Skip to main content
CVE-2026-35022 CRITICAL POC Act Now

OS command injection in Anthropic Claude Code CLI and Agent SDK for Python allows remote, unauthenticated attackers to execute arbitrary commands through unsanitized authentication helper parameters processed with shell=true. The vulnerability enables credential theft and environment variable exfiltration in CI/CD pipelines where these tools run with elevated automation privileges. Publicly available exploit code exists, creating immediate risk for organizations using these SDKs in automated workflows.

Command Injection Claude Code Claude Agent Sdk For Python
NVD VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-35020 HIGH POC This Week

OS command injection in Anthropic Claude Code CLI and Claude Agent SDK for Python allows local attackers to execute arbitrary commands by poisoning the TERMINAL environment variable with shell metacharacters. The vulnerability affects both normal CLI operations and deep-link handlers, enabling privilege escalation to the user context running the CLI. Publicly available exploit code exists. With CVSS 8.6 (High) severity, this presents significant risk in CI/CD pipelines and developer environments where environment variables may be attacker-controlled.

Command Injection Claude Code Claude Agent Sdk For Python
NVD VulDB
CVSS 4.0
8.6
EPSS
0.1%
CVE-2026-34885 HIGH POC This Week

SQL injection in WordPress Media Library Assistant plugin through version 3.34 allows authenticated attackers with low-level privileges to extract sensitive database contents and potentially disrupt availability. The vulnerability has a CVSS score of 8.5 (High) with scope change, indicating authenticated attackers can access data beyond their permission level. EPSS data not available; no public exploit identified at time of analysis. No CISA KEV listing indicates this is not confirmed as actively exploited in the wild.

SQLi
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2024-14032 HIGH POC This Week

Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Authentication Bypass Twitch Studio
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-35021 HIGH POC This Week

OS command injection in Anthropic Claude Code CLI and Claude Agent SDK for Python enables arbitrary command execution via malicious file paths containing shell metacharacters. Local attackers can exploit POSIX shell command substitution within double-quoted strings to execute commands with user privileges. Publicly available exploit code exists. With CVSS 8.4 (High) and local attack vector requiring user interaction, this represents elevated risk in CI/CD pipelines and development environments where untrusted file paths may be processed.

Command Injection Claude Code Claude Agent Sdk For Python
NVD VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-39363 HIGH POC PATCH GHSA This Week

Vite dev server WebSocket allows unauthorized file system access, bypassing server.fs.allow restrictions when developers expose dev servers to networks (via --host). Attackers exploiting this can read arbitrary files (credentials, source code, secrets) from the development machine or CI environment through a WebSocket vite:invoke event calling fetchModule with file:// URLs. Vendor-released patches available in versions 6.4.2, 7.3.2, and 8.0.5. Public exploit code exists with detailed proof-of-concept demonstrating /etc/passwd retrieval via WebSocket without Origin header validation.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-39364 HIGH POC PATCH GHSA This Week

Vite development server allows unauthorized file disclosure by bypassing server.fs.deny restrictions when specific query parameters (?raw, ?import&raw, ?import&url&inline) are appended to file requests. The npm package 'vite' is affected when the dev server is explicitly exposed to the network and sensitive files exist within allowed directories but are supposedly blocked by deny patterns. A publicly available exploit code exists demonstrating retrieval of .env files and certificates. Fixed in versions 7.3.2 and 8.0.5 according to vendor release tags.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-5685 HIGH POC This Week

Remote code execution in Tenda CX12L firmware version 16.03.53.12 allows authenticated attackers to overflow stack buffers via malicious 'page' parameter values sent to the addressNat endpoint (/goform/addressNat). The fromAddressNat function fails to validate input length, enabling memory corruption with high impact to confidentiality, integrity, and availability. Publicly available exploit code exists (GitHub POC), elevating practical exploitation risk despite requiring low-privilege authentication. EPSS data not available, but CVSS 7.4 reflects network-accessible attack vector with low complexity.

Tenda Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5609 HIGH POC This Week

Stack-based buffer overflow in Tenda i12 router firmware 1.0.0.11(3862) allows authenticated remote attackers to execute arbitrary code via the WiFi SSID configuration interface. The vulnerability is exploitable over the network with low complexity through manipulation of the 'index' or 'wl_radio' parameters in the formwrlSSIDset function. With publicly available exploit code (GitHub POC) and a CVSS score of 8.8, this presents immediate risk to exposed management interfaces. EPSS data not provided, but the combination of network accessibility, authentication bypass potential, and weaponized exploit elevates real-world risk.

Tenda Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5628 HIGH POC This Week

Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in the formSetSystemSettings function within the /goform/formSetSystemSettings endpoint, exploitable via the 'webpage' parameter. Publicly available exploit code exists (GitHub POC), CVSS 8.8 indicating network-exploitable with low complexity requiring only low-privilege authentication. Vendor unresponsive to coordinated disclosure attempts.

Buffer Overflow Stack Overflow F9K1015
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5614 HIGH POC This Week

Stack-based buffer overflow in Belkin F9K1015 v1.00.10 allows authenticated remote attackers to achieve code execution via the formSetPassword function. The vulnerability requires low-privilege credentials but no user interaction, carrying a CVSS score of 8.8 (High). Public exploit code exists on GitHub, significantly lowering the barrier to exploitation, though no active exploitation is confirmed (not in CISA KEV). The vendor did not respond to responsible disclosure attempts.

Stack Overflow Buffer Overflow F9K1015
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5613 HIGH POC This Week

Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 allows authenticated remote attackers to achieve code execution and full system compromise via the formReboot endpoint. The vulnerability has a publicly available exploit (GitHub POC) and requires only low-privileged authentication (EPSS risk assessment recommended but data not provided). Vendor did not respond to disclosure, indicating no patch is available.

Buffer Overflow Stack Overflow F9K1015
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5612 HIGH POC This Week

Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 enables authenticated remote attackers to achieve complete system compromise via crafted 'webpage' parameter to the formWlEncrypt endpoint. Publicly available exploit code exists (GitHub POC). EPSS data not provided, but the low attack complexity (AC:L) and network attack vector (AV:N) combined with confirmed POC availability indicate moderate-to-high exploitation risk. Vendor was notified but did not respond, leaving devices potentially unpatched.

Buffer Overflow Stack Overflow F9K1015
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5611 HIGH POC This Week

Stack-based buffer overflow in Belkin F9K1015 wireless router firmware version 1.00.10 allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in the formCrossBandSwitch function accessible via /goform/formCrossBandSwitch endpoint, where unsanitized input to the 'webpage' parameter triggers memory corruption. Publicly available exploit code exists (GitHub POC), elevating practical exploitat

Stack Overflow Buffer Overflow F9K1015
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5610 HIGH POC This Week

Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 enables authenticated remote attackers to achieve full system compromise (code execution, denial of service, credential theft) via crafted requests to the formWISP5G endpoint. CVSS 8.8 severity with low attack complexity and publicly available exploit code. Vendor has not responded to disclosure, leaving users without an official patch. EPSS data not available, but the combination of network accessibility, low complexity, and public POC elevates real-world risk despite requiring low-privilege authentication.

Buffer Overflow Stack Overflow F9K1015
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5608 HIGH POC This Week

Stack-based buffer overflow in Belkin F9K1122 router firmware 1.00.33 enables authenticated remote attackers to achieve full device compromise via crafted 'webpage' parameter in formWlanSetup function. Publicly available exploit code exists, and EPSS data suggests low-probability targeting despite critical CVSS 8.8 severity. Vendor non-responsive to disclosure; no patch released.

Buffer Overflow Stack Overflow F9k1122
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5684 HIGH POC This Week

Stack-based buffer overflow in Tenda CX12L wireless router firmware 16.03.53.12 allows authenticated adjacent network attackers to execute arbitrary code or crash the device via crafted 'page' parameter to the /goform/webExcptypemanFilter endpoint. Publicly available exploit code exists (GitHub POC published), enabling straightforward exploitation against unpatched routers on the same LAN segment. EPSS score of 0.03% suggests limited mass exploitation to date, though adjacent network requirement naturally constrains attack surface to local/corporate networks rather than internet-wide scanning.

Tenda Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-39365 MEDIUM POC PATCH GHSA This Month

Path traversal in Vite dev server versions 6.x through 7.3.1 allows unauthenticated remote attackers to bypass filesystem restrictions and retrieve sensitive `.map` files outside the project root by injecting path traversal sequences into optimized dependency URLs. The vulnerability requires explicit network exposure of the dev server and predictable file paths, but publicly available proof-of-concept code demonstrates the attack. Affected Vite instances should upgrade to v6.4.2, v7.3.2, or v8.0.5.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
3.1%
CVE-2025-54328 CRITICAL Act Now

Stack-based buffer overflow in Samsung Exynos chipset SMS message processing allows remote attackers to execute arbitrary code or crash devices via malformed SMS RP-DATA messages. Affects 22 Exynos processor and modem variants across mobile, wearable, and IoT devices, requiring no user interaction. CVSS 10.0 with network-level attack vector (PR:N), scope change, and full system impact. EPSS and exploitation status not provided, but SSVC framework indicates automatable attack with total technical impact. No public exploit identified at time of analysis, though the vulnerability class (CWE-121 stack buffer overflow in SMS parsing) has high weaponization potential.

Buffer Overflow Stack Overflow Samsung
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-5692 MEDIUM POC This Month

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the 'enable' parameter in the setGameSpeedCfg function of /cgi-bin/cstecgi.cgi. Public exploit code exists on GitHub (EPSS and KEV status not provided, but publicly available proof-of-concept increases immediate risk). Attack vector is network-based with low complexity requiring no user interaction or authentication (CVSS:3.1 AV:N/AC:L/PR:N/UI:N).

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
2.4%
CVE-2026-5688 MEDIUM POC This Month

OS command injection in Totolink A7100RU router firmware version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the 'provider' parameter in the setDdnsCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (GitHub POC) demonstrating practical exploitation. With CVSS 7.3 and network-accessible attack vector requiring no authentication or user interaction, this represents a significant risk to exposed devices, though no active exploitation confirmed by CISA KEV at time of analysis.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
2.4%
CVE-2026-5678 MEDIUM POC This Month

OS command injection in Totolink A7100RU firmware version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary commands via manipulation of the mode parameter in the setScheduleCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists for this vulnerability, creating immediate risk for exposed devices.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
2.4%
CVE-2026-5677 MEDIUM POC This Month

Remote command injection in Totolink A7100RU firmware 7.4cu.2313_b20191024 allows unauthenticated attackers to execute arbitrary OS commands via manipulation of the resetFlags parameter in the CsteSystem function (/cgi-bin/cstecgi.cgi). Publicly available exploit code exists for this vulnerability, which achieves a CVSS 6.9 score with low confidentiality, integrity, and availability impact across multiple scopes.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
2.4%
CVE-2026-31059 CRITICAL Act Now

Remote command execution in UTT Aggressive HiPER 520W router firmware v1.7.7-180627 allows unauthenticated attackers to execute arbitrary system commands via crafted input to the /goform/formDia component. CVSS 9.8 severity indicates network-accessible, low-complexity exploitation requiring no authentication or user interaction. EPSS score of 0.04% (12th percentile) suggests currently low exploitation probability despite publicly available exploit code exists (GitHub POC). No vendor-released patch identified at time of analysis, presenting significant risk for exposed devices.

Command Injection 520w Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31151 CRITICAL Act Now

Authentication bypass in Kaleris Yard Management System (YMS) v7.2.2.1 enables unauthenticated remote attackers to completely circumvent login verification and gain unauthorized access to application resources with full confidentiality, integrity, and availability impact. The vulnerability has a 9.8 CVSS score with network-based attack vector requiring no privileges or user interaction. Currently tracked at 2% EPSS (5th percentile) with no confirmed active exploitation (not in CISA KEV), though a public proof-of-concept repository exists on GitHub, significantly elevating exploitation risk for this critical authentication flaw.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-35490 CRITICAL PATCH GHSA Act Now

Authentication bypass in changedetection.io allows unauthenticated remote attackers to access backup management endpoints due to incorrect Flask decorator ordering. Attackers can trigger backup creation, list all backups, download backup archives containing application secrets, webhook URLs with embedded tokens, monitored URLs, Flask secret keys, and password hashes, or delete all backups without authentication. The vulnerability affects 13 routes across 5 blueprint files where @login_optionally_required is placed before @blueprint.route() instead of after it, causing Flask to register the undecorated function and silently disable authentication. Publicly available exploit code exists (POC demonstrated complete data exfiltration), though no confirmed active exploitation (CISA KEV). EPSS data not provided, but CVSS 9.8 (network-exploitable, no authentication required, high confidentiality/integrity/availability impact) indicates critical severity.

Python Information Disclosure SSRF Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31405 CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_ext_handlers[] and ule_optional_ext_handlers[] tables in handle_one_ule_extension() are declared with 255 elements (valid indices 0-254), but the index htype is derived from network-controlled data as (ule_sndu_type & 0x00FF), giving a range of 0-255. When htype equals 255, an out-of-bounds read occurs on the function pointer table, and the OOB value may be called as a function pointer. Add a bounds check on htype against the array size before either table is accessed. Out-of-range values now cause the SNDU to be discarded.

Buffer Overflow Linux Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-5676 MEDIUM POC This Month

Authentication bypass in Totolink A8000R 5.9c.681_B20180413 allows remote attackers to manipulate the langType parameter in the setLanguageCfg function at /cgi-bin/cstecgi.cgi to bypass authentication controls without credentials. This unauthenticated remote vulnerability has publicly available exploit code and poses a confirmed risk to exposed router management interfaces.

Authentication Bypass A8000R
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-5632 MEDIUM POC This Month

Missing authentication in gpt-researcher HTTP REST API (versions ≤3.4.3) allows remote attackers to bypass access controls and interact with the API without credentials. Publicly available exploit code exists (GitHub issue #1695), enabling unauthorized information disclosure, data manipulation, and service disruption. CVSS 7.3 with network attack vector, low complexity, and no privileges required indicates significant exploitability. Vendor has not responded to early disclosure (VulDB submission 785874), leaving users without official patch guidance.

Authentication Bypass Gpt Researcher
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-5661 MEDIUM POC PATCH This Month

Denial of service in Free5GC 4.2.0 NGSetupRequest Handler allows unauthenticated remote attackers to crash the AMF (Access and Mobility Management Function) component via malformed requests. The vulnerability has a publicly available exploit and a vendor-released patch, with EPSS score of 5.3 indicating moderate but real exploitation risk despite low CVSS scoring.

Denial Of Service Free5gc
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-5638 MEDIUM POC This Month

Path traversal in HerikLyma CPPWebFramework up to version 3.1 allows remote attackers to read arbitrary files on the server with low confidentiality impact. The vulnerability requires no authentication and can be exploited over the network with low complexity; publicly available exploit code exists. The vendor has been notified via GitHub issue but has not yet responded or released a patch.

Path Traversal Cppwebframework
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5631 MEDIUM POC This Month

Remote code injection in gpt-researcher (assafelovic) versions up to 3.4.3 allows unauthenticated attackers to execute arbitrary code via the WebSocket endpoint's extract_command_data function. The vulnerability stems from improper input validation of the 'args' parameter in backend/server/server_utils.py. Publicly available exploit code exists (GitHub issue #1694), though confirmed active exploitation (CISA KEV) has not been reported. With CVSS 7.3 and network-accessible attack vector requiring no authentication, this represents a significant risk to exposed instances, though vendor response remains pending.

Code Injection RCE Gpt Researcher
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5642 MEDIUM POC This Month

Improper authorization in Cyber-III Student-Management-System allows unauthenticated remote attackers to bypass authentication controls via crafted HTTP POST requests to /viva/update.php. The vulnerability (CWE-285) enables unauthorized modification of student records by manipulating the 'Name' parameter. Publicly available exploit code exists (GitHub issue #236), and the project maintainer has not responded to responsible disclosure attempts. EPSS data not provided, but CVSS 7.3 with PR:N indicates significant risk for internet-facing deployments.

Authentication Bypass PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5633 MEDIUM POC This Month

Server-side request forgery in gpt-researcher versions up to 3.4.3 allows unauthenticated remote attackers to manipulate the source_urls parameter at the ws endpoint, enabling partial confidentiality, integrity, and availability impacts. A publicly available exploit exists via GitHub issue #1696, though the vendor has not responded to early disclosure. EPSS data not provided, but the low attack complexity (AC:L) and proof-of-concept availability elevate immediate risk for exposed instances.

SSRF Gpt Researcher
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5666 MEDIUM POC This Month

Code-Projects Online FIR System 1.0 stores sensitive database backup files insecurely, allowing unauthenticated remote attackers to access the /complaints.sql backup file and disclose confidential information. The CVSS 5.5 score reflects low confidentiality impact but network-accessible exposure; publicly available exploit code exists, elevating practical risk despite the moderate score.

Information Disclosure Online Fir System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5650 MEDIUM POC This Month

Code-Projects Online Application System for Admission 1.0 stores sensitive information insecurely in the /enrollment/database/oas.sql file, allowing remote unauthenticated attackers to disclose confidential data. The vulnerability has publicly available exploit code and is rated CVSS 5.3 with an EPSS percentile indicating moderate exploitation probability. Attackers can access the database backup file remotely without authentication or user interaction, leading to information disclosure.

Information Disclosure Online Application System For Admission
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5665 MEDIUM POC This Month

SQL injection in code-projects Online FIR System 1.0 allows unauthenticated remote attackers to extract, modify, or delete database contents via the email and password parameters in /Login/checklogin.php. CVSS 7.3 (High) with attack vector Network, Low complexity, and No privileges required. Publicly available exploit code exists (GitHub POC published). EPSS data not provided, but the combination of unauthenticated access, public exploit, and login bypass potential makes this a significant risk for exposed instances.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5646 MEDIUM POC This Month

SQL injection in code-projects Easy Blog Site 1.0 allows unauthenticated remote attackers to compromise authentication and potentially extract, modify, or delete database contents via crafted username/password parameters in login.php. CVSS 7.3 (High) with network attack vector, low complexity, and no authentication required. Publicly available exploit code exists (GitHub POC), significantly lowering the barrier to exploitation. No vendor-released patch identified at time of analysis.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5645 MEDIUM POC This Month

SQL injection in projectworlds Car Rental System 1.0 allows unauthenticated remote attackers to manipulate database queries via the mpesa parameter in /pay.php. The vulnerability carries a CVSS score of 7.3 with network-based exploitation requiring low complexity and no user interaction. Publicly available exploit code exists (GitHub POC published), significantly lowering the barrier to exploitation, though no CISA KEV listing confirms active widespread exploitation at time of analysis.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5637 MEDIUM POC This Month

SQL injection in projectworlds Car Rental System 1.0 allows unauthenticated remote attackers to execute arbitrary SQL commands via the Message parameter in /message_admin.php. Publicly available exploit code exists, significantly lowering the barrier to exploitation. The vulnerability enables unauthorized data access, modification, and potential denial of service against the administrative messaging interface. CVSS 7.3 severity reflects network-accessible attack vector with low complexity and no authentication requirement.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5634 MEDIUM POC This Month

SQL injection in projectworlds Car Rental Project 1.0 allows remote attackers to execute arbitrary SQL queries via the fname parameter in /book_car.php, enabling unauthenticated database manipulation with potential confidentiality and integrity impact. The vulnerability has publicly available exploit code and a moderate CVSS score of 6.9, indicating practical exploitability despite low attack complexity.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-35178 CRITICAL PATCH Act Now

Remote code execution in Workbench (forceworkbench) versions prior to 65.0.0 allows network-based attackers to execute arbitrary code by exploiting unsafe processing of attacker-controlled cookie values during timezone conversion operations. The vulnerability requires user interaction (CVSS UI:P) but no authentication (PR:N), enabling compromise of both the vulnerable component and other system components (scope change: SC:H/SI:H). EPSS score of 0.51% (66th percentile) indicates moderate exploitation probability. No active exploitation confirmed in CISA KEV at time of analysis. Vendor-released patch available in version 65.0.0 with public GitHub advisory and fix PR.

RCE Code Injection Forceworkbench
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.5%
CVE-2026-35047 CRITICAL PATCH Act Now

Unrestricted file upload in BraveCMS 2.0 (prior to 2.0.6) enables remote attackers to execute arbitrary code on the server without authentication. The CKEditor endpoint accepts malicious file uploads including executable scripts, leading to full remote code execution with CVSS 9.3 severity. EPSS data unavailable, no confirmed active exploitation (not in CISA KEV), but upstream fix is available via GitHub commit and version 2.0.6 release. Attack complexity is low with network-accessible vector requiring no privileges or user interaction, making this a critical exposure for internet-facing BraveCMS installations.

File Upload RCE Bravecms 2 0
NVD GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-34977 CRITICAL PATCH Act Now

Unauthenticated remote code execution (RCE) at root level in Aperi'Solve <3.2.1 allows attackers to execute arbitrary commands via unsanitized password input in JPEG upload functionality. Attack requires no authentication (PR:N) and low complexity (AC:L), with CVSS 9.3 critical severity. Publicly available exploit code exists via GitHub advisory. Attackers gain full container compromise with potential pivot to PostgreSQL/Redis databases and, in misconfigured deployments with Docker socket mounts, possible host system takeover. EPSS data not provided, but given unauthenticated network-based vector and public disclosure with fix details, exploitation risk is substantial for exposed instances.

Docker Command Injection Redis PostgreSQL Aperisolve
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-35615 CRITICAL PATCH GHSA Act Now

Path traversal in PraisonAI Agents (praisonai-agents Python package) allows remote unauthenticated attackers to read arbitrary files from the system. The vulnerability exists in FileTools class methods (_validate_path, read_file, write_file, and others) due to a critical logic error: the code checks for '..' sequences AFTER os.path.normpath() already collapsed them, rendering the validation completely ineffective. Exploitation requires no special conditions beyond the ability to specify file paths to affected methods. EPSS probability is low (0.06%, 20th percentile), and vendor patch v4.5.113 is available per GitHub advisory GHSA-693f-pf34-72c5. No active exploitation (CISA KEV) confirmed at time of analysis.

Python Path Traversal
NVD GitHub
CVSS 4.0
9.2
EPSS
0.1%
CVE-2026-35174 CRITICAL PATCH Act Now

Path traversal in Chyrp Lite administration console allows privileged users with Change Settings permissions to manipulate the uploads path, enabling arbitrary file read (including database credentials from config.json.php) and arbitrary file write leading to remote code execution. Affects all versions prior to 2026.01. CVSS 9.1 (Critical) reflects post-authentication impact with scope change. EPSS data not available; no public exploit identified at time of analysis, no CISA KEV listing.

RCE Path Traversal PHP
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2026-35050 CRITICAL PATCH Act Now

Arbitrary Python file overwrite in text-generation-webui versions prior to 4.1.1 enables authenticated high-privilege users to achieve remote code execution by overwriting critical application files like download-model.py through malicious extension settings saved in .py format, then triggering execution via the Model download interface. No public exploit identified at time of analysis, though EPSS data not available for this recent CVE and exploitation methodology is straightforward for authenticated attackers.

Python Path Traversal
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-26026 CRITICAL PATCH Act Now

Remote code execution in GLPI asset management software versions 11.0.0 through 11.0.5 allows authenticated administrators to execute arbitrary code via template injection. The vulnerability requires high privileges (administrator access) but enables complete system compromise with changed scope, indicating potential breakout from the application context. CVSS 9.1 (Critical). No public exploit identified at time of analysis, with EPSS data unavailable for this recent CVE. Fixed in version 11.0.6.

RCE Code Injection Glpi
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-58349 CRITICAL Act Now

Baseband denial-of-service in Samsung Exynos chipsets (980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, 5300, 5400) allows remote attackers to crash mobile device basebands via malformed LTE MAC packets without authentication. The vulnerability affects the L2 layer processing of MAC Control Elements, enabling network-based attacks against cellular connectivity. EPSS score of 0.02% indicates low observed exploitation probability, and no public exploit identified at time of analysis, though the CVSS score of 9.1 reflects the severity of remotely disrupting critical cellular communications infrastructure.

Samsung Denial Of Service
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-39305 CRITICAL PATCH GHSA Act Now

Arbitrary file write via path traversal in PraisonAI's Action Orchestrator allows compromised agents to overwrite critical system files and achieve remote code execution. The vulnerability affects the praisonai pip package, where unsanitized user input in file operation targets enables directory traversal attacks using '../' sequences. Public exploit code exists with detailed proof-of-concept demonstrating overwrite of SSH keys and shell configuration files. Despite CVSS 9.0 (Critical), EPSS score is 2% (4th percentile), indicating low observed exploitation probability in the wild. Vendor patch released in version 4.5.113.

Python RCE Path Traversal
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy