Skip to main content
CVE-2026-23760 CRITICAL POC KEV THREAT Emergency

SmarterTools SmarterMail prior to build 9511 contains a critical authentication bypass in the password reset API (CVE-2026-23760) that allows unauthenticated attackers to reset system administrator passwords without verification. With EPSS 65% and KEV listing, this trivially exploitable vulnerability enables complete email server takeover, compromising all hosted mailboxes and organizational communications.

Authentication Bypass Smartermail
NVD
CVSS 3.1
9.8
EPSS
65.4%
Threat
6.9
CVE-2025-69764 CRITICAL POC Act Now

Tenda AX3 firmware has another stack-based buffer overflow in formGetIptv through a different input path, enabling remote code execution.

RCE Buffer Overflow Stack Overflow Memory Corruption Ax3 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24124 CRITICAL POC PATCH Act Now

Dragonfly P2P file distribution system versions 2.4.1-rc.0 and below have a missing authentication vulnerability allowing unauthenticated access to the management API.

Authentication Bypass Dragonfly Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-23958 CRITICAL POC Act Now

DataEase data visualization tool prior to 2.10.19 uses MD5-hashed passwords without salting, allowing attackers to crack credentials and gain unauthorized access.

Authentication Bypass Dataease
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-56590 CRITICAL POC Act Now

Apryse HTML2PDF SDK through version 11.10 has a command injection vulnerability in the InsertFromURL function allowing remote code execution when converting HTML to PDF.

Command Injection Html2pdf
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-23873 CRITICAL POC Act Now

HUSTOJ online judge system has a CSV injection vulnerability in all versions that allows code execution through crafted submissions exported to spreadsheets.

Linux PHP MySQL Hustoj
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-1324 HIGH POC This Week

Operation And Maintenance Security Management System versions up to 3.0.12. is affected by command injection (CVSS 8.8).

SSH Command Injection Operation And Maintenance Security Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-1328 HIGH POC This Week

Buffer overflow in Totolik NR1800X firmware allows authenticated remote attackers to achieve complete system compromise through malformed SSID parameters in the setWizardCfg POST handler. Public exploit code is available and no patch has been released, leaving affected devices vulnerable to remote code execution. This vulnerability requires valid credentials but presents critical risk given the device's network exposure and lack of mitigation options.

Buffer Overflow Nr1800x Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-1329 HIGH POC This Week

Stack-based buffer overflow in Tenda AX1803 firmware version 1.0.0.1 allows unauthenticated remote attackers to execute arbitrary code by manipulating guest network parameters in the /goform/WifiGuestSet function. Public exploit code exists for this vulnerability, and no patch is currently available. This affects devices running the vulnerable firmware with network-accessible management interfaces.

Buffer Overflow Stack Overflow Ax1803 Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-7335 HIGH POC This Week

Arbitrary file read in EduSoho versions prior to 22.4.7 lets a remote, unauthenticated attacker retrieve any file on the server through the classroom-course-statistics export feature. By injecting path-traversal sequences into the fileNames[] parameter, an attacker can pull sensitive files such as config/parameters.yml, exposing database credentials and application secrets. Publicly available exploit code exists, and the Shadowserver Foundation reported observing exploitation evidence on 2026-01-19, though the flaw is not listed as CISA KEV in the provided data; EPSS remains low at 0.13%.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-23954 HIGH POC PATCH This Week

Incus is a system container and virtual machine manager. [CVSS 8.7 HIGH]

Path Traversal Incus Suse
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-23953 HIGH POC PATCH This Week

Incus contains a vulnerability that allows attackers to adding arbitrary lifecycle hooks, ultimately resulting in arbitrary command exec (CVSS 8.7).

Code Injection Incus Suse
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-24038 HIGH POC This Week

Horilla HRMS versions prior to 1.5.0 allow authenticated attackers to bypass two-factor authentication due to improper OTP validation that treats missing OTP fields as valid when the OTP has expired. Public exploit code exists for this vulnerability, enabling attackers with user credentials to gain unauthorized access to accounts, particularly administrative accounts with access to sensitive HR data and employee records. An attacker exploiting this flaw could manipulate employee information and compromise system-wide operations.

Authentication Bypass Horilla
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-24129 HIGH POC PATCH This Week

Runtipi versions 3.7.0 through 4.6.x suffer from arbitrary command execution when authenticated users upload backups with malicious filenames containing shell metacharacters, which the BackupManager fails to sanitize before executing restore operations. An attacker with valid credentials can craft a backup filename like $(id).tar.gz to achieve remote code execution on the host server with the privileges of the Runtipi process. Public exploit code exists for this vulnerability, and patches are available in version 4.7.0 and later.

Docker Runtipi
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-24010 HIGH POC This Week

Horilla versions up to 1.5.0 contains a vulnerability that allows attackers to deploy phishing attacks (CVSS 8.0).

File Upload Horilla
NVD GitHub
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-67221 HIGH POC PATCH GHSA This Week

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents. [CVSS 7.5 HIGH]

Denial Of Service Orjson Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-56589 HIGH POC This Week

A Local File Inclusion (LFI) and a Server-Side Request Forgery (SSRF) vulnerability was found in the InsertFromHtmlString() function of the Apryse HTML2PDF SDK thru 11.6.0. [CVSS 7.5 HIGH]

SSRF Html2pdf Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-65098 HIGH POC PATCH This Week

Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. [CVSS 7.4 HIGH]

AI / ML Typebot
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-69822 HIGH POC This Week

An issue in Atomberg Atomberg Erica Smart Fan Firmware Version: V1.0.36 allows an attacker to obtain sensitive information and escalate privileges via a crafted deauth frame [CVSS 7.4 HIGH]

Information Disclosure Erica Smart Fan Firmware
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-69821 HIGH POC This Week

Vega Smartwatch Firmware versions up to rb303atv006229 is affected by improper resource shutdown or release (CVSS 7.4).

Denial Of Service Vega Smartwatch Firmware
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-23988 HIGH POC PATCH This Week

Arbitrary code execution with Administrator privileges in Rufus versions 4.11 and below due to a race condition in PowerShell script handling within the %TEMP% directory. A local attacker can replace the legitimate Fido script with malicious code between file creation and execution, since Rufus runs elevated but writes to a world-writable location without file locking. Public exploit code exists for this vulnerability, which is fixed in version 4.12_BETA.

Race Condition Rufus
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-23946 MEDIUM POC PATCH This Month

Remote code execution in Tendenci CMS versions 15.3.11 and below allows authenticated staff users to execute arbitrary code through unsafe pickle deserialization in the Helpdesk module's reporting function. The vulnerability stems from incomplete patching of CVE-2020-14942, where the run_report() function continues to use unsafe pickle.loads() despite the ticket_list() function being corrected. Public exploit code exists for this issue, though impact is limited to the privileges of the application's runtime user.

Python RCE Deserialization Tendenci
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2025-69612 MEDIUM POC This Month

A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. [CVSS 6.5 MEDIUM]

Path Traversal Tms Management Console
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-70899 MEDIUM POC This Month

Online Course Registration versions up to 3.1 is affected by cross-site request forgery (csrf) (CVSS 6.5).

CSRF Online Course Registration
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23952 MEDIUM POC PATCH This Month

ImageMagick and Magick.NET versions 14.10.1 and below are vulnerable to denial of service attacks through a null pointer dereference in the MSL parser when processing malformed comment tags, exploitable by authenticated attackers without user interaction. Public exploit code exists for this vulnerability, and affected systems may crash or experience assertion failures depending on build configuration. No patch is currently available to address this medium-severity issue.

Null Pointer Dereference Denial Of Service Magick.Net Imagemagick Red Hat +1
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-69828 CRITICAL Act Now

TMS Management Console v6.3.7 has a CVSS 10.0 arbitrary file upload vulnerability allowing remote attackers to execute arbitrary code on the server without authentication.

Golang
NVD GitHub
CVSS 3.1
10.0
EPSS
0.4%
CVE-2025-69820 MEDIUM POC PATCH This Month

Directory Traversal vulnerability in Beam beta9 v.0.1.521 allows a remote attacker to obtain sensitive information via the joinCleanPath function. [CVSS 6.0 MEDIUM]

Path Traversal Beta9 Suse
NVD GitHub
CVSS 3.1
6.0
EPSS
0.2%
CVE-2025-68001 CRITICAL Act Now

g-FFL Checkout WordPress plugin has an unrestricted file upload vulnerability allowing attackers to upload web shells for remote code execution.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-50002 CRITICAL Act Now

Farost Energia WordPress plugin allows unrestricted file upload enabling attackers to upload web shells and achieve remote code execution on the WordPress server.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-68986 CRITICAL Act Now

Miion WordPress theme by zozothemes has an unrestricted file upload vulnerability allowing unauthenticated web shell deployment and server compromise.

WordPress PHP RCE
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-68910 CRITICAL Act Now

Blogzee WordPress theme by blazethemes has an unrestricted file upload vulnerability — the fourth blazethemes product affected by the same shared vulnerable upload component.

WordPress PHP RCE
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-68909 CRITICAL Act Now

Blogistic WordPress theme by blazethemes has an unrestricted file upload vulnerability enabling attackers to deploy web shells for persistent server access.

WordPress PHP RCE
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-67968 CRITICAL Act Now

Real Homes CRM WordPress plugin has an unrestricted file upload allowing web shell deployment for persistent remote code execution.

WordPress PHP RCE
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-62056 CRITICAL Act Now

News Event WordPress theme by blazethemes has an unrestricted file upload allowing web shell deployment and remote code execution.

WordPress PHP RCE
NVD
CVSS 3.1
9.9
EPSS
0.0%
CVE-2025-62050 CRITICAL Act Now

Blogmatic WordPress theme by blazethemes has an unrestricted file upload vulnerability allowing attackers to upload web shells for persistent server access.

WordPress PHP RCE
NVD
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-1331 CRITICAL Act Now

HAMASTAR MeetingHub has an arbitrary file upload vulnerability allowing unauthenticated remote attackers to upload web shells and achieve full server compromise.

File Upload RCE Meetinghub Paperless Meetings
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-69101 CRITICAL Act Now

Workreap Core WordPress plugin has an authentication bypass allowing unauthenticated users to access protected functionality through an alternate authentication path.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24306 CRITICAL PATCH Act Now

Azure Front Door has an improper access control vulnerability (CVSS 9.8) allowing unauthorized attackers to elevate privileges through the CDN and WAF infrastructure.

Azure Azure Front Door
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-69052 CRITICAL Act Now

FmeAddons Registration & Login with Mobile Phone Number for WooCommerce has a missing authorization vulnerability allowing unauthenticated access to protected functionality.

WordPress PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-68869 CRITICAL Act Now

LazyTasks project management WordPress plugin has an incorrect privilege assignment vulnerability allowing low-privileged users to escalate to administrator, gaining full site control.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-69079 CRITICAL Act Now

ThemeREX Sound/musicplace WordPress theme has an insecure deserialization vulnerability enabling PHP object injection and potential remote code execution.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-67617 CRITICAL Act Now

Consult Aid WordPress theme has an insecure deserialization vulnerability allowing object injection that can lead to remote code execution.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-64097 CRITICAL PATCH Act Now

NervesHub OTA firmware management has a weak random number generation vulnerability that allows attackers to predict firmware update tokens and push malicious updates.

Authentication Bypass Nerveshub
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-0920 CRITICAL Act Now

LA-Studio Element Kit for Elementor WordPress plugin allows unauthenticated admin user creation, enabling complete WordPress site takeover.

WordPress
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24058 CRITICAL PATCH Act Now

Soft Serve self-hosted Git server versions 0.11.2 and below have a critical authentication bypass that allows unauthenticated access to private repositories.

SSH Authentication Bypass Soft Serve Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-24049 MEDIUM POC PATCH This Month

Malicious wheel files can modify file permissions on critical system files during extraction in Python wheel versions 0.40.0-0.46.1, enabling attackers to alter SSH keys, configuration files, or executable scripts. This path traversal and permission manipulation flaw affects systems unpacking untrusted wheels and can lead to privilege escalation or arbitrary code execution. Public exploit code exists for this vulnerability, though a patch is available in version 0.46.2.

Python Privilege Escalation Wheel RCE Path Traversal
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23951 MEDIUM POC This Month

SumatraPDF on Windows is vulnerable to a denial-of-service attack through a maliciously crafted Mobi file that triggers an integer underflow in record validation, causing an out-of-bounds heap read and application crash. The vulnerability stems from an off-by-one error in the PalmDbReader::GetRecord function that only occurs with exactly 2 records, and public exploit code is available. No patch has been released at this time.

Windows Integer Overflow Denial Of Service Sumatrapdf
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-24042 CRITICAL Act Now

Appsmith platform version 1.94 and below has a missing authorization vulnerability that allows unauthenticated access to publicly deployed applications' internal APIs.

Information Disclosure Appsmith
NVD GitHub
CVSS 3.1
9.4
EPSS
0.1%
CVE-2025-54816 CRITICAL Act Now

A WebSocket endpoint lacks proper authentication, allowing unauthenticated users to connect and interact with real-time data streams and server-side functionality.

Privilege Escalation Evmapa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.1%
CVE-2025-68018 CRITICAL Act Now

Order Listener for WooCommerce has a missing authorization vulnerability enabling unauthenticated access to order data and administrative functions.

WordPress Authentication Bypass
NVD
CVSS 3.1
9.4
EPSS
0.1%
Page 1 of 10 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy