Fortinet FortiAnalyzer and FortiManager contain a critical authentication bypass vulnerability (CVE-2026-24858, CVSS 9.8) that allows unauthenticated remote attackers to gain administrative access through an alternate authentication path. With EPSS 2.8% but KEV listing confirming active exploitation, this vulnerability threatens the security management infrastructure that organizations rely on to protect their networks.
HUSTOJ online judge has a path traversal vulnerability enabling arbitrary file access on the competition server.
n8n has a fifth critical RCE vulnerability (CVSS 9.9) in the Expression evaluator, enabling code execution through crafted workflow expressions.
Path traversal vulnerability in RAGFlow RAG engine version 0.23.1 allows unauthenticated attackers to read arbitrary files from the server filesystem. PoC available, patch available.
Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass and unauthorized cluster operations.
Critical access control flaw in Dozzle Docker log viewer allows users restricted by label filters to escape their scope and obtain an interactive root shell on out-of-scope containers. PoC available, patch in v9.0.3.
VestaCP 0.9.8-26 has a session management vulnerability allowing remote attackers to hijack admin sessions through the LoginAs module.
Gila CMS before 2.0.0 has an RFI vulnerability enabling unauthenticated RCE.
Remote code execution and denial of service in GnuPG before 2.5.17 stem from a stack-based buffer overflow in gpg-agent when it processes a crafted CMS (S/MIME) EnvelopedData message containing an oversized wrapped session key during PKDECRYPT --kem=CMS handling. Any user or service decrypting attacker-supplied S/MIME mail with a vulnerable build can be crashed, and the memory corruption may be escalated to arbitrary code execution in the gpg-agent process that custodies private keys. Publicly available exploit code exists, but the issue is not in CISA KEV and EPSS is low (0.20%, 41st percentile), indicating no confirmed widespread exploitation yet.
Computer Book Store v1.0 has file upload in admin_add.php.
Mobile Shop Management System has file upload enabling web shell deployment.
Dirsearch 0.4.1 has CSV injection in scan reports.
Knockpy 4.1.1 has CSV injection in subdomain scan exports.
Mobile Shop Management System has SQL injection in ExLogin.php.
Mobile Shop Management System has SQL injection in insertmessage.php.
Mobile Shop Management System has code injection in ExAddNewUser.php.
Easy CD & DVD Cover Creator 4.13 has a buffer overflow in serial number input.
Server-Side Request Forgery (SSRF) vulnerability in Squidex CMS webhook configuration allows authenticated administrators to make requests to internal services by specifying localhost or internal IP addresses as webhook destinations. PoC available.
ROOT data analysis framework has an input validation vulnerability in zlib modules enabling code execution through crafted data files.
SkyFire game server has improper pointer arithmetic enabling memory corruption.
IronOS soldering iron firmware has an integer overflow vulnerability that could cause unexpected behavior in temperature control.
ixray-1.6-stcop game engine has an OOB write vulnerability.
A product has an out-of-bounds write from classic buffer overflow enabling remote code execution.
Authentication bypass in Juniper Networks Session Smart Router and Conductor allows network-based attackers to gain administrative control without credentials. The vulnerability affects multiple versions of the routing platform used in enterprise SD-WAN deployments.
xrdp open-source RDP server before v0.10.5 has an unauthenticated stack buffer overflow enabling remote code execution.
xray-monolith game mod has a type confusion vulnerability.
EZCast Pro II v1.17478.146 uses well-known default credentials in the Admin UI enabling immediate administrative access to the wireless presentation system.