Skip to main content
CVE-2025-65716 HIGH POC This Week

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file. [CVSS 8.8 HIGH]

RCE Code Injection Markdown Preview Enhanced
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-65715 HIGH POC This Week

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace. [CVSS 7.8 HIGH]

RCE Code Injection Coderunner
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-2567 HIGH POC This Week

Remote code execution in Wavlink WL-NU516U1 firmware through a stack-based buffer overflow in the nas.cgi User1Passwd parameter allows unauthenticated network attackers to achieve full system compromise. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

Buffer Overflow Stack Overflow Wl Nu516u1 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2019-25379 HIGH POC This Week

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. [CVSS 7.2 HIGH]

XSS Smoothwall Express
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2019-25395 HIGH POC This Week

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the preferences.cgi script that allow attackers to inject malicious scripts through the HOSTNAME, KEYMAP, and OPENNESS parameters. [CVSS 7.2 HIGH]

XSS Smoothwall Express
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2019-25394 HIGH POC This Week

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. [CVSS 7.2 HIGH]

XSS Smoothwall Express
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-2565 MEDIUM POC This Month

Stack overflow in Wavlink WL-NU516U1 firmware's /cgi-bin/adm.cgi allows remote attackers with high privileges to achieve code execution via a malicious time_zone parameter. Public exploit code exists for this vulnerability, though exploitation requires high complexity and the vendor has not released a patch.

Buffer Overflow Stack Overflow Wl Nu516u1 Firmware
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-2529 MEDIUM POC This Month

Unauthenticated command injection in the wireless configuration interface of Wavlink WL-WN579A3 firmware allows remote attackers to execute arbitrary commands through the delete_list parameter. Public exploit code is available for this vulnerability, and no patch has been released by the vendor despite early notification. Affected devices can be compromised remotely to gain full system access with minimal authentication requirements.

Command Injection Wl Wn579a3 Firmware
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.4%
CVE-2019-25392 MEDIUM POC This Month

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP parameter. [CVSS 6.1 MEDIUM]

XSS Smoothwall Express
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2019-25389 MEDIUM POC This Month

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the MACHINES parameter. [CVSS 6.1 MEDIUM]

XSS Smoothwall Express
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2019-25388 MEDIUM POC This Month

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. [CVSS 6.1 MEDIUM]

XSS Smoothwall Express
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2019-25387 MEDIUM POC This Month

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the xtaccess.cgi endpoint. [CVSS 6.1 MEDIUM]

XSS Smoothwall Express
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2019-25382 MEDIUM POC This Month

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTP_SERVER parameter. [CVSS 6.1 MEDIUM]

XSS Smoothwall Express
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2019-25393 MEDIUM POC This Month

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation. [CVSS 6.1 MEDIUM]

XSS Smoothwall Express
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25386 MEDIUM POC This Month

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. [CVSS 6.1 MEDIUM]

XSS Smoothwall Express
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25385 MEDIUM POC This Month

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the MACHINE and MACHINECOMMENT parameters. [CVSS 6.1 MEDIUM]

XSS Smoothwall Express
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25384 MEDIUM POC This Month

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the portfw.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. [CVSS 6.1 MEDIUM]

XSS Smoothwall Express
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25383 MEDIUM POC This Month

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the apcupsd.cgi script that allow attackers to inject malicious scripts through multiple POST parameters. [CVSS 6.1 MEDIUM]

XSS Smoothwall Express
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25381 MEDIUM POC This Month

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. [CVSS 6.1 MEDIUM]

XSS Smoothwall Express
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25380 MEDIUM POC This Month

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script that allow attackers to inject malicious scripts through multiple parameters. [CVSS 6.1 MEDIUM]

XSS Smoothwall Express
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25378 MEDIUM POC This Month

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHE_SIZE, MAX_SIZE, MIN_SIZE, MAX_OUTGOING_SIZE, and MAX_INCOMING_SIZE. [CVSS 6.1 MEDIUM]

XSS Smoothwall Express
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-2577 CRITICAL Act Now

Nanobot WhatsApp bridge binds its WebSocket server to all interfaces (0.0.0.0) without authentication (CVSS 10.0), exposing the WhatsApp bridge to remote access.

NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-2439 CRITICAL PATCH Act Now

Perl Concierge::Sessions 0.8.1-0.8.4 generates insecure session IDs using weak randomness, enabling session prediction.

Information Disclosure Concierge
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2550 CRITICAL Act Now

ipTIME A6004MX router has an access control vulnerability in VPN client configuration enabling unauthorized network access.

File Upload Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-15578 CRITICAL Act Now

Perl Maypole 2.10-2.13 generates session IDs insecurely using a weak PRNG, enabling session prediction and hijacking.

Information Disclosure Maypole
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2552 MEDIUM POC This Month

Path traversal in ZenTao's editor component (versions up to 21.7.8) allows authenticated attackers to manipulate the filePath parameter and access files outside intended directories. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems vulnerable to unauthorized file access and potential information disclosure.

PHP Path Traversal Zentao
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2019-25390 MEDIUM POC This Month

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the interfaces.cgi script that allow attackers to inject malicious scripts through multiple parameters including GREEN_ADDRESS, GREEN_NETMASK, RED_DHCP_HOSTNAME, RED_ADDRESS, DNS1_OVERRIDE, DNS2_OVERRIDE, RED_MAC, RED_NETMASK, DEFAULT_GATEWAY, DNS1, and DNS2. [CVSS 5.4 MEDIUM]

XSS Smoothwall Express
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-2522 MEDIUM POC This Month

Memory corruption in Open5GS up to version 2.7.6 allows remote attackers to cause denial of service through manipulation of the MME component's esm-build.c file. Public exploit code exists for this vulnerability, and the Open5GS project has not yet released a patch despite early notification.

Memory Corruption Open5gs
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-2523 MEDIUM POC This Month

Open5GS versions up to 2.7.6 are vulnerable to a denial of service condition in the SMF component's PDP context request handler, which can be triggered remotely without authentication. An attacker can exploit this reachable assertion flaw to crash the service, and public exploit code is currently available. No patch has been released by the project despite early notification of the issue.

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-2525 MEDIUM POC This Month

Free5GC versions up to 4.1.0 are vulnerable to denial of service attacks targeting the PFCP UDP Endpoint component, which can be exploited remotely without authentication. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected deployments at risk of service disruption.

Denial Of Service Free5gc
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-2524 MEDIUM POC This Month

Open5GS 2.7.6 is vulnerable to denial of service through improper handling of S11 session response messages in the MME component, allowing remote unauthenticated attackers to crash the service. Public exploit code exists for this vulnerability, and the vendor has not yet provided a patch despite early notification.

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-2555 MEDIUM POC This Month

JeecgBoot 3.9.1's RAG knowledge controller fails to properly validate ZIP file imports, allowing authenticated remote attackers to trigger unsafe deserialization with public exploit code available. The vulnerability requires authentication and complex attack execution but could enable information disclosure or integrity compromise. No patch is currently available from the vendor.

Java Deserialization AI / ML Jeecg Boot
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-2001 HIGH This Week

Arbitrary plugin installation in WowRevenue for WordPress (versions up to 2.1.3) allows authenticated subscribers to bypass capability checks and install malicious plugins, potentially enabling remote code execution on vulnerable sites. The vulnerability requires only low-privilege user access and network connectivity, affecting WordPress instances running the vulnerable plugin without an available patch.

WordPress RCE
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-2447 HIGH PATCH This Week

Heap buffer overflow in libvpx affects Firefox and Thunderbird across multiple versions, enabling remote code execution when a user interacts with malicious content. An unauthenticated attacker can exploit this vulnerability over the network without special privileges to achieve complete system compromise including data theft and integrity violations. No patch is currently available, making this a critical risk for affected users.

Buffer Overflow Mozilla Heap Overflow Thunderbird
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2101 HIGH This Week

ENOVIAvpm Web Access versions 1.16 through 1.19 contain a reflected XSS vulnerability that allows authenticated attackers to inject and execute arbitrary JavaScript in a victim's browser session through a crafted URL. The vulnerability requires user interaction to trigger but can lead to session hijacking, credential theft, or malware distribution across the affected organization. No patch is currently available, requiring organizations to implement network-level mitigations or restrict access until a fix is released.

XSS
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-65717 MEDIUM POC This Month

An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page. [CVSS 4.3 MEDIUM]

XSS Live Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-2564 HIGH This Week

Intelbras VIP 3260 Z IA devices running firmware 2.840.00IB005.0.T contain a weak password recovery mechanism in the /OutsideCmd functionality that allows remote attackers with high technical sophistication to potentially compromise authentication controls. The vulnerability carries a CVSS score of 8.1 and currently lacks a patch, requiring organizations to implement compensating controls or consider alternative solutions until remediation is available.

Information Disclosure
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-1335 HIGH This Week

Arbitrary code execution in SOLIDWORKS eDrawings 2025-2026 via out-of-bounds write in EPRT file parsing allows local attackers to gain code execution when opening malicious files. The vulnerability requires user interaction and affects both confidentiality, integrity, and availability. No patch is currently available.

Buffer Overflow RCE Solidworks Edrawings
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-1334 HIGH This Week

Arbitrary code execution in SOLIDWORKS eDrawings 2025-2026 results from an out-of-bounds read flaw in EPRT file processing, enabling attackers to compromise systems by tricking users into opening malicious files. The vulnerability affects local users with no privilege requirements and carries a high severity rating, though no patch is currently available.

Buffer Overflow RCE Information Disclosure Solidworks Edrawings
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-1333 HIGH This Week

Solidworks Edrawings versions up to 2025 contains a vulnerability that allows attackers to execute arbitrary code while opening a specially crafted EPRT file (CVSS 7.8).

RCE Solidworks Edrawings
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-2544 HIGH This Week

Remote command injection in yued-fe LuLu UI through version 3.0.0 allows unauthenticated attackers to execute arbitrary OS commands via the child_process.exec function in run.js. The vulnerability requires no user interaction and can be exploited over the network, potentially leading to complete system compromise. No patch is currently available from the vendor.

Command Injection
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
2.1%
CVE-2026-1046 HIGH This Week

Arbitrary code execution in Mattermost Desktop App through version 6.2.0 results from insufficient validation of help menu links, enabling a malicious server administrator to execute arbitrary executables on affected users' systems when they click specially crafted help items. This vulnerability affects multiple versions including 5.2.13.0 and 6.0, requiring user interaction and authenticated server access to exploit. No patch is currently available for this HIGH severity vulnerability.

Information Disclosure Mattermost Desktop
NVD VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-2474 HIGH PATCH This Week

Heap buffer overflow in Perl's Crypt::URandom module (versions 0.41-0.54) allows denial of service through integer wraparound when negative length values are passed to the crypt_urandom_getrandom() XS function, causing heap corruption and application crashes. The vulnerability requires direct control over the length parameter, limiting real-world exploitability in typical usage scenarios where this value is hardcoded. No patch is currently available for affected users.

Buffer Overflow Memory Corruption Denial Of Service Suse
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-2566 HIGH This Week

Stack buffer overflow in Wavlink WL-NU516U1 firmware up to version 130/260 allows authenticated remote attackers to achieve code execution via a malformed firmware_url parameter to /cgi-bin/adm.cgi. Public exploit code exists for this vulnerability and the vendor has not provided a patch despite early notification. The high CVSS score (7.2) reflects the severity of unauthenticated remote code execution risk, though exploitation currently requires high-level privileges.

Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-26930 HIGH This Week

SmarterTools SmarterMail before 9526 allows XSS via MAPI requests. [CVSS 7.2 HIGH]

XSS
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-2542 HIGH This Week

Total VPN 0.5.29.0 on Windows contains an unquoted search path vulnerability in win-service.exe that allows local attackers with low privileges to achieve code execution through path manipulation. The vulnerability requires high attack complexity and local access, but no patch is currently available from the vendor.

Windows
NVD GitHub VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-2538 HIGH This Week

Flos Freeware Notepad2 versions 4.2.22 through 4.2.25 contain an uncontrolled search path vulnerability in Msimg32.dll that allows local attackers with user-level privileges to achieve code execution and system compromise. Exploitation requires high complexity and local access, but successful attacks can result in complete system confidentiality, integrity, and availability breaches. No patch is currently available, and the vendor has not responded to disclosure attempts.

Privilege Escalation
NVD GitHub VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-2451 MEDIUM This Month

Information disclosure in Pretix email template processing allows authenticated backend users to extract sensitive system data including database credentials and API keys through specially crafted placeholder syntax that bypasses existing security controls. An attacker with email template modification privileges can leverage Python object introspection to access arbitrary system configuration details. No patch is currently available for this vulnerability affecting Pretix and its Double Opt In Step extension.

Information Disclosure Pretix Double Opt In Step
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-2452 MEDIUM PATCH This Month

Information disclosure in Pretix email template processing allows authenticated backend users to extract sensitive system data including database credentials and API keys through specially crafted placeholder syntax that bypasses existing validation controls. An attacker with email template editing permissions can leverage this vulnerability to access confidential configuration information from the system. A patch is available to address the ineffective placeholder sanitization mechanism.

Information Disclosure Pretix Newsletters
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-2532 MEDIUM PATCH This Month

Server-side request forgery in Deepaudit versions up to 3.0.3 allows authenticated remote attackers to manipulate the IP Address Handler component in the embedding configuration endpoint, potentially enabling them to perform arbitrary network requests from the affected server. The vulnerability requires valid credentials but no user interaction, affecting the AI/ML product's backend services. Upgrading to version 3.0.4 or later resolves this issue.

SSRF AI / ML Deepaudit
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy