Skip to main content
CVE-2026-20131 CRITICAL POC KEV THREAT Emergency

Cisco Secure Firewall Management Center (FMC) contains a critical unauthenticated Java deserialization vulnerability (CVE-2026-20131, CVSS 10.0) in its web interface that enables remote code execution as root. KEV-listed with public PoC, this vulnerability allows complete compromise of the central management platform that controls all Cisco firewalls in the organization, enabling attackers to modify security policies, disable protections, and access all network traffic.

Cisco Java Deserialization RCE
NVD VulDB GitHub
CVSS 3.1
10.0
EPSS
0.6%
Threat
6.0
CVE-2026-20079 CRITICAL POC Emergency

Unauthenticated auth bypass in Cisco FMC web interface. CVSS 10.0.

Cisco Authentication Bypass
NVD GitHub
CVSS 3.1
10.0
EPSS
0.2%
Threat
4.2
CVE-2026-26478 CRITICAL POC Act Now

Command injection in Mobvoi Tichome Mini smart speaker via crafted requests. EPSS 1.2%. PoC available.

Command Injection Tichome Mini Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2026-28775 CRITICAL POC Act Now

Hardcoded/insecure credentials in IDC SFX Series SuperFlex Satellite Receiver. Multiple accounts with known credentials enable complete device takeover.

SNMP RCE Sfx2100 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-66944 CRITICAL POC Act Now

SQL injection in databaseir v.1.0.7 via query parameter. PoC available.

SQLi Databasir
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-46108 CRITICAL POC Act Now

D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup. [CVSS 9.8 CRITICAL]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70222 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70225 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWWConfig. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70221 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70219 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formDeviceReboot. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70226 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70223 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70220 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70218 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvFirewall. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-66678 CRITICAL POC Act Now

Code execution via HwRwDrv.sys in Nil Hardware Editor. PoC available.

RCE SQLi Hardware Read Write Utility
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-23231 HIGH POC PATCH CISA Act Now

A use-after-free vulnerability in the Linux kernel's netfilter nf_tables chain registration allows local attackers with user privileges to trigger memory corruption and cause a denial of service, potentially leading to privilege escalation. The flaw occurs when hook registration fails during chain addition, allowing concurrent operations to access freed memory without proper RCU synchronization. The vulnerability affects systems running vulnerable Linux kernels with netfilter enabled, and no patch is currently available.

Linux Use After Free Information Disclosure Memory Corruption
NVD VulDB Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
Threat
5.1
CVE-2025-69969 CRITICAL POC Act Now

Missing BLE authentication in Pebble Prism Ultra smartwatch. PoC available.

RCE Information Disclosure Pebble Prism Ultra Firmware
NVD GitHub
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-29000 CRITICAL POC PATCH Act Now

JWT authentication bypass in pac4j-jwt before 4.5.9/5.7.9/6.3.3 when processing encrypted JWTs. PoC available.

Authentication Bypass Jwt Attack
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-28697 CRITICAL POC PATCH Act Now

RCE in Craft CMS before 4.17.0-beta.1/5.9.0-beta.1 via template injection for authenticated admins. PoC and patch available.

PHP RCE Craft Cms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2026-28773 HIGH POC This Week

Authenticated attackers can execute arbitrary OS commands with root privileges on IDC SFX2100 satellite receivers through command injection in the web-based Ping utility, bypassing input filters by using alternate shell metacharacters like the pipe operator. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the web management interface and allows complete system compromise for any authenticated user.

Command Injection Sfx2100 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2026-28774 HIGH POC This Week

Authenticated attackers can achieve remote code execution with root privileges on IDC SFX2100 satellite receiver devices through OS command injection in the web-based Traceroute diagnostic tool. By injecting shell metacharacters into the flags parameter, an attacker can execute arbitrary operating system commands on the affected system. Public exploit code exists for this vulnerability, and no patch is currently available.

Command Injection Sfx2100 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2019-25507 HIGH POC This Week

Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2019-25504 HIGH POC This Week

NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the experience parameter. [CVSS 8.2 HIGH]

SQLi
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-28770 HIGH POC This Week

XML injection in the IDC SFX2100 satellite receiver web interface allows authenticated attackers to inject arbitrary XML elements and execute reflected cross-site scripting attacks through unsanitized input in the checkifdone.cgi script. Public exploit code exists for this vulnerability, and potential for more severe attacks such as XXE exploitation has not been ruled out. No patch is currently available for affected firmware versions.

XSS XXE Sfx2100 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2019-25506 HIGH POC This Week

FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. [CVSS 8.2 HIGH]

PHP SQLi Authentication Bypass Freesms
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.3%
CVE-2019-25499 HIGH POC This Week

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the job_id parameter. [CVSS 8.2 HIGH]

PHP SQLi Authentication Bypass Simplejobscript
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.3%
CVE-2019-25498 HIGH POC This Week

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landing_location parameter. [CVSS 8.2 HIGH]

SQLi Authentication Bypass Simplejobscript
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.2%
CVE-2019-25501 HIGH POC This Week

Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the app_id parameter. [CVSS 8.2 HIGH]

PHP SQLi Authentication Bypass Simplejobscript
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25500 HIGH POC This Week

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. [CVSS 8.2 HIGH]

SQLi Simplejobscript
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-23233 HIGH POC PATCH This Week

F2FS swapfile memory corruption in Linux kernel 6.6+ allows local attackers with user privileges to cause data corruption through improper physical block mapping when using fragmented swapfiles smaller than the F2FS section size. Public exploit code exists for this vulnerability, and attackers can trigger dm-verity corruption errors or F2FS node corruption leading to system crashes and data loss. No patch is currently available.

Linux Google Buffer Overflow Memory Corruption Linux Kernel +3
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-70341 HIGH POC PATCH This Week

Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files. [CVSS 7.8 HIGH]

Race Condition App Auto Patch
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-26514 HIGH POC PATCH This Week

Remote attackers can inject arbitrary command-line arguments into bird-lg-go's traceroute module through unsanitized user input, enabling denial-of-service attacks that exhaust system resources. The vulnerability affects Golang and bird-lg-go installations prior to commit 6187a4e, and public exploit code exists. A patch is available to remediate this high-severity flaw.

Golang Denial Of Service Bird Lg Go
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-26673 HIGH POC This Week

Remote denial of service attacks against DJI Mavic Mini, Spark, and Mini SE firmware versions 0.1.00.0500 and below can be executed over the network by exploiting the Enhanced-WiFi transmission subsystem without authentication. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker can disrupt drone operations and connectivity by sending specially crafted wireless transmissions to affected devices.

Denial Of Service Mini Se Firmware Spark Firmware Mavic Mini Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-7337 HIGH POC This Week

The JS Help Desk - AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied values and lack of sufficient preparation on the existing SQL query. [CVSS 7.5 HIGH]

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-28435 HIGH POC PATCH This Week

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. [CVSS 7.5 HIGH]

Denial Of Service Cpp Httplib Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-28696 HIGH POC PATCH This Week

Craft is a content management system (CMS). [CVSS 7.5 HIGH]

Authentication Bypass Craft Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-2025 HIGH POC This Week

Unauthenticated disclosure of WordPress user email addresses in Mail Mint plugin versions before 1.19.5 through an unprotected REST API endpoint allows remote attackers to enumerate users without authentication. Public exploit code exists for this vulnerability, and no patch is currently available. This affects all installations of the Mail Mint plugin below the patched version.

WordPress Information Disclosure
NVD WPScan GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27446 CRITICAL PATCH CISA GHSA Act Now

Unauthenticated remote attackers can exploit Apache ActiveMQ Artemis (2.11.0-2.44.0) and Apache Artemis (2.50.0-2.51.0) to force brokers into establishing malicious Core protocol federation connections. This missing authentication (CWE-306) enables both message injection into any queue and exfiltration from any queue via attacker-controlled rogue brokers. Exploitation requires environments allowing untrusted Core protocol connections (default port 61616) in both inbound and outbound directions. EPSS score of 0.20% suggests low current exploitation probability, and no CISA KEV listing exists, indicating this is not yet widely exploited despite the critical CVSS 9.3 score. Vendor patch available in version 2.52.0.

Apache Authentication Bypass Activemq Artemis Artemis
NVD VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-28695 HIGH POC PATCH This Week

Remote code execution in Craft CMS 5.8.21 allows authenticated administrators to execute arbitrary PHP code through Server-Side Template Injection in the create() Twig function combined with Symfony Process gadget chains. Public exploit code exists for this vulnerability, which bypasses the previous patch for CVE-2025-57811. Updates are available in Craft CMS 5.9.0-beta.1 and 4.17.0-beta.1.

PHP RCE Craft Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2019-25503 HIGH POC This Week

PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. [CVSS 7.1 HIGH]

PHP SQLi Phpads
NVD Exploit-DB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2019-25505 HIGH POC This Week

Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. [CVSS 7.1 HIGH]

SQLi Tradebox
NVD Exploit-DB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-2994 MEDIUM POC PATCH This Month

Concrete CMS versions below 9.4.8 contain a cross-site request forgery vulnerability in the Anti-Spam Allowlist Group Configuration that allows authenticated administrators to modify security settings without valid CSRF token validation. An attacker with administrative privileges can exploit this to bypass security controls by manipulating the group_id parameter before token verification occurs. Public exploit code exists for this vulnerability, and a patch is available.

CSRF Concrete Cms
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-70342 MEDIUM POC PATCH This Month

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe. [CVSS 6.6 MEDIUM]

Privilege Escalation Erase Install
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-28769 MEDIUM POC This Month

Authenticated users can exploit a path traversal vulnerability in the SFX2100 firmware's logging interface to enumerate arbitrary files on the system through directory traversal in the file parameter. Public exploit code exists for this medium-severity flaw, and no patch is currently available, leaving affected organizations reliant on access controls to mitigate risk. The vulnerability allows attackers with valid credentials to confirm file existence through backup operation responses, potentially exposing sensitive system information.

Path Traversal Sfx2100 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2026-28781 MEDIUM POC PATCH This Month

Craft CMS prior to versions 4.17.0-beta.1 and 5.9.0-beta.1 allows users with entry creation permissions to arbitrarily assign authorship of new entries to any user, including administrators, through mass assignment of the authorId parameter. Public exploit code exists for this vulnerability, enabling attackers to spoof entry authorship and manipulate content attribution. The vulnerability is fixed in the specified beta releases.

Authentication Bypass Craft Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2019-25502 MEDIUM POC This Month

Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. [CVSS 6.1 MEDIUM]

XSS Simplejobscript
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-28772 MEDIUM POC This Month

Reflected XSS in IDC SFX2100 Firmware's logging interface allows remote attackers to inject malicious scripts through the submitType parameter without authentication or user interaction. Public exploit code exists for this vulnerability, enabling attackers to execute arbitrary JavaScript in users' browsers and potentially steal sensitive data or perform unauthorized actions. No patch is currently available.

XSS Sfx2100 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-28771 MEDIUM POC This Month

The SFX2100 web management interface fails to sanitize the `cat` parameter in /index.cgi, enabling reflected XSS attacks that allow remote attackers to execute arbitrary JavaScript in a victim's browser without authentication. Public exploit code exists for this vulnerability, and currently no patch is available. An attacker could exploit this to steal session cookies, perform unauthorized actions, or redirect users to malicious content.

XSS Sfx2100 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-27801 MEDIUM POC PATCH This Month

Two-factor authentication bypass in Vaultwarden 1.34.3 and earlier allows authenticated attackers to circumvent 2FA protections on sensitive operations, enabling unauthorized access to API keys and destructive actions against vaults and organizations. Public exploit code exists for this vulnerability, which affects the unofficial Bitwarden-compatible server and currently lacks an available patch. Attackers with legitimate account credentials can escalate privileges to perform administrative actions typically restricted by 2FA controls.

Authentication Bypass Vaultwarden Red Hat
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-28778 CRITICAL Act Now

Hardcoded/insecure credentials in IDC SFX Series SuperFlex Satellite Receiver. Multiple accounts with known credentials enable complete device takeover.

Authentication Bypass RCE Sfx2100 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy