Remote code execution in PTC Windchill PDMlink and PTC FlexPLM allows unauthenticated network attackers to execute arbitrary code via deserialization of untrusted data. All releases prior to 11.0 M030 are affected, as are all CPS versions, and no public exploit identified at time of analysis. Reported by PTC themselves, the flaw carries a CVSS 4.0 base score of 9.3 (critical) reflecting high impact across confidentiality, integrity, and availability without requiring authentication or user interaction.
Remote code execution in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras allows unauthenticated attackers to run arbitrary code by sending a specially crafted web request to the device's HTTP interface. The flaw was reported through CISA's ICS-CERT coordination process and carries a CVSS 4.0 base score of 9.3, but there is no public exploit identified at time of analysis and the CVE is not on the CISA KEV list.
Authentication bypass in StarTree mcp-pinot versions 3.0.1 and earlier exposes the Model Context Protocol HTTP server on 0.0.0.0:8080 by default with no authentication, allowing any network-adjacent attacker to invoke every MCP tool - including SQL execution, schema creation, and table-config mutation - against the backing Apache Pinot cluster using the server's own credentials. The maximum CVSS 10.0 score reflects a scope-changing confused-deputy condition. No public exploit identified at time of analysis, but the trivial reachability and presence of write/DDL tooling make exploitation straightforward once the port is found.
Persistent local denial of service in Google Android (Wear OS) is possible due to a missing permission check declared in AndroidManifest.xml, allowing a co-resident unprivileged app to invoke a protected component and render device functionality unavailable. No user interaction or elevated privileges are required, but exploitation is local rather than remote despite the headline CVSS 4.0 score of 10.0. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Privilege escalation in Microsoft Dynamics 365 allows authenticated low-privileged users to gain elevated rights across a network due to improper access control enforcement. The flaw carries a critical CVSS 9.9 score with scope change, indicating impact beyond the vulnerable component, and Microsoft has issued a patch via MSRC. No public exploit identified at time of analysis, and the vector's Exploit Code Maturity is rated Unproven.
Prototype pollution in deepstream.io versions prior to 10.0.5 allows an authenticated client with write permission to any record to corrupt the Node.js Object prototype by submitting record-update messages whose path contains tokens such as __proto__, constructor, or prototype. Because deepstream's permission valve and record-transition pipeline both invoke setValue with the attacker-controlled path, polluting the prototype can taint subsequent permission and transition logic and lead to privilege escalation across all connected clients. No public exploit identified at time of analysis, though the upstream commit (54b8e29) and patch tests publicly demonstrate the exact vulnerable path semantics.
Stack buffer overflow in Coturn's OAuth token decoder (decode_oauth_token_gcm()) lets remote unauthenticated attackers corrupt the server stack in all versions prior to 4.10.0. An attacker-controlled uint16_t nonce_len value (up to 65535) read from an OAuth access token is passed straight into memcpy() against a 256-byte stack buffer before any AES-GCM authentication, so no OAuth key or valid token is required to write up to 735 bytes past the buffer. Publicly available exploit code exists (SSVC: PoC) but it is not in CISA KEV, EPSS is low at 0.36% (27th percentile), and exploitation is gated on the non-default --oauth mode being enabled.
Hostname validation bypass in Node.js (versions 22.22.3, 24.16.0, and 26.3.0) lets attackers smuggle embedded NUL bytes through the dns and net subsystems, truncating a hostname after the NUL so that application-level allowlists, SNI checks, or destination filters validate one host while the runtime resolves or connects to another. The Node.js project rates this specific issue Medium and shipped the fix in its June 2026 security release; there is no public exploit identified at time of analysis and EPSS exploitation probability is low (0.28%, 20th percentile), and it is not in CISA KEV. Note a significant signal conflict: the aggregate input score of CVSS 9.8 with an 'Authentication Bypass' tag is far above the vendor's own Medium rating for this CVE and appears to be an inflated pre-NVD auto-score.
Authentication bypass in Bitnami Cassandra container images (4.0.x, 4.1.x, 5.0.x lines) allows remote attackers to access the database as superuser using the built-in cassandra:cassandra credentials, even when operators configure a custom administrator via CASSANDRA_USER. The container init script provisions the new superuser but, in certain scenarios, fails to drop the default account, leaving an unintended privileged login path. No public exploit identified at time of analysis, but the trivially guessable default credentials make discovery and abuse straightforward once the CQL port is reachable.
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python configuration function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.
Unauthenticated remote command execution affects InHand Networks IR912 and IR915 industrial cellular routers running firmware V1.0.0.r20042 and earlier, where the file upload function fails to sanitize input and passes attacker-controlled data to a shell context. Successful exploitation yields code execution as root on the device. No public exploit identified at time of analysis, but the CVSS 9.8 rating and network-reachable file upload endpoint make this a high-priority patching target for any operator with these routers exposed to untrusted networks.
Remote unauthenticated access to two SQL Editor endpoints in pgAdmin 4 server-mode deployments (versions 6.9 through 9.15) exposes a pickle.loads sink that can be reached without a valid pgAdmin session. The defect is the missing @pga_login_required decorator on DELETE /sqleditor/close/<trans_id> and POST /sqleditor/initialize/sqleditor/update_connection/<sgid>/<sid>/<did>; turning this into code execution additionally requires an attacker to possess the Flask SECRET_KEY and write access to the sessions/ directory from a separate channel. No public exploit identified at time of analysis, and the issue does not appear on CISA KEV.
Remote SQL injection via prompt injection in pgAdmin 4 versions 9.13 through 9.15 allows attackers who can write content into database objects the AI Assistant inspects to bypass the read-only transaction wrapper and execute arbitrary SQL with the pgAdmin user's database role. When that role is a PostgreSQL superuser or holds pg_execute_server_program, the chain escalates to remote code execution on the database host via COPY ... TO PROGRAM. No public exploit identified at time of analysis; CVSS 4.0 base score is 9.4 (Critical) and an upstream fix is available.
Cross-site request forgery in Cotonti 1.0.0 (commit f43f1fc3) lets a remote attacker escalate privileges to administrator by tricking a logged-in admin into loading an attacker-controlled page that submits a forged rights-update request to system/admin/admin.rights.php. Because Cotonti administrators can edit templates and configuration, the resulting account can be pivoted to remote code execution on the host. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Unauthenticated SQL injection in claudiopizzillo PIAF-HMS (PBX-In-A-Flash Hotel Management System) lets remote attackers read, modify, or delete arbitrary database records by tampering with HTTP parameters that are concatenated into legacy mysql_query() calls. The project ships with no authentication mechanism and no released versions, so any deployment exposing it to the network is fully compromisable; no public exploit identified at time of analysis, though CISA SSVC rates the technical impact as total and automatable.
Remote code execution in iba ibaPDA and ibaDatCoordinator allows unauthenticated network attackers to gain full system control by exploiting an unsafe deserialization flaw (CWE-502). The CVSS 4.0 score of 9.3 reflects network-reachable exploitation with no privileges or user interaction and high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the trivial attack profile makes it a high priority for industrial environments running these data acquisition products.
Credential exposure in Worksnaps client application before version 1.6.20260201 allows attackers who obtain the binaries to extract hardcoded AWS root credentials and S3 bucket identifiers, granting access to production cloud resources containing sensitive user desktop screenshots. The flaw was disclosed by SEC-VLab (SEC Consult) and a vendor-patched build is available; no public exploit identified at time of analysis, though credential extraction from distributed binaries is trivial once the artifact is obtained.
Unauthenticated SQL injection in Nur-Alam39's bus-ticket PHP application (no released versions; latest commit 459cabd) allows remote attackers to extract arbitrary data from the bus_service database via the busid POST parameter in bus_info.php. The flaw is exacerbated because the application connects as MySQL root with an empty password. No public exploit identified at time of analysis, though the description includes a working UNION-based payload demonstrating trivial exploitability.
Stored cross-site scripting in pgAdmin 4 versions 6.0 through 9.15 allows a malicious or attacker-influenced PostgreSQL server to inject arbitrary HTML into pgAdmin's interface via ErrorResponse messages and EXPLAIN plan fields rendered through html-react-parser. Because the injection executes inside pgAdmin's own DOM, an attacker can render convincing phishing dialogs or redirect the top-level tab via iframe srcdoc, bypassing standard X-Frame-Options and frame-ancestors protections. No public exploit identified at time of analysis, but the vendor has shipped a multi-layer fix in 9.16.
Stored cross-site scripting in jupyter_server's nbconvert HTTP handlers allows a malicious notebook to execute JavaScript in the Jupyter origin, leading to session token theft, full /api/* control, and kernel remote code execution. The NbconvertFileHandler and NbconvertPostHandler render notebook-authored HTML without a CSP sandbox directive, and combined with HTMLExporter's non-sanitizing default, any display_data HTML payload runs with the victim's authority. No public exploit identified at time of analysis, but the CVSS 4.0 base score is 9.3 and a vendor patch is available in v2.20.0.
Authentication bypass in googleapis/mcp-toolbox allows remote unauthenticated attackers to gain access by presenting opaque OAuth tokens issued by unauthorized identity providers. The flaw lives in validateOpaqueToken's claim-checking logic, which silently skips issuer validation when an OAuth 2.0 introspection response omits the optional iss field. No public exploit identified at time of analysis, but the upstream fix in PR #3360 confirms the defect and CVSS 4.0 scores it 9.3 (Critical).
Authentication bypass in googleapis/mcp-toolbox lets remote unauthenticated attackers reach protected tools and backing data sources by submitting an OAuth 2.0 introspection response that omits the mandatory 'active' field. Because validateOpaqueToken stores Active as *bool and only rejects when the pointer is non-nil and false, a nil value falls through as authorized. No public exploit identified at time of analysis, but the CVSS 4.0 score of 9.3 and trivial logic flaw make this a priority fix.
Server-side template injection in JTL Shop 5.2.0 through 5.7.1 allows remote unauthenticated attackers to inject Smarty template syntax via unsanitized user input, exposing sensitive server-side values like database credentials and encryption keys. On versions 5.4.0 through 5.7.1, the flaw escalates to remote code execution by abusing registered Smarty modifiers (unserialize, file_get_contents) to drop a webshell and execute commands as the web server user. Publicly available exploit code exists via the Sansec research writeup, though no public exploit identified at time of analysis in CISA KEV.
Authentication bypass in the U.S. Government Accountability Office Electronic Protest Docketing System (EPDS) and the Civilian Board of Contract Appeals Electronic Docketing System (EDS) allows remote, unauthenticated attackers to reset arbitrary user passwords by calling the '/update-profile/N' API endpoint, which fails to verify the requester's identity. Successful exploitation results in full account takeover of any user - including potentially privileged accounts handling federal bid protests and contract appeals - with no public exploit identified at time of analysis but a CVSS 4.0 base score of 9.3 (Critical) and CISA Coordinated Disclosure tracking.
External initialization in Kirby CMS (getkirby/cms <= 4.9.3 and 5.0.0-alpha.1 through 5.4.3) lets a remote unauthenticated attacker complete the Panel installation and create the first admin user on not-yet-installed sites. The flaw is a bypass of Kirby's isLocal safeguard: when a site sits behind a reverse proxy that emits the Forwarded: for=..., X-Client-IP, or X-Real-IP header, Kirby wrongly treats the forwarded external request as local and permits admin creation. No public exploit is identified at time of analysis and it is not in CISA KEV, but the vendor rates it critical (CVSS 4.0 base 9.1) and a full source fix is public.
Authentication bypass in Webmin's miniserv.pl HTTP server (versions prior to 2.641) allows remote unauthenticated attackers to impersonate any user, including root/admin, by sending a forged HTTP header that spoofs an SSL client certificate Distinguished Name. The flaw maps to CWE-290 (Authentication Bypass by Spoofing) and is rated CVSS 4.0 9.2 (Critical); a vendor-released fix exists in 2.641, but no public exploit is identified at time of analysis and the issue is not currently listed in CISA KEV.
{:ok}. No public exploit identified at time of analysis, and the issue is fixed in 1.2.0.
FastCGI framing desynchronization in HAProxy through 3.4.0 stems from a 16-bit integer overflow in the fcgi_conn demux record length (drl) field, which wraps to zero when a malicious backend sends a record with contentLength 65535 and paddingLength of 1 or more. A hostile FastCGI backend can leverage the misparse to desynchronize HAProxy's FCGI parser, leading to request routing errors, response smuggling, or memory safety issues. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; the upstream commit 5985276 widens drl to uint32_t.
Session ID generation in Mojolicious::Sessions::Storable through version 0.05 relies on predictable, low-entropy inputs - a SHA-1 hash seeded with Perl's built-in rand(), epoch time, a heap memory address, and the server PID - making session identifiers guessable by a network attacker. Successful exploitation enables session hijacking, allowing an attacker to impersonate authenticated users without possessing their credentials. No public exploit code has been identified and the vulnerability is not listed in CISA KEV, but the flaw is structurally significant on low-traffic, single-worker deployments where PID and timing entropy are minimal.