Skip to main content
CVE-2026-27760 CRITICAL POC PATCH Act Now

Remote code execution in OpenCATS installer allows unauthenticated attackers to inject and execute arbitrary PHP code by manipulating the AJAX endpoint's databaseConnectivity action parameter. The injected code persists in config.php and executes on every page load while the installation wizard remains incomplete. Publicly available exploit code demonstrates breakout from define() string context using quote and statement separator techniques. Patch available via GitHub commit 3002a29, though CVSS AC:H (high complexity) suggests exploitation requires specific timing or environmental conditions during installation phase.

PHP Code Injection RCE Opencats
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.1%
CVE-2026-7240 HIGH POC This Week

OS command injection in Totolink A8000RU firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to execute arbitrary system commands via the User parameter in the setVpnAccountCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (GitHub POC), enabling immediate weaponization. CVSS 8.9 with full impact on confidentiality, integrity, and availability. EPSS data unavailable; not currently in CISA KEV, but the combination of network accessibility, no authentication requirement, and public exploit makes this a critical risk for internet-facing devices.

Command Injection A8000Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-42167 HIGH POC PATCH This Week

mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).

SQLi RCE Proftpd
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-3893 CRITICAL PATCH CISA Act Now

Carlson Software VASCO-B GNSS receivers allow remote unauthenticated attackers to fully access and modify device configuration and operational functions due to complete absence of authentication controls (CWE-306). The network-accessible interface requires no credentials, enabling attackers to compromise device integrity and availability with low attack complexity. EPSS and KEV status not provided in available data; exploitation requires only network connectivity to the device management interface, typical in surveying and precision agriculture deployments where GNSS receivers may be exposed on operational networks.

Authentication Bypass Vasco B Gnss Receiver
NVD GitHub
CVSS 3.1
9.4
EPSS
0.1%
CVE-2026-7219 HIGH POC This Week

Buffer overflow in Totolink N300RT router firmware 3.4.0-B20250430 allows authenticated remote attackers with high-privilege administrative access to execute arbitrary code via crafted input to the entry_name parameter in /boafrm/formIpQoS. Public exploit code is available on GitHub demonstrating the vulnerability. EPSS data not provided, but the requirement for high-privilege authentication significantly limits real-world exploitation surface to scenarios where administrative credentials are already compromised.

Buffer Overflow N300Rt
NVD VulDB GitHub
CVSS 4.0
7.3
EPSS
0.1%
CVE-2026-7218 HIGH POC This Week

Buffer overflow in Totolink N300RT 3.4.0-B20250430 enables authenticated remote code execution via the WPS configuration handler. An attacker with administrative credentials (PR:H) can send a crafted localPin parameter to /boafrm/formWsc, overflowing a buffer in the is_cmd_string_valid function (libapmib.so) to execute arbitrary code with full system access (VC:H/VI:H/VA:H). Public proof-of-concept exploit code exists on GitHub (xiaohaiyang-ai/TOTOLINK-N300RT-Buffer-Overflow), increasing weaponization risk despite requiring privileged access. EPSS data not available; no CISA KEV listing indicates exploitation not yet widespread in wild attacks.

Buffer Overflow N300Rt
NVD VulDB GitHub
CVSS 4.0
7.3
EPSS
0.1%
CVE-2026-32644 CRITICAL CISA Emergency

Milesight AIOT cameras ship with hardcoded SSL private keys enabling remote man-in-the-middle attacks and credential interception. Remote unauthenticated attackers can decrypt TLS traffic, impersonate camera services, and potentially gain administrative access to affected devices. CISA ICS-CERT published advisory ICSA-26-113-03 for this industrial/IoT vulnerability affecting network-connected surveillance infrastructure.

Information Disclosure
NVD GitHub
CVSS 4.0
9.2
EPSS
0.0%
CVE-2026-20766 HIGH CISA Act Now

Out-of-bounds memory access in Milesight AIOT camera firmware enables remote attackers to achieve high-severity impacts on confidentiality, integrity, and availability when users interact with malicious content. CISA ICS-CERT has issued an advisory for this industrial IoT vulnerability. With network attack vector (AV:N) and low complexity (AC:L) but requiring user interaction (UI:A), the vulnerability presents significant risk to operational technology environments where these cameras are deployed for industrial surveillance and monitoring applications.

Buffer Overflow Heap Overflow
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-24178 CRITICAL PATCH GHSA Act Now

Authentication bypass in NVIDIA NVFlare Dashboard allows remote unauthenticated attackers to escalate privileges through user-controlled key manipulation in the authentication system. The vulnerability affects the NVIDIA Flare SDK and enables complete system compromise including arbitrary code execution, data tampering, information disclosure, and denial of service. With a CVSS score of 9.8 (critical severity) and maximum exploitability metrics (AV:N/AC:L/PR:N/UI:N), this represents a severe security flaw requiring immediate remediation, though no active exploitation (KEV) or public exploit code has been identified at time of analysis.

RCE Authentication Bypass Nvidia Information Disclosure Privilege Escalation +1
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-60889 CRITICAL Act Now

Remote code execution in StellarGroup HPX 1.11.0 allows unauthenticated attackers to execute arbitrary code through insecure deserialization of untrusted input. Publicly available exploit code exists (GitHub Gist POC) with CISA SSVC classifying this as automatable with total technical impact, though EPSS indicates only 2% probability of exploitation in the wild. The CWE-502 vulnerability enables complete system compromise when untrusted data is deserialized under specific deployment conditions not detailed in the description.

Deserialization RCE Hpx
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-41873 CRITICAL Monitor

HTTP request smuggling in Apache Pony Mail (Lua implementation) enables remote unauthenticated attackers to achieve complete admin account takeover with critical impact across confidentiality, integrity, and availability. This affects all versions of the retired Lua codebase - Apache has abandoned support with no patch planned, recommending migration to alternative solutions. CVSS 9.8 critical severity reflects trivial network-based exploitation requiring no authentication or user interaction.

Information Disclosure Python Request Smuggling
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-7220 MEDIUM POC This Month

OS command injection in jackwrichards FastlyMCP allows remote unauthenticated attackers to execute arbitrary system commands via manipulation of the command argument in the fastly_cli Tool component. The vulnerability exists in fastly-mcp.mjs and has been disclosed publicly with exploit code available, though the project operates on a rolling release model with no versioned releases and has not yet responded to early disclosure notifications.

Command Injection Fastlymcp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
1.0%
CVE-2026-7215 MEDIUM POC This Month

Remote command injection in egtai gmx-vmd-mcp through version 0.1.0 enables unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads into the structure_file or trajectory_file parameters of the VMD Launch Handler in mcp_server.py. A public proof-of-concept exploit exists (GitHub issue #2), significantly lowering the barrier to exploitation. The vendor has not responded to responsible disclosure attempts, leaving users without an official patch.

Command Injection Gmx Vmd Mcp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
1.0%
CVE-2026-27785 HIGH CISA Act Now

Hard-coded credentials in Milesight AIOT camera firmware allow adjacent network attackers to gain full system access without authentication. CISA ICS-CERT has published an advisory, indicating industrial/IoT deployment concern. The CVSS 7.7 score reflects adjacent network vector (AV:A) with low complexity (AC:L) and no authentication required (PR:N), enabling complete compromise of confidentiality, integrity, and availability on vulnerable devices. Firmware-level credential hardcoding (CWE-798) cannot be disabled through configuration changes, making patching critical for exposed industrial camera deployments.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-7321 CRITICAL PATCH Act Now

Sandbox escape in Mozilla Firefox's WebRTC networking component allows remote attackers to break out of browser process isolation and execute code outside the sandbox with high integrity and confidentiality impact. Firefox ESR 140.10.1 fixes this critical boundary condition flaw (CWE-120). User interaction is required (visiting a malicious site), but no authentication is needed. EPSS data not provided. Not listed in CISA KEV at time of analysis, indicating no confirmed widespread active exploitation.

Buffer Overflow Mozilla Suse Red Hat
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-7333 CRITICAL PATCH Act Now

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Use After Free Google Denial Of Service Red Hat +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-7237 MEDIUM POC PATCH This Month

Path traversal in AgiFlow scaffold-mcp's write-to-file tool allows remote unauthenticated attackers to read, write, or delete arbitrary files on the server by manipulating the file_path parameter. Versions up to 1.0.27 are affected. Public exploit code exists (GitHub issue #88), enabling attackers to bypass directory restrictions and access sensitive files or overwrite critical system files. CVSS 7.3 (High) with network attack vector and no authentication required. Vendor-released patch available in version 1.1.0 (commit c4d23592).

Path Traversal Scaffold Mcp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-7234 MEDIUM POC This Month

Path traversal in browser-operator-core versions up to 0.6.0 allows remote unauthenticated attackers to read, write, and potentially delete arbitrary files on the server by manipulating the request.url parameter in the startsWith function of server.js. Publicly available exploit code exists (GitHub issue #96), enabling trivial exploitation with no user interaction. CVSS 7.3 reflects network-exploitable attack with low impact across confidentiality, integrity, and availability. No vendor response or patch released despite early responsible disclosure via issue report. This is a critical supply chain risk for any systems running the affected BrowserOperator component server.

Path Traversal Browser Operator Core
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7216 MEDIUM POC This Month

Path traversal in processing-claude-mcp-bridge's create_sketch tool allows remote unauthenticated attackers to read, write, or delete arbitrary files on the server by manipulating the sketch_name parameter in processing_server.py. Public exploit code exists via GitHub issue #1, enabling straightforward attacks against exposed instances. EPSS data not available, but CVSS 7.3 (High) with network vector and no authentication requirements indicates significant risk for internet-facing deployments. Project maintainer has not responded to vulnerability disclosure, leaving no vendor-confirmed patch timeline.

Path Traversal Processing Claude Mcp Bridge
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7213 MEDIUM POC This Month

Path traversal in ef10007 MLOps_MCP 1.0.0 allows remote unauthenticated attackers to write files to arbitrary filesystem locations via manipulation of the filename/destination argument in the save_file tool of fastmcp_server.py. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification, leaving affected deployments without an official patch.

Path Traversal Mlops Mcp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7212 MEDIUM POC This Month

Path traversal in edvardlindelof notes-mcp up to version 0.1.4 allows remote unauthenticated attackers to read or manipulate files outside the intended directory by manipulating the root_dir or path arguments in notes_mcp.py. The vulnerability has a publicly available exploit and a CVSS score of 6.9, but the vendor has not responded to the early disclosure through issue tracking.

Path Traversal Notes Mcp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7235 MEDIUM POC This Month

Path traversal vulnerability in ErlichLiu claude-agent-sdk-master allows remote unauthenticated attackers to read arbitrary files by manipulating the outputFile parameter in app/api/agent-output/route.ts. The vulnerability has a CVSS score of 5.3 (low integrity impact) and publicly available exploit code exists, though the project uses rolling releases and the maintainer has not yet responded to disclosure.

Path Traversal Claude Agent Sdk Master
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7221 MEDIUM POC PATCH This Month

Server-side request forgery (SSRF) in TencentCloudBase CloudBase-MCP through version 2.17.0 allows remote unauthenticated attackers to manipulate the open-url API endpoint by injecting arbitrary URLs via the req.body.url parameter, enabling attackers to make unauthorized requests from the server to internal or external resources. The vulnerability has publicly available exploit code and affects the openUrl function in mcp/src/interactive-server.ts. Vendor-released patch version 2.17.1 is available.

SSRF Cloudbase Mcp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7217 MEDIUM POC This Month

Absolute path traversal in Deepractice PromptX up to version 2.4.0 allows remote unauthenticated attackers to read arbitrary files from the server by manipulating the path argument in document file handling functions (read_docx, read_xlsx, read_pptx, list_xlsx_sheets, read_pdf). Publicly available exploit code exists and the vendor has not responded to early disclosure, though CVSS 5.3 (AV:N/AC:L/PR:N/UI:N) indicates moderate information disclosure risk with no integrity or availability impact.

Microsoft Path Traversal
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7214 MEDIUM POC This Month

Path traversal in eghuzefa engineer-your-data up to version 0.1.3 allows remote attackers to read, write, list, and obtain information about arbitrary files via manipulation of the WORKSPACE_PATH argument in the read_file, write_file, list_files, and file_inf functions within src/server.py. Publicly available exploit code exists, and the vendor has been notified but has not yet responded with a fix.

Path Traversal Engineer Your Data
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7223 MEDIUM POC This Month

Server-side request forgery (SSRF) in BigSweetPotatoStudio HyperChat up to version 2.0.0-alpha.63 allows remote unauthenticated attackers to manipulate the baseurl argument in the AI Proxy Middleware component, enabling arbitrary HTTP requests from the affected server. The vulnerability has a publicly available exploit and CVSS 6.9 score reflecting confidentiality, integrity, and availability impact at the network level with low complexity. The vendor has not responded to early disclosure notification through the project's GitHub issue tracker.

SSRF Hyperchat
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7228 MEDIUM POC This Month

SQL injection in Pizzafy Ecommerce System 1.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the ID parameter in the get_cart_count function at /admin/ajax.php. CVSS scores 7.3 (High) with network attack vector, low complexity, and no authentication required. Public exploit code exists on GitHub, significantly lowering the barrier to exploitation. EPSS data not available, but the combination of public exploit, low attack complexity (AC:L), and no authentication (PR:N) indicates moderate-to-high real-world risk for internet-facing installations.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7227 MEDIUM POC This Month

SQL injection in Pizzafy Ecommerce System 1.0 allows remote unauthenticated attackers to compromise database confidentiality, integrity, and availability via the email parameter in the admin login function. The vulnerability exists in /admin/ajax.php?action=login and has a publicly available proof-of-concept exploit on GitHub. With CVSS 7.3 (High) and confirmed POC, this represents an immediate risk to internet-exposed admin panels, though no active exploitation has been confirmed by CISA KEV at time of analysis.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7226 MEDIUM POC This Month

SQL injection in SourceCodester Pizzafy Ecommerce System 1.0 allows remote unauthenticated attackers to compromise database confidentiality, integrity, and availability through the login2 function. The vulnerability exists in /admin/ajax.php when processing the email parameter during administrative login, enabling attackers to bypass authentication, extract sensitive data, modify records, or disrupt service. A proof-of-concept exploit has been publicly released on GitHub, significantly lowering the barrier to exploitation. CVSS 7.3 (High) reflects network-accessible attack surface with no authentication required and low attack complexity.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7225 MEDIUM POC This Month

SQL injection in SourceCodester Pizzafy Ecommerce System 1.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the ID parameter in the delete_menu function of /admin/ajax.php. Public exploit code is available on GitHub, enabling database extraction, authentication bypass, and potential administrative access. CVSS 7.3 reflects network-accessible attack with no authentication required, though actual exploitation targets the administrative backend endpoint.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7224 MEDIUM POC This Month

SQL injection in SourceCodester Pizzafy Ecommerce System 1.0 allows unauthenticated remote attackers to extract, modify, or delete database contents via the ID parameter in /admin/ajax.php?action=delete_cart endpoint. Publicly available exploit code exists (GitHub POC), enabling immediate weaponization. CVSS 7.3 indicates network-based exploitation with no authentication barriers, granting partial confidentiality, integrity, and availability impact. Despite high CVSS and public POC, this affects a niche open-source e-commerce platform with limited deployment footprint.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7272 MEDIUM POC This Month

Path traversal in WilliamCloudQi matlab-mcp-server allows remote unauthenticated attackers to manipulate the scriptPath argument in the generate_matlab_code and execute_matlab_code functions, enabling unauthorized file system access with confidentiality and integrity impact. The vulnerability affects versions up to commit ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca, has publicly available exploit code, and the vendor has not yet responded to early disclosure notification.

Path Traversal Matlab Mcp Server
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-5306 MEDIUM POC PATCH This Month

Stored XSS vulnerability in Check & Log Email WordPress plugin before version 2.0.13 allows authenticated users with low privileges to inject malicious scripts via improper email replacement handling when the email encoder setting is enabled. The vulnerability requires user interaction (UI:R) to execute, affecting confidentiality and integrity with cross-site scope. Publicly available exploit code exists but exploitation probability remains low (EPSS 0.05%, percentile 17%), indicating this is not a widely targeted vulnerability despite public awareness.

WordPress XSS
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-5779 CRITICAL Act Now

Insecure direct object reference in MphRx Minerva V3.6.0 allows authenticated attackers to modify arbitrary user profiles via the '/minerva/user/updateUserProfile' endpoint, enabling account takeover by changing victim email addresses and triggering password reset flows. Reported by INCIBE-CERT with authentication bypass tags, indicating likely real-world discovery during security assessment. CVSS 9.4 reflects high confidentiality, integrity, and scope impacts (VC:H/VI:H/SC:H/SI:H), though the PR:L requirement (low-privileged authenticated access) limits initial attack surface to users with valid credentials.

Authentication Bypass Minerva
NVD VulDB
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-32649 HIGH CISA Act Now

Command injection in Milesight camera web servers allows authenticated administrators with user interaction to execute arbitrary operating system commands. CISA ICS-CERT issued an advisory (ICSA-26-113-03), indicating operational technology/critical infrastructure relevance. Successful exploitation achieves complete compromise of camera confidentiality and integrity. Attack requires privileged credentials (admin-level) and user interaction, significantly limiting real-world exploitation scenarios compared to unauthenticated remote attacks.

Command Injection
NVD GitHub
CVSS 4.0
7.3
EPSS
0.1%
CVE-2026-41446 CRITICAL PATCH Act Now

Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the device label or documentation containing these values can authenticate to the several endpoints and execute arbitrary commands as root on the device.

Authentication Bypass
NVD
CVSS 4.0
9.2
EPSS
0.1%
CVE-2026-40976 CRITICAL PATCH GHSA Act Now

Authentication bypass in Spring Boot 4.0.0-4.0.5 allows remote unauthenticated attackers to access all application endpoints, bypassing default web security filters entirely. Affects servlet-based applications using spring-boot-actuator-autoconfigure without custom Spring Security configuration and without spring-boot-health dependency. Vendor patch released (upgrade to 4.0.6+). No public exploit code identified at time of analysis, but CVSS 9.1 with network attack vector (AV:N/AC:L/PR:N) indicates trivial exploitation once configuration prerequisites are met.

Java Authentication Bypass Spring Boot
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-41386 CRITICAL PATCH GHSA Act Now

Privilege escalation in OpenClaw allows remote unauthenticated attackers to elevate privileges beyond intended device roles during first-use pairing. The vulnerability stems from bootstrap setup codes lacking proper binding to device roles and scopes, enabling attackers to exploit the pairing process with low complexity and no user interaction. VulnCheck reported this issue, and a vendor patch is available as of 2026.3.22. While no active exploitation has been confirmed (not in CISA KEV), the network attack vector (AV:N) and absence of authentication requirements (PR:N) create significant exposure for organizations deploying new OpenClaw instances.

Privilege Escalation Openclaw
NVD GitHub
CVSS 4.0
9.1
EPSS
0.0%
CVE-2026-7244 HIGH This Week

Remote unauthenticated command injection in Totolink A8000RU 7.1cu.643_b20200521 allows complete device compromise via crafted requests to the WiFi Guest Configuration CGI handler. Attackers can inject arbitrary OS commands through the 'merge' parameter in setWiFiEasyGuestCfg function at /cgi-bin/cstecgi.cgi, achieving full system control without authentication. Public exploit code exists (confirmed by CVSS E:P and GitHub POC reference), significantly lowering the barrier to exploitation. EPSS data not available, but the combination of network attack vector, no authentication requirement, low complexity, and publicly available exploit indicates elevated real-world risk for internet-facing devices.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-7243 HIGH This Week

Remote unauthenticated command injection in Totolink A8000RU 7.1cu.643_b20200521 allows attackers to execute arbitrary OS commands via the maxRtrAdvInterval parameter in the setRadvdCfg function of /cgi-bin/cstecgi.cgi. Public exploit code exists per VulDB submission, enabling immediate weaponization against exposed devices. CVSS 8.9 reflects network accessibility, no authentication requirement, and high impact across confidentiality, integrity, and availability - attack complexity is low with no user interaction needed, making this a critical priority for internet-facing Totolink routers.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-7242 HIGH This Week

OS command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows unauthenticated remote attackers to execute arbitrary system commands via the setOpenVpnClientCfg function in /cgi-bin/cstecgi.cgi by manipulating the 'enabled' parameter. Public exploit code exists (disclosed on GitHub), significantly lowering the barrier to exploitation. CVSS 8.9 reflects the complete compromise potential (confidentiality, integrity, availability) without requiring authentication or user interaction, making this a critical exposure for deployed devices.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-7241 HIGH This Week

Remote command injection in Totolink A8000RU firmware 7.1cu.643_b20200521 allows unauthenticated attackers to execute arbitrary OS commands via the wifiOff parameter in setWiFiBasicCfg function. The vulnerability has a publicly available exploit (PoC on GitHub) and achieves full system compromise with network-accessible attack vector requiring no authentication or user interaction. EPSS data not available, but CVSS 8.9 (Critical) with exploitability confirmed (E:P) indicates immediate patching priority for exposed devices.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-7204 HIGH This Week

Remote command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows unauthenticated attackers to execute arbitrary OS commands via the 'enable' parameter in setPptpServerCfg function of /cgi-bin/cstecgi.cgi. Public exploit code exists (GitHub POC available), enabling trivial remote compromise without authentication or user interaction. CVSS v4.0 score of 8.9 reflects maximum impact on confidentiality, integrity, and availability. No EPSS data or CISA KEV status available, but publicly documented POC substantially lowers exploitation barrier for this home/small office router platform.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-7203 HIGH This Week

Remote command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows unauthenticated attackers to execute arbitrary OS commands with router privileges via the setUrlFilterRules CGI function. Public exploit code exists (CVSS:4.0 E:P indicator), significantly increasing exploitation risk. EPSS data unavailable, but network-accessible command injection with public POC represents critical risk for internet-exposed devices.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-7202 HIGH This Week

OS command injection in Totolink A8000RU router firmware version 7.1cu.643_b20200521 allows remote unauthenticated attackers to execute arbitrary system commands with root privileges via the wscDisabled parameter in the setWiFiWpsStart function of /cgi-bin/cstecgi.cgi. Public exploit code exists (VulDB #359802), enabling trivial weaponization. EPSS score unavailable; CVSS 8.9 reflects network-based unauthenticated attack with complete device compromise. No CISA KEV listing at time of analysis, suggesting targeted rather than mass exploitation.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-7248 HIGH This Week

Remote code execution in D-Link DI-8100 router firmware 16.07.26A1 allows unauthenticated attackers to compromise the device via buffer overflow in the CGI endpoint. The vulnerability resides in the tgfile.htm CGI handler where inadequate input validation of the 'fn' parameter enables attackers to overflow a stack or heap buffer. Public exploit code is available on GitHub, significantly lowering the barrier to exploitation against internet-exposed devices. CVSS 8.9 (Critical) with network vector, low complexity, and no privileges required indicates high real-world risk for exposed D-Link DI-8100 routers.

Buffer Overflow D-Link
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.1%
CVE-2026-38949 HIGH This Week

Stored Cross-Site Scripting in HTMLy 3.1.1 allows authenticated users with content creation privileges to inject malicious JavaScript via the image upload endpoint (/add/content?type=image), executing arbitrary code in victim browsers with scope change (S:C) indicating potential account takeover or session hijacking. Public proof-of-concept exists (YouTube demonstration and GitHub writeup), though EPSS score remains low (2%, 4th percentile) and no active exploitation has been confirmed by CISA KEV. CVSS 8.9 reflects high confidentiality and integrity impact but requires victim interaction.

XSS RCE N A
NVD GitHub
CVSS 3.1
8.9
EPSS
0.0%
CVE-2026-24186 HIGH This Week

Remote code execution in NVIDIA FLARE SDK allows authenticated attackers to execute arbitrary code by sending maliciously crafted FOBS-encoded messages that exploit unsafe deserialization in the FOBS component. The vulnerability affects federated learning deployments where NVIDIA FLARE SDK processes messages from low-privileged authenticated users, enabling complete system compromise with high impact to confidentiality, integrity, and availability. No active exploitation confirmed (not in CISA KEV) and public exploit status unknown at time of analysis.

Nvidia Deserialization RCE
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-41394 HIGH PATCH This Week

Authentication bypass in OpenClaw allows remote unauthenticated attackers to execute privileged runtime operations intended for authorized operators. The vulnerability exists in plugin-auth HTTP routes that incorrectly grant operator-level write scopes without authentication checks. Attackers can remotely exploit this flaw with low complexity (CVSS:4.0 AV:N/AC:L/PR:N) to modify runtime configurations and perform administrative actions. Vendor-released patch available as of commit 2a1db0c (March 31, 2026). No active exploitation confirmed in CISA KEV, though EPSS data unavailable for risk calibration.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-40978 HIGH PATCH GHSA This Week

SQL injection in Spring AI's CosmosDBVectorStore component (versions 1.0.0-1.0.5 and 1.1.0-1.1.4) enables authenticated remote attackers to execute arbitrary SQL queries through malicious document IDs, potentially achieving full database compromise including data exfiltration, modification, and denial of service. VMware has released patches in versions 1.0.6 and 1.1.5. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability, though exploitation requires low-privilege authenticated access to the vector store API.

Java SQLi
NVD
CVSS 3.1
8.8
EPSS
0.0%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy