Skip to main content
CVE-2016-15057 CRITICAL POC THREAT Emergency

Command injection in Apache Continuum (unsupported). EPSS 37.9% indicates active exploitation of this legacy CI/CD system. No patch available — product is end-of-life.

Apache Command Injection Continuum
NVD
CVSS 3.1
9.9
EPSS
37.9%
Threat
4.6
CVE-2025-70982 CRITICAL POC Act Now

Access control bypass in SpringBlade v4.5.0 importUser function allows low-privileged users to import sensitive user data and escalate privileges. PoC available.

Spring Java Privilege Escalation Information Disclosure Authentication Bypass +1
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-22709 CRITICAL POC PATCH Act Now

Sandbox escape in vm2 Node.js sandbox before 3.10.2 via Promise.prototype.then/catch callback sanitization bypass. PoC and patch available.

Node.js Vm2
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-24429 CRITICAL Act Now

Default credentials in Tenda W30E V2 router firmware through V16.01.0.19. Known default password enables full administrative access.

Information Disclosure W30e Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24436 CRITICAL Act Now

Missing rate limiting and account lockout on Tenda W30E V2 authentication endpoints. Brute-force attacks are unrestricted.

Authentication Bypass W30e Firmware
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-24400 CRITICAL PATCH Act Now

XXE (XML External Entity) injection in AssertJ Java testing library from 1.4.0 to before 3.27.7 allows reading arbitrary files when parsing XML assertions. Patch available.

Java SSRF XXE Denial Of Service Assertj +2
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy