Skip to main content
CVE-2026-39912 CRITICAL POC PATCH Act Now

Authentication bypass in V2Board 1.6.1-1.7.4 and Xboard ≤0.1.9 enables unauthenticated account takeover including admin privileges. When login_with_mail_link_enable is active, attackers POST known email addresses to the loginWithMailLink endpoint, receiving full authentication URLs in HTTP responses. Tokens extracted from these URLs are exchanged at token2Login for valid bearer tokens granting complete account access. Publicly available exploit code exists. CVSS 9.1 critical severity reflects network-accessible attack with no user interaction required.

Information Disclosure Microsoft V2Board Xboard
NVD GitHub
CVSS 4.0
9.1
EPSS
0.1%
CVE-2026-5978 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the 'mode' parameter in the setWiFiAclRules function (/cgi-bin/cstecgi.cgi). Publicly available exploit code exists. Attackers can achieve complete device compromise with high impact to confidentiality, integrity, and availability of the router. No authentication required for exploitation (CVSS PR:N).

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-5977 HIGH POC This Week

Remote OS command injection in Totolink A7100RU firmware 7.4cu.2313_b20191024 allows unauthenticated attackers to execute arbitrary system commands via the wifiOff parameter in the setWiFiBasicCfg function of /cgi-bin/cstecgi.cgi. This vulnerability enables complete device compromise with high impact to confidentiality, integrity, and availability. Publicly available exploit code exists. No CISA KEV listing identified at time of analysis.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-5976 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via crafted sambaEnabled parameter in setStorageCfg function of /cgi-bin/cstecgi.cgi CGI handler. Publicly available exploit code exists. Network-reachable attack vector requires no user interaction, enabling full system compromise of affected routers.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-5975 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the wanIdx parameter in the setDmzCfg function within /cgi-bin/cstecgi.cgi. CVSS 8.9 (Critical) with attack complexity low, no privileges required, and no user interaction. Publicly available exploit code exists. Exploitation enables complete compromise of device confidentiality, integrity, and availability with total technical impact.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-5853 HIGH POC This Week

OS command injection in Totolink A7100RU router version 7.4cu.2313_b20191024 enables unauthenticated remote attackers to execute arbitrary system commands via crafted addrPrefixLen parameter in setIpv6LanCfg function of /cgi-bin/cstecgi.cgi CGI handler. CVSS 9.8 critical severity reflects network-accessible attack vector requiring no privileges or user interaction, with complete confidentiality, integrity, and availability impact. Publicly available exploit code exists.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-5852 HIGH POC This Week

Unauthenticated remote OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 enables complete system compromise via the setIptvCfg function in /cgi-bin/cstecgi.cgi. Attackers inject malicious commands through the igmpVer parameter without authentication, achieving arbitrary code execution with router privileges. CVSS 9.8 (Critical). Publicly available exploit code exists. No authentication, network-accessible attack vector with low complexity allows immediate weaponization for botnet recruitment, credential theft, or lateral network movement.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-5851 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the 'enable' parameter in setUPnPCfg function within /cgi-bin/cstecgi.cgi. Publicly available exploit code exists. No vendor-released patch identified at time of analysis. CVSS 8.9 (Critical) reflects network-accessible attack requiring no user interaction.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-5850 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the pptpPassThru parameter in setVpnPassCfg function of /cgi-bin/cstecgi.cgi. Exploitation requires no user interaction and achieves full system compromise (confidentiality, integrity, availability). Publicly available exploit code exists. Attack vector is network-accessible without authentication (CVSS 8.9 Critical).

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-5854 HIGH POC This Week

OS command injection in Totolink A7100RU router 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the 'merge' parameter in setWiFiEasyCfg function within /cgi-bin/cstecgi.cgi. CVSS 9.8 critical severity. Publicly available exploit code exists. Attack requires no authentication or user interaction, enabling complete system compromise including data exfiltration, configuration tampering, and denial of service.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.2%
CVE-2023-54359 HIGH POC This Week

WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Denial Of Service WordPress
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-29146 HIGH POC PATCH GHSA This Week

Padding oracle attack in Apache Tomcat EncryptInterceptor leaks encrypted session data confidentiality across versions 7.0.100-7.0.109, 8.5.38-8.5.100, 9.0.13-9.0.115, 10.0.0-M1-10.1.52, and 11.0.0-M1-11.0.18 when default configuration is deployed. Unauthenticated remote attackers exploit oracle responses to decrypt sensitive information without authentication (CVSS:3.1 AV:N/AC:L/PR:N). CWE-209 (information exposure through error messages) enables cryptographic side-channel extraction. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.02%).

Apache Oracle Information Disclosure Tomcat Apache Tomcat
NVD VulDB HeroDevs GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34486 HIGH POC PATCH GHSA This Week

Encryption bypass in Apache Tomcat 11.0.20, 10.1.53, and 9.0.116 allows unauthenticated remote attackers to circumvent the EncryptInterceptor component, exposing sensitive data in cleartext. The vulnerability stems from an incomplete fix for CVE-2026-29146, enabling network-accessible adversaries to access confidential information without authentication. CVSS 7.5 (High severity) reflects network-based exploitation with low complexity and high confidentiality impact. No public exploit identified at time of analysis; low observed exploitation activity (EPSS <1%).

Apache Information Disclosure Tomcat Apache Tomcat
NVD VulDB HeroDevs
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-5989 HIGH POC This Week

Stack-based buffer overflow in Tenda F451 wireless router firmware 1.0.0.7 allows authenticated remote attackers to execute arbitrary code via crafted page parameter to fromRouteStatic function in /goform/RouteStatic endpoint. Attack requires low-privilege authenticated access to web management interface with no user interaction. Publicly available exploit code exists. Exploitation yields complete compromise of router confidentiality, integrity, and availability.

Buffer Overflow Tenda Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5830 HIGH POC This Week

Stack-based buffer overflow in Tenda AC15 router firmware 15.03.05.18 websGetVar function allows authenticated remote attackers to execute arbitrary code with high impact to confidentiality, integrity, and availability. The vulnerability resides in /goform/SysToolChangePwd endpoint where manipulation of oldPwd, newPwd, or cfmPwd parameters triggers memory corruption. Publicly available exploit code exists. Exploitation requires low-privilege authenticated access but no user interaction, making it readily exploitable once credentials are obtained.

Tenda Buffer Overflow Stack Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5982 HIGH POC Monitor

Buffer overflow in D-Link DIR-605L 2.13B01 wireless router enables remote authenticated attackers to achieve arbitrary code execution via crafted POST requests to /goform/formAdvNetwork endpoint. Exploitation manipulates the curTime parameter in the formAdvNetwork function, triggering memory corruption. This end-of-life device receives no vendor support; publicly available exploit code exists. Affected hardware presents elevated risk in legacy network environments where administrative credentials may be compromised.

D-Link Buffer Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5981 HIGH POC Monitor

Buffer overflow in D-Link DIR-605L 2.13B01 wireless router enables remote authenticated attackers to execute arbitrary code via the formAdvFirewall function in POST request handler. Exploitation occurs through manipulation of the curTime parameter in /goform/formAdvFirewall endpoint. Publicly available exploit code exists. This end-of-life product receives no vendor security support, requiring immediate device replacement for affected deployments.

D-Link Buffer Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5979 HIGH POC Monitor

Buffer overflow in D-Link DIR-605L 2.13B01 router allows authenticated remote attackers to achieve code execution through malicious curTime parameter in formVirtualServ function via POST request to /goform/formVirtualServ endpoint. Affects end-of-life product with no vendor support. Publicly available exploit code exists. Attack requires low-privilege authentication but no user interaction, enabling remote compromise of device confidentiality and integrity.

D-Link Buffer Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5844 HIGH POC Monitor

OS command injection in D-Link DIR-882 router (firmware 1.01B02) allows authenticated remote attackers to execute arbitrary system commands via malicious IPAddress parameter to prog.cgi HNAP1 SetNetworkSettings handler. Requires high privileges (PR:H) but achieves full system compromise (CVSS 7.3). Publicly available exploit code exists. Product discontinued; vendor no longer provides security updates.

D-Link Command Injection
NVD VulDB
CVSS 4.0
7.3
EPSS
0.2%
CVE-2025-13926 CRITICAL CISA Monitor

Session token exposure in Contemporary Controls BASControl20 3.1 building automation controller enables unauthenticated remote attackers to forge authenticated requests via network traffic interception. Exploitation requires attacker ability to sniff network traffic containing authentication credentials, which can then be replayed to execute arbitrary commands with full system privileges. Classified as CWE-807 (untrusted input reliance), this vulnerability permits complete compromise of controller confidentiality, integrity, and availability without user interaction. No public exploit identified at time of analysis.

Information Disclosure Bascontrol20
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-4436 HIGH CISA Act Now

Unauthenticated remote attackers can manipulate Modbus register inputs in GPL Odorizers GPL750 industrial control systems (XL4, XL4 Prime, XL7, XL7 Prime variants across versions 1.0-20.0), causing incorrect odorant injection volumes into natural gas distribution pipelines. Authentication bypass (CWE-306) via network-accessible Modbus interface permits direct register value tampering without credential validation, enabling safety-critical process manipulation. No public exploit identified at time of analysis.

Authentication Bypass Gpl750 Xl4 Gpl750 Xl4 Prime Gpl Odorizers Gpl750 Xl7 Gpl Odorizers Gpl750 Xl7 Prime
NVD GitHub
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-62718 MEDIUM POC PATCH GHSA MAL This Month

Hostname normalization bypass in Axios (JavaScript HTTP client) versions prior to 1.15.0 allows unauthenticated remote attackers to circumvent NO_PROXY configuration rules and force HTTP requests through configured proxies. Attackers can exploit malformed loopback addresses (localhost. with trailing dot, [::1] IPv6 literals) to bypass proxy restrictions and conduct Server-Side Request Forgery (SSRF) attacks against protected internal services. Publicly available exploit code exists. Affects all Axios implementations in Node.js and browser environments with NO_PROXY configurations.

SSRF Node.js Axios
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-40089 CRITICAL Act Now

Server-Side Request Forgery in Sonicverse Radio Audio Streaming Stack dashboard API client allows authenticated operators to perform arbitrary HTTP requests from the backend server to internal or external targets. Affects Docker Compose deployments installed via the provided install.sh script, including one-liner installations. Attacker can exploit insufficient URL validation in apps/dashboard/lib/api.ts to access internal services, exfiltrate sensitive data from cloud metadata endpoints, or pivot to restricted network segments. CVSS 9.9 critical severity with changed scope indicates potential for significant cross-boundary impact. No public exploit identified at time of analysis.

Docker SSRF
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-1830 CRITICAL POC Act Now

Remote code execution in Quick Playground plugin for WordPress (all versions through 1.3.1) allows unauthenticated attackers to execute arbitrary PHP code on the server. Vulnerability stems from insufficient authorization on REST API endpoints that expose a sync code and permit unrestricted file uploads. Attackers can retrieve the sync code via unsecured endpoints, upload malicious PHP files using path traversal techniques, and achieve full server compromise without authentication. CVSS 9.8 critical severity. No public exploit identified at time of analysis.

WordPress PHP RCE Path Traversal Authentication Bypass
NVD VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-5442 CRITICAL Act Now

Heap buffer overflow in Orthanc DICOM Server (versions ≤1.12.10) allows unauthenticated remote code execution via malformed DICOM images. Attackers exploit integer overflow during frame size calculation by submitting DICOM files with dimension fields encoded as Unsigned Long (UL) instead of Unsigned Short (US), causing out-of-bounds memory access during image decoding. CVSS 9.8 (Critical) with network-accessible attack vector requiring no authentication or user interaction. EPSS score 2% (percentile 4%) suggests low observed exploitation probability despite critical severity. No confirmed active exploitation (not in CISA KEV) and no public exploit code identified at time of analysis.

Buffer Overflow Memory Corruption Dicom Server
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-5443 CRITICAL Act Now

Heap buffer overflow in Orthanc DICOM Server ≤1.12.10 allows unauthenticated remote attackers to achieve arbitrary code execution by sending specially crafted PALETTE COLOR DICOM images. The flaw stems from integer overflow during 32-bit width×height multiplication in pixel length validation, causing bounds checks to incorrectly pass and enabling out-of-bounds memory read/write operations. CVSS 9.8 critical severity with network attack vector requiring no privileges or user interaction. EPSS exp

Buffer Overflow Memory Corruption Dicom Server
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31170 CRITICAL Act Now

Command injection in ToToLink A3300R router firmware v17.0.0cu.557_B20221024 enables unauthenticated remote attackers to execute arbitrary OS commands via the stun-pass parameter in /cgi-bin/cstecgi.cgi endpoint. No public exploit identified at time of analysis, despite GitHub vulnerability disclosure repository. CVSS 9.8 (Critical) reflects trivial network-based exploitation without authentication, though EPSS probability remains low (0.01%, 2nd percentile), suggesting limited current attacker interest in this specific router model despite maximum severity rating.

Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-5973 MEDIUM POC PATCH GHSA This Month

Remote command injection in FoundationAgents MetaGPT versions 0.8.0 and 0.8.1 via the get_mime_type function in metagpt/utils/common.py allows unauthenticated attackers to execute arbitrary OS commands over the network with low complexity. Publicly available exploit code exists, and a patch pull request has been submitted but not yet merged by the vendor, creating an active vulnerability window for deployed instances.

Command Injection Metagpt
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.8%
CVE-2026-5972 MEDIUM POC PATCH This Month

Remote code execution in FoundationAgents MetaGPT up to version 0.8.1 allows unauthenticated attackers to execute arbitrary OS commands via improper input validation in the Terminal.run_command function. The vulnerability exploits command injection in metagpt/tools/libs/terminal.py and has publicly available exploit code; patch commit d04ffc8dc67903e8b327f78ec121df5e190ffc7b is available from the vendor.

Command Injection Metagpt
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.8%
CVE-2026-5849 MEDIUM POC This Month

Path traversal in Tenda i12 router firmware 1.0.0.11(3862) allows unauthenticated remote attackers to read, modify, or delete arbitrary files via malicious HTTP requests to an unidentified handler component. The vulnerability enables unauthorized access to the filesystem with low integrity and confidentiality impact. Publicly available exploit code exists, increasing the likelihood of opportunistic attacks against exposed devices.

Tenda Path Traversal
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-5841 MEDIUM POC This Month

Path traversal vulnerability in Tenda i3 router firmware version 1.0.0.6(2204) allows unauthenticated remote attackers to access arbitrary files via manipulation of the R7WebsSecurityHandler HTTP handler component. The vulnerability has a CVSS score of 6.9 (low confidentiality and integrity impact), publicly available exploit code exists, and exploitation requires only network access with no user interaction.

Tenda Path Traversal
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-5962 MEDIUM POC This Month

Remote path traversal in Tenda CH22 1.0.0.6(468) httpd component allows unauthenticated attackers to access arbitrary files via the R7WebsSecurityHandlerfunction, with publicly available exploit code and a CVSS score of 6.9 indicating moderate real-world risk despite the low scope of impact (information disclosure only).

Path Traversal Tenda
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-5971 MEDIUM POC This Month

Remote code injection in FoundationAgents MetaGPT up to version 0.8.1 allows unauthenticated attackers to execute arbitrary code via improper neutralization of directives in the ActionNode.xml_fill XML handler function. The vulnerability has publicly available exploit code and affects the dynamic code evaluation mechanism in metagpt/actions/action_node.py, enabling attackers to manipulate XML input for code injection with low complexity and no authentication required.

Information Disclosure Code Injection Metagpt
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-5970 MEDIUM POC PATCH This Month

Code injection in FoundationAgents MetaGPT versions up to 0.8.1 allows unauthenticated remote attackers to execute arbitrary code through the check_solution function in HumanEvalBenchmark and MBPPBenchmark components. The vulnerability requires no user interaction and enables unauthorized access, data modification, and service disruption. Publicly available exploit code exists, disclosed via GitHub issue #1942. Vendor has not responded to early disclosure via pull request #1988 at time of analysis.

RCE Code Injection Metagpt
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-5832 MEDIUM POC This Month

Server-Side Request Forgery (SSRF) in atototo api-lab-mcp versions up to 0.2.1 allows unauthenticated remote attackers to manipulate source/url parameters in analyze_api_spec, generate_test_scenarios, and test_http_endpoint functions within the HTTP interface (http-server.ts). Exploitation permits unauthorized requests to internal or external resources, potentially exposing sensitive data, bypassing access controls, or conducting port scanning. Publicly available exploit code exists. Vendor has not responded to early disclosure (GitHub issue #4).

SSRF Api Lab Mcp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5842 MEDIUM POC PATCH This Month

Remote authorization bypass in decolua 9router up to version 0.3.47 allows unauthenticated network attackers to access the Administrative API Endpoint (/api) without proper credentials, potentially exposing sensitive functionality. The vulnerability has publicly available exploit code and vendor-released patch version 0.3.75 is available, reducing real-world risk for patched deployments but creating urgency for unpatched instances given active public disclosures.

Authentication Bypass 9Router
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5985 MEDIUM POC This Month

SQL injection in code-projects Simple IT Discussion Forum 1.0 via /crud.php allows unauthenticated remote attackers to extract, modify, or delete database content through the user_Id parameter. The vulnerability permits unauthorized data access and integrity compromise with publicly available exploit code. No CISA KEV listing exists, but exploit code is publicly available.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5961 MEDIUM POC This Month

SQL injection in code-projects Simple IT Discussion Forum 1.0 allows unauthenticated remote attackers to execute arbitrary SQL queries via the post_id parameter in /topic-details.php. Successful exploitation enables unauthorized database access, data manipulation, and potential information disclosure. Publicly available exploit code exists. The CVSS vector indicates network-based attack with low complexity, no authentication required, enabling compromise of confidentiality, integrity, and availability at low impact levels across all vectors.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5837 MEDIUM POC This Month

SQL injection in PHPGurukul News Portal Project 4.1 allows unauthenticated remote attackers to extract, modify, or delete database contents through the Comment parameter in /news-details.php. CVSS 7.3 severity with network-accessible attack vector requiring no authentication or user interaction. Publicly available exploit code exists. Attackers can compromise confidentiality, integrity, and availability of application data through crafted SQL payloads in comment submission functionality.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5829 MEDIUM POC This Month

SQL injection in code-projects Simple IT Discussion Forum 1.0 allows unauthenticated remote attackers to extract, modify, or delete database records via the post_id parameter in /pages/content.php. Publicly available exploit code exists. The vulnerability enables unauthorized database access with low complexity, requiring no user interaction. Attack achieves limited confidentiality, integrity, and availability impact across the vulnerable application.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5828 MEDIUM POC This Month

SQL injection in Simple IT Discussion Forum 1.0 allows unauthenticated remote attackers to extract, modify, or delete database records via crafted postid parameter in /functions/addcomment.php. Publicly available exploit code exists. CVSS 7.3 indicates network-accessible attack requiring no user interaction, achieving partial confidentiality, integrity, and availability impact. Vulnerability disclosed with proof-of-concept on GitHub.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5827 MEDIUM POC This Month

SQL injection in Simple IT Discussion Forum 1.0 allows unauthenticated remote attackers to execute arbitrary SQL commands via the 'content' parameter in /question-function.php, enabling unauthorized database access, data exfiltration, and potential manipulation of stored records. Publicly available exploit code exists. CVSS 7.3 (High) reflects network-accessible attack vector with no authentication required, compromising confidentiality, integrity, and availability at low impact levels.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-34424 CRITICAL Act Now

Supply chain compromise in Smart Slider 3 Pro 3.5.1.35 for WordPress and Joomla delivers multi-stage remote access toolkit via compromised update mechanism. Unauthenticated attackers achieve pre-authentication remote code execution through malicious HTTP headers, deploy authenticated backdoors accepting arbitrary PHP/OS commands, create hidden administrator accounts, exfiltrate credentials and API keys, and establish persistence via must-use plugins and core file modifications. Vendor confirmed malicious build distributed through official update channel. No public exploit identified at time of analysis.

RCE WordPress PHP
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-33784 CRITICAL PATCH Act Now

Full device takeover in Juniper Networks Support Insights Virtual Lightweight Collector (vLWC) before 3.0.94 via hardcoded default credentials. The vLWC software ships with an unchangeable initial password for a high-privileged account with no enforced password change during provisioning, enabling unauthenticated remote attackers to gain complete system control. CVSS v4.0 score 9.3 (Critical). No public exploit identified at time of analysis.

Authentication Bypass Juniper Virtual Lightweight Collector
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-5194 CRITICAL POC PATCH Act Now

ECDSA signature verification in wolfSSL 3.12.0 through 5.9.0 accepts cryptographically weak digest sizes below protocol-mandated minimums, enabling authentication bypass when attackers possess the public CA key. Authenticated network attackers can exploit this to compromise confidentiality and integrity of certificate-based sessions. Vulnerability arises specifically when EdDSA or ML-DSA algorithms are concurrently enabled alongside ECDSA/ECC verification. No public exploit identified at time of analysis.

Information Disclosure Red Hat
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-40151 MEDIUM POC PATCH GHSA This Month

PraisonAI AgentOS prior to version 4.5.128 exposes agent metadata including names, roles, and system instruction snippets via an unauthenticated GET /api/agents endpoint accessible from any network origin due to missing authentication middleware and permissive CORS defaults. This information disclosure vulnerability allows remote attackers to enumerate agent configurations without credentials, potentially revealing sensitive operational details that could inform social engineering or reconnaissance attacks against multi-agent deployments.

Information Disclosure Praisonai
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-40154 CRITICAL PATCH GHSA Act Now

Remote code execution in PraisonAI multi-agent framework (versions prior to 4.5.128) allows unauthenticated attackers to execute arbitrary code via malicious template files fetched from remote sources. The framework downloads and executes template files without integrity verification, origin validation, or user confirmation, creating a supply chain attack vector. Attackers with network access can distribute weaponized templates that execute when retrieved by victims, achieving high confidentiality and integrity compromise with scope change. No public exploit identified at time of analysis.

Information Disclosure Praisonai
NVD GitHub
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-40111 CRITICAL PATCH GHSA Act Now

Command injection in PraisonAIAgents memory hooks executor allows authenticated local attackers to execute arbitrary shell commands through unsanitized user input passed to subprocess.run() with shell=True. Affects versions prior to 1.5.128. Two attack vectors exist: direct exploitation via hook configuration (pre_run_command/post_run_command) and automated exploitation through .praisonai/hooks.json lifecycle hooks (BEFORE_TOOL/AFTER_TOOL). Agent prompt injection enables persistent compromise by overwriting hooks.json, executing payloads silently at every lifecycle event without user interaction. No public exploit identified at time of analysis.

Command Injection Praisonaiagents
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-28205 CRITICAL Act Now

Authentication bypass in OpenPLC_V3 allows unauthenticated remote attackers to gain unauthorized system access through insecurely configured API endpoints. The vulnerability stems from insecure default resource initialization (CWE-1188), enabling complete circumvention of authentication mechanisms. Attackers can exploit this over the network with low attack complexity to achieve high confidentiality, integrity, and availability impact across vulnerable and subsequent systems. No public exploit identified at time of analysis.

Authentication Bypass Openplc V3
NVD
CVSS 4.0
9.2
EPSS
0.1%
CVE-2026-35556 CRITICAL Act Now

Plaintext credential storage in OpenPLC_V3 enables network-based attackers to retrieve authentication credentials without requiring prior authentication or user interaction, leading to complete system compromise. The CVSS v4.0 score of 9.2 reflects critical-severity risk from network-accessible credential exposure affecting confidentiality and integrity across all OpenPLC_V3 deployments. No public exploit identified at time of analysis.

Information Disclosure Openplc V3
NVD
CVSS 4.0
9.2
EPSS
0.0%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy