Remote unauthenticated command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows attackers to execute arbitrary OS commands via the 'enable' parameter in the setAppFilterCfg function. Exploitation requires no authentication or user interaction, with a publicly available proof-of-concept exploit published on GitHub. CVSS 8.9 reflects critical impact across confidentiality, integrity, and availability, though EPSS data is unavailable to assess real-world exploitation probability. Not currently listed in CISA KEV, suggesting targeted rather than widespread exploitation at time of analysis.
Remote unauthenticated buffer overflow in D-Link DI-8100 firmware 16.07.26A1 enables attackers to execute arbitrary code, compromise device integrity, and cause denial of service via crafted POST requests to /url_rule.asp. Public exploit code is available on GitHub, significantly lowering the barrier to exploitation. The CVSS 9.8 critical score reflects network-based remote attack requiring no authentication or user interaction, though no active exploitation has been confirmed via CISA KEV at time of analysis.
Buffer overflow in D-Link DI-8100 router firmware 16.07.26A1 allows remote unauthenticated attackers to execute arbitrary code via crafted HTTP requests to /auto_reboot.asp. The vulnerability exploits unsafe sprintf calls handling the 'enable' and 'time' parameters in the auto-reboot feature's HTTP handler. A public proof-of-concept exploit is available on GitHub, significantly lowering the barrier to exploitation. CVSS 8.9 with EPSS and attack complexity both low indicate high real-world risk for internet-facing devices running this firmware version.
Stack-based buffer overflow in EFM ipTIME NAS1dual 1.5.24 allows remote unauthenticated attackers to achieve complete system compromise via the get_csrf_whites function in /cgi/advanced/misc_main.cgi. Public exploit code exists on GitHub, demonstrating practical exploitability despite lack of vendor response to responsible disclosure. CVSS 8.9 (Critical) with EPSS data unavailable; attack requires no authentication, low complexity, and no user interaction (AV:N/AC:L/PR:N/UI:N), making this a high-priority remote attack surface.
OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to execute arbitrary code by injecting formula payloads into vendor name fields. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SQL injection in ProFTPD 1.3.9a and earlier allows remote attackers to execute arbitrary SQL commands when the 'UseReverseDNS on' configuration is enabled. The vulnerability exists in mod_wrap2_sql.c where attacker-controlled reverse DNS hostnames are passed unescaped into SQL queries during client access control checks. Exploitation complexity is high due to DNS character restrictions and specific configuration requirements. No active exploitation confirmed (not in CISA KEV), but upstream fix is available via GitHub commit 7666224. EPSS risk data not provided.
Use-after-free in Redis 7.2.0 through 8.6.2 allows authenticated attackers to achieve remote code execution by exploiting error handling in the unblock client flow. When a blocked client is evicted during command re-execution, the server fails to handle the error return from processCommandAndResetClient, triggering memory corruption. Redis has released version 8.6.3 with a security fix. No public exploit code or CISA KEV listing identified at time of analysis, suggesting limited observed exploitation despite the critical RCE impact.
Arbitrary kernel memory read/write in Realtek rtl819x Jungle SDK Wi-Fi driver allows local unprivileged attackers to access and modify kernel memory through debug ioctl handlers (0x89F5/0x89F6) that were left enabled in production builds. All known SDK versions through v3.4.14B are affected. A publicly available exploit exists (GitHub repository CVE-2026-36355), enabling privilege escalation and data exfiltration on devices using the vulnerable rtl8192cd driver. EPSS data unavailable; not currently in CISA KEV.
Authority confusion in fast-uri JavaScript library allows remote attackers to bypass URL validation security controls. The normalize() function improperly decodes percent-encoded at-signs (%40) in hostnames, then re-serializes them as raw userinfo delimiters, causing URLs like 'http://trusted.com%40evil.com' to resolve to 'evil.com' instead of 'trusted.com'. Applications using fast-uri to validate URLs against allowlists or for redirect validation can be tricked into connecting to attacker-controlled domains. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicates trivial remote exploitation with no authentication. EPSS data not available; no confirmed active exploitation (not in CISA KEV). Vendor patch released in version 3.1.2.
Buffer overflow in D-Link DI-8100 router (firmware 16.07.26A1) allows authenticated remote attackers to execute arbitrary code or crash the device via crafted HTTP requests to the /tggl.asp endpoint. The vulnerability affects the tggl_asp function's Name parameter handling. Public exploit code is available on GitHub, significantly lowering the barrier to exploitation for attackers with valid router credentials.
Buffer overflow in D-Link DI-8100 router firmware 16.07.26A1 enables authenticated remote code execution via crafted input to the /user_group.asp CGI handler. Attackers with high-privilege (administrator) credentials can exploit the unsafe sprintf function to achieve arbitrary code execution with complete system compromise. Public exploit code exists on GitHub, significantly lowering the barrier to exploitation despite the high-privilege requirement.
Buffer overflow in D-Link DI-8100 router firmware 16.07.26A1 allows authenticated administrators to execute arbitrary code via crafted 'Name' parameter to /url_member.asp in the web management interface. Public exploit code exists on GitHub, demonstrating active proof-of-concept availability. EPSS data unavailable; CVSS 7.2 reflects high impact but limited by requirement for high-privilege (admin) authentication, reducing real-world urgency for most organizations unless admin credentials are compromised or insider threat exists.
Stack-based buffer overflow in D-Link DI-8100 router firmware 16.07.26A1 allows authenticated remote attackers with high privileges to execute arbitrary code via malformed ID parameter to yyxz.asp administrative interface. Public exploit code exists on GitHub, demonstrating reliable exploitation. CVSS 7.3 (High) reflects network attack vector but requires admin-level authentication, limiting real-world exposure to compromised credentials or insider scenarios.
Remote command injection in EFM ipTIME C200 camera firmware (versions up to 1.092) allows authenticated administrators to execute arbitrary system commands via malicious file upload to the ApplyRestore endpoint. The vulnerability exists in the sub_408F90 function processing the RestoreFile parameter in /cgi/iux_set.cgi. Exploitation probability is elevated by publicly available proof-of-concept code demonstrating the attack technique, though no active exploitation has been confirmed by CISA KEV at time of analysis. Vendor has been unresponsive to disclosure attempts, indicating no official patch timeline.
Stored cross-site scripting in Grav CMS allows low-privileged users with page-creation permissions to inject malicious SVG payloads that execute when administrators view the page. The vulnerability stems from regex-based XSS detection that fails to catch unquoted event handlers and omits SVG/MathML from dangerous tags. Exploitation exfiltrates the admin-nonce token from /admin/config/info, enabling CSRF bypass and chained remote code execution through scheduled tasks or plugin endpoints. GitHub advisory GHSA-w8cg-7jcj-4vv2 confirms exploit details; patch available in Grav 2.0.0-beta.2 (commit 5a12f9be8). CVSS 8.9 (High) with network attack vector, low complexity, and scope change reflecting cross-context session hijacking.
Arbitrary file read in OpenClaw QQBot extension allows remote unauthenticated attackers to disclose sensitive local files by crafting malicious media tags in reply text. The vulnerability exists in OpenClaw npm package versions before 2026.4.10, where QQBot outbound media handling fails to enforce storage boundaries, enabling path traversal to read files outside the intended media directory. Publicly available patch confirmed (GitHub commit 604777e4414cc3b2ff8861f18f4fb04374c702c6). EPSS data unavailable; no CISA KEV listing indicates targeted disclosure rather than widespread exploitation. CVSS 8.9 with network vector and no authentication required, but exploitation requires the QQBot extension to be enabled and processing attacker-controlled reply text.
Remote code execution in Betheme WordPress theme versions up to 28.4 allows authenticated attackers with author-level privileges to upload malicious PHP files disguised as icon packs. The upload_icons() function extracts user-controlled ZIP files into public directories without validating extracted content, enabling arbitrary code execution. This vulnerability requires only author-level WordPress credentials (PR:L) and has network attack vector (AV:N) with low complexity (AC:L), making it readily exploitable by compromised or malicious site contributors. No public exploit code or CISA KEV listing identified at time of analysis.
Unauthenticated path traversal in Grav CMS FormFlash component allows remote attackers to create arbitrary directories and write configuration files (index.yaml) with controlled content. Confirmed actively exploited (CISA KEV). The vulnerability affects all Grav v1.7.x installations with form-enabled pages (default in standard deployments). Attack complexity is low-requires only manipulating the __form-flash-id POST parameter with traversal sequences. Vendor-released patch available in v2.0.0-beta.2 (commit d904efc33) applies strict alphanumeric sanitization to session identifiers. EPSS exploitation probability data not available, but GitHub advisory confirms zero-day status prior to patch, with public proof-of-concept demonstrating directory creation in user/config/ paths leading to configuration injection and potential DoS via inode exhaustion.
Authorization bypass in YAFNET forum software (versions ≤4.0.4) allows any low-privileged authenticated user to execute arbitrary SQL commands against the backend database. The flaw stems from a misplaced ASP.NET Core filter (`PageSecurityCheckAttribute`) that validates admin privileges *after* page handlers execute, enabling attackers to inject SQL via the `/Admin/RunSql` endpoint before the 302 redirect occurs. Publicly available exploit code exists (GitHub advisory GHSA-xhw7-j96h-c3g5) demonstrating time-based blind SQL injection to extract `@@VERSION` and manipulate identity tables. CVSS 8.8 (AV:N/AC:L/PR:L) reflects network-accessible exploitation requiring only a standard forum account-trivially obtained via self-registration on most deployments. Vendor-released patch available in version 4.0.5.
Privilege escalation in JupyterLab 4.0.0 through 4.5.6 allows authenticated users to bypass extension allow-list controls and install arbitrary PyPI packages, enabling potential data exfiltration and lateral movement in multi-tenant deployments. The PyPI Extension Manager failed to enforce the `allowed_extensions_uris` configuration, permitting installation of packages outside the approved list. This vulnerability is particularly critical in shared educational environments (JupyterHub) and multi-tenant deployments where kernel/terminal access is restricted. Vendor-released patch available in JupyterLab v4.5.7. No public exploit identified at time of analysis, though exploitation requires only authenticated access with low complexity (CVSS AC:L).
Authenticated command injection in ALTICE LABS GR140DG and GR140IG fiber gateways allows remote attackers with valid credentials to execute arbitrary commands as root through the traceroute diagnostic handler. The vulnerability exists in the /bin/httpd_clientside component where unsanitized destAddr parameters are passed directly to system() calls, enabling shell command substitution attacks. With CVSS 8.8 (High) but EPSS exploitation probability of only 0.04% (12th percentile), this vulnerability affects widely-deployed ISP-managed CPE devices in France (SFR network) but shows no evidence of active exploitation or public POC availability at time of analysis.
Command injection in ALTICE LABS GR140DG and GR140IG fibre routers allows authenticated remote attackers to execute arbitrary commands as root. The ping diagnostic handler in /bin/httpd_clientside accepts unsanitized user input in the destAddr parameter and passes it to a system() call, enabling shell command substitution. SSVC indicates total technical impact with no confirmed exploitation; EPSS score of 0.04% (12th percentile) suggests low observed exploitation activity, though the availability of a detailed security advisory (XEROD-2026-0001) may increase attack surface awareness among threat actors.
Privilege escalation in Grav API Plugin (versions < 1.0.0-beta.15) allows any authenticated user with basic 'api.access' permission to elevate themselves to Super Administrator by sending a crafted PATCH request to modify their own permission configuration. The vulnerability, confirmed by vendor GitHub Security Advisory GHSA-r945-h4vm-h736, stems from inadequate authorization checks in the UsersController::update method, which permits self-editing users to overwrite the 'access' field containing role definitions. Successful exploitation grants complete CMS control including the ability to edit Twig templates outside sandbox restrictions for remote code execution. A detailed proof-of-concept is publicly available, and vendor-released patch is confirmed in version 1.0.0-beta.15.
Stack-based buffer overflow in Sandboxie-Plus SbieSvc service enables sandboxed processes to escape isolation and execute code as SYSTEM. Affected versions 1.17.2 and earlier allow malicious sandboxed code to overflow a fixed 160-wide-character stack buffer in NamedPipeServer::OpenHandler via crafted named pipe open requests, bypassing the fundamental security boundary Sandboxie provides. Fixed in version 1.17.3. EPSS data unavailable, no CISA KEV listing or public exploit identified at time of analysis, but the security boundary violation represents a complete defeat of Sandboxie's core function.
Stack buffer overflow in Sandboxie-Plus SbieSvc proxy service enables SYSTEM privilege escalation from sandboxed processes, including Security Hardened Sandboxes. Attackers chain an information disclosure (returning up to 32KB uninitialized stack memory with ASLR/stack cookie bypass) with an unbounded memcpy overflow in the GetRawInputDeviceInfoSlave IPC handler. Intel CET shadow stacks block ROP exploitation but not the information leak itself. Vendor-released patch available in version 1.17.3. No public exploit identified at time of analysis, but attack complexity is rated high (AC:H) with low privilege requirements (PR:L), making this viable for motivated attackers targeting sandbox environments.
Remote attackers with low-privilege authentication can inject environment variable assignments into OpenClaw 2026.2.22 through 2026.4.11 to bypass shell wrapper detection mechanisms. By manipulating critical shell variables like SHELLOPTS and PS4 at the argv level, attackers achieve high-impact code execution that circumvents security controls. Vendor-released patch available in version 2026.4.12. No active exploitation confirmed (not in CISA KEV), but VulnCheck disclosed this vulnerability with specific technical details and a GitHub commit fix.
Remote command execution in Pi-hole FTL versions before 6.6.1 allows network-adjacent attackers with API access to inject malicious dnsmasq directives via unvalidated newline characters in the dns.interface configuration field, achieving arbitrary code execution when DHCP leases are requested. Deployments with no admin password (a documented default configuration) expose the configuration API without authentication, enabling unauthenticated remote exploitation. The Pi-hole project released version 6.6.1 with input validation that strips newline characters, and the fix commit (0c46e4ec7f) replaced validate_stub with validate_str_no_newline.
SQL injection in Oracle MCP Server Helper Tool 1.0.1-1.0.156 allows low-privileged authenticated attackers to execute malicious SQL queries with high confidentiality and integrity impact across security boundaries. The vulnerability requires network access via HTTP and user interaction, affecting the helper tool component. With CVSS 8.7 and easily exploitable characteristics (AC:L), this represents significant risk for organizations running affected versions, though no public exploit or active exploitation (CISA KEV) has been identified at time of analysis. The changed scope (S:C) indicates potential impact beyond the vulnerable component itself.
{system("id")}' or 'toybox ash -c'. CVSS 8.7 (CVSS:4.0/AV:N/AC:L/PR:L) indicates network-accessible exploitation by low-privileged authenticated users. Vendor-released patch available in version 2026.4.12. EPSS and KEV data not provided; no public exploit identified at time of analysis beyond vendor-disclosed commit.
Sandbox escape in OpenClaw 2026.4.5 through 2026.4.9 allows low-privileged remote attackers to bypass sandbox boundaries and route code execution to arbitrary remote nodes by overriding exec routing parameters with host=node. This breaks sandboxed agent isolation, enabling privilege escalation and unauthorized access to production infrastructure. VulnCheck publicly disclosed this vulnerability with vendor patch available (commit dffad08). No active exploitation (CISA KEV) confirmed, but public disclosure increases exploitation risk for organizations running vulnerable OpenClaw agent deployments.
Unauthenticated remote access to privileged management functions in Network-AI npm package (versions ≤5.1.2) allows attackers to read and mutate orchestrator configuration, enumerate and control agents, create or revoke security tokens, and adjust global budget ceilings. The MCP HTTP transport binds to 0.0.0.0 by default and accepts JSON-RPC tool invocation requests without authentication, session validation, or origin checks. Public exploit code exists demonstrating enumeration of 22 privileged tools and successful mutation of runtime configuration parameters via simple HTTP POST requests. Vendor-released patch: version 5.1.3 available per GitHub advisory GHSA-fj4g-2p96-q6m3.
Undefined behavior in rust-openssl's X509Ref::ocsp_responders allows crafted X.509 certificates with non-UTF-8 OCSP responder URLs to violate Rust's memory safety guarantees. Applications parsing untrusted certificates (TLS handshakes, certificate validation pipelines, PKI tooling) can trigger undefined behavior through safe Rust code when processing malformed AIA extensions. CVSS 8.7 reflects network-exploitable integrity impact; no active exploitation confirmed (not in CISA KEV), but patch available in version 0.10.79 per upstream GitHub advisory GHSA-xp3w-r5p5-63rr.
Server-Side Request Forgery (SSRF) in link-preview-js npm package allows attackers to craft URLs that bypass validation to access internal network resources via IPv6 loopback addresses (::1, ::ffff:127.0.0.1) and DNS rebinding attacks using wildcard services (.internal, .local, .nip.io, .sslip.io domains). Successful exploitation enables reading internal metadata endpoints, accessing private network services, and exfiltrating sensitive data from cloud instance metadata or internal APIs. Vendor-released patch in version 4.0.1 tightens regex validation but requires users to implement DNS resolution via resolveDNSHost option for complete protection. No public exploit identified at time of analysis, though the attack techniques are well-documented SSRF methods.
Remote unauthenticated attackers can crash Eclipse OpenJ9 JITServer instances (versions 0.21-0.58) by sending a specially crafted 32-byte TCP message, triggering a buffer over-read (CWE-125) that causes denial of service. The vulnerability requires no authentication or user interaction, affecting any exposed JITServer endpoint. CVSS 8.7 (High) reflects the severe availability impact, though EPSS data is not available for this recent CVE. Exploit code is publicly available via GitHub PR #23793, which demonstrates the bounds-checking fix, though no active exploitation is confirmed at time of analysis.
Unauthenticated remote denial-of-service in Phoenix Framework 1.7.0-1.7.21 and 1.8.0-1.8.5 allows attackers to crash Elixir BEAM nodes by sending multi-megabyte HTTP requests filled with newlines to the long-poll transport endpoint. A 1 MB payload of newline characters triggers allocation of approximately one million empty list elements, exhausting scheduler and memory resources. Session token required to trigger the vulnerability is obtainable via unauthenticated GET request, making exploitation trivial. Vendor-released patches (1.7.22, 1.8.6) enforce client-side batching limits. CVSS 8.7 (high availability impact) confirmed; no public exploit or CISA KEV listing identified at time of analysis.
Environment variable disclosure via unhandled HTTP methods in Inngest TypeScript SDK versions 3.22.0 through 3.53.1 allows unauthenticated remote attackers to exfiltrate all process environment variables, including API keys, signing keys, and credentials. Vulnerable applications must expose the serve() endpoint to PATCH, OPTIONS, or DELETE methods - common in Next.js Pages Router and Express default configurations. The vulnerability was responsibly disclosed by independent researcher Ben Hylak with no known active exploitation at time of analysis. CVSS 8.6 reflects network-accessible unauthenticated attack with high confidentiality impact and scope change. Vendor-released patch available in version 3.54.0.
Server-Side Request Forgery (SSRF) in Eclipse BaSyx Java Server SDK prior to 2.0.0-milestone-10 allows unauthenticated remote attackers to force the server to execute blind HTTP POST requests to arbitrary internal or external targets via the unvalidated Operation Delegation feature. Attackers can exploit this to bypass network segmentation, pivot into isolated IT/OT infrastructure, or access Cloud Metadata services (IMDS) - enabling potential credential theft and lateral movement. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis, but the SSRF attack pattern is well-understood and readily exploitable.
Stored cross-site scripting in Grav CMS allows publisher-level authenticated users to execute arbitrary JavaScript in victim browsers by injecting unquoted HTML event handlers that bypass the detectXss() blacklist regex. The flawed pattern failed to detect on* event attributes without surrounding quotes, enabling payloads like <img src=x onerror=eval(...)> to persist in content fields and execute when administrators or other users view the compromised page. Vendor-released patch confirmed in commit 5a12f9be8 (Grav 2.0.0-beta.2), which tightens the on_events regex to flag unquoted attributes, adds dangerous XML namespace tags (svg, math) to the default blocklist, and hardens MediaObjectTrait::attribute() with strict identifier validation. Publicly available exploit code exists. EPSS and KEV data not provided; exploitation requires publisher-level account privileges.
Server-Side Request Forgery in edx-enterprise 7.0.2-7.0.4 enables Enterprise Admins to steal cloud credentials and scan internal networks. Authenticated users with the Enterprise Admin role-typically delegated to training managers, not platform operators-can inject arbitrary URLs into SAMLProviderConfig.metadata_source and trigger server-side HTTP requests to internal infrastructure. Publicly available exploit code exists (proof-of-concept in GitHub advisory GHSA-64cv-vxpr-j6vc). Vendor-released patch: edx-enterprise 7.0.5. This mirrors a previously patched SSRF in openedx-platform (GHSA-328g-7h4g-r2m9), indicating recurring pattern in SAML metadata handling across Open edX components.
Server-side request forgery (SSRF) in Twenty CRM allows authenticated users to bypass IP filtering protections and access internal network resources, including cloud metadata endpoints containing IAM credentials. The vulnerability affects versions 1.18.0 and earlier through exploitation of IPv4-mapped IPv6 address normalization inconsistencies in Node.js URL parsing versus the isPrivateIp validation utility. Attackers with low-privilege authenticated access can exfiltrate sensitive credentials from cloud provider metadata services (169.254.169.254). No public exploit code or active exploitation (CISA KEV) confirmed at time of analysis, though the technical details in the GitHub security advisory provide a clear exploitation path.
Server-side request forgery in OpenClaw's QQBot media URL handler allows remote unauthenticated attackers to fetch arbitrary internal or external resources and exfiltrate them through the bot's messaging channel. Attackers provide malicious media URLs in QQBot replies, triggering the server to fetch content from attacker-specified locations, which is then re-uploaded through legitimate channels. Vendor patch available as of version 2026.4.12, with fix commits published on GitHub. CVSS 8.3 reflects high confidentiality impact with low integrity impact; CVSS v4.0 vector indicates network-accessible, low complexity attack requiring no privileges or user interaction but specific attack conditions (AT:P).
Argument injection in exiftool-vendored npm package allows remote attackers to perform unauthorized file reads or writes via newline characters in tag names, filenames, or options. The vulnerability affects applications using exiftool-vendored ≤ 35.18.0 that pass attacker-controlled strings to ExifTool APIs without sanitization. Exploitation enables attackers to manipulate ExifTool's command-line arguments by injecting newlines into supposedly single-argument strings, breaking out of intended argument boundaries. While no remote code execution has been demonstrated, the CVSS 8.2 HIGH score reflects the network attack vector, low complexity, and lack of authentication or user interaction requirements. Fixed in version 35.19.0 with dual-layer validation rejecting control characters in both tag names and the command renderer. No public exploit code or active exploitation confirmed at time of analysis.
Remote attackers can crash OpenClaw 2026.4.9 by sending oversized WebSocket frames to the voice-call realtime webhook path, causing complete service unavailability. The vulnerability requires no authentication and affects deployments that expose the WebSocket endpoint externally. Vendor patch released in version 2026.4.10 with commit afadb7dae6738819ad9c7d2597ace0516957d20e. No active exploitation confirmed (not in CISA KEV), but public advisory with commit details provides exploitation blueprint.
Worker process crashes occur in ModSecurity (libmodsecurity3) when processing query string parameters containing single characters through the t:hexDecode transformation function. Remote unauthenticated attackers can trigger repeated segmentation faults to disrupt web application firewall protection, though service automatically recovers once the attack ceases. All libmodsecurity3 versions before 3.0.15 are affected across Apache, IIS, and Nginx deployments. OWASP confirmed the vulnerability via GitHub security advisory GHSA-qrjc-3jpc-3h2g and released patch version 3.0.15 addressing this buffer overflow (CWE-125: Out-of-bounds Read).
Complete SSRF protection bypass in ssrfcheck allows remote attackers to reach all private IPv4 ranges including cloud metadata endpoints (169.254.169.254) by encoding targets as IPv4-mapped IPv6 addresses (e.g., http://[::ffff:127.0.0.1]/). Node.js WHATWG URL parser normalizes these addresses to compressed hex form before the library's dot-notation-only regex executes, rendering all private IP checks ineffective. EPSS score unavailable for this recent CVE (2026), but the attack requires no authentication (PR:N), has low complexity (AC:L), and affects the latest version (1.3.0) with no vendor-released patch identified at time of analysis. Publicly available exploit code exists with complete proof-of-concept and automated verification scripts confirmed on Node.js v20.20.2.
Server-Side Request Forgery (SSRF) in open-webSearch's fetchWebContent MCP tool enables remote unauthenticated attackers to fetch arbitrary private-network URLs and receive full response bodies. Two defects in the `isPrivateOrLocalHostname` validator combine to allow bypass: bracketed IPv6 literals (e.g., `[::ffff:7f00:1]`) are never validated because Node's URL.hostname preserves brackets and Node's isIP() returns 0 for bracketed strings, and DNS resolution is never performed so attacker-controlled hostnames resolving to RFC1918 addresses pass unchecked. When deployed with HTTP transport enabled (documented configuration, active in Docker image), the MCP server binds to 0.0.0.0:3000 with CORS origin='*' and no authentication, exposing the vulnerable tool to any network attacker. Fixed in version 2.1.7. No public exploit identified at time of analysis, but vendor-supplied proof-of-concept demonstrates full exploit chain against AWS EC2 metadata and localhost services.
Local denial of service in Sandboxie 1.17.2 and earlier allows unprivileged processes inside Standard Sandbox configurations to crash the Windows kernel (BSOD) by sending malformed IOCTL requests to the SandboxieDriverApi kernel driver. Fixed in version 1.17.3 released by Sandboxie-Plus. Security Hardened Sandbox configurations are not affected. No active exploitation confirmed (not in CISA KEV), but the vulnerability is trivially exploitable by any process within an affected sandbox, enabling local attackers or malicious sandboxed applications to force immediate system-wide service disruption.