Skip to main content
CVE-2026-25857 HIGH POC This Week

Unauthenticated command injection in Tenda G300-F router firmware version 16.01.14.2 and earlier allows authenticated attackers to execute arbitrary OS commands through the WAN diagnostic interface by injecting shell metacharacters into unvalidated curl parameters. An attacker with management interface access can exploit this to gain full system compromise with process-level privileges. Public exploit code exists and no patch is currently available.

Command Injection G300 F Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-2086 HIGH POC This Week

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 allows authenticated attackers to achieve full system compromise via a buffer overflow in the Management Interface firewall configuration function. Public exploit code exists for this vulnerability, and no patch is available from the vendor despite early disclosure notification. The attack requires valid credentials but can be executed over the network without user interaction.

Buffer Overflow 810g Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2071 HIGH POC This Week

Unauthenticated attackers can exploit a buffer overflow in the UTT 520W Firmware's P2P configuration function via a crafted request to achieve remote code execution with high privileges. The vulnerability requires only network access and low complexity to exploit, with public exploit code already available. No patch has been released by the vendor despite early notification.

Buffer Overflow 520w Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2020-37163 HIGH POC This Week

QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. [CVSS 8.2 HIGH]

SQLi
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2020-37141 HIGH POC This Week

AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject malicious SQL queries and potentially access or modify database contents. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2020-37135 HIGH POC This Week

AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system. [CVSS 7.5 HIGH]

Authentication Bypass
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37146 HIGH POC This Week

ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. [CVSS 7.5 HIGH]

Authentication Bypass
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37157 HIGH POC This Week

DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. [CVSS 7.5 HIGH]

Authentication Bypass
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37155 HIGH POC This Week

Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37122 HIGH POC This Week

SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration code to trigger the application crash. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37109 HIGH POC This Week

aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Subject title field with a large buffer. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37107 HIGH POC This Week

Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-2080 HIGH POC This Week

Remote code execution in UTT HiPER 810 Firmware 1.7.4-141218 via command injection in the user administration function allows unauthenticated attackers to execute arbitrary commands over the network. The vulnerability exists in the passwd1 parameter of the /goform/formUser endpoint and has public exploit code available. No patch is currently available from the vendor, who has been unresponsive to disclosure attempts.

Command Injection 810 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.4%
CVE-2026-2084 HIGH POC This Week

D-Link DIR-823X firmware contains a command injection vulnerability in the /goform/set_language endpoint that allows remote attackers with high privileges to execute arbitrary OS commands via manipulation of the langSelection parameter. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation grants complete system compromise with confidentiality, integrity, and availability impact.

D-Link Command Injection Dir 823x Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.3%
CVE-2026-2085 HIGH POC This Week

Command injection in D-Link DWR-M921 firmware versions up to 1.1.50 allows remote attackers with high privileges to execute arbitrary commands through the USSD Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker can leverage the unsanitized ussdValue parameter to compromise the affected device.

D-Link Command Injection Dwr M921 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.3%
CVE-2020-37154 HIGH POC This Week

eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. [CVSS 7.1 HIGH]

RCE SQLi
NVD GitHub Exploit-DB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2020-37147 HIGH POC This Week

ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. [CVSS 7.1 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-25560 HIGH PATCH This Week

LDAP filter injection in WeKan before 8.19 allows remote unauthenticated attackers to manipulate LDAP search filters and DN construction during login by supplying crafted usernames that are embedded into queries without escaping. Because the malicious input reaches the authentication path directly (CVSS 4.0 AV:N/PR:N/UI:N, base score 8.7), an attacker can tamper with the authentication logic to enumerate directory data or subvert the intended search filter. No public exploit is identified at time of analysis and EPSS exploitation probability is low (0.05%), but a vendor patch (commit 0b0e16c) is available.

LDAP Wekan Code Injection
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-25859 HIGH PATCH This Week

Broken authorization in Wekan versions prior to 8.20 lets any authenticated non-administrative user invoke board migration functionality that should be restricted to board administrators. Because permission checks on the migration methods (e.g. comprehensiveBoardMigration.execute) are insufficient, a low-privileged user can trigger unauthorized migration operations that mutate board structure and data. EPSS is very low (0.05%, 15th percentile) and there is no public exploit identified at time of analysis, but a vendor patch and fix commit are available.

Authentication Bypass Wekan
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-25568 HIGH PATCH This Week

Authorization bypass in WeKan (self-hosted kanban board) versions prior to 8.19 lets an authenticated user create public boards even when the instance-wide allowPrivateOnly setting is enabled, because server-side enforcement of the visibility policy is incomplete at board-creation time. The flaw undermines an administrator's expectation that all boards remain private, potentially exposing board content beyond intended audiences. EPSS is low (0.03%, 9th percentile) with no public exploit identified at time of analysis and no CISA KEV listing; a vendor patch is available.

Authentication Bypass Wekan
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-25566 HIGH PATCH This Week

Improper authorization in WeKan's card-move API lets an authenticated low-privilege user relocate cards to boards, lists, and swimlanes they do not control, because the destination is trusted without verifying access rights or that the target objects belong to the destination board. All WeKan versions before 8.19 are affected; no public exploit is identified at time of analysis and EPSS is negligible (0.01%), but the fixing commit publicly documents the missing checks, lowering the bar to reproduce.

Authentication Bypass Wekan
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-25565 HIGH PATCH This Week

Privilege escalation via broken authorization in WeKan (the open-source kanban board) before 8.19 lets users holding read-only board roles modify cards, lists, and swimlanes that should require write access. The flaw stems from card/list/swimlane update API routes calling a read-level access check instead of a write-level check, letting a low-privileged but authenticated member tamper with data they should only be able to view. There is no public exploit identified at time of analysis and EPSS is negligible (0.01%), but the fix is confirmed in an upstream commit and the CVSS 4.0 base score is 7.1.

Authentication Bypass Wekan
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-25564 HIGH PATCH This Week

Cross-board data tampering in WeKan (open-source Trello-style kanban board) before version 8.19 lets an authenticated low-privileged user manipulate checklists on cards belonging to boards they should not access. The checklist creation, deletion, and related REST routes accept a cardId without confirming it belongs to the supplied boardId, so an attacker can forge identifiers to add or remove checklists on other users' cards. No public exploit identified at time of analysis, and EPSS is negligible (0.01%), but the vendor fix commit confirms the root cause and a straightforward exploitation path.

Authentication Bypass Wekan
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-25563 HIGH PATCH This Week

Cross-board data tampering in WeKan (the open-source Trello-style kanban board) before version 8.19 lets an authenticated low-privilege user attach checklists to cards on boards they do not own by supplying a mismatched cardId/boardId pair. Because the checklist creation routes never confirm the card actually belongs to the referenced board, any logged-in user can manipulate identifiers to write into other users' boards. No public exploit is identified at time of analysis and EPSS exploitation probability is negligible (0.01%), but the fix is confirmed by an upstream vendor commit.

Authentication Bypass Wekan
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-25561 HIGH PATCH This Week

Improper authorization in the WeKan attachment upload API (versions prior to 8.19) lets an authenticated low-privileged user submit inconsistent object identifiers (boardId, cardId, swimlaneId, listId) that the server fails to cross-validate, allowing attachments to be associated with or moved across card/board relationships the user should not control. The affected component is the self-hosted open-source kanban platform WeKan; the fix (commit 1d16955b) adds server-side checks that a card actually belongs to the named board, swimlane, and list. No public exploit identified at time of analysis, EPSS is negligible (0.01%), and it is not in CISA KEV.

Authentication Bypass Wekan
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy