File upload bypass in FreeScout 1.8.206 — patch bypass for CVE-2026-27636. PoC and patch available. CVSS 10.0.
RCE in Qwik JavaScript framework <= 1.19.0 via unsafe deserialization in server$ Runtime. EPSS 13.4% with PoC available.
Unauthenticated token disclosure in OpenEMR before 8.0.0. CVSS 10.0. PoC and patch available.
Path traversal in OpenEMR 7.0.4 disposeDocument() allows file access. PoC available.
Command injection in D-Link DIR-868L via SSDP service. PoC available.
Heap overflow in libbiosig 3.9.2 Intan CLP parsing. PoC available.
Privilege escalation in User Registration & Membership WordPress plugin.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter. Part of a family of 15+ critical buffer overflows in this router.
Buffer overflow in Tenda AC15V1.0 via formSetMacFilterCfg. PoC available.
SQL injection in renren-security before v5.5.0 in BaseServiceImpl.java. PoC available.
Privilege escalation and auth bypass in OpenSTAManager 2.9.8. PoC available.
Information disclosure in OpenEMR 5.0.2 to before 8.0.0 exposes sensitive data. PoC and patch available.
Command injection in Froxlor server admin before 2.3.4 due to typo (== instead of =) disabling input validation entirely. PoC and patch available.
Zip slip to arbitrary file write in Zdir Pro 4.x ZIP extraction API. PoC available.
RCE in Apache Ranger <= 2.7.0 via NashornScriptEngineCreator. EPSS 0.42%.
Command injection in Weintek cMT-3072XH2 HMI DHCP activation. EPSS 0.30%.
Auth bypass in All-in-One Microsoft 365 SSO WordPress plugin.
Improper authorization in Google Cloud Build GitHub Trigger allowing unauthenticated build execution. EPSS 0.19%.
Default admin credentials in OpenMQ message broker. Shipped with known default admin password.
Missing authorization in OpenText Filr allows auth bypass via XSRF tokens.
Command execution via reset_pj.cgi in Weintek cMT-3072XH2.
Pickle deserialization RCE in Step-Video-T2V via API endpoints.
Input validation flaw in Devolutions Server error message page enables remote spoofing attacks.
Auth bypass in Weintek cMT-3072XH2 authorization mechanism.
Azure AD auth bypass in Devolutions Server 2025.3.15.0 and earlier.
Insecure password saving enforcement in Devolutions Remote Desktop Manager 2025.3.
Behavioral control bypass in Devolutions Server 2025.3.15 allows authenticated users to exploit delete permissions.
Stored XSS in AliasVault password manager. Patch available.
Local privilege escalation in Portwell Engineering Toolkits 4.8.2 stems from a kernel driver that exposes unchecked arbitrary memory read/write primitives to authenticated users. An attacker already logged onto an affected industrial/embedded host can corrupt kernel memory to elevate to SYSTEM-level control or crash the machine. No public exploit has been identified and the EPSS score is very low (0.02%, 3rd percentile), indicating no current evidence of opportunistic exploitation; this was reported through CISA's ICS-CERT rather than via observed in-the-wild activity.