THREAT ALERT

EMERGENCY CVE-2026-1340 9.8 Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that allows unauthenticated attackers to achieve remote code execution on the mobile device management server. Compromising the MDM server provides access to all managed mobile device configurations, policies, and potentially the ability to push malicious profiles to enrolled devices. | ACT NOW CVE-2026-1281 9.8 Ivanti Endpoint Manager Mobile (EPMM) contains a critical code injection vulnerability (CVE-2026-1281, CVSS 9.8) that allows unauthenticated remote attackers to execute arbitrary code. With EPSS 64.8% and KEV listing, this vulnerability in the mobile device management platform threatens the security of every managed mobile device in the organization, as EPMM has the ability to push configurations, certificates, and apps to enrolled devices. | EMERGENCY CVE-2025-40551 9.8 SolarWinds Web Help Desk contains an unauthenticated Java deserialization vulnerability (CVE-2025-40551, CVSS 9.8) that enables remote code execution. With EPSS 80.6% and KEV listing, this is the more severe of two concurrent WHD vulnerabilities, allowing attackers to execute arbitrary commands on the host server without any credentials. | ACT NOW CVE-2025-40536 8.1 SolarWinds Web Help Desk contains a security control bypass vulnerability (CVE-2025-40536) that allows unauthenticated attackers to access restricted functionality. With EPSS 69% and KEV listing, this CVSS 8.1 vulnerability is particularly concerning given SolarWinds' history of being targeted in supply chain attacks and the sensitive IT service data typically stored in help desk systems. | EMERGENCY CVE-2026-24858 9.8 Fortinet FortiAnalyzer and FortiManager contain a critical authentication bypass vulnerability (CVE-2026-24858, CVSS 9.8) that allows unauthenticated remote attackers to gain administrative access through an alternate authentication path. With EPSS 2.8% but KEV listing confirming active exploitation, this vulnerability threatens the security management infrastructure that organizations rely on to protect their networks. | ACT NOW CVE-2026-21509 7.8 Microsoft Office contains a security feature bypass (CVE-2026-21509, CVSS 7.8) where reliance on untrusted inputs in security decisions allows local attackers to bypass protections designed to prevent execution of malicious content. KEV-listed with EPSS 9.3%, this vulnerability enables attackers to circumvent Office security features like Protected View or macro restrictions through crafted documents. | EMERGENCY CVE-2026-24423 9.8 SmarterTools SmarterMail prior to build 9511 contains a second critical vulnerability (CVE-2026-24423) — an unauthenticated remote code execution flaw in the ConnectToHub API method. An attacker can redirect the SmarterMail server to connect to a malicious HTTP endpoint that serves OS commands for execution. KEV-listed with EPSS 29%, this is chainable with CVE-2026-23760 for complete server compromise. | EMERGENCY CVE-2026-23760 9.8 SmarterTools SmarterMail prior to build 9511 contains a critical authentication bypass in the password reset API (CVE-2026-23760) that allows unauthenticated attackers to reset system administrator passwords without verification. With EPSS 65% and KEV listing, this trivially exploitable vulnerability enables complete email server takeover, compromising all hosted mailboxes and organizational communications. | ACT NOW CVE-2026-20045 8.2 Cisco Unified Communications Manager and related products contain a code injection vulnerability (CVE-2026-20045) that allows unauthenticated remote attackers to execute arbitrary code. This KEV-listed vulnerability affects the core enterprise voice/video infrastructure including Unified CM, IM&P, Unity Connection, and Webex Calling Dedicated Instance, making it a high-priority threat for organizations dependent on Cisco collaboration tools. | ACT NOW CVE-2026-24061 9.8 GNU Inetutils telnetd through version 2.7 contains a critical authentication bypass that allows remote attackers to gain root access by setting the USER environment variable to '-f root' during TELNET negotiation. With EPSS 75% and KEV listing, this trivially exploitable vulnerability (CVE-2026-24061) has been widely weaponized. Public PoC is available and patches exist. | EMERGENCY CVE-2026-20963 9.8 Microsoft Office SharePoint contains a deserialization vulnerability (CVE-2026-20963) that allows authenticated users to execute arbitrary code over the network through crafted serialized objects. KEV-listed with public PoC, this CVSS 8.8 vulnerability enables any SharePoint user to escalate to server-level code execution, making it a critical threat for organizations relying on SharePoint for document management and collaboration. | ACT NOW CVE-2026-22200 7.5 Arbitrary file disclosure in osTicket 1.18.x before 1.18.3 and 1.17.x before 1.17.7 allows unauthenticated attackers to read sensitive server files by injecting malicious PHP filter expressions into ticket descriptions that are processed during PDF export. The vulnerability exploits insufficient sanitization in the mPDF library integration, enabling attackers to embed arbitrary file contents as images in generated PDFs when exporting tickets. Public exploit code exists and the issue affects default configurations where guest ticket creation is enabled. | EMERGENCY CVE-2026-21891 9.4 ZimaOS (fork of CasaOS) through 1.5.0 has an authentication bypass where passwords for system service accounts are not properly validated during login. Attackers can access the system using known service account names with any password. PoC available, EPSS 13.6%. | ACT NOW CVE-2025-66376 7.2 Zimbra Collaboration Suite (ZCS) 10.x contains a stored XSS vulnerability in the Classic UI that allows attackers to execute arbitrary JavaScript through CSS @import directives in HTML emails. KEV-listed, this vulnerability (CVE-2025-66376) enables session hijacking and account takeover when administrators or users view malicious emails, making it a high-value target for email-based espionage campaigns. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — January 30, 2026

122 CVEs tracked today. 11 Critical, 47 High, 47 Medium, 4 Low.

CVE-2026-25141 CRITICAL CVSS 9.8
Code injection in Orval TypeScript API client generator versions 7.19.0 to before 7.22.0. Generated client code may be vulnerable to injection through crafted OpenAPI specifications.

Code Injection Orval
CVE-2026-25130 CRITICAL CVSS 9.6
Multiple command injection vulnerabilities in CAI (Cybersecurity AI) framework up to 0.5.10 allow OS command execution through the security testing platform.

RCE AI / ML
CVE-2026-1699 CRITICAL CVSS 10.0
Supply chain vulnerability in Eclipse Theia GitHub Actions workflow. The preview.yml workflow uses pull_request_target with checkout, enabling malicious PRs to steal secrets. CVSS 10.0, PoC available.

Github Theia Website
CVE-2026-0963 CRITICAL CVSS 9.9
Path traversal in Crafty Controller game server management allows authenticated attackers to read/write files outside the intended directory. CVSS 9.9 with scope change.

RCE Path Traversal Crafty Controller
CVE-2025-51958 CRITICAL CVSS 9.8
Unauthenticated command injection in DokuWiki runcommand plugin via lib/plugins/runcommand. Allows arbitrary system command execution.

PHP Runcommand
CVE-2020-37056 CRITICAL CVSS 9.8
IP spoofing vulnerability in Crystal Shard http-protection 0.2.0 allows attackers to bypass protection middleware by manipulating request headers. PoC available.

Authentication Bypass
CVE-2020-37052 CRITICAL CVSS 9.8
Pre-authentication RCE in AirControl 1.4.2 network management allows unauthenticated system command execution. PoC available.

Java RCE
CVE-2020-37050 CRITICAL CVSS 9.8
Buffer overflow in Quick Player 1.3 via crafted .m3l playlist file allows arbitrary code execution. PoC available.

RCE Buffer Overflow
CVE-2020-37043 CRITICAL CVSS 9.8
Buffer overflow in 10-Strike Bandwidth Monitor 3.9 bypasses SafeSEH, ASLR, and DEP protections. PoC available.

RCE Buffer Overflow
CVE-2020-37027 CRITICAL CVSS 9.8
Unauthenticated command injection in Sickbeard alpha media management application. EPSS 0.70% with PoC available.

Command Injection
CVE-2019-25232 CRITICAL CVSS 9.8
Buffer overflow in NetPCLinker 1.0.0.0 DNS/IP field allows shell command execution. PoC available.

Buffer Overflow
CVE-2026-25156 HIGH CVSS 7.3
HotCRP conference review software versions from October 2025 through January 2026 improperly render uploaded documents inline in the browser instead of forcing download, allowing malicious HTML or SVG files to execute JavaScript with access to user credentials and HotCRP API permissions. Attackers can exploit this stored XSS vulnerability by uploading crafted documents to submission fields, which then compromise any user who clicks the document link. A patch is available to restrict inline rendering to safe document types.

XSS Hotcrp
CVE-2026-25153 HIGH CVSS 7.7
Arbitrary code execution in Backstage @backstage/plugin-techdocs-node versions before 1.13.11 and 1.14.1 allows authenticated users with repository access to execute malicious Python code on TechDocs build servers by injecting MkDocs hook configurations into mkdocs.yml files. The vulnerability affects deployments using the `runIn: local` configuration option, where an attacker can leverage the hooks feature to achieve remote code execution during documentation builds. Fixed versions implement an allowlist of permitted MkDocs configuration keys and strip unsupported keys including hooks before processing.

Python Node.js Docker Backstage Redhat
CVE-2026-25128 HIGH CVSS 7.5
Fast-xml-parser versions 5.0.9 through 5.3.3 crash when processing XML containing out-of-range numeric entity code points, allowing remote attackers to cause denial of service against applications parsing untrusted XML input. Public exploit code exists for this vulnerability. Applications should upgrade to version 5.3.4 or later to remediate.

Denial Of Service Fast Xml Parser Redhat Suse
CVE-2026-24854 HIGH CVSS 8.8
Authenticated SQL injection in ChurchCRM's PaddleNumEditor.php endpoint prior to version 6.7.2 allows any logged-in user to execute arbitrary database queries regardless of their assigned permissions. Public exploit code exists for this vulnerability, enabling attackers with valid credentials to read, modify, or delete sensitive church data. Update to version 6.7.2 or later to remediate.

PHP SQLi Churchcrm
CVE-2026-24714 HIGH CVSS 7.5
End-of-service Netgear devices with TelnetEnable functionality can have telnet service remotely activated via specially crafted magic packets, enabling unauthenticated remote access to the device. An attacker on the network can exploit this to gain command-line access without credentials, potentially leading to device compromise and lateral movement. No patch is available for affected products.

Netgear
CVE-2026-22623 HIGH CVSS 7.2
Authenticated command injection in HIKSEMI NAS devices allows privileged users to execute arbitrary commands through improper input validation on the device interface. Attackers with valid credentials can craft malicious messages to achieve unauthenticated code execution on affected systems. No patch is currently available for this vulnerability.

Command Injection RCE
CVE-2026-22277 HIGH CVSS 7.8
Dell UnityVSA versions 5.4 and prior allow local attackers with low privileges to achieve arbitrary command execution with root-level access through OS command injection. This vulnerability requires local access and no user interaction, enabling attackers to completely compromise affected systems. No patch is currently available.

Command Injection Unity Operating Environment
CVE-2026-21418 HIGH CVSS 7.8
Dell Unity versions 5.5.2 and earlier suffer from an OS command injection vulnerability that allows local attackers with low privileges to execute arbitrary commands with root-level access. The flaw stems from improper input validation in command processing, enabling privilege escalation on affected systems. No patch is currently available for this vulnerability.

Command Injection Unity Operating Environment
CVE-2026-1701 HIGH CVSS 7.3
SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /enrollment/index.php enables unauthenticated remote attackers to manipulate database queries and extract or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network against affected installations.

PHP SQLi School Management System
CVE-2026-1689 HIGH CVSS 7.3
Command injection in Tenda HG10 firmware's login interface allows unauthenticated remote attackers to execute arbitrary commands by manipulating the Host parameter in the checkUserFromLanOrWan function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can fully compromise affected devices through remote code execution.

Command Injection Hg10 Firmware
CVE-2026-1688 HIGH CVSS 7.3
SQL injection in itsourcecode Directory Management System 1.0 allows unauthenticated remote attackers to manipulate the Username parameter in /admin/index.php and execute arbitrary SQL commands. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can compromise data confidentiality, integrity, and availability.

PHP SQLi Directory Management System
CVE-2026-1687 HIGH CVSS 7.3
Hg10 Firmware versions up to - contains a vulnerability that allows attackers to command injection (CVSS 7.3).

Command Injection Hg10 Firmware
CVE-2026-1686 HIGH CVSS 8.8
Buffer overflow in Totolink A3600R firmware version 5.9c.4959 allows authenticated remote attackers to execute arbitrary code through the setAppEasyWizardConfig function via a malformed apcliSsid parameter. Public exploit code exists for this vulnerability and no patch is currently available. Affected devices are at high risk given the lack of mitigation options and active exploitation potential.

Buffer Overflow A3600r Firmware
CVE-2026-1680 HIGH CVSS 7.8
Local Admin Service versions up to 1.2.7.23180 is affected by execution with unnecessary privileges (CVSS 7.8).

Windows Local Admin Service
CVE-2026-0805 HIGH CVSS 8.2
Remote code execution in Crafty Controller's Backup Configuration feature results from insufficient path traversal validation, enabling authenticated attackers to manipulate files and execute arbitrary code on affected systems. The vulnerability requires valid credentials and specific conditions to exploit but carries high impact due to its ability to compromise system integrity and confidentiality. No patch is currently available.

RCE Path Traversal Crafty Controller
CVE-2026-0709 HIGH CVSS 7.2
Authenticated command injection in Hikvision Wireless Access Points allows credential-holding attackers to execute arbitrary commands through insufficient input validation on network packets. The vulnerability affects all users of vulnerable Hikvision WAP models with valid account access and currently lacks available patches. With a CVSS score of 7.2, this poses a significant risk for environments where administrative credentials may be compromised or shared.

Hikvision
CVE-2025-69662 HIGH CVSS 8.6
SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database. [CVSS 8.6 HIGH]

PostgreSQL SQLi AI / ML Geopandas Suse
CVE-2025-62348 HIGH CVSS 7.8
Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process. [CVSS 7.8 HIGH]

RCE Deserialization Suse
CVE-2025-36384 HIGH CVSS 8.4
Db2 contains a vulnerability that allows attackers to a local user with filesystem access to escalate their privileges due to the use (CVSS 8.4).

IBM Windows Db2
CVE-2025-36184 HIGH CVSS 7.2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level. [CVSS 7.2 HIGH]

IBM Linux Windows Db2
CVE-2025-4686 HIGH CVSS 8.6
Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assessment is affected by sql injection (CVSS 8.6).

SQLi
CVE-2025-1395 HIGH CVSS 8.2
Codriapp Innovation and Software Technologies Inc. HeyGarson is affected by error message information leak (CVSS 8.2).

Information Disclosure
CVE-2024-4027 HIGH CVSS 7.5
A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. [CVSS 7.5 HIGH]

Denial Of Service Code Injection Redhat
CVE-2020-37060 HIGH CVSS 7.8
its service configuration contains a vulnerability that allows attackers to execute arbitrary code with SYSTEM privileges (CVSS 7.8).

Privilege Escalation
CVE-2020-37059 HIGH CVSS 7.8
Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. [CVSS 7.8 HIGH]

Information Disclosure
CVE-2020-37058 HIGH CVSS 7.8
its Windows service configuration. Local attackers can exploit the unquoted path to inject malicious code contains a security vulnerability (CVSS 7.8).

Windows
CVE-2020-37057 HIGH CVSS 8.2
Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information. [CVSS 8.2 HIGH]

SQLi Online Exam System
CVE-2020-37053 HIGH CVSS 7.1
Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. [CVSS 7.1 HIGH]

SQLi Navigate Cms
CVE-2020-37051 HIGH CVSS 8.2
Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. [CVSS 8.2 HIGH]

PHP SQLi Online Exam System
CVE-2020-37049 HIGH CVSS 8.4
Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. [CVSS 8.4 HIGH]

Buffer Overflow
CVE-2020-37042 HIGH CVSS 8.4
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. [CVSS 8.4 HIGH]

Buffer Overflow
CVE-2020-37041 HIGH CVSS 7.5
OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. [CVSS 7.5 HIGH]

Linux Windows Path Traversal Opencti
CVE-2020-37040 HIGH CVSS 8.4
Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. [CVSS 8.4 HIGH]

Buffer Overflow
CVE-2020-37039 HIGH CVSS 7.5
Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the application by sending oversized input to the command line interface. [CVSS 7.5 HIGH]

Denial Of Service
CVE-2020-37038 HIGH CVSS 7.5
Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5000 repeated characters into the search field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service
CVE-2020-37036 HIGH CVSS 8.4
RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. [CVSS 8.4 HIGH]

Buffer Overflow
CVE-2020-37035 HIGH CVSS 8.2
e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. [CVSS 8.2 HIGH]

PHP SQLi
CVE-2020-37034 HIGH CVSS 7.5
HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system files. [CVSS 7.5 HIGH]

Path Traversal
CVE-2020-37033 HIGH CVSS 8.2
Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. [CVSS 8.2 HIGH]

SQLi
CVE-2020-37032 HIGH CVSS 8.8
Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. [CVSS 8.8 HIGH]

RCE Wing Ftp Server
CVE-2020-37031 HIGH CVSS 8.4
Simple Startup Manager 1.17 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory through the 'File' input parameter. [CVSS 8.4 HIGH]

Buffer Overflow
CVE-2020-37030 HIGH CVSS 7.8
Outline Service 1.3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
CVE-2020-37029 HIGH CVSS 8.4
FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. [CVSS 8.4 HIGH]

Buffer Overflow
CVE-2020-37028 HIGH CVSS 8.4
Socusoft Photo to Video Converter Professional 8.07 contains a local buffer overflow vulnerability in the 'Output Folder' input field that allows attackers to execute arbitrary code. [CVSS 8.4 HIGH]

Buffer Overflow Stack Overflow
CVE-2020-37025 HIGH CVSS 8.4
Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code through a long request in the Register feature. [CVSS 8.4 HIGH]

Windows Buffer Overflow
CVE-2020-37024 HIGH CVSS 8.4
Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code registration parameter that allows attackers to execute arbitrary code. [CVSS 8.4 HIGH]

Buffer Overflow Stack Overflow
CVE-2020-37023 HIGH CVSS 8.8
Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. [CVSS 8.8 HIGH]

PHP
CVE-2026-25210 MEDIUM CVSS 6.9
Libexpat versions before 2.7.4 are vulnerable to integer overflow in the doContent function during tag buffer reallocation, enabling local attackers with no privileges to achieve high-impact confidentiality and integrity violations. The flaw stems from missing overflow validation when calculating buffer sizes, allowing memory corruption that could lead to information disclosure or code execution. A patch is available for affected systems.

Integer Overflow Libexpat Redhat Suse
CVE-2026-25154 MEDIUM CVSS 6.1
Cross-site scripting (XSS) in LocalSend up to version 1.17.0 allows unauthenticated attackers to inject malicious scripts through the "Share via Link" web interface, which fails to properly sanitize file names in the file list display. An attacker can craft a malicious file name that executes arbitrary JavaScript in the context of a victim's browser when they access the shared link, potentially leading to session hijacking or credential theft. Public exploit code exists for this vulnerability, though a patch is available in commit 8f3cec85aa29b2b13fed9b2f8e499e1ac9b0504c.

XSS Localsend
CVE-2026-25152 MEDIUM CVSS 5.3
Backstage TechDocs plugin versions prior to 1.13.11 and 1.14.1 contain a path traversal vulnerability that allows authenticated attackers to read arbitrary files from the host filesystem when the local generator is enabled. The vulnerability stems from insufficient symlink validation during the documentation build process, enabling attackers to embed sensitive file contents into generated HTML accessible to documentation viewers. Organizations using `techdocs.generator.runIn: local` with untrusted documentation sources are at risk until patching to the fixed versions.

Node.js Docker Path Traversal Backstage Redhat
CVE-2026-25129 MEDIUM CVSS 6.7
PsySH versions prior to 0.11.23 and 0.12.19 automatically execute a `.psysh.php` file from the current working directory during startup, allowing local attackers with write access to a directory to achieve arbitrary code execution when a user launches PsySH from that location. When a privileged user such as root or a CI runner executes PsySH in an attacker-controlled directory, this results in local privilege escalation. Public exploit code exists for this vulnerability and no patch is currently available.

PHP Laravel Privilege Escalation Psysh
CVE-2026-25050 MEDIUM CVSS 5.3
Vendure versions up to 3.5.3 contains a vulnerability that allows attackers to enumerate valid usernames (email addresses) (CVSS 5.3).

Information Disclosure Vendure
CVE-2026-24855 MEDIUM CVSS 5.4
ChurchCRM versions before 6.7.2 contain a stored XSS vulnerability in the event creation feature that allows low-privileged users to inject malicious scripts into event descriptions. These payloads persist in the database and execute when administrators or other users view the affected events, potentially enabling account takeover. Public exploit code exists for this vulnerability, though a patch is available in version 6.7.2.

XSS Churchcrm
CVE-2026-22626 MEDIUM CVSS 4.9
Insufficient input validation in HIKSEMI NAS devices allows authenticated users to trigger denial of service conditions through malformed messages. An attacker with valid credentials can exploit this flaw to cause abnormal device behavior and availability disruptions without requiring user interaction. No patch is currently available to address this vulnerability.

Information Disclosure
CVE-2026-22625 MEDIUM CVSS 4.6
HIKSEMI NAS devices improperly validate filenames, allowing attackers with physical access to traverse directory structures and read sensitive system files. This vulnerability affects confidentiality but requires local presence and no authentication, making it a risk primarily in physically accessible environments. No patch is currently available for this issue.

Path Traversal
CVE-2026-22624 MEDIUM CVSS 4.3
Authenticated users of HIKSEMI NAS products can access and modify file resources belonging to other users due to insufficient access control checks. This allows any logged-in attacker to manipulate arbitrary files across user accounts without authorization, though a valid account is required to exploit the vulnerability. No patch is currently available.

Authentication Bypass
CVE-2026-1702 MEDIUM CVSS 6.3
Improper authorization in SourceCodester Pet Grooming Management Software 1.0 allows authenticated users to manipulate the group_id parameter in the user management component, potentially gaining unauthorized access to restricted functionality. An attacker with valid credentials can exploit this remotely, and public exploit code is already available. The vulnerability currently lacks a patch from the vendor.

PHP Pet Grooming Management Software
CVE-2026-1691 MEDIUM CVSS 6.3
Unsafe deserialization in Bolo Solo up to version 2.6.4 through the SnakeYAML component allows authenticated attackers to execute arbitrary code remotely via the importMarkdownsSync function. Public exploit code exists for this vulnerability and no patch is currently available. Authenticated users with access to the backup functionality can trigger this flaw to compromise affected systems.

Java Deserialization Bolo Solo
CVE-2026-1690 MEDIUM CVSS 4.7
Command injection in Tenda HG10 firmware allows remote attackers with high privileges to execute arbitrary system commands via the sysCmd parameter in /boaform/formSysCmd. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker can exploit this to achieve limited unauthorized access and potential system compromise.

Command Injection Hg10 Firmware
CVE-2026-1684 MEDIUM CVSS 5.3
Denial of service in Free5GC SMF versions up to 4.1.0 allows unauthenticated remote attackers to crash the PFCP UDP endpoint via improper handling of reports in the HandleReports function. Public exploit code exists for this vulnerability, and no patch is currently available. Organizations running affected Free5GC deployments should implement network-level mitigations to restrict PFCP endpoint access.

Golang Denial Of Service Free5gc
CVE-2026-1683 MEDIUM CVSS 5.3
Remote attackers can trigger a denial of service condition in Free5GC SMF versions up to 4.1.0 through crafted PFCP session report requests to the HandlePfcpSessionReportRequest function. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected deployments vulnerable to service disruption attacks.

Golang Denial Of Service Free5gc
CVE-2026-1682 MEDIUM CVSS 5.3
Free5GC SMF versions up to 4.1.0 contain a null pointer dereference in the PFCP UDP endpoint handler that can be triggered remotely without authentication, leading to denial of service. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker can crash the session management function by sending specially crafted PFCP association release requests.

Golang Null Pointer Dereference Free5gc
CVE-2026-1638 MEDIUM CVSS 6.3
Command injection in Tenda AC21 firmware versions 1.1.1.1/1.dmzip/16.03.08.16 allows authenticated remote attackers to execute arbitrary commands via the dmzIp parameter in the mDMZSetCfg function. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.

Command Injection Ac21 Firmware
CVE-2025-62349 MEDIUM CVSS 6.2
Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues. [CVSS 6.2 MEDIUM]

Authentication Bypass Suse
CVE-2025-36442 MEDIUM CVSS 6.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query with XML columns. [CVSS 6.5 MEDIUM]

IBM Linux Windows Denial Of Service Db2
CVE-2025-36428 MEDIUM CVSS 5.3
Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to improper neutralizatio (CVSS 5.3).

IBM Linux Windows Denial Of Service Db2
CVE-2025-36427 MEDIUM CVSS 6.5
Db2 contains a vulnerability that allows attackers to cause a denial of service due to insufficient validation of special elements in (CVSS 6.5).

IBM Linux Windows Denial Of Service Db2
CVE-2025-36424 MEDIUM CVSS 6.5
Db2 contains a vulnerability that allows attackers to cause a denial of service due to improper neutralization of special elements in (CVSS 6.5).

IBM Linux Windows Denial Of Service Db2
CVE-2025-36423 MEDIUM CVSS 6.5
Db2 contains a vulnerability that allows attackers to a local user to cause a denial of service due to improper neutralization of spec (CVSS 6.5).

IBM Linux Windows Denial Of Service Db2
CVE-2025-36407 MEDIUM CVSS 6.5
IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations. [CVSS 6.5 MEDIUM]

IBM Denial Of Service Db2
CVE-2025-36387 MEDIUM CVSS 6.5
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given specially crafted query. [CVSS 6.5 MEDIUM]

IBM Linux Windows Denial Of Service Db2
CVE-2025-36366 MEDIUM CVSS 6.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a query that invokes the JSON_Object scalar function, which may trigger an unhandled exception leading to abnormal server termination. [CVSS 6.5 MEDIUM]

IBM Linux Windows Denial Of Service Db2
CVE-2025-36365 MEDIUM CVSS 6.8
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a user-controlled key. [CVSS 6.8 MEDIUM]

IBM Linux Windows Db2
CVE-2025-36353 MEDIUM CVSS 6.2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic. [CVSS 6.2 MEDIUM]

IBM Linux Windows Denial Of Service Db2
CVE-2025-36123 MEDIUM CVSS 6.2
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service when copying large table containing XML data due to improper allocation of system resources. [CVSS 6.2 MEDIUM]

IBM Linux Windows Denial Of Service Db2
CVE-2025-36098 MEDIUM CVSS 6.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resources. [CVSS 6.5 MEDIUM]

IBM Linux Windows Denial Of Service Db2
CVE-2025-36070 MEDIUM CVSS 6.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. [CVSS 6.5 MEDIUM]

IBM Linux Windows Denial Of Service Db2
CVE-2025-36009 MEDIUM CVSS 6.5
Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to excessive use of a glo (CVSS 6.5).

IBM Linux Windows Denial Of Service Db2
CVE-2025-36001 MEDIUM CVSS 6.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion. [CVSS 6.5 MEDIUM]

IBM Linux Windows Denial Of Service Db2
CVE-2025-15322 MEDIUM CVSS 4.3
Tanium addressed an improper access controls vulnerability in Tanium Server. [CVSS 4.3 MEDIUM]

Authentication Bypass Server
CVE-2025-12899 MEDIUM CVSS 6.5
A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem. [CVSS 6.5 MEDIUM]

Buffer Overflow
CVE-2025-9226 MEDIUM CVSS 4.6
Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details. [CVSS 4.6 MEDIUM]

XSS
CVE-2025-2668 MEDIUM CVSS 6.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query. [CVSS 6.5 MEDIUM]

IBM Linux Windows Denial Of Service Db2
CVE-2020-37054 MEDIUM CVSS 4.3
Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. [CVSS 4.3 MEDIUM]

CSRF Navigate Cms
CVE-2020-37046 MEDIUM CVSS 5.3
Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. [CVSS 5.3 MEDIUM]

PHP CSRF
CVE-2020-37044 MEDIUM CVSS 5.4
OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. [CVSS 5.4 MEDIUM]

Linux Windows XSS Opencti
CVE-2020-37026 MEDIUM CVSS 5.3
Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to disable authentication by submitting crafted configuration parameters. [CVSS 5.3 MEDIUM]

CSRF
CVE-2020-37022 MEDIUM CVSS 6.4
OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's name and description parameters. Attackers can inject malicious scripts through POST requests to , enabling session hijacking and manipulation of application modules. [CVSS 6.4 MEDIUM]

XSS
CVE-2020-37019 MEDIUM CVSS 6.4
Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. [CVSS 6.4 MEDIUM]

XSS
CVE-2020-37014 MEDIUM CVSS 6.4
Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. [CVSS 6.4 MEDIUM]

XSS
CVE-2020-37003 MEDIUM CVSS 6.4
Sellacious eCommerce 4.6 contains a persistent cross-site scripting vulnerability in the Manage Your Addresses module that allows attackers to inject malicious scripts. [CVSS 6.4 MEDIUM]

XSS
CVE-2020-36998 MEDIUM CVSS 6.4
Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. [CVSS 6.4 MEDIUM]

XSS
CVE-2020-36996 MEDIUM CVSS 6.4
PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerability in the print.php page that fails to properly sanitize user-submitted message content. [CVSS 6.4 MEDIUM]

PHP XSS
CVE-2020-36966 MEDIUM CVSS 6.4
Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. [CVSS 6.4 MEDIUM]

PHP Ldap XSS
CVE-2026-25211 LOW CVSS 3.2
Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log. [CVSS 3.2 LOW]

Information Disclosure
CVE-2026-24729 None
An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions up to 2025 is affected by unrestricted upload of file with dangerous type.

File Upload RCE
CVE-2026-24728 None
A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions up to 2025 is affected by missing authentication for critical function.

Authentication Bypass
CVE-2026-23835 None
LobeHub is an open source human-and-AI-agent network. versions up to 1.143.3 contains a vulnerability that allows attackers to a discrepancy between actual resource consumption and billing calculations, caus.

Industrial Denial Of Service
CVE-2026-1723 None
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498_B20250826.

Command Injection
CVE-2026-1705 LOW CVSS 2.4
A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. [CVSS 2.4 LOW]

D-Link XSS
CVE-2026-1700 LOW CVSS 3.5
House Rental And Property Listing Project versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 3.5).

PHP XSS
CVE-2026-1685 LOW CVSS 3.7
Dir-823X Firmware versions up to 250416 is affected by improper restriction of excessive authentication attempts (CVSS 3.7).

D-Link
CVE-2026-1498 None
An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface.

Ldap
CVE-2025-26385 None
LCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 versions up to 14.1 is affected by command injection.

Command Injection
CVE-2025-24293 None
# Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default.

PHP Command Injection
CVE-2025-15497 None
Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 versions up to 2.7 is affected by reachable assertion.

Openvpn Denial Of Service
CVE-2025-13176 None
Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL.

Privilege Escalation
CVE-2025-11175 None
Wikimedia Foundation Mediawiki - DiscussionTools Extension is affected by improper neutralization of special elements used in an expression language statement.

Mediawiki
CVE-2025-7964 None
After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a ‘network leave’ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin.

Information Disclosure
CVE-2025-6723 None
Chef InSpec versions up to 5.23 and before 7.0.107 creates named pipes with overly permissive default Windows access controls.

Windows
CVE-2024-9432 None
Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data. The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X.

Information Disclosure

Today's Vulnerabilities Vulnerabilities