Cisco Secure Firewall Management Center (FMC) contains a critical unauthenticated Java deserialization vulnerability (CVE-2026-20131, CVSS 10.0) in its web interface that enables remote code execution as root. KEV-listed with public PoC, this vulnerability allows complete compromise of the central management platform that controls all Cisco firewalls in the organization, enabling attackers to modify security policies, disable protections, and access all network traffic.
Unauthenticated auth bypass in Cisco FMC web interface. CVSS 10.0.
Command injection in Mobvoi Tichome Mini smart speaker via crafted requests. EPSS 1.2%. PoC available.
Hardcoded/insecure credentials in IDC SFX Series SuperFlex Satellite Receiver. Multiple accounts with known credentials enable complete device takeover.
SQL injection in databaseir v.1.0.7 via query parameter. PoC available.
D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup. [CVSS 9.8 CRITICAL]
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWWConfig. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formDeviceReboot. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvFirewall. Part of a family of 15+ critical buffer overflows in this router.
Code execution via HwRwDrv.sys in Nil Hardware Editor. PoC available.
A use-after-free vulnerability in the Linux kernel's netfilter nf_tables chain registration allows local attackers with user privileges to trigger memory corruption and cause a denial of service, potentially leading to privilege escalation. The flaw occurs when hook registration fails during chain addition, allowing concurrent operations to access freed memory without proper RCU synchronization. The vulnerability affects systems running vulnerable Linux kernels with netfilter enabled, and no patch is currently available.
Missing BLE authentication in Pebble Prism Ultra smartwatch. PoC available.
JWT authentication bypass in pac4j-jwt before 4.5.9/5.7.9/6.3.3 when processing encrypted JWTs. PoC available.
RCE in Craft CMS before 4.17.0-beta.1/5.9.0-beta.1 via template injection for authenticated admins. PoC and patch available.
Authenticated attackers can execute arbitrary OS commands with root privileges on IDC SFX2100 satellite receivers through command injection in the web-based Ping utility, bypassing input filters by using alternate shell metacharacters like the pipe operator. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the web management interface and allows complete system compromise for any authenticated user.
Authenticated attackers can achieve remote code execution with root privileges on IDC SFX2100 satellite receiver devices through OS command injection in the web-based Traceroute diagnostic tool. By injecting shell metacharacters into the flags parameter, an attacker can execute arbitrary operating system commands on the affected system. Public exploit code exists for this vulnerability, and no patch is currently available.
Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. [CVSS 8.2 HIGH]
NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the experience parameter. [CVSS 8.2 HIGH]
XML injection in the IDC SFX2100 satellite receiver web interface allows authenticated attackers to inject arbitrary XML elements and execute reflected cross-site scripting attacks through unsanitized input in the checkifdone.cgi script. Public exploit code exists for this vulnerability, and potential for more severe attacks such as XXE exploitation has not been ruled out. No patch is currently available for affected firmware versions.
FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. [CVSS 8.2 HIGH]
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the job_id parameter. [CVSS 8.2 HIGH]
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landing_location parameter. [CVSS 8.2 HIGH]
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the app_id parameter. [CVSS 8.2 HIGH]
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. [CVSS 8.2 HIGH]
F2FS swapfile memory corruption in Linux kernel 6.6+ allows local attackers with user privileges to cause data corruption through improper physical block mapping when using fragmented swapfiles smaller than the F2FS section size. Public exploit code exists for this vulnerability, and attackers can trigger dm-verity corruption errors or F2FS node corruption leading to system crashes and data loss. No patch is currently available.
Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files. [CVSS 7.8 HIGH]
Remote attackers can inject arbitrary command-line arguments into bird-lg-go's traceroute module through unsanitized user input, enabling denial-of-service attacks that exhaust system resources. The vulnerability affects Golang and bird-lg-go installations prior to commit 6187a4e, and public exploit code exists. A patch is available to remediate this high-severity flaw.
Remote denial of service attacks against DJI Mavic Mini, Spark, and Mini SE firmware versions 0.1.00.0500 and below can be executed over the network by exploiting the Enhanced-WiFi transmission subsystem without authentication. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker can disrupt drone operations and connectivity by sending specially crafted wireless transmissions to affected devices.
The JS Help Desk - AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied values and lack of sufficient preparation on the existing SQL query. [CVSS 7.5 HIGH]
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. [CVSS 7.5 HIGH]
Craft is a content management system (CMS). [CVSS 7.5 HIGH]
Unauthenticated disclosure of WordPress user email addresses in Mail Mint plugin versions before 1.19.5 through an unprotected REST API endpoint allows remote attackers to enumerate users without authentication. Public exploit code exists for this vulnerability, and no patch is currently available. This affects all installations of the Mail Mint plugin below the patched version.
Unauthenticated remote attackers can exploit Apache ActiveMQ Artemis (2.11.0-2.44.0) and Apache Artemis (2.50.0-2.51.0) to force brokers into establishing malicious Core protocol federation connections. This missing authentication (CWE-306) enables both message injection into any queue and exfiltration from any queue via attacker-controlled rogue brokers. Exploitation requires environments allowing untrusted Core protocol connections (default port 61616) in both inbound and outbound directions. EPSS score of 0.20% suggests low current exploitation probability, and no CISA KEV listing exists, indicating this is not yet widely exploited despite the critical CVSS 9.3 score. Vendor patch available in version 2.52.0.
Remote code execution in Craft CMS 5.8.21 allows authenticated administrators to execute arbitrary PHP code through Server-Side Template Injection in the create() Twig function combined with Symfony Process gadget chains. Public exploit code exists for this vulnerability, which bypasses the previous patch for CVE-2025-57811. Updates are available in Craft CMS 5.9.0-beta.1 and 4.17.0-beta.1.
PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. [CVSS 7.1 HIGH]
Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. [CVSS 7.1 HIGH]
Concrete CMS versions below 9.4.8 contain a cross-site request forgery vulnerability in the Anti-Spam Allowlist Group Configuration that allows authenticated administrators to modify security settings without valid CSRF token validation. An attacker with administrative privileges can exploit this to bypass security controls by manipulating the group_id parameter before token verification occurs. Public exploit code exists for this vulnerability, and a patch is available.
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe. [CVSS 6.6 MEDIUM]
Authenticated users can exploit a path traversal vulnerability in the SFX2100 firmware's logging interface to enumerate arbitrary files on the system through directory traversal in the file parameter. Public exploit code exists for this medium-severity flaw, and no patch is currently available, leaving affected organizations reliant on access controls to mitigate risk. The vulnerability allows attackers with valid credentials to confirm file existence through backup operation responses, potentially exposing sensitive system information.
Craft CMS prior to versions 4.17.0-beta.1 and 5.9.0-beta.1 allows users with entry creation permissions to arbitrarily assign authorship of new entries to any user, including administrators, through mass assignment of the authorId parameter. Public exploit code exists for this vulnerability, enabling attackers to spoof entry authorship and manipulate content attribution. The vulnerability is fixed in the specified beta releases.
Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. [CVSS 6.1 MEDIUM]
Reflected XSS in IDC SFX2100 Firmware's logging interface allows remote attackers to inject malicious scripts through the submitType parameter without authentication or user interaction. Public exploit code exists for this vulnerability, enabling attackers to execute arbitrary JavaScript in users' browsers and potentially steal sensitive data or perform unauthorized actions. No patch is currently available.
The SFX2100 web management interface fails to sanitize the `cat` parameter in /index.cgi, enabling reflected XSS attacks that allow remote attackers to execute arbitrary JavaScript in a victim's browser without authentication. Public exploit code exists for this vulnerability, and currently no patch is available. An attacker could exploit this to steal session cookies, perform unauthorized actions, or redirect users to malicious content.
Two-factor authentication bypass in Vaultwarden 1.34.3 and earlier allows authenticated attackers to circumvent 2FA protections on sensitive operations, enabling unauthorized access to API keys and destructive actions against vaults and organizations. Public exploit code exists for this vulnerability, which affects the unofficial Bitwarden-compatible server and currently lacks an available patch. Attackers with legitimate account credentials can escalate privileges to perform administrative actions typically restricted by 2FA controls.
Hardcoded/insecure credentials in IDC SFX Series SuperFlex Satellite Receiver. Multiple accounts with known credentials enable complete device takeover.