Skip to main content
CVE-2025-71284 CRITICAL POC Act Now

Remote code execution in Synway SMG Gateway Management Software allows unauthenticated attackers to execute arbitrary OS commands via command injection in the RADIUS configuration endpoint. The vulnerability exploits unsanitized POST parameters (radius_address, radius_address2, shared_secret2, source_ip, timeout, retry) that are directly interpolated into sed commands at /en/9-2radius.php. Shadowserver Foundation confirmed active exploitation beginning July 11, 2025, with publicly available exploit code and Nuclei templates enabling widespread automated attacks. CVSS 9.3 critical severity reflects the combination of network accessibility, zero authentication requirements, and complete system compromise potential.

Command Injection RCE PHP
NVD GitHub
CVSS 4.0
9.3
EPSS
0.5%
CVE-2022-50993 CRITICAL POC PATCH Act Now

Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP RCE Microsoft File Upload
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-4670 CRITICAL PATCH Act Now

Authentication bypass in Progress MOVEit Automation allows remote unauthenticated attackers to completely circumvent authentication controls and gain unauthorized access with high impact to confidentiality, integrity, and availability. Affects all versions before 2025.0.9, all 2024.x versions before 2024.1.8, and all versions prior to 2024.0.0. Progress Software has released patches for all supported versions. CVSS 9.8 critical severity with network-accessible, low-complexity exploitation requiring no privileges or user interaction. No public exploit or active exploitation confirmed at time of analysis, though the authentication bypass nature and MOVEit's history as a high-value target make this a priority remediation candidate.

Authentication Bypass Moveit Automation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-40281 CRITICAL PATCH GHSA Act Now

Argument injection in Gotenberg v8.30.1 and earlier allows unauthenticated remote attackers to manipulate filesystem operations by embedding newline characters in PDF metadata values. The vulnerability bypasses an incomplete fix from v8.30.1 that sanitized only metadata keys while leaving values unvalidated, enabling injection of ExifTool pseudo-tags like -FileName, -Directory, -SymLink, and -HardLink through the /forms/pdfengines/metadata/write endpoint. Attackers can move files to arbitrary paths (including overwriting /etc/passwd), create symlinks for read/write primitives, and persist data via hard links - all without authentication against default configurations. Vendor-released patch: version 8.31.0. CVSS 10.0 severity reflects the network attack vector (AV:N), no authentication requirement (PR:N), low complexity (AC:L), and scope change (S:C) enabling container escape scenarios. No public exploit identified at time of analysis, though complete PoC reproduction steps are documented in GitHub advisory GHSA-q7r4-hc83-hf2q.

Google RCE Docker
NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-36767 CRITICAL GHSA Act Now

Unauthenticated remote file write in Shopizer v3.2.5 allows attackers to upload arbitrary files to any writable system path via path traversal in the /content/images/add endpoint. With CVSS 10.0 and network-based exploitation requiring no authentication or user interaction, this enables immediate remote code execution by uploading malicious executables or web shells. No public exploit confirmed at time of analysis, though the attack vector is straightforward for a path traversal vulnerability. EPSS data not available, but the technical characteristics (AV:N/PR:N/AC:L) indicate high exploitability once details become widely known.

Path Traversal
NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-36760 CRITICAL Act Now

Path traversal in JeeSite 5.15.1 allows authenticated users with file upload permissions to write arbitrary files to any filesystem location during chunked uploads by manipulating the fileMd5 parameter in /a/file/upload. Attackers can bypass directory restrictions to plant webshells, modify configuration files, or overwrite executables with whitelisted extensions, achieving remote code execution and full system compromise. Scope change in CVSS vector indicates container escape or cross-tenant impact in multi-tenant deployments. No active exploitation confirmed (not in CISA KEV) but vulnerability disclosed via GitHub issue #530.

Path Traversal File Upload
NVD GitHub
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-42560 CRITICAL PATCH GHSA Act Now

Identity collision in the go-pkgz/auth Patreon OAuth provider allows any Patreon-authenticated user to impersonate every other Patreon user in the same application. The Patreon provider hashes an uninitialized variable instead of the actual Patreon account ID, assigning the constant value patreon_da39a3ee5e6b4b0d3255bfef95601890afd80709 to all users. Applications using token.User.ID as the stable account key can experience cross-account access, privilege escalation, and data leakage. Vendor-released patch available in versions 1.25.2 and 2.1.2. No evidence of active exploitation or public POC beyond the vendor's disclosure, but the vulnerability is trivially exploitable with remote unauthenticated access to any affected application.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-33845 CRITICAL PATCH Act Now

Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an integer underflow by sending malformed handshake fragments with zero length and a non-zero offset, enabling information disclosure or denial of service against Red Hat-shipped GnuTLS (RHEL 6 through 10, OpenShift Container Platform 4, and Red Hat Hardened Images). Reported by Red Hat with a vendor patch available and errata released; no public exploit identified at time of analysis, and EPSS is very low (0.04%, 11th percentile) with SSVC exploitation status 'none'. CVSS 9.1 reflects high confidentiality and availability impact over the network at low complexity without authentication.

Denial Of Service Information Disclosure Integer Overflow Buffer Overflow Red Hat Enterprise Linux 10 +6
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-42354 CRITICAL PATCH GHSA Act Now

Account takeover via SAML SSO authentication bypass in Sentry allows attackers to hijack arbitrary user accounts when controlling a malicious SAML Identity Provider within multi-organization instances. Attackers with permissions to configure SSO settings in one organization can link a victim's email address to their malicious IdP, then authenticate as that victim across the instance. The vulnerability was responsibly disclosed via bug bounty, patched in version 26.4.1 (deployed to SaaS in April 2026), and requires knowledge of the victim's email address plus multi-organization deployment (SENTRY_SINGLE_ORGANIZATION = False). No public exploit identified at time of analysis, though technical details and patch code are public via GitHub advisory GHSA-rcmw-7mc7-3rj7.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy