Skip to main content
CVE-2026-4149 CRITICAL Act Now

Remote code execution in Sonos Era 300 smart speakers (build 17.5/91.0-70070) allows unauthenticated network attackers to execute arbitrary kernel-level code via malformed SMB server responses. The vulnerability achieves maximum CVSS 10.0 severity due to network accessibility without authentication, low complexity, and kernel-level code execution with scope change. EPSS indicates 1.27% exploitation probability (80th percentile), suggesting moderate real-world risk. No active exploitation confirmed at time of analysis, though ZDI publication increases weaponization likelihood.

RCE Buffer Overflow Era 300
NVD VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2026-5059 CRITICAL GHSA Act Now

Remote code execution in aws-mcp-server 1.3.0 allows unauthenticated attackers to execute arbitrary commands via command injection in the allowed commands list handler. The vulnerability stems from improper validation of user-supplied strings before system call execution, enabling attackers to run code in the MCP server context with no authentication required. EPSS score of 1.01% (77th percentile) indicates low observed exploitation probability; no public exploit identified at time of analysis.

RCE Command Injection Aws Mcp Server
NVD VulDB
CVSS 3.0
9.8
EPSS
1.0%
CVE-2026-5058 CRITICAL Act Now

Remote code execution in aws-mcp-server 1.3.0 allows unauthenticated attackers to execute arbitrary commands via improper validation of the allowed commands list. The command injection flaw (CWE-78) enables system call execution without authentication barriers. With a CVSS score of 9.8 (critical severity) and EPSS probability of 1.01% (77th percentile), this represents a high-severity vulnerability with moderate real-world exploitation likelihood. No public exploit identified at time of analysis, and no active exploitation confirmed.

RCE Command Injection Aws Mcp Server
NVD VulDB
CVSS 3.0
9.8
EPSS
1.0%
CVE-2026-31845 CRITICAL Act Now

Reflected cross-site scripting (XSS) in Rukovoditel CRM 3.6.4's Zadarma telephony API endpoint allows remote attackers to execute arbitrary JavaScript in victim browsers without authentication. The vulnerability stems from direct reflection of the 'zd_echo' GET parameter without sanitization. With CVSS 9.3 (Critical), changed scope (S:C), and no authentication required (PR:N), this enables session hijacking and account takeover via malicious links. No public exploit identified at time of analysis, though proof-of-concept is trivial given the code-level disclosure. EPSS data not available.

XSS PHP
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy