Skip to main content
CVE-2026-26366 CRITICAL POC Act Now

eNet SMART HOME server ships with default credentials (user:user, admin:admin) (CVSS 9.8) enabling immediate administrative access to the smart home system.

Information Disclosure Enet Smart Home
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26369 CRITICAL POC Act Now

eNet SMART HOME server has a privilege escalation vulnerability enabling low-privileged users to gain admin access to the home automation system.

Privilege Escalation Enet Smart Home
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26368 HIGH POC This Week

eNet Smart Home server versions 2.2.1 and 2.3.1 suffer from missing authorization checks in the resetUserPassword JSON-RPC method, allowing any authenticated low-privileged user to reset passwords for administrative accounts without proper verification. Public exploit code exists for this vulnerability, enabling attackers to achieve immediate privilege escalation and gain full administrative control over the smart home system. No patch is currently available, leaving deployed instances vulnerable to account takeover attacks.

Privilege Escalation Enet Smart Home
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-26367 HIGH POC This Week

eNet Smart Home server versions 2.2.1 and 2.3.1 allow authenticated users to delete arbitrary user accounts through an authorization bypass in the deleteUserAccount JSON-RPC method. Any low-privileged user can submit a crafted request to remove other accounts without elevated permissions, and public exploit code exists for this vulnerability. The impact includes unauthorized account deletion and potential denial of service, with no patch currently available.

Authentication Bypass Enet Smart Home
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2019-25373 MEDIUM POC This Month

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. [CVSS 6.4 MEDIUM]

PHP XSS Opnsense
NVD Exploit-DB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2019-25369 MEDIUM POC This Month

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. [CVSS 6.4 MEDIUM]

PHP XSS Opnsense
NVD Exploit-DB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2019-25372 MEDIUM POC This Month

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. [CVSS 6.1 MEDIUM]

PHP XSS Opnsense
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25371 MEDIUM POC This Month

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. [CVSS 6.1 MEDIUM]

PHP XSS Opnsense
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25370 MEDIUM POC This Month

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. [CVSS 6.1 MEDIUM]

PHP XSS Opnsense
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25375 MEDIUM POC This Month

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the mailserver parameter. [CVSS 6.1 MEDIUM]

XSS Opnsense
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25376 MEDIUM POC This Month

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted payloads through the ignoreLogACL parameter. [CVSS 6.1 MEDIUM]

XSS Opnsense
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25374 MEDIUM POC This Month

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthrough_networks parameter in vpn_ipsec_settings.php. [CVSS 6.1 MEDIUM]

PHP XSS Opnsense
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-1490 CRITICAL Act Now

CleanTalk Anti-Spam WordPress plugin has an authorization bypass enabling unauthenticated attackers to perform file operations on the WordPress server.

WordPress DNS RCE
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2019-25367 MEDIUM POC This Month

ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface (index.html) through search, user management, and API parameters. [CVSS 5.4 MEDIUM]

XSS
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2019-25368 MEDIUM POC This Month

OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag_backup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDrive_GDriveEmail, GDrive_GDriveFolderID, GDrive_GDriveBackupCount, Nextcloud_url, Nextcloud_user, Nextcloud_password, Nextcloud_password_encryption, and Nextcloud_backupdir. [CVSS 5.4 MEDIUM]

PHP XSS Opnsense Nextcloud
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2019-25377 MEDIUM POC This Month

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. [CVSS 5.4 MEDIUM]

PHP XSS Opnsense
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-2517 MEDIUM POC This Month

Open5GS versions up to 2.7.6 are vulnerable to a denial of service attack in the SMF component's TFT parsing function when a crafted packet manipulates the traffic filter content length parameter. An unauthenticated remote attacker can trigger this flaw to crash the service, and public exploit code exists with no patch currently available.

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-2521 MEDIUM POC This Month

Memory corruption in Open5GS versions up to 2.7.6 allows remote attackers to trigger a denial of service condition by manipulating the SGW-C session creation handler, with public exploit code already available. The vulnerability requires no authentication or user interaction and currently lacks a vendor patch, leaving affected deployments vulnerable to remote availability attacks.

Memory Corruption Open5gs
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-32058 CRITICAL Act Now

Bosch Infotainment ECU's RH850 CAN module has a stack buffer overflow enabling potential code execution through crafted CAN bus messages.

Buffer Overflow RCE
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-32062 HIGH This Week

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. [CVSS 8.8 HIGH]

RCE Buffer Overflow Stack Overflow
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-32061 HIGH This Week

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. [CVSS 8.8 HIGH]

RCE Buffer Overflow Stack Overflow
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-32059 HIGH This Week

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. [CVSS 8.8 HIGH]

RCE Buffer Overflow Stack Overflow
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-1750 HIGH This Week

Ecwid by Lightspeed Ecommerce Shopping Cart (WordPress plugin) versions up to 7.0.7. is affected by improper privilege management (CVSS 8.8).

WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-32063 MEDIUM This Month

There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the following developer features will be activated: the disabled firewall and the launched SSH server. [CVSS 6.8 MEDIUM]

SSH
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-32060 MEDIUM This Month

The system suffers from the absence of a kernel module signature verification. If an attacker can execute commands on behalf of root user (due to additional vulnerabilities), then he/she is also able to load custom kernel modules to the kernel space and execute code in the kernel context. [CVSS 6.7 MEDIUM]

Linux
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-1793 MEDIUM This Month

Element Pack Addons for Elementor (WordPress plugin) versions up to 8.3.17 is affected by path traversal (CVSS 6.5).

WordPress
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-2516 MEDIUM This Month

Unidocs ezPDF DRM/Reader versions 2.0 and 3.0.0.4 on 32-bit systems contain an untrusted search path vulnerability in SHFOLDER.dll that could allow a local attacker with limited privileges to achieve arbitrary code execution through DLL hijacking. Public exploit code exists for this vulnerability, though exploitation is complex and requires local access. No patch is currently available from the vendor.

Information Disclosure
NVD VulDB
CVSS 4.0
6.4
EPSS
0.0%
CVE-2026-2541 Monitor

The Micca KE700 system relies on a 6-bit portion of an identifier for authentication within rolling codes, providing only 64 possible combinations. This low entropy allows an attacker to perform a brute-force attack against one component of the rolling code.

Authentication Bypass
NVD
EPSS
0.0%
CVE-2026-2539 Monitor

The RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool (e.g., SDR) can capture the random number and counters transmitted in cleartext, which is sensitive information required for authentication.

Information Disclosure
NVD
EPSS
0.0%
CVE-2026-2540 Monitor

The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence.

Authentication Bypass
NVD
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy