Remote code execution in Poly Voice products on Linux is possible through a stack-based buffer overflow reachable when administrators enable Interactive Connectivity Establishment (ICE). Unauthenticated network attackers can trigger the flaw without user interaction, and no public exploit has been identified at time of analysis. HP rates the issue at CVSS 4.0 9.2 (Critical), driven by network reachability and full confidentiality, integrity, and availability impact.
Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Private key disclosure in Cloud Foundry UAA versions v76.12.0 through v78.12.0 allows unauthenticated remote attackers to retrieve Elliptic Curve (EC) private key material from the public /token_keys endpoint, which is supposed to expose only public verification keys. With the leaked private keys, attackers can forge arbitrary JWTs and impersonate any UAA-authenticated identity across the platform. No public exploit identified at time of analysis, though the CVSS 10.0 score and trivial reproduction step (a single unauthenticated HTTP GET) make weaponization straightforward once the issue is widely known.
Local privilege escalation in Google Android XR stems from a missing permission check in InputMethodManagerService.addInputMethodListener, allowing an app or local context to register input method listeners without the authorization the IME subsystem normally requires. The flaw needs no user interaction and no additional execution privileges, and is addressed in the June 2026 Android XR security bulletin; no public exploit identified at time of analysis.
Secret exfiltration in CloudPirates Open Source Helm Charts (prior to commit fcf9302) allows unauthenticated attackers to steal repository secrets, including Docker Hub credentials and tokens, by submitting a malicious fork pull request that triggers the pull-request.yaml GitHub Actions workflow in a privileged context. No public exploit is identified at time of analysis, but the attack pattern is a well-known pwn-request misconfiguration that requires no maintainer approval, and the CVSS score of 10.0 (Critical) with scope change reflects compromise of CI/CD secrets that extend beyond the workflow boundary.
Credential exposure in CloudPirates Open Source Helm Charts (prior to commit fcf9302) allows attackers to steal a Personal Access Token and SSH signing key by submitting a malicious pull request that the vulnerable GitHub Actions workflow checks out and executes with privileged secrets. The repository's generate-schema.yaml workflow used unsafe pull_request_target patterns combined with checkout of fork-controlled code, enabling code injection into a privileged CI context. No public exploit identified at time of analysis, but the attack pattern is well-documented for this class of GitHub Actions misconfiguration.
Unauthenticated remote code execution in Dassault Systèmes Teamwork Cloud (No Magic Release 2022x-2026x) and Magic Collaboration Studio (CATIA Magic Release 2022x-2026x) arises from unsafe deserialization of attacker-controlled data. The CVSS 9.8 vector indicates a network-reachable attack with no privileges or user interaction, yielding full confidentiality, integrity, and availability impact, though no public exploit identified at time of analysis and EPSS data was not provided.
Arbitrary file read and remote code execution in Vitest versions prior to 4.1.0 allow remote unauthenticated attackers to read files outside the project directory on Windows and execute arbitrary scripts when the Vitest UI or Browser Mode API server is exposed to the network via the --api.host flag or api.host configuration option. The flaw stems from incorrect use of the deprecated isFileServingAllowed check, which can be bypassed using Windows-specific path syntax (\\?\\..\\), and is compounded by API features (saveTestFile + rerun, readFile/writeFile/saveSnapshotFile) that effectively grant script execution to anyone who can reach the API. Publicly available exploit code exists in the GHSA advisory PoC; no public exploit beyond that is identified at time of analysis.
Privilege escalation in the AIWU (AI Copilot Content Generator) WordPress plugin by Sergey, affecting all versions up to and including 1.4.17, allows remote unauthenticated attackers to gain elevated privileges on a target WordPress site. The CVSS 9.8 score with AV:N/PR:N indicates no authentication is required and the attack can be carried out over the network against any site running a vulnerable installation. No public exploit identified at time of analysis, but the Patchstack reference indicates this was identified through their managed audit program for WordPress plugins.
Privilege escalation in the Contest Gallery Pro WordPress plugin (versions up to and including 29.0.1) allows remote unauthenticated attackers to gain elevated privileges within affected WordPress sites due to incorrect privilege assignment (CWE-266). The CVSS 9.8 score combined with network-reachable, no-authentication exploitation makes this a critical-severity issue, though no public exploit identified at time of analysis. The vulnerability was disclosed by Patchstack's audit team and currently has no entry in CISA KEV.
Reflected cross-site scripting in Vitest browser mode (@vitest/browser) allows attackers to execute arbitrary JavaScript in the Vitest server origin by luring a developer to a crafted /__vitest_test__/ URL with a malicious otelCarrier query parameter. Because the same page embeds VITEST_API_TOKEN used to authenticate the Vitest WebSocket API, the XSS chains into full Node-side remote code execution by writing to vite.config.ts and triggering a config reload. Publicly available exploit code exists in the vendor's GHSA-2h32-95rg-cppp advisory, though no public exploit identified at time of analysis in CISA KEV.
Path traversal in Rocketgenius Gravity Forms (WordPress plugin) versions up to and including 2.10.0.1 enables remote attackers to perform arbitrary file deletion on the underlying server, as catalogued in the Patchstack advisory referenced by NVD. The CVSS 9.6 score reflects a scope-changing impact reachable over the network with low complexity and no authentication, though successful exploitation requires user interaction. No public exploit has been identified at time of analysis and the issue is not present in CISA KEV.
{workspace_id}/members. The endpoint enforces only the default member-tier gate and forwards the caller-supplied role directly to MemberService.add, which validates the role string but never checks the caller's permission to assign it. No public exploit identified at time of analysis, but a detailed exploit chain is documented in the vendor advisory.
Remote code execution in Disig Web Signer versions 2.0.3 through 2.5.3 allows network-adjacent attackers to execute arbitrary code on systems running this Slovak electronic signing client when a user performs a passive interaction (e.g., visiting a malicious page or processing a crafted signing request). The flaw was reported by Slovakia's National Security Authority (incident@nbu.gov.sk) and carries a CVSS 4.0 score of 9.4 (Critical) with both vulnerable and subsequent system impact rated High, indicating a likely scope-changing condition. There is no public exploit identified at time of analysis and the vulnerability is not currently listed in the CISA KEV catalog.
Blind SQL injection in the WP Directory Kit WordPress plugin (versions up to and including 1.5.1) allows remote unauthenticated attackers to inject crafted SQL fragments into backend queries, enabling extraction of database contents and limited tampering with site availability. The CVSS 9.3 score reflects network-reachable exploitation with no privileges or user interaction and a scope change into the WordPress database context; no public exploit identified at time of analysis, though Patchstack has cataloged the flaw.
Remote code execution in AMD's AI Tensor Engine for ROCm (AITER) through version 0.1.14 allows unauthenticated network attackers to run arbitrary code on every inference worker in a distributed cluster by sending a malicious pickle payload to the ZMQ SUB socket consumed by MessageQueue.recv() in shm_broadcast.py. The vulnerability stems from unauthenticated, unvalidated pickle deserialization with no HMAC or format checks; no public exploit identified at time of analysis, but VulnCheck has published an advisory and AMD has merged an upstream fix.
Unauthenticated SQL injection in OTRS and the legacy ((OTRS)) Community Edition database layer enables authentication bypass when the backing MySQL/MariaDB instance runs with the NO_BACKSLASH_ESCAPES SQL mode. The flaw carries a CVSS of 9.1 with network-reachable, no-privileges-required exploitation against confidentiality and integrity, but no public exploit identified at time of analysis and the issue is gated by a specific non-default database configuration.
Identity spoofing in IBM WebSphere Application Server 9.0 and 8.5 allows remote unauthenticated attackers to impersonate legitimate users or services, leading to high-impact compromise of integrity and availability of hosted applications. The CVSS 9.1 score reflects network-reachable exploitation with low complexity and no privileges required, while no public exploit identified at time of analysis. The flaw is tracked under CWE-290 (Authentication Bypass by Spoofing) and has a vendor-released patch referenced via IBM support.
Broken access control in Tomdever's wpForo Forum WordPress plugin (versions up to and including 3.0.6) allows remote unauthenticated attackers to invoke restricted functionality due to missing authorization checks, leading to high integrity and availability impact on affected forums. The CVSS 9.1 score reflects network-reachable exploitation with no privileges or user interaction required, and no public exploit identified at time of analysis. Patchstack disclosed the issue and tracks it as a broken access control flaw against the plugin.
Remote code execution in IBM WebSphere Application Server 9.0 and 8.5 allows network-based attackers to bypass security controls and execute arbitrary code on the application server. The flaw carries a CVSS 9.0 critical rating with a scope-changed impact (S:C) and requires no authentication, though high attack complexity (AC:H) suggests specific timing or environmental conditions must be met. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Remote code execution in IBM WebSphere Application Server 9.0 and 8.5 arises from unsafe deserialization of untrusted data processed by JAX-WS endpoints that use WS-Security. Unauthenticated remote attackers who can reach a SOAP/JAX-WS endpoint may craft malicious serialized payloads to execute arbitrary code in the WebSphere server context. No public exploit identified at time of analysis, but the high CVSS (9.0) and scope-changed impact mean any exposed JAX-WS service is a meaningful target.