Skip to main content
CVE-2026-26746 HIGH POC This Week

Open Source Point Of Sale versions up to 3.4.1 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

PHP RCE LFI Open Source Point Of Sale
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2018-25158 HIGH POC This Week

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. [CVSS 8.8 HIGH]

PHP
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-26064 HIGH POC PATCH This Week

Remote code execution in Calibre 9.2.1 and earlier allows authenticated users to write arbitrary files via a path traversal flaw in the extract_pictures() function that fails to properly sanitize directory traversal sequences. On Windows systems, attackers can exploit this to write malicious payloads to the Startup folder, achieving code execution upon the next user login. Public exploit code exists for this vulnerability, and a patch is available in version 9.3.0.

Windows RCE Path Traversal Calibre Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2019-25451 HIGH POC This Week

phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. [CVSS 8.8 HIGH]

PHP CSRF Phpmoadmin
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2857 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve complete system compromise through the Port Forwarding Configuration endpoint. The vulnerability exists in the submit-url parameter processing and has public exploit code available. Affected devices are remotely exploitable by authenticated users with no user interaction required.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2856 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware 1.01.07 Filter Configuration endpoint allows authenticated remote attackers to achieve full system compromise through a malicious submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but executes with no user interaction needed.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2855 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware's DDNS settings handler allows authenticated remote attackers to achieve complete system compromise through a malicious submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects firmware version 1.01.07 and can be exploited without user interaction.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2854 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 NTP configuration endpoint allows remote authenticated attackers to achieve complete system compromise through manipulation of the submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw carries a high severity rating with CVSS score of 8.8 due to potential for remote code execution with minimal attack complexity.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2853 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve full system compromise through manipulation of the submit-url parameter in the System Log Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can trigger this flaw to execute arbitrary code with complete control over confidentiality, integrity, and availability.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-26065 HIGH POC PATCH This Week

Calibre versions 9.2.1 and below allow authenticated users to write arbitrary files with any extension to any writable location via path traversal in PDB file readers, potentially enabling code execution or system compromise through file overwriting. The vulnerability affects both 132-byte and 202-byte PDB header variants and silently overwrites existing files without warning. Public exploit code exists and patches are available in version 9.3.0 and later.

Denial Of Service Path Traversal Calibre Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-26990 HIGH POC PATCH This Week

SQL injection in LibreNMS versions 25.12.0 and below allows authenticated users to extract sensitive database information through time-based blind SQL injection in the address-search function. An attacker with valid credentials can manipulate the subnet prefix parameter to bypass query logic and infer data through conditional timing responses. Public exploit code exists for this vulnerability; upgrade to version 26.2.0 or later to remediate.

PHP MySQL SNMP SQLi Librenms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-27190 HIGH POC PATCH This Week

Command injection in Deno versions prior to 2.6.8 allows unauthenticated remote attackers to execute arbitrary commands through the node:child_process implementation. Public exploit code exists for this vulnerability, which carries a CVSS score of 8.1 and affects the confidentiality, integrity, and availability of affected systems. Users should upgrade to Deno 2.6.8 or later to remediate this risk.

Command Injection Deno Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2019-25431 HIGH POC This Week

delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. [CVSS 8.2 HIGH]

SQLi
NVD GitHub Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-26723 HIGH POC This Week

Global Facilities Management Software versions up to 20230721a is affected by cross-site scripting (xss) (CVSS 8.2).

XSS Global Facilities Management Software
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25435 HIGH POC This Week

Sricam DeviceViewer 3.12.0.1 contains a local buffer overflow vulnerability in the user management add user function that allows authenticated attackers to execute arbitrary code by bypassing data execution prevention. [CVSS 7.8 HIGH]

Buffer Overflow Stack Overflow Deviceviewer
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-26724 HIGH POC This Week

Global Facilities Management Software versions up to 20230721a is affected by cross-site scripting (xss) (CVSS 7.6).

XSS Global Facilities Management Software
NVD GitHub
CVSS 3.1
7.6
EPSS
0.1%
CVE-2026-24892 HIGH POC PATCH This Week

Unsafe PHP deserialization in openITCOCKPIT Community Edition 5.3.1 and earlier allows authenticated attackers to inject malicious serialized objects through changelog entries, with public exploit code available. While no current attack path has been identified, an unrestricted unserialize() call creates a latent remote code execution vulnerability that could be exploited if future code changes introduce exploitable object types into the deserialization path. Authenticated access is required, but the HIGH severity rating reflects the potential for complete system compromise if this latent flaw is activated.

PHP Prometheus RCE Deserialization Openitcockpit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2019-25438 HIGH POC This Week

LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. [CVSS 7.5 HIGH]

PHP SQLi Labcollector
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2019-25432 HIGH POC This Week

Part-DB 0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to login by injecting SQL syntax into authentication parameters. [CVSS 7.5 HIGH]

Authentication Bypass
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-24891 HIGH POC This Week

Remote code execution in openITCOCKPIT 5.3.1 and earlier via unsafe deserialization in the Gearman worker component, which calls unserialize() on untrusted job payloads without validation or class restrictions. Attackers can exploit this by submitting crafted serialized objects to trigger PHP Object Injection when Gearman is exposed to untrusted networks. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP Prometheus Deserialization Openitcockpit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-26996 HIGH POC PATCH This Week

Minimatch versions 10.2.0 and below suffer from catastrophic backtracking in regular expression processing when glob patterns contain multiple consecutive wildcards, enabling denial of service attacks with exponential time complexity. Applications that process user-supplied glob patterns are vulnerable to CPU exhaustion, with worst-case scenarios causing indefinite hangs; public exploit code exists for this vulnerability. The issue is resolved in version 10.2.1.

Denial Of Service Minimatch Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-68043 HIGH POC This Week

Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through <= 3.0.0. [CVSS 7.3 HIGH]

Authentication Bypass
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-2847 HIGH POC This Week

Remote code execution in UTT HiPER 520 Firmware 1.7.7-160105 allows unauthenticated attackers to inject arbitrary OS commands through the Isp_Name parameter in the web management interface. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker can achieve full system compromise by sending a specially crafted request to the /goform/formReleaseConnect endpoint.

Command Injection 520 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2026-2846 HIGH POC This Week

Remote command injection in UTT HiPer 520 Firmware 1.7.7-160105 web management interface allows unauthenticated attackers to execute arbitrary OS commands through the policyNames parameter. Public exploit code exists for this vulnerability, increasing risk of active exploitation. No patch is currently available.

Command Injection 520 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2026-26721 HIGH POC This Week

Global Facilities Management Software versions up to 20230721a contains a security vulnerability (CVSS 7.1).

Information Disclosure Global Facilities Management Software
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-26960 HIGH POC PATCH This Week

Path traversal in node-tar versions 7.5.7 and earlier allows local attackers to read and write arbitrary files outside the extraction directory by crafting malicious tar archives containing hardlinks that bypass extraction path validation. Public exploit code exists for this vulnerability, which affects default extraction configurations in Node.js and related Tar implementations. The vulnerability has been patched in node-tar 7.5.8.

D-Link Node.js Tar Red Hat Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-2033 HIGH PATCH Act Now

Remote code execution in the MLflow Tracking Server allows unauthenticated attackers (PR:N) to abuse the artifact handler's path processing to read or write files outside the intended artifact root and ultimately run code as the server's service account. The flaw is a CWE-22 path traversal in artifact file-path handling reachable over the network with low complexity. No public exploit is identified at time of analysis, but the EPSS score of 15.58% (95th percentile) signals notably elevated near-term exploitation likelihood for an MLOps component frequently exposed on internal and cloud networks.

RCE Path Traversal
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
15.6%
CVE-2026-2042 HIGH This Week

Remote code execution in Nagios Xi's monitoringwizard module allows authenticated attackers to execute arbitrary commands through insufficient input validation in system calls. An attacker with valid credentials can exploit this command injection vulnerability to gain code execution with service account privileges on affected installations. No patch is currently available for this high-severity vulnerability.

RCE Command Injection Nagios Xi
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2026-2041 HIGH This Week

Nagios Xi for iOS is vulnerable to command injection in the zabbixagent_configwizard_func method due to insufficient input validation, allowing authenticated attackers to execute arbitrary code with service account privileges. The vulnerability requires valid credentials but no user interaction to exploit, and no patch is currently available. Exploitation could grant attackers full system access on affected Nagios installations.

RCE Command Injection Nagios Xi
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2026-2043 HIGH This Week

Remote code execution in Nagios Xi through command injection in the esensors_websensor_configwizard_func method allows authenticated attackers to execute arbitrary commands with service account privileges. The vulnerability stems from insufficient input validation on user-supplied parameters passed to system calls. With a CVSS score of 8.8 and no patch currently available, this poses a significant risk to authenticated users of affected Nagios installations.

RCE Command Injection Nagios Xi
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2026-2037 HIGH This Week

Unsafe deserialization in GFI Archiver's MArc.Core.Remoting service (port 8017) enables authenticated remote attackers to achieve unauthenticated remote code execution with SYSTEM privileges, despite the authentication requirement being bypassable. The vulnerability stems from insufficient validation of untrusted data during the deserialization process, allowing arbitrary code execution on affected systems. No patch is currently available.

RCE Deserialization Archiver
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2026-2036 HIGH This Week

Remote code execution in GFI Archiver's MArc.Store.Remoting.exe component stems from unsafe deserialization of untrusted data, allowing authenticated attackers to execute arbitrary code with SYSTEM privileges despite the authentication requirement being bypassable. The vulnerability affects the deserialization and archiver products due to insufficient validation of user-supplied input, enabling full system compromise. No patch is currently available.

RCE Deserialization Archiver
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2026-2044 HIGH PATCH This Week

Remote code execution in GIMP 3.0.6 allows attackers to run arbitrary code by tricking a user into opening a malicious PGM (Portable Gray Map) image file or visiting a page that delivers one. The PGM parser accesses memory before it is properly initialized (CWE-908), letting a crafted file corrupt program state and hijack execution in the context of the current user. Discovered and reported via Trend Micro's Zero Day Initiative (ZDI-26-118 / ZDI-CAN-28158); no public exploit identified at time of analysis and EPSS exploitation probability is low (0.06%, 20th percentile).

RCE Gimp
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-0797 HIGH PATCH This Week

Remote code execution in GIMP 3.2.0-rc1 lets attackers run arbitrary code by tricking a user into opening a malicious ICO image file or visiting a page that delivers one. The flaw is a heap-based buffer overflow in the ICO file parser caused by missing length validation before a copy operation, and it executes code in the context of the GIMP process. No public exploit has been identified at time of analysis, and EPSS estimates exploitation probability at just 0.06% (19th percentile), consistent with a user-interaction-gated client-side bug rather than mass-exploited infrastructure.

RCE Buffer Overflow Heap Overflow Gimp
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-67998 HIGH This Week

Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous Elementor miraculous-el allows Authentication Abuse.This issue affects Miraculous Elementor: from n/a through <= 2.0.7. [CVSS 8.8 HIGH]

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-22354 HIGH This Week

Dotstore Woocommerce Category Banner Management banner-management-for-woocommerce is affected by deserialization of untrusted data (CVSS 8.8).

WordPress Deserialization
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-22346 HIGH This Week

The Slider Responsive Slideshow WordPress plugin through version 1.5.4 contains an unsafe deserialization flaw that enables authenticated attackers to inject arbitrary objects and achieve remote code execution. An attacker with user-level access can exploit this vulnerability to compromise the affected website with high impact to confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

Deserialization
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-22345 HIGH This Week

Object injection in WP Life Image Gallery plugin versions 1.6.0 and earlier exploits unsafe deserialization to allow authenticated attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability requires valid user credentials but no user interaction, making it exploitable by low-privileged accounts. No patch is currently available for this HIGH severity vulnerability affecting popular WordPress gallery functionality.

Deserialization
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-69328 HIGH This Week

magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce is affected by deserialization of untrusted data (CVSS 8.8).

WordPress Deserialization PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-69294 HIGH This Week

Deserialization of Untrusted Data vulnerability in fuelthemes PeakShops peakshops allows Object Injection.This issue affects PeakShops: from n/a through <= 1.5.9. [CVSS 8.8 HIGH]

Deserialization
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-68853 HIGH This Week

Deserialization of Untrusted Data vulnerability in Kleor Contact Manager contact-manager allows Object Injection.This issue affects Contact Manager: from n/a through <= 9.1.1. [CVSS 8.8 HIGH]

Deserialization
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-68531 HIGH This Week

modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery is affected by deserialization of untrusted data (CVSS 8.8).

Deserialization
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-68526 HIGH This Week

A WP Life Modal Popup Box modal-popup-box is affected by deserialization of untrusted data (CVSS 8.8).

Deserialization
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-26975 HIGH This Week

Remote code execution in Music Assistant Server 2.6.3 and below enables unauthenticated network-adjacent attackers to execute arbitrary code through path traversal in the playlist update API, which fails to enforce file extension restrictions and allows writing malicious Python files to site-packages. The vulnerability is particularly critical because affected containers typically run as root, amplifying the impact of successful exploitation. No patch is currently available, leaving installations at risk until an upgrade to version 2.7.0 or later is performed.

Python RCE Path Traversal Music Assistant Server
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2472 HIGH PATCH This Week

Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data.

Google XSS
NVD GitHub
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-69379 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8. [CVSS 8.6 HIGH]

WordPress Path Traversal PHP
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-69376 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0. [CVSS 8.6 HIGH]

WordPress Path Traversal PHP
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-69063 HIGH This Week

Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 3.2.0. [CVSS 8.6 HIGH]

Authentication Bypass
NVD
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-24959 HIGH This Week

Blind SQL injection in JoomSky JS Help Desk through version 3.0.1 enables authenticated attackers to execute arbitrary SQL queries with network access and no user interaction required. The vulnerability affects database confidentiality and system availability, though integrity is not compromised. No patch is currently available for this high-severity flaw.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-67987 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through <= 10.3.1. [CVSS 8.5 HIGH]

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.0%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy