Skip to main content
CVE-2026-23744 CRITICAL POC PATCH THREAT Act Now

MCPJam Inspector versions 1.4.2 and earlier allow unauthenticated remote code execution through missing authentication in the MCP server debugging platform, with EPSS 17.2% indicating active scanning.

RCE Authentication Bypass AI / ML Inspector
NVD GitHub VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
17.2%
Threat
4.0
CVE-2021-47812 CRITICAL POC Act Now

GravCMS 1.10.7 allows unauthenticated remote attackers to write arbitrary YAML configuration files, leading to full server compromise through admin account creation or code execution.

PHP Grav
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2021-47785 CRITICAL POC Act Now

Ether MP3 CD Burner 1.3.8 has buffer overflow in registration enabling bind shell on port 3110 via SEH overwrite. PoC available.

DNS RCE Buffer Overflow Ether Mp3 Cd Burner
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2021-47796 CRITICAL POC Act Now

Denver SHC-150 Smart WiFi Camera has hardcoded telnet credentials on port 23, providing unauthenticated root shell access. PoC available.

Linux
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2021-47798 CRITICAL POC Act Now

NoteBurner 2.35 contains a buffer overflow in the license code input field that enables local attackers to crash the application or potentially execute arbitrary code by supplying an oversized activation key.

Buffer Overflow Denial Of Service
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-23523 CRITICAL POC PATCH Act Now

Dive, an MCP Host Desktop Application for LLM integration, allows code injection prior to version 0.13.0 through malicious tool responses, enabling attackers to execute arbitrary code on the user's machine.

RCE Code Injection AI / ML Dive
NVD GitHub
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-23722 CRITICAL POC Act Now

WeGIA web manager for charitable institutions has a reflected XSS vulnerability prior to version 3.6.2 that enables account takeover through crafted malicious links.

PHP XSS Wegia
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2021-47811 CRITICAL POC Act Now

Grocery Crud 1.6.4 has a SQL injection vulnerability in the order_by parameter, allowing remote attackers to read, modify, or delete database contents through crafted sort requests.

SQLi Grocery Crud
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2021-47794 HIGH POC This Week

ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. [CVSS 8.8 HIGH]

RCE Zeslecp
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2021-47788 HIGH POC This Week

Websitebaker versions up to 2.13.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

RCE Websitebaker
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2021-47816 HIGH POC This Week

Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows authenticated attackers to execute arbitrary system commands through user management endpoints. [CVSS 8.8 HIGH]

Command Injection
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-23742 HIGH POC PATCH This Week

Skipper versions before 0.23.0 allow authenticated users with Ingress resource creation privileges to execute arbitrary Lua scripts that read sensitive filesystem data and secrets accessible to the Skipper process. The vulnerability stems from the default -lua-sources=inline configuration enabling untrusted users to create inline Lua filters. Public exploit code exists for this high-severity vulnerability affecting Kubernetes environments running vulnerable Skipper versions.

Kubernetes Skipper Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2021-47756 HIGH POC This Week

Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication. [CVSS 8.4 HIGH]

Laravel Privilege Escalation
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2021-47801 HIGH POC This Week

Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'login_user' parameter during authentication requests. [CVSS 8.2 HIGH]

SQLi
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2021-47782 HIGH POC This Week

Odine Solutions GateKeeper 1.0 contains a SQL injection vulnerability in the trafficCycle API endpoint that allows remote attackers to inject malicious database queries. [CVSS 8.2 HIGH]

PostgreSQL SQLi
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-23745 HIGH POC PATCH This Week

Arbitrary file overwrite and symlink poisoning in the node-tar library (versions <= 7.5.2) lets a malicious tar archive escape its intended extraction root, even with the default-secure preservePaths=false setting. The flaw stems from missing sanitization of the linkpath on hardlink and symbolic-link entries, so absolute symlink targets and hardlinks can redirect writes outside the extraction directory when a victim application unpacks attacker-supplied archives. Publicly available exploit code exists via the GitHub Security Advisory (GHSA-8qq5-rm4j-mr97), though EPSS exploitation probability is very low (0.01%) and it is not listed in CISA KEV; the issue is fixed in 7.5.3.

Node.js Tar Path Traversal
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2021-47828 HIGH POC This Week

BOOTP Turbo 2.0.0.1253 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to execute arbitrary code with elevated LocalSystem privileges during system startup or reboot. [CVSS 7.8 HIGH]

Windows
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47847 HIGH POC This Week

its binary path configuration contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47845 HIGH POC This Week

its Windows service configurations contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).

Windows
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47826 HIGH POC This Week

NTI IScheduleSvc service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47822 HIGH POC This Week

its binary path configuration contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).

Information Disclosure
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47804 HIGH POC This Week

Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. [CVSS 7.8 HIGH]

Information Disclosure
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47803 HIGH POC This Week

Apple Mobile Device Service contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).

NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47833 HIGH POC This Week

its WifiHotSpotService.exe contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).

Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47829 HIGH POC This Week

its service configuration contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).

Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47825 HIGH POC This Week

Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. [CVSS 7.8 HIGH]

Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47823 HIGH POC This Week

Acer ePowerSvc 6.0.3008.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. [CVSS 7.8 HIGH]

Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47810 HIGH POC This Week

Wibukey versions up to 6.51 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE Wibukey
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47809 HIGH POC This Week

Disk Sorter versions up to 13.6.12 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

Windows Disk Sorter
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47807 HIGH POC This Week

Sync Breeze versions up to 13.6.18 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

Windows Sync Breeze
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47806 HIGH POC This Week

Dup Scout versions up to 13.5.28 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

Windows Dup Scout
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47805 HIGH POC This Week

Disksavvy versions up to 13.6.14 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

Windows Disksavvy
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47792 HIGH POC This Week

Remote Mouse versions up to 3.008 contains a vulnerability that allows attackers to execute arbitrary code with elevated system privileges (CVSS 7.8).

RCE Remote Mouse
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47790 HIGH POC This Week

Active Webcam versions up to 11.5 contains a vulnerability that allows attackers to execute arbitrary code with elevated system privileges (CVSS 7.8).

RCE Active Webcam
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47787 HIGH POC This Week

TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration. [CVSS 7.8 HIGH]

Information Disclosure Totalav
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47780 HIGH POC This Week

Macro Expert versions up to 4.7 contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated system privileges (CVSS 7.8).

RCE Macro Expert
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-36930 HIGH POC This Week

Sysgauge versions up to 7.9.18 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE Sysgauge
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-36929 HIGH POC This Week

Brprint Auditor versions up to 3.0.7 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

Windows Brprint Auditor
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-36927 HIGH POC This Week

Diskpulse versions up to 13.6.14 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

Windows Diskpulse
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-36928 HIGH POC This Week

Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBA_Agent_Client service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Brother\BRAgent\ to inject and execute malicious code with elevated system permissions. [CVSS 7.8 HIGH]

Code Injection Bragent
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71020 HIGH POC This Week

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_4C408 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2020-36926 HIGH POC This Week

SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. [CVSS 7.5 HIGH]

Information Disclosure Smartertrack
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2021-47824 HIGH POC This Week

iDailyDiary 4.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the preferences tab name field. Attackers can paste a 2,000,000 character buffer into the default diary tab name to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-70746 HIGH POC This Week

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the timeZone parameter of the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22782 HIGH POC PATCH This Week

RustFS versions 1.0.0-alpha.1 through 1.0.0-alpha.79 expose the shared HMAC secret in server logs when processing invalidly signed RPC requests, allowing attackers with log access to obtain authentication credentials and forge RPC calls. The vulnerability stems from improper error handling in the HTTP authentication module that logs sensitive cryptographic material. Public exploit code exists for this high-severity flaw, which is remediated in version 1.0.0-alpha.80.

Information Disclosure Rustfs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2021-47793 HIGH POC This Week

Telegram Desktop versions up to 2.9.2 is affected by allocation of resources without limits or throttling (CVSS 7.5).

Denial Of Service Telegram Desktop
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2021-47791 HIGH POC This Week

Smartftp versions up to 10.0.2909.0 is affected by allocation of resources without limits or throttling (CVSS 7.5).

Denial Of Service Smartftp
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2021-47831 HIGH POC This Week

Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder setting to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2021-47827 HIGH POC This Week

mashREPL tool contains a vulnerability that allows attackers to crash the application by pasting malformed input (CVSS 7.5).

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2021-47818 HIGH POC This Week

DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows 10. [CVSS 7.5 HIGH]

Windows Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy