Skip to main content
CVE-2026-23744 CRITICAL POC PATCH THREAT Act Now

MCPJam Inspector versions 1.4.2 and earlier allow unauthenticated remote code execution through missing authentication in the MCP server debugging platform, with EPSS 17.2% indicating active scanning.

RCE Authentication Bypass AI / ML Inspector
NVD GitHub VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
17.2%
Threat
4.0
CVE-2021-47812 CRITICAL POC Act Now

GravCMS 1.10.7 allows unauthenticated remote attackers to write arbitrary YAML configuration files, leading to full server compromise through admin account creation or code execution.

PHP Grav
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2021-47785 CRITICAL POC Act Now

Ether MP3 CD Burner 1.3.8 has buffer overflow in registration enabling bind shell on port 3110 via SEH overwrite. PoC available.

DNS RCE Buffer Overflow Ether Mp3 Cd Burner
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2021-47796 CRITICAL POC Act Now

Denver SHC-150 Smart WiFi Camera has hardcoded telnet credentials on port 23, providing unauthenticated root shell access. PoC available.

Linux
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2021-47798 CRITICAL POC Act Now

NoteBurner 2.35 contains a buffer overflow in the license code input field that enables local attackers to crash the application or potentially execute arbitrary code by supplying an oversized activation key.

Buffer Overflow Denial Of Service
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-23523 CRITICAL POC PATCH Act Now

Dive, an MCP Host Desktop Application for LLM integration, allows code injection prior to version 0.13.0 through malicious tool responses, enabling attackers to execute arbitrary code on the user's machine.

RCE Code Injection AI / ML Dive
NVD GitHub
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-23722 CRITICAL POC Act Now

WeGIA web manager for charitable institutions has a reflected XSS vulnerability prior to version 3.6.2 that enables account takeover through crafted malicious links.

PHP XSS Wegia
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2021-47811 CRITICAL POC Act Now

Grocery Crud 1.6.4 has a SQL injection vulnerability in the order_by parameter, allowing remote attackers to read, modify, or delete database contents through crafted sort requests.

SQLi Grocery Crud
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-61937 CRITICAL Act Now

A CVSS 10.0 code injection vulnerability allows unauthenticated attackers to achieve remote code execution with OS-level system privileges on the affected product.

RCE Process Optimization
NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-23800 CRITICAL Act Now

Modular DS modular-connector has a CVSS 10.0 privilege escalation vulnerability through incorrect privilege assignment, allowing unauthenticated attackers to gain full administrative access to WordPress sites.

Privilege Escalation
NVD
CVSS 3.1
10.0
EPSS
0.0%
CVE-2025-60021 CRITICAL Act Now

Apache bRPC versions before 1.15.0 contain a remote command injection vulnerability in the heap profiler built-in service, allowing attackers to execute arbitrary OS commands.

Apache Github Command Injection Brpc
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-1019 CRITICAL Act Now

The Police Statistics Database System by Gotac has a missing authentication vulnerability allowing unauthenticated remote access to law enforcement statistical data.

Industrial Police Statistics Database System
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-1021 CRITICAL Act Now

Gotac Police Statistics Database System allows unauthenticated arbitrary file upload, enabling remote attackers to upload web shells and achieve full server compromise.

Industrial Police Statistics Database System
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-14233 CRITICAL Act Now

Canon printers contain an invalid free vulnerability in CPCA file deletion processing that allows network-based attackers to execute arbitrary code or crash the device.

RCE Mf452dw Firmware Mf656cdw Firmware Mf1238 Ii Firmware Mf451dw Firmware +12
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-14237 CRITICAL Act Now

Canon printers contain a buffer overflow in XPS font parsing that allows remote code execution through crafted print jobs with malicious font data.

Buffer Overflow Lbp236dw Firmware Mf654cdw Firmware Lbp633cdw Firmware Mf452dw Firmware +12
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-14236 CRITICAL Act Now

Canon Multifunction Printers have a buffer overflow in Address Book attribute tag processing that allows remote attackers to execute code by exploiting the printer's management interface.

Buffer Overflow Mf1643if Ii Firmware Mf1643i Ii Firmware Mf451dw Firmware Mf1238 Ii Firmware +12
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-14235 CRITICAL Act Now

Canon printers contain a buffer overflow in XPS font fpgm table processing, enabling remote code execution when processing crafted print jobs with malicious font data.

Buffer Overflow Mf653cdw Firmware Mf1643if Ii Firmware Lbp632cdw Firmware Mf652cw Firmware +12
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-14234 CRITICAL Act Now

Canon printers have a buffer overflow in CPCA list processing that allows remote attackers to execute arbitrary code through the printer's network protocol handler.

Buffer Overflow Mf656cdw Firmware Mf1643i Ii Firmware Mf452dw Firmware Mf652cw Firmware +12
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-14232 CRITICAL Act Now

Canon printers have a buffer overflow in XML processing of XPS files that allows network-adjacent attackers to execute arbitrary code by sending crafted print jobs.

Buffer Overflow Mf455dw Firmware Mf653cdw Firmware Lbp237dw Firmware Mf452dw Firmware +12
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-14231 CRITICAL Act Now

Canon Small Office Multifunction Printers and Laser Printers are vulnerable to a buffer overflow in WSD print job processing that allows remote attackers to execute arbitrary code or cause denial of service.

Buffer Overflow Lbp236dw Firmware Lbp1238 Ii Firmware Mf1643i Ii Firmware Mf656cdw Firmware +12
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-62582 CRITICAL Act Now

Delta Electronics DIAView has a missing authentication vulnerability that allows remote attackers to access critical functionality without credentials, potentially compromising SCADA monitoring.

Authentication Bypass Diaview
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-62581 CRITICAL Act Now

Delta Electronics DIAView uses hard-coded cryptographic keys, allowing attackers to forge authentication tokens, decrypt sensitive data, or bypass security controls entirely.

Information Disclosure Diaview
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-14894 CRITICAL Act Now

Livewire Filemanager for Laravel contains an unrestricted file upload vulnerability allowing unauthenticated attackers to upload and execute arbitrary files on the server.

PHP Laravel RCE Filemanager
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy