Skip to main content
CVE-2026-20131 CRITICAL POC KEV THREAT Emergency

Cisco Secure Firewall Management Center (FMC) contains a critical unauthenticated Java deserialization vulnerability (CVE-2026-20131, CVSS 10.0) in its web interface that enables remote code execution as root. KEV-listed with public PoC, this vulnerability allows complete compromise of the central management platform that controls all Cisco firewalls in the organization, enabling attackers to modify security policies, disable protections, and access all network traffic.

Cisco Java Deserialization RCE
NVD VulDB GitHub
CVSS 3.1
10.0
EPSS
0.6%
Threat
6.0
CVE-2026-20079 CRITICAL POC Emergency

Unauthenticated auth bypass in Cisco FMC web interface. CVSS 10.0.

Cisco Authentication Bypass
NVD GitHub
CVSS 3.1
10.0
EPSS
0.2%
Threat
4.2
CVE-2026-26478 CRITICAL POC Act Now

Command injection in Mobvoi Tichome Mini smart speaker via crafted requests. EPSS 1.2%. PoC available.

Command Injection Tichome Mini Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2026-28775 CRITICAL POC Act Now

Hardcoded/insecure credentials in IDC SFX Series SuperFlex Satellite Receiver. Multiple accounts with known credentials enable complete device takeover.

SNMP RCE Sfx2100 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-66944 CRITICAL POC Act Now

SQL injection in databaseir v.1.0.7 via query parameter. PoC available.

SQLi Databasir
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-46108 CRITICAL POC Act Now

D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup. [CVSS 9.8 CRITICAL]

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70222 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70225 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWWConfig. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70221 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70219 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formDeviceReboot. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70226 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70223 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70220 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70218 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvFirewall. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-66678 CRITICAL POC Act Now

Code execution via HwRwDrv.sys in Nil Hardware Editor. PoC available.

RCE SQLi Hardware Read Write Utility
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-69969 CRITICAL POC Act Now

Missing BLE authentication in Pebble Prism Ultra smartwatch. PoC available.

RCE Information Disclosure Pebble Prism Ultra Firmware
NVD GitHub
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-29000 CRITICAL POC PATCH Act Now

JWT authentication bypass in pac4j-jwt before 4.5.9/5.7.9/6.3.3 when processing encrypted JWTs. PoC available.

Authentication Bypass Jwt Attack
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-28697 CRITICAL POC PATCH Act Now

RCE in Craft CMS before 4.17.0-beta.1/5.9.0-beta.1 via template injection for authenticated admins. PoC and patch available.

PHP RCE Craft Cms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2026-27446 CRITICAL PATCH CISA GHSA Act Now

Unauthenticated remote attackers can exploit Apache ActiveMQ Artemis (2.11.0-2.44.0) and Apache Artemis (2.50.0-2.51.0) to force brokers into establishing malicious Core protocol federation connections. This missing authentication (CWE-306) enables both message injection into any queue and exfiltration from any queue via attacker-controlled rogue brokers. Exploitation requires environments allowing untrusted Core protocol connections (default port 61616) in both inbound and outbound directions. EPSS score of 0.20% suggests low current exploitation probability, and no CISA KEV listing exists, indicating this is not yet widely exploited despite the critical CVSS 9.3 score. Vendor patch available in version 2.52.0.

Apache Authentication Bypass Activemq Artemis Artemis
NVD VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-28778 CRITICAL Act Now

Hardcoded/insecure credentials in IDC SFX Series SuperFlex Satellite Receiver. Multiple accounts with known credentials enable complete device takeover.

Authentication Bypass RCE Sfx2100 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-29119 CRITICAL Act Now

Hardcoded/insecure credentials in IDC SFX Series SuperFlex Satellite Receiver. Multiple accounts with known credentials enable complete device takeover.

Authentication Bypass Sfx2100 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-28777 CRITICAL Act Now

Hardcoded/insecure credentials in IDC SFX Series SuperFlex Satellite Receiver. Multiple accounts with known credentials enable complete device takeover.

Authentication Bypass Sfx2100 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-28776 CRITICAL Act Now

Hardcoded/insecure credentials in IDC SFX Series SuperFlex Satellite Receiver. Multiple accounts with known credentials enable complete device takeover.

Authentication Bypass Sfx2100 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27441 CRITICAL Act Now

Command injection in SEPPmail Secure Email Gateway before 15.0.1 via PDF encryption password.

Command Injection Seppmail
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-59786 CRITICAL Act Now

Insufficient session invalidation in 2N Access Commander 3.4.2. Multiple sessions remain valid after logout.

Information Disclosure Access Commander
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-26002 CRITICAL Act Now

Injection in Open OnDemand HPC portal Files application before 4.0.9/4.1.3.

Information Disclosure Open Ondemand
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-3545 CRITICAL PATCH Act Now

Sandbox escape via navigation validation in Chrome before 145.0.7632.159. Patch available.

Google Chrome Red Hat Suse
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-28783 CRITICAL PATCH Act Now

Code injection bypass in Craft CMS before 5.9.0-beta.1/4.17.0-beta.1 via blocklist evasion. Patch available.

PHP SSRF Craft Cms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy