Skip to main content
CVE-2026-1162 CRITICAL POC Act Now

UTT HiPER 810 router firmware 1.7.4 has a stack buffer overflow in the /goform/setNat endpoint's strcpy function, enabling remote attackers to execute arbitrary code.

Buffer Overflow 810 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-23852 CRITICAL POC PATCH Act Now

SiYuan personal knowledge management system prior to 3.5.4 has a stored XSS vulnerability (CVSS 9.6) that allows code execution through crafted knowledge base entries.

RCE XSS Siyuan
NVD GitHub
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-23841 CRITICAL POC Act Now

Movary has a third input validation vulnerability that allows authenticated users to delete arbitrary files from the server, potentially causing data loss or service disruption.

XSS Movary
NVD GitHub
CVSS 3.1
9.3
EPSS
0.2%
CVE-2026-23840 CRITICAL POC Act Now

Movary has a second input validation vulnerability allowing authenticated users to write arbitrary files on the server, enabling code execution through web shell upload.

XSS Movary
NVD GitHub
CVSS 3.1
9.3
EPSS
0.1%
CVE-2026-23839 CRITICAL POC Act Now

Movary movie tracking application has an input validation flaw that allows authenticated users to read arbitrary files from the server, potentially exposing configuration files and secrets.

XSS Movary
NVD GitHub
CVSS 3.1
9.3
EPSS
0.1%
CVE-2026-1158 HIGH POC This Week

Buffer overflow in Totolik LR350 firmware allows authenticated remote attackers to achieve full system compromise through malicious SSID parameters in the wizard configuration endpoint. Public exploit code is available for this vulnerability, and no patch has been released, leaving deployed devices at immediate risk. The flaw requires valid credentials but enables complete confidentiality, integrity, and availability violations with network-level access.

Buffer Overflow Lr350 Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-1157 HIGH POC This Week

Stack-based buffer overflow in Totolink LR350 firmware (version 9.3.5u.6369_B20220309) allows authenticated remote attackers to achieve complete system compromise through manipulation of the ssid parameter in the WiFi configuration function. Public exploit code is available and no patch has been released, leaving affected devices vulnerable to active exploitation. The vulnerability requires valid credentials but poses critical risk due to high-impact consequences including arbitrary code execution.

Buffer Overflow Lr350 Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-1156 HIGH POC This Week

Unauthenticated remote attackers can exploit a buffer overflow in the WiFi configuration function of Totolink LR350 firmware version 9.3.5u.6369_B20220309 to achieve remote code execution with full system compromise. The vulnerability exists in the ssid parameter handler of /cgi-bin/cstecgi.cgi and requires only network access to trigger, with public exploit code already available. No patch is currently available for affected devices.

Buffer Overflow Lr350 Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-1155 HIGH POC This Week

Buffer overflow in Totolink LR350 firmware allows authenticated remote attackers to achieve complete system compromise through a malformed SSID parameter in the WiFi guest configuration function. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.

Buffer Overflow Lr350 Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-1143 HIGH POC This Week

Buffer overflow in TOTOLIK A3700R firmware version 9.1.2u.5822_B20200513 allows authenticated remote attackers to achieve complete system compromise through manipulation of the ssid parameter in the WiFi guest configuration function. Public exploit code exists for this vulnerability and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.

Buffer Overflow A3700r Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-1137 HIGH POC This Week

Remote code execution in UTT 520W firmware versions through 1.7.7-180627 stems from a buffer overflow in the /goform/formWebAuthGlobalConfig endpoint, allowing authenticated attackers to execute arbitrary code with network access. Public exploit code is available for this vulnerability, and no patches have been released despite vendor notification. The high CVSS score of 8.8 reflects full compromise of confidentiality, integrity, and availability on affected devices.

Buffer Overflow 520w Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-1140 HIGH POC This Week

Remote code execution in UTT 520W firmware 1.7.7-180627 via a buffer overflow in the /goform/ConfigExceptAli endpoint allows authenticated attackers to execute arbitrary code with high privileges. Public exploit code exists for this vulnerability, and no patch is available from the vendor despite early disclosure notification. Affected organizations running vulnerable 520W devices should immediately isolate or replace equipment until a security update becomes available.

Buffer Overflow 520w Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-1139 HIGH POC This Week

Remote code execution in UTT 520W firmware 1.7.7-180627 stems from a buffer overflow in the /goform/ConfigExceptMSN endpoint accessible to authenticated users. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. An attacker with valid credentials can achieve complete system compromise including data theft, modification, and service disruption.

Buffer Overflow 520w Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-1138 HIGH POC This Week

Buffer overflow in UTT 520W firmware version 1.7.7-180627 allows authenticated remote attackers to execute arbitrary code through the /goform/ConfigExceptQQ endpoint via unsafe string operations. Public exploit code is available and the vendor has not provided a patch despite early notification. This vulnerability affects confidentiality, integrity, and availability with CVSS 8.8 severity.

Buffer Overflow 520w Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-22850 HIGH POC PATCH This Week

SQL injection in Koko Analytics for WordPress prior to version 2.1.3 allows unauthenticated attackers to inject malicious SQL through the public tracking endpoint, which gets stored unescaped and executed when administrators export and reimport analytics data. Public exploit code exists for this vulnerability, enabling attackers to execute arbitrary SQL commands including database manipulation and potential data destruction. The vulnerability affects WordPress installations using vulnerable versions of the Koko Analytics plugin and requires administrator interaction with a malicious export file to fully exploit.

WordPress PHP Industrial Koko Analytics
NVD GitHub
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-23846 HIGH POC PATCH This Week

Tugtainer versions before 1.16.1 transmit authentication credentials through URL query parameters rather than request bodies, causing passwords to be exposed in server logs, browser history, and proxy logs. This exposure allows attackers with access to these logs or cached data to obtain valid credentials for the Docker container management system. Public exploit code exists for this vulnerability, and a patch is available in version 1.16.1.

Docker Tugtainer
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-23850 HIGH POC PATCH This Week

Remote attackers can read arbitrary files from SiYuan servers (versions prior to 3.5.4) by exploiting server-side HTML rendering in the markdown feature. The path traversal vulnerability (CWE-22) requires no authentication and has low attack complexity, making it trivially exploitable. A public exploit exists and EPSS scoring indicates 9% exploitation probability (25th percentile), suggesting limited but active reconnaissance. Vendor patch available in version 3.5.4.

Path Traversal Siyuan
NVD GitHub
CVSS 4.0
7.8
EPSS
0.1%
CVE-2026-23884 HIGH POC PATCH This Week

Denial of service and potential remote code execution affects FreeRDP RDP clients prior to version 3.21.0, where deleting an offscreen bitmap leaves the gdi->drawing pointer referencing freed memory and subsequent update packets trigger a use-after-free (CWE-416). A malicious or compromised RDP server can drive a connected client into the freed-memory access, reliably crashing it and potentially corrupting the heap for code execution depending on allocator state. Publicly available exploit code exists, though EPSS exploitation probability is low (0.17%, 38th percentile) and the issue is not listed in CISA KEV.

Use After Free Denial Of Service Freerdp Memory Corruption
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.2%
CVE-2026-23883 HIGH POC PATCH This Week

Client-side denial of service in the FreeRDP RDP client (X11 frontend) prior to version 3.21.0 lets a malicious or compromised RDP server crash the connecting client and potentially corrupt its heap. The flaw is a double-free of the cursor pixel buffer in xf_Pointer_New: on an allocation/setup failure the function frees cursorPixels, and a later pointer_free call invokes xf_Pointer_Free which frees the same buffer again (CWE-416 use-after-free/double-free). Publicly available exploit code exists and an EPSS of 0.17% indicates currently low probability of widespread exploitation; impact is rated availability-only (VA:H), though the description notes heap-corruption could escalate to code execution depending on allocator behavior.

Use After Free Denial Of Service Freerdp Memory Corruption
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.2%
CVE-2026-23534 HIGH POC PATCH This Week

Denial of service (and potential code execution) in FreeRDP RDP clients before 3.21.0 lets a malicious or compromised RDP server overflow a client-side heap buffer during ClearCodec band decoding. By supplying crafted band coordinates that drive writes past the destination surface buffer, the server crashes the connecting client and may corrupt the heap. Publicly available exploit code exists; EPSS is low (0.15%, 35th percentile) and the issue is not in CISA KEV, indicating no confirmed active exploitation.

Buffer Overflow Freerdp Heap Overflow
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-23533 HIGH POC PATCH This Week

Denial of service and potential remote code execution in the FreeRDP client (all versions prior to 3.21.0) stems from a heap buffer overflow in the RDPGFX ClearCodec decoder (libfreerdp/codec/clear.c). A malicious or compromised RDP server can send crafted residual data that triggers out-of-bounds heap writes during color output on the connecting client, crashing it and potentially corrupting the heap. Publicly available exploit code exists and the GitHub advisory marks it exploitable, but the EPSS probability is low (0.15%, 35th percentile) and it is not listed in CISA KEV.

Buffer Overflow Freerdp Heap Overflow
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-23530 HIGH POC PATCH This Week

Client-side heap buffer overflow in FreeRDP before version 3.21.0 lets a malicious or compromised RDP server crash connecting clients and potentially corrupt heap memory. The flaw lives in the planar codec's `freerdp_bitmap_decompress_planar`, which fails to bound-check decoded bitmap dimensions before RLE decompression, yielding a denial-of-service with a speculative code-execution path. Publicly available exploit code exists via the GitHub Security Advisory, though EPSS exploitation probability remains low (0.15%) and it is not on CISA KEV.

Buffer Overflow Freerdp Heap Overflow
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-23532 HIGH POC PATCH This Week

Denial of service and potential heap corruption in the FreeRDP client (all versions prior to 3.21.0) arises in the graphics pipeline's gdi_SurfaceToSurface path, where destination-rectangle clamping does not match the actual copy size. A malicious or compromised RDP server can drive a connected client into a heap buffer overflow, reliably crashing it and, depending on allocator state and heap layout, opening a path to code execution. Publicly available exploit code exists, but EPSS exploitation probability is low (0.13%, 33rd percentile) and the issue is not listed in CISA KEV.

Buffer Overflow Freerdp Heap Overflow
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-23531 HIGH POC PATCH This Week

Client-side heap buffer overflow in FreeRDP's ClearCodec decoder (versions prior to 3.21.0) lets a malicious or compromised RDP server corrupt a connecting client's memory. When `glyphData` is present, `clear_decompress` invokes `freerdp_image_copy_no_overlap` without validating the destination rectangle, producing an out-of-bounds read/write via crafted RDPGFX surface updates. Publicly available exploit code exists (per the GitHub Security Advisory), but it is not listed in CISA KEV and EPSS is low (0.13%, 33th percentile); confirmed impact is denial of service with a residual, allocator-dependent code-execution risk.

Buffer Overflow Freerdp Heap Overflow
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-23732 HIGH POC PATCH This Week

FreeRDP versions before 3.21.0 contain a buffer overflow in FastGlyph parsing where a malicious Remote Desktop server can crash the client by sending specially crafted glyph data that bypasses length validation. A remote attacker can exploit this vulnerability without authentication to cause denial of service, and public exploit code exists. The vulnerability affects FreeRDP clients connecting to untrusted or compromised RDP servers, with no patch currently available for most deployments.

Buffer Overflow Denial Of Service Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-68616 HIGH POC PATCH GHSA This Week

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-va...

SSRF Weasyprint Open Redirect
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-23842 HIGH POC PATCH This Week

ChatterBot versions through 1.2.10 suffer from denial-of-service vulnerabilities due to improper connection pool management that allows attackers to exhaust database connections through concurrent requests to the get_response() method, causing persistent service unavailability. Public exploit code exists for this vulnerability, which affects all deployments of the affected ChatterBot versions and requires manual service restart to recover. ChatterBot 1.2.11 addresses this issue.

Denial Of Service AI / ML Chatterbot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-23848 MEDIUM POC PATCH This Month

Mytube versions up to 1.7.71 contains a vulnerability that allows attackers to bypass IP-based rate limiting on general API endpoints (CVSS 6.5).

Denial Of Service Mytube
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-21696 MEDIUM POC PATCH This Month

Wings for Pterodactyl versions 1.7.0 through 1.11.x fail to respect SQLite's maximum parameter limit when deleting activity log entries, allowing authenticated users to trigger a database error that prevents log cleanup and causes indefinite accumulation of records. This denial of service condition degrades panel performance and availability over time. Public exploit code exists for this vulnerability, and no patch is currently available.

SQLi Wings Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-23851 MEDIUM POC PATCH This Month

SiYuan knowledge management system versions before 3.5.4 allow authenticated users to copy arbitrary files from the server filesystem into the application workspace due to insufficient path validation in the /api/file/globalCopyFiles endpoint. An attacker with valid credentials can exploit this path traversal vulnerability to read sensitive files and escalate privileges within the application. Public exploit code exists for this medium-severity vulnerability, though a patch is available.

Golang Siyuan Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23847 MEDIUM POC PATCH This Month

Reflected XSS in SiYuan's /api/icon/getDynamicIcon endpoint allows attackers to inject malicious JavaScript through unescaped SVG content in dynamically generated icon images. An unauthenticated attacker can craft a malicious link that, when clicked by a victim, executes arbitrary scripts in the context of the SiYuan application. Public exploit code exists for versions prior to 3.5.4, which contains the necessary patches.

XSS Siyuan Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-1192 MEDIUM POC This Month

Online Store Management System versions up to 1.01 contains a vulnerability that allows attackers to command injection (CVSS 7.3).

PHP Command Injection
NVD VulDB
CVSS 4.0
5.5
EPSS
2.5%
CVE-2026-23836 CRITICAL PATCH Act Now

HotCRP conference review software version 3.1 has an inadequate input sanitization flaw (CVSS 9.9) that allows authenticated users to execute arbitrary code on the server through crafted submissions.

PHP Hotcrp
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-22797 CRITICAL PATCH Act Now

OpenStack keystonemiddleware 10.5 through 10.9 has an authentication spoofing vulnerability (CVSS 9.9) allowing attackers to bypass Keystone token validation and access any OpenStack service as any user.

Authentication Bypass
NVD VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-23837 CRITICAL PATCH Act Now

MyTube self-hosted video downloader has an authorization bypass (CVSS 9.8) that allows unauthenticated access to administrative functions in versions 1.7.65 and prior.

Nginx Mytube
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-23944 CRITICAL PATCH Act Now

Arcane Docker management interface prior to 1.13.2 has missing authentication, allowing unauthenticated attackers to manage Docker containers, images, and networks on the host.

Docker Arcane
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-23845 MEDIUM POC PATCH This Month

Mailpit versions before 1.28.3 contain a server-side request forgery vulnerability in the HTML Check feature that allows unauthenticated attackers to trigger arbitrary HTTP requests by crafting malicious CSS links in email messages. The vulnerability exists in the CSS inlining function which automatically downloads external stylesheets without proper validation. Public exploit code exists for this issue, though a patch is available in version 1.28.3 and later.

SSRF Mailpit Suse
NVD GitHub
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-0610 CRITICAL Act Now

Devolutions Server 2025.3.1 through 2025.3.6 contains a SQL injection vulnerability in the remote sessions component that allows attackers to manipulate database queries.

SQLi Devolutions Server
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-1176 MEDIUM POC This Month

SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /subject/index.php allows unauthenticated remote attackers to query, modify, or delete database contents. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network against vulnerable instances.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-1160 MEDIUM POC This Month

PHPGurukul Directory Management System 1.0 contains a SQL injection vulnerability in the search functionality of /index.php that allows unauthenticated remote attackers to manipulate the searchdata parameter and execute arbitrary database queries. Public exploit code is available for this vulnerability, and no patch is currently available. The vulnerability impacts confidentiality, integrity, and availability with a CVSS score of 7.3.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-1159 MEDIUM POC This Month

Online Frozen Foods Ordering System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-23875 MEDIUM POC PATCH This Month

Improper permission validation in CrawlChat versions prior to 0.0.8 allows unauthenticated Discord guild members to inject malicious content into the bot's knowledge base through the jigsaw emoji feature, enabling attackers to manipulate chatbot responses across all integrations and redirect users to malicious sites. The vulnerability affects the AI/ML platform's ability to maintain knowledge base integrity, as normal users can bypass intended admin-only controls. Public exploit code exists for this issue, though a patch is available.

Authentication Bypass AI / ML Crawlchat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-23849 MEDIUM POC PATCH This Month

Filebrowser versions up to 2.55.0 contains a vulnerability that allows attackers to enumerate valid usernames by measuring the response time of the /api/login endpo (CVSS 5.3).

Information Disclosure Filebrowser Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-1174 MEDIUM POC This Month

Birkir Prime versions up to 0.4.0.beta.0 are vulnerable to resource exhaustion attacks through the GraphQL Alias Handler endpoint, allowing unauthenticated remote attackers to cause denial of service. Public exploit code is available for this vulnerability, and the project has not yet released a patch despite early notification. The attack requires no user interaction and can be executed over the network with minimal complexity.

Denial Of Service Prime
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-1173 MEDIUM POC This Month

Prime versions up to 0.4.0.beta.0 are vulnerable to denial of service attacks through the GraphQL Array Based Query Batch Handler component, which can be exploited remotely without authentication. Public exploit code exists for this vulnerability, and the vendor has not yet released a patch despite early notification.

Denial Of Service Prime
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-1172 MEDIUM POC This Month

Birkir Prime versions up to 0.4.0.beta.0 contain a denial of service vulnerability in the GraphQL Directive Handler that can be exploited remotely without authentication. Public exploit code exists for this vulnerability, and the developers have not released a patch despite early notification. An unauthenticated attacker can leverage this flaw to disrupt service availability.

Denial Of Service Prime
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-1171 MEDIUM POC This Month

Remote denial of service in birkir Prime up to version 0.4.0.beta.0 can be triggered through the GraphQL Field Handler endpoint without authentication. Public exploit code exists for this vulnerability, though no patch is currently available from the project maintainers.

Denial Of Service Prime
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-15539 MEDIUM POC PATCH This Month

A vulnerability was determined in Open5GS up to 2.7.6. Impacted is the function sgwc_s11_handle_downlink_data_notification_ack of the file src/sgwc/s11-handler.c of the component sgwc. [CVSS 5.3 MEDIUM]

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-1175 MEDIUM POC This Month

Birkir Prime up to version 0.4.0.beta.0 exposes sensitive information through error messages in its GraphQL Directive Handler endpoint (/graphql), allowing unauthenticated remote attackers to extract data. Public exploit code exists for this vulnerability, and the vendor has not yet released a patch despite being notified.

Information Disclosure Prime
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-1170 MEDIUM POC This Month

Birkir Prime up to version 0.4.0.beta.0 exposes sensitive information through its GraphQL API endpoint due to improper access controls, allowing unauthenticated remote attackers to disclose confidential data. Public exploit code for this vulnerability is available, and the vendor has not yet released a patch despite being notified of the issue.

Information Disclosure Prime
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy