OneUptime prior to 10.0.21 has a fourth vulnerability in Synthetic monitoring exposing dangerous functionality.
OneUptime monitoring platform prior to 10.0.18 allows code injection (CVSS 9.9) enabling RCE through the monitoring configuration.
OneUptime prior to 10.0.21 has a third authorization bypass enabling low-privileged users to access admin functions.
OneUptime prior to 10.0.20 exposes dangerous functionality in Synthetic monitoring that enables code execution.
simple-git Node.js library has a command injection vulnerability (EPSS with patch) enabling RCE when processing untrusted git operations.
GetSimple CMS massiveAdmin plugin has a CSRF vulnerability enabling attackers to perform admin actions through crafted malicious pages.
SQL Server 2016-2025 contains an improper access control flaw that allows authenticated network attackers to escalate privileges without user interaction. Public exploit code exists for this vulnerability, which carries a CVSS score of 8.8 and affects confidentiality, integrity, and availability. No patch is currently available.
SQL injection in Craft Commerce's purchasables endpoint allows authenticated attackers to manipulate the sort parameter and execute arbitrary SQL queries via the unvalidated ORDER BY clause. Versions prior to 4.10.2 and 5.5.3 are vulnerable, with public exploit code available. An attacker with valid credentials can extract sensitive database information or modify data without additional user interaction.
Craft Commerce versions prior to 5.5.3 contain an SQL injection vulnerability in the inventory levels endpoint where sort parameters are improperly sanitized, allowing authenticated users with Commerce Inventory access to execute arbitrary database queries. Public exploit code exists for this vulnerability, which could enable complete database compromise. Update to version 5.5.3 or later to resolve this high-severity issue.
OneUptime versions prior to 10.0.19 allow unauthenticated attackers to hijack GitHub App integrations across projects by exploiting insufficient validation in the OAuth callback handler, enabling them to redirect repository access and create code records in arbitrary projects. Public exploit code exists for this vulnerability, and GitHub and OneUptime users remain at risk until patches are applied, as no fixes are currently available for the affected GitHub integration.
Arbitrary file write in OliveTin prior to 3000.11.2 allows authenticated attackers to write files to arbitrary filesystem locations via path traversal in the UniqueTrackingId parameter when the saveLogs feature is enabled. The vulnerability enables denial of service and potential system compromise through log file manipulation. Public exploit code exists and no patch is currently available.
Pocket ID versions prior to 2.4.0 fail to properly validate authorization codes at the OIDC token endpoint, enabling attackers with valid credentials to exchange codes across different clients or reuse expired codes. This authentication bypass affects any service relying on Pocket ID for passkey-based authentication and allows token acquisition without proper authorization. Public exploit code exists for this vulnerability, and no patch is currently available.
Unauthenticated attackers can abuse the MCP Atlassian server to perform arbitrary outbound HTTP requests by manipulating HTTP headers, enabling credential theft from cloud instance metadata endpoints or internal network reconnaissance without requiring authentication. The vulnerability exists in the HTTP middleware layer prior to version 0.17.0, affecting Atlassian Confluence and Jira deployments. No patch is currently available.
PX4 Autopilot versions 1.12.x through 1.15.x can be forced into an unsafe re-arm state when pilots switch to Manual mode and re-arm within 5 seconds of landing, bypassing critical pre-flight safety checks and throttle validation. This allows attackers or malicious pilots to trigger immediate high-thrust takeoff, resulting in loss of aircraft control. Public exploit code exists for this vulnerability and no patch is currently available.
PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. [CVSS 8.1 HIGH]
Remote code execution in Windows Routing and Remote Access Service (RRAS) across Windows Server 2012, 2022, and 2022 23h2 stems from an integer overflow vulnerability that authenticated network attackers can exploit with user interaction. Public exploit code exists for this vulnerability, enabling attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. No patch is currently available.
Remote code execution in Windows RRAS affects Windows 10 1607 and Windows Server 2022 23h2 through an integer overflow vulnerability exploitable by authenticated network attackers. Public exploit code exists for this vulnerability, enabling authenticated users to execute arbitrary code with high integrity and confidentiality impact. No patch is currently available, making this a critical exposure for affected Windows environments.
Remote code execution in Windows RRAS across Server 2016, 2022, and 2025 via an integer overflow vulnerability allows authenticated attackers to execute arbitrary code over the network with high privileges. Public exploit code exists for this vulnerability, and no patch is currently available. Authenticated users with network access can trigger the vulnerability through a simple interaction to gain complete system compromise.
Siemens devices have a stored XSS in trace file handling (CVSS 9.6) enabling code execution when administrators view diagnostic data.
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard2. [CVSS 7.5 HIGH]
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard1. [CVSS 7.5 HIGH]
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formVirtualServ. [CVSS 7.5 HIGH]
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the nextPage parameter to goform/formLanguageChange. [CVSS 7.5 HIGH]
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. [CVSS 7.5 HIGH]
Glances is an open-source system cross-platform monitoring tool. versions up to 4.5.1 is affected by information exposure.
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanSetup. [CVSS 7.5 HIGH]
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanGuestSetup. [CVSS 7.5 HIGH]
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formSetWanPPTP. [CVSS 7.5 HIGH]
OpenAPI documentation and client-server communication. versions up to 1.4.26 is affected by inefficient regular expression complexity (redos) (CVSS 7.5).
Envoy's RBAC filter improperly concatenates duplicate HTTP headers into comma-separated strings instead of validating each value individually, allowing attackers to bypass "Deny" access control policies through header manipulation. This vulnerability affects Envoy versions prior to 1.34.13, 1.35.8, 1.36.5, and 1.37.1, and public exploit code exists. Patches are available for all affected versions.
Unauthenticated path traversal in OneUptime versions before 10.0.21 allows remote attackers to read arbitrary files from the server via the /workflow/docs/:componentName endpoint, which fails to sanitize user input before passing it to file operations. Public exploit code exists for this vulnerability, affecting all users of vulnerable versions without authentication requirements. Upgrade to version 10.0.21 or later to remediate.
Flowise versions prior to 3.0.13 allow unauthenticated users to trigger Server-Side Request Forgery (SSRF) attacks through improperly validated URLs in the HTTP Node component, enabling attackers to probe internal networks and cloud metadata endpoints from the Flowise server. Public exploit code exists for this vulnerability, and no patch is currently available for affected deployments. Any organization running a publicly exposed Flowise instance is at immediate risk of internal network reconnaissance and potential credential theft from cloud environments.
Pocket ID versions 2.0.0 through 2.3.x suffer from improper callback URL validation that allows attackers to bypass redirect URI restrictions using URL userinfo characters (@), enabling authorization code interception. An attacker can craft a malicious authorization link to redirect authentication codes to an attacker-controlled server if a user is tricked into clicking it. Public exploit code exists for this vulnerability, and no patch is currently available.
CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization.
SiYuan's SVG sanitizer fails to properly filter malicious href attributes when whitespace characters are inserted into javascript: URLs, allowing reflected cross-site scripting on the unauthenticated /api/icon/getDynamicIcon endpoint. Public exploit code exists for this vulnerability, which bypasses the previous fix for CVE-2026-29183. Attackers can inject executable JavaScript to target unauthenticated users of SiYuan versions prior to 3.5.10.
Reflected XSS in SiYuan's /api/icon/getDynamicIcon endpoint allows unauthenticated attackers to inject malicious JavaScript through SVG animation elements that bypass the sanitizer's static filters. The vulnerability exists because the SVG sanitizer blocks script tags and event handlers but fails to restrict <animate> and <set> elements, which can dynamically modify attributes at runtime to execute code. Public exploit code exists and patches are not yet available for affected versions prior to 3.5.10.
Parse Server has a CVSS 10.0 access control vulnerability enabling complete bypass of all data access restrictions.
Android DeviceId component has a CVSS 10.0 out-of-bounds write in persistence handling enabling device compromise.
Envoy proxy versions before 1.37.1, 1.36.5, 1.35.8, and 1.34.13 contain a use-after-free vulnerability in the HTTP connection manager that allows attackers to trigger denial of service by sending data frames on streams after they have been reset. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables filter callbacks to execute on logically cleaned-up streams, potentially causing service disruption or state corruption.
Envoy proxy versions prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13 crash when processing scoped IPv6 addresses through the Utility::getAddressWithPort function, which is invoked by the original_src and dns filters in the data plane. This denial of service vulnerability can be triggered remotely without authentication, and public exploit code exists. No patch is currently available for affected deployments.
Modem has a fifth OOB write enabling remote privilege escalation.
Samsung/Google MFC driver has an OOB write in mfc_core_isr.c enabling kernel-level privilege escalation on Android devices.
Modem has a fourth OOB write due to incorrect bounds check.
Modem has a third OOB write in cell broadcast utilities.
Modem OOB write in cell broadcast utilities enabling privilege escalation.
Samsung/Qualcomm modem has an out-of-bounds write in NR SM message handling enabling privilege escalation through crafted cellular signaling.
LimeSurvey before v6.15.0 has an insecure deserialization enabling remote code execution through crafted survey data.
A Siemens product has a command injection vulnerability enabling remote code execution.
Tutor LMS Pro WordPress plugin has an authentication bypass enabling unauthenticated users to access premium learning content and admin functions.
Coral Server open collaboration platform has a missing authorization enabling unauthenticated access to all collaboration data.