Skip to main content
CVE-2025-70327 CRITICAL POC Act Now

Argument injection in TOTOLINK X5000R router v9.1.0cu via setDiagnosisCfg handler allows unauthenticated remote code execution. EPSS 2.0% with PoC available.

Denial Of Service X5000r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2026-23552 CRITICAL POC PATCH Act Now

Cross-realm token acceptance bypass in Apache Camel Keycloak security policy. The KeycloakSecurityPolicy fails to properly validate token issuers, accepting tokens from different Keycloak realms. PoC available.

Apache Camel
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-23693 CRITICAL Act Now

Critical vulnerability in ElementsKit Elementor Addons WordPress plugin allows unauthenticated access to critical functions. CVSS 10.0 affecting a widely-used WordPress plugin with 1M+ installations.

WordPress
NVD
CVSS 3.1
10.0
EPSS
0.2%
CVE-2026-24494 CRITICAL Act Now

SQL injection in Order Up Online Ordering System 1.0 via /api/integrations/getintegrations endpoint allows unauthenticated database compromise.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-3062 CRITICAL PATCH Act Now

Out-of-bounds read and write in Chrome Tint shader compiler on Mac before 145.0.7632.116. More severe than CVE-2026-3061 due to additional write capability enabling potential code execution.

Chrome Google Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2588 CRITICAL PATCH Act Now

Integer overflow in Crypt::NaCl::Sodium Perl module through version 2.001 on 32-bit systems. The Sodium.xs binding casts a size_t to int, causing overflow that could compromise cryptographic operations.

Integer Overflow Crypt
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-3061 CRITICAL PATCH Act Now

Out-of-bounds read in Google Chrome Media component before 145.0.7632.116 allows remote attackers to perform memory reads via crafted media content.

Google Chrome Red Hat Suse
NVD
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-70043 CRITICAL Act Now

Improper certificate validation in Ayms node-To master Node.js module. The application does not properly validate TLS certificates, enabling man-in-the-middle attacks.

TLS
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy