Skip to main content
CVE-2025-50191 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. [CVSS 7.2 HIGH]

PHP SQLi Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-64427 HIGH POC This Week

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. [CVSS 7.1 HIGH]

Information Disclosure Zimaos
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-52469 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to forcibly add any user as a friend by directly calling the AJAX endpoint. [CVSS 7.1 HIGH]

Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-2256 MEDIUM POC This Month

ModelScope ms-agent v1.6.0rc1 and earlier allows unauthenticated remote attackers to execute arbitrary operating system commands by injecting malicious input through prompt-derived parameters. Public exploit code exists for this vulnerability, and no patch is currently available. This command injection flaw affects AI/ML systems processing untrusted user prompts.

Command Injection AI / ML Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
2.3%
CVE-2026-28412 MEDIUM POC PATCH This Month

Textream versions prior to 1.5.1 lack connection limits on the DirectorServer WebSocket, allowing remote attackers to trigger denial of service by flooding the server with requests that trigger periodic state broadcasts, exhausting system resources and crashing the application during live sessions. Public exploit code exists for this vulnerability. The issue is resolved in version 1.5.1 and later.

macOS Denial Of Service Textream
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3422 CRITICAL Act Now

U-Office Force by e-Excellence has an insecure deserialization vulnerability allowing unauthenticated remote code execution.

Deserialization U Office Force
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-14532 CRITICAL Act Now

DobryCMS has an unauthenticated file upload vulnerability allowing remote attackers to upload and execute arbitrary files on the web server.

RCE Dorbycms
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-3000 CRITICAL PATCH Act Now

IDExpert Windows Logon Agent has a second RCE vulnerability through another unsigned code download path.

Windows RCE Idexpert
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-2999 CRITICAL PATCH Act Now

IDExpert Windows Logon Agent by Changing has an RCE vulnerability through download of code without integrity check, allowing malicious update injection.

Windows RCE Idexpert
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-52998 CRITICAL PATCH Act Now

Chamilo LMS prior to 1.11.30 has an insecure deserialization vulnerability enabling remote code execution through crafted serialized data.

Deserialization Chamilo Lms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-0006 CRITICAL Act Now

Android has a heap buffer overflow in multiple locations enabling privilege escalation through out-of-bounds read and write operations.

RCE Buffer Overflow Android Google
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-3431 CRITICAL Act Now

SimStudio below 0.5.74 has a missing authorization on MongoDB tool endpoints that allows attackers to execute arbitrary MongoDB operations.

MongoDB Sim
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-3413 MEDIUM POC This Month

SQL injection in itsourcecode University Management System 1.0 via the ID parameter in /admin_single_student.php allows unauthenticated remote attackers to manipulate database queries with public exploit code currently available. The vulnerability enables attackers to read, modify, or delete sensitive academic and administrative data without authentication. No patch is currently available for this PHP-based application.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3411 MEDIUM POC This Month

SQL injection in itsourcecode University Management System 1.0 via the ID parameter in /admin_single_student_update.php allows unauthenticated remote attackers to manipulate database queries and potentially extract or modify sensitive student records. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected institutions at immediate risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3410 MEDIUM POC This Month

Society Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3406 MEDIUM POC This Month

SQL injection in Online Art Gallery Shop 1.0 via the fname parameter in /admin/registration.php enables unauthenticated remote attackers to manipulate database queries. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected PHP installations at immediate risk of data compromise or unauthorized access.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-30044 CRITICAL Act Now

In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection.

Command Injection
NVD
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-2584 CRITICAL Act Now

SQL injection in the authentication module of CISER System SL firmware allows unauthenticated remote attackers to compromise stored configuration data by submitting crafted SQL through the login interface. The CVSS 4.0 base score of 9.3 reflects network-reachable, no-privilege, no-interaction exploitation with high confidentiality and integrity impact, though EPSS remains low at 0.36% and no public exploit identified at time of analysis. The advisory was coordinated by INCIBE-CERT (Spain).

SQLi
NVD VulDB
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-12462 CRITICAL Act Now

A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attacker is able to inject SQL syntax into URL path resulting in Blind SQL Injection.

SQLi
NVD VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-28358 MEDIUM POC PATCH This Month

NocoDB versions prior to 0.301.3 expose user enumeration through the password reset endpoint, which returns distinguishable responses for valid and invalid email addresses. An unauthenticated attacker can exploit this to identify registered users in the system. This vulnerability requires no user interaction and has a CVSS score of 5.3, though no patch is currently available.

Information Disclosure Nocodb
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-50337 MEDIUM POC PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. [CVSS 5.3 MEDIUM]

SSRF Chamilo Lms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3432 CRITICAL Act Now

SimStudio has a second authorization flaw in the OAuth token endpoint that allows privilege escalation through crafted token requests.

Authentication Bypass Sim
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-48609 CRITICAL Act Now

Android MmsProvider has a vulnerability allowing arbitrary file deletion through improper handling of MMS data, potentially causing data loss on mobile devices.

Denial Of Service Path Traversal Android Google
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-30035 CRITICAL Act Now

The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials.

Authentication Bypass
NVD
CVSS 4.0
9.0
EPSS
0.0%
CVE-2025-50198 MEDIUM POC PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. [CVSS 4.9 MEDIUM]

PHP Deserialization Chamilo Lms
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%
CVE-2026-26698 MEDIUM POC This Month

SQL injection in Simple Student Alumni System v1.0's modal_edit.php endpoint allows authenticated administrators to extract sensitive database information through unauthenticated network requests. Public exploit code exists for this vulnerability, though no patch is currently available. The attack requires high-level privileges but can bypass intended access controls to read confidential data.

PHP SQLi Simple Student Alumni System
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-26697 MEDIUM POC This Month

Simple Student Alumni System v1.0 contains a SQL injection vulnerability in the recordteacher_view.php endpoint that allows authenticated administrators to extract sensitive data from the underlying database. Public exploit code exists for this vulnerability, though a patch is currently unavailable. The attack requires high-level administrative privileges but can be executed remotely without user interaction.

PHP SQLi Simple Student Alumni System
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-3132 HIGH This Week

Master Addons for Elementor Premium (WordPress plugin) versions up to 2.1.3 is affected by code injection (CVSS 8.8).

WordPress RCE Code Injection
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-21853 HIGH This Week

Remote code execution in AFFiNE workspace application (versions prior to 0.25.4) allows unauthenticated attackers to execute arbitrary code via malicious affine: URL handlers. Exploitation requires one user click on a crafted link or visiting a malicious website that auto-redirects to the malicious URL. The browser's custom protocol handler automatically launches AFFiNE and processes the payload without further user interaction, achieving RCE. EPSS score of 0.17% (38th percentile) suggests low observed exploitation activity. GitHub security advisory GHSA-67vm-2mcj-8965 confirms the vulnerability with upstream fix available in commit c9a4129a via PR #13864.

RCE Code Injection Affine
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-28399 HIGH PATCH This Week

SQL injection in NocoDB versions prior to 0.301.3 allows authenticated users with Creator role to execute arbitrary SQL commands through the DATEADD formula's unit parameter. This high-severity vulnerability enables attackers to compromise data confidentiality, integrity, and system availability with network access and low complexity. No patch is currently available for affected installations.

SQLi Nocodb
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-31328 HIGH This Week

In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.8 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-10350 HIGH This Week

including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions up to 7.9.0. is affected by sql injection.

SQLi
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2025-50186 MEDIUM POC PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists due to insufficient sanitization of CSV filenames. [CVSS 4.8 MEDIUM]

XSS Chamilo Lms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-52470 MEDIUM POC PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_add.php script. [CVSS 4.8 MEDIUM]

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-20430 HIGH This Week

OpenWrt and its Software Development Kit contain an out-of-bounds write vulnerability in the WLAN access point firmware caused by improper bounds checking, enabling adjacent network attackers to achieve privilege escalation without user interaction or special privileges. The vulnerability carries high severity with complete impact across confidentiality, integrity, and availability, though no patch is currently available.

Privilege Escalation Openwrt Software Development Kit
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3336 HIGH PATCH This Week

Certificate chain verification bypass in AWS-LC, Amazon's libcrypto/BoringSSL-derived cryptographic library, lets unauthenticated attackers forge trust in PKCS7 objects carrying multiple signers: PKCS7_verify() validates only the final signer and skips chain verification for all preceding signers (CWE-295). Affected applications can be tricked into accepting signed data whose earlier signers chain to untrusted or invalid certificates. There is no public exploit identified at time of analysis, EPSS is low (0.03%, 10th percentile), and AWS-managed services are unaffected per the vendor, but the flaw is fixed in AWS-LC 1.69.0.

Aws Libcrypto Aws Lc Sys Authentication Bypass
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-3338 HIGH PATCH This Week

Signature verification bypass in AWS-LC's PKCS7_verify() function lets unauthenticated attackers get forged PKCS#7 objects containing Authenticated Attributes accepted as validly signed, defeating the integrity guarantee the API exists to provide. It affects applications linking AWS-LC, including the Rust aws-lc-sys binding and aws_libcrypto, and is tagged as enabling JWT/authentication-bypass attacks. No public exploit identified at time of analysis and EPSS is very low (0.03%), but integrity impact is High (CVSS 4.0 8.7) and a fixed release (1.69.0) is already available.

Aws Lc Sys Aws Libcrypto Jwt Attack Authentication Bypass
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-0007 HIGH This Week

Android versions up to 14.0 is affected by improper restriction of rendered ui layers or frames (CVSS 8.6).

Privilege Escalation Android Google
NVD
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-0038 HIGH PATCH This Week

Android versions up to - contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0031 HIGH PATCH This Week

Local privilege escalation in Android's mem_protect.c results from integer overflow conditions that enable out-of-bounds memory writes, allowing unauthenticated local attackers to gain elevated system privileges without user interaction. The vulnerability affects multiple functions within the memory protection component and is exploitable by any process on the affected device. A patch is available to address this high-severity issue.

Integer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0030 HIGH PATCH This Week

Local privilege escalation in Android's mem_protect.c allows unprivileged attackers to achieve full system access through an out-of-bounds write caused by insufficient bounds validation. The vulnerability requires no user interaction and can be exploited immediately upon device compromise by any local process.

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0028 HIGH PATCH This Week

Local privilege escalation in Android's __pkvm_host_share_guest function allows unprivileged attackers to achieve kernel-level code execution through integer overflow-induced out-of-bounds memory writes. The vulnerability requires no user interaction and can be exploited directly from any local context on affected devices. A patch is available to address this high-severity flaw.

Integer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-21882 HIGH PATCH This Week

Local privilege escalation in theshit command-line utility versions prior to 0.2.0 allows unprivileged users to execute arbitrary commands with elevated privileges through improper privilege dropping during command re-execution. An attacker with local access can exploit this vulnerability to gain root or elevated system access. No patch is currently available.

Privilege Escalation
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0029 HIGH PATCH This Week

Local privilege escalation in Android's pKVM hypervisor initialization allows unprivileged attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability stems from a logic error in the __pkvm_init_vm function that fails to properly validate memory operations during VM setup. A patch is available to address this high-severity flaw affecting Android devices.

Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0034 HIGH This Week

Improper input validation in Android's ManagedServices notification policy handler allows local attackers to escalate privileges without requiring additional permissions or user interaction. An attacker can exploit this flaw to desynchronize notification policies and gain elevated system privileges on the affected device. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0011 HIGH This Week

Local privilege escalation in Android's Settings.java enableSystemPackageLPw function allows unauthenticated local attackers to manipulate location access controls through a logic error, requiring no user interaction. An attacker with local access can exploit this vulnerability to gain elevated privileges and bypass location permission enforcement. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-48605 HIGH This Week

In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-48602 HIGH This Week

In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-48650 HIGH This Week

In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

SQLi Privilege Escalation Information Disclosure Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-48636 HIGH This Week

In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Path Traversal Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy