Skip to main content
CVE-2016-20092 HIGH POC This Week

NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2_Service_Netdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Netdrive
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2016-20088 HIGH POC This Week

Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path vulnerability in the ChromodoUpdater service that runs with SYSTEM privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Chromodo Browser
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2016-20087 HIGH POC This Week

Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Fortitude Http
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2020-37251 HIGH POC This Week

RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Realtimes Desktop Service
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2020-37250 HIGH POC This Week

TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows local attackers to execute arbitrary code with system privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Tftp Broadband
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2016-20095 HIGH POC This Week

Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastViewerRemoteService and FastViewerRemoteProxy services that allows local users to execute arbitrary. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Matrix42 Remote Control Host
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2022-50971 HIGH POC This Week

Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Malwarebytes
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2021-47985 HIGH POC This Week

Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sapsprint
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2016-20086 HIGH POC This Week

Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBackup_webServer services that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Vembu Storegrid
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2016-20085 HIGH POC This Week

Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Realtek High Definition Audio Driver
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2016-20091 HIGH POC This Week

Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Windows Firewall Control
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2020-37253 HIGH POC This Week

Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Winstep
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-54297 HIGH POC PATCH GHSA This Week

Denial of service in the Faraday Ruby HTTP client library (versions up to and including 2.14.2) allows remote attackers to crash worker threads by submitting query strings with deeply nested bracket-notation parameters. The Faraday::NestedParamsEncoder recursively walks attacker-controlled nested Hash structures without a depth ceiling, raising an uncaught SystemStackError at roughly 3,000+ levels of nesting (~9.4 KB payload). Publicly available exploit code exists in the GHSA-98m9-hrrm-r99r advisory itself; no public exploit identified at time of analysis in the active-exploitation sense, and impact is limited to availability - no RCE, auth bypass, or data disclosure, despite the input tags listing those categories.

Denial Of Service Authentication Bypass Information Disclosure RCE
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-55692 HIGH POC PATCH GHSA This Week

Stored cross-site scripting in the StarCitizenWiki EmbedVideo MediaWiki extension (versions <= 4.0.0) allows any user with page-edit rights to inject arbitrary JavaScript into the data-mw-iframeconfig attribute by supplying a malformed URL or ID containing single quotes for the archiveorg, wistia, or sharepoint services. The flaw is present under the default $wgEmbedVideoRequireConsent=true configuration and executes in the wiki origin for every visitor that loads the affected page, with publicly available exploit code exists in the GHSA advisory.

Microsoft XSS PHP
NVD GitHub
CVSS 3.1
7.5
CVE-2017-20265 HIGH POC This Week

Joomla!. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Flip Wall
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2017-20264 HIGH POC This Week

Joomla!. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Sponsor Wall
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2019-25761 HIGH POC This Week

Joomla!. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Joomcrm
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2019-25759 HIGH POC This Week

Joomla!. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Vbizz
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2019-25757 HIGH POC This Week

Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and userid. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Vwishlist
NVD Exploit-DB VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2019-25749 HIGH POC This Week

Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the guest_adult parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cruiseportal
NVD Exploit-DB VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2019-25760 MEDIUM POC This Month

Joomla!. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP LFI Easy Shop
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2026-8806 HIGH CISA Act Now

Denial-of-service in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Modules (all versions) allows unauthenticated remote attackers to halt the module's communication function by flooding its Ethernet port with packets. The high packet rate overwhelms internal anomaly-detection processing and stops communications - a critical impact for the industrial control environments these PLCs operate in. No public exploit identified at time of analysis, but the CVSS 4.0 score of 8.7 reflects high availability impact in operational technology contexts.

Information Disclosure Mitsubishi Electric Melsec Iq F Series Fx5 Enet Ip Ethernet Module Fx5 Enet Ip
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2026-8805 HIGH CISA Act Now

Denial-of-service in Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module (versions 1.000 and prior) allows a remote unauthenticated attacker to crash the device by rapidly opening many TCP connections, which trips an integer overflow in the EtherNet/IP connection-management logic and triggers improper memory access. No public exploit identified at time of analysis, but the CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) and high availability impact make this a meaningful operational-technology (OT) concern for plants relying on the affected PLC module. Reported by the vendor and tracked in vendor PSIRT advisory 2026-002, JVN VU#97140216, and CISA ICS advisory ICSA-26-169-05.

Integer Overflow Buffer Overflow Mitsubishi Electric Melsec Iq F Series Fx5 Eip Ethernet Ip Module Fx5 Eip
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2026-9822 MEDIUM POC PATCH This Month

Missing authorization controls in the WP Hotel Booking WordPress plugin (all versions before 2.3.1) expose sensitive hospitality business data to any authenticated Subscriber-level user. Affected AJAX handlers lack WordPress capability checks, enabling low-privilege users to read other guests' booking line items, enumerate active coupon codes, and access internal pricing data across the entire site. A public proof-of-concept exploit exists per WPScan; while not confirmed actively exploited in CISA KEV, the low authentication barrier and publicly available exploit represent meaningful real-world risk for any hotel or hospitality site with user registration enabled.

Information Disclosure WordPress Wp Hotel Booking
NVD WPScan VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-45480 CRITICAL PATCH NO ACTION HOSTED Monitor

Privilege escalation in Microsoft Azure Active Directory allows unauthenticated remote attackers to bypass authentication controls and gain elevated access across tenant boundaries. With a maximum CVSS score of 10.0 and a scope-changing impact, successful exploitation could compromise identity, access, and resources federated through Azure AD. No public exploit identified at time of analysis, but the trivial attack complexity and network-reachable vector make this a top-priority issue for any organization relying on Azure AD for identity.

Authentication Bypass Microsoft Azure Active Directory
NVD VulDB
CVSS 3.1
10.0
EPSS
0.6%
CVE-2026-54782 CRITICAL PATCH GHSA Act Now

Authentication bypass in CoreWCF (NuGet CoreWCF.Primitives) versions prior to 1.8.1 and 1.9.0-1.9.1 allows remote unauthenticated attackers to forge SAML 1.1 and SAML 2.0 assertions and impersonate any principal - including administrative identities - that the trusted STS could issue tokens for. The flaw stems from improper SAML token signature validation (CWE-290) in FederatedSecurityTokenManager, and only the trusted STS's public certificate (discoverable by design) is required. No public exploit identified at time of analysis and the issue is not on the CISA KEV list, but the CVSS 10.0 score with scope change reflects severe trust-boundary impact.

Authentication Bypass
NVD GitHub
CVSS 3.1
10.0
EPSS
0.2%
CVE-2026-48772 CRITICAL PATCH Act Now

Source-address spoofing in ProxySQL 2.0.0 through 3.0.8 lets any TCP peer that can reach the MySQL frontend port forge the client IP seen by the query-rule engine, bypassing routing and ACL controls. The flaw stems from incorrect parsing of the HAProxy PROXY protocol v1 `UNKNOWN` token, whose address fields the specification requires receivers to ignore. No public exploit identified at time of analysis, but the vendor advisory describes the attack mechanics in detail and version 3.0.9 ships the fix.

PostgreSQL Authentication Bypass Proxysql
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.2%
CVE-2026-51846 CRITICAL Act Now

Remote code execution in Tenda AC7 routers (firmware v15.03.06.44) is possible via a stack buffer overflow in the wanSpeed parameter of the /goform/AdvSetMacMtuWan endpoint. The CVSS 9.8 vector (AV:N/AC:L/PR:N/UI:N) indicates unauthenticated network-based exploitation with full confidentiality, integrity, and availability impact, though no public exploit identified at time of analysis and the device is not listed in CISA KEV.

Stack Overflow RCE Buffer Overflow Tenda Ac7 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-54051 CRITICAL PATCH GHSA Act Now

Command injection in the Network-AI npm package (network-ai < 5.9.1) lets any agent or caller granted a wildcard allowlist entry such as `git *`, `npm *`, or `node *` execute arbitrary shell commands as the orchestrator process. The flaw stems from `SandboxPolicy.isCommandAllowed` glob-matching the entire command string while `ShellExecutor` runs it through `/bin/sh -c`, so shell metacharacters like `;`, `|`, and `$(...)` smuggle additional commands past the sandbox. A working PoC is published in the GHSA advisory, though there is no public exploit identified at time of analysis in the wild and no CISA KEV listing.

RCE Command Injection Node.js
NVD GitHub
CVSS 3.1
9.9
CVE-2026-50242 CRITICAL PATCH Act Now

Authentication bypass in JetBrains Hub (the identity and account-management server behind TeamCity, YouTrack, and other JetBrains tools) lets an actor obtain administrative access by going through direct database access, per JetBrains' own advisory. Classified under CWE-306 (Missing Authentication for a Critical Function) and vendor-scored CVSS 9.8, it affects all builds before the fixed 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, and 2024.2.148429 releases. There is no public exploit identified at time of analysis and the EPSS probability is low (0.44%, 35th percentile), but full administrative compromise is the stated technical impact.

Authentication Bypass Hub
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-56141 CRITICAL PATCH Act Now

Account takeover in JetBrains Hub is possible through predictable restore codes, affecting all versions prior to 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, and 2024.2.148429. Remote unauthenticated attackers can guess or predict the restore codes used for account recovery, enabling them to seize control of arbitrary user accounts. No public exploit identified at time of analysis, but the CVSS 9.8 rating reflects the high impact of full account compromise across an identity management platform.

Information Disclosure Hub
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-51845 CRITICAL Act Now

Stack buffer overflow in Tenda AC7 router firmware v15.03.06.44 allows remote unauthenticated attackers to corrupt memory via the mac parameter in the /goform/AdvSetMacMtuWan web interface endpoint. The flaw carries a CVSS 9.8 critical rating with network attack vector and no authentication required, though no public exploit code has been identified at time of analysis and the CVE is not listed in CISA KEV. Tenda SOHO routers in this family have a well-documented history of similar /goform/* stack overflows being weaponized for botnet recruitment.

Stack Overflow Buffer Overflow Tenda Ac7 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-51844 CRITICAL Act Now

Stack buffer overflow in Tenda AC7 router firmware v15.03.06.44 allows remote attackers to corrupt memory via an oversized cloneType parameter sent to the /goform/AdvSetMacMtuWan web interface endpoint. The CVSS 9.8 vector indicates unauthenticated network exploitation with high impact to confidentiality, integrity, and availability. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Stack Overflow Buffer Overflow Tenda Ac7 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-51843 CRITICAL Act Now

Stack buffer overflow in Tenda AC7 router firmware v15.03.06.44 allows remote attackers to corrupt memory through the wanMTU parameter of the /goform/AdvSetMacMtuWan web management endpoint. The CVSS 9.8 rating reflects network-reachable, unauthenticated exploitation with full impact on confidentiality, integrity, and availability, though no public exploit identified at time of analysis. The flaw is classified as CWE-121 (stack-based buffer overflow), a class historically leveraged for code execution or denial of service on embedded MIPS/ARM SOHO routers.

Stack Overflow Buffer Overflow Tenda Ac7 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-48773 CRITICAL PATCH Act Now

Pre-authentication heap memory corruption in ProxySQL 2.0.18 through 3.0.8 allows remote unauthenticated attackers to corrupt heap memory by sending a crafted first packet declaring an oversized length, which is passed directly to recv() into a fixed 32 KB input queue on both MySQL and PostgreSQL protocol listeners. The flaw carries a CVSS 9.8 rating and is fixed in 3.0.9; no public exploit identified at time of analysis, but the trivial trigger condition and out-of-bounds write primitive create strong potential for weaponization.

PostgreSQL Memory Corruption Buffer Overflow Proxysql
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-7515 CRITICAL Act Now

Unauthenticated remote code execution in BetterDocs Pro for WordPress (versions through 3.8.0) is achievable by abusing the `doc_style` parameter to include arbitrary local PHP files. Wordfence has assigned a critical 9.8 CVSS score, and while no public exploit identified at time of analysis, the unauthenticated network-reachable nature of the flaw on a widely deployed WordPress documentation plugin makes opportunistic mass-exploitation likely once details propagate.

Information Disclosure WordPress RCE LFI PHP +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2026-48582 CRITICAL PATCH NO ACTION HOSTED Monitor

Privilege escalation in Microsoft Exchange Online allows an authenticated remote attacker to elevate privileges across a tenant or organizational boundary due to missing authorization checks. The flaw carries a CVSS 3.1 score of 9.6 with scope change, indicating impact beyond the initially authorized security context, though no public exploit identified at time of analysis. As a cloud-hosted service, mitigation is largely Microsoft-managed rather than a customer-applied patch.

Authentication Bypass Microsoft Exchange Online
NVD VulDB
CVSS 3.1
9.6
EPSS
0.4%
CVE-2026-55447 CRITICAL PATCH GHSA Act Now

Arbitrary file read leading to remote code execution affects Langflow versions prior to 1.9.2 in any flow that uses BaseFileComponent-derived nodes (Read File, Docling, Docling Serve, NVIDIA Retriever Extraction, Video File, Unstructured API). An attacker who can submit a TAR archive containing symlinks - for example through a RAG ingestion pipeline that accepts user documents - causes the server to follow those links and ingest arbitrary host files such as Langflow's JWT secret_key, which can then be used to forge admin tokens and execute Python via the Code Interpreter node. Publicly available exploit code exists (researcher-published PoC archive and demo video); not listed in CISA KEV.

Nvidia Python RCE
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.3%
CVE-2026-44939 CRITICAL PATCH GHSA Act Now

{token}_{clusterId}.yaml. CVSS 4.0 rates this 9.4 (Critical) with a scope-changing impact on subsequent systems, but no public exploit was identified at time of analysis and it is not listed in CISA KEV. Reported by SUSE through GitHub Security Advisory GHSA-mhc6-2gfq-xx62.

Command Injection Code Injection Rancher Suse
NVD GitHub
CVSS 4.0
9.4
EPSS
1.1%
CVE-2026-11941 MEDIUM POC PATCH GHSA This Month

Use-after-free memory corruption in Cloudflare Quiche's FFI layer exposes applications built with the non-default FFI feature flag to remote denial of service and limited heap disclosure. Two FFI iterator functions - quiche_connection_id_iter_next and quiche_conn_retired_scid_next - return raw pointers to ConnectionId values that are immediately freed when their owning Rust scope exits, leaving callers holding dangling pointers. No public exploit has been identified at time of analysis and there is no CISA KEV listing, but the CVSS 5.6 (AV:N/AC:H) score correctly reflects the constrained preconditions imposed by the opt-in build flag.

Use After Free Memory Corruption Information Disclosure Denial Of Service Quiche
NVD GitHub VulDB
CVSS 3.1
5.6
EPSS
0.2%
CVE-2026-53488 CRITICAL PATCH GHSA Act Now

Host command execution in containerd's CRI plugin arises because labels from an image config (Dockerfile LABEL instruction) are propagated to the created container without validation; when a downstream plugin consumes those labels for operations (notably the restart-monitor's binary:// logger path), an attacker-controlled label value becomes an arbitrary command executed with host-root privileges. Affected releases are all containerd versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5, and 2.3.2, meaning any environment that pulls and runs an untrusted image on a node using a label-consuming plugin is exposed to full container-to-host escape. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, so this is a high-severity, responsibly-disclosed flaw rather than one with confirmed active exploitation.

Information Disclosure Containerd
NVD VulDB GitHub
CVSS 4.0
9.4
EPSS
0.2%
CVE-2026-48137 CRITICAL Act Now

Remote code execution in NI grpc-device 2.17.0 and earlier is possible when an attacker sends a specially crafted Moniker protobuf message to the sideband streaming API, triggering an untrusted pointer dereference (CWE-822). The flaw is reachable without authentication or user interaction over the network, yielding a CVSS 4.0 base score of 9.3. No public exploit identified at time of analysis, but vendor advisories from NI and the upstream GitHub Security Advisory GHSA-ww59-ghm9-mm63 are published.

RCE Grpc Device Instrumentstudio
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.5%
CVE-2026-9142 CRITICAL Act Now

Unauthenticated network access to NI grpc-device 2.17.0 and earlier is possible when the server is deployed without TLS configuration and bound to a non-loopback interface, exposing instrument control services to anyone on the local network. The flaw stems from insecure default credentials behavior and aligns with CWE-306 (missing authentication for a critical function). No public exploit identified at time of analysis, though the CVSS 4.0 base score of 9.3 reflects high confidentiality and integrity impact under default-prone deployments.

Authentication Bypass Grpc Device Instrumentstudio
NVD GitHub
CVSS 4.0
9.3
EPSS
0.3%
CVE-2026-54527 CRITICAL PATCH GHSA Act Now

Stored cross-site scripting in the jupyterlab-git extension (versions 0.30.0b3 through 0.53.x) escalates to remote code execution when a victim views a rename diff in the Git History tab. The PlainTextDiff.ts createHeader() method injects unsanitized Git filenames into innerHTML, so a filename such as <img src=x onerror=eval(atob(...))>.py fires JavaScript that reads the _xsrf cookie, spawns a JupyterLab terminal via POST /api/terminals, and runs arbitrary shell commands. Reported by AWS Security; no public exploit identified at time of analysis, though the vendor advisory (GHSA-f962-v9hr-pfg5) documents a detailed reproduction path, and it is not listed in CISA KEV.

XSS RCE
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2026-56081 CRITICAL PATCH Act Now

Account pre-registration hijack in Capgo before 12.128.2 lets a remote unauthenticated attacker claim an account under a victim's email address before that email is verified, then lock the legitimate owner out by enabling two-factor authentication on the squatted account. The flaw stems from a CWE-640 weak password recovery / account-binding logic issue and carries a CVSS 4.0 score of 9.3; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Capgo
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-56073 CRITICAL PATCH Act Now

Authentication bypass in Capgo prior to version 12.128.2 lets attackers defeat email-based OTP verification by tampering with HTTP responses returned to the client, which the application trusts to decide whether verification succeeded. Successful exploitation enables fraudulent 2FA enrollment and account takeover, and no public exploit has been identified at time of analysis though VulnCheck has published an advisory describing the response-manipulation technique.

Authentication Bypass Capgo
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-54414 CRITICAL PATCH Act Now

Unauthenticated administrator account takeover in FileRise before 3.16.0 is possible via a path traversal flaw in the shared-folder upload endpoint (/api/folder/uploadToSharedFolder.php), where URL-encoded path separators bypass filename validation and allow arbitrary file write outside the upload directory. Any actor holding a valid, non-expired, upload-enabled shared-folder token - tokens explicitly designed to be shared publicly - can overwrite users/users.txt to plant an admin account and, depending on configuration, achieve remote code execution. No public exploit identified at time of analysis, but the upstream fix in v3.16.0 documents the exact bypass, lowering the bar for weaponization.

Path Traversal PHP RCE Filerise
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.7%
CVE-2026-55884 CRITICAL PATCH GHSA Act Now

Missing authentication in the Tilt HUD HTTP server (Go package github.com/tilt-dev/tilt, versions 0.20.8 through 0.37.3) lets an unauthenticated network attacker trigger developer-defined Tiltfile resources, tamper with Tiltfile arguments, read full engine state including the session token, and proxy authenticated calls into the Tilt apiserver. Exploitation is only possible when Tilt is bound to a non-loopback address (via 'tilt up --host 0.0.0.0' or TILT_HOST), not in the safe default loopback configuration. No public exploit identified at time of analysis and it is not listed in CISA KEV; a vendor patch exists in v0.37.4.

Authentication Bypass
NVD GitHub
CVSS 4.0
9.2
EPSS
0.4%
CVE-2025-62821 CRITICAL Act Now

Out-of-bounds read in Microsoft HEIF Image Extensions 1.2.22.0 allows remote attackers to disclose memory contents and crash the process by serving a crafted HEIF image. The flaw stems from CHEIFItemInfoEntry_GetDataSize returning success with a reported data size of zero, leading to a 1-byte allocation that is later overrun by a memmove in CopyPixels. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Microsoft Buffer Overflow Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.4%
CVE-2026-8713 CRITICAL Act Now

Arbitrary file deletion in the Avada (Fusion) Builder WordPress plugin through version 3.15.3 allows remote unauthenticated attackers to delete any file on the server via path traversal in the maybe_delete_files function, which commonly escalates to remote code execution when wp-config.php is removed and WordPress enters setup mode. Wordfence reports the flaw is reachable through the wp_ajax_nopriv_fusion_form_submit_ajax handler on sites that have a published Avada form saving entries to the database. No public exploit identified at time of analysis, but the CVSS 9.1 score reflects trivial network exploitation with no authentication or user interaction.

Path Traversal PHP WordPress RCE Avada Fusion Builder
NVD
CVSS 3.1
9.1
EPSS
1.2%
Prev Page 2 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy