Command injection in Dokploy 0.29.1 and earlier allows authenticated users to execute arbitrary OS commands on the host by abusing the Docker file upload feature's unsanitized destinationPath parameter. The CVSS 9.9 score reflects scope change to the underlying host from a containerized context, and no public exploit identified at time of analysis though the GHSA advisory provides sufficient technical detail to reconstruct one.
Local privilege escalation in Plesk's APS Application Catalog allows an authenticated low-privileged user to execute arbitrary operating system commands by injecting malicious XPath syntax into the catalog search functionality. The flaw carries a critical CVSS 3.1 score of 9.9 due to scope change and full CIA impact, and no public exploit identified at time of analysis. The advisory was disclosed via HackerOne and acknowledged in a Plesk support article, but EPSS and KEV signals are not provided in the available intelligence.
Authenticated command injection in Dokploy 0.26.6 and earlier enables any logged-in user to run arbitrary OS commands as root via the /docker-container-logs WebSocket endpoint. The tail and since parameters are concatenated into shell commands without validation, yielding a CVSS 9.9 (Scope:Changed) issue affecting this self-hosted PaaS. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Sandbox escape in vm2 (npm package, versions <= 3.11.3) allows arbitrary code execution in the Node.js host process when untrusted code is run on runtimes exposing WebAssembly JSPI (Node 24 with --experimental-wasm-jspi, or Node 26+ by default). A working PoC demonstrates that a JSPI-backed Promise reaches host-realm Promise.prototype.finally without bridge interposition, letting attacker-controlled species logic walk a rejection object's constructor chain to host process and execute arbitrary commands. No public exploit identified as actively used in the wild, but a complete weaponized PoC is published in the GHSA advisory.
Pre-authentication full account takeover in praisonai-platform (pip package, versions <= 0.1.2) allows remote unauthenticated attackers to forge JWTs for any user, including workspace owners and admins. The JWT signing key silently falls back to the hardcoded literal 'dev-secret-change-me' from the public GitHub source because the production-mode guard only triggers when PLATFORM_ENV is explicitly set to a non-default value, which default deployments do not do. Publicly available exploit code exists in the GHSA advisory itself, though no public exploit campaign or CISA KEV listing has been reported at time of analysis.
Remote code execution in PraisonAI's first-party A2A server example (pip package <= 4.6.39) allows unauthenticated network attackers to execute arbitrary Python on the server process by sending a JSON-RPC message/send request to /a2a that drives the LLM-backed agent into invoking an eval()-based calculate tool. The chain combines three first-party defaults - no auth_token, 0.0.0.0 bind, and an eval()-backed example tool - and was confirmed end-to-end against a real Gemini model with a canary marker file write. No public exploit identified at time of analysis beyond the proof-of-concept in the advisory itself, and the issue is not in CISA KEV.
Authentication bypass in PraisonAI versions <= 4.6.39 allows remote unauthenticated attackers to invoke arbitrary LLM orchestration via the Flask API server generated by the documented `praisonai deploy --type api` quickstart. The generator defaults `auth_enabled=False`, causing `check_auth()` to short-circuit to `True` and accept any request to `/chat` and `/agents`, exposing the operator's LLM API keys and any agent-attached tools (python_repl, bash, file I/O, HTTP). Publicly available exploit code exists in the form of a working PoC, and CVSS scores this 9.8 critical.
Unauthenticated remote agent control in PraisonAI's call server (versions <= 4.6.39) allows any network-reachable client to enumerate, inspect, invoke, and unregister registered agents when the operator launches `praisonai-call` without setting the `CALL_SERVER_TOKEN` environment variable. The flaw stems from a fail-open authentication dependency combined with the server binding to 0.0.0.0 by default, and a working proof-of-concept is published in the GHSA advisory demonstrating end-to-end exploitation against a default deployment.
Authentication bypass in the OTP Login With Phone Number, OTP Verification WordPress plugin versions 1.8.50 through 1.8.60 allows unauthenticated remote attackers to log in as any user - including administrators - whose phone number is stored in user meta. The flaw stems from the Firebase OTP verification flow failing to bind the verified Firebase session to the phone number supplied in the request, so attackers can verify their own phone via Firebase and then submit a victim's number to be authenticated as that victim. No public exploit identified at time of analysis, but the trivial logic flaw and CVSS 9.8 score make this a critical priority.
Remote unauthenticated privilege escalation in the WP Maps Pro WordPress plugin (all versions through 6.1.0) allows attackers to create a new administrator account and authenticate as that user, resulting in complete site takeover. The flaw stems from an AJAX handler exposed to unauthenticated users and protected only by a publicly-embedded nonce, making the access check ineffective. No public exploit identified at time of analysis, but the trivial nature of the bug (default-enabled handler, no authentication, magic login URL returned to the caller) makes weaponization straightforward once details circulate.
{workspace_id}/members/{user_id} request. The route's FastAPI dependency defaults to min_role="member" and is never overridden, while the service layer applies the requested role with no caller-privilege or role-hierarchy checks. No public exploit identified at time of analysis, but the GitHub Security Advisory (GHSA-c2m8-4gcg-v22g) provides full reproduction details and a fix is shipped in 0.1.4.
Command injection in Dokploy 0.29.2 and earlier allows authenticated users with application create/edit permissions to execute arbitrary shell commands on the host by injecting metacharacters into branch names, repository URLs, or Docker credentials. The flaw stems from unsanitized template-literal interpolation passed to child_process.exec(), and at time of analysis no public exploit identified at time of analysis, but the vendor security advisory GHSA-3frc-cfh9-ch2c documents the issue.
Remote OS command execution in Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040 allows unauthenticated network attackers to run arbitrary operating system commands through the Console WebUI. The flaw, identified by Nozomi Networks Labs and tracked as CVE-2025-41277, carries a CVSS 4.0 base score of 9.3 and represents a critical risk for industrial environments relying on Waterfall's data diode gateways. No public exploit identified at time of analysis, and EPSS sits at 1.02% (78th percentile) indicating elevated but not yet widespread exploitation activity.
Remote code execution in Waterfall WF-500 TX and RX Host appliances (version 7.9.1.0 R2502171040) allows unauthenticated network attackers to inject and execute arbitrary OS commands through the Console WebUI. Discovered by Nozomi Networks Labs, the flaw carries a CVSS 4.0 score of 9.3 with no required privileges or user interaction; no public exploit identified at time of analysis, and EPSS sits at 1.02% (78th percentile).
Remote unauthenticated OS command injection in the Waterfall WF-500 TX and RX Host Console WebUI (version 7.9.1.0 R2502171040) allows attackers reachable on the management network to execute arbitrary operating system commands on the appliance. The flaw was reported by Nozomi Networks Labs, carries a CVSS 4.0 score of 9.3, and currently has no public exploit identified at time of analysis, with an EPSS score of 1.02% (78th percentile).
Remote code execution in Waterfall WF-500 TX and RX Hosts (version 7.9.1.0 R2502171040) allows unauthenticated attackers to inject and execute arbitrary OS commands through the Console WebUI. The flaw, identified by Nozomi Networks Labs, carries a CVSS 4.0 score of 9.3 and represents a critical risk to industrial unidirectional gateway deployments. No public exploit identified at time of analysis, and EPSS is 1.02% (78th percentile), suggesting elevated but not yet widespread exploitation interest.
Remote unauthenticated OS command injection in Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040 allows attackers reachable over the network to execute arbitrary operating system commands through the Console WebUI. The flaw was discovered by Nozomi Networks Labs and carries a CVSS 4.0 score of 9.3; no public exploit identified at time of analysis, and EPSS sits at 1.02% (78th percentile) indicating moderate predicted exploitation interest.
Remote OS command injection in Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040 allows unauthenticated network attackers to execute arbitrary operating system commands via the Console WebUI. The flaw was identified by Nozomi Networks Labs and carries a CVSS 4.0 score of 9.3, though there is no public exploit identified at time of analysis and EPSS sits at 1.02%, indicating elevated but not yet realized exploitation pressure.
Remote command execution in Waterfall WF-500 TX and RX Hosts (version 7.9.1.0 R2502171040) allows unauthenticated network attackers to run arbitrary operating system commands via the Console WebUI. The flaw was disclosed by Nozomi Networks Labs and carries a CVSS 4.0 score of 9.3, but no public exploit identified at time of analysis and EPSS sits at 1.02% (78th percentile), indicating credible but not yet widespread exploitation pressure.
Authentication bypass in Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040 allows remote unauthenticated attackers to perform privileged actions through the Console WebUI via an alternate path or channel. Discovered by Nozomi Networks Labs, the flaw scores CVSS 9.3 (Critical) under v4.0 with network attack vector and no privileges required, though EPSS is low at 0.14% (34th percentile) and no public exploit identified at time of analysis. Given Waterfall's role in OT/ICS unidirectional gateway deployments, successful exploitation of the management console could enable adversaries to manipulate security-critical configurations.
Authentication bypass in FreePBX User Control Panel (UCP) versions 15.0.42 through 16.0.44 and 17.0.0 through 17.0.6 allows remote unauthenticated attackers to access UCP accounts using hard-coded initial template credentials when administrators fail to rotate them after enabling the feature. With a CVSS 4.0 score of 9.3 and CWE-798 (Use of Hard-coded Credentials), the flaw exposes high-confidentiality and high-integrity impact to the affected component, though no public exploit identified at time of analysis.
Privilege escalation in RustFS distributed object storage before 1.0.0-beta.2 lets a low-privileged user holding ImportIAMAction abuse the PUT /rustfs/admin/v3/import-iam endpoint to mint service accounts under arbitrary parent identities - including the root minioadmin user - granting full administrative control via attacker-chosen, persistent credentials. CVSS 4.0 scores this 9.3 (Critical) reflecting low attack complexity, low privileges, and high confidentiality/integrity impact with scope change. No public exploit identified at time of analysis, and no EPSS or KEV signal is provided.
Authentication bypass in NI SystemLink Enterprise Dashboard (versions 2026-04 and prior) allows a remote, unauthenticated attacker to send a crafted HTTP request that circumvents authentication controls, leading to privilege escalation or disclosure of sensitive information. The flaw carries a CVSS 4.0 base score of 9.3 and is network-reachable with low attack complexity and no user interaction. No public exploit identified at time of analysis, and it is not currently listed in CISA KEV.
Remote code execution in TriliumNext Trilium Notes desktop client prior to 0.102.2 allows attackers to achieve arbitrary code execution by tricking a user into importing a malicious ZIP archive with safe import enabled. The flaw chains a #docName path traversal (CWE-22) with stored XSS, and the Electron renderer's nodeIntegration=true setting elevates the XSS into full host RCE. No public exploit identified at time of analysis, but the vendor advisory describes a complete working chain and the CVSS 4.0 score of 9.3 reflects subsequent-system impact.
Unauthenticated arbitrary file upload in Interinfo DreamMaker allows remote attackers to upload web shell backdoors and execute arbitrary code on the server, scoring CVSS 4.0 9.3 (Critical). No public exploit identified at time of analysis, but the combination of no authentication, low attack complexity, and complete CIA impact makes this a high-priority issue. TWCERT (Taiwan's national CERT) is the reporting source, indicating regional advisory coordination.
{method_name} and /simple_execute/{method_name} endpoints, which call pickle.loads() on raw HTTP request bodies. The flaw scored CVSS 4.0 of 9.2 and has an upstream fix in commit d7441481, but no public exploit was identified at time of analysis; risk is amplified by the default Docker image running as root, leading to full container compromise.
Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Unauthenticated arbitrary user deletion in the WP Travel Pro WordPress plugin (versions through 10.6.0) allows remote attackers to delete any WordPress account, including administrators, via an exposed REST API endpoint. The flaw stems from a broken permission callback combined with missing role validation, producing a CVSS 9.1 integrity/availability impact. No public exploit identified at time of analysis, but the trivial nature of the bug and Wordfence's disclosure make weaponization straightforward for any actor reading the advisory.
Arbitrary file deletion in Waterfall WF-500 TX/RX Hosts version 7.9.1.0 R2502171040 allows remote unauthenticated attackers to remove files on the host machine via a relative path traversal flaw in the Administration WebUI. The flaw was identified by Nozomi Networks Labs; no public exploit identified at time of analysis, and the EPSS score of 1.38% (81st percentile) indicates moderately elevated but not extreme exploitation likelihood. Because Waterfall WF-500 is a unidirectional security gateway deployed at OT/IT boundaries in industrial environments, file deletion can directly disrupt data diode operations.
Authenticated OS command injection in Dokploy 0.28.8 and earlier lets admin or owner users execute arbitrary shell commands on remote servers managed by the PaaS through the application.updateTraefikConfig tRPC endpoint. The flaw stems from unsanitized shell interpolation in an echo call, granting full command execution across any host the Dokploy controller manages. No public exploit identified at time of analysis, but the high-privilege admin context combined with cross-server reach makes this a meaningful post-compromise escalation path.
Authenticated administrator access on the Danelec MacGregor Voyage Data Recorder (VDR) G4E web interface permits direct editing of sensitive authentication files, including the ability to overwrite the root password. The CVSS vector (AV:A/AC:L/PR:H/UI:N) confirms exploitation requires both adjacent network positioning and existing high-privilege credentials, meaning this is not a remotely exploitable unauthenticated attack path. Reported by ICS-CERT under advisory ICSA-26-148-01 as a maritime OT device concern, no public exploit code and no CISA KEV listing have been identified at time of analysis.
Command injection in Dokploy 0.29.0 and earlier allows authenticated users to execute arbitrary OS commands on the host by deleting a Docker registry whose registryUrl contains shell metacharacters. The deleteRegistry function in packages/server/src/services/registry.ts passes registryUrl unescaped into docker logout, while the adjacent docker login call correctly uses shEscape() - making this a clear regression. No public exploit identified at time of analysis, but the root cause is documented in the vendor's GHSA advisory.
Privilege escalation in Froxlor 2.3.6 allows an authenticated customer with shell access to gain root SSH on the managed host by exploiting a symlink-following flaw in the root-owned SSH key synchronization cron. By replacing the customer's `~/.ssh/authorized_keys` with a symlink to `/root/.ssh/authorized_keys` before the privileged sync runs, attacker-supplied keys are appended to root's authorized_keys. No public exploit identified at time of analysis beyond the detailed PoC in the GHSA advisory, and the issue is fixed in Froxlor 2.3.7.
Heap buffer overflow write in FreeRDP client versions prior to 3.26.0 allows a malicious RDP server to corrupt client memory and potentially achieve code execution when the victim connects with RDPGFX enabled. The flaw resides in gdi_CacheToSurface, where validation uses a clamped destination rectangle while the actual copy uses unclamped cacheEntry width/height values, enabling a large out-of-bounds heap write. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Heap use-after-free/double-free in the FreeRDP RDP client (versions prior to 3.26.0) lets a malicious or compromised RDP server corrupt client memory through the RDPEAR authentication-redirection path. The flaw stems from the RDPEAR NDR parser reusing a single non-null pointer ref-id across multiple logical fields, causing the same heap object to be assigned to two outputs and freed twice by the generic destructor. There is no public exploit beyond a proof-of-concept (SSVC: poc), and EPSS exploitation probability is very low (0.05%), but the SSVC technical impact is rated total and a vendor fix is available.
Heap buffer overflow write in FreeRDP's server-side clipboard (cliprdr) channel allows a malicious RDP client to crash server processes and potentially achieve remote code execution against FreeRDP versions prior to 3.26.0. The flaw is triggered by a malformed CB_CLIP_CAPS PDU with an undersized capabilitySetLength field, corrupting heap memory after authentication. No public exploit identified at time of analysis, but the CVSS 8.8 rating and heap corruption nature make this a high-priority patch for any RDP server deployment using FreeRDP.
Vertical privilege escalation in PraisonAI Platform versions 0.1.2 and earlier allows any authenticated low-privilege workspace member to self-promote to owner and take over the workspace. The flaw stems from administrative FastAPI routes reusing a shared authorization dependency that defaults to the lowest 'member' role, so role-mutation endpoints never enforce admin/owner checks. A working PoC is published in the GHSA-h37g-4h4p-9x97 advisory, though no public exploit identified at time of analysis in mass-exploitation form, and the issue is not currently in CISA KEV.
Cross-workspace object access in PraisonAI Platform (pip package praisonai-platform <= 0.1.2) allows any authenticated workspace member to read, modify, and delete agents, projects, issues, and comments belonging to other workspaces by supplying the victim object's global UUID through their own workspace-scoped URL. The flaw stems from route-layer membership checks not being bound to service-layer object lookups, breaking tenant isolation in multi-tenant deployments. A working PoC is published in the GHSA advisory, though there is no public exploit identified at time of analysis beyond the advisory's own demonstration.
Cross-workspace IDOR and member-to-owner privilege escalation in PraisonAI Platform API (pip package praisonai-platform <= 0.1.2) lets any authenticated user read, modify, and delete issues and projects belonging to other tenants, and lets any workspace member promote themselves to owner and evict the legitimate owner. The two flaws chain together: a single member-level invite to any workspace becomes platform-wide data access plus full takeover of any workspace the attacker is added to. No public exploit identified at time of analysis beyond the detailed PoC published in the GHSA advisory, and the issue is not in CISA KEV.
Zip slip path traversal in Gotenberg through version 8.32.0 allows remote unauthenticated attackers to plant files outside the extraction directory on Windows hosts that unzip multi-output API responses. Because Gotenberg runs on Linux containers, its filepath.Base sanitisation never strips Windows-style backslashes from uploaded multipart filenames, so a crafted name like '..\..\..\Windows\System32\evil.pdf' is preserved verbatim as a zip entry name and honoured by Windows extractors (7-Zip, WinRAR, .NET ZipFile, Explorer). A working publicly available exploit code exists in the GHSA advisory; the issue is not present in CISA KEV and no EPSS score was provided.
Authenticated PHP Object Injection in the WooCommerce Infinite Scroll and Ajax Pagination WordPress plugin (versions up to and including 1.8) allows Subscriber-level users to deserialize attacker-controlled data via the 'settings' parameter of the import_settings function. While the plugin itself contains no usable POP chain, the presence of any vulnerable gadget in another installed plugin or theme can escalate this into arbitrary file deletion, sensitive data disclosure, or remote code execution. There is no public exploit identified at time of analysis, but the low privilege barrier and ubiquity of WordPress gadget chains make this a meaningful risk for multi-plugin sites.
Arbitrary file read in Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040 allows remote unauthenticated attackers to retrieve sensitive files from the device through a path traversal flaw in the Console WebUI. Discovered and disclosed by Nozomi Networks Labs, the issue scores CVSS 4.0 8.7 with network attack vector and no privileges required, though no public exploit identified at time of analysis and the device is not currently listed in CISA KEV.
Authenticated OS command injection in the Waterfall WF-500 RX Host Administration WebUI (version 7.9.1.0 R2502171040) allows attackers with high privileges to execute arbitrary operating system commands on the unidirectional gateway appliance. The flaw was discovered and reported by Nozomi Networks Labs, carries a CVSS 4.0 score of 8.6, and an EPSS of 0.70% (72nd percentile); no public exploit identified at time of analysis. Because WF-500 is deployed as a data-diode between IT and OT/ICS networks, code execution on the RX Host effectively compromises a critical security boundary.
Authenticated OS command injection in the Waterfall WF-500 TX Host Administration WebUI (version 7.9.1.0 R2502171040) allows remote attackers with high privileges to execute arbitrary operating system commands on the underlying host. The flaw was identified by Nozomi Networks Labs and carries a CVSSv4 score of 8.6, but no public exploit identified at time of analysis and EPSS sits at 0.70% (72th percentile), reflecting limited expected exploitation activity against this niche OT/industrial product.
OS command injection in the Administration WebUI of Waterfall WF-500 TX Host version 7.9.1.0 R2502171040 enables authenticated remote attackers to execute arbitrary operating system commands on the underlying host. The flaw was disclosed by Nozomi Networks Labs and carries a CVSS 4.0 score of 8.6; no public exploit identified at time of analysis, and EPSS exploitation probability is modest at 0.70%.
{file_path:path} endpoint. The flaw stems from comparing an attacker-controlled absolute path against the music base path without a trailing separator, so sibling directories sharing the base name's prefix are reachable. No public exploit identified at time of analysis, but the upstream commit publicly discloses the exact bypass technique.
File upload restriction bypass in Spatie Laravel Media Library prior to 11.23.0 allows authenticated remote attackers to upload files with double extensions (e.g., shell.php.jpg) or executable extensions missing from the blocklist (.php6, .shtml, .htaccess) due to a flawed sanitizer in FileAdder::defaultSanitizer() that only inspects the final filename suffix. Successful exploitation can lead to arbitrary PHP code execution when the application is deployed behind a legacy Apache AddHandler configuration, with no public exploit identified at time of analysis. The flaw carries a CVSS 4.0 score of 8.7 (high) reflecting high confidentiality, integrity, and availability impact.
Sandbox escape in vm2 versions 3.11.2 and earlier (through 3.11.3) allows sandboxed JavaScript to obtain real Node.js cross-realm symbols and write them onto host objects, hijacking host-side control flow such as util.promisify, stream duck-typing, and WebStream internals. The flaw stems from an incomplete Symbol.for override that blocks only 2 of 9 dangerous nodejs.* symbols and from bridge write traps that lack the dangerous-symbol guard present on read traps. A working proof-of-concept hijacking util.promisify is published in the GHSA advisory, and a vendor patch (3.11.4) is available; no entry in CISA KEV at time of analysis.
Remote denial-of-service in Shibby Tomato 1.28 firmware allows unauthenticated network attackers to exhaust resources via the miniupnpd UPnP daemon at usr/sbin/miniupnpd. The affected project is end-of-life and superseded by FreshTomato, meaning no upstream fix will be issued. No public exploit identified at time of analysis, but the CVSS 4.0 score of 8.7 reflects high availability impact with no authentication or user interaction required.
Denial of service in cpp-httplib (C++ header-only HTTP/HTTPS library) versions prior to 0.44.0 allows remote unauthenticated attackers to crash server processes by sending an HTTP request with a malformed X-Forwarded-For header. The flaw is reachable only when the application has configured a non-empty trusted-proxy list via Server::set_trusted_proxies(). CVSS 4.0 scores this 8.7 (high) due to network reachability and high availability impact; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.