Skip to main content
CVE-2018-25332 CRITICAL POC Act Now

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload RCE Gitbucket
NVD Exploit-DB GitHub VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2018-25335 CRITICAL POC Act Now

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Authentication Bypass File Upload
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2018-25320 CRITICAL POC Act Now

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Acl Analytics
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-8507 CRITICAL Act Now

Heap out-of-bounds write in the Crypt::OpenSSL::PKCS12 Perl module (versions up to and including 1.94) allows attackers who can supply a malicious PKCS12 file processed via info() or info_as_hash() to corrupt heap memory and potentially achieve remote code execution. The flaw stems from an integer overflow when an OCTET STRING or BIT STRING attribute on a SAFEBAG is >= 1 GiB in size, causing an undersized allocation followed by an OOB write. No public exploit identified at time of analysis, but the upstream patch and oss-security disclosure are public.

OpenSSL Buffer Overflow RCE Memory Corruption
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-8721 CRITICAL Act Now

Silent password truncation in the Perl module Crypt::OpenSSL::PKCS12 versions up to and including 1.94 causes any password bytes at or after the first embedded NULL byte to be dropped without warning. The flaw stems from password parameters being declared as char* in PKCS12.xs, routing through Perl's default typemap to SvPV_nolen and discarding the Perl-known length before C strlen() truncates the buffer. The result is severe entropy loss for binary, KDF-derived, or HMAC-derived passwords used to protect PKCS12 keystores, with no public exploit identified at time of analysis.

OpenSSL Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy