Skip to main content
CVE-2025-65716 HIGH POC This Week

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file. [CVSS 8.8 HIGH]

RCE Code Injection Markdown Preview Enhanced
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-65715 HIGH POC This Week

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace. [CVSS 7.8 HIGH]

RCE Code Injection Coderunner
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-2567 HIGH POC This Week

Remote code execution in Wavlink WL-NU516U1 firmware through a stack-based buffer overflow in the nas.cgi User1Passwd parameter allows unauthenticated network attackers to achieve full system compromise. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

Buffer Overflow Stack Overflow Wl Nu516u1 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2019-25379 HIGH POC This Week

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. [CVSS 7.2 HIGH]

XSS Smoothwall Express
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2019-25395 HIGH POC This Week

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the preferences.cgi script that allow attackers to inject malicious scripts through the HOSTNAME, KEYMAP, and OPENNESS parameters. [CVSS 7.2 HIGH]

XSS Smoothwall Express
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2019-25394 HIGH POC This Week

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. [CVSS 7.2 HIGH]

XSS Smoothwall Express
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-2001 HIGH This Week

Arbitrary plugin installation in WowRevenue for WordPress (versions up to 2.1.3) allows authenticated subscribers to bypass capability checks and install malicious plugins, potentially enabling remote code execution on vulnerable sites. The vulnerability requires only low-privilege user access and network connectivity, affecting WordPress instances running the vulnerable plugin without an available patch.

WordPress RCE
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-2447 HIGH PATCH This Week

Heap buffer overflow in libvpx affects Firefox and Thunderbird across multiple versions, enabling remote code execution when a user interacts with malicious content. An unauthenticated attacker can exploit this vulnerability over the network without special privileges to achieve complete system compromise including data theft and integrity violations. No patch is currently available, making this a critical risk for affected users.

Buffer Overflow Mozilla Heap Overflow Thunderbird
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2101 HIGH This Week

ENOVIAvpm Web Access versions 1.16 through 1.19 contain a reflected XSS vulnerability that allows authenticated attackers to inject and execute arbitrary JavaScript in a victim's browser session through a crafted URL. The vulnerability requires user interaction to trigger but can lead to session hijacking, credential theft, or malware distribution across the affected organization. No patch is currently available, requiring organizations to implement network-level mitigations or restrict access until a fix is released.

XSS
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-2564 HIGH This Week

Intelbras VIP 3260 Z IA devices running firmware 2.840.00IB005.0.T contain a weak password recovery mechanism in the /OutsideCmd functionality that allows remote attackers with high technical sophistication to potentially compromise authentication controls. The vulnerability carries a CVSS score of 8.1 and currently lacks a patch, requiring organizations to implement compensating controls or consider alternative solutions until remediation is available.

Information Disclosure
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-1335 HIGH This Week

Arbitrary code execution in SOLIDWORKS eDrawings 2025-2026 via out-of-bounds write in EPRT file parsing allows local attackers to gain code execution when opening malicious files. The vulnerability requires user interaction and affects both confidentiality, integrity, and availability. No patch is currently available.

Buffer Overflow RCE Solidworks Edrawings
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-1334 HIGH This Week

Arbitrary code execution in SOLIDWORKS eDrawings 2025-2026 results from an out-of-bounds read flaw in EPRT file processing, enabling attackers to compromise systems by tricking users into opening malicious files. The vulnerability affects local users with no privilege requirements and carries a high severity rating, though no patch is currently available.

Buffer Overflow RCE Information Disclosure Solidworks Edrawings
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-1333 HIGH This Week

Solidworks Edrawings versions up to 2025 contains a vulnerability that allows attackers to execute arbitrary code while opening a specially crafted EPRT file (CVSS 7.8).

RCE Solidworks Edrawings
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-2544 HIGH This Week

Remote command injection in yued-fe LuLu UI through version 3.0.0 allows unauthenticated attackers to execute arbitrary OS commands via the child_process.exec function in run.js. The vulnerability requires no user interaction and can be exploited over the network, potentially leading to complete system compromise. No patch is currently available from the vendor.

Command Injection
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
2.1%
CVE-2026-1046 HIGH This Week

Arbitrary code execution in Mattermost Desktop App through version 6.2.0 results from insufficient validation of help menu links, enabling a malicious server administrator to execute arbitrary executables on affected users' systems when they click specially crafted help items. This vulnerability affects multiple versions including 5.2.13.0 and 6.0, requiring user interaction and authenticated server access to exploit. No patch is currently available for this HIGH severity vulnerability.

Information Disclosure Mattermost Desktop
NVD VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-2474 HIGH PATCH This Week

Heap buffer overflow in Perl's Crypt::URandom module (versions 0.41-0.54) allows denial of service through integer wraparound when negative length values are passed to the crypt_urandom_getrandom() XS function, causing heap corruption and application crashes. The vulnerability requires direct control over the length parameter, limiting real-world exploitability in typical usage scenarios where this value is hardcoded. No patch is currently available for affected users.

Buffer Overflow Memory Corruption Denial Of Service Suse
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-2566 HIGH This Week

Stack buffer overflow in Wavlink WL-NU516U1 firmware up to version 130/260 allows authenticated remote attackers to achieve code execution via a malformed firmware_url parameter to /cgi-bin/adm.cgi. Public exploit code exists for this vulnerability and the vendor has not provided a patch despite early notification. The high CVSS score (7.2) reflects the severity of unauthenticated remote code execution risk, though exploitation currently requires high-level privileges.

Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-26930 HIGH This Week

SmarterTools SmarterMail before 9526 allows XSS via MAPI requests. [CVSS 7.2 HIGH]

XSS
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-2542 HIGH This Week

Total VPN 0.5.29.0 on Windows contains an unquoted search path vulnerability in win-service.exe that allows local attackers with low privileges to achieve code execution through path manipulation. The vulnerability requires high attack complexity and local access, but no patch is currently available from the vendor.

Windows
NVD GitHub VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-2538 HIGH This Week

Flos Freeware Notepad2 versions 4.2.22 through 4.2.25 contain an uncontrolled search path vulnerability in Msimg32.dll that allows local attackers with user-level privileges to achieve code execution and system compromise. Exploitation requires high complexity and local access, but successful attacks can result in complete system confidentiality, integrity, and availability breaches. No patch is currently available, and the vendor has not responded to disclosure attempts.

Privilege Escalation
NVD GitHub VulDB
CVSS 3.1
7.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy