Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.
RCE in NetGain EM Plus 10.1.68. PoC available.
Arbitrary file upload in FileThingie 2.5.7 via ZIP archives. PoC available.
Command execution in SAPIDO RB-1732 V2.0.43 router. PoC available.
OGNL injection in Epross AVCON6 management platform. PoC available.
Authorization bypass in Argo Workflows (2.9.0 through 4.0.1 and 3.7.x before 3.7.11) lets any user permitted to submit Workflows override admin-defined WorkflowTemplate security controls by attaching a podSpecPatch to their submission. Because podSpecPatch is merged with Workflow-spec precedence and applied to the pod with no security validation, even controllers locked down with templateReferencing: Strict can be circumvented to run arbitrary pod settings such as privileged: true. Publicly available exploit code exists, but EPSS is low (0.04%) and it is not in CISA KEV.
Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_id parameter. [CVSS 8.2 HIGH]
Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. [CVSS 7.5 HIGH]
ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. [CVSS 7.5 HIGH]
GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. [CVSS 7.5 HIGH]
eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. [CVSS 7.5 HIGH]
Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. [CVSS 8.4 HIGH]
Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $( ). [CVSS 8.4 HIGH]
Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. [CVSS 8.4 HIGH]
Unauthenticated attackers can extract sensitive database information from WordPress sites running the Ally plugin (versions up to 4.0.3) through SQL injection in the URL parameter handling of the Remediation module. The vulnerability exists because user input is insufficiently sanitized before being concatenated into SQL queries, allowing time-based blind SQL injection attacks despite URL escaping being applied. No patch is currently available.
Curl's SMB implementation contains a use-after-free vulnerability that causes denial of service when processing consecutive requests to the same host, as the library incorrectly dereferences freed memory on subsequent connections. Public exploit code exists for this vulnerability affecting Curl installations. An attacker can crash Curl-based applications or services by triggering multiple SMB requests, though remote code execution is not possible due to the nature of the memory corruption.
Information disclosure in Argo Workflows before 4.0.2 and 3.7.11 lets any unauthenticated client read WorkflowTemplates and ClusterWorkflowTemplates by sending a bogus 'Authorization: Bearer nothing' token, leaking embedded Secret manifests and other sensitive template content. The CVSS 3.1 base score is 7.5 (confidentiality-only, network, no privileges) and publicly available exploit code exists, though EPSS is very low (0.04%) and it is not in CISA KEV, indicating no confirmed widespread exploitation yet.
IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. [CVSS 7.5 HIGH]
R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. [CVSS 6.2 MEDIUM]
WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. [CVSS 6.2 MEDIUM]
RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. [CVSS 6.2 MEDIUM]
Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. [CVSS 6.2 MEDIUM]
SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition. [CVSS 6.2 MEDIUM]
Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. [CVSS 6.2 MEDIUM]
SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. [CVSS 6.2 MEDIUM]
Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. [CVSS 6.2 MEDIUM]
InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. [CVSS 5.5 MEDIUM]
curl's HTTP proxy connection reuse mechanism fails to validate credential changes, allowing an attacker to intercept or manipulate traffic by leveraging an existing proxy connection established with different authentication. This affects users whose applications reuse proxy connections across requests with varying credentials, enabling credential confusion attacks. Public exploit code exists for this vulnerability, though a patch is available.
Path traversal in Vociferous speech-to-text tool before 4.4.2. CVSS 10.0.
Default password in Himmelblau Azure Entra ID suite 3.0.0-3.0.x. CVSS 10.0.
Arbitrary code execution in Jellyfin iOS GitHub Actions workflow. CVSS 10.0.
Insecure access control in Asseco SEE Live 2.0. Remote access to attachments.
Access control bypass in Winter CMS before 1.0.477/1.1.12/1.2.12. CVSS 9.9.
OS command injection in Cloud CLI (Claude Code UI) before 1.25.0. EPSS 0.39%.
LFI to RCE in IFTOP by WellChoose.
Unauthenticated REST endpoint in Datalogics Ecommerce Delivery WordPress plugin before 2.6.60.
Auth bypass in AdGuard Home before 0.107.73.
Missing auth in Taskosaur project management 1.0.0.
Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.
RCE in OpenClaw Agent Platform v2026.2.6 via prompt injection.
Auth bypass in HPE Aruba AOS-CX switch web management.
SQL injection in Parse Server before 9.6.0-alpha.2/8.6.28.
Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.
SQL injection in Frappe framework before 15.84.0/14.99.0.
SQL injection in WeGIA before 3.6.6.
SQL injection in Parse Server before 9.6.0-alpha.5/8.6.31. Third Parse Server SQLi.
SQL injection in Parse Server before 9.6.0-alpha.5/8.6.31.
Hardcoded password in ThermaKube Kubernetes monitoring.
Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.