Skip to main content
CVE-2026-20045 HIGH KEV THREAT Act Now

Cisco Unified Communications Manager and related products contain a code injection vulnerability (CVE-2026-20045) that allows unauthenticated remote attackers to execute arbitrary code. This KEV-listed vulnerability affects the core enterprise voice/video infrastructure including Unified CM, IM&P, Unity Connection, and Webex Calling Dedicated Instance, making it a high-priority threat for organizations dependent on Cisco collaboration tools.

Cisco Unity Connection Unified Communications Manager Unified Communications Manager Im And Presence Service
NVD VulDB
CVSS 3.1
8.2
EPSS
1.0%
CVE-2021-47770 HIGH POC This Week

OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. [CVSS 8.8 HIGH]

RCE
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-47871 HIGH POC This Week

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. [CVSS 8.8 HIGH]

PHP SSH
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2021-47852 HIGH POC This Week

Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. [CVSS 8.8 HIGH]

Privilege Escalation
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-68137 HIGH POC This Week

EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in `SdpPacket::parse_header()` allows the current buffer length to be set to 7 after a complete header of size 8 has been read. [CVSS 8.3 HIGH]

Buffer Overflow Integer Overflow Everest
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2021-47846 HIGH POC This Week

Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting multiple login pages that allows unauthenticated attackers to bypass authentication. [CVSS 8.2 HIGH]

SQLi Authentication Bypass
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.4%
CVE-2021-47848 HIGH POC This Week

Blitar Tourism 1.0 contains an authentication bypass vulnerability that allows attackers to bypass login by injecting SQL code through the username parameter. [CVSS 8.2 HIGH]

SQLi Authentication Bypass
NVD GitHub Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2021-47886 HIGH POC This Week

PingzapperSvc service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47869 HIGH POC This Week

BRA_Scheduler service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47887 HIGH POC This Week

OkiJaSvc service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47884 HIGH POC This Week

OKI Local Port Manager service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47882 HIGH POC This Week

its Windows service configuration contains a vulnerability that allows attackers to execute arbitrary code (CVSS 7.8).

Windows
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47880 HIGH POC This Week

Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. [CVSS 7.8 HIGH]

Information Disclosure
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47878 HIGH POC This Week

eBeam Device Service contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 7.8).

Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47874 HIGH POC This Week

GVFS.Service Windows service contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).

Windows
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47867 HIGH POC This Week

ScheduleService contains a vulnerability that allows attackers to potentially execute code with elevated system privileges (CVSS 7.8).

Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47866 HIGH POC This Week

GuardTourService contains a vulnerability that allows attackers to potentially execute code with elevated system privileges (CVSS 7.8).

WordPress Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47864 HIGH POC This Week

OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. [CVSS 7.8 HIGH]

Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47863 HIGH POC This Week

its Encrypto Service configuration contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

Windows
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47861 HIGH POC This Week

Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47859 HIGH POC This Week

ac.sharedstore service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47883 HIGH POC This Week

SbieSvc service contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).

Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47879 HIGH POC This Week

eBeam Stylus Driver service contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 7.8).

Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47868 HIGH POC This Week

WPCommandFileService contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 7.8).

Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47862 HIGH POC This Week

HiPatchService contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).

NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47850 HIGH POC This Week

Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. [CVSS 7.5 HIGH]

Path Traversal Mini Mouse
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-47802 HIGH POC This Week

D151 Firmware versions up to - is affected by missing authentication for critical function (CVSS 7.5).

Authentication Bypass D151 Firmware D301 Firmware
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-66960 HIGH POC This Week

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata [CVSS 7.5 HIGH]

Denial Of Service AI / ML Ollama Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-66959 HIGH POC This Week

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder [CVSS 7.5 HIGH]

Denial Of Service AI / ML Ollama Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-47746 HIGH POC This Week

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. [CVSS 7.5 HIGH]

Path Traversal
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-70648 HIGH POC This Week

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_727F4 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1803 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-70646 HIGH POC This Week

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_72290 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1803 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-70644 HIGH POC This Week

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the time parameter of the sub_60CFC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-70651 HIGH POC This Week

Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1803 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-70650 HIGH POC This Week

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-70645 HIGH POC This Week

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetWifiMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2021-47877 HIGH POC This Week

GeoGebra Graphing Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2021-47876 HIGH POC This Week

GeoGebra Classic 5.0.631.0-d contains a denial of service vulnerability in the input field that allows attackers to crash the application by sending oversized buffer content. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2021-47865 HIGH POC PATCH This Week

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access. [CVSS 7.5 HIGH]

Denial Of Service Suse
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2021-47778 HIGH POC This Week

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server. [CVSS 7.2 HIGH]

PHP RCE Code Injection Getsimplecms
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
1.1%
CVE-2025-68141 HIGH POC This Week

EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a `DC_ChargeLoopRes` message that includes Receipt as well as TaxCosts, the vector `<DetailedTax>tax_costs` in the target `Receipt` structure is accessed out of bounds. [CVSS 7.4 HIGH]

Null Pointer Dereference Deserialization Everest
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-68136 HIGH POC This Week

EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like `Session`, `IConnection` which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, without closing and destroying the previous ones. Previous `Session` is not saved and the usage of an `unique_ptr` is lost, destroying connection data. Latter, if the used socket and therefore file des...

Null Pointer Dereference Everest
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-68133 HIGH POC PATCH This Week

EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. [CVSS 7.4 HIGH]

TLS Everest
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-23960 HIGH POC PATCH This Week

Stored cross-site scripting in Argo Workflows (CNCF Kubernetes workflow engine) before 3.6.17 and 3.7.8 lets any authenticated workflow author plant malicious JavaScript that executes in another user's browser under the Argo Server origin, hijacking the victim's session to perform privileged API actions on their behalf. Public exploit details exist via the GitHub Security Advisory (GHSA-cv78-6m8q-ph82), but there is no public exploit identified as weaponized and no CISA KEV listing; EPSS is very low at 0.05% (16th percentile). The flaw is patched in 3.6.17 and 3.7.8.

Kubernetes XSS Argo Workflows
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.1%
CVE-2021-47873 HIGH POC This Week

VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'v_interface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload. [CVSS 7.2 HIGH]

XSS
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2021-47858 HIGH POC This Week

Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting vulnerability in the 'start_addr' parameter of the Security Management interface. [CVSS 7.2 HIGH]

XSS
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2021-47855 HIGH POC This Week

Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. [CVSS 7.2 HIGH]

XSS
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2021-47857 HIGH POC This Week

Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. [CVSS 7.2 HIGH]

Moodle XSS
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-23986 HIGH POC PATCH This Week

Copier versions prior to 9.11.2 allow local attackers to write arbitrary files outside the intended project destination directory by exploiting symlink handling combined with the _preserve_symlinks feature in ostensibly safe templates. A malicious template author can craft a project template that bypasses security controls without requiring unsafe flags, enabling arbitrary file overwrites within the user's write permissions. Public exploit code exists for this vulnerability.

Information Disclosure Copier
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2021-47872 HIGH POC This Week

SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' parameter. [CVSS 7.1 HIGH]

PHP SQLi
NVD GitHub Exploit-DB
CVSS 3.1
7.1
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy