Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. [CVSS 8.8 HIGH]
Buffer overflow in Totolink A3600R firmware version 5.9c.4959 allows authenticated remote attackers to execute arbitrary code through the setAppEasyWizardConfig function via a malformed apcliSsid parameter. Public exploit code exists for this vulnerability and no patch is currently available. Affected devices are at high risk given the lack of mitigation options and active exploitation potential.
Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. [CVSS 8.8 HIGH]
Authenticated SQL injection in ChurchCRM's PaddleNumEditor.php endpoint prior to version 6.7.2 allows any logged-in user to execute arbitrary database queries regardless of their assigned permissions. Public exploit code exists for this vulnerability, enabling attackers with valid credentials to read, modify, or delete sensitive church data. Update to version 6.7.2 or later to remediate.
SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database. [CVSS 8.6 HIGH]
Simple Startup Manager 1.17 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory through the 'File' input parameter. [CVSS 8.4 HIGH]
FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. [CVSS 8.4 HIGH]
Socusoft Photo to Video Converter Professional 8.07 contains a local buffer overflow vulnerability in the 'Output Folder' input field that allows attackers to execute arbitrary code. [CVSS 8.4 HIGH]
Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code through a long request in the Register feature. [CVSS 8.4 HIGH]
Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code registration parameter that allows attackers to execute arbitrary code. [CVSS 8.4 HIGH]
RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. [CVSS 8.4 HIGH]
Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. [CVSS 8.4 HIGH]
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. [CVSS 8.4 HIGH]
Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. [CVSS 8.4 HIGH]
Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information. [CVSS 8.2 HIGH]
Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. [CVSS 8.2 HIGH]
e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. [CVSS 8.2 HIGH]
Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. [CVSS 8.2 HIGH]
its service configuration contains a vulnerability that allows attackers to execute arbitrary code with SYSTEM privileges (CVSS 7.8).
its Windows service configuration. Local attackers can exploit the unquoted path to inject malicious code contains a security vulnerability (CVSS 7.8).
Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. [CVSS 7.8 HIGH]
Outline Service 1.3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]
Local Admin Service versions up to 1.2.7.23180 is affected by execution with unnecessary privileges (CVSS 7.8).
OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. [CVSS 7.5 HIGH]
HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system files. [CVSS 7.5 HIGH]
Fast-xml-parser versions 5.0.9 through 5.3.3 crash when processing XML containing out-of-range numeric entity code points, allowing remote attackers to cause denial of service against applications parsing untrusted XML input. Public exploit code exists for this vulnerability. Applications should upgrade to version 5.3.4 or later to remediate.
Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the application by sending oversized input to the command line interface. [CVSS 7.5 HIGH]
Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5000 repeated characters into the search field to trigger an application crash. [CVSS 7.5 HIGH]
Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. [CVSS 7.1 HIGH]
Arbitrary Python code execution in Backstage's @backstage/plugin-techdocs-node (versions < 1.13.11 and = 1.14.0) lets a contributor who can add or edit a repository's mkdocs.yml inject a malicious MkDocs `hooks` directive that runs on the TechDocs build server whenever TechDocs is configured with `runIn: local`. The flaw also affects documentation built in CI/CD via @techdocs/cli, which bundles the same package. EPSS is very low (0.02%, 6th percentile) and there is no public exploit identified at time of analysis, but the CVSS of 8.8 reflects full host compromise of the build environment.
Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assessment is affected by sql injection (CVSS 8.6).
Db2 contains a vulnerability that allows attackers to a local user with filesystem access to escalate their privileges due to the use (CVSS 8.4).
Remote code execution in Crafty Controller's Backup Configuration feature results from insufficient path traversal validation, enabling authenticated attackers to manipulate files and execute arbitrary code on affected systems. The vulnerability requires valid credentials and specific conditions to exploit but carries high impact due to its ability to compromise system integrity and confidentiality. No patch is currently available.
Codriapp Innovation and Software Technologies Inc. HeyGarson is affected by error message information leak (CVSS 8.2).
Dell UnityVSA versions 5.4 and prior allow local attackers with low privileges to achieve arbitrary command execution with root-level access through OS command injection. This vulnerability requires local access and no user interaction, enabling attackers to completely compromise affected systems. No patch is currently available.
Dell Unity versions 5.5.2 and earlier suffer from an OS command injection vulnerability that allows local attackers with low privileges to execute arbitrary commands with root-level access. The flaw stems from improper input validation in command processing, enabling privilege escalation on affected systems. No patch is currently available for this vulnerability.
Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process. [CVSS 7.8 HIGH]
A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. [CVSS 7.5 HIGH]
End-of-service Netgear devices with TelnetEnable functionality can have telnet service remotely activated via specially crafted magic packets, enabling unauthenticated remote access to the device. An attacker on the network can exploit this to gain command-line access without credentials, potentially leading to device compromise and lateral movement. No patch is available for affected products.
HotCRP conference review software versions from October 2025 through January 2026 improperly render uploaded documents inline in the browser instead of forcing download, allowing malicious HTML or SVG files to execute JavaScript with access to user credentials and HotCRP API permissions. Attackers can exploit this stored XSS vulnerability by uploading crafted documents to submission fields, which then compromise any user who clicks the document link. A patch is available to restrict inline rendering to safe document types.
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level. [CVSS 7.2 HIGH]
Authenticated command injection in HIKSEMI NAS devices allows privileged users to execute arbitrary commands through improper input validation on the device interface. Attackers with valid credentials can craft malicious messages to achieve unauthenticated code execution on affected systems. No patch is currently available for this vulnerability.
Authenticated command injection in Hikvision Wireless Access Points allows credential-holding attackers to execute arbitrary commands through insufficient input validation on network packets. The vulnerability affects all users of vulnerable Hikvision WAP models with valid account access and currently lacks available patches. With a CVSS score of 7.2, this poses a significant risk for environments where administrative credentials may be compromised or shared.