Skip to main content
CVE-2026-25512 HIGH POC PATCH THREAT Act Now

Authenticated attackers can execute arbitrary commands on Group-Office servers through unsanitized user input in the email attachment endpoint, where shell metacharacters are directly passed to system execution functions. The vulnerability affects Group-Office versions prior to 6.8.150, 25.0.82, and 26.0.5, and public exploit code exists. Organizations should apply available patches immediately as this is actively exploitable by authenticated users.

RCE Group Office
NVD GitHub
CVSS 3.1
8.8
EPSS
13.5%
CVE-2026-25505 CRITICAL POC PATCH Act Now

Bambuddy 3D printer management system has missing authentication (CVSS 9.8) allowing unauthenticated access to printer control and print archive.

Authentication Bypass Bambuddy
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-62616 CRITICAL POC Act Now

AutoGPT has a second SSRF vulnerability (CVSS 9.8) in a different endpoint, providing an additional path to access internal network resources.

SSRF AI / ML Autogpt Platform
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-62615 CRITICAL POC Act Now

AutoGPT has a Server-Side Request Forgery vulnerability (CVSS 9.8) allowing unauthenticated attackers to make the AI platform access internal network resources.

SSRF AI / ML Autogpt Platform
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25481 CRITICAL POC PATCH GHSA Act Now

Langroid LLM framework prior to 0.5 has a code injection vulnerability (CVSS 9.6) allowing attackers to execute arbitrary code through the AI agent system.

Code Injection AI / ML Langroid
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-25521 CRITICAL POC PATCH Act Now

Prototype pollution in the Locutus JavaScript library (npm package, versions >= 2.0.12 and < 2.0.39) lets attacker-influenced input passed to the php.strings.parse_str function pollute Object.prototype, bypassing a prior guard. The earlier fix rejected forbidden keys using String.prototype.includes(), but an attacker able to override that method - or supply crafted keys such as constructor[prototype][polluted]=yes - defeats the check; publicly available exploit code exists in the GHSA advisory. EPSS exploitation probability is very low (0.01%, 1st percentile), it is not on CISA KEV, and no public exploit is identified as active in the wild.

Locutus Information Disclosure Prototype Pollution
NVD GitHub
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-25539 CRITICAL POC PATCH Act Now

SiYuan knowledge management system prior to 3.5.5 has a path traversal in /api/file/copyFile allowing arbitrary file operations on the server.

SSH RCE Siyuan
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2026-25139 CRITICAL POC Act Now

RIOT IoT operating system has an out-of-bounds read vulnerability (CVSS 9.1) that could lead to information disclosure or crashes on IoT devices.

IoT Denial Of Service Riot
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-25160 CRITICAL POC PATCH GHSA Act Now

Alist file manager has an improper certificate validation vulnerability allowing MITM attacks that could compromise file operations and stored credentials.

TLS Alist Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-69213 HIGH POC This Week

OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajax_complete.php endpoint when handling the get_sedi operation. [CVSS 8.8 HIGH]

PHP SQLi Openstamanager
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-69215 HIGH POC This Week

OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. [CVSS 8.8 HIGH]

SQLi Openstamanager
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25161 HIGH POC PATCH GHSA This Week

Path traversal in Alist prior to version 3.57.0 allows authenticated users to manipulate filename parameters and bypass directory restrictions within the same storage mount. Attackers can exploit this vulnerability to perform unauthorized file operations including deletion, movement, and copying across user boundaries. Public exploit code exists for this vulnerability.

Path Traversal Alist Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25514 HIGH POC PATCH This Week

FacturaScripts is open-source enterprise resource planning and accounting software. [CVSS 8.8 HIGH]

SQLi Facturascripts
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25513 HIGH POC PATCH This Week

Authenticated users can execute arbitrary SQL commands against FacturaScripts REST API endpoints through unsanitized sort parameters in the ModelClass::getOrderBy() method, allowing data theft, modification, or deletion. Public exploit code exists for this vulnerability affecting all versions prior to 2025.81. Organizations using vulnerable FacturaScripts instances should immediately apply the available patch and restrict API access to trusted users.

SQLi Facturascripts
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25538 HIGH POC PATCH This Week

Devtron is an open source tool integration platform for Kubernetes. [CVSS 8.8 HIGH]

Kubernetes Devtron Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-24884 HIGH POC PATCH This Week

Compressing library versions 1.10.3 and prior, and 2.0.0 fail to validate symbolic link targets during TAR archive extraction, allowing attackers to write files to arbitrary locations on the filesystem. Public exploit code exists for this vulnerability, which could enable overwriting critical system files or establishing persistence. Patched versions 1.10.4 and 2.0.1 are available.

Path Traversal Compressing
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-22038 HIGH POC PATCH This Week

AutoGPT platform versions prior to v0.6.46 expose API keys and authentication secrets in application logs due to insecure logging of decrypted credentials across three Stagehand integration blocks. Authenticated users can access these plaintext secrets through log files, enabling credential theft and unauthorized access to integrated services. Public exploit code exists for this vulnerability, though a patch is available in v0.6.46 and later.

Information Disclosure AI / ML Autogpt Platform
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-25584 HIGH POC PATCH This Week

Stack buffer overflow in iccDEV versions prior to 2.3.1.3 allows local attackers to corrupt memory, leak sensitive information, or execute arbitrary code by supplying malformed ICC color profile files. The vulnerability exists in the CIccTagFloatNum<>::GetValues() function and is triggered during profile processing, affecting users who handle untrusted ICC files. Public exploit code exists for this vulnerability.

Memory Corruption Information Disclosure Iccdev
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25585 HIGH POC PATCH This Week

Out-of-bounds memory read in iccDEV versions prior to 2.3.1.3 allows local attackers to disclose sensitive memory contents or trigger application crashes by crafting malformed ICC color profiles that bypass array bounds validation. The vulnerability exists in IccCmm.cpp during profile index processing and has public exploit code available. Update to version 2.3.1.3 or later to remediate.

Buffer Overflow Iccdev
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25583 HIGH POC PATCH This Week

Heap buffer overflow in iccDEV versions prior to 2.3.1.3 allows local attackers to achieve code execution with high privileges by crafting malformed ICC color profile files that trigger unsafe memory operations during file parsing. Public exploit code exists for this vulnerability. All users of iccDEV should upgrade to version 2.3.1.3 or later immediately.

Buffer Overflow Iccdev
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25582 HIGH POC PATCH This Week

Heap buffer overflow in iccDEV versions prior to 2.3.1.3 allows local attackers with user interaction to read sensitive memory and potentially execute code by supplying malformed XML files to the iccFromXml tool during ICC profile conversion. Public exploit code exists for this vulnerability. A patch is available in version 2.3.1.3 and later.

Buffer Overflow Iccdev
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25537 HIGH POC PATCH This Week

jsonwebtoken prior to version 10.3.0 allows attackers to bypass JWT time-based validation checks through type confusion when standard claims like nbf or exp are provided with incorrect JSON types. The library incorrectly treats malformed claims as absent rather than invalid, enabling bypass of critical security restrictions if validation is enabled but the claim is not explicitly marked as required. Public exploit code exists for this vulnerability.

Buffer Overflow Jsonwebtoken Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25575 HIGH POC PATCH This Week

Navigatum contains a vulnerability that allows attackers to overwrite files in directories writable by the application user (e (CVSS 7.5).

Path Traversal Navigatum
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25499 HIGH POC PATCH This Week

The Terraform/OpenTofu Proxmox Provider prior to version 0.93.1 contains a path traversal vulnerability in its SSH sudoer configuration documentation that permits attackers to escape directory restrictions using ../ sequences and modify arbitrary files on the system. Public exploit code exists for this vulnerability, affecting users who implement the documented SSH configuration. The vulnerability has been patched in version 0.93.1 and a fix is available.

SSH Proxmox Terraform Provider Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-71031 HIGH POC This Week

Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. [CVSS 7.5 HIGH]

Denial Of Service Melon
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25541 HIGH POC PATCH This Week

Integer overflow in the Bytes library versions 1.2.1 through 1.11.0 allows attackers to corrupt the BytesMut capacity value, leading to out-of-bounds memory access and undefined behavior in release builds. Public exploit code exists for this vulnerability, affecting applications that depend on Bytes for buffer management. A patch is available in version 1.11.1.

Integer Overflow Bytes
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-15555 MEDIUM POC PATCH This Month

A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. [CVSS 7.3 HIGH]

Buffer Overflow Open5gs
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-25475 MEDIUM POC PATCH This Month

OpenClaw versions prior to 2026.1.30 suffer from a path traversal vulnerability in the isValidMedia() function that permits authenticated agents to read arbitrary files on the system by crafting malicious MEDIA output directives. An attacker with agent access can leverage this flaw to exfiltrate sensitive data accessible to the application process. Public exploit code exists for this vulnerability, and no patch is currently available.

Path Traversal AI / ML Openclaw
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-68699 MEDIUM POC PATCH This Month

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions ($share/). [CVSS 6.5 MEDIUM]

Denial Of Service Nanomq
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-69618 MEDIUM POC This Month

Coto versions up to 11.4.0 is affected by unrestricted upload of file with dangerous type (CVSS 6.5).

File Upload RCE Coto
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-25579 MEDIUM POC PATCH This Month

Navidrome versions prior to 0.60.0 allow authenticated users to trigger denial of service by requesting image resizing with extremely large parameters, causing uncontrolled memory allocation and potential disk exhaustion. Public exploit code exists for this vulnerability, which can crash the server process via the OOM killer or fill the cache directory with massive files. An attacker with valid credentials can achieve complete service outage without administrative privileges.

Linux Denial Of Service Navidrome Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-70997 MEDIUM POC This Month

A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level. [CVSS 6.5 MEDIUM]

Authentication Bypass Eladmin
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25578 MEDIUM POC PATCH This Month

Navidrome versions before 0.60.0 contain a stored cross-site scripting vulnerability in song comment metadata that allows attackers to inject malicious scripts and steal user credentials when victims view affected music files. Public exploit code exists for this vulnerability. Administrators should upgrade to version 0.60.0 or later to remediate the risk.

XSS Navidrome Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59818 CRITICAL Act Now

A product has an authenticated command injection vulnerability (CVSS 10.0) allowing execution of arbitrary OS commands on the underlying system.

Command Injection Tcis 3 Firmware
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-1633 CRITICAL Act Now

Synectix LAN 232 TRIO serial-to-ethernet adapter exposes its web management interface without authentication (CVSS 10.0), enabling unauthenticated control of serial devices.

IoT Authentication Bypass
NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-25115 CRITICAL PATCH Act Now

n8n has a protection mechanism bypass (CVSS 9.9) in the Python sandbox allowing authenticated users to escape code execution restrictions.

Python N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-25049 CRITICAL POC PATCH Act Now

n8n workflow automation platform has an authenticated code execution vulnerability (CVSS 9.9) through improper runtime behavior modification, enabling server takeover.

RCE Command Injection Code Injection Node.js AI / ML +1
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-25053 CRITICAL PATCH Act Now

n8n has a command injection vulnerability (CVSS 9.9) allowing authenticated users to execute arbitrary OS commands through workflow definitions.

RCE Command Injection Information Disclosure Node.js AI / ML +1
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-25052 CRITICAL PATCH Act Now

n8n has a TOCTOU race condition vulnerability (CVSS 9.9) enabling bypass of execution restrictions in workflow processing.

Information Disclosure AI / ML N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2025-64712 CRITICAL PATCH Act Now

The unstructured Python library for document ingestion has a path traversal vulnerability allowing arbitrary file read/write during document processing.

Path Traversal Unstructured
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13375 CRITICAL Act Now

IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 allows unauthenticated users to execute certain cryptographic operations that should require elevated privileges.

IBM
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25526 CRITICAL PATCH Act Now

JinJava template engine has a server-side template injection vulnerability enabling arbitrary code execution through crafted Jinja-style templates.

Java Golang Django Jinjava
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-5329 CRITICAL Act Now

An Emit Informatics product has a SQL injection vulnerability allowing unauthenticated attackers to compromise the database through unsanitized input.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-69620 MEDIUM POC This Month

A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage. [CVSS 5.0 MEDIUM]

Denial Of Service Path Traversal Office Reader
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-20098 HIGH This Week

Unauthenticated file upload in Cisco Meeting Management's Certificate Management interface allows authenticated attackers to write arbitrary files and execute commands with root privileges on affected systems. An attacker with valid credentials can exploit improper input validation in the web management interface to overwrite system files processed with elevated privileges, leading to complete system compromise. No patch is currently available for this vulnerability.

Cisco Meeting Management
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2026-25511 MEDIUM POC PATCH This Month

Server-side request forgery in Group Office's WOPI service discovery allows authenticated System Administrators to access internal hosts, ports, and files on the affected server. The vulnerability enables attackers to exfiltrate SSRF response bodies through the debug system, effectively converting a blind SSRF into a visible information disclosure attack. Public exploit code exists for this medium-severity flaw, which has been patched in versions 6.8.150, 25.0.82, and 26.0.5.

SSRF Group Office
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-25056 HIGH PATCH This Week

N8N versions up to 1.118.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

RCE AI / ML N8n
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-1756 HIGH This Week

WP FOFT Loader (WordPress plugin) is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

WordPress RCE
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-1819 HIGH This Week

Karel Electronics Industry and Trade Inc. ViPort is affected by cross-site scripting (xss) (CVSS 8.8).

XSS
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-15368 HIGH This Week

The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'template_name' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be...

WordPress PHP LFI Information Disclosure RCE
NVD
CVSS 3.1
8.8
EPSS
0.1%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy