Skip to main content
CVE-2026-32760 CRITICAL POC PATCH Act Now

Unauthenticated attackers can register administrator accounts in Docker when self-registration is enabled and default user permissions include admin privileges, as the signup handler fails to strip admin permissions from self-registered accounts. Public exploit code exists for this vulnerability. No patch is currently available.

Privilege Escalation Docker Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2017-20223 CRITICAL POC Act Now

An insecure direct object reference vulnerability in Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 allows remote attackers to bypass authentication and directly access sensitive resources by manipulating input parameters. With a publicly available proof-of-concept exploit and a critical CVSS score of 9.8, attackers can gain unauthorized access to sensitive information and system functionalities without any authentication or user interaction required.

Authentication Bypass Sdt Cs3b1
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-32737 CRITICAL PATCH Act Now

CVE-2026-32737 is a security vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affected systems. Vendor patch is available.

Authentication Bypass Suse
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-28430 CRITICAL PATCH Act Now

Unauthenticated SQL injection in Chamilo LMS versions prior to 1.11.34 enables remote attackers to execute arbitrary database queries through the custom_dates parameter and escalate to full administrative account takeover by exploiting a predictable password reset mechanism. This critical vulnerability exposes the entire database including personally identifiable information and system configurations without requiring any credentials or user interaction. No patch is currently available for affected installations.

SQLi Chamilo Lms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-69902 CRITICAL Act Now

A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.

Command Injection RCE Code Injection
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-32767 CRITICAL PATCH Act Now

An authorization bypass vulnerability in SiYuan Note v3.6.0 and earlier allows any authenticated user, including those with read-only 'Reader' role privileges, to execute arbitrary SQL commands through the /api/search/fullTextSearchBlock endpoint when the method parameter is set to 2. This enables attackers to read, modify, or delete all data in the application's SQLite database, completely bypassing the application's role-based access controls. A detailed proof-of-concept demonstrates how Reader-role users can execute destructive SQL operations including dropping tables.

SQLi Docker Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-4254 CRITICAL Act Now

Remote code execution in Tenda AC8 firmware versions up to 16.03.50.11 results from a stack-based buffer overflow in the HTTP endpoint handling password change requests. An unauthenticated attacker can exploit this vulnerability over the network to execute arbitrary commands with full system privileges. Public exploit code exists for this vulnerability and no patch is currently available.

Buffer Overflow Tenda
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-69809 CRITICAL Act Now

A critical write-what-where memory corruption vulnerability exists in p2r3 Bareiron (commit 8e4d40) that allows unauthenticated remote attackers to write arbitrary values to memory locations, enabling arbitrary code execution through specially crafted network packets. The vulnerability carries a CVSS score of 9.8 and is remotely exploitable without authentication, though it is not currently listed in CISA KEV and has no EPSS score data available. A proof-of-concept appears to exist based on the GitHub reference to a dedicated CVE repository.

RCE
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-62319 CRITICAL Act Now

A Boolean-based SQL injection vulnerability exists in HCL Unica that allows remote attackers to manipulate backend database queries through specially crafted input fields. The vulnerability affects HCL Unica version 25.1.1 and below, enabling unauthenticated attackers to extract sensitive data, modify database contents, or potentially compromise the entire system. With a critical CVSS score of 9.8 and network-based attack vector requiring no authentication, this represents a severe risk to organizations using affected Unica installations.

SQLi Unica
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-32267 CRITICAL PATCH Act Now

A security vulnerability in Craft CMS (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

Authentication Bypass Cms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2017-20224 CRITICAL Act Now

An unauthenticated arbitrary file upload vulnerability in Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 allows remote attackers to upload malicious files and execute code through improperly enabled WebDAV HTTP methods. Attackers can achieve remote code execution or denial of service without any authentication, making this a critical risk for exposed devices. Multiple proof-of-concept exploits are publicly available through security research publications.

RCE Denial Of Service File Upload Sdt Cs3b1
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-69808 CRITICAL Act Now

An out-of-bounds memory access (OOB) in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to access sensitive information and cause a Denial of Service (DoS) via supplying a crafted packet.

Denial Of Service Information Disclosure Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-23489 CRITICAL PATCH Act Now

A critical remote code execution vulnerability exists in the Fields plugin for GLPI that allows authenticated users with dropdown creation privileges to execute arbitrary PHP code on the server. The vulnerability affects Fields plugin versions prior to 1.23.3 and has a CVSS score of 9.1, indicating severe impact with the ability to compromise the entire system. While no active exploitation has been reported in KEV and no public proof-of-concept is mentioned, the straightforward attack vector and high privileges requirement suggest targeted insider threat or compromised account scenarios.

PHP RCE Fields
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-32633 CRITICAL PATCH Act Now

The Glances system monitoring tool exposes reusable authentication credentials for downstream servers through an unauthenticated API endpoint when running in Central Browser mode without password protection. This vulnerability allows any network attacker to retrieve pbkdf2-hashed passwords that can be replayed to access protected Glances servers across an entire monitored fleet. A proof-of-concept is included in the advisory demonstrating credential extraction from the /api/4/serverslist endpoint.

Python Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-25534 CRITICAL PATCH Act Now

Java URL parsing in Spinnaker's clouddriver and Orca components fails to properly validate URLs containing underscores, allowing authenticated attackers to bypass URL sanitation controls and potentially execute arbitrary code or access unauthorized resources. This vulnerability affects both the clouddriver artifact handling and Orca fromUrl expression evaluation in versions prior to 2025.2.4, 2025.3.1, 2025.4.1, and 2026.0.0. Patched versions are available, and affected deployments can temporarily disable the vulnerable components as a workaround.

SSRF Java
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-27962 CRITICAL PATCH Act Now

A critical authentication bypass vulnerability in authlib's JWT signature verification allows attackers to forge arbitrary tokens by injecting their own cryptographic keys through the JWT header. The flaw affects all versions of authlib prior to 1.6.9 when applications use key resolution callbacks that can return None (common in JWKS-based authentication flows). A working proof-of-concept exists demonstrating complete authentication bypass, enabling attackers to impersonate any user or assume administrative privileges without valid credentials.

Docker Python Deserialization Jwt Attack
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-28500 CRITICAL PATCH GHSA Act Now

Silent supply-chain compromise in the ONNX Python package (pip/onnx <= 1.20.1) arises because passing silent=True to onnx.hub.load() suppresses every untrusted-repository warning and confirmation prompt, letting models download and execute from any attacker-controlled GitHub repo with zero user awareness. Because the SHA256 manifest lives in the same attacker-owned repo, the integrity check is self-defeating and always validates the malicious model. There is no public exploit identified at time of analysis and EPSS is very low (0.01%), but the issue is fixed in 1.21.0rc1 and carries a vendor CVSS of 9.1.

Python Information Disclosure
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-4177 CRITICAL PATCH Act Now

A critical heap buffer overflow vulnerability exists in YAML::Syck through version 1.36 for Perl, allowing remote attackers to potentially execute arbitrary code or cause denial of service without authentication. The vulnerability stems from multiple memory corruption issues including heap overflow when processing YAML class names exceeding 512 bytes, buffer overread in base64 decoding, and memory leaks. With a CVSS score of 9.1 and network-based attack vector requiring no user interaction, this presents a severe risk to applications parsing untrusted YAML input.

Heap Overflow Buffer Overflow Yaml
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-32751 CRITICAL PATCH Act Now

SiYuan's mobile file tree fails to sanitize notebook names in WebSocket rename events, allowing authenticated users to inject arbitrary HTML and JavaScript that executes in other clients' browsers. When combined with Electron's insecure configuration (nodeIntegration enabled, contextIsolation disabled), this stored XSS escalates to remote code execution with full Node.js privileges on affected desktop and mobile clients. The vulnerability affects users with notebook rename permissions across Docker, Node.js, Python, and Apple platforms.

Docker RCE XSS Node.js Command Injection +4
NVD GitHub VulDB
CVSS 3.1
9.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy