Skip to main content
CVE-2018-25404 HIGH POC This Week

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticket_id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25403 HIGH POC This Week

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25402 HIGH POC This Week

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25401 HIGH POC This Week

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25400 HIGH POC This Week

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25399 HIGH POC This Week

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tick_lat and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25398 HIGH POC This Week

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frm_passwd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25395 HIGH POC This Week

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the feature_id parameter of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25394 HIGH POC This Week

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release_id parameter of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25386 HIGH POC This Week

HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25385 HIGH POC This Week

E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id_partai. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25390 HIGH POC This Week

HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'desa' POST parameter sent to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25389 HIGH POC This Week

HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'nama_kelompok' POST parameter sent to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25382 HIGH POC This Week

Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Information Disclosure
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25388 HIGH POC This Week

HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2018-25396 HIGH POC This Week

Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2018-25391 HIGH POC This Week

HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing unauthenticated attackers to delete arbitrary records by sending a crafted request that specifies the target. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2018-25383 HIGH POC This Week

Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow RCE
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-7786 CRITICAL CISA Emergency

Hardcoded administrative credentials in Jinan USR IOT (PUSR) USR-W610 RS232/485-to-Wi-Fi/Ethernet serial converter firmware allow remote unauthenticated attackers to gain full administrative control of affected industrial gateway devices. The CVSS 9.8 rating reflects network-reachable, no-interaction exploitation against an OT/ICS device class typically deployed in serial-to-IP bridging roles, and no public exploit identified at time of analysis, though credential recovery via firmware extraction is straightforward for any researcher.

Authentication Bypass Usr W610 Rs232 485 To Wi Fi Ethernet Converter
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
Threat
4.0
CVE-2026-10063 HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP wireless router firmware 3.10B20 allows authenticated remote attackers to corrupt memory via the peerPin parameter handled by the formWPS function in /goform/formWPS, potentially leading to arbitrary code execution or device crash. Publicly available exploit code exists, and the vendor has explicitly declined to issue a fix as the device has been end-of-life since 2009. No CISA KEV listing or EPSS score is provided, but the combination of public POC and unpatchable status materially elevates real-world risk for any device still deployed.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10062 HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP router firmware 3.10B20 allows authenticated remote attackers to corrupt memory by sending crafted ip, mask, or gateway parameters to the formSetRoute handler at /goform/formSetRoute, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists (disclosed via VulDB and a GitHub PoC), and because the product has been end-of-life since 2009 the vendor has explicitly declined to issue a fix. No active exploitation has been confirmed via CISA KEV at time of analysis.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2018-25393 HIGH POC This Week

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-5386 CRITICAL CISA Emergency

Unauthenticated administrator password reset in KMW KM-IP521 and KM-IP421 CCTV cameras allows remote network-based attackers to reset the admin credential to a known value and obtain full control of the device, including live video feeds and configuration. The flaw is classified under CWE-620 (Unverified Password Change) and was disclosed via CISA's ICS-CERT coordination channel with a CVSS 9.1 rating. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the trivial attack complexity and lack of authentication make it high-priority for any internet- or LAN-exposed deployments.

Information Disclosure Km Ip521 Km Ip421
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2018-25392 HIGH POC This Week

MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the log_activity. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2018-25387 MEDIUM POC This Month

HaPe PKH 1.1 contains a cross-site request forgery vulnerability that allows attackers to change administrator passwords by submitting forged requests to the user update endpoint. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25397 MEDIUM POC This Month

PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF
NVD GitHub Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-5768 HIGH PATCH CISA Act Now

Unauthenticated BLE access to the Fourth Frontier X2 wearable cardiac monitor allows attackers within radio range to read and write critical GATT characteristics without pairing, enabling control of device functions and injection of fabricated health telemetry. The companion Frontier X Android and iOS applications additionally fail to authenticate paired devices, letting an attacker impersonate a legitimate X2 and feed falsified heart rate, breathing rate, and strain data into a victim's mobile app. No public exploit identified at time of analysis, and the issue is tracked under CISA ICS-MA-26-148-01.

Authentication Bypass Frontier X Android Application Frontier X Ios Application Frontier X2
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-42929 HIGH PATCH CISA Act Now

Authentication bypass via hard-coded credentials in Danelec MacGregor Voyage Data Recorder (VDR) G4e allows attackers with adjacent-network access to log in using undocumented default accounts and gain high-impact access to confidentiality and integrity of recorded voyage data. The flaw was disclosed via CISA ICS-CERT advisory ICSA-26-148-01 and carries a CVSS v4.0 score of 8.7, with no public exploit identified at time of analysis and no CISA KEV listing.

Authentication Bypass Macgregor Voyage Data Recorder Vdr G4E
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-42941 HIGH PATCH CISA Act Now

Hardcoded default credentials in the Danelec MacGregor Voyage Data Recorder (VDR) G4e allow adjacent attackers to gain administrative access to the maritime black-box recorder without any password change being enforced at deployment. The flaw was reported through ICS-CERT (advisory ICSA-26-148-01) and carries a CVSS 4.0 score of 8.7, reflecting high confidentiality and integrity impact over an adjacent network with no privileges or user interaction required. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Macgregor Voyage Data Recorder Vdr G4E
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-6824 HIGH CISA Act Now

Stored cross-site scripting in CP Plus 1xxx series Network Video Recorder (NVR) devices, specifically the CP-UNR-108F1 hardware/web/system components, allows authenticated high-privileged attackers to inject persistent JavaScript payloads into backend storage that execute in administrators' browsers on page load. With CVSS 8.4 and a Scope:Changed vector, successful exploitation enables session hijacking, unauthorized administrative actions against the video surveillance device, and theft of footage or credentials. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

XSS Cp Unr 108F1 Hardware Cp Unr 108F1 Web Cp Unr 108F1 System
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-49199 CRITICAL Act Now

Remote unauthenticated command injection in the Acer Predator Connect W6x router enables root-level code execution via crafted MQTT messages, scoring a maximum 10.0 CVSS v4.0 across all impact metrics including subsequent system impact. The flaw was disclosed by Acer and tracked in the ENISA EUVD as EUVD-2026-33269, but no public exploit identified at time of analysis. Affects firmware W6x_GBL_2.00.000005 and earlier, with no special authentication or user interaction required.

Command Injection RCE Predator Connect W6X
NVD VulDB
CVSS 4.0
10.0
EPSS
0.7%
CVE-2026-47208 CRITICAL PATCH GHSA Act Now

Remote code execution in the vm2 Node.js sandbox library (versions <= 3.11.3) allows sandboxed JavaScript to escape isolation and execute arbitrary commands on the host. The flaw stems from a missing resetPromiseSpecies call in the localPromise swallow tail, letting a sandbox subclass hijack Promise species resolution and capture a raw host-realm RangeError that exposes the host Function constructor. Publicly available exploit code exists (POC published in the advisory), though no public exploit identified at time of analysis as actively exploited in the wild; given vm2's heavy use as an untrusted-code sandbox in SaaS, CI, and serverless platforms, this is a top-priority issue.

RCE Red Hat
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.5%
CVE-2026-47137 CRITICAL PATCH GHSA Act Now

Sandbox escape in vm2 (npm package, versions <= 3.11.3) allows full remote code execution by bypassing the GHSA-8hg8-63c5-gwmx (CVE-2023-37903) patch through omission of the require option when nesting:true is set. Publicly available exploit code exists in the GHSA advisory itself, and with a CVSS of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C) any application passing untrusted code to a NodeVM configured this way is trivially compromised on the host.

RCE Red Hat
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.2%
CVE-2026-47140 CRITICAL PATCH GHSA Act Now

Sandbox escape leading to remote code execution in vm2 NodeVM versions 3.11.3 and earlier allows attackers running untrusted JavaScript inside the sandbox to break out via two missing entries in the dangerous-builtin denylist: `process` (whose `getBuiltinModule()` reloads any core module, including `child_process`) and `inspector/promises` (whose `Session().post('Runtime.evaluate', ...)` evaluates code in the host realm). The flaw is exploitable only when the embedder allows `process`, `inspector/promises`, or wildcard `*` in `require.builtin`. Publicly available exploit code exists (PoC published with the advisory), and a patch is available in vm2 3.11.4; no public exploit identified at time of analysis as actively used in the wild.

Node.js RCE Red Hat
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-47131 CRITICAL PATCH GHSA Act Now

Sandbox escape in the vm2 Node.js sandbox library (versions <= 3.11.3) allows untrusted JavaScript executed inside a vm2 VM to reach the host realm and achieve arbitrary code execution. By chaining Buffer.call.call indirection with __lookupGetter__/__lookupSetter__ to obtain host Object.prototype.__proto__ accessors and using a WebAssembly.compileStreaming rejection to surface a host TypeError, an attacker severs a host prototype chain, causing the bridge's proto-walk to return the raw host error unwrapped - yielding e.constructor.constructor as host Function and full RCE. Publicly available exploit code exists (advisory ships a working PoC); CVSS is 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Node.js RCE Red Hat
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-45631 CRITICAL PATCH Act Now

Remote code execution in Dokploy 0.27.0 through 0.29.2 allows unauthenticated attackers to forge email-verification JWTs using a hardcoded BETTER_AUTH_SECRET fallback ('better-auth-secret-123456789'), auto-sign-in as admin, and run arbitrary commands on the host through the built-in SSH terminal. The flaw carries a CVSS 10.0 score with network attack vector and no required privileges, and while no public exploit is identified at time of analysis, the trivially guessable secret makes weaponization straightforward.

Authentication Bypass Dokploy
NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-49200 CRITICAL Act Now

Credential disclosure in the Acer Wave 7 router (firmware T7c_GBL_1.01.000055 and earlier) exposes the acer_cgi.log file over the web interface without authentication, leaking cleartext web and Telnet login credentials to any network-reachable attacker. With CVSS 4.0 of 10.0 and a vector indicating no privileges or user interaction, exploitation enables full device takeover; no public exploit identified at time of analysis, but the trivial nature of fetching a log file makes weaponization straightforward.

Authentication Bypass Wave 7 Router
NVD VulDB
CVSS 4.0
10.0
EPSS
0.1%
CVE-2026-49197 CRITICAL Act Now

Authentication bypass in Acer Predator Connect W6x routers (firmware W6x_GBL_2.00.000005 and earlier) allows remote unauthenticated attackers to reach app-facing web endpoints by sending an HTTP Authorization header whose Base64 payload is intentionally malformed, because the endpoint treats a decoding failure as a pass rather than a rejection. The CVSS 4.0 score of 10.0 (AV:N/AC:L/PR:N/UI:N with high confidentiality, integrity, availability impact on both vulnerable and subsequent systems) reflects full takeover potential against an internet-reachable consumer/SOHO router, though no public exploit identified at time of analysis.

Authentication Bypass Predator Connect W6X
NVD VulDB
CVSS 4.0
10.0
EPSS
0.0%
CVE-2026-49201 CRITICAL Act Now

Hardcoded AES encryption key in the upload.cgi binary of the Acer Wave 7 router (firmware T7c_GBL_1.01.000055 and earlier) allows remote unauthenticated attackers to decrypt, tamper with, and re-encrypt device backup files, enabling persistent backdoor injection on affected devices. The CVSS 4.0 score of 10.0 reflects full compromise of confidentiality, integrity, and availability across both the vulnerable component and downstream subsequent systems. No public exploit identified at time of analysis, and CISA SSVC reports exploitation status as 'none', though the issue is flagged as automatable with total technical impact.

Authentication Bypass Wave 7 Router
NVD VulDB
CVSS 4.0
10.0
EPSS
0.0%
CVE-2026-9508 CRITICAL PATCH Act Now

Unauthenticated backup file disclosure in Suprema BioStar 2 server (versions 2.9.3 through 2.9.11) allows remote attackers to download sensitive backup ZIP archives directly via predictable '/download/' URLs when the administrator places the backup path inside the NGINX webroot. The exposed archives can contain database credentials and cryptographic material enabling server impersonation, database compromise, and lateral movement. No public exploit identified at time of analysis, but SSVC rates the flaw as automatable with total technical impact and CVSS 4.0 scores it 10.0.

Authentication Bypass Nginx
NVD
CVSS 4.0
10.0
EPSS
0.1%
CVE-2026-8326 CRITICAL Act Now

Path traversal in Remote Spark SparkView before build 1127 enables remote attackers to read and write arbitrary files as root through the RDP drive redirection component, leading to full remote code execution. CVSS 4.0 scores this 10.0 with no public exploit identified at time of analysis, though SSVC marks it automatable with total technical impact. Depending on the deployment, exploitation can be performed without authentication, making vulnerable internet-facing instances a high-priority patching target.

Path Traversal Www Remotespark Com
NVD
CVSS 4.0
10.0
EPSS
0.1%
CVE-2026-45629 CRITICAL Act Now

Authenticated OS command injection in Dokploy 0.28.8 and earlier lets any organization member execute arbitrary system commands on remote servers managed by the PaaS via the /listen-deployment WebSocket endpoint, resulting in full server compromise. With a CVSS 9.9 (scope changed) and low-privilege precondition, the flaw effectively turns any low-tier org account into a foothold on every connected host. No public exploit identified at time of analysis, but the vendor security advisory (GHSA-r73h-qr3p-hf7f) confirms the issue.

Command Injection Dokploy
NVD GitHub
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-9559 CRITICAL PATCH GHSA Act Now

Remote code execution in Mautic 7 allows authenticated users with the campaign:imports:create permission to write arbitrary PHP files outside the intended extraction directory via a malicious ZIP uploaded through the campaign import feature. The flaw is a path traversal in the ZIP extraction routine that can be leveraged to overwrite cache or configuration files, yielding code execution as the web server user. No public exploit identified at time of analysis, and the CVSS 9.9 score reflects the combination of low attack complexity, scope change, and full CIA impact.

RCE PHP Path Traversal
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-9558 CRITICAL PATCH GHSA Act Now

Server-Side Template Injection in Mautic's theme engine allows authenticated users with theme creation or upload permissions to execute arbitrary code on the host. Because the platform renders uploaded Twig templates without a sandbox or strict function allowlist, an attacker who already holds theme-management rights can pivot from administrative content control to full server compromise, including reads of restricted system files and configuration. No public exploit identified at time of analysis, and the issue has not been listed in CISA KEV.

RCE Ssti
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-45661 CRITICAL Act Now

Authenticated path traversal in Dokploy v0.26.5 and earlier (CWE-22) enables arbitrary file write during application deployment, escalating to remote code execution when the affected instance uses the remote server deployment feature. With a CVSS 9.9 score reflecting scope change and full CIA impact, any user with deployment privileges can drop cron jobs onto remote hosts to fully compromise them, bypassing container isolation. No public exploit identified at time of analysis, though the vendor's own GHSA-66v7-g3fh-47h3 advisory characterizes the chain as critical.

RCE Path Traversal Dokploy
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-45312 CRITICAL Act Now

Server-side template injection in RAGFlow 0.24.0 and earlier allows any authenticated user to execute arbitrary operating system commands on the host through the Jinja2-based prompt generator (rag/prompts/generator.py). Because RAGFlow installations commonly permit open self-registration, the practical barrier is minimal: an attacker registers an account, builds a Canvas workflow chaining a DuckDuckGo retrieval node with an LLM node, and triggers the SSTI to break out of the Jinja2 sandbox. No public exploit identified at time of analysis, but the vendor security advisory describes the chain explicitly.

Ssti Code Injection
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-45632 CRITICAL Act Now

Cross-tenant remote code execution in Dokploy 0.26.7 and earlier allows any authenticated user to hijack scheduled tasks belonging to other organizations and execute arbitrary scripts on the Dokploy host or managed remote servers. The schedule router fails to enforce organization and role authorization, so knowledge of a scheduleId/serverId is sufficient to create, modify, or trigger server-type schedules that run attacker-controlled shell commands. No public exploit identified at time of analysis, but the trivial authorization bypass combined with built-in script execution makes this a high-priority issue for multi-tenant Dokploy deployments.

Command Injection Dokploy
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-45372 CRITICAL PATCH Act Now

HTTP response/header injection in cpp-httplib server versions prior to 0.44.0 allows remote unauthenticated attackers to smuggle CRLF sequences into stored header values, because the is_field_value validity check runs before percent-decoding lets %0D%0A through and expand to literal \r\n. The CVSS 9.9 score with Scope:Changed reflects the ability to influence downstream HTTP components, but no public exploit identified at time of analysis and the issue is not on the CISA KEV list.

Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-47392 CRITICAL PATCH GHSA Act Now

Remote code execution in PraisonAI praisonaiagents <=1.6.39 and PraisonAI <=4.6.39 allows authenticated attackers to fully escape the execute_code() subprocess sandbox by leveraging print.__self__ to reach the real builtins module and reconstructing __import__ at runtime. The flaw defeats prior patches for CVE-2026-39888, CVE-2026-34938, and CVE-2026-40158, enabling arbitrary OS command execution on the host wherever agent input can be influenced via prompt injection or direct code submission. Publicly available exploit code exists in the GitHub Security Advisory (GHSA-4mr5-g6f9-cfrh), and EPSS/KEV signals are not yet published for this newly disclosed novel bypass.

Command Injection Node.js RCE Python
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-47744 CRITICAL PATCH GHSA Act Now

Privilege escalation in Shopper headless e-commerce admin panel prior to version 2.8.0 allows any low-privilege authenticated panel user to seize full administrator control by chaining two distinct broken-authorization defects in the team settings module. By combining an unprotected Settings/Team/Index mount with a RolePermission write path that only checks the read-only view_users permission, an attacker can mint new roles, grant themselves manage_users and edit_orders, and delete legitimate administrators. No public exploit identified at time of analysis, but the bugs are straightforward to weaponize once panel credentials are obtained.

Privilege Escalation Shopper
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.0%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy