Skip to main content
CVE-2026-1357 CRITICAL POC Act Now

Unauthenticated arbitrary file upload in WPvivid Backup & Migration WordPress plugin. EPSS 0.44%.

WordPress PHP OpenSSL RCE Path Traversal
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-37186 CRITICAL POC Act Now

RCE in Chevereto 3.13.4 image hosting via code injection during database configuration. Allows injecting code during installation/setup. PoC available.

PHP RCE
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-37153 CRITICAL POC Act Now

Multiple vulnerabilities in ASTPP 4.0.1 including XSS and command injection in SIP device configuration and plugin management. PoC available.

AWS XSS Command Injection Astpp
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2020-37184 CRITICAL POC Act Now

Stack overflow in Allok Video Converter 4.6.1217 License Name input. PoC available.

Stack Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-37183 CRITICAL POC Act Now

Stack overflow in Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 via SEH chain. PoC available.

Buffer Overflow Stack Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-37181 CRITICAL POC Act Now

Stack overflow in Torrent FLV Converter 1.51 Build 117 via SEH overwrite. PoC available.

Windows Stack Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-37176 CRITICAL POC Act Now

Stack overflow in Torrent 3GP Converter 1.51 via SEH overwrite. PoC available.

Buffer Overflow Stack Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-26021 CRITICAL POC PATCH Act Now

Prototype pollution in set-in npm package allows modification of Object prototype. PoC and patch available.

Node.js Set In
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-64075 CRITICAL Act Now

Authentication bypass via path traversal in ZBT WE2001 router's check_token function. EPSS 0.69% — crafted requests bypass authentication entirely. CVSS 10.0.

Industrial Authentication Bypass Path Traversal
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2026-2249 CRITICAL Act Now

Unauthenticated web shell in METIS DFS devices (versions <= oscore 2.1.234-r18). Same vulnerability as CVE-2026-2248 but on DFS product line.

Authentication Bypass Information Disclosure RCE
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-2248 CRITICAL Act Now

Unauthenticated web shell in METIS WIC devices (versions <= oscore 2.1.234-r18). The /console endpoint provides shell access without authentication. First of two related METIS CVEs.

Authentication Bypass Information Disclosure RCE
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-69874 CRITICAL Act Now

Path traversal in nanotar npm package through 0.2.0. The parseTar() and parseTarGzip() functions allow attackers to write files outside the extraction directory.

Path Traversal Nanotar
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-25084 CRITICAL Act Now

Authentication bypass in ZLAN5143D by directly accessing internal URLs. Access controls enforced only at the frontend, bypassed by direct API calls.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24789 CRITICAL Act Now

Unauthenticated device password change API in industrial/IoT device. Remote attackers can change the device password without any authentication.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-69872 CRITICAL PATCH Act Now

Unsafe deserialization in DiskCache Python library through 5.6.3. Uses pickle by default, allowing attackers with cache directory write access to execute arbitrary code.

Python RCE Code Injection
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-66277 CRITICAL Act Now

Symlink following vulnerability in multiple QNAP NAS operating system versions allows remote attackers to exploit link resolution for unauthorized access.

Qnap Qts Quts Hero
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-8025 CRITICAL Act Now

Missing authentication for critical functions in Dinosoft ERP. Unauthenticated access to business functionality.

Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25994 CRITICAL POC PATCH Act Now

Buffer overflow in PJSIP multimedia library version 2.16 and earlier in PJNATH ICE implementation. Patch available. Affects VoIP/communication applications built on PJSIP.

Buffer Overflow Pjsip
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70085 CRITICAL Act Now

Stack buffer overflow in OpenSatKit 2.2.1 satellite ground station software. The ErrStr buffer overflows when formatting filenames. Space infrastructure vulnerability.

Buffer Overflow Opensatkit
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-12059 CRITICAL Act Now

Sensitive information exposure in Logo j-Platform via externally-accessible files or directories.

Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-67135 CRITICAL Act Now

Code replay attack on PF-50 keyfob of PGST PG107 Alarm System 1.25.05.hf. Physical security system vulnerable to replay of wireless signals.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-8668 CRITICAL Act Now

Critical XSS vulnerability in E-Kalite software allows remote attackers to execute arbitrary code.

XSS
NVD VulDB
CVSS 3.1
9.4
EPSS
0.1%
CVE-2026-26215 CRITICAL Act Now

{method} and /execute/{method} feed attacker-supplied request bodies straight into pickle.loads(), and the intended nonce authorization gate is bypassed because the nonce defaults to an empty string and is skipped by default. A detailed technical write-up (chocapikk.com) and a VulnCheck advisory describe the flaw; it is not listed in CISA KEV and EPSS is low (0.14%, 34th percentile), indicating no evidence of widespread active exploitation.

RCE Deserialization
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-20677 CRITICAL Act Now

Race condition in Apple macOS/iOS symlink handling allows privilege escalation. Fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5.

Apple Race Condition Authentication Bypass
NVD
CVSS 3.1
9.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy