Skip to main content
CVE-2021-47888 HIGH POC This Week

Textpattern versions up to 4.8.3 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

PHP RCE
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-47904 HIGH POC This Week

PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server. [CVSS 8.8 HIGH]

PHP RCE
NVD GitHub Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-47903 HIGH POC This Week

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. [CVSS 8.8 HIGH]

RCE Path Traversal Command Injection
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-47881 HIGH POC This Week

dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer overflow vulnerability that allows attackers to overwrite memory by manipulating the milstd1553result.txt file. [CVSS 8.4 HIGH]

Windows Industrial Buffer Overflow
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-67264 HIGH POC This Week

An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, due to incomplete patching of CVE-2025-31710 [CVSS 7.8 HIGH]

Command Injection Note59 Pro Firmware Note59 Firmware RCE
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47896 HIGH POC This Week

pdfcDispatcher service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47898 HIGH POC This Week

Epson USB Display 1.6.0.0 contains an unquoted service path vulnerability in the EMP_UDSA service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in intermediate directories to gain elevated system access. [CVSS 7.8 HIGH]

Information Disclosure
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47890 HIGH POC This Week

LogonExpert 8.1 contains an unquoted service path vulnerability in the LogonExpertSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to place malicious executables in intermediate directories, potentially gaining elevated system access during service startup. [CVSS 7.8 HIGH]

Information Disclosure
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47889 HIGH POC This Week

SoftrosSpellChecker service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20613 HIGH POC This Week

Path traversal in the ArchiveReader.extractContents() function used by container image load operations allows local attackers to write arbitrary files to any user-writable location on the system by crafting malicious archives with relative pathnames. Public exploit code exists for this vulnerability, and affected users cannot currently patch as fixes are only available in container 0.8.0 and containerization 0.21.0. The vulnerability requires local access and user interaction but carries high severity due to potential for file overwrite and system compromise.

Path Traversal Containerization Container
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47895 HIGH POC This Week

Nsauditor versions up to 3.2.2.0 is affected by allocation of resources without limits or throttling (CVSS 7.5).

Denial Of Service Nsauditor
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2021-47894 HIGH POC This Week

Managed Switch Port Mapping Tool 2.85.2 contains a denial of service vulnerability that allows attackers to crash the application by creating an oversized buffer. [CVSS 7.5 HIGH]

SNMP Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2021-47893 HIGH POC This Week

AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerability in the Trace Route feature that allows attackers to crash the application by overflowing the host name input field. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-66720 HIGH POC PATCH This Week

Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/processor/ampolicy.go in function HandleDeletePoliciesPolAssoId. [CVSS 7.5 HIGH]

Golang Null Pointer Dereference Pcf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-69908 HIGH POC This Week

An unauthenticated information disclosure vulnerability in Newgen OmniApp allows attackers to enumerate valid privileged usernames via a publicly accessible client-side JavaScript resource. [CVSS 7.5 HIGH]

Information Disclosure Omniapp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-70986 HIGH POC This Week

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data. [CVSS 7.5 HIGH]

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2021-47897 HIGH POC This Week

address parameter of the change_params.php script. Attackers can inject malicious JavaScript payloads is affected by cross-site scripting (xss) (CVSS 7.2).

PHP XSS
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2021-47892 HIGH POC This Week

PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script execution. [CVSS 7.2 HIGH]

XSS
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-0786 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware results from insufficient input validation in the SCI module, allowing authenticated attackers to inject arbitrary commands and execute code with device privileges. The vulnerability affects Golang-based implementations and carries a high CVSS score of 8.8, with no patch currently available. Exploitation requires valid credentials but poses significant risk to networked audio alerting infrastructure.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2026-0785 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the API interface allows authenticated attackers to execute arbitrary system commands on affected devices due to insufficient input validation. The vulnerability has a high CVSS score of 8.8 and currently lacks a patch. With an EPSS score of 0.8%, exploitation is possible but not yet widely observed in the wild.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2026-0766 HIGH This Week

Remote code execution in Open WebUI through the load_tool_module_by_id function allows authenticated attackers to execute arbitrary Python code due to insufficient input validation on user-supplied strings. An attacker with valid credentials can leverage this vulnerability to achieve code execution with service account privileges. No patch is currently available, making this a critical risk for deployed Open WebUI instances.

Python RCE Command Injection AI / ML Open Webui
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2026-0765 HIGH This Week

Remote code execution in Open WebUI's install_frontmatter_requirements function allows authenticated attackers to execute arbitrary commands on the host system by bypassing input validation in system call parameters. The vulnerability affects AI/ML deployments using Open WebUI and requires valid authentication credentials to exploit. No patch is currently available.

RCE Command Injection AI / ML Open Webui
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2026-0796 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices due to insufficient input validation. The vulnerability requires valid credentials to exploit but provides complete system compromise with high confidentiality, integrity, and availability impact. No patch is currently available for this issue.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-0795 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter devices via command injection in the web UI allows authenticated attackers to execute arbitrary system commands due to insufficient input validation. An attacker with valid credentials can inject malicious commands through user-supplied parameters to gain code execution on the affected device. No patch is currently available for this vulnerability.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-0784 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on vulnerable devices due to insufficient input validation. An attacker with valid credentials can inject malicious commands through unsanitized user input to compromise the device and execute code with device privileges. No patch is currently available for this vulnerability.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-0783 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices through insufficient input validation. An attacker with valid credentials can inject malicious commands through unsanitized user input parameters to achieve code execution in the device context. No patch is currently available for this high-severity vulnerability.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-0782 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter devices through command injection in the web management interface allows authenticated attackers to execute arbitrary commands with device privileges. The vulnerability stems from insufficient input validation of user-supplied parameters passed to system calls. A patch is not currently available for this high-severity flaw affecting Golang-based firmware.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-0778 HIGH This Week

Unauthenticated remote code execution in Enel X JuiceBox 40 charging stations via an exposed Telnet service on TCP port 2000 allows network-adjacent attackers to execute arbitrary commands without credentials. The vulnerability affects all installations of the JuiceBox 40 and runs with service account privileges, enabling full system compromise. No patch is currently available.

RCE
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2026-0774 HIGH This Week

WatchYourLAN's configuration page is vulnerable to argument injection through improper validation of the arpstrs parameter, enabling unauthenticated network-adjacent attackers to execute arbitrary code with service account privileges. The vulnerability stems from insufficient input sanitization before system command execution and currently lacks an available patch. An attacker on the same network can exploit this without authentication to achieve complete system compromise.

RCE
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2026-0781 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices due to insufficient input validation. An attacker with valid credentials can exploit this vulnerability to achieve code execution in the device context. No patch is currently available for this high-severity vulnerability (CVSS 8.8).

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-0780 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware through command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices due to insufficient input validation. The vulnerability requires valid credentials to exploit but enables complete device compromise once authenticated. No patch is currently available for this high-severity flaw affecting the Golang-based firmware.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-0779 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web interface allows authenticated attackers to execute arbitrary code on affected devices through insufficient input validation. The vulnerability requires valid credentials but no user interaction to exploit, presenting significant risk to networked audio alerting systems. No patch is currently available.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-0757 HIGH This Week

MCP Manager for Claude Desktop is vulnerable to command injection through improperly validated MCP config objects, enabling remote attackers to escape the sandbox and execute arbitrary code on affected systems. The vulnerability requires user interaction such as visiting a malicious page or opening a malicious file, and currently lacks an available patch. An attacker can leverage this flaw to achieve code execution with medium integrity privileges in the context of the running process.

Command Injection AI / ML
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2025-67847 HIGH PATCH This Week

A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. [CVSS 8.8 HIGH]

Moodle
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-22273 HIGH This Week

Privilege escalation in Dell ECS 3.8.1.0-3.8.1.7 and ObjectScale prior to 4.2.0.0 stems from hardcoded default credentials in the operating system that a remote authenticated attacker can leverage to gain elevated privileges. An attacker with low-level access can exploit this vulnerability to achieve full system compromise including confidentiality, integrity, and availability impacts. No patch is currently available for affected versions.

Information Disclosure Dell Objectscale Elastic Cloud Storage
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-14866 HIGH This Week

Melapress Role Editor (WordPress plugin) versions up to 1.1.1. is affected by incorrect authorization (CVSS 8.8).

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-24572 HIGH This Week

Nelio Content versions 4.1.0 and earlier contain a blind SQL injection vulnerability that allows authenticated attackers to execute arbitrary database queries over the network. This vulnerability requires valid user credentials but no user interaction, enabling attackers to read, modify, or delete sensitive database contents. No patch is currently available to address this high-severity flaw.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-0710 HIGH This Week

SIPp is vulnerable to a NULL pointer dereference that can be triggered by remote attackers sending malicious SIP messages during active calls, resulting in application crashes and denial of service. Under certain conditions, this vulnerability may also enable arbitrary code execution, potentially compromising system integrity and availability. No patch is currently available.

Null Pointer Dereference Denial Of Service Suse
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-0603 HIGH PATCH GHSA This Week

Hibernate's InlineIdsOrClauseBuilder is vulnerable to second-order SQL injection when processing non-alphanumeric characters in ID columns, allowing authenticated attackers to read sensitive data, modify database contents, or cause denial of service. The vulnerability requires low privileges and network access with no user interaction, making it exploitable by remote attackers with valid credentials. No patch is currently available.

SQLi Denial Of Service Information Disclosure
NVD HeroDevs VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-0994 HIGH PATCH This Week

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.

Google Python Authentication Bypass Protobuf
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-0762 HIGH This Week

Remote code execution in GPT Academic's stream_daas function results from improper deserialization of untrusted data when communicating with external servers, allowing unauthenticated attackers to execute arbitrary code with root privileges. The vulnerability requires interaction with a malicious DAAS server and currently has no available patch. Organizations using GPT Academic should implement network controls to restrict connections to untrusted DAAS services until patching is available.

RCE Deserialization AI / ML Gpt Academic
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2025-3839 HIGH PATCH This Week

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. [CVSS 8.0 HIGH]

RCE Suse
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-15351 HIGH This Week

Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. [CVSS 7.8 HIGH]

RCE Deserialization Vectorstar
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2025-15350 HIGH This Week

Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. [CVSS 7.8 HIGH]

RCE Deserialization Vectorstar
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2025-15348 HIGH This Week

Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. [CVSS 7.8 HIGH]

RCE Deserialization Shockline
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2025-11002 HIGH PATCH This Week

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. [CVSS 7.8 HIGH]

RCE Path Traversal 7 Zip Suse
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-15059 HIGH PATCH This Week

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. [CVSS 7.8 HIGH]

RCE Buffer Overflow Heap Overflow Gimp
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-0758 HIGH This Week

mcp-server-siri-shortcuts fails to validate the shortcutName parameter before using it in system calls, enabling local attackers with low-privileged code execution to inject arbitrary commands and escalate to service account privileges. This command injection vulnerability (CVE-2026-0758, CVSS 7.8) affects the AI/ML tool and currently lacks a patch. An attacker exploiting this flaw can execute arbitrary code with elevated privileges on the affected system.

Privilege Escalation Command Injection AI / ML
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-15062 HIGH This Week

Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations ...

RCE Use After Free
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-71155 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: Fix gmap_helper_zap_one_page() again A few checks were missing in gmap_helper_zap_one_page(), which can lead to memory corruption in the guest under specific circumstances. Add the missing checks. [CVSS 7.8 HIGH]

Linux Memory Corruption Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy