Skip to main content
CVE-2026-32760 CRITICAL POC PATCH Act Now

Unauthenticated attackers can register administrator accounts in Docker when self-registration is enabled and default user permissions include admin privileges, as the signup handler fails to strip admin permissions from self-registered accounts. Public exploit code exists for this vulnerability. No patch is currently available.

Privilege Escalation Docker Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2017-20223 CRITICAL POC Act Now

An insecure direct object reference vulnerability in Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 allows remote attackers to bypass authentication and directly access sensitive resources by manipulating input parameters. With a publicly available proof-of-concept exploit and a critical CVSS score of 9.8, attackers can gain unauthorized access to sensitive information and system functionalities without any authentication or user interaction required.

Authentication Bypass Sdt Cs3b1
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-4252 HIGH POC This Week

A critical authentication bypass vulnerability exists in Tenda AC8 router firmware version 16.03.50.11 where the IPv6 handler function check_is_ipv6 relies on IP address for authentication, allowing remote attackers to gain unauthorized access. The vulnerability has a publicly available proof-of-concept exploit on GitHub and scores 9.8 CVSS, enabling complete compromise of the affected device with no authentication required. While not currently listed in CISA KEV, the combination of public exploit availability and ease of exploitation makes this a high-priority vulnerability for organizations using affected Tenda routers.

Tenda Information Disclosure
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.1%
CVE-2026-4213 HIGH POC This Week

Stack-based buffer overflow in D-Link DNS storage appliances (DNS-120, DNS-340L, DNS-1200-05 and others) through the /cgi-bin/gui_mgr.cgi endpoint allows remote authenticated attackers to achieve code execution. Public exploit code exists for this vulnerability, and no patch is currently available. Affected firmware versions are dated up to February 5, 2026.

Stack Overflow Buffer Overflow D-Link Dns 120 Dns 340l +18
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-4214 HIGH POC This Week

Stack-based buffer overflow in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-326, DNS-1100-4, and others) through the UPnP_AV_Server_Path_Setting function in /cgi-bin/app_mgr.cgi allows authenticated remote attackers to achieve complete system compromise with high integrity, confidentiality, and availability impact. Public exploit code exists for this vulnerability, and no patch is currently available.

Buffer Overflow D-Link Stack Overflow Dns 320lw Dns 323 +18
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4212 HIGH POC This Week

Stack-based buffer overflow in D-Link DNS NAS devices (DNS-120 through DNS-1550-04) allows authenticated attackers to achieve remote code execution via the Downloads_Schedule_Info function in /cgi-bin/download_mgr.cgi. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be executed over the network with high impact on confidentiality, integrity, and availability.

D-Link Buffer Overflow Stack Overflow Dns 1550 04 Dns 343 +18
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4211 HIGH POC This Week

Stack-based buffer overflow in D-Link DNS and DNR network storage devices allows authenticated remote attackers to execute arbitrary code by manipulating the f_idx parameter in the local_backup_mgr.cgi endpoint. Public exploit code exists for this vulnerability, which affects multiple device models up to firmware version 20260205 with no patch currently available. An attacker with valid credentials can trigger memory corruption to achieve complete system compromise including code execution, data theft, and service disruption.

D-Link Buffer Overflow Stack Overflow Dns 315l Dns 120 +18
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4227 HIGH POC This Week

Remote code execution in LB-LINK BL-WR9000 2.4.9 via buffer overflow in the /goform/get_hidessid_cfg endpoint allows authenticated attackers to achieve complete system compromise over the network. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. An attacker with login credentials can trigger the overflow in the sub_44D844 function to execute arbitrary code with full system privileges.

Buffer Overflow Bl Wr9000
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4226 HIGH POC This Week

Stack Overflow's infrastructure contains a stack-based buffer overflow in a virtual configuration function that can be exploited remotely by authenticated attackers to achieve complete system compromise. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. An attacker with valid credentials can manipulate input to the vulnerable endpoint and execute arbitrary code with full system privileges.

Buffer Overflow Stack Overflow Bl Wr9000
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2017-20222 HIGH POC This Week

An unauthenticated remote reboot vulnerability exists in the Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0, allowing attackers to trigger device restarts without any authentication by sending specially crafted POST requests to the lte.cgi endpoint. This vulnerability has a publicly available proof-of-concept exploit and enables denial of service attacks against affected routers. The vulnerability has been assigned a high CVSS score of 7.5 due to the complete availability impact and lack of authentication requirements.

Denial Of Service Authentication Bypass Sdt Cs3b1
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-32596 HIGH POC PATCH GHSA This Week

Glances web server exposes its REST API without authentication by default when started with the -w flag, allowing unauthenticated remote attackers to access sensitive system information including process details that may contain credentials such as passwords and API keys. The vulnerability affects Python and Docker deployments where Glances is exposed to untrusted networks due to the server binding to 0.0.0.0 with authentication disabled by default. A patch is available to address this configuration vulnerability.

Python Docker Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-28490 MEDIUM POC PATCH This Month

Authlib's implementation of the JWE RSA1_5 key management algorithm contains a padding oracle vulnerability that leaks decryption failures through timing and exception patterns, allowing attackers to decrypt sensitive data without the private key. The library disabled the constant-time protections provided by the underlying cryptography library and raises exceptions before tag validation completes, creating a reliable side-channel. Public exploit code exists for this vulnerability affecting Authlib users in Python and related Oracle products.

Oracle Python RCE Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-32737 CRITICAL PATCH Act Now

CVE-2026-32737 is a security vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affected systems. Vendor patch is available.

Authentication Bypass Suse
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-28430 CRITICAL PATCH Act Now

Unauthenticated SQL injection in Chamilo LMS versions prior to 1.11.34 enables remote attackers to execute arbitrary database queries through the custom_dates parameter and escalate to full administrative account takeover by exploiting a predictable password reset mechanism. This critical vulnerability exposes the entire database including personally identifiable information and system configurations without requiring any credentials or user interaction. No patch is currently available for affected installations.

SQLi Chamilo Lms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-69902 CRITICAL Act Now

A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.

Command Injection RCE Code Injection
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-32767 CRITICAL PATCH Act Now

An authorization bypass vulnerability in SiYuan Note v3.6.0 and earlier allows any authenticated user, including those with read-only 'Reader' role privileges, to execute arbitrary SQL commands through the /api/search/fullTextSearchBlock endpoint when the method parameter is set to 2. This enables attackers to read, modify, or delete all data in the application's SQLite database, completely bypassing the application's role-based access controls. A detailed proof-of-concept demonstrates how Reader-role users can execute destructive SQL operations including dropping tables.

SQLi Docker Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-4254 CRITICAL Act Now

Remote code execution in Tenda AC8 firmware versions up to 16.03.50.11 results from a stack-based buffer overflow in the HTTP endpoint handling password change requests. An unauthenticated attacker can exploit this vulnerability over the network to execute arbitrary commands with full system privileges. Public exploit code exists for this vulnerability and no patch is currently available.

Buffer Overflow Tenda
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-69809 CRITICAL Act Now

A critical write-what-where memory corruption vulnerability exists in p2r3 Bareiron (commit 8e4d40) that allows unauthenticated remote attackers to write arbitrary values to memory locations, enabling arbitrary code execution through specially crafted network packets. The vulnerability carries a CVSS score of 9.8 and is remotely exploitable without authentication, though it is not currently listed in CISA KEV and has no EPSS score data available. A proof-of-concept appears to exist based on the GitHub reference to a dedicated CVE repository.

RCE
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-62319 CRITICAL Act Now

A Boolean-based SQL injection vulnerability exists in HCL Unica that allows remote attackers to manipulate backend database queries through specially crafted input fields. The vulnerability affects HCL Unica version 25.1.1 and below, enabling unauthenticated attackers to extract sensitive data, modify database contents, or potentially compromise the entire system. With a critical CVSS score of 9.8 and network-based attack vector requiring no authentication, this represents a severe risk to organizations using affected Unica installations.

SQLi Unica
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-32267 CRITICAL PATCH Act Now

A security vulnerability in Craft CMS (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

Authentication Bypass Cms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-4231 MEDIUM POC This Month

Server-side request forgery in Vanna AI versions up to 2.0.2 allows unauthenticated remote attackers to manipulate the update_sql and run_sql endpoints in the Flask component. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Python SSRF
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4221 MEDIUM POC This Month

An unrestricted file upload vulnerability exists in the Tiandy Easy7 Integrated Management Platform version 7.17.0, specifically in the /rest/file/uploadLedImage endpoint. This vulnerability allows remote attackers without authentication to upload arbitrary files, potentially leading to remote code execution. A proof-of-concept exploit has been publicly released and the vendor has not responded to disclosure attempts, leaving this vulnerability unpatched and actively exploitable.

File Upload Easy7 Integrated Management Platform
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4220 MEDIUM POC This Month

An unrestricted file upload vulnerability exists in Technologies Integrated Management Platform version 7.17.0 that allows remote attackers to upload malicious files without authentication through the /SetWebpagePic.jsp endpoint by manipulating the targetPath/Suffix parameters. A public proof-of-concept exploit is available, though the vulnerability is not currently in CISA's Known Exploited Vulnerabilities catalog, making this a confirmed exploitable vulnerability with demonstrated attack code that could lead to unauthorized file uploads and potential remote code execution.

File Upload Integrated Management Platform
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4201 MEDIUM POC This Month

An unrestricted file upload vulnerability exists in the glowxq-oj online judge system that allows remote attackers without authentication to upload malicious files through the SysFileController Upload function. A proof-of-concept exploit is publicly available, and while not currently in CISA's KEV catalog, the vulnerability poses moderate risk with a CVSS score of 7.3 and publicly disclosed exploitation code.

Java File Upload
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4200 MEDIUM POC This Month

Server-side request forgery in Glowxq OJ's test case upload functionality (ProblemCaseController.java) allows unauthenticated remote attackers to make arbitrary network requests from the affected server. Public exploit code is available and the vulnerability remains unpatched, with the vendor unresponsive to disclosure attempts.

Java SSRF
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4236 MEDIUM POC This Month

SQL injection in itsourcecode Online Enrollment System 1.0 allows unauthenticated remote attackers to manipulate parameters in the enrollment module via the txtsearch, deptname, or name arguments. Public exploit code exists for this vulnerability, which enables attackers to read, modify, or delete database contents. No patch is currently available.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4237 MEDIUM POC This Month

SQL injection in Free Hotel Reservation System 1.0 allows unauthenticated remote attackers to manipulate the Home parameter in /hotel/admin/mod_reports/index.php and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems running the vulnerable PHP application are at immediate risk of data theft and database compromise.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4235 MEDIUM POC This Month

SQL injection in itsourcecode Online Enrollment System 1.0 allows unauthenticated remote attackers to manipulate the user_email parameter in /sms/login.php and execute arbitrary database queries. Public exploit code exists for this vulnerability, enabling attackers to read, modify, or delete sensitive enrollment data without authentication. No patch is currently available.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4223 MEDIUM POC This Month

SQL injection in itsourcecode Payroll Management System 1.0 via the ID parameter in /manage_employee.php allows unauthenticated remote attackers to execute arbitrary SQL queries and access or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available. Organizations running this system should implement network-level protections and consider upgrading to a patched version once released.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4232 MEDIUM POC This Month

SQL injection in Tiandy Integrated Management Platform 7.17.0 via the /rest/user/getAuthorityByUserId endpoint allows unauthenticated remote attackers to manipulate the userId parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. Successful exploitation could enable unauthorized data access, modification, or system disruption.

SQLi Integrated Management Platform
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4229 MEDIUM POC This Month

SQL injection in Vanna AI's BigQuery integration (versions up to 2.0.2) allows unauthenticated remote attackers to manipulate the remove_training_data function through unsanitized ID parameters. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. Successful exploitation enables attackers to read, modify, or delete database contents with limited impact on confidentiality, integrity, and availability.

Google SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2017-20224 CRITICAL Act Now

An unauthenticated arbitrary file upload vulnerability in Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 allows remote attackers to upload malicious files and execute code through improperly enabled WebDAV HTTP methods. Attackers can achieve remote code execution or denial of service without any authentication, making this a critical risk for exposed devices. Multiple proof-of-concept exploits are publicly available through security research publications.

RCE Denial Of Service File Upload Sdt Cs3b1
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2026-32583 MEDIUM POC This Month

Modern Events Calendar versions up to 7.29.0 contain an access control vulnerability that allows unauthenticated remote attackers to modify data through improperly configured authorization checks. This vulnerability enables attackers to perform unauthorized actions without authentication, affecting all installations of the affected versions. No patch is currently available, requiring organizations to implement alternative mitigation strategies.

Authentication Bypass Modern Events Calendar
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2017-20221 MEDIUM POC This Month

A cross-site request forgery (CSRF) vulnerability exists in Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 that allows authenticated attackers to execute arbitrary system commands without additional validation. An attacker can craft a malicious webpage that, when visited by a logged-in router administrator, triggers unauthorized administrative actions with full router privileges. While the CVSS score of 4.3 is moderate and no active exploitation has been widely reported, the ability to achieve command execution on network infrastructure devices represents a meaningful risk to affected deployments.

CSRF Sdt Cs3b1
NVD Exploit-DB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-69808 CRITICAL Act Now

An out-of-bounds memory access (OOB) in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to access sensitive information and cause a Denial of Service (DoS) via supplying a crafted packet.

Denial Of Service Information Disclosure Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-23489 CRITICAL PATCH Act Now

A critical remote code execution vulnerability exists in the Fields plugin for GLPI that allows authenticated users with dropdown creation privileges to execute arbitrary PHP code on the server. The vulnerability affects Fields plugin versions prior to 1.23.3 and has a CVSS score of 9.1, indicating severe impact with the ability to compromise the entire system. While no active exploitation has been reported in KEV and no public proof-of-concept is mentioned, the straightforward attack vector and high privileges requirement suggest targeted insider threat or compromised account scenarios.

PHP RCE Fields
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-32633 CRITICAL PATCH Act Now

The Glances system monitoring tool exposes reusable authentication credentials for downstream servers through an unauthenticated API endpoint when running in Central Browser mode without password protection. This vulnerability allows any network attacker to retrieve pbkdf2-hashed passwords that can be replayed to access protected Glances servers across an entire monitored fleet. A proof-of-concept is included in the advisory demonstrating credential extraction from the /api/4/serverslist endpoint.

Python Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-25534 CRITICAL PATCH Act Now

Java URL parsing in Spinnaker's clouddriver and Orca components fails to properly validate URLs containing underscores, allowing authenticated attackers to bypass URL sanitation controls and potentially execute arbitrary code or access unauthorized resources. This vulnerability affects both the clouddriver artifact handling and Orca fromUrl expression evaluation in versions prior to 2025.2.4, 2025.3.1, 2025.4.1, and 2026.0.0. Patched versions are available, and affected deployments can temporarily disable the vulnerable components as a workaround.

SSRF Java
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-27962 CRITICAL PATCH Act Now

A critical authentication bypass vulnerability in authlib's JWT signature verification allows attackers to forge arbitrary tokens by injecting their own cryptographic keys through the JWT header. The flaw affects all versions of authlib prior to 1.6.9 when applications use key resolution callbacks that can return None (common in JWKS-based authentication flows). A working proof-of-concept exists demonstrating complete authentication bypass, enabling attackers to impersonate any user or assume administrative privileges without valid credentials.

Docker Python Deserialization Jwt Attack
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-28500 CRITICAL PATCH GHSA Act Now

Silent supply-chain compromise in the ONNX Python package (pip/onnx <= 1.20.1) arises because passing silent=True to onnx.hub.load() suppresses every untrusted-repository warning and confirmation prompt, letting models download and execute from any attacker-controlled GitHub repo with zero user awareness. Because the SHA256 manifest lives in the same attacker-owned repo, the integrity check is self-defeating and always validates the malicious model. There is no public exploit identified at time of analysis and EPSS is very low (0.01%), but the issue is fixed in 1.21.0rc1 and carries a vendor CVSS of 9.1.

Python Information Disclosure
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-4177 CRITICAL PATCH Act Now

A critical heap buffer overflow vulnerability exists in YAML::Syck through version 1.36 for Perl, allowing remote attackers to potentially execute arbitrary code or cause denial of service without authentication. The vulnerability stems from multiple memory corruption issues including heap overflow when processing YAML class names exceeding 512 bytes, buffer overread in base64 decoding, and memory leaks. With a CVSS score of 9.1 and network-based attack vector requiring no user interaction, this presents a severe risk to applications parsing untrusted YAML input.

Heap Overflow Buffer Overflow Yaml
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-32751 CRITICAL PATCH Act Now

SiYuan's mobile file tree fails to sanitize notebook names in WebSocket rename events, allowing authenticated users to inject arbitrary HTML and JavaScript that executes in other clients' browsers. When combined with Electron's insecure configuration (nodeIntegration enabled, contextIsolation disabled), this stored XSS escalates to remote code execution with full Node.js privileges on affected desktop and mobile clients. The vulnerability affects users with notebook rename permissions across Docker, Node.js, Python, and Apple platforms.

Docker RCE XSS Node.js Command Injection +4
NVD GitHub VulDB
CVSS 3.1
9.0
EPSS
0.4%
CVE-2026-30875 HIGH PATCH This Week

An arbitrary file upload vulnerability in Chamilo LMS allows authenticated users with Teacher role to achieve Remote Code Execution by uploading malicious H5P packages. The flaw affects versions prior to 1.11.36 and stems from inadequate validation of H5P package contents, which only checks for h5p.json existence but fails to block .htaccess or PHP files with alternative extensions. With a CVSS score of 8.8 and high exploitation potential, attackers can upload webshells disguised as text files along with .htaccess configurations to bypass security controls.

PHP RCE File Upload Code Injection Chamilo Lms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-32756 HIGH PATCH This Week

A critical unrestricted file upload vulnerability in Admidio's Documents & Files module allows authenticated users with upload permissions to bypass file extension restrictions by submitting an invalid CSRF token, enabling upload of PHP scripts that lead to Remote Code Execution. The vulnerability affects Admidio versions prior to the patch and has a published proof-of-concept demonstrating webshell upload and command execution. With a CVSS score of 8.8 and detailed exploitation steps available, this represents a high-priority risk for organizations using Admidio for document management.

CSRF PHP RCE Information Disclosure File Upload
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-32771 HIGH PATCH GHSA This Week

Path traversal in the `extractor` CLI tool and `extract.DumpOTelCollector` library function allows attackers to write files outside the intended extraction directory by exploiting an incomplete path validation check in the `sanitizeArchivePath` function. A maliciously crafted tar archive can bypass the prefix check and place arbitrary files on the system when processed. A patch is available to address the missing trailing path separator validation.

Path Traversal Suse
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2025-50881 HIGH This Week

The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Execution.

PHP RCE Code Injection N A
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-15540 HIGH PATCH This Week

A code injection vulnerability in Raytha CMS's Functions module allows privileged users to execute arbitrary .NET operations through unrestricted JavaScript code execution, effectively bypassing application sandboxing. The vulnerability affects Raytha CMS versions prior to 1.4.6 and enables authenticated administrators to compromise the application's hosting environment. No active exploitation has been reported (not in KEV), no public POC is available, and EPSS data is not yet available for this recently disclosed vulnerability.

RCE Code Injection Raytha
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-30881 HIGH PATCH This Week

Authenticated attackers can exploit SQL injection in Chamilo LMS 1.11.34 and earlier through the statistics AJAX endpoint, where insufficient input sanitization allows bypassing of database escaping mechanisms via the date_start and date_end parameters. This vulnerability enables blind time-based SQL injection attacks to extract or manipulate sensitive data from the underlying database. Version 1.11.36 contains the patch; versions 1.11.35 and earlier remain vulnerable.

SQLi Chamilo Lms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-69784 HIGH This Week

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product.

RCE
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-11500 HIGH PATCH This Week

An authentication bypass vulnerability in Tinycontrol network devices (tcPDU and LAN Controllers LK3.5, LK3.9, LK4) exposes usernames and encoded passwords for both normal and admin users through unauthenticated HTTP requests to the login page. The vulnerability affects devices running older firmware versions when the secondary authentication mechanism is disabled (default setting), allowing any attacker on the local network to harvest credentials without authentication. With an EPSS score of 0.00043 and no KEV listing, this vulnerability shows low real-world exploitation activity despite its high CVSS score of 8.7.

Information Disclosure Lan Kontroler V3 5 Lk3 9 Lk4 Tcpdu
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy