Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CVE-2026-20700, CVSS 7.8) that allows attackers with memory write capability to execute arbitrary code at the kernel level. KEV-listed with Apple confirming reports of sophisticated in-the-wild exploitation, this represents an active zero-day targeting the Apple ecosystem at its most fundamental security boundary.
Unauthenticated arbitrary file upload in WPvivid Backup & Migration WordPress plugin. EPSS 0.44%.
RCE in Chevereto 3.13.4 image hosting via code injection during database configuration. Allows injecting code during installation/setup. PoC available.
Multiple vulnerabilities in ASTPP 4.0.1 including XSS and command injection in SIP device configuration and plugin management. PoC available.
Stack overflow in Allok Video Converter 4.6.1217 License Name input. PoC available.
Stack overflow in Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 via SEH chain. PoC available.
Stack overflow in Torrent FLV Converter 1.51 Build 117 via SEH overwrite. PoC available.
Stack overflow in Torrent 3GP Converter 1.51 via SEH overwrite. PoC available.
Prototype pollution in set-in npm package allows modification of Object prototype. PoC and patch available.
BusyBox archive extraction utilities contain insufficient path validation that enables attackers to write files outside intended directories through specially crafted archives, potentially leading to arbitrary file overwrite and code execution on affected systems. Local attackers with user interaction can exploit this vulnerability to modify sensitive system files and gain elevated privileges. No patch is currently available for this vulnerability.
Remote code execution in Kanboard prior to 1.2.50 allows authenticated administrators to bypass plugin installation restrictions and execute arbitrary code on the server. The vulnerability stems from a configuration validation flaw where the PLUGIN_INSTALLER setting is enforced only in the UI but not validated at the backend endpoint, enabling an attacker to force installation of malicious plugins. Public exploit code exists for this vulnerability.
ActiveFaxServiceNT service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
its Windows service configuration contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]
Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations. [CVSS 7.8 HIGH]
BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. [CVSS 7.8 HIGH]
OpenMetadata versions prior to 1.11.8 expose JWT tokens for the privileged ingestion-bot account through the /api/v1/ingestionPipelines API endpoint, allowing any read-only user to escalate privileges and impersonate a highly privileged service account. With public exploit code available and no patch currently deployed on most instances, attackers can perform destructive actions within OpenMetadata and access sensitive metadata that should be restricted by role-based policies. This vulnerability affects OpenMetadata deployments and related systems like PostgreSQL that depend on its authentication tokens.
Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env configuration files. [CVSS 7.5 HIGH]
Astpp versions up to 4.0.1 is affected by insertion of sensitive information into externally-accessible file (CVSS 7.5).
Avideo versions up to 8.1 contains a vulnerability that allows attackers to enumerate user details through the playlistsFromUser (CVSS 7.5).
Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. [CVSS 7.5 HIGH]
TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to trigger an application crash. [CVSS 7.5 HIGH]
Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the registration code input. Attackers can create a specially crafted text file and paste it into the 'Name and Key' field to trigger an application crash. [CVSS 7.5 HIGH]
NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash. [CVSS 7.5 HIGH]
Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. [CVSS 7.5 HIGH]
BlueAuditor 1.7.2.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. Attackers can generate a 1000-character payload file and paste it into the registration key field to trigger an application crash. [CVSS 7.5 HIGH]
SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the application to become unresponsive. [CVSS 7.5 HIGH]
SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash. [CVSS 7.5 HIGH]
APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash. [CVSS 7.5 HIGH]
BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). [CVSS 7.5 HIGH]
P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buffer into the Camera ID field to trigger an application crash on iOS devices. [CVSS 7.5 HIGH]
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the admin parameter. [CVSS 7.5 HIGH]
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazon_sns, export endpoints. [CVSS 7.5 HIGH]
TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration field to trigger an application crash. [CVSS 7.5 HIGH]
KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash. [CVSS 7.5 HIGH]
MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized input in the registration code field. [CVSS 7.5 HIGH]
ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input. Attackers can create a specially prepared text file with specific characters to trigger an application crash when selecting a ZIP file. [CVSS 7.5 HIGH]
Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. [CVSS 7.5 HIGH]
Top Password Firefox Password Recovery 2.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting 5000 characters into the User Name or Registration Code input fields. [CVSS 7.5 HIGH]
GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash. [CVSS 7.5 HIGH]
login.php contains a vulnerability that allows attackers to access the dashboard without valid credentials (CVSS 6.5).
GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. [CVSS 6.4 MEDIUM]
WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface. [CVSS 6.4 MEDIUM]
thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. [CVSS 6.4 MEDIUM]
Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. [CVSS 6.4 MEDIUM]
Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users. [CVSS 6.4 MEDIUM]
MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. [CVSS 6.2 MEDIUM]
Authentication bypass via path traversal in ZBT WE2001 router's check_token function. EPSS 0.69% — crafted requests bypass authentication entirely. CVSS 10.0.