Skip to main content
CVE-2026-1731 CRITICAL POC KEV EUVD KEV THREAT Emergency

BeyondTrust Remote Support (RS) and older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability (CVE-2026-1731) that allows unauthenticated attackers to execute OS commands through specially crafted requests. With EPSS 66% and KEV listing with public PoC, this vulnerability is devastating because these products are specifically designed for privileged remote access — compromising them grants attackers access to the most sensitive systems in an organization.

RCE Remote Support Privileged Remote Access
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
66.1%
Threat
6.9
CVE-2026-21643 CRITICAL POC KEV THREAT Emergency

A product has a SQL injection vulnerability enabling unauthenticated database compromise through improperly neutralized SQL commands.

Fortinet SQLi
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
Threat
5.0
CVE-2026-25520 CRITICAL POC PATCH Act Now

SandboxJS has a second CVSS 10.0 sandbox escape where function return values aren't properly sanitized, allowing code execution outside the sandbox.

RCE Sandboxjs
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-25587 CRITICAL POC PATCH Act Now

SandboxJS has a fourth CVSS 10.0 sandbox escape through Map's safe prototype being used as a gateway to inject arbitrary code.

Code Injection RCE Sandboxjs
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-25586 CRITICAL POC PATCH Act Now

SandboxJS has a third CVSS 10.0 sandbox escape via Map prototype shadowing that allows complete sandbox bypass.

Information Disclosure Sandboxjs
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-25641 CRITICAL POC PATCH Act Now

SandboxJS has a fifth CVSS 10.0 escape via a TOCTOU race condition in sandbox validation, allowing code to slip through during the check-execute gap.

Information Disclosure Sandboxjs
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2025-64111 CRITICAL POC PATCH Act Now

Gogs self-hosted Git service v0.13.3 has a command injection vulnerability enabling remote code execution through crafted repository operations.

Command Injection Gogs Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-2017 CRITICAL POC Act Now

IP-COM W30AP wireless access point up to firmware 1.0.0.11 has a buffer overflow that allows remote attackers to execute code or crash the device.

Buffer Overflow Stack Overflow W30ap Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-25643 CRITICAL POC Act Now

Frigate NVR has a command injection vulnerability (CVSS 9.1) allowing authenticated attackers to execute OS commands on the network video recorder.

Command Injection RCE Frigate
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.1
EPSS
0.3%
CVE-2019-25298 CRITICAL POC Act Now

html5_snmp 1.11 has multiple SQL injection vulnerabilities allowing attackers to manipulate SNMP monitoring database queries.

SNMP SQLi Html5 Snmp
NVD GitHub Exploit-DB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-25725 CRITICAL PATCH Act Now

Claude Code prior to version 2.1.2 has a CVSS 10.0 sandbox escape in the bubblewrap sandboxing mechanism, allowing code execution outside the intended sandbox boundary.

Privilege Escalation Code Injection RCE Docker Linux +2
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-25632 CRITICAL PATCH Act Now

EPyT-Flow hydraulic simulation package has a CVSS 10.0 insecure deserialization enabling code execution when loading simulation scenario files.

Python Command Injection Deserialization Epyt Flow
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-25592 CRITICAL POC PATCH Act Now

Microsoft Semantic Kernel SDK has a CVSS 9.9 path traversal vulnerability enabling AI agents to access arbitrary files outside their intended scope.

Microsoft Linux Python .NET AI / ML
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-25763 CRITICAL Act Now

OpenProject has a CVSS 9.9 command injection vulnerability allowing authenticated users to execute OS commands on the project management server.

RCE Openproject
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-25753 CRITICAL Act Now

PlaciPy placement management system 1.0.0 uses a hard-coded password, allowing any attacker who discovers it to gain full system access.

Authentication Bypass Placipy
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25803 CRITICAL Act Now

3DP-MANAGER for 3x-ui has hard-coded credentials (CVSS 9.8) in version 2.0.1 that provide automatic access to the management interface.

Authentication Bypass 3dp Manager
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-1709 CRITICAL PATCH GHSA Act Now

Authentication bypass in the Keylime registrar (versions 7.12.0 and later) lets unauthenticated network attackers perform administrative actions because the registrar fails to enforce client-side mutual TLS. Attackers connecting without a client certificate can list registered agents, read public TPM data, and delete agents - undermining the integrity of the remote-attestation trust chain. EPSS is low (0.04%, 11th percentile) and there is no public exploit identified at time of analysis, but the flaw is trivially reachable (CVSS 9.8) and patched across Red Hat and SUSE channels.

Authentication Bypass Enterprise Linux For Ibm Z Systems Enterprise Linux For Arm 64 Eus Keylime Enterprise Linux For Power Little Endian +5
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-25544 CRITICAL PATCH Act Now

Payload CMS prior to 3.73.0 has a SQL injection vulnerability when querying structured data, enabling database compromise on the headless CMS.

SQLi Payload
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-25722 CRITICAL PATCH Act Now

Claude Code prior to version 2.0.57 failed to properly validate MCP tool inputs, allowing malicious MCP servers to inject commands through tool responses.

Code Injection AI / ML Claude Code
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-25804 CRITICAL PATCH Act Now

Antrea Kubernetes networking has an authentication bypass enabling unauthorized access to the Kubernetes network policy infrastructure.

Kubernetes Antrea Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-25752 CRITICAL PATCH Act Now

FUXA SCADA/HMI software has an additional authorization bypass vulnerability enabling unauthenticated access to industrial control visualizations.

SCADA Fuxa
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy