THREAT ALERT

ACT NOW CVE-2026-20045 8.2 Cisco Unified Communications Manager and related products contain a code injection vulnerability (CVE-2026-20045) that allows unauthenticated remote attackers to execute arbitrary code. This KEV-listed vulnerability affects the core enterprise voice/video infrastructure including Unified CM, IM&P, Unity Connection, and Webex Calling Dedicated Instance, making it a high-priority threat for organizations dependent on Cisco collaboration tools. | ACT NOW CVE-2026-24061 9.8 GNU Inetutils telnetd through version 2.7 contains a critical authentication bypass that allows remote attackers to gain root access by setting the USER environment variable to '-f root' during TELNET negotiation. With EPSS 75% and KEV listing, this trivially exploitable vulnerability (CVE-2026-24061) has been widely weaponized. Public PoC is available and patches exist. | EMERGENCY CVE-2026-20963 9.8 Microsoft Office SharePoint contains a deserialization vulnerability (CVE-2026-20963) that allows authenticated users to execute arbitrary code over the network through crafted serialized objects. KEV-listed with public PoC, this CVSS 8.8 vulnerability enables any SharePoint user to escalate to server-level code execution, making it a critical threat for organizations relying on SharePoint for document management and collaboration. | ACT NOW CVE-2026-22200 7.5 Arbitrary file disclosure in osTicket 1.18.x before 1.18.3 and 1.17.x before 1.17.7 allows unauthenticated attackers to read sensitive server files by injecting malicious PHP filter expressions into ticket descriptions that are processed during PDF export. The vulnerability exploits insufficient sanitization in the mPDF library integration, enabling attackers to embed arbitrary file contents as images in generated PDFs when exporting tickets. Public exploit code exists and the issue affects default configurations where guest ticket creation is enabled. | EMERGENCY CVE-2026-21891 9.4 ZimaOS (fork of CasaOS) through 1.5.0 has an authentication bypass where passwords for system service accounts are not properly validated during login. Attackers can access the system using known service account names with any password. PoC available, EPSS 13.6%. | ACT NOW CVE-2025-66376 7.2 Zimbra Collaboration Suite (ZCS) 10.x contains a stored XSS vulnerability in the Classic UI that allows attackers to execute arbitrary JavaScript through CSS @import directives in HTML emails. KEV-listed, this vulnerability (CVE-2025-66376) enables session hijacking and account takeover when administrators or users view malicious emails, making it a high-value target for email-based espionage campaigns. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — January 21, 2026

118 CVEs tracked today. 13 Critical, 65 High, 32 Medium, 5 Low.

CVE-2026-24061 CRITICAL CVSS 9.8
GNU Inetutils telnetd through version 2.7 contains a critical authentication bypass that allows remote attackers to gain root access by setting the USER environment variable to '-f root' during TELNET negotiation. With EPSS 75% and KEV listing, this trivially exploitable vulnerability (CVE-2026-24061) has been widely weaponized. Public PoC is available and patches exist.

Authentication Bypass Debian Linux Inetutils Suse
CVE-2026-23524 CRITICAL CVSS 9.8
Laravel Reverb WebSocket server versions 1.6.3 and below have an insecure deserialization vulnerability enabling remote code execution on the backend server.

Redis Laravel RCE Deserialization Reverb
CVE-2026-23518 CRITICAL CVSS 9.8
Fleet device management software has a signature verification bypass that allows attackers to install malicious firmware on managed devices across the fleet.

Windows Azure Fleet Suse
CVE-2026-22793 CRITICAL CVSS 9.6
5ire MCP client prior to version 0.10.0 has a code injection vulnerability through MCP tool responses that enables arbitrary code execution on the user's desktop.

RCE 5ire
CVE-2026-22792 CRITICAL CVSS 9.6
5ire AI assistant desktop application prior to version 0.10.0 has an output encoding vulnerability that allows malicious AI model responses to execute code through the Electron renderer.

XSS 5ire
CVE-2026-20045 HIGH CVSS 8.2
Cisco Unified Communications Manager and related products contain a code injection vulnerability (CVE-2026-20045) that allows unauthenticated remote attackers to execute arbitrary code. This KEV-listed vulnerability affects the core enterprise voice/video infrastructure including Unified CM, IM&P, Unity Connection, and Webex Calling Dedicated Instance, making it a high-priority threat for organizations dependent on Cisco collaboration tools.

Cisco Unity Connection Unified Communications Manager Unified Communications Manager Im And Presence Service
CVE-2025-69766 CRITICAL CVSS 9.8
Tenda AX3 firmware has a third stack-based buffer overflow in formGetIptv, allowing unauthenticated remote code execution through the router's web interface.

RCE Buffer Overflow Stack Overflow Memory Corruption Ax3 Firmware
CVE-2025-69763 CRITICAL CVSS 9.8
Tenda AX3 firmware has a second stack overflow in formSetIptv via the vlanId parameter, allowing remote code execution through the IPTV configuration endpoint.

RCE Stack Overflow Memory Corruption Ax3 Firmware Tenda
CVE-2025-69762 CRITICAL CVSS 9.8
Tenda AX3 firmware v16.03.12.11 has a stack overflow in formSetIptv via the list parameter, enabling remote attackers to crash the router or execute arbitrary code.

RCE Stack Overflow Memory Corruption Ax3 Firmware Tenda
CVE-2025-15521 CRITICAL CVSS 9.8
Academy LMS WordPress plugin has a privilege escalation vulnerability allowing unauthenticated users to bypass access controls and gain elevated privileges on WordPress sites.

WordPress Privilege Escalation PHP
CVE-2021-47875 CRITICAL CVSS 9.8
GeoGebra CAS Calculator 6.0.631.0 has a denial of service vulnerability that crashes the application through uncontrolled resource consumption triggered by crafted mathematical expressions.

Buffer Overflow Denial Of Service
CVE-2021-47854 CRITICAL CVSS 9.8
DD-WRT firmware version 45723 has a buffer overflow in the UPnP network discovery service allowing remote attackers to execute code on the router without authentication.

Buffer Overflow
CVE-2021-47851 CRITICAL CVSS 9.8
Mini Mouse 9.2.0 remote control application has an RCE vulnerability allowing attackers to execute arbitrary OS commands through the remote control protocol.

RCE Mini Mouse
CVE-2021-47748 CRITICAL CVSS 9.8
Hasura GraphQL 1.3.3 has a remote code execution vulnerability allowing attackers to execute arbitrary shell commands through the GraphQL endpoint.

PostgreSQL RCE Graphql Engine
CVE-2026-24046 HIGH CVSS 7.1
Backstage Scaffolder actions and archive extraction utilities are vulnerable to symlink-based path traversal attacks, allowing authenticated users with template creation privileges to read sensitive files, delete arbitrary files outside the workspace, or write malicious files via crafted symlinks in tar/zip archives. This affects deployments where users can create or execute Scaffolder templates, with no patch currently available for versions prior to @backstage/backend-defaults 0.12.2.

Path Traversal Redhat
CVE-2026-24016 HIGH CVSS 7.8
Arbitrary code execution in ServerView Agents for Windows installer results from insecure DLL loading, allowing local attackers with user privileges to execute malicious code with administrator rights during installation. The vulnerability affects Fsas Technologies Inc.'s installer component and currently has no available patch. An attacker with physical or local access can exploit this during the installation process to achieve full system compromise.

Windows
CVE-2026-23986 HIGH CVSS 7.1
Copier versions prior to 9.11.2 allow local attackers to write arbitrary files outside the intended project destination directory by exploiting symlink handling combined with the _preserve_symlinks feature in ostensibly safe templates. A malicious template author can craft a project template that bypasses security controls without requiring unsafe flags, enabling arbitrary file overwrites within the user's write permissions. Public exploit code exists for this vulnerability.

Information Disclosure Copier
CVE-2026-23755 HIGH CVSS 7.3
D-Link D-View 8 installer versions 2.0.1.107 and below are vulnerable to DLL preloading attacks that execute with administrator privileges when a user approves a UAC prompt. An attacker can place a malicious version.dll file in the installer directory to achieve arbitrary code execution with system-level access. This vulnerability affects users installing or updating D-View 8 on Windows systems.

D-Link D View 8
CVE-2026-23754 HIGH CVSS 8.8
D-Link D-View 8 versions 2.0.1.107 and below allow authenticated users to bypass access controls on backend API endpoints and retrieve credential data for arbitrary accounts, including administrators. An attacker can leverage exposed credentials to directly authenticate as any user and gain full administrative control over the D-View system. A patch is available to address this high-severity improper access control vulnerability.

D-Link D View 8
CVE-2026-23737 HIGH CVSS 7.5
Arbitrary code execution in Seroval versions 1.4.0 and below allows authenticated attackers to execute malicious JavaScript through improper deserialization handling in the fromJSON and fromCrossJSON functions. Exploitation requires multiple requests to the affected function and partial knowledge of runtime data usage, but grants full code execution capabilities. A patch is available in version 1.4.1 and later.

Deserialization Seroval Redhat Suse
CVE-2026-23736 HIGH CVSS 7.3
Seroval is affected by improperly controlled modification of object prototype attributes (prototype pollution) (CVSS 7.3).

Deserialization Seroval Redhat Suse
CVE-2026-23526 HIGH CVSS 8.8
CVAT is an open source interactive video and image annotation tool for computer vision. [CVSS 8.8 HIGH]

Information Disclosure AI / ML Computer Vision Annotation Tool
CVE-2026-23517 HIGH CVSS 8.1
Fleet device management software versions prior to 4.78.3 suffer from broken access control that permits any authenticated user, including low-privilege observers, to access debug and profiling endpoints. Attackers can leverage this vulnerability to extract sensitive server diagnostics, runtime profiling data, and application state, or trigger CPU-intensive operations resulting in denial of service. The vulnerability affects multiple Fleet versions and has patches available.

Industrial Denial Of Service Fleet Suse
CVE-2026-22822 HIGH CVSS 8.8
External Secrets Operator versions 0.20.2 through 1.1.x contain an authorization bypass in the getSecretKey template function that allows authenticated users to retrieve secrets across namespace boundaries, circumventing intended access controls. An attacker with local Kubernetes access could exploit this to exfiltrate sensitive data managed by the operator outside their authorized namespace. The vulnerability has been patched in version 1.2.0 where the function was completely removed.

Kubernetes External Secrets Operator Redhat Suse
CVE-2026-22807 HIGH CVSS 8.8
vLLM is an inference and serving engine for large language models (LLMs). [CVSS 8.8 HIGH]

Python AI / ML Vllm Hugging Face Redhat
CVE-2026-22444 HIGH CVSS 7.1
Apache Solr 8.6 through 9.10.0 in standalone mode fails to properly validate the "create core" API parameters, allowing authenticated users to bypass the allowPaths security restriction and access unauthorized filesystem locations. On Windows systems configured with UNC path support, this vulnerability can lead to NTLM credential hash disclosure. Affected deployments using the allowPaths setting are at risk of unauthorized core creation and information exposure.

Windows Apache Solr Redhat
CVE-2026-22022 HIGH CVSS 8.2
Unauthorized API access in Apache Solr 5.3.0 through 9.10.0 allows unauthenticated attackers to bypass the RuleBasedAuthorizationPlugin due to insufficient input validation in permission rule enforcement. This vulnerability affects only deployments using multiple roles with specific predefined permissions like config-read, config-edit, schema-read, metrics-read, or security-read without the "all" permission rule defined. Successful exploitation grants attackers unauthorized access to sensitive Solr APIs, potentially exposing configuration and security data.

Apache Solr Redhat
CVE-2026-21852 HIGH CVSS 7.5
Claude Code versions prior to 2.0.65 allow attackers to steal Anthropic API keys from users by crafting malicious repositories that redirect API calls to attacker-controlled servers before the trust confirmation dialog appears. When a victim opens an infected repository, the tool automatically reads malicious configuration settings and sends API requests containing credentials before displaying any security prompt, enabling credential theft. Users should upgrade to version 2.0.65 or later, though auto-update users have already received the patch.

Authentication Bypass AI / ML Claude Code
CVE-2026-0834 HIGH CVSS 8.8
Unauthenticated adjacent network attackers can exploit a logic vulnerability in the TDDP module of TP-Link Archer C20 v6.0 and Archer AX53 v1.0 to execute administrative commands such as factory reset and device reboot without credentials. This allows attackers to cause loss of device configuration and service disruption on vulnerable routers. No patch is currently available for this high-severity vulnerability affecting both router models.

TP-Link Archer C20 Firmware Archer Ax53 Firmware
CVE-2025-70651 HIGH CVSS 7.5
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1803 Firmware Tenda
CVE-2025-70650 HIGH CVSS 7.5
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware Tenda
CVE-2025-70648 HIGH CVSS 7.5
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_727F4 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1803 Firmware Tenda
CVE-2025-70646 HIGH CVSS 7.5
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_72290 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1803 Firmware Tenda
CVE-2025-70645 HIGH CVSS 7.5
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetWifiMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware Tenda
CVE-2025-70644 HIGH CVSS 7.5
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the time parameter of the sub_60CFC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware Tenda
CVE-2025-68141 HIGH CVSS 7.4
EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a `DC_ChargeLoopRes` message that includes Receipt as well as TaxCosts, the vector `<DetailedTax>tax_costs` in the target `Receipt` structure is accessed out of bounds. [CVSS 7.4 HIGH]

Null Pointer Dereference Deserialization Everest
CVE-2025-68137 HIGH CVSS 8.3
EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in `SdpPacket::parse_header()` allows the current buffer length to be set to 7 after a complete header of size 8 has been read. [CVSS 8.3 HIGH]

Buffer Overflow Integer Overflow Everest
CVE-2025-68136 HIGH CVSS 7.4
EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like `Session`, `IConnection` which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, without closing and destroying the previous ones. Previous `Session` is not saved and the usage of an `unique_ptr` is lost, destroying connection data. Latter, if the used socket and therefore file des...

Null Pointer Dereference Everest
CVE-2025-68134 HIGH CVSS 7.4
EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the `assert` function to handle errors frequently causes the module to crash. [CVSS 7.4 HIGH]

Denial Of Service Everest
CVE-2025-68133 HIGH CVSS 7.4
EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. [CVSS 7.4 HIGH]

Tls Everest
CVE-2025-66960 HIGH CVSS 7.5
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata [CVSS 7.5 HIGH]

Denial Of Service AI / ML Ollama Redhat Suse
CVE-2025-66959 HIGH CVSS 7.5
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder [CVSS 7.5 HIGH]

Denial Of Service AI / ML Ollama Redhat Suse
CVE-2025-13878 HIGH CVSS 7.5
to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 versions up to 9.18.43 is affected by reachable assertion (CVSS 7.5).

Dns Redhat Suse
CVE-2021-47887 HIGH CVSS 7.8
OkiJaSvc service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
CVE-2021-47886 HIGH CVSS 7.8
PingzapperSvc service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
CVE-2021-47884 HIGH CVSS 7.8
OKI Local Port Manager service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
CVE-2021-47883 HIGH CVSS 7.8
SbieSvc service contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).

Code Injection
CVE-2021-47882 HIGH CVSS 7.8
its Windows service configuration contains a vulnerability that allows attackers to execute arbitrary code (CVSS 7.8).

Windows
CVE-2021-47880 HIGH CVSS 7.8
Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. [CVSS 7.8 HIGH]

Information Disclosure
CVE-2021-47879 HIGH CVSS 7.8
eBeam Stylus Driver service contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 7.8).

Code Injection
CVE-2021-47878 HIGH CVSS 7.8
eBeam Device Service contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 7.8).

Code Injection
CVE-2021-47877 HIGH CVSS 7.5
GeoGebra Graphing Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer. [CVSS 7.5 HIGH]

Denial Of Service
CVE-2021-47876 HIGH CVSS 7.5
GeoGebra Classic 5.0.631.0-d contains a denial of service vulnerability in the input field that allows attackers to crash the application by sending oversized buffer content. [CVSS 7.5 HIGH]

Denial Of Service
CVE-2021-47874 HIGH CVSS 7.8
GVFS.Service Windows service contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).

Windows
CVE-2021-47873 HIGH CVSS 7.2
VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'v_interface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload. [CVSS 7.2 HIGH]

XSS
CVE-2021-47872 HIGH CVSS 7.1
SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' parameter. [CVSS 7.1 HIGH]

PHP SQLi
CVE-2021-47871 HIGH CVSS 8.8
Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. [CVSS 8.8 HIGH]

PHP Ssh
CVE-2021-47869 HIGH CVSS 7.8
BRA_Scheduler service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
CVE-2021-47868 HIGH CVSS 7.8
WPCommandFileService contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 7.8).

Code Injection
CVE-2021-47867 HIGH CVSS 7.8
ScheduleService contains a vulnerability that allows attackers to potentially execute code with elevated system privileges (CVSS 7.8).

Code Injection
CVE-2021-47866 HIGH CVSS 7.8
GuardTourService contains a vulnerability that allows attackers to potentially execute code with elevated system privileges (CVSS 7.8).

WordPress Code Injection
CVE-2021-47865 HIGH CVSS 7.5
ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access. [CVSS 7.5 HIGH]

Denial Of Service Suse
CVE-2021-47864 HIGH CVSS 7.8
OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. [CVSS 7.8 HIGH]

Code Injection
CVE-2021-47863 HIGH CVSS 7.8
its Encrypto Service configuration contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

Windows
CVE-2021-47862 HIGH CVSS 7.8
HiPatchService contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).
CVE-2021-47861 HIGH CVSS 7.8
Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
CVE-2021-47859 HIGH CVSS 7.8
ac.sharedstore service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
CVE-2021-47858 HIGH CVSS 7.2
Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting vulnerability in the 'start_addr' parameter of the Security Management interface. [CVSS 7.2 HIGH]

XSS
CVE-2021-47857 HIGH CVSS 7.2
Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. [CVSS 7.2 HIGH]

Moodle XSS
CVE-2021-47855 HIGH CVSS 7.2
Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. [CVSS 7.2 HIGH]

XSS
CVE-2021-47852 HIGH CVSS 8.8
Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. [CVSS 8.8 HIGH]

Privilege Escalation
CVE-2021-47850 HIGH CVSS 7.5
Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. [CVSS 7.5 HIGH]

Path Traversal Mini Mouse
CVE-2021-47848 HIGH CVSS 8.2
Blitar Tourism 1.0 contains an authentication bypass vulnerability that allows attackers to bypass login by injecting SQL code through the username parameter. [CVSS 8.2 HIGH]

SQLi Authentication Bypass
CVE-2021-47846 HIGH CVSS 8.2
Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting multiple login pages that allows unauthenticated attackers to bypass authentication. [CVSS 8.2 HIGH]

SQLi Authentication Bypass
CVE-2021-47802 HIGH CVSS 7.5
D151 Firmware versions up to - is affected by missing authentication for critical function (CVSS 7.5).

Authentication Bypass D151 Firmware D301 Firmware
CVE-2021-47778 HIGH CVSS 7.2
GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server. [CVSS 7.2 HIGH]

PHP RCE Code Injection Getsimplecms
CVE-2021-47770 HIGH CVSS 8.8
OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. [CVSS 8.8 HIGH]

RCE
CVE-2021-47746 HIGH CVSS 7.5
NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. [CVSS 7.5 HIGH]

Path Traversal
CVE-2026-24047 MEDIUM CVSS 6.3
The resolveSafeChildPath function in Backstage's backend-plugin-api prior to version 0.1.17 improperly validates symlink chains and dangling symlinks, allowing authenticated attackers to bypass path traversal protections used by Scaffolder actions and other backend components. An attacker with low privileges could exploit this to access files outside the intended directory boundaries by chaining intermediate symlinks or creating symlinks pointing to non-existent paths that are later materialized during file operations. This affects Backstage installations relying on the vulnerable path validation function for security isolation.

Path Traversal Redhat
CVE-2026-23990 MEDIUM CVSS 5.3
Flux Operator versions 0.36.0 through 0.39.x contain an authentication bypass in the Web UI that allows authenticated users to escalate privileges and execute API requests with the operator's service account permissions. The vulnerability affects deployments where OIDC providers issue incomplete token claims or custom CEL expressions evaluate to empty values, bypassing Kubernetes RBAC impersonation controls. Cluster administrators running affected Flux Operator versions should upgrade to 0.40.0 or later.

Golang Kubernetes Privilege Escalation Information Disclosure Flux Operator
CVE-2026-23968 MEDIUM CVSS 5.5
Copier versions before 9.11.2 allow local attackers to read arbitrary files outside the template directory by exploiting symlink handling when the default `_preserve_symlinks: false` setting is enabled, bypassing the library's safety guarantees for templates that don't require the unsafe flag. An attacker with local access can leverage this to access sensitive files through a malicious or compromised template. Public exploit code exists for this vulnerability.

Information Disclosure Copier
CVE-2026-23960 MEDIUM CVSS 5.4
Stored XSS in Argo Workflows artifact directory listing (versions prior to 3.6.17 and 3.7.8) allows workflow authors to inject malicious JavaScript that executes in other users' browsers under the Argo Server origin. An attacker can leverage the victim's session to perform API actions and access resources with their privileges. Public exploit code exists for this vulnerability; patched versions are available.

Golang Kubernetes XSS Argo Workflows Redhat
CVE-2026-23955 MEDIUM CVSS 4.2
Everest EV charging software prior to version 2025.9.0 contains an improper pointer arithmetic flaw in error handling where integer values are concatenated to strings, allowing local operators with high privileges to read sensitive memory regions including heap and stack data. Public exploit code exists for this vulnerability. The flaw requires user interaction and is resolved in version 2025.9.0, though patches remain unavailable for affected earlier versions.

Information Disclosure Everest
CVE-2026-23630 MEDIUM CVSS 5.4
Stored XSS in Docmost 0.3.0-0.23.2 allows authenticated users to execute arbitrary JavaScript in the browsers of document viewers through malicious Mermaid diagram code blocks. The vulnerability exists because unsanitized SVG/HTML output from Mermaid rendering is directly injected into the DOM, and Mermaid's security controls can be disabled via diagram directives. Public exploit code exists for this vulnerability, which is fixed in version 0.24.0.

XSS Docmost
CVE-2026-23516 MEDIUM CVSS 5.4
CVAT is an open source interactive video and image annotation tool for computer vision. [CVSS 5.4 MEDIUM]

RCE AI / ML Computer Vision Annotation Tool
CVE-2026-23499 MEDIUM CVSS 5.4
Authenticated staff users in Saleor e-commerce platform versions 3.0.0 through 3.22.26 can upload malicious HTML and SVG files containing JavaScript that execute in users' browsers when served from the same domain as the dashboard, potentially allowing token theft. An attacker with staff privileges could craft script injections to compromise other staff members' sessions and access tokens. This vulnerability affects deployments where media files are hosted on the same domain as the dashboard and patches are available in versions 3.20.108, 3.21.43, and 3.22.27.

File Upload XSS Saleor
CVE-2026-22977 MEDIUM CVSS 5.5
A null pointer dereference in the Linux kernel's socket error queue handling causes a denial of service when CONFIG_HARDENED_USERCOPY is enabled and applications attempt to retrieve error messages via recvmsg(). Local attackers with user privileges can trigger a kernel panic by reading from the socket error queue on affected systems running vulnerable kernel versions.

Linux Denial Of Service Linux Kernel Redhat Suse
CVE-2026-22976 MEDIUM CVSS 5.5
A null pointer dereference in the Linux kernel's QFQ packet scheduler (net/sched/sch_qfq) allows local attackers with user privileges to cause a denial of service by deactivating an inactive aggregate during qdisc reset operations. The vulnerability occurs when multiple QFQ qdisc instances share a leaf qdisc, causing incorrect state assumptions during cleanup. A patch is available to resolve this issue.

Linux Null Pointer Dereference Linux Kernel Redhat Suse
CVE-2026-22849 MEDIUM CVSS 4.8
Saleor is an e-commerce platform. [CVSS 4.8 MEDIUM]

XSS Saleor
CVE-2026-22808 MEDIUM CVSS 5.4
fleetdm/fleet is open source device management software. [CVSS 5.4 MEDIUM]

Windows XSS Fleet Suse
CVE-2026-20109 MEDIUM CVSS 4.8
Stored XSS vulnerabilities in Cisco Packaged CCE and Unified CCE web management interfaces allow authenticated attackers to inject malicious scripts by exploiting insufficient input validation. Successful exploitation enables arbitrary script execution within the management interface context or theft of sensitive browser-based information from authorized users. No patch is currently available; exploitation requires high-level privileges and user interaction.

Cisco XSS
CVE-2026-20092 MEDIUM CVSS 6.0
Improper file permissions in Cisco Intersight Virtual Appliance's maintenance shell allow authenticated administrators to escalate privileges to root and gain full control of the system. An attacker with local administrative access can manipulate configuration files to bypass intended privilege restrictions, potentially compromising sensitive data and workload configurations. No patch is currently available for this vulnerability.

Cisco Denial Of Service
CVE-2026-20080 MEDIUM CVSS 5.3
SSH service disruption in Cisco IEC6400 Wireless Backhaul Edge Compute Software allows unauthenticated remote attackers to trigger denial of service through connection flooding due to missing rate limiting protections. An attacker can render the SSH service unresponsive by launching a DoS attack against the SSH port, though other device operations remain functional during the attack. No patch is currently available.

Cisco Ssh Denial Of Service
CVE-2026-20055 MEDIUM CVSS 4.8
Stored XSS vulnerabilities in Cisco Packaged CCE and Unified CCE web management interfaces allow authenticated attackers to inject malicious scripts that execute in the context of other users' browsers, potentially enabling session hijacking or sensitive data theft. The vulnerability stems from inadequate input validation on specific interface pages and requires high-privilege account access and user interaction to exploit. No patch is currently available for this medium-severity issue (CVSS 4.8).

Cisco XSS
CVE-2026-0663 MEDIUM CVSS 4.9
M-Files Server before version 26.1.15632.3 can be crashed by authenticated administrators with vault privileges through an unsafe API endpoint, resulting in service disruption. This denial-of-service vulnerability requires high-level privileges and network access, making it a limited-scope threat to organizations running vulnerable versions. No patch is currently available.

Denial Of Service M Files Server
CVE-2025-69285 MEDIUM CVSS 6.1
SQLBot is an intelligent data query system based on a large language model and RAG. [CVSS 6.1 MEDIUM]

PostgreSQL AI / ML Sqlbot
CVE-2025-68140 MEDIUM CVSS 4.3
EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. [CVSS 4.3 MEDIUM]

Authentication Bypass Everest
CVE-2025-68139 MEDIUM CVSS 4.3
EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for `terminate_connection_on_failed_response` is `False`, which leaves the responsibility for session and connection termination to the EV. [CVSS 4.3 MEDIUM]

Information Disclosure Everest
CVE-2025-68138 MEDIUM CVSS 4.7
Libocpp versions up to 0.30.1 is affected by allocation of resources without limits or throttling (CVSS 4.7).

Denial Of Service Libocpp
CVE-2025-68135 MEDIUM CVSS 6.5
EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by the `TbdController` loop, leading to its caller and itself to silently terminates. [CVSS 6.5 MEDIUM]

Denial Of Service Everest
CVE-2025-68132 MEDIUM CVSS 4.6
EVerest is an EV charging software stack. Prior to version 2025.12.0, `is_message_crc_correct` in the DZG_GSH01 powermeter SLIP parser reads `vec[vec.size()-1]` and `vec[vec.size()-2]` without checking that at least two bytes are present. [CVSS 4.6 MEDIUM]

Denial Of Service Everest
CVE-2025-57681 MEDIUM CVSS 5.4
The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. [CVSS 5.4 MEDIUM]

Jira XSS Worklogpro
CVE-2025-14559 MEDIUM CVSS 6.5
A flaw was found in the keycloak-services component of Keycloak. [CVSS 6.5 MEDIUM]

Authentication Bypass Redhat
CVE-2025-13465 MEDIUM CVSS 5.3
Lodash versions up to 4.17.22 is affected by improperly controlled modification of object prototype attributes (prototype pollution) (CVSS 5.3).

Code Injection Lodash Redhat Suse
CVE-2025-12781 MEDIUM CVSS 5.3
When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. [CVSS 5.3 MEDIUM]

Python Redhat Suse
CVE-2021-47870 MEDIUM CVSS 5.4
GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using htmlspecialchars(), but this can be bypassed by passing dangerous characters as escaped hex bytes. [CVSS 5.4 MEDIUM]

XSS Getsimplecms
CVE-2021-47860 MEDIUM CVSS 5.3
GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. [CVSS 5.3 MEDIUM]

XSS CSRF Getsimplecms
CVE-2021-47849 MEDIUM CVSS 6.2
Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulating file path parameters in API requests. [CVSS 6.2 MEDIUM]

Path Traversal Mini Mouse
CVE-2021-47830 MEDIUM CVSS 6.5
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. [CVSS 6.5 MEDIUM]

RCE CSRF Getsimplecms
CVE-2021-47817 MEDIUM CVSS 5.4
OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript through user profile parameters. [CVSS 5.4 MEDIUM]

XSS Openemr
CVE-2026-24048 LOW CVSS 3.5
Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the `FetchUrlReader` component, used by the catalog and other plugins to fetch content from URLs, followed HTTP redirects automatically. This allowed an attacker who controls a host listed in `backend.reading.allow` to redirect requests to internal or sensitive U...

SSRF Open Redirect
CVE-2026-23996 LOW CVSS 3.7
FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verify_key(). [CVSS 3.7 LOW]

Information Disclosure
CVE-2026-22598 None
ManageIQ is an open-source management platform. A flaw was found in the ManageIQ API prior to version radjabov-2 where a malformed TimeProfile could be created causing later UI and API requests to timeout leading to a Denial of Service.

Denial Of Service
CVE-2026-1290 None
Authentication Bypass by Primary Weakness vulnerability in Jamf Jamf Pro allows unspecified impact.This issue affects Jamf Pro: from 11.20 through 11.24.

Authentication Bypass
CVE-2026-1035 LOW CVSS 3.1
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. [CVSS 3.1 LOW]

Authentication Bypass
CVE-2026-0988 LOW CVSS 3.7
A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. [CVSS 3.7 LOW]

Buffer Overflow Integer Overflow Denial Of Service
CVE-2025-69209 None
ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large `decimalPlaces` values to the affected String constructors or concat methods, the `dtostrf` function writes beyond fixed-size stack buffers, causing memory corruption and denial of service. Under speci...

Github Buffer Overflow Stack Overflow Memory Corruption Denial Of Service
CVE-2025-14083 LOW CVSS 2.7
A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control. [CVSS 2.7 LOW]

Privilege Escalation Authentication Bypass

Today's Vulnerabilities Vulnerabilities