Skip to main content
CVE-2026-1731 CRITICAL POC KEV EUVD KEV THREAT Emergency

BeyondTrust Remote Support (RS) and older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability (CVE-2026-1731) that allows unauthenticated attackers to execute OS commands through specially crafted requests. With EPSS 66% and KEV listing with public PoC, this vulnerability is devastating because these products are specifically designed for privileged remote access — compromising them grants attackers access to the most sensitive systems in an organization.

RCE Remote Support Privileged Remote Access
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
66.1%
Threat
6.9
CVE-2026-21643 CRITICAL POC KEV THREAT Emergency

A product has a SQL injection vulnerability enabling unauthenticated database compromise through improperly neutralized SQL commands.

Fortinet SQLi
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
Threat
5.0
CVE-2026-25520 CRITICAL POC PATCH Act Now

SandboxJS has a second CVSS 10.0 sandbox escape where function return values aren't properly sanitized, allowing code execution outside the sandbox.

RCE Sandboxjs
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-25587 CRITICAL POC PATCH Act Now

SandboxJS has a fourth CVSS 10.0 sandbox escape through Map's safe prototype being used as a gateway to inject arbitrary code.

Code Injection RCE Sandboxjs
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-25586 CRITICAL POC PATCH Act Now

SandboxJS has a third CVSS 10.0 sandbox escape via Map prototype shadowing that allows complete sandbox bypass.

Information Disclosure Sandboxjs
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-25641 CRITICAL POC PATCH Act Now

SandboxJS has a fifth CVSS 10.0 escape via a TOCTOU race condition in sandbox validation, allowing code to slip through during the check-execute gap.

Information Disclosure Sandboxjs
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2025-64111 CRITICAL POC PATCH Act Now

Gogs self-hosted Git service v0.13.3 has a command injection vulnerability enabling remote code execution through crafted repository operations.

Command Injection Gogs Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-2017 CRITICAL POC Act Now

IP-COM W30AP wireless access point up to firmware 1.0.0.11 has a buffer overflow that allows remote attackers to execute code or crash the device.

Buffer Overflow Stack Overflow W30ap Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-25643 CRITICAL POC Act Now

Frigate NVR has a command injection vulnerability (CVSS 9.1) allowing authenticated attackers to execute OS commands on the network video recorder.

Command Injection RCE Frigate
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.1
EPSS
0.3%
CVE-2019-25298 CRITICAL POC Act Now

html5_snmp 1.11 has multiple SQL injection vulnerabilities allowing attackers to manipulate SNMP monitoring database queries.

SNMP SQLi Html5 Snmp
NVD GitHub Exploit-DB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-69212 HIGH POC This Week

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M (signed XML) file decoding functionality. [CVSS 8.8 HIGH]

Command Injection Openstamanager
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2070 HIGH POC This Week

Remote code execution in UTT 520W firmware versions up to 1.7.7-180627 through a buffer overflow in the /goform/formPolicyRouteConf endpoint allows authenticated attackers to execute arbitrary commands on affected devices. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. The flaw stems from improper bounds checking in the GroupName parameter handling.

Buffer Overflow 520w Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2068 HIGH POC This Week

Remote code execution in UTT 520W firmware 1.7.7-180627 allows authenticated attackers to execute arbitrary code via a buffer overflow in the ServerIp parameter of the /goform/formSyslogConf endpoint. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure attempts. The attack requires network access and valid credentials but executes with full system privileges.

Buffer Overflow 520w Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2067 HIGH POC This Week

Remote code execution in UTT 520W firmware through a buffer overflow in the /goform/formTimeGroupConfig endpoint allows authenticated attackers to achieve complete system compromise via manipulation of the year1 parameter. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification. The high CVSS score of 8.8 reflects the combination of network accessibility, low attack complexity, and full impact on confidentiality, integrity, and availability.

Buffer Overflow 520w Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2066 HIGH POC This Week

Remote code execution in UTT 520W firmware versions up to 1.7.7-180627 via stack buffer overflow in the /goform/formIpGroupConfig endpoint allows authenticated attackers to achieve complete system compromise. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early disclosure notification. Affected devices are remotely exploitable with no user interaction required.

Buffer Overflow 520w Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-69214 HIGH POC This Week

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajax_select.php endpoint when handling the componenti operation. [CVSS 8.8 HIGH]

PHP SQLi Openstamanager
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25533 HIGH POC PATCH This Week

Enclave versions up to 2.10.1 is affected by loop with unreachable exit condition (infinite loop) (CVSS 8.8).

Denial Of Service RCE AI / ML Enclave
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25635 HIGH POC PATCH This Week

Remote code execution in Calibre prior to version 9.2.0 through a path traversal flaw in the CHM reader allows local attackers to write arbitrary files with user permissions, enabling payload execution via the Windows Startup folder. Public exploit code exists for this vulnerability. Windows users should upgrade to Calibre 9.2.0 or later to remediate the risk.

Windows RCE Path Traversal Calibre Red Hat +1
NVD GitHub
CVSS 3.1
8.6
EPSS
0.2%
CVE-2026-25580 HIGH POC PATCH This Week

Pydantic AI versions 0.0.26 through 1.55.x contain a server-side request forgery vulnerability in URL download functionality that allows remote attackers to make arbitrary HTTP requests to internal network resources when applications process untrusted message history. Public exploit code exists for this vulnerability, which could enable attackers to access internal services or cloud credentials. Applications must upgrade to version 1.56.0 or later to remediate the issue.

Python SSRF Pydantic Ai
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-25628 HIGH POC PATCH This Week

Arbitrary file append vulnerability in Qdrant vector database versions 1.9.3 through 1.15.x allows authenticated users with minimal read-only privileges to write to arbitrary files through an unsanitized log file path parameter in the /logger endpoint. Public exploit code exists for this vulnerability, enabling attackers to corrupt system files or inject malicious content with high impact to confidentiality, integrity, and availability. The issue is resolved in version 1.16.0.

Information Disclosure AI / ML Qdrant
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-25636 HIGH POC PATCH This Week

Calibre 9.1.0 and earlier contains a path traversal vulnerability in EPUB conversion that allows malicious EPUB files to corrupt or modify arbitrary files writable by the Calibre process. The vulnerability exploits improper handling of CipherReference URIs in encryption metadata, enabling attackers to write outside the intended extraction directory. Public exploit code exists for this high-severity issue, which is patched in version 9.2.0.

Path Traversal Calibre Red Hat Suse
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2019-25304 HIGH POC This Week

SecurosCtrlService contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 7.8).

Information Disclosure
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25266 HIGH POC This Week

Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25293 HIGH POC This Week

BstHdLogRotatorSvc service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25302 HIGH POC This Week

DsiWMIService contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 7.8).

Information Disclosure
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25634 HIGH POC PATCH This Week

Stack buffer overlap in iccDEV's color profile processing library prior to version 2.3.1.4 enables local attackers with user interaction to achieve arbitrary code execution through malicious ICC color management profiles. The vulnerability exists in the CIccTagMultiProcessElement::Apply() function where SrcPixel and DestPixel buffers overlap, and public exploit code is currently available. A patch has been released in version 2.3.1.4 to address this issue.

Buffer Overflow Iccdev
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25305 HIGH POC This Week

JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute malicious code with elevated system permissions. [CVSS 7.8 HIGH]

Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25731 HIGH POC PATCH This Week

calibre is an e-book manager. [CVSS 7.8 HIGH]

RCE Calibre Red Hat Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25292 HIGH POC This Week

Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-70963 HIGH POC PATCH This Week

Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. [CVSS 7.6 HIGH]

Authentication Bypass Information Disclosure Gophish Suse
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-25732 HIGH POC PATCH GHSA This Week

Path traversal in NiceGUI before 3.7.0 allows remote attackers to write arbitrary files outside intended directories by exploiting unsanitized filename metadata in the FileUpload.name property, potentially leading to remote code execution when developers incorporate this value directly into file paths. Public exploit code exists for this vulnerability, affecting applications using common patterns like concatenating user-supplied filenames with upload directories. Developers are only protected if they use fixed paths, generate filenames server-side, or explicitly sanitize user input.

Python RCE Path Traversal Nicegui
NVD GitHub Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25758 HIGH POC PATCH This Week

Spree Commerce's guest checkout feature contains an insecure direct object reference (IDOR) flaw that allows unauthenticated attackers to access other customers' personally identifiable information by manipulating address parameters during transaction processing. Public exploit code exists for this vulnerability, which affects all guest checkout flows across multiple Spree versions. Patches are available for versions 4.10.3, 5.0.8, 5.1.10, 5.2.7, and 5.3.2.

Ruby DNS Spree
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68621 HIGH POC PATCH This Week

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. [CVSS 7.4 HIGH]

Authentication Bypass Trilium
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
CVE-2019-25303 HIGH POC This Week

TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. [CVSS 7.1 HIGH]

SQLi
NVD GitHub Exploit-DB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2019-25300 HIGH POC This Week

thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information. [CVSS 7.1 HIGH]

SQLi
NVD GitHub Exploit-DB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2019-25299 HIGH POC This Week

RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. [CVSS 7.1 HIGH]

Linux SQLi
NVD GitHub Exploit-DB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-2103 HIGH POC This Week

Syteline Erp versions up to 10.0.8803.16889 is affected by use of hard-coded cryptographic key (CVSS 7.1).

Information Disclosure Syteline Erp
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-25749 MEDIUM POC PATCH This Month

Heap buffer overflow in Vim's tag file resolution allows local attackers with user privileges to corrupt heap memory and crash the application or potentially execute code by supplying a malicious 'helpfile' option value. The vulnerability exists in the get_tagfname() function which fails to validate the length of user-controlled input before copying it into a fixed-size buffer. Public exploit code exists for this issue affecting Vim prior to version 9.1.2132, though a patch is available.

Buffer Overflow Heap Overflow Vim
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-23633 MEDIUM POC PATCH This Month

Gogs versions 0.13.3 and earlier are vulnerable to arbitrary file read and write operations through path traversal in the Git hook editing functionality, affecting self-hosted installations. An authenticated attacker with high privileges can exploit this vulnerability to access or modify files outside the intended directory. Public exploit code exists for this vulnerability, and no patch is currently available.

Path Traversal Gogs Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-22592 MEDIUM POC PATCH This Month

Denial of service in Gogs 0.13.3 and earlier allows authenticated users to crash the application by deleting repository files before synchronization. Public exploit code exists for this vulnerability, affecting self-hosted Git service deployments. A patch is available in versions 0.13.4 and 0.14.0+dev.

Denial Of Service Gogs Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-24419 MEDIUM POC This Month

SQL injection in OpenSTAManager v2.9.8 and earlier allows authenticated attackers to extract sensitive data through the Prima Nota module's unvalidated id_documenti parameter. Public exploit code exists for this vulnerability, which bypasses input validation on comma-separated values used in SQL IN() clauses to leak information via XPATH error-based techniques. The vulnerability affects PHP-based deployments and currently has no available patch.

PHP SQLi Openstamanager
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25760 MEDIUM POC PATCH This Month

Authenticated operators in Sliver C2 framework versions prior to 1.6.11 can read arbitrary files on the server through a path traversal vulnerability in the website content subsystem, potentially exposing sensitive credentials, configurations, and cryptographic keys. Public exploit code exists for this vulnerability. The issue is resolved in version 1.6.11 and later.

Wireguard Path Traversal Sliver Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24418 MEDIUM POC This Month

OpenSTAManager versions 2.9.8 and earlier are vulnerable to SQL injection in the Payment Schedule module's bulk operations handler, where inadequate input validation on record IDs allows authenticated attackers to execute arbitrary SQL queries and extract sensitive data via error-based techniques. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid user credentials but can expose confidential information from the application database.

SQLi Openstamanager
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24417 MEDIUM POC This Month

OpenSTAManager v2.9.8 and earlier allow authenticated attackers to conduct time-based SQL injection attacks through the global search functionality, enabling extraction of sensitive data from the underlying database. The vulnerability stems from insufficient input validation on the search term parameter used in SQL LIKE clauses across multiple search handlers. Public exploit code exists for this vulnerability, and no patch is currently available.

SQLi Openstamanager
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24416 MEDIUM POC This Month

OpenSTAManager v2.9.8 and earlier allows authenticated remote attackers to extract sensitive data through time-based SQL injection in the article pricing handler due to insufficient input sanitization of the idarticolo parameter. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can infer database contents through carefully timed SQL queries without requiring user interaction.

SQLi Openstamanager
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-69216 MEDIUM POC This Month

OpenSTAManager is an open source management software for technical assistance and invoicing. [CVSS 6.5 MEDIUM]

PHP SQLi Openstamanager
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2019-25301 MEDIUM POC This Month

Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. [CVSS 6.4 MEDIUM]

PHP XSS
NVD GitHub Exploit-DB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2019-25294 MEDIUM POC This Month

html5_snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in add_router_operation.php. [CVSS 6.1 MEDIUM]

PHP SNMP XSS Html5 Snmp
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-0521 MEDIUM POC This Month

Reflected XSS in TYDAC AG MAP+ 3.4.0 PDF export allows unauthenticated attackers to execute arbitrary JavaScript in victim browsers through malicious URLs, with public exploit code available. An attacker can deliver such links via email or social engineering to compromise user sessions and steal sensitive data. No patch is currently available.

XSS Map
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-25651 MEDIUM POC PATCH This Month

Client-certificate-auth middleware for Node.js versions 0.2.1 and 0.3.0 fails to validate the Host header when redirecting HTTP requests to HTTPS, enabling attackers to craft malicious redirects that direct users to arbitrary domains. Public exploit code exists for this open redirect vulnerability, and no patch is currently available for affected versions.

Node.js TLS Open Redirect Client Certificate Auth
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy