Skip to main content
CVE-2026-32248 CRITICAL POC PATCH Act Now

Unauthenticated query injection in Parse Server before 9.6.0-alpha.12/8.6.38. PoC available.

Information Disclosure Node.js PostgreSQL Parse Server
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-28792 CRITICAL POC PATCH Act Now

TinaCMS CLI dev server combines a permissive CORS policy (Access-Control-Allow-Origin: *) with path traversal to enable drive-by attacks. A remote attacker can enumerate, write, and delete files on a developer's machine simply by having them visit a malicious webpage. PoC available.

Path Traversal Tinacms Cli
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.3%
CVE-2026-3611 CRITICAL Act Now

Unauthenticated access to Honeywell IQ4x building controller HMI. CVSS 10.0.

Authentication Bypass Honeywell
NVD GitHub VulDB
CVSS 4.0
10.0
EPSS
0.1%
CVE-2026-21708 CRITICAL Act Now

Veeam Backup & Replication allows a user with the Backup Viewer role (read-only) to escalate to remote code execution as the postgres database user. A read-only role achieving RCE represents a severe privilege escalation with scope change.

PostgreSQL RCE SQLi
NVD VulDB
CVSS 3.1
9.9
EPSS
0.5%
CVE-2026-21667 CRITICAL Act Now

A second RCE vulnerability in Veeam Backup & Replication allows any authenticated domain user to execute code on the Backup Server with scope change. Same impact as CVE-2026-21666 but through a different attack vector.

RCE Authentication Bypass Veeam Backup Replication
NVD VulDB
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-21666 CRITICAL Act Now

Veeam Backup & Replication allows an authenticated domain user to achieve remote code execution on the Backup Server. With a scope change to CVSS 9.9, a compromised domain account can fully take over the backup infrastructure.

RCE Authentication Bypass Veeam Backup Replication
NVD VulDB
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-21669 CRITICAL Act Now

Yet another Veeam Backup & Replication RCE vulnerability allowing authenticated domain users to execute code on the Backup Server with scope change (CVSS 9.9). Part of a cluster of related Veeam vulnerabilities disclosed together.

RCE Code Injection Veeam Backup Replication
NVD VulDB
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-3059 CRITICAL PATCH GHSA Act Now

SGLang's multimodal generation module deserializes untrusted data with pickle.loads() over an unauthenticated ZMQ broker, enabling remote code execution. Any attacker who can reach the ZMQ port can execute arbitrary Python code on the ML inference server.

RCE Deserialization Sglang
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-3060 CRITICAL PATCH GHSA Act Now

SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated RCE through pickle deserialization in the disaggregation module's inter-process communication. Same class of vulnerability as CVE-2026-3059 in a different code path.

RCE Deserialization Sglang
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-59388 CRITICAL Act Now

QNAP Hyper Data Protector before 2.3.1.455 contains hard-coded credentials that allow remote unauthenticated attackers to gain unauthorized access to backup management functions, potentially compromising all backed-up data across the organization.

Authentication Bypass Hyper Data Protector
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-26793 CRITICAL Act Now

GL-iNet GL-AR300M16 v4.3.11 has a command injection in the set_config function, adding to the growing list of injection vulnerabilities in this device. This is the fourth distinct command injection CVE for this router model.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-26795 CRITICAL Act Now

GL-iNet GL-AR300M16 v4.3.11 contains another command injection vulnerability, this time via the module parameter in the M.get_system_log function. Part of a series of command injection flaws in this router model.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-26792 CRITICAL Act Now

GL-iNet GL-AR300M16 v4.3.11 has multiple command injection vulnerabilities in the set_upgrade function through seven different parameters. Each parameter provides an independent code execution vector on the router.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-26791 CRITICAL Act Now

GL-iNet GL-AR300M16 router (v4.3.11) is vulnerable to command injection through the string port parameter in the enable_echo_server function. Unauthenticated attackers can execute arbitrary commands on the router.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-70245 CRITICAL Act Now

D-Link DIR-513 router (v1.10) has a stack buffer overflow in the curTime parameter of formSetWizardSelectMode. This is an end-of-life router with no expected patch, meaning exploitation will remain possible indefinitely.

Buffer Overflow D-Link RCE Dir 513 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-28252 CRITICAL Act Now

Trane Tracer SC, SC+, and Concierge building automation controllers use broken cryptographic algorithms that allow attackers to bypass authentication and gain root access. These are critical building management systems controlling HVAC in commercial facilities.

Authentication Bypass Tracer Sc Firmware Tracer Concierge
NVD VulDB
CVSS 4.0
9.2
EPSS
0.1%
CVE-2026-21671 CRITICAL Act Now

Veeam Backup & Replication allows Backup Administrators to achieve RCE in high-availability deployments. While requiring admin-level access, the scope change to the HA infrastructure makes this critical for organizations running Veeam in HA mode.

RCE Code Injection Veeam Backup Replication
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy