Code injection in OneUptime monitoring via custom JS monitor using vm module. PoC and patch available.
Stack Overflow and Tenda A21 1.0.0.0 are vulnerable to remote code execution through a stack-based buffer overflow in the device name configuration function, exploitable by authenticated attackers without user interaction. Public exploit code exists for this vulnerability, enabling attackers to achieve complete compromise of affected systems. No patch is currently available.
Remote code execution in Tenda A21 1.0.0.0 firmware via stack-based buffer overflow in the WiFi settings endpoint allows authenticated attackers to execute arbitrary code with full system privileges. The vulnerability exists in the fast_setting_wifi_set function where unsanitized SSID parameter input can overflow the stack, and public exploit code is currently available. No patch has been released for this high-severity vulnerability affecting both the A21 firmware and Stack Overflow products.
Stack-based buffer overflow in Tenda A21 firmware allows remote attackers with valid credentials to achieve complete system compromise through malicious input to the schedStartTime/schedEndTime parameters in the openSchedWifi function. Public exploit code exists for this vulnerability, and no patch is currently available. This affects confidentiality, integrity, and availability with high severity (CVSS 8.8).
Stack-based buffer overflow in Tenda A21 1.0.0.0 MAC filtering configuration allows remote authenticated attackers to achieve full system compromise through malicious devName/mac parameters. Public exploit code exists for this vulnerability, which remains unpatched. The flaw affects the set_device_name function in the /goform/setBlackRule endpoint with high exploitability due to network accessibility and low attack complexity.
Remote code execution in Tenda A21 firmware through a stack buffer overflow in the QoS bandwidth configuration endpoint allows unauthenticated attackers to execute arbitrary code with full system privileges. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the set_qosMib_list function when processing unsanitized input, enabling network-based attacks from authenticated users or potentially lower-privileged roles.
The SAIL image library contains a heap buffer overflow in its XWD file parser that fails to validate the bytes_per_line value read from untrusted files, allowing attackers to trigger out-of-bounds memory writes during image processing. Public exploit code exists for this vulnerability affecting all versions of SAIL. No patch is currently available, leaving users of this cross-platform image loading library exposed to potential code execution or denial of service attacks.
Stack-based buffer overflow in D-Link DWR-M960 1.01.07 firmware allows remote authenticated attackers to achieve complete system compromise through crafted input to the IPv6 setup function. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.
Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution through a malformed submit-url parameter in the WAN interface configuration handler. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can leverage this to gain complete system compromise.
Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution by manipulating the submit-url parameter in the /boafrm/formDosCfg function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires low complexity with no user interaction, affecting device confidentiality, integrity, and availability.
Remote code execution in D-Link DWR-M960 firmware through stack-based buffer overflow in the Advanced Firewall Configuration endpoint allows authenticated attackers to achieve complete system compromise. The vulnerability exists in the /boafrm/formFirewallAdv component where improper input validation on the submit-url parameter enables stack overflow attacks. Public exploit code is available and no patch has been released.
Remote code execution in Tenda A21 1.0.0.0 firmware results from a stack buffer overflow in the SetIpMacBind function accessible via the /goform/SetIpMacBind endpoint, allowing unauthenticated remote attackers to execute arbitrary code with high integrity and availability impact. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for affected devices.
SQL injection in ZoneMinder's status.php getNearEvents() function allows authenticated users with event management permissions to execute arbitrary database queries through improperly sanitized Event Name and Cause fields in versions 1.36.37 and below or 1.37.61 through 1.38.0. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker could extract sensitive data, modify database contents, or potentially achieve code execution depending on database permissions and configuration.
Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows remote attackers with low privileges to achieve complete system compromise through manipulation of the submit-url parameter in the /boafrm/formIpQoS function. Public exploit code exists for this vulnerability and no patch is currently available, creating immediate risk for affected deployments.
Prototype pollution in Swiper versions 6.5.1 through 12.1.1 allows local authenticated attackers to manipulate Object.prototype through improperly validated user input, enabling authentication bypass, denial of service, and remote code execution. Public exploit code exists for this vulnerability, which affects applications on Linux and Windows using Node.js or Bun runtimes. A patch is available and should be applied immediately to affected systems processing untrusted input.
Wallos versions 4.6.0 and below allow authenticated attackers to perform Server-Side Request Forgery attacks through the logo upload feature by exploiting HTTP redirects that bypass IP validation checks, enabling access to internal resources and cloud metadata endpoints. Public exploit code exists for this vulnerability, and an available patch should be applied immediately to prevent unauthorized disclosure of sensitive configuration and credentials.
Unauthenticated attackers can access sensitive files in GetSimple CMS when Apache's AllowOverride directive is disabled, bypassing .htaccess protections that restrict directory access. This configuration is common in hardened and shared hosting environments, exposing authorization credentials, API keys, and cryptographic salts in files like authorization.xml. Public exploit code exists for this vulnerability, and no patch is currently available.
Arbitrary file read vulnerability in GetSimple CMS affects all versions through its Uploaded Files feature, allowing unauthenticated remote attackers to access sensitive files on affected systems. Public exploit code exists for this vulnerability, and no patch is currently available. The high-severity flaw (CVSS 7.5) poses a significant confidentiality risk to all GetSimple CMS deployments.
BigBlueButton versions 3.0.21 and below allow remote denial of service when ClamAV is configured following official documentation, as the exposed clamd ports (3310, 7357) can be targeted by attackers to send malicious documents that exhaust server resources or crash the scanning service. This vulnerability affects Ubuntu and Docker deployments since standard firewall rules do not restrict container traffic, and public exploit code exists. An unauthenticated remote attacker requires only network access to trigger the denial of service condition.
Arbitrary host file exfiltration from Cloud Hypervisor VMM versions 34.0-50.0. CVSS 10.0. Patch available.
Ray dashboard versions 2.53.0 and below lack proper authentication on DELETE endpoints, allowing unauthenticated attackers to terminate Serve instances or remove jobs through DNS rebinding or same-network attacks. Public exploit code exists for this vulnerability, which impacts Ray deployments with dashboards exposed to network access. Administrators should upgrade to Ray 2.54.0 or higher to remediate the availability risk.
RCE in D-Tale pandas data visualizer before 3.20.0 via /save-column-filter. Patch available.
SQL injection in the Agri Trading Online Shopping System 1.0 admin panel allows unauthenticated remote attackers to manipulate product parameters and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the HTTP POST request handler in admin/productcontroller.php and enables data exfiltration, modification, and potential denial of service.
Stored XSS in LinkAce 2.4.2 and below allows authenticated users to inject malicious JavaScript through improperly sanitized list descriptions in the Atom feed endpoint, which executes in browsers via native SVG elements without requiring an RSS reader. An attacker can exploit this to perform actions on behalf of victims visiting the feed URL, with public exploit code already available. A patch is available to remediate this cross-site scripting vulnerability affecting the self-hosted link archiving application.
GetSimple CMS allows authenticated users to upload SVG files containing malicious JavaScript through the administrative interface, which executes in browsers when the files are accessed due to insufficient sanitization. Public exploit code exists for this stored XSS vulnerability, and no patch is currently available, leaving all GetSimple CMS versions at risk.
Funadmin versions up to 7.1.0-rc4 contain an information disclosure vulnerability in the password recovery function that allows unauthenticated remote attackers to access sensitive user data. Public exploit code is available for this vulnerability, and the vendor has not released a patch despite early notification. The low CVSS score of 5.3 reflects limited impact, though organizations running affected versions should implement compensating controls until an update is available.
Static Web Server versions up to 2.40.1 contains a vulnerability that allows attackers to identify valid users by exploiting early responses for invalid usernames, enabli (CVSS 5.3).
SAML authentication bypass in Sentry 21.12.0 through 26.1.0.
Missing authorization in ERPNext ERP before 15.98.0/16.6.0. Patch available.
Stored cross-site scripting in OpenSift versions 1.1.2-alpha and below allows authenticated attackers to execute arbitrary JavaScript in victims' browsers by injecting malicious content into study materials, quizzes, or flashcards that render without proper HTML sanitization. An attacker with the ability to create or modify stored content could perform unauthorized actions within authenticated user sessions. No patch is currently available for this vulnerability.
Stack-based buffer overflow in Tenda A18 firmware versions up to 15.13.07.13 allows remote attackers with low privileges to achieve code execution through the wpapsk_crypto5g parameter in the /goform/WifiExtraSet endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score (8.8) reflects the combination of remote exploitability and complete system compromise potential.
Stack overflow in Tenda A18 firmware version 15.13.07.13 allows remote attackers with low privileges to achieve complete system compromise through a malformed deviceList parameter in the /goform/setBlackRule endpoint. Public exploit code is available and the vulnerability remains unpatched, creating significant risk for affected devices.
Formwork CMS versions 2.0.0 through 2.3.3 fail to validate user privileges during account creation, allowing authenticated editors to create admin accounts and gain full CMS control. An attacker with editor-level access can exploit this authorization bypass to escalate privileges without restriction, completely compromising the application. A patch is available in version 2.3.4.
Arbitrary file upload in GetSimple CMS results from missing CSRF protection on the administrative upload endpoint, allowing an attacker to silently inject files through a malicious webpage visited by an authenticated admin. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker needs only to trick an authenticated user into visiting a crafted page to compromise the application.
eBay API MCP Server's ebay_set_user_tokens tool fails to validate environment variable inputs in the updateEnvFile function, allowing authenticated attackers to inject arbitrary variables into the .env configuration file. An attacker with login credentials can exploit this to overwrite existing configurations, trigger denial of service conditions, or achieve remote code execution through malicious environment variable injection. No patch is currently available for this vulnerability affecting all versions of the AI/ML product.
Zumba Json Serializer versions 3.2.2 and below allow unrestricted PHP object instantiation during JSON deserialization, enabling attackers to trigger arbitrary class constructors and magic methods via malicious @type fields. When processing untrusted JSON input, this vulnerability can lead to PHP Object Injection and remote code execution if vulnerable gadget chains are present in the application or its dependencies. The vulnerability affects applications using affected PHP serialization libraries and currently lacks a patched version.
Strimzi Kafka Operator versions 0.49.0-0.50.0 incorrectly trusts all intermediate CAs in a multistage certificate chain for mTLS authentication, allowing any user with a certificate signed by any CA in the chain to authenticate to Kafka listeners. This authentication bypass affects only deployments using custom Cluster or Clients CA with multi-level CA chains. No patch is currently available.
Versions 5.73.8 and below in addition to 6.0.0-alpha.1 versions up to 6.3.1 is affected by cross-site scripting (xss) (CVSS 8.1).
Origin validation bypass in Feathers framework versions 5.0.39 and below allows remote attackers to hijack OAuth tokens by registering domains with a common prefix to legitimate allowed origins, exploiting insufficient string comparison in the getAllowedOrigin() function. An attacker can craft a domain like https://target.com.attacker.com to bypass validation configured for https://target.com and intercept authentication credentials. This affects iOS applications and systems using vulnerable Feathers versions, though exploitation requires specific OAuth flow configurations.
Metabase versions prior to 0.57.13 and 0.58.x through 0.58.6 allow authenticated users to extract sensitive data including database credentials through template injection in the notification system. An attacker with low privileges can exploit unsafe template evaluation to retrieve confidential information and expose database access credentials. A patch is available in versions 0.57.13 and 0.58.7, or administrators can disable notifications as a temporary mitigation.
OpenClaw AI assistant on macOS versions 2026.2.13 and earlier is vulnerable to command injection through the credential refresh mechanism, which improperly handles user-controlled OAuth tokens when constructing shell commands for Keychain operations. An authenticated attacker with local access could exploit this to execute arbitrary OS commands with the privileges of the application user. The vulnerability has been patched in version 2026.2.14.
CollabPlatform's misconfigured CORS policy allows credentialed cross-origin requests from attacker-controlled domains, enabling unauthorized access to sensitive user account data including email addresses, account identifiers, and MFA status. All versions of the application are affected by this vulnerability, which remains unpatched and exploitable through simple web-based attacks requiring user interaction.
OpenClaw versions 2026.2.17 and earlier allow unauthenticated remote attackers to access internal and metadata endpoints through unprotected cron webhook delivery mechanisms that lack SSRF validation. An attacker can exploit this to reach private services and endpoints that should be restricted, potentially leading to information disclosure or lateral movement within the infrastructure. A patch is available in version 2026.2.19.
Moodle's TeX filter fails to properly sanitize administrative configuration inputs, enabling command injection on systems with ImageMagick installed. An authenticated administrator can inject arbitrary system commands through a malicious TeX filter setting, achieving code execution with the privileges of the Moodle server process. No patch is currently available, and exploitation requires administrative access but could compromise the entire Moodle installation.
Moodle's backup restore function fails to properly validate malicious backup files, allowing authenticated administrators to achieve remote code execution through crafted file processing. An attacker with restore privileges can exploit this code injection vulnerability to fully compromise the Moodle server. No patch is currently available.
OpenSift versions 1.1.2-alpha and below allow authenticated attackers to abuse the URL ingest feature's overly permissive server-side request functionality to probe or access private and local network resources from the OpenSift host. The vulnerability requires valid credentials but no user interaction, enabling attackers to enumerate or interact with internal infrastructure not otherwise accessible. No patch is currently available, though version 1.1.3-alpha contains a fix.
A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forget_code/vercode results in weak password recovery. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about...
OpenShift versions 1.1.2-alpha and below suffer from a race condition in local JSON persistence that allows authenticated local users to corrupt data stores or cause loss of updates across sessions, study materials, quizzes, and authentication records. The vulnerability stems from non-atomic and insufficiently synchronized file operations that can be exploited through concurrent access to the application's local storage. No patch is currently available.
Moodle's TeX formula editor fails to enforce adequate execution time limits when processing mimetex content, enabling authenticated users to craft malicious formulas that exhaust server resources. This resource exhaustion vulnerability can degrade application performance or trigger denial-of-service conditions without requiring user interaction or privilege escalation.
The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up to, and including, 2.0.7. [CVSS 6.5 MEDIUM]