Skip to main content
CVE-2018-25221 CRITICAL POC Act Now

EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Memory Corruption Buffer Overflow Echat Server
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2018-25223 CRITICAL POC PATCH Act Now

Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Memory Corruption Buffer Overflow Denial Of Service Crashmail
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2017-20229 CRITICAL POC PATCH Act Now

MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Memory Corruption Buffer Overflow Mawk
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2018-25220 CRITICAL POC PATCH Act Now

Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Memory Corruption Buffer Overflow Bochs
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2017-20227 CRITICAL POC PATCH Act Now

JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Memory Corruption Java Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2017-20225 CRITICAL POC PATCH Act Now

TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Memory Corruption Buffer Overflow Tiemu
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2016-20049 CRITICAL POC PATCH Act Now

JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries.

RCE Memory Corruption Buffer Overflow Jad Java Decompiler
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2016-20048 HIGH POC PATCH This Week

iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Buffer Overflow Iselect
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2016-20041 HIGH POC PATCH This Week

Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Buffer Overflow Yasr Screen Reader
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2016-20040 HIGH POC PATCH This Week

TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Buffer Overflow Texas Instrument Emulator
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2017-20228 HIGH POC This Week

Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Memory Corruption Buffer Overflow Flat Assembler
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2018-25225 HIGH POC PATCH This Week

SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Authentication Bypass Buffer Overflow Sipp
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2018-25224 HIGH POC PATCH This Week

PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Authentication Bypass Buffer Overflow Pms
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2018-25222 HIGH POC PATCH This Week

SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Memory Corruption Buffer Overflow Sc
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2016-20047 HIGH POC This Week

EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerability in the username handling that allows local attackers to execute arbitrary code by supplying an oversized username string. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Memory Corruption Buffer Overflow Ekg Gadu
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2016-20046 HIGH POC This Week

zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Memory Corruption Buffer Overflow Zftp Client
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2016-20045 HIGH POC This Week

HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -rc command-line parameter. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Memory Corruption Buffer Overflow Hnb
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2016-20044 HIGH POC PATCH This Week

PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Memory Corruption Buffer Overflow Pinfo
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2016-20043 HIGH POC PATCH This Week

NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Memory Corruption Buffer Overflow Nrss Reader
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2016-20042 HIGH POC PATCH This Week

TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the application. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Memory Corruption Buffer Overflow Threaded Usenet News Reader
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2016-20039 HIGH POC This Week

Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allows local attackers to crash the application or execute arbitrary code. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Memory Corruption Buffer Overflow Mess Emulator
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2016-20038 HIGH POC PATCH This Week

yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Memory Corruption Buffer Overflow Ytree
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2017-20226 HIGH POC This Week

Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized input buffer. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Memory Corruption Buffer Overflow Denial Of Service Mapscrn
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2016-20037 HIGH POC PATCH This Week

xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying overly long input strings that exceed buffer. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Memory Corruption Buffer Overflow Denial Of Service Xwpe
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-15604 CRITICAL PATCH Act Now

Amon2 for Perl versions before 6.17 use cryptographically weak random number generation for security-critical functions including session IDs, cookie signing secrets, and CSRF tokens. Versions 6.06-6.16 fall back to SHA-1 hashes seeded with predictable inputs (process ID from a small set, guessable epoch time, and the unsuitable built-in rand() function) when /dev/urandom is unavailable; versions before 6.06 relied entirely on built-in rand(). No CVSS vector or EPSS data is available, and no public exploit code or active exploitation has been confirmed, but the weakness directly undermines session security and CSRF protection in affected applications.

CSRF Amon2
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-3256 CRITICAL Act Now

HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids.

Information Disclosure Http
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-5012 MEDIUM POC This Month

Operating system command injection in elecV2P up to version 3.8.3 allows unauthenticated remote attackers to execute arbitrary commands through the pm2run function in the /rpc endpoint. The vulnerability has a CVSS score of 6.9 with publicly available exploit code, though the vendor has not yet responded to early notification of the issue. This represents a moderate-to-high risk for exposed elecV2P instances due to the combination of remote exploitability, low attack complexity, and confirmed public exploit availability.

Command Injection Elecv2P
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
1.0%
CVE-2026-4998 MEDIUM POC This Month

Code injection in Sinaptik AI PandasAI versions up to 3.0.0 allows unauthenticated remote attackers to execute arbitrary code via the CodeExecutor.execute function in the Chat Message Handler component. CVSS 7.3 (High) with network attack vector, low complexity, and no authentication required. Publicly available exploit code exists (POC on GitHub Gist). EPSS data not provided, but the combination of unauthenticated remote execution and public exploit significantly elevates real-world risk. Vendor non-responsive to coordinated disclosure.

Code Injection RCE Pandasai pandas
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-4997 MEDIUM POC This Month

Path traversal in Sinaptik AI PandasAI up to version 3.0.0 allows remote unauthenticated attackers to read arbitrary files by manipulating the is_sql_query_safe function in the SQL sanitizer module. The vulnerability has a CVSS score of 5.3 (low-to-medium severity) with public exploit code available, though active exploitation has not been confirmed by CISA. The vendor did not respond to early disclosure notification.

Path Traversal Pandasai pandas
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-5014 MEDIUM POC This Month

Path traversal in elecV2P's wildcard handler allows unauthenticated remote attackers to read files outside intended directories via improper path validation in the /log/ endpoint, affecting versions up to 3.8.3. The vulnerability has a publicly available proof of concept and a CVSS score of 5.5 reflecting limited confidentiality impact. The vendor has not responded to early disclosure despite issue notification.

Path Traversal Elecv2P
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5002 MEDIUM POC This Month

Prompt injection in PromtEngineer localGPT allows unauthenticated remote attackers to manipulate LLM behavior via crafted inputs to the _route_using_overviews function. Publicly available exploit code exists (GitHub). The vulnerability affects all versions up to commit 4d41c7d17, with CVSS 7.3 indicating moderate confidentiality, integrity, and availability impact. EPSS data not available, but the combination of network-accessible attack vector, low complexity (AC:L), no authentication requirement (PR:N), and public POC elevates real-world risk for installations exposed to untrusted input.

Information Disclosure Localgpt
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5016 MEDIUM POC This Month

Server-Side Request Forgery (SSRF) in elecV2P versions up to 3.8.3 allows unauthenticated remote attackers to manipulate internal or external HTTP requests via the eAxios function in the /mock URL handler. The vulnerability enables unauthorized access to internal resources, data exfiltration from confidential endpoints, and potential lateral movement within internal networks. Publicly available exploit code exists (GitHub issue #202), significantly lowering the barrier to exploitation. EPSS data not provided, but the combination of network-accessible attack vector, low complexity, no authentication requirement, and public POC represents elevated real-world risk. Vendor has not responded to early disclosure.

SSRF Elecv2P
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5001 MEDIUM POC This Month

Unrestricted file upload in PromtEngineer localGPT allows remote attackers to upload arbitrary files via the do_POST function in backend/server.py, enabling potential remote code execution or system compromise. The vulnerability affects all versions up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054, impacts unauthenticated remote users, and publicly available exploit code exists. The vendor has not responded to early disclosure attempts, leaving the product unpatched.

File Upload Localgpt
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5019 MEDIUM POC This Month

SQL injection in code-projects Simple Food Order System 1.0 allows unauthenticated remote attackers to extract, modify, or delete database contents via the Status parameter in all-orders.php. The vulnerability has a publicly available exploit and requires no authentication or user interaction (CVSS 7.3, AV:N/AC:L/PR:N). No vendor-released patch identified at time of analysis, representing elevated risk for installations of this PHP-based food ordering application.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5018 MEDIUM POC This Month

SQL injection in code-projects Simple Food Order System 1.0 allows unauthenticated remote attackers to execute arbitrary SQL commands via the 'Name' parameter in register-router.php. The vulnerability permits unauthorized database access with confirmed publicly available exploit code (EPSS and CVSS both indicate medium-severity risk). Attack complexity is low with no user interaction required, enabling automated exploitation. No vendor-released patch identified at time of analysis, and exploitation requires no authentication (CVSS PR:N).

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5017 MEDIUM POC This Month

SQL injection in Simple Food Order System 1.0 allows unauthenticated remote attackers to extract, modify, or delete database contents via the Status parameter in /all-tickets.php. The vulnerability is trivially exploitable with low attack complexity and requires no user interaction. Public exploit code exists on GitHub, significantly lowering the barrier to exploitation, though no active exploitation has been confirmed by CISA KEV at time of analysis.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4996 MEDIUM POC This Month

SQL injection in Sinaptik AI PandasAI versions up to 0.1.4 allows unauthenticated remote attackers to manipulate database operations through the pandasai-lancedb extension. Six functions (delete_question_and_answers, delete_docs, update_question_answer, update_docs, get_relevant_question_answers_by_id, get_relevant_docs_by_id) in lancedb.py are vulnerable to SQL injection attacks. Publicly available exploit code exists (CVSS 7.3, EPSS data not provided). The vendor has not responded to disclosure attempts.

SQLi Pandasai pandas
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5013 MEDIUM POC This Month

Path traversal in elecV2P up to version 3.8.3 allows unauthenticated remote attackers to read arbitrary files via manipulation of the URL argument in the /store/:key endpoint's path.join function. The vulnerability has a CVSS score of 5.5 with low confidentiality impact, publicly available exploit code exists, and the vendor has not responded to early notification through an issue report.

Path Traversal Elecv2P
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15445 MEDIUM POC This Month

Restaurant Cafeteria WordPress theme through version 0.4.6 allows authenticated subscribers to execute arbitrary PHP code and modify site configuration through unprotected admin-ajax actions lacking nonce and capability checks. An attacker with subscriber-level access can install malicious plugins from attacker-controlled URLs or import demo content that overwrites critical site settings, pages, menus, and theme configuration. Publicly available exploit code exists for this vulnerability.

WordPress PHP RCE Authentication Bypass
NVD WPScan VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-4987 HIGH This Week

Payment amount bypass in Brainstorm Force SureForms WordPress plugin (all versions ≤2.5.2) allows unauthenticated remote attackers to create underpriced payment and subscription intents by manipulating the form_id parameter to 0, circumventing configured payment validation. CVSS 7.5 (High) with network-accessible attack vector and low complexity. EPSS data not provided; no public exploit identified at time of analysis. This represents a direct financial fraud risk for e-commerce and donation sites using the affected plugin.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-1679 HIGH This Week

Buffer overflow in Zephyr RTOS eswifi socket offload driver allows authenticated local attackers to corrupt kernel memory through oversized socket send operations. The vulnerability enables privilege escalation and denial of service via heap corruption, with high integrity and availability impact. No public exploit identified at time of analysis, though the attack vector is straightforward for users with socket API access. CVSS 7.3 reflects moderate-high severity constrained by local-only access requiring low-level privileges.

Buffer Overflow Zephyr
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-12886 HIGH This Week

Server-Side Request Forgery (SSRF) in Oxygen Theme for WordPress versions up to 6.0.8 allows unauthenticated remote attackers to make arbitrary HTTP requests from the web server via the vulnerable laborator_calc_route AJAX action. This vulnerability is confirmed exploitable without authentication (CVSS PR:N) and enables attackers to query or modify internal services behind firewalls, exfiltrate cloud metadata (AWS/Azure credentials), or scan internal networks. No public exploit identified at time of analysis, though the unauthenticated attack vector and low complexity (AC:L) suggest straightforward exploitation.

WordPress SSRF
NVD VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-5000 MEDIUM This Month

Authentication bypass in PromtEngineer localGPT affects the LocalGPTHandler API endpoint in backend/server.py, allowing unauthenticated remote attackers to access protected functionality with low confidentiality, integrity, and availability impact. The vulnerability stems from improper validation of the BaseHTTPRequestHandler argument, enabling attackers to manipulate request handling without credentials. No public exploit code or active exploitation has been confirmed, though the vendor has not responded to disclosure efforts.

Authentication Bypass Localgpt
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-1307 MEDIUM This Month

Ninja Forms plugin for WordPress versions up to 3.14.1 exposes authorization tokens via an insecure callback function in blocks/bootstrap.php, allowing authenticated Contributor-level users and above to access form submission data from arbitrary forms without proper authorization. The vulnerability enables sensitive information disclosure affecting all WordPress installations using the affected plugin versions, with no active exploitation confirmed at time of analysis.

WordPress PHP Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-4999 LOW POC Monitor

Path traversal in z-9527 admin's file upload function allows authenticated remote attackers to manipulate the fileType parameter in /server/utils/upload.js to access files outside the intended directory, potentially leading to information disclosure or file overwrite. The vulnerability affects all versions up to commit 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2, with publicly available exploit code documented and a CVSS score of 5.3 (low confidentiality, integrity, and availability impact). The vendor has not responded to early disclosure notification.

Path Traversal Admin
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5011 LOW POC Monitor

Remote code execution in elecV2P up to version 3.8.3 allows authenticated attackers to inject arbitrary code via manipulation of the rawcode argument in the runJSFile function of the /webhook JSON Parser endpoint. The vulnerability has publicly available exploit code and the vendor has not yet responded to early disclosure notifications, making this an active security concern for deployed instances.

Code Injection RCE Elecv2P
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5015 LOW POC Monitor

Reflected cross-site scripting (XSS) in elecV2P up to version 3.8.3 allows remote attackers to inject malicious scripts via the filename parameter in the /logs endpoint, requiring user interaction to execute. The vulnerability has publicly available exploit code and affects all versions through 3.8.3, with no vendor patch released despite early notification through issue reporting.

XSS Elecv2P
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4995 LOW POC Monitor

Stored cross-site scripting (XSS) in wandb OpenUI up to version 1.0 via the Window Message Event Handler in frontend/public/annotator/index.html allows authenticated remote attackers to inject malicious scripts with user interaction. The vulnerability has a low CVSS score (3.5) due to authentication and user-interaction requirements, but publicly available exploit code exists and the vendor has not responded to early disclosure notifications.

XSS Openui
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-4994 LOW POC Monitor

Information disclosure in wandb OpenUI up to version 1.0/3.5-turb allows authenticated local network attackers to expose sensitive information through error messages in the APIStatusError handler by manipulating the key argument. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification. Attack complexity is low and requires only local network access and low-level privileges.

Information Disclosure Openui
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-5007 LOW POC Monitor

OS command injection in kazuph mcp-docs-rag through version 0.5.0 allows local attackers with limited privileges to execute arbitrary commands via the cloneRepository function in src/index.ts. The vulnerability affects the add_git_repository and add_text_file components, with publicly available exploit code demonstrating the attack. No vendor patch has been released despite early notification through a GitHub issue.

Command Injection Mcp Docs Rag
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy