Unauthenticated OS command injection in the API of Progress ADC products - LoadMaster, ECS Connections Manager, Object Scale Connection Manager, and MOVEit WAF - allows remote attackers to execute arbitrary commands on the appliance by supplying unsanitized input to multiple command endpoints. The flaw carries a CVSS of 9.8 (pre-auth, network-reachable) and publicly available exploit code exists (a GitHub PoC and watchTowr Labs write-up), though EPSS remains low at 0.30% and CISA SSVC currently rates exploitation status as 'none'. Fixed builds (7.2.63.2 and 7.2.54.18) are available from Progress.
Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc_ajax_save_option. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Arbitrary DLL loading in SQLite's sqldiff.exe utility on Windows allows attackers to achieve code execution by abusing the Microsoft C runtime's Unicode-to-ANSI Best-Fit character conversion. Specially crafted Unicode characters in command-line arguments can be transformed into ASCII characters that sqldiff then parses as the '-L' option, loading an attacker-supplied DLL. Publicly available exploit research (Blackhat EU 2024 'WorstFit' presentation) demonstrates the technique, though no public exploit identified targeting sqldiff specifically and it is not listed in CISA KEV.
Privilege elevation in Microsoft Azure HorizonDB allows remote unauthenticated attackers to bypass authentication via identity spoofing and gain elevated access across trust boundaries. The CVSS 10.0 score reflects network-reachable exploitation with no privileges or user interaction required, and a scope change indicating impact beyond the initially vulnerable component. No public exploit identified at time of analysis, but a Microsoft-issued patch is available via MSRC.
Information disclosure in Microsoft Exchange Online allows remote unauthenticated attackers to access sensitive data due to improper authorization enforcement (CWE-285). The flaw carries a CVSS 9.1 score reflecting network-reachable exploitation without privileges or user interaction, though no public exploit identified at time of analysis. Microsoft has issued a fix through its cloud service, and the CVSS vector indicates high confidentiality and integrity impact despite the description focusing on disclosure.
Unauthenticated remote command injection in Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) allows attackers to inject OS commands via the FieldX MDM adb messaging topic, which forwards unverified payloads to Runtime.exec(). The CVSS 4.0 score of 10.0 with network attack vector and no authentication required indicates a critical, trivially exploitable flaw; no public exploit identified at time of analysis but the simplicity of the bug pattern makes weaponization straightforward.
Unauthenticated server-side request forgery in Tautulli versions prior to 2.17.1 allows remote attackers to coerce the Tautulli or Plex Media Server host into fetching arbitrary attacker-chosen URLs via the public `/image/<hash>` route. A low-privilege guest first seeds a malicious external URL into the `image_hash_lookup` table, after which any unauthenticated external user can trigger the SSRF by requesting the resulting hash. No public exploit identified at time of analysis, but the GitHub Security Advisory GHSA-m6j6-rc2c-8vpm and a vendor patch in v2.17.1 confirm the issue.
Hardcoded root credentials in T3 Technology CPE devices (models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03) allow remote unauthenticated attackers to gain full root-level control via the built-in 'superadmin' account. The CVSS 9.8 rating reflects network-reachable, no-interaction exploitation with total impact to confidentiality, integrity, and availability, and SSVC marks the issue as automatable with total technical impact. No public exploit identified at time of analysis, and EPSS remains very low (0.02%) despite the severity, suggesting limited current scanning activity.
Weak password hashing on the GNCC GP5 IP camera (firmware v7.1.76) allows attackers who obtain the password hash to recover the root credential via offline brute-force, yielding full device takeover. The CVSS 9.8 score reflects network-reachable impact, but real-world exploitation first requires extracting the hash from the device; no public exploit identified at time of analysis and EPSS is very low at 0.02%.
Unauthenticated Telnet service activation in T3 Technology CPE devices (models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03) allows remote attackers to enable Telnet by sending a crafted request to a vulnerable CGI component in the web management interface. SSVC scores the technical impact as total with automatable exploitation and a public proof-of-concept available, although EPSS remains low at 0.02% and the CVE is not currently listed in CISA KEV.
Authentication bypass via SQL injection in OSNexus QuantaStor SDS Manager allows unauthenticated remote attackers to log in as administrator by injecting crafted input into the login endpoint's username field. The flaw carries a CVSS 9.8 rating and grants full administrative control over the storage management plane without any valid credentials. No public exploit identified at time of analysis, though the vulnerability was disclosed by researchers at Black Lantern Security (BLSOPS).
SQL injection in Akmer Informatics TeknoPass versions 20210501 through 20260429 allows remote unauthenticated attackers to bypass authorization by manipulating a user-controlled SQL primary key. With a CVSS 9.8 score and full CIA impact under network-reachable, low-complexity conditions, successful exploitation can yield database compromise and authorization bypass. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
OS command injection in the Neterbit NW-431F Router (firmware 20241014-IR03 and earlier) allows remote unauthenticated attackers to execute arbitrary commands via the ping diagnostic module's IP address field. With a CVSS of 9.8 and a low-complexity network attack vector, exploitation runs with web-server privileges and no public exploit has been identified at time of analysis, though a researcher-published reference on GitHub may contain technical details.
Authentication bypass in Neterbit NW-431F routers running firmware 20241014-IR03 and earlier allows remote unauthenticated attackers to gain administrative access by simply setting a session cookie value to a predictable string such as 'admin'. The CVSS 9.8 rating reflects trivial network exploitability with full confidentiality, integrity, and availability impact, and a public proof-of-concept exists in the referenced GitHub repository, though the issue is not currently listed in CISA KEV.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to exploit a use-after-free condition in the FileSystem component via a crafted HTML page, with user interaction required. Google has rated the underlying Chromium issue as Critical severity, and a vendor patch is available; no public exploit identified at time of analysis, though the high CVSS score (9.6) and scope-changed impact warrant rapid patching.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows a remote attacker to trigger an out-of-bounds read and write via a crafted HTML page, with a CVSS 9.6 reflecting scope change and high impact across confidentiality, integrity, and availability. The flaw was rated Critical internally by Chromium and reported by Google's own CVE admin team; no public exploit identified at time of analysis, and CISA SSVC currently lists exploitation status as none.
Sandbox escape in Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that abuses Reading Mode's insufficient input validation. The CVSS 9.6 rating reflects the scope-changing impact (S:C) when chained from a renderer compromise, though EPSS is very low (0.05%) and no public exploit identified at time of analysis. Chromium rates the underlying issue Medium severity, reflecting that prior renderer compromise is a prerequisite.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to break out of the browser's renderer sandbox by sending malicious network traffic processed by the Autofill component. The flaw is rated CVSS 9.6 due to scope change and high impact across confidentiality, integrity, and availability, though Chromium itself assigns it Medium severity and EPSS exploitation probability is currently very low (0.05%). No public exploit identified at time of analysis, but a vendor-released patch is available.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to break out of the browser's renderer sandbox by serving a crafted video file processed by Chrome's media codec stack. The flaw stems from insufficient validation of untrusted input in the Codecs component and requires the victim to load attacker-controlled video content, but successful exploitation yields cross-origin impact (Scope: Changed) with high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and EPSS exploitation probability is low (0.05%, 15th percentile), though the 9.6 CVSS rating and sandbox-escape primitive make this a high-priority browser patch.
Sandbox escape in Google Chrome's Chromoting component prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw stems from insufficient input validation (CWE-20) and carries a CVSS 9.6 due to scope change, though Chromium itself rated the severity Medium and EPSS shows only 0.05% exploitation probability with no public exploit identified at time of analysis.
Sandbox escape in Google Chrome's Enterprise Reporting component prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw stems from insufficient input validation (CWE-20) and carries a CVSS 9.6 due to scope change, though no public exploit is identified at time of analysis and EPSS sits at 0.05% (15th percentile).
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that abuses an inappropriate implementation in the GPU component. The flaw requires user interaction (visiting a malicious page) and presupposes a prior renderer compromise, but a successful chain yields full sandbox escape on the mobile platform. No public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.05%, 15th percentile).
Sandbox escape in Google Chrome's ANGLE graphics layer (versions prior to 149.0.7827.53) allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The CVSS 9.6 score reflects the scope-changing impact (S:C) from renderer to host context, though Chromium itself rates this Medium severity and no public exploit identified at time of analysis. EPSS is very low at 0.05%, suggesting limited near-term mass exploitation despite the high CVSS.
Sandbox escape in Google Chrome on Linux versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the Chromium sandbox via a crafted Chrome Extension targeting the Chromoting (Chrome Remote Desktop) component. The flaw is rated CVSS 9.6 due to scope change and full CIA impact, though EPSS exploitation probability is very low (0.05%, 15th percentile) and no public exploit identified at time of analysis. Google has shipped a patch in the stable channel update for desktop.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page processed by the codec subsystem. The flaw requires user interaction (visiting a malicious page) and a prior renderer compromise, but if chained successfully it enables full code execution on the host with a scope change. No public exploit identified at time of analysis and EPSS probability is very low (0.05%), but the 9.6 CVSS reflects the high impact of a successful sandbox escape.
Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer/network process to break out of the browser sandbox via crafted Chromoting (Chrome Remote Desktop) network traffic. The flaw is rated CVSS 9.6 due to the scope change from sandboxed process to host, though Google classifies the Chromium severity as Medium. EPSS is very low (0.05%) and no public exploit identified at time of analysis, but a vendor patch is available.
Sandbox escape in Google Chrome prior to 149.0.7827.53 allows remote attackers to break out of the renderer sandbox via a crafted HTML page that exploits insufficient input validation in the ANGLE graphics layer. The flaw requires the victim to visit attacker-controlled content (UI:R) but no authentication, and the scope-changing CVSS 9.6 reflects the impact of escaping browser process isolation. EPSS is very low (0.05%, 15th percentile) and there is no public exploit identified at time of analysis.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the Site Isolation sandbox via a crafted HTML page. The flaw stems from insufficient validation of untrusted input in the Site Isolation component (CWE-20) and is rated CVSS 9.6 due to scope change, though Chromium itself classifies the underlying severity as Medium. No public exploit has been identified at time of analysis and EPSS is very low (0.05%, 15th percentile), but the chained-exploit potential makes it a meaningful browser-security risk.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw resides in the Base component and is rated Medium severity by Chromium despite the CVSS 9.6 score, reflecting the prerequisite of a prior renderer compromise. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.05%.
Sandbox escape in Google Chrome on Android before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page exploiting the Drag and Drop component. The flaw carries a CVSS 9.6 due to scope change, but no public exploit identified at time of analysis and EPSS is very low (0.05%, 15th percentile), indicating limited near-term exploitation likelihood. Google rates the underlying Chromium severity as Medium despite the high CVSS.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that exploits insufficient input validation in the GPU component. The CVSS 9.6 score reflects the scope change from renderer to host, but real-world exploitation requires chaining with a separate renderer compromise and user interaction. EPSS is low at 0.05% and no public exploit is identified at time of analysis.
Sandbox escape in Google Chrome's Dawn component (versions prior to 149.0.7827.53) allows remote attackers to break out of the renderer sandbox via a crafted HTML page when a user visits a malicious site. Google Chromium rates the severity as High and a fix has shipped in the stable channel; no public exploit identified at time of analysis and EPSS exploitation probability is currently very low (0.05%).
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows a remote attacker to break out of the renderer sandbox via a crafted HTML page when a victim visits a malicious site. The flaw is rated CVSS 9.6 due to scope change (S:C) and full CIA impact, though EPSS estimates only a 0.05% near-term exploitation probability and no public exploit has been identified at time of analysis.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the Printing component. Chromium rates the issue High severity and a vendor patch is available, though no public exploit has been identified at time of analysis and EPSS remains very low at 0.05%.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to break out of the renderer process sandbox by delivering a crafted video file processed by the browser's codec implementation. The CVSS 9.6 score reflects a scope-changing impact across confidentiality, integrity, and availability, though exploitation requires user interaction such as visiting a malicious page. No public exploit identified at time of analysis, and EPSS exploitation probability remains low at 0.05%.
Sandbox escape in Google Chrome on Windows before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that abuses the WebNN (Web Neural Network) API. The flaw stems from insufficient validation of untrusted input (CWE-20) reaching the WebNN component, and exploitation requires user interaction (visiting an attacker-controlled page) plus a prior renderer-compromise primitive. There is no public exploit identified at time of analysis, and the EPSS probability is very low (0.04%).
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows remote attackers to break out of the browser's renderer sandbox via a use-after-free in the Messages component triggered by a crafted HTML page. The CVSS vector indicates a scope-changing impact requiring only user interaction (visiting a malicious page), and a vendor patch is available. No public exploit identified at time of analysis and EPSS is low (0.03%), but the sandbox-escape primitive makes this a high-priority browser update.
Sandbox escape in Google Chrome's Dawn (WebGPU) component prior to version 149.0.7827.53 allows a remote attacker to break out of the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free (CWE-416) object lifecycle bug; no public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.03% (11th percentile). Google rates the underlying Chromium severity as Medium, but the CVSS 3.1 score of 9.6 reflects the scope change inherent to a sandbox escape.
Sandbox escape in Google Chrome on Android versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free bug in the Autofill component. Exploitation requires a victim to load a crafted HTML page and the attacker to already control the renderer, making this a second-stage primitive rather than a single-shot RCE. No public exploit identified at time of analysis and EPSS is very low (0.03%, 11th percentile), but the high CVSS reflects the impact of full sandbox escape on a mobile platform.
Sandbox escape in Google Chrome on macOS prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the Device Trust component. The flaw carries a CVSS 9.6 due to scope change and full CIA impact, though Chromium rates the underlying severity as Medium and EPSS is very low (0.03%, 11th percentile); no public exploit identified at time of analysis.
Sandbox escape in Google Chrome on macOS prior to 149.0.7827.53 allows remote attackers to break out of the renderer sandbox via a use-after-free in the File Input component when a victim is lured to perform specific UI gestures on a crafted HTML page. Although Google classified the upstream severity as Medium, the CVSS 3.1 score of 9.6 reflects the scope-change impact of sandbox escape; no public exploit identified at time of analysis and EPSS is very low at 0.03%.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Codecs component triggered by a crafted HTML page. The flaw requires user interaction (visiting a malicious page) and chains with a prior renderer compromise; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.03%, 11th percentile).
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page. The flaw stems from an integer overflow (CWE-472) in ANGLE and requires user interaction (visiting a malicious page) plus a prior renderer compromise to chain into full sandbox escape. No public exploit identified at time of analysis, and EPSS is very low (0.03%), but Google rates the underlying issue as Medium severity within Chromium.
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a race condition in the GPU process triggered by a crafted HTML page. The flaw is a use-after-free (CWE-416) reachable through normal web content rendering, and while no public exploit is identified at time of analysis, the EPSS percentile of 11% suggests low near-term opportunistic exploitation likelihood.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page targeting a use-after-free in the ANGLE graphics layer. The flaw requires user interaction (visiting a malicious page) and changes scope, yielding high confidentiality, integrity, and availability impact on the host. No public exploit identified at time of analysis and EPSS probability is very low (0.03%, 11th percentile), but a vendor patch is available.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 stems from a type confusion bug in the ANGLE graphics translation layer that a remote attacker can trigger via a crafted HTML page. Despite a CVSS of 9.6 and a vendor-released patch, EPSS is only 0.03% and no public exploit identified at time of analysis, though Chromium-rated Medium browser bugs are routinely targeted once details are public.
Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers a type confusion in the GPU process. The CVSS score of 9.6 reflects the scope-changing nature of escaping the sandbox boundary, though exploitation requires user interaction (visiting a malicious page) and a pre-existing renderer compromise. No public exploit identified at time of analysis, and EPSS is low at 0.03%.