Skip to main content
CVE-2026-35022 CRITICAL POC Act Now

OS command injection in Anthropic Claude Code CLI and Agent SDK for Python allows remote, unauthenticated attackers to execute arbitrary commands through unsanitized authentication helper parameters processed with shell=true. The vulnerability enables credential theft and environment variable exfiltration in CI/CD pipelines where these tools run with elevated automation privileges. Publicly available exploit code exists, creating immediate risk for organizations using these SDKs in automated workflows.

Command Injection Claude Code Claude Agent Sdk For Python
NVD VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-54328 CRITICAL Act Now

Stack-based buffer overflow in Samsung Exynos chipset SMS message processing allows remote attackers to execute arbitrary code or crash devices via malformed SMS RP-DATA messages. Affects 22 Exynos processor and modem variants across mobile, wearable, and IoT devices, requiring no user interaction. CVSS 10.0 with network-level attack vector (PR:N), scope change, and full system impact. EPSS and exploitation status not provided, but SSVC framework indicates automatable attack with total technical impact. No public exploit identified at time of analysis, though the vulnerability class (CWE-121 stack buffer overflow in SMS parsing) has high weaponization potential.

Buffer Overflow Stack Overflow Samsung
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-31059 CRITICAL Act Now

Remote command execution in UTT Aggressive HiPER 520W router firmware v1.7.7-180627 allows unauthenticated attackers to execute arbitrary system commands via crafted input to the /goform/formDia component. CVSS 9.8 severity indicates network-accessible, low-complexity exploitation requiring no authentication or user interaction. EPSS score of 0.04% (12th percentile) suggests currently low exploitation probability despite publicly available exploit code exists (GitHub POC). No vendor-released patch identified at time of analysis, presenting significant risk for exposed devices.

Command Injection 520w Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31151 CRITICAL Act Now

Authentication bypass in Kaleris Yard Management System (YMS) v7.2.2.1 enables unauthenticated remote attackers to completely circumvent login verification and gain unauthorized access to application resources with full confidentiality, integrity, and availability impact. The vulnerability has a 9.8 CVSS score with network-based attack vector requiring no privileges or user interaction. Currently tracked at 2% EPSS (5th percentile) with no confirmed active exploitation (not in CISA KEV), though a public proof-of-concept repository exists on GitHub, significantly elevating exploitation risk for this critical authentication flaw.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-35490 CRITICAL PATCH GHSA Act Now

Authentication bypass in changedetection.io allows unauthenticated remote attackers to access backup management endpoints due to incorrect Flask decorator ordering. Attackers can trigger backup creation, list all backups, download backup archives containing application secrets, webhook URLs with embedded tokens, monitored URLs, Flask secret keys, and password hashes, or delete all backups without authentication. The vulnerability affects 13 routes across 5 blueprint files where @login_optionally_required is placed before @blueprint.route() instead of after it, causing Flask to register the undecorated function and silently disable authentication. Publicly available exploit code exists (POC demonstrated complete data exfiltration), though no confirmed active exploitation (CISA KEV). EPSS data not provided, but CVSS 9.8 (network-exploitable, no authentication required, high confidentiality/integrity/availability impact) indicates critical severity.

Python Information Disclosure SSRF Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31405 CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_ext_handlers[] and ule_optional_ext_handlers[] tables in handle_one_ule_extension() are declared with 255 elements (valid indices 0-254), but the index htype is derived from network-controlled data as (ule_sndu_type & 0x00FF), giving a range of 0-255. When htype equals 255, an out-of-bounds read occurs on the function pointer table, and the OOB value may be called as a function pointer. Add a bounds check on htype against the array size before either table is accessed. Out-of-range values now cause the SNDU to be discarded.

Buffer Overflow Linux Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-35178 CRITICAL PATCH Act Now

Remote code execution in Workbench (forceworkbench) versions prior to 65.0.0 allows network-based attackers to execute arbitrary code by exploiting unsafe processing of attacker-controlled cookie values during timezone conversion operations. The vulnerability requires user interaction (CVSS UI:P) but no authentication (PR:N), enabling compromise of both the vulnerable component and other system components (scope change: SC:H/SI:H). EPSS score of 0.51% (66th percentile) indicates moderate exploitation probability. No active exploitation confirmed in CISA KEV at time of analysis. Vendor-released patch available in version 65.0.0 with public GitHub advisory and fix PR.

RCE Code Injection Forceworkbench
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.5%
CVE-2026-35047 CRITICAL PATCH Act Now

Unrestricted file upload in BraveCMS 2.0 (prior to 2.0.6) enables remote attackers to execute arbitrary code on the server without authentication. The CKEditor endpoint accepts malicious file uploads including executable scripts, leading to full remote code execution with CVSS 9.3 severity. EPSS data unavailable, no confirmed active exploitation (not in CISA KEV), but upstream fix is available via GitHub commit and version 2.0.6 release. Attack complexity is low with network-accessible vector requiring no privileges or user interaction, making this a critical exposure for internet-facing BraveCMS installations.

File Upload RCE Bravecms 2 0
NVD GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-34977 CRITICAL PATCH Act Now

Unauthenticated remote code execution (RCE) at root level in Aperi'Solve <3.2.1 allows attackers to execute arbitrary commands via unsanitized password input in JPEG upload functionality. Attack requires no authentication (PR:N) and low complexity (AC:L), with CVSS 9.3 critical severity. Publicly available exploit code exists via GitHub advisory. Attackers gain full container compromise with potential pivot to PostgreSQL/Redis databases and, in misconfigured deployments with Docker socket mounts, possible host system takeover. EPSS data not provided, but given unauthenticated network-based vector and public disclosure with fix details, exploitation risk is substantial for exposed instances.

Docker Command Injection Redis PostgreSQL Aperisolve
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-35615 CRITICAL PATCH GHSA Act Now

Path traversal in PraisonAI Agents (praisonai-agents Python package) allows remote unauthenticated attackers to read arbitrary files from the system. The vulnerability exists in FileTools class methods (_validate_path, read_file, write_file, and others) due to a critical logic error: the code checks for '..' sequences AFTER os.path.normpath() already collapsed them, rendering the validation completely ineffective. Exploitation requires no special conditions beyond the ability to specify file paths to affected methods. EPSS probability is low (0.06%, 20th percentile), and vendor patch v4.5.113 is available per GitHub advisory GHSA-693f-pf34-72c5. No active exploitation (CISA KEV) confirmed at time of analysis.

Python Path Traversal
NVD GitHub
CVSS 4.0
9.2
EPSS
0.1%
CVE-2026-35174 CRITICAL PATCH Act Now

Path traversal in Chyrp Lite administration console allows privileged users with Change Settings permissions to manipulate the uploads path, enabling arbitrary file read (including database credentials from config.json.php) and arbitrary file write leading to remote code execution. Affects all versions prior to 2026.01. CVSS 9.1 (Critical) reflects post-authentication impact with scope change. EPSS data not available; no public exploit identified at time of analysis, no CISA KEV listing.

RCE Path Traversal PHP
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2026-35050 CRITICAL PATCH Act Now

Arbitrary Python file overwrite in text-generation-webui versions prior to 4.1.1 enables authenticated high-privilege users to achieve remote code execution by overwriting critical application files like download-model.py through malicious extension settings saved in .py format, then triggering execution via the Model download interface. No public exploit identified at time of analysis, though EPSS data not available for this recent CVE and exploitation methodology is straightforward for authenticated attackers.

Python Path Traversal
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-26026 CRITICAL PATCH Act Now

Remote code execution in GLPI asset management software versions 11.0.0 through 11.0.5 allows authenticated administrators to execute arbitrary code via template injection. The vulnerability requires high privileges (administrator access) but enables complete system compromise with changed scope, indicating potential breakout from the application context. CVSS 9.1 (Critical). No public exploit identified at time of analysis, with EPSS data unavailable for this recent CVE. Fixed in version 11.0.6.

RCE Code Injection Glpi
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-58349 CRITICAL Act Now

Baseband denial-of-service in Samsung Exynos chipsets (980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, 5300, 5400) allows remote attackers to crash mobile device basebands via malformed LTE MAC packets without authentication. The vulnerability affects the L2 layer processing of MAC Control Elements, enabling network-based attacks against cellular connectivity. EPSS score of 0.02% indicates low observed exploitation probability, and no public exploit identified at time of analysis, though the CVSS score of 9.1 reflects the severity of remotely disrupting critical cellular communications infrastructure.

Samsung Denial Of Service
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-39305 CRITICAL PATCH GHSA Act Now

Arbitrary file write via path traversal in PraisonAI's Action Orchestrator allows compromised agents to overwrite critical system files and achieve remote code execution. The vulnerability affects the praisonai pip package, where unsanitized user input in file operation targets enables directory traversal attacks using '../' sequences. Public exploit code exists with detailed proof-of-concept demonstrating overwrite of SSH keys and shell configuration files. Despite CVSS 9.0 (Critical), EPSS score is 2% (4th percentile), indicating low observed exploitation probability in the wild. Vendor patch released in version 4.5.113.

Python RCE Path Traversal
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy