MCPJam Inspector versions 1.4.2 and earlier allow unauthenticated remote code execution through missing authentication in the MCP server debugging platform, with EPSS 17.2% indicating active scanning.
GravCMS 1.10.7 allows unauthenticated remote attackers to write arbitrary YAML configuration files, leading to full server compromise through admin account creation or code execution.
Ether MP3 CD Burner 1.3.8 has buffer overflow in registration enabling bind shell on port 3110 via SEH overwrite. PoC available.
Denver SHC-150 Smart WiFi Camera has hardcoded telnet credentials on port 23, providing unauthenticated root shell access. PoC available.
NoteBurner 2.35 contains a buffer overflow in the license code input field that enables local attackers to crash the application or potentially execute arbitrary code by supplying an oversized activation key.
Dive, an MCP Host Desktop Application for LLM integration, allows code injection prior to version 0.13.0 through malicious tool responses, enabling attackers to execute arbitrary code on the user's machine.
WeGIA web manager for charitable institutions has a reflected XSS vulnerability prior to version 3.6.2 that enables account takeover through crafted malicious links.
Grocery Crud 1.6.4 has a SQL injection vulnerability in the order_by parameter, allowing remote attackers to read, modify, or delete database contents through crafted sort requests.
ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. [CVSS 8.8 HIGH]
Websitebaker versions up to 2.13.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows authenticated attackers to execute arbitrary system commands through user management endpoints. [CVSS 8.8 HIGH]
Skipper versions before 0.23.0 allow authenticated users with Ingress resource creation privileges to execute arbitrary Lua scripts that read sensitive filesystem data and secrets accessible to the Skipper process. The vulnerability stems from the default -lua-sources=inline configuration enabling untrusted users to create inline Lua filters. Public exploit code exists for this high-severity vulnerability affecting Kubernetes environments running vulnerable Skipper versions.
Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication. [CVSS 8.4 HIGH]
Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'login_user' parameter during authentication requests. [CVSS 8.2 HIGH]
Odine Solutions GateKeeper 1.0 contains a SQL injection vulnerability in the trafficCycle API endpoint that allows remote attackers to inject malicious database queries. [CVSS 8.2 HIGH]
Arbitrary file overwrite and symlink poisoning in the node-tar library (versions <= 7.5.2) lets a malicious tar archive escape its intended extraction root, even with the default-secure preservePaths=false setting. The flaw stems from missing sanitization of the linkpath on hardlink and symbolic-link entries, so absolute symlink targets and hardlinks can redirect writes outside the extraction directory when a victim application unpacks attacker-supplied archives. Publicly available exploit code exists via the GitHub Security Advisory (GHSA-8qq5-rm4j-mr97), though EPSS exploitation probability is very low (0.01%) and it is not listed in CISA KEV; the issue is fixed in 7.5.3.
BOOTP Turbo 2.0.0.1253 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to execute arbitrary code with elevated LocalSystem privileges during system startup or reboot. [CVSS 7.8 HIGH]
its binary path configuration contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
its Windows service configurations contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).
NTI IScheduleSvc service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
its binary path configuration contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).
Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. [CVSS 7.8 HIGH]
Apple Mobile Device Service contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).
its WifiHotSpotService.exe contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).
its service configuration contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).
Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. [CVSS 7.8 HIGH]
Acer ePowerSvc 6.0.3008.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. [CVSS 7.8 HIGH]
Wibukey versions up to 6.51 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Disk Sorter versions up to 13.6.12 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Sync Breeze versions up to 13.6.18 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Dup Scout versions up to 13.5.28 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Disksavvy versions up to 13.6.14 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Remote Mouse versions up to 3.008 contains a vulnerability that allows attackers to execute arbitrary code with elevated system privileges (CVSS 7.8).
Active Webcam versions up to 11.5 contains a vulnerability that allows attackers to execute arbitrary code with elevated system privileges (CVSS 7.8).
TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration. [CVSS 7.8 HIGH]
Macro Expert versions up to 4.7 contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated system privileges (CVSS 7.8).
Sysgauge versions up to 7.9.18 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Brprint Auditor versions up to 3.0.7 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Diskpulse versions up to 13.6.14 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBA_Agent_Client service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Brother\BRAgent\ to inject and execute malicious code with elevated system permissions. [CVSS 7.8 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_4C408 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. [CVSS 7.5 HIGH]
iDailyDiary 4.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the preferences tab name field. Attackers can paste a 2,000,000 character buffer into the default diary tab name to trigger an application crash. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the timeZone parameter of the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
RustFS versions 1.0.0-alpha.1 through 1.0.0-alpha.79 expose the shared HMAC secret in server logs when processing invalidly signed RPC requests, allowing attackers with log access to obtain authentication credentials and forge RPC calls. The vulnerability stems from improper error handling in the HTTP authentication module that logs sensitive cryptographic material. Public exploit code exists for this high-severity flaw, which is remediated in version 1.0.0-alpha.80.
Telegram Desktop versions up to 2.9.2 is affected by allocation of resources without limits or throttling (CVSS 7.5).
Smartftp versions up to 10.0.2909.0 is affected by allocation of resources without limits or throttling (CVSS 7.5).
Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder setting to trigger an application crash. [CVSS 7.5 HIGH]
mashREPL tool contains a vulnerability that allows attackers to crash the application by pasting malformed input (CVSS 7.5).
DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows 10. [CVSS 7.5 HIGH]