Skip to main content
CVE-2026-4631 CRITICAL POC PATCH Act Now

Remote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the host system by injecting malicious SSH options through the login endpoint. Affecting Red Hat Enterprise Linux versions 7 through 10, this critical pre-authentication vulnerability (CVSS 9.8) requires no credentials and executes code before any authentication checks occur. EPSS data not available; no confirmed active exploitation (CISA KEV) at time of analysis, though the pre-authentication nature and command injection vector present severe risk for internet-exposed Cockpit instances.

RCE Command Injection Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +1
NVD VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-0740 CRITICAL POC Act Now

Unauthenticated arbitrary file upload in Ninja Forms - File Uploads plugin for WordPress (versions ≤3.3.26) enables remote code execution through missing file type validation in the upload handler. Attackers can upload malicious PHP files without authentication, achieving complete server compromise. CVSS 9.8 (Critical) with CVSS:3.1/AV:N/AC:L/PR:N/UI:N indicates network-based exploitation requiring no privileges or user interaction. Fully patched in version 3.3.27 following a partial fix in 3.3.25. No public exploit identified at time of analysis, though the vulnerability class (CWE-434: Unrestricted Upload of File with Dangerous Type) is well-understood and readily exploitable.

WordPress File Upload RCE
NVD VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2021-4473 CRITICAL POC PATCH Act Now

Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter component endpoint that allows unauthenticated attackers to execute arbitrary commands by. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP Command Injection
NVD VulDB
CVSS 4.0
9.3
EPSS
0.6%
CVE-2026-23696 CRITICAL POC Act Now

SQL injection in Windmill workflow orchestration platform versions 1.276.0 through 1.603.2 enables authenticated attackers to escalate privileges to administrator and achieve remote code execution. The vulnerability exists in folder ownership management functionality where the owner parameter lacks input sanitization, allowing extraction of JWT signing secrets and administrative user identifiers to forge admin tokens. Publicly available exploit code exists (GitHub POC by Chocapikk), and EPSS risk assessment is critical given the low-complexity remote attack vector requiring only low-privilege authentication. Vendor-released patch: version 1.603.3.

SQLi RCE Information Disclosure
NVD GitHub
CVSS 4.0
9.4
EPSS
0.1%
CVE-2026-22679 CRITICAL POC PATCH NEWS Act Now

Unauthenticated remote code execution in Weaver E-cology 10.0 (pre-20260312) allows attackers to execute arbitrary system commands via exposed debug functionality at /papi/esearch/data/devops/dubboApi/debug/method. Attackers exploit this by sending crafted POST requests with malicious interfaceName and methodName parameters to invoke command-execution helpers. Confirmed actively exploited (CISA KEV) with exploitation first observed by Shadowserver Foundation on March 31, 2026. Publicly available exploit code exists (h4cker.zip PoC), CVSS 9.8 (Critical), EPSS data not provided but real-world exploitation confirmed.

RCE Authentication Bypass E Cology
NVD VulDB GitHub
CVSS 4.0
9.3
EPSS
0.3%
CVE-2026-33439 CRITICAL POC PATCH GHSA Act Now

Remote code execution in OpenIdentityPlatform OpenAM 16.0.5 and earlier allows unauthenticated attackers to execute arbitrary OS commands via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypass exploits an unpatched deserialization sink in JATO's ClientSession.deserializeAttributes() that was overlooked when CVE-2021-35464 was mitigated. Attackers can target any JATO ViewBean endpoint with <jato:form> tags (commonly found in password reset pages) using a PriorityQue

Deserialization RCE Java Apache Tomcat +3
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-39339 CRITICAL POC PATCH Act Now

Authentication bypass in ChurchCRM API middleware enables unauthenticated remote attackers to access all protected endpoints by manipulating URL paths with 'api/public' strings, exposing complete church member databases and system configurations. Affects ChurchCRM versions prior to 7.1.0 with critical CVSS 9.1 rating. EPSS exploitation probability data unavailable; no public exploit code confirmed at time of analysis, though the trivial attack complexity (path manipulation) significantly increases exploitation risk for internet-exposed installations.

PHP Authentication Bypass
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-39337 CRITICAL PATCH Act Now

Remote code execution in ChurchCRM versions prior to 7.1.0 allows unauthenticated attackers to inject arbitrary PHP code through the unsanitized $dbPassword variable during setup wizard initialization, resulting in complete server compromise. This critical flaw (CVSS 10.0) exists as an incomplete fix for CVE-2025-62521 and requires no authentication or user interaction to exploit. The pre-authentication nature and maximum CVSS severity indicate immediate patching priority for all exposed ChurchCRM installations.

PHP Code Injection RCE
NVD GitHub
CVSS 3.1
10.0
EPSS
0.3%
CVE-2026-39355 CRITICAL PATCH Act Now

Authenticated users can hijack arbitrary team workspaces in Genealogy PHP application versions before 5.9.1 through broken access control, enabling complete takeover of genealogy data belonging to other users. The vulnerability requires only low-privilege authentication (PR:L) with network access (AV:N) and low attack complexity (AC:L), allowing any authenticated user to transfer ownership of non-personal teams to themselves. No public exploit code has been identified at time of analysis, though the straightforward access control flaw and detailed GitHub security advisory make exploitation highly feasible for authenticated attackers.

PHP Authentication Bypass
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2024-36057 CRITICAL Act Now

Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Code Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-5731 CRITICAL PATCH Act Now

Remote code execution in Mozilla Firefox and Thunderbird via memory corruption vulnerabilities allows unauthenticated remote attackers to execute arbitrary code without user interaction. Affects Firefox <149.0.2, Firefox ESR <115.34.1, and Firefox ESR <140.9.1 across desktop platforms. With CVSS 9.8 (critical severity, network-accessible, no privileges required) and CWE-119 buffer overflow classification, this represents multiple memory safety bugs that Mozilla assessed could be exploited for arbitrary code execution. No public exploit identified at time of analysis; EPSS data not provided but critical browser vulnerabilities historically attract rapid exploitation interest.

Mozilla Buffer Overflow RCE Firefox Esr
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-36058 CRITICAL Act Now

The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter bib_list in /cgi-bin/koha/opac-sendbasket.pl,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-5734 CRITICAL PATCH Act Now

Multiple memory corruption vulnerabilities in Mozilla Firefox (< 149.0.2) and Firefox ESR (< 140.9.1) enable unauthenticated remote code execution with critical CVSS 9.8 severity. These memory safety bugs-including CWE-787 out-of-bounds write issues-affect both standard and Extended Support Release channels, with Mozilla confirming evidence of memory corruption exploitable for arbitrary code execution. No active exploitation confirmed (not in CISA KEV) and no public exploit identified at time of analysis, though CVSS vector indicates network-accessible attack requiring no user interaction.

Memory Corruption Buffer Overflow Mozilla RCE Firefox Esr
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-1114 CRITICAL PATCH GHSA Act Now

Weak JWT secret key in LoLLMs 2.1.0 enables offline brute-force recovery, allowing remote unauthenticated attackers to forge administrative tokens and bypass authentication completely. Attackers can escalate privileges to administrator, impersonate legitimate users, and access all restricted endpoints without prior authentication. EPSS probability is low (0.04%, 14th percentile) suggesting limited widespread exploitation interest, though a proof-of-concept exists and SSVC classifies the vulnerability as automatable with total technical impact. Fixed in version 2.2.0 via commit a3b2b82b84.

Authentication Bypass Parisneo Lollms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.0%
CVE-2026-20911 CRITICAL PATCH Act Now

Heap-based buffer overflow in LibRaw's HuffTable::initval function allows unauthenticated remote attackers to achieve arbitrary code execution via malformed image files. Affects LibRaw commits 0b56545 and d20315b with CVSS 9.8 critical severity. Attack requires no user interaction beyond processing a malicious file. No public exploit identified at time of analysis, though technical details from Cisco Talos suggest proof-of-concept exists. EPSS data not available, but the combination of network-accessible attack vector, low complexity, and no authentication barrier represents significant risk for applications processing untrusted image files.

Buffer Overflow Libraw
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-21413 CRITICAL PATCH Act Now

Heap-based buffer overflow in LibRaw's lossless JPEG processing (commits 0b56545 and d20315b) allows unauthenticated remote attackers to achieve arbitrary code execution by providing a malicious image file. The vulnerability scores CVSS 9.8 (Critical) with network attack vector, low complexity, and no authentication required. No CISA KEV listing or public exploit identified at time of analysis, though Talos Intelligence has published detailed vulnerability research (TALOS-2026-2331).

Buffer Overflow Libraw
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-20889 CRITICAL PATCH Act Now

Heap-based buffer overflow in LibRaw's x3f_thumb_loader function allows remote code execution via malformed image files. The vulnerability affects LibRaw commit d20315b, a widely-used raw image processing library integrated into applications like ImageMagick, GIMP, and numerous photo management tools. The CVSS 9.8 critical rating reflects network-exploitable conditions requiring no authentication or user interaction. With an EPSS score not yet available and no CISA KEV listing, active exploitation is not confirmed at time of analysis, though the attack complexity is low and requires only delivering a specially crafted file to vulnerable processing workflows.

Buffer Overflow Integer Overflow Libraw
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-5735 CRITICAL PATCH Act Now

Remote code execution in Mozilla Firefox versions prior to 149.0.2 stems from multiple memory safety bugs allowing unauthenticated network attackers to execute arbitrary code without user interaction. Mozilla confirmed memory corruption evidence across affected versions (Firefox 149.0.1 and Thunderbird 149.0.1), though Thunderbird patch status remains unconfirmed. CVSS 9.8 reflects maximum severity due to network-accessible attack vector with no complexity barriers. No public exploit identified at time of analysis, though the CWE-787 out-of-bounds write class has high weaponization potential once technical details emerge from linked Bugzilla entries.

Memory Corruption Buffer Overflow Mozilla RCE
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31271 CRITICAL Act Now

Unauthenticated account creation bypass in megagao production_ssm v1.0 allows remote attackers to create super administrator accounts via direct API access to /user/insert endpoint. The UserController.java insert() method processes account creation requests without authentication enforcement (CVSS vector PR:N confirms unauthenticated access). Successful exploitation grants full administrative control, enabling attackers to compromise confidentiality, integrity, and availability of the entire application. No public exploit identified at time of analysis.

Authentication Bypass Java N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-33816 CRITICAL PATCH GHSA Act Now

Memory-safety vulnerability in github.com/jackc/pgx/v5 PostgreSQL driver library allows unauthenticated remote attackers to achieve complete system compromise with high confidentiality, integrity, and availability impact. The vulnerability resides in the pgproto3 subpackage and enables network-accessible exploitation without user interaction. Attack complexity is low, requiring no special privileges. Information disclosure confirmed via source tagging. No public exploit identified at time of analysis.

Github Com Jackc Pgx V5 Pgproto3 Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-30079 CRITICAL Act Now

Authentication bypass in OpenAirInterface V2.2.0 Access Management Function (AMF) allows unauthenticated remote attackers to register unauthorized User Equipment (UE) devices on 5G core networks. Exploiting incorrect state machine transitions during UE registration, attackers send SecurityModeComplete messages after InitialUERegistration to trigger registration acceptance without completing proper authentication procedures. This grants full network access to malicious devices, enabling unauthorized subscriber services consumption, interception of traffic, and potential lateral movement within 5G infrastructure. No public exploit identified at time of analysis.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31272 CRITICAL Act Now

Unauthenticated super administrator account creation in MRCMS 3.1.2 allows remote attackers to bypass all access controls and add privileged accounts directly via UserController.save() method. The vulnerability exposes full system compromise through network-accessible endpoints requiring no prior authentication. CVSS 9.8 critical severity reflects unrestricted administrative takeover. No public exploit identified at time of analysis; low observed exploitation activity (EPSS <1%).

Authentication Bypass Java
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-33815 CRITICAL PATCH GHSA Act Now

Remote memory-safety vulnerability in github.com/jackc/pgx/v5 (Go PostgreSQL driver) enables unauthenticated attackers to achieve arbitrary code execution, information disclosure, and denial of service via network vectors. The flaw affects the pgproto3 protocol implementation subpackage with critical-severity CVSS 9.8 scoring. EPSS indicates low observed exploitation activity; no public exploit identified at time of analysis. Vulnerability allows complete compromise of confidentiality, integrity, and availability without user interaction or elevated privileges.

Github Com Jackc Pgx V5 Pgproto3 Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-62818 CRITICAL Act Now

Out-of-bounds write in Samsung Exynos chipsets (processors 980/990/850/1080/2100/1280/2200/1330/1380/1480/2400/1580/2500/9110, wearables W920/W930/W1000, modems 5123/5300/5400) allows unauthenticated remote attackers to achieve arbitrary code execution via malformed SMS TP-UD packets. Exploitation occurs through TP-UDHI/UDL value mismatch during SMS message parsing, enabling network-level attacks without user interaction. No public exploit identified at time of analysis.

Memory Corruption Buffer Overflow Samsung
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-52909 CRITICAL Act Now

Buffer overflow in Samsung Exynos Wi-Fi drivers (980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, W1000) allows unauthenticated remote attackers to execute arbitrary code with high integrity/confidentiality impact through malformed NL80211 vendor command ioctl messages. Improper input validation enables network-accessible exploitation without user interaction. CVSS 9.8 critical severity. No public exploit identified at time of analysis.

Buffer Overflow Samsung
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-4277 CRITICAL PATCH GHSA Act Now

Unauthenticated attackers can bypass add permissions in Django GenericInlineModelAdmin (versions 6.0 <6.0.4, 5.2 <5.2.13, 4.2 <4.2.30) by submitting forged POST data to inline model forms. Permission checks fail to validate creation rights on inline model instances, enabling unauthorized database record insertion with network access alone. CVSS 9.8 critical severity reflects complete confidentiality, integrity, and availability impact. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.01%).

Authentication Bypass Python Red Hat Suse
NVD VulDB HeroDevs
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31789 CRITICAL PATCH CISA Act Now

Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID) which are being converted to hex, the size of the buffer needed for the result is calculated as multiplication of the input length by 3. On 32 bit platforms, this multiplication may overflow resulting in the allocation of a smaller buffer and a heap buffer overflow. Applications and services that print or log contents of untrusted X.509 certificates are vulnerable to this issue. As the certificates would have to have sizes of over 1 Gigabyte, printing or logging such certificates is a fairly unlikely operation and only 32 bit platforms are affected, this issue was assigned Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

Memory Corruption OpenSSL Buffer Overflow RCE
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-52908 CRITICAL Act Now

Buffer overflow in Samsung Exynos Wi-Fi driver (980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, W1000) allows unauthenticated remote code execution via malformed NL80211 vendor command ioctl message. Incorrect handling of vendor-specific wireless configuration commands enables network-based memory corruption. CVSS 9.8 critical severity reflects network attack vector requiring no authentication or user interaction. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.01%).

Buffer Overflow Samsung
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-39397 CRITICAL PATCH GHSA Act Now

Access control bypass in PayloadCMS Puck plugin (delmaredigital/payload-puck) versions prior to 0.6.23 allows unauthenticated remote attackers to perform unauthorized CRUD operations on all Puck-managed content collections. The vulnerability stems from hardcoded overrideAccess: true in API endpoint handlers, completely circumventing collection-level access controls that developers implemented. With CVSS 9.4 (critical severity), CVSS vector PR:N confirms no authentication required, and AC:L indicates trivial exploitation. No CISA KEV listing or public exploit identified at time of analysis, but the vulnerability is straightforward to exploit given the network-accessible API endpoints and complete access control failure.

Authentication Bypass Payload Puck
NVD GitHub VulDB
CVSS 3.1
9.4
EPSS
0.0%
CVE-2026-39342 CRITICAL PATCH Act Now

SQL injection in ChurchCRM's QueryView.php allows authenticated users with Data/Reports access to execute arbitrary SQL commands via the searchwhat parameter when using QueryID=15 (Advanced Search). Affects all versions prior to 7.1.0. CVSS 9.4 critical severity reflects network-accessible attack requiring low privileges with high impact across confidentiality, integrity, and availability. EPSS data not available; no confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis. Vendor-released patch available in version 7.1.0.

PHP SQLi
NVD GitHub
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-34078 CRITICAL PATCH Act Now

Sandbox escape in Flatpak versions prior to 1.16.4 allows applications to access arbitrary host filesystem paths and achieve host-level code execution through symlink manipulation in portal sandbox-expose options. The vulnerability requires no authentication (CVSS:4.0 PR:N) and is exploitable over the network with low complexity. No confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis, though the attack primitive is clearly documented in the vendor advisory.

RCE Flatpak
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-39382 CRITICAL Act Now

Command injection in dbt-labs/actions workflow allows remote code execution via malicious GitHub issue comments. Unauthenticated attackers can inject arbitrary shell commands through unescaped comment-body output in the open-issue-in-repo.yml reusable workflow, affecting dbt-core infrastructure. The vulnerability exists in GitHub Actions workflows where attacker-controlled comment text is interpolated directly into bash if statements without sanitization. Fixed in commit bbed8d28, no public exploit identified at time of analysis, but EPSS scoring and CVSS 9.3 indicate critical severity with network attack vector requiring no privileges.

Command Injection Dbt Core
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-39324 CRITICAL PATCH GHSA Act Now

Session authentication bypass in Rack::Session::Cookie 2.0.0 through 2.1.1 allows unauthenticated remote attackers to forge valid session cookies and gain unauthorized access. When configured with secrets, the implementation incorrectly falls back to a default decoder on decryption failures rather than rejecting malformed cookies, enabling attackers to manipulate session state without any secret knowledge. CVSS 9.3 (Critical) with network attack vector, low complexity, and no privileges required. No public exploit or active exploitation (CISA KEV) identified at time of analysis, though the simplicity of the attack vector (AC:L, PR:N) suggests exploitation is straightforward once the vulnerability is understood.

Authentication Bypass Suse
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-35614 CRITICAL PATCH Act Now

SQL injection in Frappe's bulk_update function enables unauthenticated remote attackers to execute arbitrary SQL commands, potentially achieving complete database compromise including data exfiltration, modification, and deletion. Affects Frappe versions prior to 16.14.0 and 15.104.0. CVSS 9.3 (Critical) reflects network-accessible attack requiring no authentication or user interaction. No public exploit identified at time of analysis, though the attack surface (bulk update API endpoint) and vulnerability class (SQL injection) are well-understood by attackers.

SQLi Frappe
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-34580 CRITICAL PATCH Act Now

Certificate validation bypass in Botan 3.11.0 allows unauthenticated remote attackers to impersonate trusted certificate authorities by presenting end-entity certificates with matching Distinguished Names and subject key identifiers. The flaw in Certificate_Store::certificate_known incorrectly accepts malicious certificates as trusted roots without verifying actual certificate identity, enabling complete TLS/PKI chain validation bypass. This affects only version 3.11.0 and is fixed in 3.11.1. EPSS data not available; no public exploit identified at time of analysis, though the attack vector is network-accessible with low complexity (CVSS:4.0 AV:N/AC:L/PR:N).

Information Disclosure Botan
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-39666 CRITICAL PATCH Act Now

Local privilege escalation in Checkmk allows site users with high privileges to escalate to root by manipulating site context files processed by the root-executed 'omd' administrative command. Affects Checkmk 2.2.0 (EOL), 2.3.0 before p46, 2.4.0 before p25, and 2.5.0 beta before b3. No public exploit identified at time of analysis. CVSS 9.3 reflects total technical impact, but SSVC assessment indicates non-automatable exploitation requiring existing high-privilege access, tempering the real-world urgency for organizations with strict site user access controls.

Privilege Escalation Checkmk
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-39322 CRITICAL Act Now

Authentication bypass in PolarLearn ≤0-PRERELEASE-15 allows unauthenticated remote attackers to gain authenticated session access as banned users without password verification. The flaw enables complete account takeover and unauthorized data access through a session generation vulnerability in the /api/v1/auth/sign-in endpoint. CVSS 9.2 (Critical) reflects network-based attack with low complexity and no authentication required. No public exploit identified at time of analysis, but exploitation is straightforward given the authentication bypass mechanism.

Authentication Bypass Polarlearn
NVD GitHub
CVSS 4.0
9.2
EPSS
0.0%
CVE-2026-35573 CRITICAL PATCH Act Now

Remote code execution in ChurchCRM versions prior to 6.5.3 allows authenticated administrators to upload malicious files via path traversal in the backup restore functionality, overwriting Apache .htaccess files to execute arbitrary code. The vulnerability exploits unsanitized user input in RestoreJob.php, enabling attackers with high-privilege access to bypass intended upload restrictions. No public exploit identified at time of analysis, though CVSS 9.1 reflects the critical impact of complete system compromise through changed security scope.

RCE PHP Path Traversal Apache
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-34045 CRITICAL PATCH Act Now

Denial-of-service and information disclosure in Podman Desktop prior to 1.26.2 stem from an unauthenticated HTTP server that any network attacker can reach without credentials or user interaction. By abusing missing connection limits and timeouts, an attacker exhausts file descriptors and kernel memory to crash the application or freeze the entire host, while verbose error responses leak internal filesystem paths and system details (including Windows usernames). SSVC marks exploitation as proof-of-concept and automatable; publicly available exploit code exists, but EPSS probability is low (0.06%, 19th percentile).

Kubernetes Information Disclosure Microsoft Podman Desktop
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-71058 CRITICAL Act Now

DNS cache poisoning vulnerability in Dual DHCP DNS Server 8.01 allows unauthenticated remote attackers to inject forged DNS responses by exploiting improper source validation. The server accepts UDP responses matched only by transaction ID without verifying originating upstream DNS server, enabling attackers to poison the cache and redirect victims to malicious destinations. No public exploit identified at time of analysis. CVSS 9.1 (Critical) reflects network-accessible attack requiring no privileges or user interaction.

RCE Code Injection
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-39847 CRITICAL PATCH GHSA Act Now

Path traversal in Emmett Python web framework versions 2.5.0 through 2.8.0 allows remote unauthenticated attackers to read arbitrary server files via crafted requests to the /__emmett__ static asset handler. Attackers can exfiltrate sensitive data including source code, configuration files, and credentials by exploiting improper path validation in the RSGI static handler. EPSS score of 0.05% (16th percentile) indicates low observed exploitation likelihood despite critical CVSS 9.1 rating. No public exploit code or CISA KEV listing identified at time of analysis.

Python Path Traversal
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-69515 CRITICAL Act Now

GPS spoofing vulnerability in JXL 9 Inch Car Android Double Din Player (Android 12.0) allows unauthenticated remote attackers to inject falsified GPS signals that the infotainment system accepts as legitimate, forcing incorrect or static location reporting. Exploitation requires no user interaction and achieves high integrity and availability impact through manipulation of navigation data. No public exploit identified at time of analysis. CVSS 9.1 reflects network-accessible attack vector with low complexity.

Google Information Disclosure N A
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-35580 CRITICAL PATCH GHSA Act Now

{{ }} expression syntax in workflow files to inject malicious shell commands, enabling repository poisoning and supply chain attacks affecting downstream users. CVSS 9.1 (Critical) with Changed scope indicates potential to compromise beyond the vulnerable component. No public exploit code or CISA KEV listing identified at time of analysis, though exploitation requires only repository write access with low attack complexity.

Command Injection Suse
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-39846 CRITICAL PATCH GHSA Act Now

Remote code execution in SiYuan desktop client (Electron-based) versions prior to 3.6.4 allows authenticated attackers to execute arbitrary code on victim systems via malicious notes propagated through workspace sync. Stored XSS in table caption fields escalates to RCE due to nodeIntegration enabled and contextIsolation disabled in Electron renderer. CVSS 9.0 (Critical) with scope change indicates escape from browser context. No active exploitation confirmed (not in CISA KEV). EPSS score 0.14% suggests low current exploitation probability. Vendor-released patch: version 3.6.4.

XSS Node.js RCE
NVD GitHub
CVSS 3.1
9.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy