Skip to main content
CVE-2026-25807 HIGH POC PATCH This Week

Unauthenticated remote code execution in Zai Shell prior to 9.0.3 via the unprotected P2P terminal sharing feature on port 5757, where attackers can inject arbitrary system commands that execute with user privileges if approved. Public exploit code exists for this vulnerability, and affected systems running --no-ai mode completely bypass safety checks during command execution. Update to version 9.0.3 to remediate.

RCE Code Injection Zai Shell
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2203 HIGH POC This Week

Buffer overflow in Tenda AC8 firmware version 16.03.33.05 allows authenticated remote attackers to execute arbitrary code via the timeZone parameter in the /goform/fast_setting_wifi_set endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score of 8.8 reflects the ability to achieve complete system compromise through network access.

Buffer Overflow Ac8 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2202 HIGH POC This Week

Remote code execution in Tenda AC8 firmware 16.03.33.05 allows authenticated attackers to achieve full system compromise through a buffer overflow in the WiFi guest settings function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access but minimal user interaction, making it a significant risk for exposed devices.

Buffer Overflow Ac8 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-25495 HIGH POC PATCH This Week

SQL injection in Craft CMS 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21 allows authenticated Control Panel users to execute arbitrary SQL queries via the criteria[orderBy] parameter in the element-indexes/get-elements endpoint. The vulnerability stems from insufficient input sanitization in the ORDER BY clause, enabling attackers to manipulate database queries. Public exploit code exists for this high-severity vulnerability, and patches are available in versions 4.16.18 and 5.8.22.

SQLi Craft Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25890 HIGH POC PATCH This Week

Path normalization bypass in Filebrowser prior to 2.57.1 allows authenticated users to circumvent file access restrictions by injecting multiple slashes into request URLs, enabling unauthorized access to files designated as restricted. The vulnerability exploits a mismatch between the authorization validation logic and filesystem path resolution, affecting users running vulnerable versions. Public exploit code exists for this high-severity issue.

Authentication Bypass Filebrowser Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-25892 HIGH POC PATCH This Week

Adminer versions 5.4.1 and earlier suffer from a post-message validation bypass that allows remote attackers to trigger denial of service affecting all users. By sending a crafted POST request with array parameters to the version endpoint, an attacker can cause openssl_verify() to receive malformed input, resulting in a TypeError that crashes the application and returns HTTP 500 errors. Public exploit code exists for this vulnerability; administrators should upgrade to version 5.4.2 immediately.

PHP OpenSSL Adminer Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2026-25925 HIGH POC This Week

PowerDocu versions prior to 2.4.0 allow arbitrary .NET object instantiation and code execution through unsafe deserialization of the $type property in JSON files within Flow or App packages. A local attacker with user interaction can exploit this vulnerability to achieve full system compromise. Public exploit code exists for this vulnerability, and no patch is currently available for affected versions.

Windows .NET Powerdocu
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25880 HIGH POC This Week

SumatraPDF 3.5.2 and earlier on Windows allows arbitrary code execution when a user opens a PDF and selects "Show in folder," as the application executes a malicious explorer.exe binary from the same directory without warning. Public exploit code exists for this vulnerability, which affects any user who opens untrusted PDFs and interacts with the file menu option. An attacker can achieve code execution with the privileges of the victim's user account through a simple social engineering attack.

Windows Sumatrapdf
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25231 HIGH POC This Week

Unauthenticated directory traversal in FileRise prior to version 3.3.0 allows remote attackers to read arbitrary files from the /uploads directory without authentication by directly accessing guessable file paths. Public exploit code exists for this vulnerability, enabling attackers to expose sensitive data and breach user privacy. No patch is currently available.

Authentication Bypass Information Disclosure Filerise
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25885 HIGH POC PATCH This Week

Unauthenticated message injection in PolarLearn 0-PRERELEASE-16 and earlier allows remote attackers to send persistent messages to arbitrary group chats via the WebSocket API without credentials. Public exploit code exists for this vulnerability, which affects all users of vulnerable versions by enabling spam and potential information manipulation within group communications.

Authentication Bypass Polarlearn
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25639 HIGH POC PATCH MAL This Week

Axios versions up to 0.30.3 is affected by improper check for unusual or exceptional conditions (CVSS 7.5).

Node.js Denial Of Service Axios
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25791 HIGH POC PATCH This Week

Memory exhaustion in Sliver C2 framework prior to version 1.7.0 allows unauthenticated remote attackers to bypass OTP validation in the DNS listener and create unbounded server-side sessions without expiry mechanisms. Public exploit code exists for this vulnerability, enabling attackers to repeatedly allocate sessions and exhaust server memory resources. The DNS C2 listener accepts bootstrap messages without proper authentication even when OTP enforcement is enabled.

DNS Wireguard Sliver Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25961 HIGH POC This Week

SumatraPDF versions 3.5.0 through 3.5.2 fail to validate TLS certificates during software updates and execute installers without signature verification, allowing network attackers to perform man-in-the-middle attacks and inject malicious code. An attacker with any valid TLS certificate can intercept update requests and redirect users to a malicious installer, achieving arbitrary code execution on Windows systems. Public exploit code exists for this vulnerability and no patch is currently available.

Windows TLS Sumatrapdf
NVD GitHub Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25808 HIGH POC PATCH This Week

Hollo versions prior to 0.6.20 and 0.7.2 improperly expose direct messages and followers-only posts through the ActivityPub outbox endpoint, allowing unauthenticated remote attackers to access sensitive user communications. Public exploit code exists for this authorization bypass vulnerability, enabling attackers to enumerate and retrieve private content intended for restricted audiences. Patched versions 0.6.20 and 0.7.2 are available to remediate the exposure.

Authentication Bypass Hollo
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25478 HIGH POC PATCH This Week

Litestar ASGI framework versions before 2.20.0 fail to properly escape regex metacharacters in CORS origin validation, allowing attackers to bypass origin restrictions through crafted malicious origins. This configuration flaw affects cross-origin request filtering and enables unauthorized cross-origin access. Public exploit code exists for this vulnerability.

Information Disclosure Litestar
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-25498 HIGH POC PATCH This Week

Craft is a platform for creating digital experiences. [CVSS 7.2 HIGH]

PHP RCE Craft Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-2210 HIGH POC This Week

D-Link DIR-823X firmware versions up to 250416 contain an OS command injection vulnerability in the /goform/set_filtering function that allows remote attackers with high privileges to execute arbitrary commands with full system access. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and administrative credentials but carries high confidentiality, integrity, and availability impact.

D-Link Command Injection Dir 823x Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-25761 HIGH This Week

Command injection in GitHub Super-linter versions 6.0.0 through 8.3.0 allows attackers to execute arbitrary commands in workflow runner contexts by submitting pull requests with maliciously crafted filenames containing shell command substitution syntax. An attacker exploiting this vulnerability can access sensitive workflow credentials, including GITHUB_TOKEN, depending on permission configurations. The vulnerability affects Super-linter when used as a GitHub Action and has no available patch at this time.

Github Command Injection Super Linter
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25812 HIGH This Week

Placipy 1.0.0 fails to implement CSRF protections while permitting credentialed cross-origin requests, allowing unauthenticated attackers to perform unauthorized actions on behalf of logged-in users through malicious websites. An attacker can exploit this vulnerability to modify placement records, access sensitive educational data, or compromise institutional operations without user knowledge. No patch is currently available.

CSRF Placipy
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-1486 HIGH PATCH This Week

Keycloak's JWT authorization grant flow fails to verify that an Identity Provider is enabled before accepting tokens signed by its key, allowing attackers with a disabled IdP's signing credentials to obtain valid access tokens. This authentication bypass affects organizations that have disabled IdPs due to compromise or offboarding but retain the associated signing keys. An attacker can exploit this to gain unauthorized access to systems relying on Keycloak for authentication.

Denial Of Service
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25497 HIGH PATCH This Week

Craft CMS versions 4.0.0-RC1 to 4.17.0 and 5.0 to 5.9.0 contain a privilege escalation vulnerability in the GraphQL API that allows authenticated users with write access to one asset volume to modify or transfer assets across any other volume, including restricted ones they should not access. The vulnerability stems from insufficient authorization validation in the saveAsset mutation, which verifies permissions against the intended volume but fails to confirm the target asset actually belongs to that volume. An attacker with limited asset write permissions can exploit this to gain unauthorized access to and manipulate sensitive assets in protected volumes.

Privilege Escalation Craft Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-10465 HIGH This Week

Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

File Upload
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-24678 HIGH PATCH This Week

Denial-of-service in FreeRDP's camera redirection (rdpecam) client channel allows a malicious or compromised RDP server to crash connected clients running versions prior to 3.22.0. The capture thread continues sending sample responses through a channel callback that was already freed when the device channel closed, producing a use-after-free in ecam_channel_write. EPSS is low (0.02%), it is not on CISA KEV, and no public exploit identified at time of analysis, but an upstream fix and multiple distro advisories exist.

Use After Free Freerdp Denial Of Service Memory Corruption
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-7799 HIGH This Week

Zirve Information Technologies Inc. E-Taxpayer Accounting Website is affected by cross-site scripting (xss) (CVSS 8.6).

XSS
NVD VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-1615 HIGH PATCH This Week

Remote code execution in the jsonpath npm package (versions <1.2.0) allows unauthenticated attackers to execute arbitrary JavaScript code by injecting malicious JSON Path expressions. The vulnerability stems from unsafe evaluation through the static-eval module, which processes user-supplied JSON Path input without proper sanitization. All query methods (.query, .nodes, .paths, .value, .parent, .apply) are affected. While EPSS scoring indicates relatively low widespread exploitation probability (0.09%, 26th percentile), multiple vendor patches from Red Hat and SUSE confirm the severity, and publicly available exploit code exists (CVSS E:P). This represents critical risk for Node.js applications processing untrusted JSON Path expressions, with potential for both server-side RCE and browser-based XSS depending on execution context.

Node.js RCE XSS Code Injection
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-59023 HIGH This Week

Crafted delegations or IP fragments can poison cached delegations in Recursor. [CVSS 8.2 HIGH]

Information Disclosure Recursor
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-25847 HIGH This Week

In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible [CVSS 8.2 HIGH]

XSS Pycharm
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-1529 HIGH PATCH This Week

Keycloak's invitation token validation fails to cryptographically verify JWT payload modifications, allowing authenticated attackers to alter organization IDs and email addresses to register into unauthorized organizations. This enables unauthorized access to organizations without proper authentication, affecting any Keycloak deployment using the invitation feature. No patch is currently available.

Authentication Bypass Jwt Attack
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-25931 HIGH This Week

Arbitrary code execution in vscode-spell-checker prior to v4.5.4 allows attackers to execute malicious Node.js code by placing a crafted .cspell.config.js file in an untrusted workspace, since the extension fails to validate VS Code's workspace-trust state before loading configuration files. An attacker can exploit this by tricking users into opening a malicious workspace, resulting in code execution with the privileges of the extension host process.

Node.js
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0870 HIGH This Week

GIGABYTE MacroHub improperly executes external applications with elevated privileges, enabling authenticated local users to achieve arbitrary code execution with SYSTEM-level access. This local privilege escalation affects MacroHub users on Windows systems and could allow attackers to fully compromise affected machines. No patch is currently available.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-15319 HIGH This Week

Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools. [CVSS 7.8 HIGH]

Privilege Escalation Patch Endpoint Tools
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25958 HIGH PATCH This Week

Privilege escalation in Cube.js versions 0.27.19 through 1.5.12 allows authenticated attackers to craft specially designed API requests that bypass access controls and gain elevated privileges within the application. This vulnerability affects Cube.js semantic layer deployments and requires only a valid API token to exploit, making it a risk to multi-tenant or role-based access control implementations. No patch is currently available for this HIGH severity issue.

Privilege Escalation Cube.Js
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-66608 HIGH This Week

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate URLs. [CVSS 7.5 HIGH]

Information Disclosure Fast Tools
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-22905 HIGH This Week

Insufficient URI validation in CGI endpoints permits unauthenticated attackers to bypass authentication controls through path traversal techniques, enabling direct access to protected administrative functions and configuration files. An attacker can exploit this remotely without credentials to retrieve sensitive data and potentially modify system settings. No patch is currently available for this vulnerability.

Authentication Bypass Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-2236 HIGH This Week

Unauthenticated attackers can exploit SQL injection in C&Cm@il by HGiga to execute arbitrary database queries and extract sensitive information without authentication or user interaction. The vulnerability has a high severity rating with a CVSS score of 7.5 and impacts database confidentiality. No patch is currently available for this issue.

SQLi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25813 HIGH This Week

Placipy versions up to 1.0.0 is affected by insertion of sensitive information into log file (CVSS 7.5).

Information Disclosure Placipy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24683 HIGH PATCH This Week

FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in the input event handling mechanism where unsynchronized access to cached channel callbacks can be freed or reinitialized by concurrent channel closure operations. An attacker with network access can trigger a denial of service condition by exploiting this race condition. A patch is available in version 3.22.0 and later.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24682 HIGH PATCH This Week

FreeRDP versions prior to 3.22.0 contain a buffer management error in audio format parsing that causes out-of-bounds memory access when processing malformed audio data. An attacker can exploit this vulnerability over the network without authentication to trigger a denial of service condition. A patch is available in FreeRDP 3.22.0 and later.

Buffer Overflow Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24681 HIGH PATCH This Week

FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in the URBDRC channel handler where asynchronous bulk transfer completions reference freed memory after channel closure, enabling denial of service attacks. An unauthenticated remote attacker can trigger this condition through malformed RDP protocol messages to crash the FreeRDP service. A patch is available in version 3.22.0 and later.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24680 HIGH PATCH This Week

FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in pointer handling where sdl_Pointer_New and sdl_Pointer_Free both attempt to free the same memory, causing a denial of service condition. An attacker with network access can trigger this memory corruption to crash RDP client instances without authentication. The vulnerability affects all users of vulnerable FreeRDP versions and is resolved in version 3.22.0 and later.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24676 HIGH PATCH This Week

FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in audio format renegotiation that allows unauthenticated attackers to cause denial of service by triggering a crash through audio processing. The vulnerability occurs when the AUDIN format list is freed during renegotiation while the capture thread continues accessing the freed memory, affecting any system running vulnerable FreeRDP instances. A patch is available in version 3.22.0 and later.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24675 HIGH PATCH This Week

FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in the libusb device interface selection code where error handling prematurely frees configuration data that subsequent code attempts to access, causing denial of service. This vulnerability affects systems using FreeRDP for remote desktop protocol operations and can be triggered remotely without authentication or user interaction. A patch is available in version 3.22.0 and later.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24491 HIGH PATCH This Week

FreeRDP versions prior to 3.22.0 are vulnerable to a use-after-free condition where the video_timer component sends notifications after the control channel closes, dereferencing freed memory and causing denial of service. An unauthenticated remote attacker can trigger this crash by manipulating RDP session timing, making the vulnerability exploitable with no user interaction required. A patch is available in FreeRDP 3.22.0 and later.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-23948 HIGH PATCH This Week

FreeRDP proxy versions prior to 3.22.0 are vulnerable to denial of service when processing specially crafted RDP server responses that trigger a null pointer dereference in the logon information handler. An unauthenticated attacker controlling a malicious RDP server can crash the FreeRDP proxy by sending a LogonInfoV2 PDU with empty domain or username fields. This vulnerability has been patched in version 3.22.0 and later.

Null Pointer Dereference Denial Of Service Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-66597 HIGH This Week

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports weak cryptographic algorithms, potentially allowing an attacker to decrypt communications with the web server. [CVSS 7.5 HIGH]

Information Disclosure Fast Tools
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24684 HIGH PATCH This Week

FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in the audio playback subsystem where the RDPSND async thread processes queued audio packets after the channel has been closed and its internal state freed, causing a denial of service. The vulnerability affects systems running vulnerable FreeRDP versions and can be exploited remotely without authentication or user interaction. A patch is available in FreeRDP 3.22.0 and later.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-66598 HIGH This Week

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports old SSL/TLS versions, potentially allowing an attacker to decrypt communications with the web server. [CVSS 7.5 HIGH]

Information Disclosure Fast Tools
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-10463 HIGH This Week

Birtech Information Technologies Industry and Trade Ltd. Co. Senseway is affected by improper authentication (CVSS 7.3).

Authentication Bypass
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-25951 HIGH PATCH This Week

Remote code execution in FUXA prior to 1.2.11 allows authenticated administrators to bypass path traversal protections using nested directory sequences, enabling arbitrary file writes to the server filesystem. An attacker with admin privileges can inject malicious scripts into runtime directories that execute when the server reloads, achieving complete system compromise. Update to version 1.2.11 or later to remediate.

SCADA RCE Path Traversal Fuxa
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy