Skip to main content
CVE-2026-22769 CRITICAL KEV PATCH THREAT Act Now

Dell RecoverPoint for Virtual Machines prior to 6.0.3.1 HF1 contains hardcoded credentials (CVE-2026-22769, CVSS 10.0) that allow unauthenticated remote attackers with knowledge of the credentials to gain root-level access to the underlying operating system. KEV-listed, this vulnerability exposes disaster recovery infrastructure to complete compromise, potentially affecting the integrity of backup and replication data.

Dell Authentication Bypass Privilege Escalation RCE Recoverpoint For Virtual Machines
NVD
CVSS 3.1
10.0
EPSS
34.2%
Threat
4.5
CVE-2025-70830 CRITICAL Act Now

Server-Side Template Injection (SSTI) in Datart v1.0.0-rc.3 via Freemarker template engine allows authenticated users to execute arbitrary code on the server.

Code Injection RCE
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-23647 CRITICAL Act Now

Hardcoded OS credentials in Glory RBG-100 cash recycler systems using ISPK-08 software component. Physical cash handling equipment ships with known default credentials enabling complete system takeover.

Linux SSH
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-1670 CRITICAL Act Now

Unauthenticated API exposure in industrial control products allows remote attackers to access critical functions without authentication.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-26220 CRITICAL Act Now

Remote code execution in LightLLM 1.1.0 and prior lets unauthenticated attackers run arbitrary code on the PD master node when the framework runs in prefill-decode (PD) disaggregation mode. The PD master exposes WebSocket endpoints that feed inbound binary frames straight into Python's pickle.loads(), so any attacker able to reach that socket can execute code in the serving process. No CISA KEV listing exists and EPSS is modest at 0.83% (74th percentile), but a public technical write-up (chocapikk.com) plus a VulnCheck advisory mean publicly available exploit code exists, so this should be treated as an urgent internal-exposure risk.

RCE Deserialization
NVD GitHub
CVSS 4.0
9.3
EPSS
0.8%
CVE-2025-59793 CRITICAL Act Now

Path traversal in Rocket TRUfusion Enterprise through 7.10.5 via /axis2/services endpoint allows authenticated attackers to read and write arbitrary files on the host. EPSS 0.32%.

RCE Path Traversal Trufusion Enterprise
NVD
CVSS 4.0
9.4
EPSS
0.3%
CVE-2026-22208 CRITICAL Act Now

Remote code execution in OpenS100 (S-100 viewer reference implementation) prior to commit 753cf29. Malicious S-100 dataset files can trigger code execution when opened. CVSS 9.6.

RCE
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.2%
CVE-2025-66614 CRITICAL PATCH Act Now

Input validation vulnerability in Apache Tomcat affecting versions 11.0.0-M1 through 11.0.14, 10.1.0-M1 through 10.1.34, and 9.0.0.M1 through 9.0.98. Critical severity issue in one of the most widely deployed Java application servers.

Apache Tomcat Red Hat Suse
NVD HeroDevs VulDB
CVSS 3.1
9.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy