Skip to main content
CVE-2026-1699 CRITICAL POC Act Now

Supply chain vulnerability in Eclipse Theia GitHub Actions workflow. The preview.yml workflow uses pull_request_target with checkout, enabling malicious PRs to steal secrets. CVSS 10.0, PoC available.

Github Theia Website
NVD
CVSS 3.1
10.0
EPSS
0.0%
CVE-2020-37027 CRITICAL POC Act Now

Unauthenticated command injection in Sickbeard alpha media management application. EPSS 0.70% with PoC available.

Command Injection
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-37052 CRITICAL POC Act Now

Pre-authentication RCE in AirControl 1.4.2 network management allows unauthenticated system command execution. PoC available.

Java RCE
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2020-37050 CRITICAL POC Act Now

Buffer overflow in Quick Player 1.3 via crafted .m3l playlist file allows arbitrary code execution. PoC available.

RCE Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-37043 CRITICAL POC Act Now

Buffer overflow in 10-Strike Bandwidth Monitor 3.9 bypasses SafeSEH, ASLR, and DEP protections. PoC available.

RCE Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-37056 CRITICAL POC Act Now

IP spoofing vulnerability in Crystal Shard http-protection 0.2.0 allows attackers to bypass protection middleware by manipulating request headers. PoC available.

Authentication Bypass
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2019-25232 CRITICAL POC Act Now

Buffer overflow in NetPCLinker 1.0.0.0 DNS/IP field allows shell command execution. PoC available.

Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-0963 CRITICAL Act Now

Path traversal in Crafty Controller game server management allows authenticated attackers to read/write files outside the intended directory. CVSS 9.9 with scope change.

RCE Path Traversal Crafty Controller
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-51958 CRITICAL Act Now

Unauthenticated command injection in DokuWiki runcommand plugin via lib/plugins/runcommand. Allows arbitrary system command execution.

PHP Runcommand
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25141 CRITICAL PATCH Act Now

Code injection in Orval TypeScript API client generator versions 7.19.0 to before 7.22.0. Generated client code may be vulnerable to injection through crafted OpenAPI specifications.

Code Injection Orval
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-25130 CRITICAL POC Act Now

Multiple command injection vulnerabilities in CAI (Cybersecurity AI) framework up to 0.5.10 allow OS command execution through the security testing platform.

RCE AI / ML
NVD GitHub
CVSS 3.1
9.6
EPSS
0.0%
CVE-2025-24293 CRITICAL PATCH Act Now

Command injection in Ruby on Rails Active Storage allows attackers to abuse a permissive default allow-list of image transformation methods, escaping the framework's safe-transformation guardrails when an application forwards untrusted input as the transformation method or its parameters. Three methods on the default allow-list can be used to circumvent the safe defaults and reach the underlying ImageMagick processor, enabling OS command injection (CVSS 4.0 9.2). No public exploit has been identified at time of analysis, and EPSS is low at 0.22% (44th percentile), but a vendor patch is available and the issue is RCE-class.

PHP Command Injection
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy