Unauthenticated directory traversal in Pro-Bit versions before 1.77.4 exposes sensitive directories and subdirectories to remote attackers without authentication. The vulnerability allows direct access to protected file system locations via network requests, enabling unauthorized information disclosure. EPSS score of 0.02% (6th percentile) indicates low observed exploitation probability in the wild, and no CISA KEV listing exists at time of analysis, suggesting limited active exploitation despite the CVSS 7.5 severity rating.
Denial of service in MERCURY MIPC252W IP camera firmware 1.0.5 Build 230306 Rel.79931n allows remote unauthenticated attackers to crash the device via malformed RTSP SETUP request. Exploitation triggers a null pointer dereference in the RTSP service during Transport header parsing, forcing an automatic reboot. EPSS score of 0.01% indicates very low observed exploitation probability, and no active exploitation or public proof-of-concept has been identified at time of analysis beyond the researcher's GitHub documentation.
A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences.
An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
OS command injection in Tenda HG3 router version 2.0 allows authenticated remote attackers to execute arbitrary commands with device privileges via the 'countrystr' parameter in /boaform/formCountrystr endpoint. Public exploit code exists (CVSS 4.0 E:P modifier confirms POC availability), enabling authenticated attackers to fully compromise router confidentiality, integrity, and availability. EPSS data unavailable; not currently in CISA KEV catalog, suggesting exploitation may be targeted rather than widespread despite public POC.
Buffer overflow in Tenda F456 router firmware version 1.0.0.5 allows authenticated remote attackers to achieve code execution via crafted requests to the /goform/WrlclientSet endpoint. The vulnerability exists in the fromWrlclientSet function of the httpd component. Public exploit code is available on GitHub, increasing practical exploitation risk despite requiring low-privilege authentication (CVSS 7.4, EPSS data not provided).
Buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to execute arbitrary code or crash the device via crafted HTTP requests to the /goform/Natlimit endpoint. Public exploit code exists on GitHub (Litengzheng/vuldb_new), demonstrating practical exploitability. EPSS data unavailable, but with POC published and AV:N/AC:L indicating straightforward network exploitation, this poses significant risk to internet-exposed router management interfaces with weak or default credentials.
Remote code execution in Tenda F456 router firmware 1.0.0.5 allows authenticated attackers to trigger buffer overflow via crafted mit_linktype parameter to /goform/QuickIndex endpoint in httpd service. Public exploit code exists on GitHub (Litengzheng/vuldb_new), enabling memory corruption with high impact to confidentiality, integrity, and availability. CVSS 7.4 reflects low attack complexity with network access requiring only low-privilege authentication. No vendor patch identified at time of analysis.
Remote authenticated attackers can execute arbitrary code on Tenda F456 router version 1.0.0.5 via buffer overflow in the DhcpListClient function of the httpd component. Exploitation requires low-privilege HTTP authentication and targets the web management interface. A public proof-of-concept exploit exists on GitHub (Litengzheng/vuldb_new), enabling straightforward weaponization. EPSS data unavailable, but the combination of remote attack vector, low complexity (AC:L), and publicly disclosed exploit code indicates elevated real-world exploitation risk for internet-exposed devices with default or weak credentials.
Remote authenticated buffer overflow in Tenda F456 1.0.0.5 httpd allows attackers to compromise router integrity and availability via crafted WrlExtraSet requests. Exploitation occurs through the formWrlExtraSet function when manipulating the 'Go' parameter at /goform/WrlExtraSet endpoint. Public exploit code is available on GitHub (Litengzheng/vuldb_new), enabling straightforward weaponization. CVSS 7.4 (High) with CVSS v4.0 Exploit Maturity: Proof-of-Concept confirms exploitability. While requiring low-privilege authentication (PR:L), the network attack vector (AV:N) and low complexity (AC:L) make this accessible to remote attackers with basic router credentials, commonly obtained via credential stuffing or default password exploitation.
Remote authenticated buffer overflow in Tenda F456 1.0.0.5 router allows complete device compromise via the DHCP server configuration handler. A low-privileged attacker can send a crafted HTTP request with malicious 'dips' parameter to /goform/GstDhcpSetSer, triggering a buffer overflow in the httpd service that enables arbitrary code execution with full system control. Public exploit code is available on GitHub (EPSS exploitation probability data not provided, not listed in CISA KEV at time of analysis).
Stack-based buffer overflow in D-Link DIR-825 firmware 3.00b32's nmbd NetBIOS service allows adjacent network attackers to achieve complete device compromise without authentication. Public exploit code exists (SSVC: POC confirmed), though EPSS probability remains low (0.03%, 7th percentile) indicating limited observed exploitation attempts. This vulnerability affects end-of-life hardware no longer receiving vendor security updates, creating permanent risk for deployed devices.
Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1
authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the primary group was manually changed via the `authctl group set-gid` command, and the user's identity provider record is updated, authd incorrectly resets the user's primary group ID to their UID upon next login. This causes newly created files and directories to be owned by the wrong group, causing denial of service issues, and potentially granting unintended access to other local users and allowing local privilege escalation.
Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/04/27. positories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new Follow @Openwall on Twitter for new release announcements and other news [<prev day] [month] [year] [list] oss-security mailing list - 2026/04/27 plasma-login-manager: Weaknesses in plasmaloginauthhelper (CVE-2026-25710) (Matthias Gerstner <mgerstner@...e.de>) 1 message Powered by blists - more mailing lists Please check out the Open Source Software Security Wiki , which is counterpart to this mailing list . Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guide
A race condition in WinFsp enables local privilege escalation to SYSTEM through kernel heap overflow. Authenticated local attackers with low privileges can exploit this timing vulnerability to corrupt kernel memory and execute code at the highest privilege level. Patch available in WinFsp v2.2B1 per vendor release notes. EPSS data not available; no CISA KEV listing indicates exploitation not yet confirmed in the wild, though the vulnerability affects a Windows kernel-mode driver used for file system development.
An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend. This issue affects pimcore: 12.3.3.