Skip to main content
CVE-2018-25332 CRITICAL POC Act Now

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload RCE Gitbucket
NVD Exploit-DB GitHub VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2018-25335 CRITICAL POC Act Now

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Authentication Bypass File Upload
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2018-25320 CRITICAL POC Act Now

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Acl Analytics
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2018-25333 HIGH POC This Week

Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.2%
CVE-2018-25339 HIGH POC This Week

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zechat
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25338 HIGH POC This Week

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zechat
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25330 HIGH POC This Week

Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi XSS Joomla Extension Ekrishta
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2018-25326 HIGH POC This Week

Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP WordPress Google
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.5%
CVE-2018-25325 HIGH POC This Week

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP WordPress
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2018-25329 HIGH POC This Week

WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP WordPress LFI
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2018-25323 HIGH POC This Week

Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Allok Avi Divx Mpeg To Dvd Converter
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2018-25328 HIGH POC This Week

VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Vx Search
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2018-25322 HIGH POC This Week

Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Fast Avi Mpeg Splitter
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-8764 HIGH POC This Week

Remote buffer overflow in H3C Magic B3 routers (firmware up to 100R002) allows attackers with high privileges to corrupt memory via the UpdateWanParams function in /goform/aspForm by manipulating the param argument. Publicly available exploit code exists per VulDB disclosure, though the vendor did not respond to coordinated disclosure attempts. With CVSS 4.0 score of 7.3 and PR:H requirement, exploitation hinges on prior administrative access to the device's web interface.

Buffer Overflow Magic B3
NVD VulDB GitHub
CVSS 4.0
7.3
EPSS
0.0%
CVE-2018-25319 HIGH POC This Week

Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2018-25336 MEDIUM POC This Month

Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Joomla Extension Jcart For Opencart
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25324 MEDIUM POC This Month

Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE LFI Apache PHP
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25327 MEDIUM POC This Month

Joomla!. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Js Jobs
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-8507 CRITICAL Act Now

Heap out-of-bounds write in the Crypt::OpenSSL::PKCS12 Perl module (versions up to and including 1.94) allows attackers who can supply a malicious PKCS12 file processed via info() or info_as_hash() to corrupt heap memory and potentially achieve remote code execution. The flaw stems from an integer overflow when an OCTET STRING or BIT STRING attribute on a SAFEBAG is >= 1 GiB in size, causing an undersized allocation followed by an OOB write. No public exploit identified at time of analysis, but the upstream patch and oss-security disclosure are public.

OpenSSL Buffer Overflow RCE Memory Corruption
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-8721 CRITICAL Act Now

Silent password truncation in the Perl module Crypt::OpenSSL::PKCS12 versions up to and including 1.94 causes any password bytes at or after the first embedded NULL byte to be dropped without warning. The flaw stems from password parameters being declared as char* in PKCS12.xs, routing through Perl's default typemap to SvPV_nolen and discarding the Perl-known length before C strlen() truncates the buffer. The result is severe entropy loss for binary, KDF-derived, or HMAC-derived passwords used to protect PKCS12 keystores, with no public exploit identified at time of analysis.

OpenSSL Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-8759 MEDIUM POC This Month

Expression language injection in Beetl template engine versions up to 3.20.2 enables remote attackers to execute arbitrary expressions through the SpELFunction component. The vulnerability stems from improper neutralization of special elements in Spring Expression Language (SpEL) processing, with publicly available exploit code and no vendor response despite early notification. CVSS 7.3 indicates moderate severity with confirmed remote exploitability.

Java Information Disclosure
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-8757 MEDIUM POC This Month

Path traversal in adenhq Hive versions up to 0.11.0 allows unauthenticated remote attackers to read arbitrary files via the _read_events_tail function in the Delete Request Handler. This network-accessible vulnerability requires no user interaction and has a publicly available proof-of-concept exploit. The vendor has not responded to disclosure attempts, leaving users without an official patch. EPSS data unavailable; CVSS 5.5 reflects limited confidentiality/integrity impact but ease of exploitation warrants prioritization for internet-facing deployments.

Path Traversal Hive
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-8737 MEDIUM POC This Month

Authentication bypass in Sanluan PublicCMS 5.202506.d allows remote unauthenticated attackers to access arbitrary user trade address data via manipulation of userId/id parameters in the TradeAddressListDirective component. Public exploit code exists (CVSS E:P), enabling unauthorized disclosure of confidential address information including names, phone numbers, and shipping details. EPSS data unavailable; not listed in CISA KEV. Vendor non-responsive to disclosure.

Authentication Bypass Java
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8738 MEDIUM POC This Month

Business logic flaws in PublicCMS 5.202506.d trade payment controller allow unauthenticated remote attackers to manipulate payment processing workflows, potentially enabling payment bypass or unauthorized transaction modifications. Publicly available exploit code exists demonstrating the attack. The vulnerability affects three payment-related functions (TradeOrderController.pay, TradePaymentController.pay, AccountGatewayComponent.pay) in the publiccms-trade module. Vendor was notified but did not respond, and no patch has been announced.

Java Information Disclosure
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8758 MEDIUM POC This Month

Unrestricted file upload in Metasoft MetaCRM (versions up to 6.4.0 Beta06) allows remote unauthenticated attackers to upload arbitrary files via the /common/jsp/upload3.jsp endpoint. A publicly disclosed exploit exists (CVSS E:P), enabling attackers to upload malicious files without authentication (PR:N), potentially leading to remote code execution. The vendor did not respond to coordinated disclosure, leaving users vulnerable. EPSS data not available, but the combination of network accessibility, no authentication requirement, and public exploit code indicates elevated real-world risk despite the moderate 5.5 CVSS score.

File Upload Metacrm
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8725 MEDIUM POC This Month

Server-side request forgery in CoreWorxLab CAAL versions up to 1.6.0 enables unauthenticated remote attackers to make arbitrary HTTP requests from the server through the test-hass endpoint in webhooks.py. The vulnerability has publicly available exploit code and allows attackers to access internal resources, potentially leading to data exposure or further compromise of internal systems. EPSS data not available, not currently in CISA KEV despite public exploit availability.

SSRF Caal
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8751 MEDIUM POC This Month

Deserialization vulnerability in H2O-3 machine learning platform versions up to 7402 enables remote code execution through the importBinaryModel function when processing malicious JAR files. The vulnerability allows unauthenticated remote attackers to execute arbitrary code with publicly available exploit code (CVSS 7.3, EPSS not provided). The vendor failed to respond to disclosure attempts, leaving users without an official patch.

Java Deserialization
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8750 MEDIUM POC This Month

Information disclosure in h2oai h2o-3 through version 7402 allows remote unauthenticated attackers to read arbitrary files from the server filesystem via the ImportFile API endpoint. The vulnerability resides in the importFiles function of PersistNFS.java and is confirmed actively exploited with publicly available exploit code (CVSS:4.0 E:P). Despite early vendor notification, h2oai has not responded or issued a patch, leaving deployments at risk of credential theft, source code exposure, or configuration file access.

Java Information Disclosure
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8752 MEDIUM POC This Month

Improper access controls in H2O-3's Rapids setproperty primitive allow remote unauthenticated attackers to modify system properties via the AstSetProperty.java exec function. The vulnerability permits low-impact integrity violations through manipulation of configuration settings accessible via the Rapids API. Public exploit code is available (VulDB 364379), increasing exploitation risk, though no active exploitation confirmed by CISA KEV at time of analysis. EPSS data not provided. Vendor unresponsive to disclosure attempts.

Authentication Bypass Java
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8739 MEDIUM POC This Month

Hard-coded cryptographic key in Sanluan PublicCMS 5.202506.d allows remote attackers to compromise data integrity through the SafeConfigComponent's getSignKey function. The vulnerability (CWE-321) enables manipulation of the privatefile_key argument, permitting unauthenticated network-based attacks with low complexity. Public exploit code is available per VulDB submission 809917, significantly lowering the skill barrier for exploitation despite the medium CVSS 5.5 score. EPSS data unavailable; not listed in CISA KEV, suggesting targeted rather than widespread exploitation at time of analysis.

Java Information Disclosure
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8734 MEDIUM POC This Month

SQL injection in Oinone Pamirs versions up to 7.2.0 allows remote unauthenticated attackers to read, modify, or delete database records via the queryListByWrapper interface. The RSQLToSQLNodeConnector.makeVariable function fails to properly sanitize input, enabling direct database manipulation. A publicly available proof-of-concept exploit exists (GitHub issue #12), and the vendor has not responded to disclosure attempts. EPSS data unavailable, not listed in CISA KEV. CVSS 5.5 (Medium) reflects confidentiality, integrity, and availability impacts all rated Low with network-accessible, low-complexity exploitation requiring no authentication.

SQLi Pamirs
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2018-25334 MEDIUM POC This Month

Zechat 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Zechat
NVD Exploit-DB VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2018-25337 MEDIUM POC This Month

Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Joomla Extension Joomocshop
NVD Exploit-DB VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2018-25321 MEDIUM POC This Month

TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF TP-Link
NVD Exploit-DB VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2018-25331 MEDIUM POC This Month

Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2026-8719 HIGH This Week

Authenticated attackers can escalate privileges to Administrator in AI Engine WordPress plugin version 3.4.9 through improper authorization in the MCP OAuth bearer-token implementation. The plugin accepts any valid OAuth token for Model Context Protocol (MCP) access without verifying administrator privileges, allowing low-privileged users (Subscriber+) to execute admin-level MCP tools. No public exploit or active exploitation identified at time of analysis.

WordPress Privilege Escalation
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-46720 HIGH PATCH This Week

Metric injection in the Perl module Net::Statsd::Tiny before version 0.3.8 allows remote attackers to inject arbitrary statsd metrics by smuggling newline, colon, or pipe characters through untrusted metric names or set values. The CVSS 8.2 score reflects high integrity impact from forged telemetry, and while a vendor patch is available, no public exploit has been identified at time of analysis.

Code Injection
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-8723 MEDIUM PATCH GHSA This Month

The qs Node.js library (versions 6.11.1 through 6.15.1) crashes with a synchronous TypeError when stringify is called with both arrayFormat: 'comma' and encodeValuesOnly: true on arrays containing null or undefined elements. Applications using these non-default options together will experience request failures (typically 500 errors in web frameworks) when processing user input with null array values. The vulnerability was introduced in commit 4c4b23d (PR #463, January 2023) and patched in v6.15.2 (commit 21f80b3). No public exploit or CISA KEV listing identified at time of analysis, though exploitation requires only crafting JSON input with null array elements.

Denial Of Service Node.js Null Pointer Dereference
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-8753 LOW POC Monitor

Remote command injection in Kodbox fileThumb plugin (versions up to 1.64) allows authenticated attackers to execute arbitrary system commands by manipulating the ffmpegBin parameter in video processing functions. Publicly available exploit code increases immediate risk. EPSS data not available, but CVSS temporal metrics indicate confirmed proof-of-concept exploitation (E:P). Vendor has not responded to disclosure, leaving patch status uncertain.

Command Injection PHP
NVD VulDB
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-8744 LOW POC PATCH Monitor

Denial of service in Open5GS NRF (Network Repository Function) allows authenticated remote attackers to crash the service by exhausting the nf_service resource pool. Open5GS versions up to 2.7.7 fail to validate pool allocation during NF service registration, triggering assertion failures that terminate the process. Publicly available exploit code exists (GitHub issue #4466). EPSS data not available, not listed in CISA KEV. Patch released via commit 819db11a08b9736a3576c4f99ceb28f7eb99523a, merged in PR #4534.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-8729 LOW POC Monitor

Denial of service in Open5GS versions up to 2.7.7 allows authenticated remote attackers to crash the Network Repository Function (NRF) component by manipulating service-names or snssais parameters in SBI messages. A public proof-of-concept exploit exists via GitHub issue #4460, and the vendor has not responded to the early disclosure. EPSS data unavailable, but the low CVSS 4.3 score reflects limited impact (availability only, authenticated access required), reducing real-world urgency for most deployments.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-8728 LOW POC Monitor

Denial of service in Open5GS versions up to 2.7.7 allows authenticated remote attackers to crash the Network Repository Function (NRF) component via malformed target-plmn-list parameters. The vulnerability targets a parsing function in the Service-Based Interface (SBI) library and has publicly available exploit code (GitHub issue #4458). CVSS 4.3 reflects low severity, but the vendor has not responded to early disclosure attempts, leaving no confirmed patch timeline. EPSS and KEV data unavailable - exploitation likelihood beyond POC unknown.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-8743 LOW POC PATCH Monitor

Improper authorization in Open5GS AMF/MME component (versions up to 2.7.6) allows authenticated network attackers to manipulate NGAP user context lookups, potentially accessing or interfering with other users' 5G/LTE sessions. The vulnerability stems from insufficient validation of AMF_UE_NGAP_ID and RAN_UE_NGAP_ID pairs in the ran_ue_find_by_amf_ue_ngap_id function, enabling attackers with low-level network privileges to bypass session-to-base-station association controls. Publicly available exploit code exists (GitHub issue #4498), and a vendor-released patch (commit 5746b857) is available. CVSS 6.3 (Medium) reflects network vector with low attack complexity but requires authentication.

Authentication Bypass Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8740 LOW POC Monitor

Server-Side Template Injection in PublicCMS 5.202506.d allows authenticated remote attackers to execute arbitrary code and access sensitive information via the templateResult API endpoint. The vulnerability exists in the TemplateResultDirective.java component, where the templateContent parameter lacks proper sanitization, enabling template engine injection attacks. Publicly available exploit code exists (VulnPlus disclosure), and the vendor has not responded to coordinated disclosure attempts, leaving users without an official patch.

Ssti Java Information Disclosure
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8735 LOW POC Monitor

Unsafe deserialization in Oinone Pamirs versions up to 7.2.0 allows authenticated remote attackers to potentially execute arbitrary code via crafted JSON payloads to the appConfigQuery interface. The vulnerability exists in JsonUtils.parseMap within PamirsParserConfig.java, where attacker-controlled data is deserialized without proper validation. Public exploit code is available on GitHub, though EPSS and KEV data are not provided. CVSS 4.0 score of 2.1 reflects limited scope impact (VC:L/VI:L/VA:L with SC:N/SI:N/SA:N), requiring low-privilege authentication (PR:L) but featuring low attack complexity (AC:L) and network attack vector (AV:N). Vendor non-responsive to disclosure.

Java Deserialization
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8765 LOW POC Monitor

Path traversal in Kilo-Org kilocode's File Diff API Endpoint allows authenticated remote attackers to read arbitrary files outside intended directories. Affecting versions up to 7.0.47, the vulnerability exploits insufficient validation of file path arguments in the Bun.file function within the worktree-diff component. Public exploit code exists (EPSS probability and KEV status not provided), and the vendor has not responded to disclosure attempts, leaving users without vendor-confirmed remediation guidance.

Path Traversal Kilocode
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8746 LOW POC Monitor

Use-after-free vulnerability in Open5GS NRF component (versions up to 2.7.7) allows authenticated remote attackers to trigger denial of service via the discover_handler function in nghttp2-server.c. Publicly available exploit code exists (GitHub issue #4476), but vendor has not responded to early disclosure. EPSS data not available; CVSS 4.3 (Medium) reflects limited scope (DoS only, authenticated access required). Not listed in CISA KEV, indicating no confirmed widespread exploitation despite public POC.

Denial Of Service Use After Free Memory Corruption Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8745 LOW POC Monitor

Remote authenticated denial of service in Open5GS versions up to 2.7.7 allows attackers to crash the AUSF (Authentication Server Function) component via crafted timer manipulation. The vulnerability resides in ogs_timer_add function within nausf-handler.c. Public exploit code exists via GitHub issue #4472, though vendor has not responded to disclosure. EPSS data unavailable; CVSS 4.0 scores only 2.1 due to low availability impact and authenticated requirement, but the existence of public exploit elevates practical risk for exposed 5G core deployments.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8731 LOW POC Monitor

Denial of service vulnerability in Open5GS NRF client management (versions ≤2.7.7) allows authenticated remote attackers to crash the Network Repository Function service via malformed client pool arguments. Public exploit code exists (GitHub issue #4464), but vendor has not responded to disclosure. CVSS base score of 4.3 reflects low severity due to limited availability impact and authentication requirement. EPSS data not provided; KEV status not applicable for this unpatched issue.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8730 LOW POC Monitor

Denial of service in Open5GS versions up to 2.7.6 allows authenticated remote attackers to crash the Network Repository Function (NRF) component via crafted nfInstanceId parameter manipulation in the ogs_sbi_nf_instance_set_id function. Publicly available exploit code exists (GitHub issue #4462), but vendor has not responded to early responsible disclosure. EPSS data not available, not listed in CISA KEV. CVSS 4.3 (Medium) reflects low impact (availability only) and authenticated attack vector.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy