Skip to main content
CVE-2026-20700 HIGH POC KEV THREAT Act Now

Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CVE-2026-20700, CVSS 7.8) that allows attackers with memory write capability to execute arbitrary code at the kernel level. KEV-listed with Apple confirming reports of sophisticated in-the-wild exploitation, this represents an active zero-day targeting the Apple ecosystem at its most fundamental security boundary.

Apple RCE Buffer Overflow macOS iOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
Threat
4.6
CVE-2026-1357 CRITICAL POC Act Now

Unauthenticated arbitrary file upload in WPvivid Backup & Migration WordPress plugin. EPSS 0.44%.

WordPress PHP OpenSSL RCE Path Traversal
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-37186 CRITICAL POC Act Now

RCE in Chevereto 3.13.4 image hosting via code injection during database configuration. Allows injecting code during installation/setup. PoC available.

PHP RCE
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-37153 CRITICAL POC Act Now

Multiple vulnerabilities in ASTPP 4.0.1 including XSS and command injection in SIP device configuration and plugin management. PoC available.

AWS XSS Command Injection Astpp
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2020-37184 CRITICAL POC Act Now

Stack overflow in Allok Video Converter 4.6.1217 License Name input. PoC available.

Stack Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-37183 CRITICAL POC Act Now

Stack overflow in Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 via SEH chain. PoC available.

Buffer Overflow Stack Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-37181 CRITICAL POC Act Now

Stack overflow in Torrent FLV Converter 1.51 Build 117 via SEH overwrite. PoC available.

Windows Stack Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-37176 CRITICAL POC Act Now

Stack overflow in Torrent 3GP Converter 1.51 via SEH overwrite. PoC available.

Buffer Overflow Stack Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-26021 CRITICAL POC PATCH Act Now

Prototype pollution in set-in npm package allows modification of Object prototype. PoC and patch available.

Node.js Set In
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26157 HIGH POC PATCH CISA Act Now

BusyBox archive extraction utilities contain insufficient path validation that enables attackers to write files outside intended directories through specially crafted archives, potentially leading to arbitrary file overwrite and code execution on affected systems. Local attackers with user interaction can exploit this vulnerability to modify sensitive system files and gain elevated privileges. No patch is currently available for this vulnerability.

RCE
NVD Exploit-DB VulDB
CVSS 3.1
7.0
EPSS
0.0%
Threat
4.9
CVE-2026-25924 HIGH POC PATCH This Week

Remote code execution in Kanboard prior to 1.2.50 allows authenticated administrators to bypass plugin installation restrictions and execute arbitrary code on the server. The vulnerability stems from a configuration validation flaw where the PLUGIN_INSTALLER setting is enforced only in the UI but not validated at the backend endpoint, enabling an attacker to force installation of malicious plugins. Public exploit code exists for this vulnerability.

RCE Kanboard
NVD GitHub
CVSS 3.1
8.4
EPSS
0.1%
CVE-2019-25310 HIGH POC This Week

ActiveFaxServiceNT service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25307 HIGH POC This Week

its Windows service configuration contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

Windows
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25309 HIGH POC This Week

Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25308 HIGH POC This Week

Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations. [CVSS 7.8 HIGH]

Windows Golang Mikogo
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25306 HIGH POC This Week

BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. [CVSS 7.8 HIGH]

Information Disclosure
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-26010 HIGH POC PATCH This Week

OpenMetadata versions prior to 1.11.8 expose JWT tokens for the privileged ingestion-bot account through the /api/v1/ingestionPipelines API endpoint, allowing any read-only user to escalate privileges and impersonate a highly privileged service account. With public exploit code available and no patch currently deployed on most instances, attackers can perform destructive actions within OpenMetadata and access sensitive metadata that should be restricted by role-based policies. This vulnerability affects OpenMetadata deployments and related systems like PostgreSQL that depend on its authentication tokens.

PostgreSQL Openmetadata
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2020-37214 HIGH POC This Week

Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env configuration files. [CVSS 7.5 HIGH]

Path Traversal
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2020-37104 HIGH POC This Week

Astpp versions up to 4.0.1 is affected by insertion of sensitive information into externally-accessible file (CVSS 7.5).

Information Disclosure Astpp
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2020-37173 HIGH POC This Week

Avideo versions up to 8.1 contains a vulnerability that allows attackers to enumerate user details through the playlistsFromUser (CVSS 7.5).

PHP Information Disclosure Avideo
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2020-37182 HIGH POC This Week

Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2020-37213 HIGH POC This Week

TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37203 HIGH POC This Week

Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the registration code input. Attackers can create a specially crafted text file and paste it into the 'Name and Key' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37202 HIGH POC This Week

NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37198 HIGH POC This Week

Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37195 HIGH POC This Week

BlueAuditor 1.7.2.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37194 HIGH POC This Week

Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. Attackers can generate a 1000-character payload file and paste it into the registration key field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37188 HIGH POC This Week

SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the application to become unresponsive. [CVSS 7.5 HIGH]

Outlook Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37187 HIGH POC This Week

SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37185 HIGH POC This Week

Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37179 HIGH POC This Week

APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37177 HIGH POC This Week

BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37175 HIGH POC This Week

P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buffer into the Camera ID field to trigger an application crash on iOS devices. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-26480 HIGH POC This Week

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the admin parameter. [CVSS 7.5 HIGH]

Information Disclosure Statping Ng
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-26477 HIGH POC This Week

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazon_sns, export endpoints. [CVSS 7.5 HIGH]

Information Disclosure Statping Ng
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37189 HIGH POC This Week

TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37178 HIGH POC This Week

KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash. [CVSS 7.5 HIGH]

Denial Of Service Red Hat
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37215 HIGH POC This Week

MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized input in the registration code field. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37193 HIGH POC This Week

ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input. Attackers can create a specially prepared text file with specific characters to trigger an application crash when selecting a ZIP file. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37191 HIGH POC This Week

Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37190 HIGH POC This Week

Top Password Firefox Password Recovery 2.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting 5000 characters into the User Name or Registration Code input fields. [CVSS 7.5 HIGH]

Denial Of Service Firefox
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37180 HIGH POC This Week

GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37156 MEDIUM POC This Month

login.php contains a vulnerability that allows attackers to access the dashboard without valid credentials (CVSS 6.5).

PHP Authentication Bypass
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2019-25316 MEDIUM POC This Month

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. [CVSS 6.4 MEDIUM]

PHP XSS
NVD Exploit-DB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2019-25315 MEDIUM POC This Month

WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface. [CVSS 6.4 MEDIUM]

WordPress XSS
NVD GitHub Exploit-DB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2019-25311 MEDIUM POC This Month

thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. [CVSS 6.4 MEDIUM]

XSS Thesystem
NVD GitHub Exploit-DB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2018-25157 MEDIUM POC This Month

Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. [CVSS 6.4 MEDIUM]

XSS
NVD Exploit-DB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2019-25317 MEDIUM POC PATCH This Month

Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users. [CVSS 6.4 MEDIUM]

XSS Kimai
NVD GitHub Exploit-DB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2020-37192 MEDIUM POC This Month

MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. [CVSS 6.2 MEDIUM]

XXE
NVD Exploit-DB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-64075 CRITICAL Act Now

Authentication bypass via path traversal in ZBT WE2001 router's check_token function. EPSS 0.69% — crafted requests bypass authentication entirely. CVSS 10.0.

Industrial Authentication Bypass Path Traversal
NVD
CVSS 3.1
10.0
EPSS
0.7%
Page 1 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy