Unauthenticated SSRF in MagicMirror ≤2.35.0 allows remote attackers to proxy arbitrary HTTP requests through the server, accessing cloud metadata services (AWS/GCP/Azure IMDSv1), internal network resources, and localhost services via the unrestricted `/cors` endpoint. The vulnerability is compounded by environment variable expansion: attackers can exfiltrate server-side secrets (API keys, database credentials) by embedding placeholders like `**SECRET_API_KEY**` in URLs, which the server resolves from `process.env` before making the request. Vendor-released patch version 2.36.0 disables the CORS proxy by default and implements IP blocklisting when enabled. Publicly available exploit code exists (PoC provided in GitHub advisory GHSA-ph6f-2cvq-79hq). No active exploitation confirmed at time of analysis.
Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Unauthenticated remote OS command injection in MeiG Smart FORGE_SLT711 cellular gateway firmware MDM9607.LE.1.0-00110-STD.PROD-1 allows attackers to execute arbitrary system commands via the /action/SetRemoteAccessCfg endpoint in the GoAhead web server. CVSS 9.1 reflects critical impact with network-accessible attack vector requiring no authentication or user interaction. GitHub repository suggests publicly available exploit code exists (CVE-2026-36356), significantly lowering exploitation barrier for attackers targeting industrial IoT and cellular gateway deployments.
Remote code execution in Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10 allows unauthenticated remote attackers to write arbitrary files anywhere on the host filesystem via path traversal in the Submodel HTTP API's file upload fileName parameter, leading to complete system compromise. The vulnerability receives the maximum CVSS score of 10.0 due to network-accessible exploitation requiring no authentication, privileges, or user interaction, with scope change enabling impact beyond the vulnerable component. EPSS data not available; KEV status not confirmed; exploitation status depends on release recency and deployment exposure of this industrial automation SDK.
Path traversal in django-s3file's S3FileMiddleware allows attackers to manipulate HTTP requests and force Django applications to load arbitrary files from unintended S3 locations into request.FILES, bypassing pre-signed upload location restrictions. Affects all versions <=7.0.1. Vendor-confirmed vulnerability with patch released in version 7.0.2. No active exploitation confirmed (not in CISA KEV). CVSS metrics not available, but path traversal combined with file handling operations presents moderate confidentiality and integrity risk depending on application-specific file processing logic.
Server-side request forgery combined with missing authentication in firefighter-incident Python package allows unauthenticated remote attackers to exfiltrate AWS IAM credentials from cloud metadata endpoints. The `/api/v2/firefighter/raid/jira_bot` endpoint accepts arbitrary URLs in the `attachments` parameter, fetches them server-side without validation, and uploads responses as Jira attachments — enabling SSRF against internal services including `http://169.254.169.254/` (AWS EC2 Instance Metadata Service). Vendor-released patch (version 0.0.54) enforces authentication and validates attachment URLs to block private/link-local/loopback addresses. No public exploit identified at time of analysis, but exploitation is trivial given detailed advisory with exact vulnerable code paths.
Authentication bypass in MoreConvert Pro for WordPress allows remote unauthenticated attackers to hijack any user account, including administrators, by exploiting token reuse in the guest waitlist verification flow. Attackers obtain a verification token for their own email, change the guest customer email to the target victim's email via the public waitlist API, then use the original token to authenticate as the victim. This critical vulnerability (CVSS 9.8) affects all versions through 1.9.14, with network-accessible, low-complexity exploitation requiring no privileges or user interaction. EPSS data not available; no confirmed active exploitation or public POC identified at time of analysis.
Remote code execution in Geeky Bot WordPress plugin versions ≤1.2.2 allows unauthenticated attackers to install arbitrary plugins and execute code on affected sites. The vulnerability exploits a missing authorization check in a nopriv AJAX handler that permits attacker-controlled function dispatch to a plugin installer, enabling download and extraction of malicious ZIP files directly into wp-content/plugins/. With CVSS 9.8 (critical), network-exploitable without authentication, and EPSS data unavailable, this represents a severe risk to all WordPress sites running vulnerable versions until patched.
Privilege escalation in Mentoring theme for WordPress (all versions ≤1.2.8) allows unauthenticated remote attackers to create administrator accounts via broken registration role validation in mentoring_process_registration(). The flaw bypasses normal WordPress role restrictions, enabling complete site takeover without requiring any authentication or user interaction. CVSS 9.8 (critical) with network attack vector and no complexity barriers. EPSS and KEV data not provided, but the combination of unauthenticated admin account creation represents an imminent site compromise risk for all installations with registration enabled.
Unauthenticated attackers can escalate privileges in OpenCTI 6.6.0-6.9.12 by impersonating any user account, including the default administrator, to query the threat intelligence platform's API without providing credentials. This authentication bypass (CWE-287) permits complete unauthorized access to cyber threat intelligence data with CVSS 9.8 critical severity. The vulnerability allows attackers to bypass all authentication controls and assume administrative privileges remotely with low attack complexity. Fixed in version 6.9.13 with workaround available via configuration change. No active exploitation (CISA KEV) or public POC confirmed at time of analysis, though EPSS data was not provided.
XML External Entity injection in OpenCMS (versions through v20) allows remote unauthenticated attackers to achieve information disclosure, server-side request forgery, or arbitrary code execution via malicious .zip files uploaded to the Admin Import DB feature. The vulnerability stems from unsafe XML parsing of manifest.xml files within these archives. Despite a maximum CVSS 9.8 score, the real-world risk is limited by the administrative-only attack surface - exploitation requires access to privileged admin import functionality. No active exploitation confirmed (not in CISA KEV), and EPSS score of 0.03% (7th percentile) indicates minimal observed threat activity. Upstream fix available via GitHub commit e3e41e5a, though a tagged release version has not been independently verified.
Linux kernel ext4 filesystem improperly handles block group wraparound in ext4_mb_scan_groups(), allowing allocation of blocks beyond 32-bit limits for indirect-mapped files when stream allocation selects unsupported groups. While CVSS assigns network vector (9.8), this is a local kernel memory corruption issue requiring local filesystem access. EPSS score of 0.02% (7th percentile) indicates low real-world exploitation probability. Patches available across multiple stable kernel branches (6.1.168, 6.6.134, 6.12.80, 6.18.21, 6.19.11). No active exploitation confirmed (not in CISA KEV), no public POC identified at time of analysis.
Remote heap buffer overflow in Apache HTTP Server's mod_proxy_ajp module allows complete system compromise when proxying to attacker-controlled AJP backends. Affects all versions through 2.4.66; attackers can achieve remote code execution by sending malicious AJP protocol responses that overflow a heap buffer with 4 controlled bytes. Apache released patch in version 2.4.67. Despite critical CVSS 9.8, EPSS probability remains very low (0.02%, 5th percentile) indicating minimal observed exploitation attempts, and no CISA KEV listing confirms active in-the-wild abuse. Exploitation requires specific proxy_ajp deployment configuration connecting to malicious AJP servers.
Server-Side Template Injection in ERPNext v15.103.1 and earlier allows remote code execution through malicious email templates. Attackers with email template editing permissions can inject Jinja2 expressions that execute arbitrary Python code on the server when templates are rendered. SSVC framework confirms POC availability and automatable exploitation with total technical impact. CVSS 9.8 reflects network-reachable critical severity, though the 0.02% EPSS score (5th percentile) suggests limited real-world exploitation attempts to date, likely due to the permission prerequisite.
SQL injection in Kestra workflow orchestration platform versions 1.3.3 and earlier enables remote unauthenticated attackers to execute arbitrary SQL commands and fully compromise the application database. The vulnerability stems from unsanitized GET parameters directly concatenated into SQL queries, allowing complete data exfiltration, modification, and potential database server compromise. Despite critical CVSS 9.8 severity, EPSS score of 0.01% (2nd percentile) suggests minimal observed exploitation attempts, though GitHub security advisory publication indicates vendor acknowledgment and likely patch availability.
Path traversal in Langflow's Knowledge Bases API allows authenticated attackers to delete arbitrary directories on the server filesystem via crafted DELETE requests to /api/v1/knowledge_bases. The vulnerability (CVSS 9.6, Critical) stems from insufficient input validation in the delete_knowledge_bases_bulk function, which passes user-supplied knowledge base names directly to shutil.rmtree() without path containment checks. Publicly available exploit code exists (PoC disclosed in GHSA-9whx-c884-c68q), enabling cross-tenant data destruction and service disruption. Fixed in version 1.9.0 via PR #12243.
Prompt injection in SQLBot 1.7.0 and earlier allows authenticated attackers to execute arbitrary SQL statements through the Text2SQL chat interface, escalating to remote code execution when connected to PostgreSQL databases via COPY FROM PROGRAM. The vulnerability stems from unsanitized user input being directly concatenated into LLM prompts, with resulting SQL executed without validation. CVSS 9.4 (Critical) reflects network-based attack with low complexity requiring only low-privilege authentication. SSVC framework confirms proof-of-concept availability and total technical impact, though exploitation is not fully automatable. Vendor-released patch 1.7.1 addresses the issue.
Path traversal and authentication bypass in s3-proxy allows remote unauthenticated attackers to read, write, or delete objects in protected S3 namespaces via percent-encoded slashes (%2F) and dot-segment traversal. Three distinct bypass mechanisms exploit mismatches between encoded/decoded path handling: (1) wildcard glob patterns lacking path separators match across directory boundaries, (2) percent-encoded slashes collapse into decoded paths after authentication checks, and (3) dot-segment sequences bypass prefix-based access controls. Vendor-released patches available in commits 1320e4abd and af5ff57d. CVSS 9.4 (AV:N/AC:L/PR:N/UI:N) reflects critical network-accessible unauthenticated access, though exploitation requires specific resource path configurations using wildcards or prefix patterns.
Unauthenticated privilege escalation in Grav CMS Login plugin 3.8.0 allows remote attackers to self-register with admin.super privileges via missing server-side validation of groups and access fields. When administrators configure user registration with groups or access in allowed fields (a permitted UI action), attackers inject these fields into registration POST requests to bypass config-level defaults and gain full administrative access. Vendor-released patch: Login plugin 3.8.2 / Grav 2.0.0-beta.2 (commit 3d419a0). No public exploit identified at time of analysis, but the GitHub security advisory includes detailed proof-of-concept code demonstrating the attack.
DevGuard versions prior to 1.2.2 allow complete authentication bypass and privilege escalation through manipulation of the `X-Admin-Token` HTTP header. Unauthenticated remote attackers can impersonate any user - including organization admins and owners - by providing a known or guessed Kratos identity UUID in this header, gaining full control over DevGuard resources. This is a critical authentication bypass requiring no special configuration or privileges. Vendor-released patch: v1.2.2 (commit 6f38310b). No public exploit identified at time of analysis, but exploitation is trivial.
Predictable API session token generation in OpenMage LTS (≤ 20.16.0, confirmed vulnerable through ≤ 20.17.0) allows remote unauthenticated attackers to hijack authenticated XML-RPC, SOAP, and legacy REST API sessions by brute-forcing MD5 digests derived from time-based inputs. The session ID is constructed via md5(time() . uniqid('', true) . null), leaving an attacker with predictable timestamp and microsecond components plus a constrained LCG float - yielding far less than the OWASP ASVS-mandated 64 bits of entropy. Publicly available exploit code exists in the form of a working Python PoC included with the advisory.
INI injection in Sandboxie-Plus versions 1.17.2 and earlier enables any local low-privilege user to bypass EditAdminOnly and ConfigPassword protections, inject malicious directives into the global Sandboxie.ini file, create unrestricted sandbox sections, and escalate to SYSTEM privileges. The background service fails to authorize IPC messages for UserSettings_* sections and does not sanitize CRLF characters in MSGID_SBIE_INI_ADD_SETTING and MSGID_SBIE_INI_SET_SETTING parameters, allowing section header injection. Fixed in version 1.17.3 released by the vendor. No CISA KEV listing or public exploit identified at time of analysis, but technical details in GitHub advisory provide sufficient information for exploit development.
Remote unauthenticated trust boundary violation in OpenClaw npm package before 2026.4.10 allows attackers to escalate untrusted external hook input into trusted system events. By supplying malicious hook metadata, adversaries can inject arbitrary content into the agent context with elevated privileges, bypassing security boundaries intended to isolate external input from system-level operations. Vendor-released patch available (version 2026.4.10+), with no evidence of active exploitation or public exploit code at time of analysis.
Blind SQL injection in WebinarIgnition WordPress plugin allows remote unauthenticated attackers to extract sensitive database contents including user credentials and private webinar data. The vulnerability affects all versions through 4.08.253 and requires no special configuration. Patchstack publicly disclosed this vulnerability with database reference, though no active exploitation has been confirmed via CISA KEV at time of analysis. The CVSS 9.3 critical rating reflects network-accessible attack vector with scope change, indicating potential for lateral movement beyond the vulnerable component.
SQL injection in Masa CMS 7.2.x through 7.5.2 allows unauthenticated remote attackers to extract sensitive database contents including administrative credentials and password reset tokens. The JSON API accepts unsanitized altTable parameters that are directly interpolated into SQL FROM clauses, enabling arbitrary subquery injection via feedGateway.cfc in a single HTTP request. CVSS 9.3 (Critical) with network vector, low complexity, and no authentication required. No public exploit or CISA KEV listing identified at time of analysis, but the technical details disclosed in the GitHub Security Advisory provide sufficient information for weaponization.
SQL injection in Masa CMS beanFeed.cfc allows unauthenticated remote attackers to extract sensitive database contents, modify records, delete data, or potentially execute code on the database server. The vulnerability affects multiple release branches (7.2.x through 7.5.x) and stems from unsanitized concatenation of the sortDirection parameter directly into SQL queries. With CVSS 9.3 (critical severity, network-accessible, no authentication required) and no public exploit currently identified, this represents a high-priority patching scenario for internet-facing Masa CMS deployments. Vendor-released patches are available across all affected branches.
SQL injection in Masa CMS 7.5.2 and earlier allows unauthenticated remote attackers to execute arbitrary SQL commands via the sortBy parameter in beanFeed.cfc. The vulnerability enables database compromise including sensitive data exfiltration, record manipulation, and privilege escalation to administrative control. Fixed versions released for all affected branches (7.2.10, 7.3.15, 7.4.10, 7.5.3). CVSS 9.3 reflects network vector with no authentication required and high impact across confidentiality, integrity, and availability. No active exploitation confirmed at time of analysis, though the attack surface is fully exposed to internet-facing instances.
Remote code execution in Grav CMS versions prior to 2.0.0-beta.2 allows authenticated administrators to deploy malicious PHP web shells by uploading crafted ZIP files through the Direct Install tool at /admin/tools/direct-install. The vulnerability combines insufficient ZIP archive content validation (Zip Slip primitive via path traversal) with the design-level acceptance of arbitrary plugin PHP code. Publicly available exploit code exists, demonstrating automated login, nonce extraction, malicious plugin upload, and persistent shell deployment. CVSS 9.1 (Critical) reflects network-accessible RCE with scope change, though exploitation requires high privileges (admin role). No EPSS or KEV data available at time of analysis.
Privilege escalation in OpenClaw npm package versions 2026.4.7 through 2026.4.13 allows remote unauthenticated attackers to preserve elevated execution context by sending malicious webhook wake events. The heartbeat owner downgrade logic incorrectly skips validation of untrusted webhook payloads, enabling attackers to maintain owner-like privileges during runs that should operate with reduced permissions. Vendor-released patch available in version 2026.4.14. EPSS data not available; no public exploit identified at time of analysis, though VulnCheck and security researchers from KeenSecurityLab have confirmed the vulnerability through coordinated disclosure.
Prototype pollution read-side gadgets in the axios HTTP adapter (npm, versions >=1.0.0 to <1.15.2) allow an attacker who has already polluted Object.prototype in the same Node.js process to hijack every outbound request - injecting attacker-controlled Authorization headers, redirecting relative-URL requests to an external server, pointing requests at internal Unix sockets (SSRF/container escape), forcing Node's insecure HTTP parser, and even executing an attacker-supplied beforeRedirect callback. The flaw stems from five config properties (auth, baseURL, socketPath, beforeRedirect, insecureHTTPParser) being read via direct property access that traverses the prototype chain, unlike eight sibling properties already guarded by an own() helper. A working proof-of-concept is published in the GHSA advisory, but EPSS is only 0.03% and the issue is not in CISA KEV - no public exploit identified at time of analysis as a standalone attack, and it requires a separate prototype pollution primitive to fire.
Out-of-bounds read in Linux Kernel dentry hashtable can crash the system when dhash_entries boot parameter is set to 1. The vulnerability triggers during directory cache lookups when the hash shift calculation results in access to unallocated memory regions, causing kernel page faults. Affects Linux Kernel versions from initial commit (1da177e4c3f4) through multiple stable branches. Patches available for 6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0.1, and 7.1-rc1. EPSS probability of 0.02% (7th percentile) indicates very low likelihood of exploitation in the wild, and no public exploit code or CISA KEV listing exists, suggesting this remains a theoretical edge-case issue requiring specific kernel boot configuration.
Password reset bypass in Gambio GX4 e-commerce platform allows remote unauthenticated attackers to set arbitrary passwords for any user account when the account ID is known, leading to complete account takeover. Affects versions 4.0.0.0 through 4.9.2.0, patched in February 2024 security update (2024-02 v1.0.0). SSVC framework rates this as automatable with total technical impact despite EPSS score of 0.02%, indicating high severity for targeted attacks against Gambio installations. No active exploitation confirmed via CISA KEV, but authentication bypass primitives are frequently weaponized in e-commerce platforms.
Authenticated users in ArcadeDB server versions prior to 26.4.2 can bypass database-scoped authorization and perform read, write, and schema mutation operations across all databases on the same server instance. Two critical implementation flaws combine: uninitialized file access maps treated as allow-all permissions, and newly-created databases via API POST /api/v1/server silently disabling their entire record-level authorization system through omitted security factory configuration. Vendor-released patch 26.4.2 addresses both defects. No public exploit identified at time of analysis, though CVSS 9.0 reflects severe authorization breakdown requiring only low-privilege authenticated access.