LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 60.2%.
SQL injection in LiteLLM proxy server versions 1.81.16 through 1.83.6 allows unauthenticated remote attackers to read and modify database contents, gaining unauthorized access to managed LLM API credentials. The vulnerability is exploitable via crafted Authorization headers sent to any LLM API route (e.g., POST /chat/completions), triggering the injection through the proxy's error-handling path. Vendor-released patch available in version 1.83.7. No active exploitation confirmed (not in CISA KEV), but the attack vector is simple (CVSS 4.0: AV:N/AC:L/PR:N) and SQL injection POCs are widely known. Discovered by Tencent YunDing Security Lab.
Remote command execution in LiteLLM proxy server versions 1.74.2 through 1.83.6 allows any authenticated user to execute arbitrary commands on the host system. Two MCP (Model Context Protocol) test endpoints accept stdio transport configurations including command, args, and env fields, then spawn the supplied command as a subprocess with proxy process privileges. Authentication with any valid API key, including low-privilege internal-user keys, bypasses intended PROXY_ADMIN role restrictions. Patch available in version 1.83.7. No CISA KEV listing or public exploit code identified at time of analysis, though EPSS scoring is not provided in available data.
A Command Injection issue in the payload build page in BYOB (Build Your Own Botnet) 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 32.4%.
Use-after-free in Linux kernel ESP (IPsec) allows local authenticated attackers to decrypt shared memory fragments improperly, potentially exposing encrypted network traffic or causing memory corruption. Affects kernel versions 6.5+ where MSG_SPLICE_PAGES can attach pipe pages directly to UDP socket buffers. The IPv4/IPv6 datagram paths fail to mark spliced pages as shared, causing ESP input decryption to modify memory not privately owned by the packet buffer. Public exploit code exists (POC available on GitHub), EPSS score is low (0.01%) indicating limited widespread exploitation risk, and vendor patches are available across affected stable kernel branches (6.6.138, 6.12.87, 6.18.28, 7.0.5).
Remote command injection in Control Web Panel allows unauthenticated attackers to execute arbitrary OS commands as root through unsanitized GET parameter. Exploitation requires Softaculous or SitePad components to be installed. Despite critical impact (root RCE), EPSS score of 6.16% (91st percentile) suggests selective targeting rather than mass exploitation, though technical barrier is low (AC:L). Public exploit code exists via Karma Insecurity disclosure and FullDisclosure mailing list, significantly increasing attack surface.
LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(), leading to code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Remote code execution in dash-uploader (Python package for Plotly Dash) versions 0.1.0 through 0.7.0a2 allows unauthenticated remote attackers to execute arbitrary code via directory traversal flaws in the HTTP request handler. The vulnerability affects temp_root path handling and POST request processing, enabling attackers to write files outside intended upload directories. Public exploit code exists (GitHub repository CVE-2026-38360), and the CVSS 9.8 critical score reflects the network-accessible, no-authentication attack vector. EPSS data not available, but the combination of RCE impact, public POC, and trivial exploitation complexity (AC:L/PR:N) makes this a high-priority remediation target for any deployment using vulnerable dash-uploader versions.
Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting in administrative control of the device) via a username that is both a valid SQL statement and a valid regular. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Arbitrary local code execution in electerm (versions 3.0.6-3.8.14) allows remote attackers to execute malicious code on victim systems by tricking users into clicking crafted electerm:// deep links, opening malicious shortcuts, or running CLI commands with attacker-controlled --opts parameters. The vulnerability stems from insufficient input validation (CWE-20) on deep link and CLI arguments, enabling adversaries to inject arbitrary options that execute code with the privileges of the electerm process. Exploitation requires user interaction (clicking link or opening file) but no authentication, making it suitable for phishing or watering-hole attacks. Patch available in version 3.8.15 with deny-list controls blocking critical parameter override.
Remote authentication bypass in Open WebUI LDAP integration (versions ≤0.8.12) allows complete account takeover by submitting empty passwords. The vulnerability exploits RFC 4513 unauthenticated simple bind semantics: when LDAP is enabled, attackers can authenticate as any user-including administrators-with zero knowledge of actual passwords, gaining full access to chats, files, API keys, and settings. Affects deployments using OpenLDAP default configurations or certain Active Directory setups that accept empty-password binds. Vendor-released patch: version 0.9.0. CVSS 9.1 (Critical) reflects network-accessible, zero-privilege, zero-interaction exploitation with high confidentiality and integrity impact.
Remote denial-of-service in Zebra (Zcash node implementation) versions prior to 4.4.0 allows unauthenticated attackers to permanently halt block synchronization via a single TCP connection. The attack exploits three independent weaknesses in gossip, syncer, and download subsystems to create an irreversible block discovery deficit. Vendor patch available in version 4.4.0. EPSS data unavailable; no CISA KEV listing or public exploit code identified at time of analysis, but the technical barrier appears low given network attack vector with no authentication or complexity requirements (CVSS 4.0: AV:N/AC:L/PR:N).
Unauthenticated attackers can exploit SQL injection in OttoKit: All-in-One Automation Platform WordPress plugin versions before 1.1.23 due to improper input sanitization in SQL statement construction. The vulnerability allows remote attackers to extract sensitive data and modify database contents without authentication, though integrity impact is limited. Publicly available exploit code exists, and a patch has been released by the vendor.
Remote code execution and denial-of-service in dash-uploader Python library allows unauthenticated network attackers to execute arbitrary code or crash applications via malicious file uploads. Versions 0.1.0 through 0.7.0a2 contain flaws in HTTP request handler (httprequesthandler.py), upload function (upload.py), and max_file_size parameter processing (configure_upload.py). Confirmed public exploit code exists (GitHub: a1ohadance/CVE-2026-38361), elevating risk despite CVSS indicating only availability impact - the RCE tag contradicts the CVSS vector's C:N/I:N rating, suggesting incomplete impact assessment. EPSS data unavailable; not in CISA KEV at time of analysis. Affects popular Python file upload component with thousands of monthly downloads per PyPI statistics.
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service (device crash) via crafted packet data to the SMB service on TCP port 445. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Buffer overflow in Totolink X5000R 9.1.0u.6369_B20230113 router firmware allows authenticated remote attackers to execute arbitrary code or cause denial of service via crafted submit-url parameter to /boafrm/formDdns endpoint. Public exploit code exists (GitHub). CVSS 7.4 indicates high severity but requires authenticated access (PR:L), limiting immediate risk to environments where router credentials are compromised. EPSS data not available; prioritize if router exposed to internet or untrusted networks.
Stack-based buffer overflow in Tenda CX12L router firmware 16.03.53.12 allows authenticated remote attackers to achieve full system compromise via the PPTP server configuration interface. The vulnerability resides in the formSetPPTPServer function within /goform/SetPptpServerCfg and is exploitable over the network with low attack complexity. A public proof-of-concept exploit exists on GitHub, significantly lowering the barrier to exploitation, though CISA has not yet added this to the KEV catalog indicating no confirmed widespread active exploitation at this time.
A SSTI (server side template injection) vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Remote unauthenticated access to PraisonAI's legacy Flask API server allows attackers to execute configured agent workflows without authentication. Versions 2.5.6 through 4.6.33 ship with authentication disabled by default on the Flask server, enabling any network-accessible caller to trigger agents.yaml workflows via the /chat endpoint and access agent configurations through /agents. Patch released in version 4.6.34. CVSS 7.3 with network vector and no privileges required (AV:N/AC:L/PR:N/UI:N) indicates this is remotely exploitable against default configurations, though impact is limited to low confidentiality, integrity, and availability (C:L/I:L/A:L).
Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-bit signed integer multiplication, causing a small buffer to be allocated for a write loop that runs many iterations, overflowing the heap. Because the 'spelllang' option can be set from a modeline, a text file modeline can trigger spell file loading if a malicious .spl file has been planted on the runtimepath. This issue has been patched in version 9.2.0450.
/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands as root via a POST request that carries a serverName parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut[]. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Remote code execution as root in Remote Spark SparkView before build 1122 allows network attackers to bypass local connection authentication checks and execute arbitrary commands with maximum privileges. CVSS 4.0 assigns the maximum 10.0 score with network vector, low complexity, and no authentication required (AV:N/AC:L/PR:N). The vendor description explicitly warns that depending on implementation, unauthenticated attackers can exploit this flaw. EPSS and KEV data not provided, but the combination of trivial exploitation conditions and root-level impact makes this critical for any organization running affected SparkView builds.
Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow (.github/workflows/pr-docker-build.yml) allows any unauthenticated user to execute arbitrary code during the Docker build process and exfiltrate a highly privileged GITHUB_TOKEN (write-all permissions). This can be achieved simply by opening a Pull Request from a fork with a maliciously modified Dockerfile.dev. This issue has been patched via commit da44801.
Remote unauthenticated command injection in Universal Robots PolyScope Dashboard Server (versions <5.21.1) allows attackers to execute arbitrary OS commands on industrial robot controllers via network-crafted requests. With CVSS 9.8 (critical severity) and complete absence of authentication barriers, this vulnerability enables full robot controller compromise from remote network positions. No authentication, user interaction, or attack complexity required - exploitation is straightforward against default configurations exposing the Dashboard Server interface.
Unauthorized API access in sovity Dataspace Portal versions 2.1.1 through 7.3.1 allows unauthenticated remote attackers to bypass authorization controls and access backend APIs using credentials from self-registered accounts in PENDING status. The vulnerability affects the open-source SaaS platform before organizations approve new user registrations, enabling information disclosure and potential data manipulation. Vendor-confirmed patch released in version 7.3.2 on 2026-04-20. CVSS 10.0 reflects network-accessible attack with no complexity, no privileges required, and high impact across confidentiality, integrity, and availability in both vulnerable and subsequent systems. No CISA KEV listing or public exploit identified at time of analysis.
{nodeID}`) operations. The defect is route-group-scoped: there is no inbound auth middleware on the UPI group at all, while a control comparison against the sibling `nsmf-oam` group on the same SMF instance shows OAM IS protected (no-token request returns `401 Unauthorized`). So this is not a global config gap -- it is specifically that the UPI group was mounted without the auth middleware that the OAM group has. Validated against the SMF container in the official Docker compose lab. - Source repo tag: `v4.2.1` - Running Docker image: `free5gc/smf:v4.2.0` - Docker validation date: 2026-03-13 Control comparison on the same SMF instance: - `GET /upi/v1/upNodesLinks` (no token) -> `200 OK` - `GET /nsmf-oam/v1/` (no token) -> `401 Unauthorized` This side-by-side proves OAuth2 middleware is wired in for `nsmf-oam` but not for `UPI` on the same process. Code evidence (paths in `free5gc/smf`): - UPI group mounted WITHOUT auth middleware: `NFs/smf/internal/sbi/server.go:76` - OAM group mounted WITH auth middleware (control): `NFs/smf/internal/sbi/server.go:95` - UPI business handlers (read / write / delete on `upNodesLinks`): - `NFs/smf/internal/sbi/api_upi.go:44` - `NFs/smf/internal/sbi/api_upi.go:60` - `NFs/smf/internal/sbi/api_upi.go:84` Reproduced end-to-end against the running SMF at `http://10.100.200.6:8000`. 1. READ UP-nodes/links with NO `Authorization` header -> `200 OK`: ``` curl -i http://10.100.200.6:8000/upi/v1/upNodesLinks ``` 2. WRITE: POST attacker-controlled UPF node and link with NO `Authorization` header -> `200 OK`: ``` curl -i -X POST http://10.100.200.6:8000/upi/v1/upNodesLinks \ -H 'Content-Type: application/json' \ --data '{"links":[{"A":"gNB1","B":"UPF-POC-20260313","weight":1}],"upNodes":{"UPF-POC-20260313":{"type":"UPF","nodeID":"198.51.100.20","addr":"198.51.100.20","sNssaiUpfInfos":[{"sNssai":{"sst":1,"sd":"010203"},"dnnUpfInfoList":[{"dnn":"internet"}]}]}}}' ``` 3. DELETE with FORGED token -> `404 Not Found` from business logic (auth was bypassed; the 404 is a business response, not an auth rejection): ``` curl -i -X DELETE http://10.100.200.6:8000/upi/v1/upNodesLinks/UPF-POC-20260313 \ -H 'Authorization: Bearer not-a-real-token' ``` 4. CONTROL: same instance, sibling OAM route, no token -> `401 Unauthorized`: ``` curl -i http://10.100.200.6:8000/nsmf-oam/v1/ ``` SMF container logs (`docker logs smf`) confirm the side-by-side behavior: ``` [INFO][SMF][GIN] | 200 | GET | /upi/v1/upNodesLinks [INFO][SMF][GIN] | 401 | GET | /nsmf-oam/v1/ [INFO][SMF][GIN] | 404 | DELETE | /upi/v1/upNodesLinks/UPF-POC-20260313 [INFO][SMF][GIN] | 200 | POST | /upi/v1/upNodesLinks ``` Missing inbound authentication (CWE-306) and authorization (CWE-862) on the SMF `UPI` SBI route group. Severity is scored against the route group's intended capability surface (UP-node and link topology management), which is realized by the demonstrated PoC: an unauthenticated network attacker can already today read SMF's view of the UP-plane topology, inject attacker-controlled UPF nodes and link entries, and target deletions of named entries. Any party that can reach SMF on the SBI can: - Read SMF's current UP-node and link topology view anonymously. - Inject attacker-controlled UPF entries (with attacker-chosen nodeID / addr / S-NSSAI / DNN), poisoning SMF's view of which UPFs serve which slices/DNNs and biasing subsequent UPF selection / PFCP path establishment for legitimate PDU sessions. - Issue topology delete operations against named UPF entries, denying or disrupting legitimate UPF participation in SMF's selection logic. The defect is route-group-scoped: there is no auth middleware on the UPI group at all, so every UPI endpoint inside this group inherits the missing inbound auth boundary, and the same-instance OAM control proves this is the UPI mount specifically (not a global SMF config issue). Affected: free5gc v4.2.1. Upstream issue: https://github.com/free5gc/free5gc/issues/887 Upstream fix: https://github.com/free5gc/smf/pull/197
free5GC's NEF mounts the `nnef-oam` route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can hit the OAM route with no `Authorization` header at all and the handler returns `200 OK`. The current OAM handler is a stub that returns `null`, but the structural defect is route-group-scoped: the entire OAM route group has no inbound auth middleware, so every future OAM operation added to this group inherits the missing auth boundary by default. Same root cause as the NEF traffic-influence and PFD-management findings. Validated against the NEF container in the official Docker compose lab. - Source repo tag: `v4.2.1` - Running Docker image: `free5gc/nef:v4.2.0` - Runtime NEF commit: `5ce35eab` - Docker validation date: 2026-03-11 NEF advertises `OAuth2 setting receive from NRF: true`, yet the OAM route group is mounted without any inbound auth middleware and answers unauthenticated `GET`s with `200 OK`. Code evidence (paths in `free5gc/nef`): - OAM route group mounted without auth middleware: `NFs/nef/internal/sbi/server.go:60` - OAM route exposed at `/`: `NFs/nef/internal/sbi/api_oam.go:9` - OAM processor returns `200 OK` directly: `NFs/nef/internal/sbi/processor/oam.go:9` - NEF context only exposes outbound token acquisition (`GetTokenCtx`); there is no inbound authorization path: `NFs/nef/internal/context/nef_context.go:153` Reproduced against the running NEF at `http://10.100.200.19:8000` with no `Authorization` header: ``` curl -i http://10.100.200.19:8000/nnef-oam/v1/ ``` Observed output: ``` HTTP/1.1 200 OK null ``` NEF container logs (`docker logs nef`) show the request being served while OAuth is enabled: ``` [INFO][NEF][GIN] | 200 | GET | /nnef-oam/v1/ ``` Missing inbound authentication (CWE-306) and authorization (CWE-862) on the NEF OAM SBI route group. Severity is scored against the OAM route group's intended capability surface (Operations / Administration / Maintenance), NOT against the current stub handler. The current handler is a stub that returns `null`, but the defect is route-group-scoped: there is no auth middleware on the group at all, so every future OAM operation added behind this group inherits the missing inbound auth boundary by default. Any party that can reach NEF on the SBI can: - Probe and enumerate the OAM route surface anonymously today. - Hit any future OAM-group endpoint (read, modify, restart-style operations) anonymously, because the auth boundary does not exist for this group. Operators who assume `OAuth2 setting receive from NRF: true` enforces inbound auth on NEF are wrong for this route group. Affected: free5gc v4.2.1. Upstream issue: https://github.com/free5gc/free5gc/issues/861 Upstream fix: https://github.com/free5gc/nef/pull/23
Emlog is an open source website building system. Prior to version 2.6.11, direct SQL injection in article creation and update functions allows attackers to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or system destruction. This issue has been patched in version 2.6.11.
{appID}`, and to create or delete PFD change-notification subscriptions via `POST /subscriptions` and `DELETE /subscriptions/{subID}`. Same root cause as the other NEF SBI findings: the route group is mounted without any inbound auth middleware. Unlike the OAM and traffic-influence groups, `nnef-pfdmanagement` IS declared in the runtime `ServiceList`, so this is the production-intended path that operators expect to be protected by `OAuth2 setting receive from NRF: true` -- and it is not. Validated against the NEF container in the official Docker compose lab. - Source repo tag: `v4.2.1` - Running Docker image: `free5gc/nef:v4.2.0` - Runtime NEF commit: `5ce35eab` - Docker validation date: 2026-03-11 NEF advertises `OAuth2 setting receive from NRF: true`, but the entire `nnef-pfdmanagement` route group is mounted with no inbound auth middleware, so forged-token requests reach the read and subscription handlers and execute against UDR-backed state. Code evidence (paths in `free5gc/nef`): - Route group mounted without auth middleware: `NFs/nef/internal/sbi/server.go:56` - Read routes exposed at `/applications` and `/applications/:appID`: `NFs/nef/internal/sbi/api_pfdf.go:13` - Subscription routes exposed at `/subscriptions` and `/subscriptions/:subID`: `NFs/nef/internal/sbi/api_pfdf.go:13` - `GET /applications` queries UDR for application PFD data: `NFs/nef/internal/sbi/processor/pfdf.go:19` - `GET /applications/:appID` queries UDR for an application PFD: `NFs/nef/internal/sbi/processor/pfdf.go:53` - `POST /subscriptions` only checks `notifyUri` is present, then stores the subscription: `NFs/nef/internal/sbi/processor/pfdf.go:83` - `DELETE /subscriptions/:subID` removes the subscription: `NFs/nef/internal/sbi/processor/pfdf.go:110` - NEF context only exposes outbound token acquisition (`GetTokenCtx`); there is no inbound authorization path: `NFs/nef/internal/context/nef_context.go:153` Reproduced end-to-end against the running NEF at `http://10.100.200.19:8000` using a fabricated bearer token. 1. Seed an AF context (also forged-token): ``` curl -i \ -H 'Authorization: Bearer not-a-real-token' \ -H 'Content-Type: application/json' \ --data '{"afServiceId":"svc-pfdf-read","afAppId":"app-seed-pfdf-read","dnn":"internet","snssai":{"sst":1,"sd":"010203"},"anyUeInd":true,"trafficFilters":[{"flowId":1,"flowDescriptions":["permit out ip from 192.0.2.41 to 198.51.100.0/24"]}],"trafficRoutes":[{"dnai":"mec-pfdf-read","routeInfo":{"ipv4Addr":"10.60.0.3","portNumber":0}}]}' \ http://10.100.200.19:8000/3gpp-traffic-influence/v1/af-poc-pfdf-read-20260311/subscriptions ``` 2. Seed one PFD application entry (also forged-token): ``` curl -i \ -H 'Authorization: Bearer not-a-real-token' \ -H 'Content-Type: application/json' \ --data '{"pfdDatas":{"app-poc-pfdf-read-20260311":{"externalAppId":"app-poc-pfdf-read-20260311","pfds":{"pfd-poc":{"pfdId":"pfd-poc","urls":["^http://pfdf-read.example.com(/\\\\S*)?$"]}}}}}' \ http://10.100.200.19:8000/3gpp-pfd-management/v1/af-poc-pfdf-read-20260311/transactions ``` 3. READ PFD collection with forged token -> `200 OK` returns PFD data: ``` curl -i -H 'Authorization: Bearer not-a-real-token' \ 'http://10.100.200.19:8000/nnef-pfdmanagement/v1/applications?application-ids=app-poc-pfdf-read-20260311' ``` 4. READ individual PFD with forged token -> `200 OK`: ``` curl -i -H 'Authorization: Bearer not-a-real-token' \ http://10.100.200.19:8000/nnef-pfdmanagement/v1/applications/app-poc-pfdf-read-20260311 ``` 5. CREATE PFD subscription with forged token -> `201 Created`: ``` curl -i \ -H 'Authorization: Bearer not-a-real-token' \ -H 'Content-Type: application/json' \ --data '{"applicationIds":["app-poc-sub1","app-poc-sub2"],"notifyUri":"http://127.0.0.1:65530/pfd-notify"}' \ http://10.100.200.19:8000/nnef-pfdmanagement/v1/subscriptions ``` 6. DELETE PFD subscription with forged token -> `204 No Content`: ``` curl -i -X DELETE \ -H 'Authorization: Bearer not-a-real-token' \ http://10.100.200.19:8000/nnef-pfdmanagement/v1/subscriptions/1 ``` NEF container logs (`docker logs nef`) show requests reaching business handlers and returning success codes: ``` [INFO][NEF][PFDF] GetApplicationsPFD - appIDs: [app-poc-pfdf-read-20260311] [INFO][NEF][GIN] | 200 | GET | /nnef-pfdmanagement/v1/applications?application-ids=... [INFO][NEF][PFDF] GetIndividualApplicationPFD - appID[app-poc-pfdf-read-20260311] [INFO][NEF][GIN] | 200 | GET | /nnef-pfdmanagement/v1/applications/... [INFO][NEF][PFDF] PostPFDSubscriptions - appIDs: [app-poc-sub1 app-poc-sub2] [INFO][NEF][GIN] | 201 | POST | /nnef-pfdmanagement/v1/subscriptions [INFO][NEF][PFDF] DeleteIndividualPFDSubscription - subID[1] [INFO][NEF][GIN] | 204 | DELETE | /nnef-pfdmanagement/v1/subscriptions/1 ``` Missing inbound authentication (CWE-306) and authorization (CWE-862) on the `nnef-pfdmanagement` SBI route group. This is the production-intended PFD service for NEF (declared in the runtime `ServiceList`), so operators expect it to be protected by NRF-issued OAuth2 -- and it is not. Any party that can reach NEF on the SBI can: - Read AF-supplied PFD application data anonymously, leaking traffic-classification policy (URL regex patterns, application identifiers) used downstream by SMF/UPF. - Create attacker-controlled PFD change-notification subscriptions pointing at attacker-chosen `notifyUri` endpoints, turning NEF into an unauthenticated outbound HTTP request source on whatever applications the attacker subscribes to. - Delete legitimate PFD subscriptions, denying change notifications to legitimate consumers and breaking downstream PFD-update propagation. The defect is route-group-scoped: there is no auth middleware on the group at all, so every read and subscription endpoint inside this group inherits the missing inbound auth boundary. Severity is scored against the route group's full capability surface. Affected: free5gc v4.2.1. Upstream issue: https://github.com/free5gc/free5gc/issues/862 Upstream fix: https://github.com/free5gc/nef/pull/23
Remote code execution in ai-scanner versions 1.0.0 through 1.4.0 allows authenticated attackers to inject and execute arbitrary JavaScript code via the BrowserAutomation::PlaywrightService component. The vulnerability has a Critical CVSS score of 9.9 with scope change, enabling cross-boundary compromise of confidentiality, integrity, and availability. Vendor-released patch available in version 1.4.1 as of April 13, 2026, with GitHub Security Advisory GHSA-r27j-xxgx-f5vr confirming the fix.
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands executed via ssh2.Client.exec() on remote managed servers without any sanitization or validation. An authenticated attacker can inject arbitrary OS commands by crafting a malicious container ID, achieving Remote Code Execution on any managed server. This issue has been patched in version 2.1.0.
Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code.
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to all network interfaces (0.0.0.0:8080). This configuration allows any user with network access to the port to bypass authentication and gain full control over the sandbox environment. This issue has been patched in version 4.14.13.
Command injection in electerm's npm install script allows arbitrary command execution on macOS systems during 'npm install -g electerm'. The runMac() function in install.js:150 passes attacker-controlled remote release metadata (releaseInfo.name) directly to exec('open ...') without validation, enabling remote code execution as the installing user. CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) reflects theoretical network-based exploitation, though actual attack requires compromise of the project's update server or man-in-the-middle position during npm package installation. No public exploit identified at time of analysis. Vendor-released patch: version 3.3.8 (commit 59708b3).
Remote code execution in vm2 npm package (versions ≤3.11.1) allows attackers to escape the JavaScript sandbox via a prototype pollution technique targeting the neutralizeArraySpeciesBatch method. By installing a setter on Array.prototype[0] and triggering Buffer allocation, attackers gain access to the host Function constructor and can execute arbitrary system commands. Publicly available proof-of-concept exists (GHSA-9qj6-qjgg-37qq). CVSS 9.8 with network vector reflects the risk when vm2 is used to execute untrusted code in server-side applications. Vendor-released patch: vm2 v3.11.2 addresses this and two other concurrent sandbox escapes.
Remote code execution in math-codegen npm package versions prior to 0.4.3 allows unauthenticated attackers to execute arbitrary system commands via string literal injection into the cg.parse() function. The vulnerability stems from unsanitized string literals being injected directly into new Function() bodies, enabling full command execution on any application exposing math evaluation endpoints that process user input. EPSS score not available, but this is a critical unauthenticated RCE requiring no special conditions beyond user input reaching the vulnerable parser. Vendor-released patch available in version 0.4.3.
Remote code execution in VM2 (npm package) allows complete sandbox escape via null-prototype exception handling flaw. Attackers can execute arbitrary system commands on the host by exploiting a logic error in the exception proxy mechanism that incorrectly handles objects with null prototypes. Public exploit code exists and the vulnerability affects all versions prior to 3.11.2. The CVSS 9.8 severity reflects network-accessible, unauthenticated exploitation requiring no user interaction - however, real-world risk depends on whether untrusted users can supply code to the VM2 sandbox in a given deployment.
NornicDB's Bolt server binds to all network interfaces (0.0.0.0) regardless of the --address CLI flag or server.host configuration, exposing the graph database with default admin:password credentials to any device on the same LAN. The HTTP server correctly honors bind address restrictions, but a configuration plumbing bug prevents the Bolt protocol listener from reading the intended host parameter. Vendor-released patch available in version 1.0.42-hotfix addresses the underlying CWE-1392 (Improper Binding of Resource to Another Sphere) by adding Host field to Bolt configuration and wiring the resolveBindAddress() function to both protocol listeners. GitHub security advisory GHSA-2hp7-65r3-wv54 confirms the vulnerability with reproduction steps showing netstat evidence of wildcard binding despite localhost configuration.
Use-after-free in the Linux kernel's ksmbd SMB server (smb2_open()) allows remote attackers to potentially trigger memory corruption when accessing an opinfo pointer dereferenced after rcu_read_unlock(). The flaw is fixed in upstream stable releases (6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, and 7.0); no public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.02%.
Integer overflow in Linux kernel's IPv6 IOAM (In-situ Operations, Administration, and Maintenance) trace functionality allows remote unauthenticated attackers to trigger buffer overflow conditions. A crafted IOAM trace packet with specific schema configurations causes an 8-bit integer wraparound that bypasses buffer boundary checks, enabling memory corruption with potential for arbitrary code execution at kernel privilege level. CVSS scored 9.8 (Critical) with network attack vector, though EPSS score of 0.02% (7th percentile) suggests minimal observed exploitation activity. Patches available across multiple stable kernel versions (5.15, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0) via upstream commits, indicating vendor-prioritized remediation without confirmed active exploitation.
Improper key length validation in the Linux kernel's libceph authentication subsystem allows remote unauthenticated attackers to trigger memory corruption during Ceph authentication key decoding. This affects systems using Ceph distributed storage clusters, with EPSS probability 0.02% (percentile 7%), indicating low immediate exploitation likelihood. Patches available across all supported kernel branches (5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0) with commits linked in multiple stable trees, suggesting coordinated vendor response. No public exploit code or CISA KEV listing identified at time of analysis.
1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privileged users who can upload new translated pages to the website.
Double-free vulnerability in Linux kernel's qla2xxx SCSI driver allows remote code execution or denial of service through malformed Fibre Channel ELS commands. The qla24xx_els_dcmd_iocb() function incorrectly frees fcport structures twice during error handling - once via kref_put() calling qla2x00_els_dcmd_sp_free(), then again explicitly afterward. Despite the CVSS:3.1/AV:N score of 9.8, the network vector appears to reflect the driver's network-facing nature (Fibre Channel over IP or similar) rather than internet-accessible exploitation. EPSS score of 0.02% (5th percentile) indicates extremely low observed exploitation probability. Patches available across multiple stable kernel branches (6.9+, 6.19.9+, 7.0+) per upstream commits.
Timing attacks can compromise TCP Authentication Option (TCP-AO) message authentication codes in Linux kernel 6.7+ due to non-constant-time MAC comparison. Remote unauthenticated attackers on the network path can exploit timing differences during MAC validation to extract authentication secrets, defeating TCP-AO's connection authentication mechanism. Exploitation probability is low (EPSS 0.02%, 5th percentile) with no confirmed active exploitation, but vendor patches are available for affected stable branches including 6.12.78, 6.18.19, 6.19.9, and mainline 7.0.