Skip to main content
CVE-2026-24061 CRITICAL POC KEV PATCH THREAT Act Now

GNU Inetutils telnetd through version 2.7 contains a critical authentication bypass that allows remote attackers to gain root access by setting the USER environment variable to '-f root' during TELNET negotiation. With EPSS 75% and KEV listing, this trivially exploitable vulnerability (CVE-2026-24061) has been widely weaponized. Public PoC is available and patches exist.

Authentication Bypass Debian Linux Inetutils Suse
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
75.3%
Threat
7.2
CVE-2021-47851 CRITICAL POC Act Now

Mini Mouse 9.2.0 remote control application has an RCE vulnerability allowing attackers to execute arbitrary OS commands through the remote control protocol.

RCE Mini Mouse
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-47748 CRITICAL POC Act Now

Hasura GraphQL 1.3.3 has a remote code execution vulnerability allowing attackers to execute arbitrary shell commands through the GraphQL endpoint.

PostgreSQL RCE Graphql Engine
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-69766 CRITICAL POC Act Now

Tenda AX3 firmware has a third stack-based buffer overflow in formGetIptv, allowing unauthenticated remote code execution through the router's web interface.

RCE Buffer Overflow Stack Overflow Memory Corruption Ax3 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-69763 CRITICAL POC Act Now

Tenda AX3 firmware has a second stack overflow in formSetIptv via the vlanId parameter, allowing remote code execution through the IPTV configuration endpoint.

RCE Stack Overflow Memory Corruption Ax3 Firmware Tenda
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-69762 CRITICAL POC Act Now

Tenda AX3 firmware v16.03.12.11 has a stack overflow in formSetIptv via the list parameter, enabling remote attackers to crash the router or execute arbitrary code.

RCE Stack Overflow Memory Corruption Ax3 Firmware Tenda
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2021-47854 CRITICAL POC Act Now

DD-WRT firmware version 45723 has a buffer overflow in the UPnP network discovery service allowing remote attackers to execute code on the router without authentication.

Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2021-47875 CRITICAL POC Act Now

GeoGebra CAS Calculator 6.0.631.0 has a denial of service vulnerability that crashes the application through uncontrolled resource consumption triggered by crafted mathematical expressions.

Buffer Overflow Denial Of Service
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-22792 CRITICAL POC Act Now

5ire AI assistant desktop application prior to version 0.10.0 has an output encoding vulnerability that allows malicious AI model responses to execute code through the Electron renderer.

XSS 5ire
NVD GitHub
CVSS 3.1
9.6
EPSS
0.4%
CVE-2026-22793 CRITICAL POC Act Now

5ire MCP client prior to version 0.10.0 has a code injection vulnerability through MCP tool responses that enables arbitrary code execution on the user's desktop.

RCE 5ire
NVD GitHub
CVSS 3.1
9.6
EPSS
0.3%
CVE-2026-23524 CRITICAL PATCH Act Now

Laravel Reverb WebSocket server versions 1.6.3 and below have an insecure deserialization vulnerability enabling remote code execution on the backend server.

Redis Laravel RCE Deserialization Reverb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-15521 CRITICAL Act Now

Academy LMS WordPress plugin has a privilege escalation vulnerability allowing unauthenticated users to bypass access controls and gain elevated privileges on WordPress sites.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-22807 CRITICAL PATCH Act Now

Remote code execution in vLLM 0.10.1 through 0.13.x lets an attacker who controls the model repository or path run arbitrary Python on the inference host: vLLM auto-loads Hugging Face `auto_map` dynamic modules during model resolution without honoring the `trust_remote_code` safety gate, so attacker-supplied code executes at server startup before any request is processed and without API access. The flaw carries a CVSS 9.8 and is fixed in 0.14.0, with Red Hat shipping multiple RHSA errata; however EPSS is only 0.06% (17th percentile) and there is no public exploit identified at time of analysis, so exploitation hinges on an attacker first influencing which model is loaded. This is a code-injection (CWE-94) trust-boundary bypass rather than a remotely reachable network service bug despite the AV:N rating.

Python Vllm Code Injection RCE
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-23518 CRITICAL PATCH Act Now

Fleet device management software has a signature verification bypass that allows attackers to install malicious firmware on managed devices across the fleet.

Windows Azure Fleet Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-22822 CRITICAL PATCH Act Now

Cross-namespace secret disclosure in External Secrets Operator (versions 0.20.2 through 1.1.x) lets a low-privileged tenant who can author ExternalSecret resources abuse the `getSecretKey` template function to fetch secrets from other namespaces using the controller's own roleBinding, bypassing the operator's namespace-isolation safeguards. The function - originally added for the senhasegura DSM provider - was removed entirely in 1.2.0. There is no public exploit identified at time of analysis and EPSS is negligible (0.01%), but the authorization-bypass primitive is straightforward for any tenant with ExternalSecret create rights.

Kubernetes External Secrets Operator Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy