plugin/theme installations due to a missing capability check. Attackers can install malicious plugins to achieve RCE.

WordPress PHP
NVD WPScan
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-0884 CRITICAL PATCH Act Now

Firefox JavaScript engine has a use-after-free vulnerability. Affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147 and < 140.7.

Use After Free Memory Corruption Mozilla Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-0879 CRITICAL PATCH Act Now

Firefox sandbox escape via incorrect boundary conditions in the Graphics component. Affects Firefox < 147, Firefox ESR < 115.32 and < 140.7, Thunderbird < 147 and < 140.7.

Mozilla Buffer Overflow Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-0892 CRITICAL PATCH Act Now

Firefox 146 and Thunderbird 146 contain memory safety bugs with evidence of memory corruption that could potentially be exploited for code execution.

Mozilla Buffer Overflow RCE
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-0500 CRITICAL PATCH Act Now

SAP Wily Introscope Enterprise Manager uses a vulnerable third-party component that allows unauthenticated attackers to create malicious JNLP files at public URLs. Victims who click these URLs execute OS commands on their machines. Scope change. Patch available.

SAP Java Command Injection Introscope Enterprise Manager
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-14829 CRITICAL Act Now

E-xact Hosted Payment WordPress plugin (through 2.0) allows unauthenticated arbitrary file deletion. Attackers can delete wp-config.php to trigger the WordPress installer and take over the site.

WordPress PHP
NVD WPScan
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-11250 CRITICAL PATCH Act Now

ManageEngine ADSelfService Plus before 6519 has an authentication bypass due to improper filter configurations. As a self-service password management tool for Active Directory, compromise enables mass password resets across the enterprise. Patch available.

Authentication Bypass Manageengine Adselfservice Plus
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-0498 CRITICAL PATCH Act Now

SAP S/4HANA (Private Cloud and On-Premise) has the same backdoor vulnerability as CVE-2026-0491 – admin-exploitable ABAP/OS command injection via RFC function module. Patch available.

SAP Command Injection
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-0491 CRITICAL Act Now

SAP Landscape Transformation has an admin-exploitable backdoor via RFC function module that allows injection of arbitrary ABAP code and OS commands, bypassing authorization checks. Scope change enables full SAP system compromise.

SAP Command Injection
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-25176 CRITICAL Act Now

A hardware vulnerability allows exfiltration of intermediate register values from secure workloads running in ARM TrustZone or similar TEE environments. Non-secure applications can read secure-world register contents.

Information Disclosure Ddk
NVD
CVSS 3.1
9.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy