THREAT ALERT

EMERGENCY CVE-2026-1340 9.8 Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that allows unauthenticated attackers to achieve remote code execution on the mobile device management server. Compromising the MDM server provides access to all managed mobile device configurations, policies, and potentially the ability to push malicious profiles to enrolled devices. | ACT NOW CVE-2026-1281 9.8 Ivanti Endpoint Manager Mobile (EPMM) contains a critical code injection vulnerability (CVE-2026-1281, CVSS 9.8) that allows unauthenticated remote attackers to execute arbitrary code. With EPSS 64.8% and KEV listing, this vulnerability in the mobile device management platform threatens the security of every managed mobile device in the organization, as EPMM has the ability to push configurations, certificates, and apps to enrolled devices. | EMERGENCY CVE-2025-40551 9.8 SolarWinds Web Help Desk contains an unauthenticated Java deserialization vulnerability (CVE-2025-40551, CVSS 9.8) that enables remote code execution. With EPSS 80.6% and KEV listing, this is the more severe of two concurrent WHD vulnerabilities, allowing attackers to execute arbitrary commands on the host server without any credentials. | ACT NOW CVE-2025-40536 8.1 SolarWinds Web Help Desk contains a security control bypass vulnerability (CVE-2025-40536) that allows unauthenticated attackers to access restricted functionality. With EPSS 69% and KEV listing, this CVSS 8.1 vulnerability is particularly concerning given SolarWinds' history of being targeted in supply chain attacks and the sensitive IT service data typically stored in help desk systems. | EMERGENCY CVE-2026-24858 9.8 Fortinet FortiAnalyzer and FortiManager contain a critical authentication bypass vulnerability (CVE-2026-24858, CVSS 9.8) that allows unauthenticated remote attackers to gain administrative access through an alternate authentication path. With EPSS 2.8% but KEV listing confirming active exploitation, this vulnerability threatens the security management infrastructure that organizations rely on to protect their networks. | ACT NOW CVE-2026-21509 7.8 Microsoft Office contains a security feature bypass (CVE-2026-21509, CVSS 7.8) where reliance on untrusted inputs in security decisions allows local attackers to bypass protections designed to prevent execution of malicious content. KEV-listed with EPSS 9.3%, this vulnerability enables attackers to circumvent Office security features like Protected View or macro restrictions through crafted documents. | EMERGENCY CVE-2026-24423 9.8 SmarterTools SmarterMail prior to build 9511 contains a second critical vulnerability (CVE-2026-24423) — an unauthenticated remote code execution flaw in the ConnectToHub API method. An attacker can redirect the SmarterMail server to connect to a malicious HTTP endpoint that serves OS commands for execution. KEV-listed with EPSS 29%, this is chainable with CVE-2026-23760 for complete server compromise. | EMERGENCY CVE-2026-23760 9.8 SmarterTools SmarterMail prior to build 9511 contains a critical authentication bypass in the password reset API (CVE-2026-23760) that allows unauthenticated attackers to reset system administrator passwords without verification. With EPSS 65% and KEV listing, this trivially exploitable vulnerability enables complete email server takeover, compromising all hosted mailboxes and organizational communications. | ACT NOW CVE-2026-20045 8.2 Cisco Unified Communications Manager and related products contain a code injection vulnerability (CVE-2026-20045) that allows unauthenticated remote attackers to execute arbitrary code. This KEV-listed vulnerability affects the core enterprise voice/video infrastructure including Unified CM, IM&P, Unity Connection, and Webex Calling Dedicated Instance, making it a high-priority threat for organizations dependent on Cisco collaboration tools. | ACT NOW CVE-2026-24061 9.8 GNU Inetutils telnetd through version 2.7 contains a critical authentication bypass that allows remote attackers to gain root access by setting the USER environment variable to '-f root' during TELNET negotiation. With EPSS 75% and KEV listing, this trivially exploitable vulnerability (CVE-2026-24061) has been widely weaponized. Public PoC is available and patches exist. | EMERGENCY CVE-2026-20963 9.8 Microsoft Office SharePoint contains a deserialization vulnerability (CVE-2026-20963) that allows authenticated users to execute arbitrary code over the network through crafted serialized objects. KEV-listed with public PoC, this CVSS 8.8 vulnerability enables any SharePoint user to escalate to server-level code execution, making it a critical threat for organizations relying on SharePoint for document management and collaboration. | ACT NOW CVE-2026-22200 7.5 Arbitrary file disclosure in osTicket 1.18.x before 1.18.3 and 1.17.x before 1.17.7 allows unauthenticated attackers to read sensitive server files by injecting malicious PHP filter expressions into ticket descriptions that are processed during PDF export. The vulnerability exploits insufficient sanitization in the mPDF library integration, enabling attackers to embed arbitrary file contents as images in generated PDFs when exporting tickets. Public exploit code exists and the issue affects default configurations where guest ticket creation is enabled. | EMERGENCY CVE-2026-21891 9.4 ZimaOS (fork of CasaOS) through 1.5.0 has an authentication bypass where passwords for system service accounts are not properly validated during login. Attackers can access the system using known service account names with any password. PoC available, EPSS 13.6%. | ACT NOW CVE-2025-66376 7.2 Zimbra Collaboration Suite (ZCS) 10.x contains a stored XSS vulnerability in the Classic UI that allows attackers to execute arbitrary JavaScript through CSS @import directives in HTML emails. KEV-listed, this vulnerability (CVE-2025-66376) enables session hijacking and account takeover when administrators or users view malicious emails, making it a high-value target for email-based espionage campaigns. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — January 29, 2026

123 CVEs tracked today. 12 Critical, 51 High, 51 Medium, 5 Low.

CVE-2026-1340 CRITICAL CVSS 9.8
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that allows unauthenticated attackers to achieve remote code execution on the mobile device management server. Compromising the MDM server provides access to all managed mobile device configurations, policies, and potentially the ability to push malicious profiles to enrolled devices.

Ivanti RCE Code Injection
CVE-2026-24054 CRITICAL CVSS 10.0
Sandbox escape in Kata Containers allowing guest VM to access host resources. CVSS 10.0 — undermines the core security guarantee of hardware-isolated containers. PoC and patch available.

Dns Kata Containers Redhat
CVE-2026-22806 CRITICAL CVSS 9.1
Authorization bypass in vCluster Platform Kubernetes virtual cluster management before 4.6.0/4.5.4/4.4.4. Users can access resources outside their authorized virtual cluster scope.

Kubernetes
CVE-2026-1453 CRITICAL CVSS 9.8
Missing authentication in KiloView Encoder Series allows unauthenticated attackers to create or delete admin accounts on video encoding equipment.

Authentication Bypass
CVE-2026-1281 CRITICAL CVSS 9.8
Ivanti Endpoint Manager Mobile (EPMM) contains a critical code injection vulnerability (CVE-2026-1281, CVSS 9.8) that allows unauthenticated remote attackers to execute arbitrary code. With EPSS 64.8% and KEV listing, this vulnerability in the mobile device management platform threatens the security of every managed mobile device in the organization, as EPMM has the ability to push configurations, certificates, and apps to enrolled devices.

Ivanti RCE Code Injection Endpoint Manager Mobile
CVE-2026-1188 CRITICAL CVSS 9.8
Buffer size miscalculation in Eclipse OMR port library since 0.2.0. An API function returning processor feature names has incorrect size allocation. Patch available.

Buffer Overflow Omr
CVE-2025-69929 CRITICAL CVSS 9.8
Client-side password hashing in N3uron Web UI v1.21.7 allows privilege escalation. Weak hashing enables attackers to forge authentication credentials. PoC available.

Privilege Escalation Web User Interface
CVE-2025-69516 HIGH CVSS 8.8
A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the server. [CVSS 8.8 HIGH]

Code Injection Tactical Rmm
CVE-2020-37012 CRITICAL CVSS 9.8
Unauthenticated RCE in Tea LaTeX 1.0 via command injection in /api endpoint. EPSS 0.29% with PoC available.

PHP RCE
CVE-2020-37010 CRITICAL CVSS 9.8
Buffer overflow in BearShare Lite 5.2.5 Advanced Search keywords input allows code execution. PoC available.

Buffer Overflow
CVE-2020-37002 CRITICAL CVSS 9.8
Authentication bypass leading to command execution in Ajenti 2.1.36. Despite requiring login, the authentication can be bypassed for subsequent command execution. EPSS 0.64% with PoC available.

Authentication Bypass
CVE-2020-37000 CRITICAL CVSS 9.8
Stack buffer overflow in Free MP3 CD Ripper 2.8 allows remote code execution via crafted WAV files. PoC available.

Windows RCE Buffer Overflow
CVE-2020-36997 CRITICAL CVSS 9.8
Buffer overflow in BacklinkSpeed 2.4 allows code execution via SEH chain corruption through malicious input. PoC available.

Buffer Overflow
CVE-2026-25126 HIGH CVSS 7.1
PolarLearn versions prior to 0-PRERELEASE-15 fail to validate the `direction` parameter in the forum vote API endpoint, allowing authenticated attackers to submit arbitrary values that bypass business logic and corrupt vote data. Public exploit code exists for this vulnerability. The issue affects authenticated users who can manipulate voting behavior through improper input validation.

Code Injection Polarlearn
CVE-2026-25116 HIGH CVSS 7.6
Runtipi versions 4.5.0 through 4.7.1 contain an unauthenticated path traversal vulnerability in the UserConfigController that allows remote attackers to overwrite the docker-compose.yml configuration file through insecure URN parsing. An attacker can inject a malicious stack configuration that executes arbitrary code when the instance restarts, achieving full remote code execution and host compromise. Public exploit code exists and no patch is currently available.

Docker RCE Path Traversal Runtipi
CVE-2026-25063 HIGH CVSS 7.8
Arbitrary code execution in gradle-completion versions up to 9.3.0 occurs when users perform Bash tab completion in directories with malicious Gradle build files, as the script fails to sanitize task names and descriptions. A local attacker can inject shell commands through backticks in task descriptions, which are executed automatically during completion without requiring the user to run any Gradle tasks. The vulnerability affects developers using Gradle with bash completion enabled.

Command Injection Gradle Completion
CVE-2026-25061 HIGH CVSS 7.5
Denial-of-service attacks against tcpflow up to version 1.61 are possible via malformed 802.11 management frames that trigger a stack-based buffer overflow in TIM element parsing. An unauthenticated remote attacker can craft a specially designed wireless frame to cause a one-byte out-of-bounds write, crashing the application or potentially executing arbitrary code. Public exploit code exists, but no patches are currently available for affected Debian Linux systems and other distributions using vulnerable tcpflow versions.

Denial Of Service Tcpflow Debian Linux Suse
CVE-2026-25047 HIGH CVSS 8.8
Deephas versions up to 1.0.7 is affected by improperly controlled modification of object prototype attributes (prototype pollution) (CVSS 8.8).

Node.js Deephas
CVE-2026-25040 HIGH CVSS 8.8
Budibase is a low code platform for creating internal tools, workflows, and admin panels. [CVSS 8.8 HIGH]

Privilege Escalation Budibase
CVE-2026-24905 HIGH CVSS 7.8
Inspektor Gadget versions prior to 0.48.1 allow local attackers with limited privileges to execute arbitrary commands during custom gadget image builds due to insufficient input sanitization in Makefile generation. An attacker who can control buildOptions parameters can inject shell commands that execute with the privileges of the build process. Public exploit code exists for this vulnerability.

Kubernetes Command Injection Inspektor Gadget Suse
CVE-2026-24902 HIGH CVSS 7.1
TrustTunnel versions prior to 0.9.114 fail to validate private network restrictions when processing numeric IP addresses in TCP connections, enabling authenticated attackers to bypass SSRF protections and reach loopback or internal network targets. The vulnerability exists because IP-based connection requests skip the same security checks applied to hostname-based requests. Public exploit code exists; upgrade to version 0.9.114 or later to remediate.

SSRF Trusttunnel
CVE-2026-24780 HIGH CVSS 8.8
Remote code execution in AutoGPT Platform prior to v0.6.44 allows authenticated users to execute disabled blocks and write arbitrary Python code to the server filesystem. The vulnerability stems from insufficient validation of the disabled flag in block execution endpoints, enabling attackers to achieve code execution via the BlockInstallationBlock component. Public exploit code exists, and self-hosted instances with Supabase signup enabled are particularly vulnerable to account creation and exploitation.

Python RCE AI / ML Autogpt Platform
CVE-2026-23896 HIGH CVSS 7.2
Immich versions prior to 2.5.0 contain an improper access control flaw that allows any authenticated API key to escalate its privileges to full administrator level by manipulating the update endpoint. Public exploit code exists for this vulnerability, enabling attackers with basic API access to completely compromise the system. The flaw affects all unpatched Immich installations and requires upgrading to version 2.5.0 or later to remediate.

Privilege Escalation Immich
CVE-2026-1637 HIGH CVSS 8.8
Tenda AC21 firmware versions up to 16.03.08.16 contain a stack-based buffer overflow in the /goform/AdvSetMacMtuWan endpoint that can be exploited remotely by authenticated attackers to achieve arbitrary code execution. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score (8.8) reflects the severity of this flaw affecting device confidentiality, integrity, and availability.

Buffer Overflow Stack Overflow Ac21 Firmware
CVE-2026-1616 HIGH CVSS 7.5
Open Security Issue Management (OSIM) prior to v2025.9.0 contains a path traversal vulnerability in its nginx configuration that improperly concatenates URI and query string parameters, allowing unauthenticated remote attackers to access unauthorized files and directories. The vulnerability affects both OSIM and Nginx deployments using vulnerable configurations, enabling information disclosure through crafted query parameters. A patch is available for affected versions.

Nginx Path Traversal Open Security Issue Management
CVE-2026-1610 HIGH CVSS 8.1
Ax12 Pro Firmware versions up to 16.03.49.24_cn is affected by use of hard-coded password (CVSS 8.1).

Authentication Bypass Ax12 Pro Firmware
CVE-2026-1595 HIGH CVSS 7.3
SQL injection in itsourcecode Society Management System 1.0 allows unauthenticated remote attackers to manipulate the student_id parameter in /admin/edit_student_query.php, enabling unauthorized database queries and potential data exfiltration or modification. Public exploit code exists for this vulnerability, and no patch is currently available, increasing the risk of active exploitation.

PHP SQLi Society Management System
CVE-2026-1594 HIGH CVSS 7.3
SQL injection in itsourcecode Society Management System 1.0's expense administration interface allows unauthenticated remote attackers to manipulate the detail parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems expose confidentiality, integrity, and availability of underlying data.

PHP SQLi Society Management System
CVE-2026-1593 HIGH CVSS 7.3
Society Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

PHP SQLi Society Management System
CVE-2026-1590 HIGH CVSS 7.3
SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /ramonsys/faculty/index.php enables unauthenticated remote attackers to read, modify, or delete database contents. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi School Management System
CVE-2026-1589 HIGH CVSS 7.3
SQL injection in itsourcecode School Management System 1.0 via the txtsearch parameter in /ramonsys/inquiry/index.php enables unauthenticated remote attackers to execute arbitrary SQL queries with limited impact on confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi School Management System
CVE-2026-1457 HIGH CVSS 8.8
Remote code execution in TP-Link VIGI C385 cameras results from improper input validation in the Web API that allows authenticated attackers to trigger buffer overflows and corrupt memory. An attacker with valid credentials can exploit this vulnerability to execute arbitrary code with elevated privileges on affected devices. No patch is currently available for this high-severity issue.

TP-Link RCE Buffer Overflow Memory Corruption Vigi C385 Firmware
CVE-2025-69604 HIGH CVSS 7.8
An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls. [CVSS 7.8 HIGH]

macOS
CVE-2025-63658 HIGH CVSS 7.5
A stack overflow in the mk_http_index_lookup function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Monkey
CVE-2025-63657 HIGH CVSS 7.5
An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_mimetype.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. [CVSS 7.5 HIGH]

Denial Of Service Monkey
CVE-2025-63656 HIGH CVSS 7.5
An out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. [CVSS 7.5 HIGH]

Denial Of Service Monkey
CVE-2025-63655 HIGH CVSS 7.5
A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. [CVSS 7.5 HIGH]

Null Pointer Dereference Denial Of Service Monkey
CVE-2025-63653 HIGH CVSS 7.5
An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_vhost.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. [CVSS 7.5 HIGH]

Denial Of Service Monkey
CVE-2025-63652 HIGH CVSS 7.5
A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. [CVSS 7.5 HIGH]

Use After Free Denial Of Service Monkey
CVE-2025-63651 HIGH CVSS 7.5
A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. [CVSS 7.5 HIGH]

Use After Free Denial Of Service Monkey
CVE-2025-63650 HIGH CVSS 7.5
An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. [CVSS 7.5 HIGH]

Denial Of Service Monkey
CVE-2025-63649 HIGH CVSS 7.5
An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the server. [CVSS 7.5 HIGH]

Denial Of Service Monkey
CVE-2025-62514 HIGH CVSS 8.3
Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, `libparsec_crypto`, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means an attacker in a man-in-the-middle position would be able to provide weak order points to both parties in the Diffie-Hellman exchange, resulting in a high probability to for both parties to obtain ...

Information Disclosure Parsec
CVE-2025-14975 HIGH CVSS 8.1
Custom Login Page Customizer WordPre versions up to 2.5.4 is affected by improper privilege management (CVSS 8.1).

WordPress PHP
CVE-2025-13399 HIGH CVSS 8.8
Vx800V Firmware contains a vulnerability that allows attackers to high impact to confidentiality, integrity, and availability of transmitted data (CVSS 8.8).

Information Disclosure Vx800v Firmware
CVE-2025-7714 HIGH CVSS 7.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Global Interactive Design Media Software Inc. [CVSS 7.5 HIGH]

SQLi Content Management System
CVE-2025-7713 HIGH CVSS 7.5
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS) allows XSS Through HTTP Headers.This issue affects Content Management System (CMS): through 21072025. [CVSS 7.5 HIGH]

XSS Content Management System
CVE-2025-7016 HIGH CVSS 8.0
Improper Access Control vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Authentication Abuse.This issue affects QR Menu: before s1.05.12. [CVSS 8.0 HIGH]

Authentication Bypass Qr Menu
CVE-2020-37021 HIGH CVSS 7.8
10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vulnerability in multiple services that allows local attackers to escalate privileges. Attackers can place a malicious executable in specific file path locations to achieve privilege escalation to SYSTEM during service startup. [CVSS 7.8 HIGH]

Privilege Escalation
CVE-2020-37020 HIGH CVSS 7.8
SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. [CVSS 7.8 HIGH]

Information Disclosure
CVE-2020-37017 HIGH CVSS 7.8
CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
CVE-2020-37016 HIGH CVSS 7.8
BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that allows local attackers to execute code with elevated privileges during system startup. [CVSS 7.8 HIGH]

Code Injection
CVE-2020-37015 HIGH CVSS 7.5
Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. [CVSS 7.5 HIGH]

Path Traversal
CVE-2020-37013 HIGH CVSS 8.4
Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. [CVSS 8.4 HIGH]

Buffer Overflow
CVE-2020-37011 HIGH CVSS 7.5
Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. [CVSS 7.5 HIGH]

Denial Of Service Redhat Suse
CVE-2020-37009 HIGH CVSS 8.8
MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. [CVSS 8.8 HIGH]

PHP RCE
CVE-2020-37008 HIGH CVSS 7.5
EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. [CVSS 7.5 HIGH]

Authentication Bypass
CVE-2020-37006 HIGH CVSS 8.2
berliCRM 1.0.24 contains a SQL injection vulnerability in the 'src_record' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database information. [CVSS 8.2 HIGH]

PHP SQLi
CVE-2020-37005 HIGH CVSS 7.1
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. [CVSS 7.1 HIGH]

PHP SQLi
CVE-2020-37004 HIGH CVSS 8.2
Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. [CVSS 8.2 HIGH]

SQLi
CVE-2020-37001 HIGH CVSS 8.4
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. [CVSS 8.4 HIGH]

Buffer Overflow
CVE-2020-36999 HIGH CVSS 8.2
Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. [CVSS 8.2 HIGH]

PHP SQLi Authentication Bypass
CVE-2020-36995 HIGH CVSS 7.5
Mocha Telnet Lite for iOS 4.2 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the user configuration input. [CVSS 7.5 HIGH]

Denial Of Service
CVE-2026-25067 MEDIUM CVSS 5.3
SmarterMail before build 9518 allows unauthenticated attackers to exploit a path traversal flaw in the background preview endpoint by supplying base64-encoded UNC paths, forcing the Windows service to initiate SMB connections to attacker-controlled servers. This enables credential coercion and NTLM relay attacks without requiring authentication or user interaction. No patch is currently available for this vulnerability.

Windows Smartermail
CVE-2026-24904 MEDIUM CVSS 5.3
TrustTunnel VPN protocol versions prior to 0.9.115 contain a rule bypass vulnerability where fragmented TLS ClientHello messages fail to extract the client random value, causing the rules engine to skip client_random_prefix matching conditions and allow traffic that should be blocked. Public exploit code exists for this medium-severity network-accessible vulnerability affecting Industrial and TrustTunnel products. A patch is available for affected versions.

Industrial Trusttunnel
CVE-2026-24846 MEDIUM CVSS 5.5
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. [CVSS 5.5 MEDIUM]

Path Traversal Malcontent Suse
CVE-2026-24845 MEDIUM CVSS 6.5
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. [CVSS 6.5 MEDIUM]

Docker Malcontent Suse
CVE-2026-24687 MEDIUM CVSS 6.5
Authenticated users in Umbraco Forms versions 16 and 17 can exploit a path traversal vulnerability to read arbitrary files on Mac and Linux systems running the CMS. An attacker with backoffice access can enumerate and access sensitive files through the export endpoint by manipulating the fileName parameter. No patch is currently available, though the vulnerability is mitigated by restricting backoffice access and blocking path traversal sequences at the WAF level.

Linux Path Traversal Umbraco Forms
CVE-2026-24414 MEDIUM CVSS 5.5
Icinga PowerShell Framework versions prior to 1.13.4, 1.12.4, and 1.11.2 expose private certificate keys due to overly permissive directory permissions that allow all local users read access to the certificate folder. A local attacker with user-level privileges can retrieve these private keys to impersonate the Icinga service or intercept monitoring communications. No patch is currently available; manual ACL restrictions on the certificate directory are required as a temporary mitigation.

Windows Icinga Powershell Framework
CVE-2026-24413 MEDIUM CVSS 5.5
Icinga 2 on Windows versions 2.3.0 through 2.15.1 fail to properly restrict file permissions on the `%ProgramData%\icinga2\var` directory, allowing any local user to read sensitive data including private keys and synchronized configurations. All Windows installations are affected, and attackers with local access can extract cryptographic material and configuration details for lateral movement or further compromise. Patches are available in versions 2.13.14, 2.14.8, and 2.15.2, with workarounds available through updated Icinga for Windows packages or manual ACL remediation.

Windows Icinga Suse
CVE-2026-23571 MEDIUM CVSS 6.8
TeamViewer DEX versions below 24.5 allow authenticated users with actioner privileges to execute arbitrary elevated commands on connected hosts through inadequate input validation in the 1E-Nomad-RunPkgStatusRequest instruction. An attacker with these credentials could inject malicious commands to gain unauthorized system access and control. The vulnerability requires user interaction and high-level privileges but carries a significant risk due to the potential for complete system compromise.

Command Injection Digital Employee Experience
CVE-2026-23570 MEDIUM CVSS 6.5
Log timestamp tampering in TeamViewer DEX Client versions prior to 26.1 allows adjacent network attackers to inject malicious UDP Sync commands that corrupt event timestamps, undermining log integrity and forensic investigation capabilities. This input validation flaw affects Windows deployments of the NomadBranch service and could enable attackers to obscure the timeline of malicious activities or create misleading audit trails. No patch is currently available for this medium-severity vulnerability.

Windows Digital Employee Experience
CVE-2026-23569 MEDIUM CVSS 6.5
TeamViewer DEX Client versions before 26.1 contain an out-of-bounds read in the Content Distribution Service that enables remote attackers to leak stack memory and trigger denial of service without authentication. Successful exploitation could disclose memory contents useful for bypassing address space layout randomization and chaining with other vulnerabilities. No patch is currently available for this medium-severity flaw affecting Windows deployments.

Windows Denial Of Service Digital Employee Experience
CVE-2026-23568 MEDIUM CVSS 5.4
Information disclosure and denial-of-service in TeamViewer DEX Client versions before 26.1 allows adjacent network attackers to trigger an out-of-bounds read via specially crafted packets, potentially leaking sensitive memory that could be leveraged to bypass ASLR protections. Affected Windows systems running the NomadBranch.exe content distribution service are vulnerable to attacks requiring only network proximity, with no authentication or user interaction needed.

Windows Information Disclosure Digital Employee Experience
CVE-2026-23567 MEDIUM CVSS 6.5
Denial-of-service in TeamViewer DEX Client versions prior to 26.1 allows adjacent network attackers to crash the NomadBranch.exe service by sending specially crafted UDP packets that trigger a heap buffer overflow. The vulnerability stems from an integer underflow in the UDP command handler that can be exploited without authentication or user interaction. Currently, no patch is available and the attack requires network adjacency to the affected system.

Windows Buffer Overflow Heap Overflow Integer Overflow Denial Of Service
CVE-2026-23566 MEDIUM CVSS 6.5
Log tampering in TeamViewer DEX Client versions prior to 26.1 allows adjacent network attackers to inject, modify, or forge entries in the NomadBranch.log file through the UDP network handler, compromising log integrity and audit trail reliability. An attacker with network access can send crafted packets to the Content Distribution Service to manipulate logging records without authentication, potentially obscuring malicious activity or creating false audit entries.

Windows Digital Employee Experience
CVE-2026-23565 MEDIUM CVSS 6.5
TeamViewer DEX Client versions prior to 26.1 contain a null pointer dereference in the NomadBranch.exe Content Distribution Service that allows adjacent network attackers to crash the process without authentication. An attacker can exploit this vulnerability to disable the Content Distribution Service, causing a denial-of-service condition on affected Windows systems. No patch is currently available.

Windows Digital Employee Experience
CVE-2026-23564 MEDIUM CVSS 6.5
Digital Employee Experience is affected by cleartext transmission of sensitive information (CVSS 6.5).

Windows Digital Employee Experience
CVE-2026-23563 MEDIUM CVSS 5.7
Digital Employee Experience versions up to 26.1 is affected by improper link resolution before file access (CVSS 5.7).

Windows Digital Employee Experience
CVE-2026-22764 MEDIUM CVSS 4.3
Information disclosure in Dell OpenManage Network Integration versions before 3.9 stems from improper authentication controls that allow low-privileged remote attackers to access sensitive data. The vulnerability requires valid credentials but no user interaction, making it exploitable by authenticated users with minimal privileges. No patch is currently available for affected deployments.

Information Disclosure Openmanage Network Integration
CVE-2026-1625 MEDIUM CVSS 6.3
Command injection in D-Link DWR-M961 firmware version 1.1.47 allows authenticated remote attackers to execute arbitrary commands via manipulation of the action_value parameter in the SMS message handling function. The vulnerability requires valid credentials but no user interaction, and public exploit code is available. Affected systems can suffer unauthorized command execution, data theft, and potential device compromise.

D-Link Command Injection Dwr M961 Firmware
CVE-2026-1624 MEDIUM CVSS 6.3
Command injection in D-Link DWR-M961 firmware through the /boafrm/formLtefotaUpgradeFibocom endpoint allows authenticated remote attackers to execute arbitrary commands by manipulating the fota_url parameter. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Command Injection Dwr M961 Firmware
CVE-2026-1623 MEDIUM CVSS 6.3
Command injection in Totolik A7000R firmware through the setUpgradeFW function allows unauthenticated remote attackers to execute arbitrary commands via a malicious FileName parameter. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The device remains vulnerable as no patch is currently available.

Command Injection A7000r Firmware
CVE-2026-1601 MEDIUM CVSS 6.3
A7000R Firmware versions up to 4.1cu.4154 contains a vulnerability that allows attackers to command injection (CVSS 6.3).

Command Injection A7000r Firmware
CVE-2026-1600 MEDIUM CVSS 4.3
Bhojon Restaurant Management System versions up to 20260116 contain a price manipulation vulnerability in the add-to-cart endpoint that allows authenticated attackers to bypass business logic controls. Public exploit code exists for this issue, and the vendor has not provided a patch despite early notification. While the direct impact is limited to price modification, this could enable financial fraud through order manipulation.

Information Disclosure Bhojon
CVE-2026-1599 MEDIUM CVSS 4.3
Bhojon versions up to 20260116. contains a vulnerability that allows attackers to business logic errors (CVSS 4.3).

Information Disclosure Bhojon
CVE-2026-1597 MEDIUM CVSS 6.3
Improper authorization in Bdtask SalesERP's administrative endpoint allows authenticated attackers to manipulate the ci_session parameter and gain unauthorized access to restricted functions. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor. Affected versions through January 16, 2026 enable remote exploitation by any user with valid credentials.

Information Disclosure Saleserp
CVE-2026-1596 MEDIUM CVSS 6.3
Command injection in D-Link DWR-M961 firmware (version 1.1.47) allows unauthenticated remote attackers to execute arbitrary commands through the fota_url parameter in the LTE firmware upgrade function. Public exploit code exists for this vulnerability, which requires low privileges but no user interaction to exploit. No patch is currently available for affected devices.

D-Link Command Injection Dwr M961 Firmware
CVE-2026-1587 MEDIUM CVSS 5.3
Denial of service in Open5GS up to version 2.7.6 allows remote attackers to crash the SGWC service by manipulating the Modify Bearer Request handler in s11-handler.c. Public exploit code exists for this vulnerability and no patch is currently available. Organizations running affected versions should apply updates as they become available and consider network-level mitigations to restrict access to the S11 interface.

Denial Of Service Open5gs
CVE-2026-1586 MEDIUM CVSS 5.3
Remote denial of service in Open5GS up to version 2.7.5 affects the SGWC component's TEID-to-IP conversion function, allowing unauthenticated attackers to crash the service over the network. Public exploit code exists for this vulnerability, and while a fix has been developed, no official patch is currently available for affected deployments.

Denial Of Service Open5gs
CVE-2026-1552 MEDIUM CVSS 6.3
SQL injection in SEMCMS 5.0 via the searchml parameter in /SEMCMS_Info.php allows authenticated attackers to execute arbitrary SQL queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

PHP SQLi Semcms
CVE-2026-1551 MEDIUM CVSS 6.3
School Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 6.3).

PHP SQLi School Management System
CVE-2026-1469 MEDIUM CVSS 5.4
Stored XSS in RLE NOVA PlanManager allows authenticated users to inject malicious scripts via the comment and brand parameters, which are executed in other users' browsers without sanitization. An attacker can leverage this to hijack sessions, steal credentials, or perform unauthorized actions on behalf of victims. Exploitation requires user interaction and network access, with no patch currently available.

PHP XSS Planmanager
CVE-2026-0936 MEDIUM CVSS 5.0
R PVI client versions up to 6.5 is affected by insertion of sensitive information into log file (CVSS 5.0).

Information Disclosure
CVE-2025-71011 MEDIUM CVSS 6.2
An input validation vulnerability in the flow.Tensor.new_empty/flow.Tensor.new_ones/flow.Tensor.new_zeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 6.2 MEDIUM]

Denial Of Service AI / ML Oneflow
CVE-2025-71009 MEDIUM CVSS 6.2
An input validation vulnerability in the flow.scatter/flow.scatter_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted indices. [CVSS 6.2 MEDIUM]

Denial Of Service AI / ML Oneflow
CVE-2025-71008 MEDIUM CVSS 6.2
Oneflow versions up to 0.9.0 contains a vulnerability that allows attackers to cause a Denial of Service (DoS) via a crafted input (CVSS 6.2).

Denial Of Service AI / ML Oneflow
CVE-2025-69749 MEDIUM CVSS 6.1
Cross Site Scripting vulnerability in tale v.2.0.5 allows an attacker to execute arbitrary code. [CVSS 6.1 MEDIUM]

XSS Tale
CVE-2025-55704 MEDIUM CVSS 5.3
Hidden functionality issue exists in multiple MFPs provided by Brother Industries, Ltd., which may allow an attacker to obtain the logs of the affected product and obtain sensitive information within the logs. [CVSS 5.3 MEDIUM]

Information Disclosure
CVE-2025-45160 MEDIUM CVSS 5.4
A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an error popup without proper sanitization. [CVSS 5.4 MEDIUM]

File Upload XSS Suse
CVE-2025-15550 MEDIUM CVSS 5.3
birkir prime <= 0.4.0.beta.0 contains a cross-site request forgery vulnerability in its GraphQL endpoint that allows attackers to exploit GET-based query requests. [CVSS 5.3 MEDIUM]

CSRF
CVE-2025-15549 MEDIUM CVSS 4.8
FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. [CVSS 4.8 MEDIUM]

XSS Fluentcms
CVE-2025-15548 MEDIUM CVSS 6.5
Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality. [CVSS 6.5 MEDIUM]

Information Disclosure Vx800v Firmware
CVE-2025-15545 MEDIUM CVSS 6.8
The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. [CVSS 6.8 MEDIUM]

Code Injection Archer Re605x Firmware
CVE-2025-15543 MEDIUM CVSS 4.6
Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files. [CVSS 4.6 MEDIUM]

Path Traversal Vx800v Firmware
CVE-2025-15542 MEDIUM CVSS 5.3
Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls. [CVSS 5.3 MEDIUM]

Denial Of Service Vx800v Firmware
CVE-2025-15541 MEDIUM CVSS 6.3
Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk. [CVSS 6.3 MEDIUM]

Path Traversal Vx800v Firmware
CVE-2025-15344 MEDIUM CVSS 6.3
Tanium addressed a SQL injection vulnerability in Asset. [CVSS 6.3 MEDIUM]

SQLi Asset
CVE-2025-7015 MEDIUM CVSS 5.7
Session Fixation vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Session Fixation.This issue affects QR Menu: before s1.05.12. [CVSS 5.7 MEDIUM]

Information Disclosure Qr Menu
CVE-2025-7014 MEDIUM CVSS 5.7
Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking.This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. [CVSS 5.7 MEDIUM]

Information Disclosure Menu Panel
CVE-2025-7013 MEDIUM CVSS 5.7
Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers.This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. [CVSS 5.7 MEDIUM]

Authentication Bypass Menu Panel
CVE-2020-37018 MEDIUM CVSS 6.4
GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. [CVSS 6.4 MEDIUM]

XSS
CVE-2020-37007 MEDIUM CVSS 5.3
Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. [CVSS 5.3 MEDIUM]

CSRF Liman
CVE-2020-36994 MEDIUM CVSS 6.2
QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an application crash and prevent normal functionality. [CVSS 6.2 MEDIUM]

Denial Of Service
CVE-2026-25117 None
pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on `/workspace/*` routes allows challenge authors to inject arbitrary javascript which runs on the same origin as `http[:]//dojo[.]website`.

Code Injection
CVE-2026-25068 None
alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder.

Buffer Overflow Heap Overflow Denial Of Service
CVE-2026-25046 LOW CVSS 2.9
Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CLI) agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync() as shell command strings. [CVSS 2.9 LOW]

Command Injection RCE
CVE-2026-1665 None
A command injection vulnerability exists in nvm (Node Version Manager) versions 0.40.3 and below. The nvm_download() function uses eval to execute wget commands, and the NVM_AUTH_HEADER environment variable was not sanitized in the wget code path (though it was sanitized in the curl code path).

Docker Command Injection
CVE-2026-1598 LOW CVSS 3.5
A vulnerability was found in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. Impacted is an unknown function of the file /dashboard/home/profile of the component User Information Module. [CVSS 3.5 LOW]

XSS
CVE-2026-1588 LOW CVSS 2.7
A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshERP-boot/plugin/installByPath of the component com.gitee.starblues.integration.operator.DefaultPluginOperator. [CVSS 2.7 LOW]

Path Traversal
CVE-2025-53869 LOW CVSS 3.7
Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates, which may allow a man-in-the-middle attacker to replace the set of root certificates used by the product with a set of arbitrary certificates. [CVSS 3.7 LOW]

Authentication Bypass
CVE-2025-15288 LOW CVSS 3.1
Tanium addressed an improper access controls vulnerability in Interact. [CVSS 3.1 LOW]

Authentication Bypass
CVE-2025-13905 None
CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege escalation through the reverse shell when one or more executable service binaries are modified in the installation folder by a local user with normal privilege upon service restart.

Privilege Escalation

Today's Vulnerabilities Vulnerabilities