Skip to main content
CVE-2026-24061 CRITICAL POC KEV PATCH THREAT Act Now

GNU Inetutils telnetd through version 2.7 contains a critical authentication bypass that allows remote attackers to gain root access by setting the USER environment variable to '-f root' during TELNET negotiation. With EPSS 75% and KEV listing, this trivially exploitable vulnerability (CVE-2026-24061) has been widely weaponized. Public PoC is available and patches exist.

Authentication Bypass Debian Linux Inetutils Suse
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
75.3%
Threat
7.2
CVE-2026-20045 HIGH KEV THREAT Act Now

Cisco Unified Communications Manager and related products contain a code injection vulnerability (CVE-2026-20045) that allows unauthenticated remote attackers to execute arbitrary code. This KEV-listed vulnerability affects the core enterprise voice/video infrastructure including Unified CM, IM&P, Unity Connection, and Webex Calling Dedicated Instance, making it a high-priority threat for organizations dependent on Cisco collaboration tools.

Cisco Unity Connection Unified Communications Manager Unified Communications Manager Im And Presence Service
NVD VulDB
CVSS 3.1
8.2
EPSS
1.0%
CVE-2021-47851 CRITICAL POC Act Now

Mini Mouse 9.2.0 remote control application has an RCE vulnerability allowing attackers to execute arbitrary OS commands through the remote control protocol.

RCE Mini Mouse
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-47748 CRITICAL POC Act Now

Hasura GraphQL 1.3.3 has a remote code execution vulnerability allowing attackers to execute arbitrary shell commands through the GraphQL endpoint.

PostgreSQL RCE Graphql Engine
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-69766 CRITICAL POC Act Now

Tenda AX3 firmware has a third stack-based buffer overflow in formGetIptv, allowing unauthenticated remote code execution through the router's web interface.

RCE Buffer Overflow Stack Overflow Memory Corruption Ax3 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-69763 CRITICAL POC Act Now

Tenda AX3 firmware has a second stack overflow in formSetIptv via the vlanId parameter, allowing remote code execution through the IPTV configuration endpoint.

RCE Stack Overflow Memory Corruption Ax3 Firmware Tenda
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-69762 CRITICAL POC Act Now

Tenda AX3 firmware v16.03.12.11 has a stack overflow in formSetIptv via the list parameter, enabling remote attackers to crash the router or execute arbitrary code.

RCE Stack Overflow Memory Corruption Ax3 Firmware Tenda
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2021-47854 CRITICAL POC Act Now

DD-WRT firmware version 45723 has a buffer overflow in the UPnP network discovery service allowing remote attackers to execute code on the router without authentication.

Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2021-47875 CRITICAL POC Act Now

GeoGebra CAS Calculator 6.0.631.0 has a denial of service vulnerability that crashes the application through uncontrolled resource consumption triggered by crafted mathematical expressions.

Buffer Overflow Denial Of Service
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-22792 CRITICAL POC Act Now

5ire AI assistant desktop application prior to version 0.10.0 has an output encoding vulnerability that allows malicious AI model responses to execute code through the Electron renderer.

XSS 5ire
NVD GitHub
CVSS 3.1
9.6
EPSS
0.4%
CVE-2026-22793 CRITICAL POC Act Now

5ire MCP client prior to version 0.10.0 has a code injection vulnerability through MCP tool responses that enables arbitrary code execution on the user's desktop.

RCE 5ire
NVD GitHub
CVSS 3.1
9.6
EPSS
0.3%
CVE-2025-13465 MEDIUM POC PATCH CISA This Month

Lodash versions up to 4.17.22 is affected by improperly controlled modification of object prototype attributes (prototype pollution) (CVSS 5.3).

Information Disclosure Prototype Pollution Lodash
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
Threat
4.9
CVE-2021-47770 HIGH POC This Week

OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. [CVSS 8.8 HIGH]

RCE
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-47871 HIGH POC This Week

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. [CVSS 8.8 HIGH]

PHP SSH
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2021-47852 HIGH POC This Week

Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. [CVSS 8.8 HIGH]

Privilege Escalation
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-68137 HIGH POC This Week

EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in `SdpPacket::parse_header()` allows the current buffer length to be set to 7 after a complete header of size 8 has been read. [CVSS 8.3 HIGH]

Buffer Overflow Integer Overflow Everest
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2021-47846 HIGH POC This Week

Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting multiple login pages that allows unauthenticated attackers to bypass authentication. [CVSS 8.2 HIGH]

SQLi Authentication Bypass
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.4%
CVE-2021-47848 HIGH POC This Week

Blitar Tourism 1.0 contains an authentication bypass vulnerability that allows attackers to bypass login by injecting SQL code through the username parameter. [CVSS 8.2 HIGH]

SQLi Authentication Bypass
NVD GitHub Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2021-47886 HIGH POC This Week

PingzapperSvc service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47869 HIGH POC This Week

BRA_Scheduler service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47887 HIGH POC This Week

OkiJaSvc service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47884 HIGH POC This Week

OKI Local Port Manager service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47882 HIGH POC This Week

its Windows service configuration contains a vulnerability that allows attackers to execute arbitrary code (CVSS 7.8).

Windows
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47880 HIGH POC This Week

Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. [CVSS 7.8 HIGH]

Information Disclosure
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47878 HIGH POC This Week

eBeam Device Service contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 7.8).

Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47874 HIGH POC This Week

GVFS.Service Windows service contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).

Windows
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47867 HIGH POC This Week

ScheduleService contains a vulnerability that allows attackers to potentially execute code with elevated system privileges (CVSS 7.8).

Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47866 HIGH POC This Week

GuardTourService contains a vulnerability that allows attackers to potentially execute code with elevated system privileges (CVSS 7.8).

WordPress Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47864 HIGH POC This Week

OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. [CVSS 7.8 HIGH]

Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47863 HIGH POC This Week

its Encrypto Service configuration contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

Windows
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47861 HIGH POC This Week

Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47859 HIGH POC This Week

ac.sharedstore service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47883 HIGH POC This Week

SbieSvc service contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).

Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47879 HIGH POC This Week

eBeam Stylus Driver service contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 7.8).

Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47868 HIGH POC This Week

WPCommandFileService contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 7.8).

Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47862 HIGH POC This Week

HiPatchService contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).

NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47850 HIGH POC This Week

Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. [CVSS 7.5 HIGH]

Path Traversal Mini Mouse
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-47802 HIGH POC This Week

D151 Firmware versions up to - is affected by missing authentication for critical function (CVSS 7.5).

Authentication Bypass D151 Firmware D301 Firmware
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-66960 HIGH POC This Week

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata [CVSS 7.5 HIGH]

Denial Of Service AI / ML Ollama Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-66959 HIGH POC This Week

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder [CVSS 7.5 HIGH]

Denial Of Service AI / ML Ollama Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-47746 HIGH POC This Week

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. [CVSS 7.5 HIGH]

Path Traversal
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-70648 HIGH POC This Week

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_727F4 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1803 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-70646 HIGH POC This Week

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_72290 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1803 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-70644 HIGH POC This Week

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the time parameter of the sub_60CFC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-70651 HIGH POC This Week

Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1803 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-70650 HIGH POC This Week

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-70645 HIGH POC This Week

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetWifiMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2021-47877 HIGH POC This Week

GeoGebra Graphing Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2021-47876 HIGH POC This Week

GeoGebra Classic 5.0.631.0-d contains a denial of service vulnerability in the input field that allows attackers to crash the application by sending oversized buffer content. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2021-47865 HIGH POC PATCH This Week

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access. [CVSS 7.5 HIGH]

Denial Of Service Suse
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy