Skip to main content
CVE-2026-27944 CRITICAL POC PATCH Act Now

Unauthenticated backup download and RCE in Nginx UI before 2.3.3. EPSS 1.0%. PoC available.

Nginx TLS Nginx Ui Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2026-29128 CRITICAL POC Act Now

Plaintext daemon credentials in IDC SFX2100 routing config files (zebra, bgpd, ospfd, ripd). CVSS 10.0. PoC available.

IoT BGP Privilege Escalation Information Disclosure Credential Stuffing +2
NVD
CVSS 3.1
10.0
EPSS
0.0%
CVE-2025-70231 CRITICAL POC Act Now

Path traversal in D-Link DIR-513 verification code processing. PoC available.

D-Link Path Traversal Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70233 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70232 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70230 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70229 CRITICAL POC Act Now

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule. Part of a family of 15+ critical buffer overflows in this router.

D-Link Buffer Overflow Dir 513 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-28446 CRITICAL POC PATCH Act Now

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

Authentication Bypass AI / ML Openclaw
NVD GitHub
CVSS 3.1
9.4
EPSS
0.7%
CVE-2026-1678 CRITICAL POC Act Now

Buffer overflow in Zephyr RTOS dns_unpack_name() function causing OOB writes. PoC available.

DNS Zephyr
NVD GitHub
CVSS 3.1
9.4
EPSS
0.1%
CVE-2026-25921 CRITICAL POC PATCH Act Now

Supply chain attack via LFS object overwrite across repos in Gogs before 0.14.2. PoC and patch available.

Authentication Bypass Gogs Suse
NVD GitHub
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-29188 CRITICAL POC PATCH Act Now

Unauthorized file operations in File Browser before fix. PoC and patch available.

Authentication Bypass Filebrowser Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-26022 HIGH POC PATCH This Week

Stored XSS in Gogs prior to version 0.14.2 allows authenticated users to execute arbitrary JavaScript in comments and issue descriptions by exploiting the HTML sanitizer's allowance of data: URI schemes. This affects all users viewing malicious content within the same Gogs instance and could enable session hijacking or credential theft. Public exploit code exists for this vulnerability, though a patch is available in version 0.14.2 and later.

XSS Gogs Suse
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-28442 HIGH POC This Week

ZimaOS 1.5.2-beta3 fails to validate filesystem paths in its API delete endpoint, allowing authenticated users to bypass UI restrictions and remove critical system files and directories. Public exploit code exists for this vulnerability, and the lack of input validation on path parameters enables attackers with API access to potentially render the system unbootable or cause denial of service. No patch is currently available.

Authentication Bypass Zimaos
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-30798 HIGH POC This Week

Remote denial-of-service in RustDesk Client through 1.4.5 allows network-positioned attackers to disrupt the remote-access agent by manipulating heartbeat synchronization traffic, abusing weak authenticity checks in the hbbs_http/sync.rs heartbeat loop to trigger the stop-service handler. Publicly available exploit code exists, but EPSS is very low (0.02%, 5th percentile) and there is no public exploit identified at time of analysis being tracked as actively exploited (not in CISA KEV).

Rustdesk Microsoft Google Apple Information Disclosure
NVD VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-29121 HIGH POC This Week

The setuid bit on the /sbin/ip utility in IDC SFX2100 satellite receiver firmware allows local users to execute privileged operations as root, enabling unauthorized file reads and potential privilege escalation attacks. Public exploit code exists for this vulnerability, and affected users have no available patch. This vulnerability impacts any local user with access to the device.

Privilege Escalation Sfx2100 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-29126 HIGH POC This Week

Sfx2100 Firmware versions up to - is affected by incorrect permission assignment for critical resource (CVSS 7.8).

Privilege Escalation Sfx2100 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-70616 HIGH POC This Week

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. [CVSS 7.8 HIGH]

Linux Buffer Overflow Denial Of Service Privilege Escalation Wnbios64.Sys
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-29124 HIGH POC This Week

Sfx2100 Satellite Receiver firmware contains multiple SUID root binaries in predictable locations that allow local privilege escalation from the monitor user to root. Public exploit code exists for this vulnerability, enabling any local user with monitor privileges to gain complete system control. A patch is not currently available, leaving affected devices vulnerable to privilege escalation attacks.

Privilege Escalation Sfx2100 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-29123 HIGH POC This Week

Local privilege escalation in IDC SFX2100 firmware affects Linux systems through a SUID binary vulnerable to PATH hijacking, symlink abuse, and shared object hijacking. A local attacker can exploit this to gain root-level privileges, and public exploit code is available. No patch is currently available to address this HIGH severity vulnerability.

Linux Privilege Escalation Sfx2100 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-29127 HIGH POC This Week

Local privilege escalation in IDC SFX2100 Satellite Receiver firmware occurs due to overly permissive file system permissions (0777) on a privileged user's home directory, allowing any local user to read, write, and execute files within it. An attacker with local access can leverage highly privileged processes and binaries in this directory to escalate their privileges on the system. Public exploit code exists for this vulnerability, and no patch is currently available.

Privilege Escalation Sfx2100 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-28342 HIGH POC PATCH This Week

OliveTin versions prior to 3000.10.2 are vulnerable to unauthenticated denial of service through the PasswordHash API endpoint, which lacks request throttling or authentication controls and allows attackers to trigger excessive memory allocation via concurrent hashing requests. An attacker can exhaust container memory by sending multiple parallel requests, causing service degradation or complete outage. Public exploit code exists for this vulnerability, and a patch is available in version 3000.10.2 and later.

Denial Of Service Olivetin Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-28789 HIGH POC PATCH This Week

OliveTin versions prior to 3000.10.3 are vulnerable to unauthenticated denial-of-service attacks when OAuth2 authentication is enabled, allowing remote attackers to crash the application by sending concurrent requests to the login endpoint. The vulnerability stems from unsynchronized access to shared state during OAuth2 processing, triggering a Go runtime panic. Public exploit code exists for this high-severity flaw, which is patched in version 3000.10.3 and later.

Golang Denial Of Service Olivetin Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-28790 HIGH POC PATCH This Week

OliveTin versions prior to 3000.11.0 suffer from broken access control allowing unauthenticated users to invoke the KillAction RPC endpoint and terminate running shell command executions, bypassing authentication restrictions. Public exploit code exists for this vulnerability, enabling remote denial of service attacks against legitimate administrative actions. The vulnerability affects OliveTin deployments regardless of authentication settings and has been remediated in version 3000.11.0 and later.

Denial Of Service Olivetin Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-69411 HIGH POC This Week

Robert Seyfriedsberger ionCube tester plus ioncube-tester-plus is affected by path traversal (CVSS 7.5).

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-45691 HIGH POC PATCH GHSA This Week

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs. [CVSS 7.5 HIGH]

Path Traversal Ragas
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-28448 HIGH POC PATCH This Week

OpenClaw versions before 2026.2.1 fail to properly validate access controls in the Twitch plugin when role restrictions are not configured, allowing unauthenticated remote attackers to trigger agent dispatch through Twitch chat mentions. Public exploit code exists for this vulnerability, enabling attackers to invoke the agent pipeline and potentially cause unintended actions or resource exhaustion. Organizations running affected versions with the Twitch plugin enabled should apply the available patch immediately.

Denial Of Service Authentication Bypass AI / ML Openclaw
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-26194 HIGH POC PATCH This Week

Gogs prior to version 0.14.2 contains a command injection vulnerability in release deletion functionality where improper handling of user-controlled tag names allows git options to be injected into git commands. An authenticated attacker with UI interaction can exploit this to achieve integrity and availability impacts. Public exploit code exists for this vulnerability.

Code Injection Gogs Suse
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-28467 MEDIUM POC PATCH This Month

OpenClaw prior to version 2026.2.2 is vulnerable to server-side request forgery through its attachment and media URL processing, allowing unauthenticated remote attackers to make arbitrary HTTP requests to internal resources. Attackers can exploit model-controlled message features to trigger the SSRF and exfiltrate response data as outbound attachments. Public exploit code exists for this vulnerability.

SSRF AI / ML Openclaw
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-28492 MEDIUM POC PATCH This Month

File Browser versions prior to 2.61.0 incorrectly set the filesystem root to a parent directory when generating public share links, enabling any user with a share link to access and download files from sibling directories beyond the intended shared folder. This authenticated network-based vulnerability affects Golang and Filebrowser and has public exploit code available. The issue is resolved in version 2.61.0 and later.

Golang Filebrowser Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-70614 HIGH CISA Act Now

OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter. [CVSS 8.1 HIGH]

Authentication Bypass Ussd Gateway
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-28350 MEDIUM POC PATCH This Month

lxml_html_clean versions prior to 0.4.4 fail to sanitize <base> HTML tags, allowing attackers to inject malicious base tags and redirect relative links to attacker-controlled domains. Public exploit code exists for this vulnerability. The issue affects applications using the default Cleaner configuration and has been remediated in version 0.4.4.

XSS Lxml Html Clean Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-28348 MEDIUM POC PATCH This Month

lxml_html_clean versions before 0.4.4 fail to properly sanitize CSS Unicode escape sequences in the _has_sneaky_javascript() method, allowing attackers to bypass filters and inject malicious @import statements or XSS payloads. Public exploit code exists for this vulnerability, which affects applications using the library for HTML sanitization. A patch is available in version 0.4.4 and should be applied immediately to prevent CSS-based injection attacks.

XSS Lxml Html Clean Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-2743 CRITICAL Act Now

Remote code execution in SeppMail secure email gateway versions 15.0.2.1 and earlier allows unauthenticated attackers to write arbitrary files via path traversal in the Large File Transfer (LFT) feature of the User Web Interface, leading to full system compromise. The flaw carries a maximum CVSS 4.0 score of 10.0 reflecting network-reachable, no-privilege exploitation with scope-changing impact, and was disclosed by InfoGuard Labs alongside CVE-2026-7864, CVE-2026-44127, and CVE-2026-44128. No public exploit identified at time of analysis and EPSS sits at 0.52% (67th percentile), so widespread automated abuse has not yet materialized despite the critical severity.

RCE Path Traversal Seppmail
NVD VulDB
CVSS 4.0
10.0
EPSS
0.5%
CVE-2026-0848 CRITICAL PATCH Act Now

Remote code execution in NLTK (Natural Language Toolkit) versions ≤3.9.2 allows unauthenticated attackers to execute arbitrary Java bytecode through the StanfordSegmenter module's unvalidated loading of external JAR files. The vulnerability is exploitable via model poisoning, MITM attacks during JAR downloads, or dependency poisoning, with execution occurring automatically at import time. Despite a critical CVSS 10.0 score, EPSS probability of 0.48% (65th percentile) suggests low observed exploitation activity. No CISA KEV listing indicates no confirmed widespread active exploitation, though the vulnerability is publicly documented on huntr.com with technical details available.

Java RCE
NVD
CVSS 3.0
10.0
EPSS
0.5%
CVE-2026-28353 CRITICAL Act Now

Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities.

Information Disclosure
NVD GitHub
CVSS 4.0
10.0
EPSS
0.1%
CVE-2026-28466 CRITICAL PATCH Act Now

Gateway authorization bypass in OpenClaw before 2026.2.14. Unsanitized approval fields in node.invoke. Patch available.

Authentication Bypass RCE Openclaw
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-22390 CRITICAL Act Now

Builderall Builderall Builder for WordPress builderall-cheetah-for-wp is affected by code injection (CVSS 9.9).

WordPress Code Injection RCE
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-24960 CRITICAL Act Now

Unrestricted file upload in Charety (charety) WordPress theme allows uploading web shells for remote code execution.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.0%
CVE-2025-68555 CRITICAL Act Now

Unrestricted file upload in Nutrie (nutrie) WordPress theme allows uploading web shells for remote code execution.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.0%
CVE-2025-68554 CRITICAL Act Now

Unrestricted file upload in Keenarch (keenarch) WordPress theme allows uploading web shells for remote code execution.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.0%
CVE-2025-68553 CRITICAL Act Now

Unrestricted file upload in Lendiz (lendiz) WordPress theme allows uploading web shells for remote code execution.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-21536 CRITICAL PATCH Act Now

RCE in Microsoft Devices Pricing Program.

Microsoft RCE File Upload Devices Pricing Program
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-21628 CRITICAL Act Now

Unauthenticated RCE via file upload in industrial/enterprise application.

RCE File Upload Astroid Framework
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-28043 CRITICAL Act Now

The ThemeREX Healer WordPress theme through version 1.0.0 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files on the server through improper handling of file include statements. An attacker can exploit this to access sensitive configuration files, database credentials, and other protected data without authentication. No patch is currently available and exploitation requires no user interaction.

WordPress PHP LFI Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-2599 CRITICAL Act Now

PHP Object Injection in Database for CF7/WPforms/Elementor forms WordPress plugin.

WordPress PHP Deserialization Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-28391 CRITICAL PATCH Act Now

Windows cmd.exe metacharacter injection in OpenClaw before 2026.2.2. Bypass exec whitelist. Patch available.

Windows Openclaw
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-3381 CRITICAL PATCH Act Now

Insecure embedded zlib in Compress::Raw::Zlib through 2.219 for Perl.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-40926 CRITICAL PATCH Act Now

Insecure session ID generation in Plack::Middleware::Session::Simple before 0.05 for Perl. Patch available.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27389 CRITICAL Act Now

Auth bypass in WeDesignTech Ultimate Booking Addon for WordPress.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-28105 CRITICAL Act Now

Deserialization of untrusted data in Good Energy (goodenergy) WordPress theme allows PHP Object Injection, potentially enabling remote code execution through POP chains.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.1%
Page 1 of 10 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy