SolarWinds Web Help Desk contains an unauthenticated Java deserialization vulnerability (CVE-2025-40551, CVSS 9.8) that enables remote code execution. With EPSS 80.6% and KEV listing, this is the more severe of two concurrent WHD vulnerabilities, allowing attackers to execute arbitrary commands on the host server without any credentials.
SolarWinds Web Help Desk contains a security control bypass vulnerability (CVE-2025-40536) that allows unauthenticated attackers to access restricted functionality. With EPSS 69% and KEV listing, this CVSS 8.1 vulnerability is particularly concerning given SolarWinds' history of being targeted in supply chain attacks and the sensitive IT service data typically stored in help desk systems.
SolarWinds Web Help Desk has an authentication bypass vulnerability (EPSS 9.9%) that allows unauthenticated attackers to gain admin access to the helpdesk system.
SolarWinds Web Help Desk has a second authentication bypass (EPSS 7.8%) providing yet another path to unauthenticated admin access.
SandboxJS library prior to 0.8.26 has a CVSS 10.0 sandbox escape via AsyncFunction constructor, allowing execution of arbitrary code outside the sandbox boundary.
Erugo file-sharing platform up to version 0.2.14 has a CVSS 10.0 path traversal allowing authenticated users to read any file on the server including secrets and configuration.
Dokploy self-hosted PaaS prior to 0.26.6 has a critical command injection vulnerability (CVSS 9.9) allowing authenticated users to execute arbitrary OS commands on the host.
Zortam Mp3 Media Studio 27.60 has a buffer overflow in the library file selection dialog that allows code execution through crafted library files.
Tendenci 12.3.1 has a CSV formula injection in the contact form message field enabling code execution when administrators export and open data in spreadsheet applications.
10-Strike Network Inventory Explorer 8.65 has a buffer overflow in exception handling that allows remote code execution by crashing the application with crafted network data.
bulk_extractor digital forensics tool starting from version 1.4 has a heap buffer overflow in its embedded unrar code that can be triggered by crafted RAR archives.
YATinyWinFTP has a denial of service vulnerability allowing remote attackers to crash the FTP service by sending a 272-byte crafted packet.
66biolinks v62.0.0 has a session fixation vulnerability where the application doesn't regenerate session IDs after authentication, enabling session hijacking.
NocoDB spreadsheet platform prior to 0.301.0 has a stored XSS vulnerability (CVSS 9.0) that enables code execution through malicious cell content in shared views.
M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. [CVSS 8.8 HIGH]
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit endpoint. [CVSS 8.8 HIGH]
SQL injection in EGroupware's Nextmatch filter allows authenticated attackers to execute arbitrary database commands by exploiting PHP type juggling that bypasses integer validation checks. Public exploit code exists for this vulnerability affecting EGroupware versions prior to 23.1.20260113 and 26.0.20260113, and no patch is currently available. Attackers with valid credentials can manipulate WHERE clauses to extract sensitive data, modify records, or compromise database integrity.
PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. [CVSS 8.4 HIGH]
Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system. [CVSS 8.4 HIGH]
docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that allows attackers to execute arbitrary code by overwriting memory. [CVSS 8.4 HIGH]
WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating email credentials. [CVSS 8.2 HIGH]
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. [CVSS 8.2 HIGH]
Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their public key. [CVSS 8.2 HIGH]
node-tar before version 7.5.7 contains a path traversal vulnerability where inconsistent path resolution between validation and execution logic allows attackers to bypass security checks and create hardlinks to arbitrary files outside the intended extraction directory. Public exploit code exists for this vulnerability, affecting Node.js applications that process untrusted TAR archives. An attacker can craft a malicious TAR file to write to sensitive locations on the system.
SolarWinds Web Help Desk has a second deserialization vulnerability (EPSS 11.9%) providing another unauthenticated RCE path alongside CVE-2025-40551.
Dokploy versions before 0.26.6 contain hardcoded database credentials in the installation script, causing nearly all deployments to share identical credentials that can be obtained from the publicly available install.sh file. An authenticated attacker on the network can leverage these credentials to access the database, potentially achieving high-impact compromise of confidentiality, integrity, and availability. Public exploit code exists for this vulnerability and a patch is available in version 0.26.6 and later.
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. [CVSS 7.7 HIGH]
Arbitrary code execution in iccDEV versions before 2.3.1.2 occurs when malformed ICC color profiles containing NaN floating-point values are parsed, causing undefined behavior during type conversion that corrupts memory structures. Local attackers can exploit this by crafting malicious ICC profiles that applications process, and public exploit code exists for this vulnerability. The issue affects any system using the iccDEV library to handle ICC profile data, with a patch available in version 2.3.1.2.
ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]
Prey 1.9.6 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the CronService to insert malicious code that would execute during application startup or system reboot. [CVSS 7.8 HIGH]
its Windows service configuration contains a vulnerability that allows attackers to execute arbitrary code (CVSS 7.8).
its nordvpn-service contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).
its Windows service configuration contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).
ForensiT AppX Management Service 2.2.0.4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]
PACService.exe contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).
SENADB service contains a vulnerability that allows attackers to execute code with elevated system privileges (CVSS 7.8).
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. [CVSS 7.7 HIGH]
Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. [CVSS 7.5 HIGH]
A type validation flaw in the flow.dstack() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 7.5 HIGH]
A dimension validation flaw in the flow.empty() component of OneFlow 0.9.0 allows attackers to cause a Denial of Service (DoS) via a negative or excessively large dimension value. [CVSS 7.5 HIGH]
A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted tensor shapes. [CVSS 7.5 HIGH]
An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 7.5 HIGH]
An input validation vulnerability in the oneflow.index_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 7.5 HIGH]
An input validation vulnerability in the flow.arange() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 7.5 HIGH]
aSc TimeTables 2021.6.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting subject title fields with excessive data. [CVSS 7.5 HIGH]
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. [CVSS 7.5 HIGH]
A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice (DoS) by invoking flow.cuda.get_device_properties() with an invalid or negative device index. [CVSS 7.5 HIGH]
A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) by calling flow.cuda.synchronize() with an invalid or out-of-range GPU device index. [CVSS 7.5 HIGH]
Commerce Paybox versions up to 7.X-1.5. is affected by improper verification of cryptographic signature (CVSS 7.5).
A GPU device-ID validation flaw in the flow.cuda.get_device_capability() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted device ID. [CVSS 7.5 HIGH]