Skip to main content
CVE-2026-28517 CRITICAL POC PATCH Act Now

Remote code execution in openDCIM 23.04 allows unauthenticated attackers to execute arbitrary OS commands as the web server user by poisoning the 'dot' configuration parameter in the database, then triggering execution via report_network_map.php. Public exploit code exists with a documented SQL injection to command injection attack chain. EPSS score of 0.57% (68th percentile) suggests moderate but not widespread exploitation probability, though the publicly available weaponized exploit significantly elevates real-world risk for exposed instances.

PHP Command Injection Opendcim
NVD GitHub
CVSS 4.0
9.3
EPSS
0.6%
CVE-2026-28515 CRITICAL POC PATCH Act Now

Missing authorization in openDCIM 23.04 (through commit 4467e9c4) lets any authenticated user — regardless of assigned role — reach LDAP configuration handling in install.php and container-install.php, and where REMOTE_USER is trusted without real authentication enforcement the endpoints may be reachable with no credentials at all. Because the same installer path also chains into a SQL injection in the configuration-update routine and a command injection in report_network_map.php (both fixed in the same PR), the broken access control is a stepping stone to full remote code execution. Publicly available exploit code exists (Chocapikk's 'SQLi to RCE' write-up and PoC); EPSS is low at 0.22% (44th percentile) and the CVE is not listed in CISA KEV, so no confirmed active exploitation.

PHP Opendcim Authentication Bypass
NVD GitHub
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-28516 CRITICAL POC PATCH Act Now

SQL injection in openDCIM 23.04 (up to commit 4467e9c4) lets attackers execute arbitrary SQL through the Config::UpdateParameter routine, which the install.php and container-install.php handlers reach with unsanitized, string-interpolated input. Publicly available exploit code exists (Chocapikk PoC and write-up) demonstrating a chain from SQLi to remote code execution, though it is not listed in CISA KEV and EPSS rates real-world exploitation probability at only 0.04%. Note a data conflict: the CVSS 4.0 vector encodes PR:N (unauthenticated) while the description states an authenticated user is required.

PHP SQLi Opendcim
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-3301 CRITICAL POC Act Now

Command injection in TOTOLINK N300RH router firmware 6.1c.1353 via setDiagnosisCfg handler. EPSS 4.0% with PoC available — high exploitation probability for consumer routers.

Command Injection N300rh Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
4.0%
CVE-2026-28409 CRITICAL POC Act Now

Critical RCE via OS command injection in WeGIA before 3.6.5. Unauthenticated attackers can execute arbitrary commands on the server. CVSS 10.0 with PoC available.

RCE Authentication Bypass Command Injection Wegia
NVD GitHub
CVSS 3.1
10.0
EPSS
0.3%
CVE-2026-28411 CRITICAL POC Act Now

Authentication bypass via unsafe extract() function in WeGIA before 3.6.5. The extract() call on user-controlled data allows overwriting authentication variables. EPSS 0.7% with PoC available.

PHP Authentication Bypass Wegia
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-28408 CRITICAL POC Act Now

Authentication bypass in WeGIA charitable institution management system before 3.6.5. The adicionar_tipo_docs_atendido.php script lacks authentication, allowing unauthorized access. PoC available.

PHP Golang Wegia
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-28370 CRITICAL POC PATCH Act Now

Code injection in OpenStack Vitrage query parser allows authenticated users to execute arbitrary Python code through crafted queries. Affects versions before 12.0.1, 13.0.0, 14.0.0, and 15.0.0. PoC available.

RCE Code Injection Authentication Bypass Vitrage
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-28231 CRITICAL POC PATCH Act Now

Integer overflow in pillow_heif Python library before 1.3.0 leads to out-of-bounds read when processing HEIF images, potentially causing information disclosure or crashes. PoC and patch available.

Python Integer Overflow Denial Of Service Information Disclosure Pillow Heif +1
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-3271 HIGH POC This Week

Remote code execution in Tenda F453 firmware through a buffer overflow in the P2pListFilter HTTP handler allows authenticated attackers to achieve complete system compromise. Public exploit code exists for this vulnerability, creating immediate risk for deployed devices. No patch is currently available, leaving affected systems vulnerable to exploitation.

Buffer Overflow F453 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3275 HIGH POC This Week

Remote code execution in Tenda F453 firmware allows authenticated attackers to achieve complete system compromise through a buffer overflow in the httpd address NAT function. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

Buffer Overflow F453 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3274 HIGH POC This Week

Remote code execution in Tenda F453 firmware through a buffer overflow in the L7Prot HTTP handler allows unauthenticated attackers to achieve full system compromise via a malicious page parameter. Public exploit code exists for this vulnerability, increasing the risk of widespread attacks. No patch is currently available, leaving affected devices vulnerable until firmware updates are released.

Buffer Overflow F453 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3273 HIGH POC This Week

Remote code execution in Tenda F453 firmware version 1.0.0.3 allows authenticated attackers to execute arbitrary code via a buffer overflow in the wireless security settings endpoint. The vulnerability exists in the httpd component's formWrlsafeset function and can be triggered through manipulation of the mit_ssid_index parameter. Public exploit code is available and no patch has been released.

Buffer Overflow F453 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3272 HIGH POC This Week

Unauthenticated remote attackers can execute arbitrary code on Tenda F453 devices running firmware 1.0.0.3 by exploiting a stack buffer overflow in the DHCP list client function through the httpd service. Public exploit code exists for this vulnerability and no patch is currently available. The attack requires network access but no user interaction, making it trivial to exploit.

Buffer Overflow F453 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-69437 HIGH POC This Week

PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. [CVSS 8.7 HIGH]

Java Publiccms XSS
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-26861 HIGH POC PATCH This Week

CleverTap Web SDK through version 1.15.2 contains a cross-site scripting vulnerability in its postMessage handler that fails to properly validate message origins, allowing attackers to inject malicious scripts by exploiting subdomain bypass techniques. Public exploit code exists for this vulnerability, and affected applications can be compromised through user interaction. A patch is available to address the insufficient origin validation in the nativeDisplay.js component.

XSS Clevertap Web Sdk
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-26862 HIGH POC PATCH This Week

CleverTap Web SDK versions 1.15.2 and earlier contain a DOM-based XSS vulnerability in the Visual Builder module due to improper origin validation of postMessage events, allowing attackers to inject malicious scripts through crafted subdomains. Public exploit code exists for this vulnerability, which affects all users of the affected SDK versions. An attacker can execute arbitrary JavaScript in the context of a victim's browser session to steal sensitive data or perform unauthorized actions.

XSS Clevertap Web Sdk
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2019-25494 HIGH POC This Week

Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. [CVSS 8.2 HIGH]

SQLi Authentication Bypass Airbnb Clone Script
NVD Exploit-DB VulDB
CVSS 3.1
8.2
EPSS
0.3%
CVE-2019-25489 HIGH POC This Week

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting_id parameter. [CVSS 8.2 HIGH]

SQLi Denial Of Service Airbnb Clone Script
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25496 HIGH POC This Week

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. [CVSS 8.2 HIGH]

PHP SQLi Oscommerce
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25495 HIGH POC This Week

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. [CVSS 8.2 HIGH]

PHP SQLi Oscommerce
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25497 HIGH POC This Week

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. [CVSS 8.2 HIGH]

PHP SQLi Oscommerce
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25493 HIGH POC This Week

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. [CVSS 8.2 HIGH]

PHP SQLi Airbnb Clone Script
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25492 HIGH POC This Week

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. [CVSS 8.2 HIGH]

PHP SQLi Airbnb Clone Script
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25491 HIGH POC This Week

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. [CVSS 8.2 HIGH]

PHP SQLi Airbnb Clone Script
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25490 HIGH POC This Week

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. [CVSS 8.2 HIGH]

PHP SQLi Airbnb Clone Script
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-1442 HIGH POC This Week

Unitree robotics firmware updates can be modified and executed by local attackers due to inadequate encryption of the firmware protection mechanism, allowing arbitrary code execution on affected Go1 and Go2 models. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with physical or local access could tamper with firmware packages to gain complete control over the device.

Authentication Bypass Go2 Edu Plus Firmware Go1 Air Firmware Go2 Air Firmware Go1 Pro Firmware +3
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-28414 HIGH POC PATCH GHSA This Week

Gradio versions up to 6.7 contains a vulnerability that allows attackers to read arbitrary files from the file system (CVSS 7.5).

Windows Python Path Traversal AI / ML Gradio
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27836 HIGH POC PATCH This Week

Unauthenticated account creation in phpMyFAQ versions before 4.0.18 allows remote attackers to register unlimited user accounts through the WebAuthn prepare endpoint without authentication, CSRF protection, or captcha validation, even when registration is disabled. Public exploit code exists for this vulnerability. Update to version 4.0.18 or later to remediate.

CSRF Phpmyfaq
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28372 HIGH POC PATCH This Week

Inetutils versions up to 2.7 is affected by inclusion of functionality from untrusted control sphere (CVSS 7.4).

Linux Privilege Escalation Inetutils
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-27707 HIGH POC PATCH This Week

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. [CVSS 7.3 HIGH]

Information Disclosure Seerr
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-25147 HIGH POC PATCH This Week

OpenEMR versions prior to 8.0.0 allow authenticated portal users to access other patients' protected health information through insecure direct object references (IDOR) in the payment portal, enabling horizontal privilege escalation to view and modify another patient's demographics, invoices, and payment history. The vulnerability stems from accepting patient ID values from user-controlled request parameters instead of validating against the authenticated user's session. Public exploit code exists for this vulnerability.

PHP Privilege Escalation Openemr
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-28338 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) in PMD's legacy vbhtml and yahtml report formats allows arbitrary JavaScript execution when HTML reports are opened in a browser, triggered by analyzing malicious source code containing crafted string literals. Public exploit code exists for this vulnerability affecting PMD versions prior to 7.22.0. The impact is limited since these legacy formats are rarely used and the default html format is properly escaped.

XSS Pmd
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-27734 MEDIUM POC PATCH This Month

Path traversal in Beszel hub's container API endpoints allows authenticated users, including those with read-only roles, to bypass validation and access arbitrary Docker Engine API endpoints on agent hosts through improper URL path construction. This exposure of sensitive infrastructure details affects Beszel versions prior to 0.18.4 and Docker integrations, with public exploit code already available. The vulnerability requires valid authentication but no special privileges, making it exploitable by low-privileged users in multi-tenant environments.

Docker Beszel Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28354 MEDIUM POC This Month

Unauthorized collection manipulation in ClipBucket v5 prior to 5.5.3 #59 allows authenticated attackers to add or remove items from other users' collections due to missing and broken authorization checks in the add and delete item functions. An attacker with valid credentials can exploit this to alter collections they do not own without restriction. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP Clipbucket
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24488 MEDIUM POC PATCH This Month

OpenEMR versions up to 8.0.0 contain a path traversal vulnerability in the fax sending functionality that allows authenticated users to exfiltrate arbitrary files from the server, including database credentials, patient records, and source code. The fax endpoint fails to validate or restrict file paths, enabling attackers to read and transmit sensitive data to attacker-controlled phone numbers. Public exploit code exists for this vulnerability, and a patch is available.

Path Traversal Openemr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27810 MEDIUM POC This Month

HTTP response header injection in Calibre Content Server prior to version 9.4.0 permits authenticated users to inject arbitrary headers through an unsanitized query parameter, potentially enabling cache poisoning, session fixation, or credential theft attacks. Any authenticated user can exploit this vulnerability directly or via social engineering, affecting all instances with authentication enabled. Public exploit code exists and no patch is currently available.

Code Injection Calibre Suse
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-21718 CRITICAL Act Now

Authentication bypass in Copeland XWEB Pro HVAC controller version 1.12.1 and prior due to weak cryptographic algorithm. CVSS 10.0 — any unauthenticated attacker can gain full system access to building automation controllers.

Authentication Bypass Xweb 500d Pro Firmware Xweb 300d Pro Firmware Xweb 500b Pro Firmware
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-28363 CRITICAL PATCH Act Now

Validation bypass in OpenClaw tools.exec.safeBins allows shell command execution through GNU long-option abbreviation. Attackers can abuse the 'sort' binary whitelist entry to execute arbitrary commands via abbreviated flags. CVSS 9.9.

Authentication Bypass Privilege Escalation Openclaw
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-2749 CRITICAL Act Now

Path traversal in Centreon Open Tickets module allows authenticated attackers to read or write files outside intended directories. CVSS 9.9 with scope change indicates impact beyond the vulnerable component.

Path Traversal Open Tickets
NVD VulDB
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-21659 CRITICAL Act Now

Unauthenticated RCE and information disclosure via Local File Inclusion in Johnson Controls Frick Controls. Fifth critical vulnerability in the product line, enabling arbitrary file reads and code execution.

RCE LFI Information Disclosure Frick Controls Quantum Hd Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-21658 CRITICAL Act Now

Unauthenticated remote code execution via code injection in Johnson Controls Frick Controls Quantum HD. Fourth critical vulnerability — this one explicitly noted as unauthenticated RCE.

RCE Code Injection Frick Controls Quantum Hd Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-21654 CRITICAL Act Now

OS command injection in Johnson Controls Frick Controls Quantum HD allows unauthenticated remote attackers to execute arbitrary commands on industrial refrigeration control systems. CVSS 9.8.

Command Injection Frick Controls Quantum Hd Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-27755 CRITICAL Act Now

Weak session identifier generation in SODOLA SL902-SWTGW124AS network switch firmware allows attackers to predict session tokens and hijack administrative sessions.

Authentication Bypass Sl902 Swtgw124as Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-21657 CRITICAL Act Now

Second code injection vulnerability in Johnson Controls Frick Controls Quantum HD. Separate attack vector from CVE-2026-21656, same critical impact on industrial refrigeration control.

Code Injection Frick Controls Quantum Hd Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-21656 CRITICAL Act Now

Code injection in Johnson Controls Frick Controls Quantum HD allows unauthenticated remote code execution on industrial refrigeration systems. Second critical vulnerability in the Quantum HD product line.

Code Injection Frick Controls Quantum Hd Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2251 CRITICAL Act Now

Path traversal vulnerability in Xerox FreeFlow Core allows attackers to access files outside restricted directories, potentially exposing sensitive print job data and system configurations.

Path Traversal Freeflow Core
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-12981 CRITICAL Act Now

Privilege escalation in Listee WordPress theme allows unauthenticated attackers to gain administrator access. All versions up to 1.1.6 affected.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27751 CRITICAL Act Now

Default credentials in SODOLA SL902-SWTGW124AS network switch firmware allow unauthenticated remote access. Default credentials are publicly known, enabling complete device takeover.

Information Disclosure Sl902 Swtgw124as Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-21660 CRITICAL Act Now

Hardcoded email credentials stored as plaintext in Johnson Controls Frick Controls firmware. Sixth critical vulnerability — exposed credentials could enable account access and lateral movement.

Authentication Bypass Frick Controls Quantum Hd Firmware
NVD
CVSS 3.1
9.8
EPSS
0.0%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy