Operation And Maintenance Security Management System versions up to 3.0.12. is affected by command injection (CVSS 8.8).
Buffer overflow in Totolik NR1800X firmware allows authenticated remote attackers to achieve complete system compromise through malformed SSID parameters in the setWizardCfg POST handler. Public exploit code is available and no patch has been released, leaving affected devices vulnerable to remote code execution. This vulnerability requires valid credentials but presents critical risk given the device's network exposure and lack of mitigation options.
Stack-based buffer overflow in Tenda AX1803 firmware version 1.0.0.1 allows unauthenticated remote attackers to execute arbitrary code by manipulating guest network parameters in the /goform/WifiGuestSet function. Public exploit code exists for this vulnerability, and no patch is currently available. This affects devices running the vulnerable firmware with network-accessible management interfaces.
Arbitrary file read in EduSoho versions prior to 22.4.7 lets a remote, unauthenticated attacker retrieve any file on the server through the classroom-course-statistics export feature. By injecting path-traversal sequences into the fileNames[] parameter, an attacker can pull sensitive files such as config/parameters.yml, exposing database credentials and application secrets. Publicly available exploit code exists, and the Shadowserver Foundation reported observing exploitation evidence on 2026-01-19, though the flaw is not listed as CISA KEV in the provided data; EPSS remains low at 0.13%.
Incus is a system container and virtual machine manager. [CVSS 8.7 HIGH]
Incus contains a vulnerability that allows attackers to adding arbitrary lifecycle hooks, ultimately resulting in arbitrary command exec (CVSS 8.7).
Horilla HRMS versions prior to 1.5.0 allow authenticated attackers to bypass two-factor authentication due to improper OTP validation that treats missing OTP fields as valid when the OTP has expired. Public exploit code exists for this vulnerability, enabling attackers with user credentials to gain unauthorized access to accounts, particularly administrative accounts with access to sensitive HR data and employee records. An attacker exploiting this flaw could manipulate employee information and compromise system-wide operations.
Runtipi versions 3.7.0 through 4.6.x suffer from arbitrary command execution when authenticated users upload backups with malicious filenames containing shell metacharacters, which the BackupManager fails to sanitize before executing restore operations. An attacker with valid credentials can craft a backup filename like $(id).tar.gz to achieve remote code execution on the host server with the privileges of the Runtipi process. Public exploit code exists for this vulnerability, and patches are available in version 4.7.0 and later.
Horilla versions up to 1.5.0 contains a vulnerability that allows attackers to deploy phishing attacks (CVSS 8.0).
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents. [CVSS 7.5 HIGH]
A Local File Inclusion (LFI) and a Server-Side Request Forgery (SSRF) vulnerability was found in the InsertFromHtmlString() function of the Apryse HTML2PDF SDK thru 11.6.0. [CVSS 7.5 HIGH]
Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. [CVSS 7.4 HIGH]
An issue in Atomberg Atomberg Erica Smart Fan Firmware Version: V1.0.36 allows an attacker to obtain sensitive information and escalate privileges via a crafted deauth frame [CVSS 7.4 HIGH]
Vega Smartwatch Firmware versions up to rb303atv006229 is affected by improper resource shutdown or release (CVSS 7.4).
Arbitrary code execution with Administrator privileges in Rufus versions 4.11 and below due to a race condition in PowerShell script handling within the %TEMP% directory. A local attacker can replace the legitimate Fido script with malicious code between file creation and execution, since Rufus runs elevated but writes to a world-writable location without file locking. Public exploit code exists for this vulnerability, which is fixed in version 4.12_BETA.
Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. [CVSS 8.8 HIGH]
Deserialization of Untrusted Data vulnerability in fuelthemes North north-wp allows Object Injection.This issue affects North: from n/a through <= 5.7.5. [CVSS 8.8 HIGH]
strongholdthemes Tech Life CPT techlife-cpt is affected by deserialization of untrusted data (CVSS 8.8).
strongholdthemes Dental Care CPT dentalcare-cpt is affected by deserialization of untrusted data (CVSS 8.8).
Deserialization of Untrusted Data vulnerability in designthemes OneLife onelife allows Object Injection.This issue affects OneLife: from n/a through <= 3.9. [CVSS 8.8 HIGH]
Deserialization of Untrusted Data vulnerability in AivahThemes Anona anona allows Object Injection.This issue affects Anona: from n/a through <= 8.0. [CVSS 8.8 HIGH]
Deserialization of Untrusted Data vulnerability in designthemes Vivagh vivagh allows Object Injection.This issue affects Vivagh: from n/a through <= 2.4. [CVSS 8.8 HIGH]
Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through <= 4.1.1. [CVSS 8.8 HIGH]
Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows Object Injection.This issue affects Kids Heaven: from n/a through <= 3.2. [CVSS 8.8 HIGH]
Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through <= 1.2.5. [CVSS 8.8 HIGH]
Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through <= 1.6.4. [CVSS 8.8 HIGH]
e-plugins Hospital Doctor Directory hospital-doctor-directory contains a security vulnerability (CVSS 8.8).
e-plugins Institutions Directory institutions-directory contains a security vulnerability (CVSS 8.8).
Incorrect Privilege Assignment vulnerability in e-plugins Lawyer Directory lawyer-directory allows Privilege Escalation.This issue affects Lawyer Directory: from n/a through <= 1.3.3. [CVSS 8.8 HIGH]
Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart allows Privilege Escalation.This issue affects xSmart: from n/a through <= 1.2.9.4. [CVSS 8.8 HIGH]
An issue with WordPress directory names in WebPros WordPress Toolkit versions up to 6.9.1 is affected by path traversal (CVSS 8.8).
Deserialization of Untrusted Data vulnerability in artbees JupiterX Core jupiterx-core allows Object Injection.This issue affects JupiterX Core: from n/a through <= 4.10.1. [CVSS 8.5 HIGH]
AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries. [CVSS 8.6 HIGH]
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through <= 1.9.9.5.4. [CVSS 8.1 HIGH]
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Harmonic Design HDForms hdforms allows Path Traversal.This issue affects HDForms: from n/a through <= 1.6.1. [CVSS 8.6 HIGH]
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ovatheme Movie Booking movie-booking allows Path Traversal.This issue affects Movie Booking: from n/a through <= 1.1.5. [CVSS 8.6 HIGH]
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through <= 8.0. [CVSS 8.6 HIGH]
Blind SQL injection in shinetheme Traveler versions before 3.2.8 enables authenticated attackers to extract sensitive database information through manipulated SQL queries. An attacker with valid credentials can exploit this vulnerability to read, modify, or delete arbitrary data with no user interaction required. No patch is currently available.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in themepassion Ultra Portfolio ultra-portfolio allows Blind SQL Injection.This issue affects Ultra Portfolio: from n/a through <= 6.7. [CVSS 8.8 HIGH]
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal AppExperts appexperts allows SQL Injection.This issue affects AppExperts: from n/a through <= 1.4.5. [CVSS 8.5 HIGH]
HappyMonster Happy Addons for Elementor happy-elementor-addons is affected by sql injection (CVSS 8.5).
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FooEvents FooEvents for WooCommerce fooevents allows SQL Injection.This issue affects FooEvents for WooCommerce: from n/a through <= 1.20.4. [CVSS 8.5 HIGH]
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through <= 2.5. [CVSS 8.8 HIGH]
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZoomIt DZS Video Gallery dzs-videogallery allows SQL Injection.This issue affects DZS Video Gallery: from n/a through <= 12.37. [CVSS 8.8 HIGH]
Memory-corruption in Google's SentencePiece tokenizer library (all versions before 0.2.1) lets a maliciously crafted model file trigger an invalid memory access (CWE-119) when the file is loaded, potentially leading to crashes or arbitrary code execution in the host process. Exploitation requires a victim to load an attacker-supplied model that was deliberately built outside the normal training pipeline, so it is not remotely triggerable on its own. No public exploit identified at time of analysis, and EPSS is 0.00%, but the flaw was reported by Google and is patched in v0.2.1.
Privilege escalation in Azure Logic Apps results from improper path validation, enabling remote attackers to gain elevated access without authentication or user interaction. Organizations using Azure Logic Apps are at risk of unauthorized privilege elevation through network-based attacks, with no available patch currently provided.
Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.6. [CVSS 8.2 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes Werkstatt werkstatt allows PHP Local File Inclusion.This issue affects Werkstatt: from n/a through < 4.8.3. [CVSS 8.1 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes North north-wp allows PHP Local File Inclusion.This issue affects North: from n/a through <= 5.7.5. [CVSS 8.1 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Malta malta allows PHP Local File Inclusion.This issue affects Malta: from n/a through <= 1.3.3. [CVSS 8.1 HIGH]