Skip to main content
CVE-2025-67084 CRITICAL POC Act Now

InvoicePlane through 1.6.3 allows authenticated users to upload PHP files as attachments that can be executed remotely. Low privileges sufficient with scope change. PoC available.

PHP RCE Invoiceplane
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2023-7334 CRITICAL POC Act Now

Changjetong T+ (through 16.x) has .NET deserialization RCE in an AjaxPro endpoint. Attacker-controlled JSON triggers deserialization of malicious .NET types. PoC available.

.NET RCE Deserialization
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2021-47753 CRITICAL POC Act Now

phpKF CMS 3.00 Beta allows unauthenticated PHP file upload by disguising it as a PNG, then renaming it for execution. PoC available.

PHP Cms
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2021-47772 CRITICAL POC Act Now

10-Strike Network Inventory Explorer Pro 9.31 has a buffer overflow in text file import that enables RCE through crafted files. PoC available.

RCE Buffer Overflow Network Inventory Explorer
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2021-47774 CRITICAL POC Act Now

Kingdia CD Extractor 3.0.2 has a buffer overflow in the registration name field. PoC available.

DNS RCE Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2021-47819 CRITICAL POC Act Now

ProjeQtOr Project Management 9.1.4 allows guest users to upload PHP files through profile attachments. Unauthenticated RCE via web shell. PoC available.

PHP
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2021-47781 CRITICAL POC Act Now

Cmder Console Emulator 1.3.18 can be crashed via a malicious .cmd file with repeated characters, causing buffer overflow and DoS. PoC available.

Buffer Overflow Denial Of Service
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-23519 CRITICAL POC PATCH Act Now

RustCrypto CMOV before 0.4.4 emits non-constant-time assembly on ARM Cortex-M0/M0+/M1 targets. Cryptographic operations that rely on constant-time guarantees are broken on these embedded platforms. PoC available, patch available.

Industrial Cmov
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-70892 CRITICAL POC Act Now

Phpgurukul Cyber Cafe Management System v1.0 has SQL injection in the username parameter of add-users.php. PoC available.

PHP SQLi Cyber Cafe Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-23520 CRITICAL POC PATCH Act Now

Arcane Docker management tool before 1.13.0 has command injection in lifecycle labels. Container labels are passed to /bin/sh -c without sanitization, enabling RCE. PoC available.

Docker Command Injection Arcane Suse
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-22907 CRITICAL Act Now

Container management vulnerability allows authenticated users to escape to the host filesystem with read/write access. CVSS 9.9 with scope change.

Authentication Bypass Tdc X401gl Firmware
NVD
CVSS 3.1
9.9
EPSS
0.0%
CVE-2025-62193 CRITICAL Act Now

NOAA PMEL Live Access Server (LAS) has unauthenticated RCE through PyFerret SPAWN commands embedded in requests. Scientific data servers running LAS are vulnerable to complete compromise.

RCE Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-67079 CRITICAL Act Now

Omnispace Agora Project (before 25.10) allows RCE through crafted PDF upload that exploits the ImageMagick MSL engine via the thumbnail function.

File Upload Agora Project
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-67822 CRITICAL Act Now

Mitel MiVoice MX-ONE 7.3-7.8 SP1 has authentication bypass in the Provisioning Manager. Unauthenticated attackers can access user or admin accounts in the VoIP management system.

Authentication Bypass Mivoice Mx One
NVD
CVSS 3.1
9.4
EPSS
0.1%
CVE-2026-22908 CRITICAL Act Now

Uploading unvalidated container images enables remote attackers with admin access to achieve full system compromise through malicious containers.

Information Disclosure Tdc X401gl Firmware
NVD
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-67647 CRITICAL PATCH Act Now

SvelteKit 2.19.0-2.49.4 has SSRF/DoS affecting applications with prerendered routes. Can be exploited to make the server perform arbitrary requests or become unresponsive. Patch available.

Denial Of Service Kit Adapter Node
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-1009 CRITICAL Act Now

Altium Forum has stored XSS in forum posts with scope change (CVSS 9.0). Authenticated attackers can inject JavaScript that executes in other users' sessions, including accessing Altium design tools and project data.

XSS Altium Live
NVD
CVSS 3.1
9.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy