Cisco Secure Firewall Management Center (FMC) contains a critical unauthenticated Java deserialization vulnerability (CVE-2026-20131, CVSS 10.0) in its web interface that enables remote code execution as root. KEV-listed with public PoC, this vulnerability allows complete compromise of the central management platform that controls all Cisco firewalls in the organization, enabling attackers to modify security policies, disable protections, and access all network traffic.
Unauthenticated auth bypass in Cisco FMC web interface. CVSS 10.0.
Command injection in Mobvoi Tichome Mini smart speaker via crafted requests. EPSS 1.2%. PoC available.
Hardcoded/insecure credentials in IDC SFX Series SuperFlex Satellite Receiver. Multiple accounts with known credentials enable complete device takeover.
SQL injection in databaseir v.1.0.7 via query parameter. PoC available.
D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup. [CVSS 9.8 CRITICAL]
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWWConfig. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formDeviceReboot. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvFirewall. Part of a family of 15+ critical buffer overflows in this router.
Code execution via HwRwDrv.sys in Nil Hardware Editor. PoC available.
Missing BLE authentication in Pebble Prism Ultra smartwatch. PoC available.
JWT authentication bypass in pac4j-jwt before 4.5.9/5.7.9/6.3.3 when processing encrypted JWTs. PoC available.
RCE in Craft CMS before 4.17.0-beta.1/5.9.0-beta.1 via template injection for authenticated admins. PoC and patch available.
Unauthenticated remote attackers can exploit Apache ActiveMQ Artemis (2.11.0-2.44.0) and Apache Artemis (2.50.0-2.51.0) to force brokers into establishing malicious Core protocol federation connections. This missing authentication (CWE-306) enables both message injection into any queue and exfiltration from any queue via attacker-controlled rogue brokers. Exploitation requires environments allowing untrusted Core protocol connections (default port 61616) in both inbound and outbound directions. EPSS score of 0.20% suggests low current exploitation probability, and no CISA KEV listing exists, indicating this is not yet widely exploited despite the critical CVSS 9.3 score. Vendor patch available in version 2.52.0.
Hardcoded/insecure credentials in IDC SFX Series SuperFlex Satellite Receiver. Multiple accounts with known credentials enable complete device takeover.
Hardcoded/insecure credentials in IDC SFX Series SuperFlex Satellite Receiver. Multiple accounts with known credentials enable complete device takeover.
Hardcoded/insecure credentials in IDC SFX Series SuperFlex Satellite Receiver. Multiple accounts with known credentials enable complete device takeover.
Hardcoded/insecure credentials in IDC SFX Series SuperFlex Satellite Receiver. Multiple accounts with known credentials enable complete device takeover.
Command injection in SEPPmail Secure Email Gateway before 15.0.1 via PDF encryption password.
Insufficient session invalidation in 2N Access Commander 3.4.2. Multiple sessions remain valid after logout.
Injection in Open OnDemand HPC portal Files application before 4.0.9/4.1.3.
Sandbox escape via navigation validation in Chrome before 145.0.7632.159. Patch available.
Code injection bypass in Craft CMS before 5.9.0-beta.1/4.17.0-beta.1 via blocklist evasion. Patch available.