Server-side template injection in FOSSBilling versions prior to 0.8.0 allows authenticated administrators to execute arbitrary code and disclose sensitive information by injecting Twig expressions into template-rendering features. The unsandboxed Twig environment exposes the application's dependency injection container, turning any admin-accessible template surface into a full RCE primitive. No public exploit identified at time of analysis, but a related auth-bypass chain (GHSA-78x5-c8gw-8279) is documented by VulnCheck and could lower the practical privilege bar.
Remote code execution in Gogs self-hosted Git service before 0.14.3 allows unauthenticated attackers (where self-registration is enabled) to abuse unsanitized organization names containing '../' sequences to write Git repository files outside the intended storage root, then overwrite a repository's hooks/update script and trigger arbitrary command execution as the git user. The flaw carries a CVSS 10.0 (AV:N/AC:L/PR:N/UI:N/S:C) rating, and a fully working public proof-of-concept is published alongside the GHSA advisory, though no CISA KEV listing or EPSS data is provided in the input.
Unauthenticated mass assignment in Hoppscotch self-hosted exposes the JWT_SECRET and SESSION_SECRET to full attacker control via a single HTTP POST request to the onboarding endpoint, enabling forged authentication tokens for any user including administrators. All self-hosted deployments running version 2026.4.1 and earlier are affected during the initial onboarding window or when re-onboarding is enabled. A working proof of concept is publicly available and the attack is fully automatable with no credentials, no user interaction, and no special tooling required.
Remote code execution in Gogs through 0.14.2 allows authenticated users (and unauthenticated attackers on default-configured instances with open registration) to execute arbitrary commands as the Gogs server process by crafting a pull request whose base branch name injects a `--exec` flag into the underlying `git rebase` invocation. A working Python proof-of-concept exists and has been validated end-to-end against Docker, Linux binary, and Windows installations, yielding shell access as the `git` user. No CISA KEV listing or EPSS data is provided, so this is treated as publicly available exploit code rather than confirmed active exploitation.
Authorization bypass in FOSSBilling versions 0.5.4 through 0.7.x allows unauthenticated remote attackers to invoke privileged `/api/system/*` admin API methods because the `system` role resolves to the cron admin identity without requiring credentials, session, or CSRF token. The flaw, rated CVSS 4.0 10.0 with full vulnerable- and subsequent-system impact, is patched in 0.8.0; publicly available exploit code exists per VulnCheck's writeup chaining this bypass to SSTI for remote code execution.
{$exists:true}`) that override the builder's intended filter, returning or altering every document in a MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or JSON-body REST collection. A detailed working POC is published in the advisory; the issue is not in CISA KEV and EPSS is low (0.43%, 34th percentile), so this is publicly demonstrated but not yet confirmed as actively exploited.
Credential disclosure in Red Hat Ansible Automation Platform 2.5 and 2.6 allows any authenticated user to retrieve plaintext OAuth tokens, vault passwords, and SSH keys by sending forged Worker messages to the Event-Driven Ansible websocket endpoint. The /api/eda/ws/ansible-rulebook endpoint fails to verify permissions on activation_id values, enabling lateral credential theft across tenants. No public exploit identified at time of analysis, but the low attack complexity and scope-changed CVSS of 9.6 make this a high-priority patch.
Account takeover in Poweradmin versions prior to 4.2.4 and 4.3.3 allows remote unauthenticated attackers to hijack OIDC and SAML authentication flows by poisoning the HTTP Host header used to construct the redirect_uri sent to the Identity Provider. By tricking a victim into clicking a crafted login link, the attacker causes the IdP to deliver the authorization code to an attacker-controlled host, yielding full account access with no credentials required. No public exploit identified at time of analysis, though the upstream advisory and patched releases describe the issue in detail.
Reflected cross-site scripting in Immich (commits 4ffa26c9 through pre-4eb1003) allows a single-click account takeover of any authenticated user by abusing the unvalidated continue query parameter on /auth/login, which is passed directly to SvelteKit's redirect() without scheme or origin checks. The payload executes attacker-controlled JavaScript inside Immich's origin and uses the victim's session to mint an all-permission API key, yielding persistent compromise. No public exploit identified at time of analysis, but the upstream fix commit and a detailed GHSA advisory describe the flaw clearly enough to derive a working PoC.
Stack-based buffer overflow in the Totolink EX1200L router's login handler (cgi-bin/cstecgi.cgi) allows remote attackers on the adjacent network to crash the device or execute arbitrary code as root. Confirmed on firmware 9.3.5u.6146_B20201023 with no public exploit identified at time of analysis, but vendor contact attempts by CERT-PL were unsuccessful so no patch is available. CVSS 4.0 of 9.4 reflects unauthenticated exploitation with full impact on both the device and downstream systems.
Arbitrary file write in Crawl4AI Docker API server before 0.8.8 lets unauthenticated remote attackers escape the ALLOWED_OUTPUT_DIR via symlinks and a TOCTOU race on the output_path parameter of the /screenshot and /pdf endpoints, potentially escalating to code execution where the runtime user can write to executable or cron paths. No public exploit identified at time of analysis, but the API is unauthenticated by default and the GHSA confirms the issue was found in an internal security audit.
Remote code execution in picklescan versions prior to 1.0.4 allows attackers to bypass the scanner's safety validation by crafting malicious pickle files that import unblocked Python standard library modules. The tool's blocklist (scanner.py _unsafe_globals) omits at least seven stdlib modules - including uuid, _osx_support, _aix_support, _pyrepl.pager, and imaplib - exposing eight functions that execute arbitrary commands via subprocess or os.system. Publicly available exploit code exists in the GHSA advisory, demonstrating CLEAN scan results for files that achieve full RCE on load; this is especially concerning because picklescan is relied on by HuggingFace Hub and similar ML pipelines.
Arbitrary JavaScript code execution in the expr-eval npm package affects all released versions when applications pass user-controlled expressions to the toJSFunction() API, which compiles them via new Function() and executes them in the host process context. Snyk discloses no public exploit identified at time of analysis, but the trivial attack pattern (sandbox escape via crafted math expressions) and CVSS 4.0 score of 9.2 make this a high-priority issue for any Node.js or browser application that exposes expr-eval to untrusted input.
Account takeover in ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus is possible because SSO session-authentication tickets are generated with insufficient randomness and can be predicted by an unauthenticated remote attacker. Successful prediction lets the attacker impersonate arbitrary users and gain full session-level confidentiality, integrity, and availability impact (CVSS 9.0). No public exploit identified at time of analysis, but the issue is acknowledged in the vendor advisory.
Authentication bypass in NetComm NF20MESH routers (firmware R6B031 and earlier) allows unauthenticated remote attackers to forge valid encrypted session cookies using a hardcoded AES-256 key embedded in the firmware, granting full administrative control of the web management interface. The root cause is CWE-321 (Use of Hard-coded Cryptographic Key): because the same static AES-256 key is shared across all devices, any attacker who extracts it from firmware can impersonate any session. Exploitation requires an active administrator session and network reachability to the management interface; no KEV listing or confirmed public exploit exists at time of analysis, though the hardcoded-key nature makes the attack highly automatable once the key is disclosed.
CSRF session hijacking in Mojolicious::Plugin::Web::Auth::OAuth2 through version 0.17 for Perl stems from a predictable default state parameter built from a SHA-1 hash of leaked epoch time and Perl's weak rand(). Remote attackers can guess or precompute valid state values to forge OAuth2 authorization responses and bind a victim's session to an attacker-controlled identity. No public exploit identified at time of analysis, EPSS is low (0.19%, 8th percentile), and a vendor patch is available.
Authenticated arbitrary file write in Gogs (self-hosted Git service) versions below 0.14.3 on Linux/macOS lets a user with repository write access escape the working tree and overwrite any file the gogs UID can touch, escalating to remote code execution. The flaw stems from `UploadRepoFiles` validating symlinks only on the leaf path while sibling functions correctly walk every component; combined with a crafted multipart filename containing a literal backslash, the write is redirected through a previously committed directory symlink to targets like `~git/.ssh/authorized_keys` or `<repo>.git/hooks/post-receive`. No CISA KEV listing and no EPSS provided, but a detailed, tested proof-of-concept is published in the vendor advisory, so publicly available exploit code exists.
Command injection in ImageMagick's SVG decoder (coders/svg.c) lets attackers smuggle arbitrary MVG (Magick Vector Graphics) drawing commands inside an SVG file that execute when the image is rendered, affecting versions before 7.1.2-15 and 6.9.13-40 (and the Magick.NET bindings before 14.10.3). Because ImageMagick frequently processes untrusted, user-uploaded images on servers, a crafted SVG can achieve high-impact abuse of the internal MVG rendering pipeline. There is no public exploit identified at time of analysis and it is not on CISA KEV; EPSS is low at 0.91% (55th percentile), but SSVC flags exploitation as automatable.
Stored cross-site scripting in Plone CMS enables persistent script injection by spoofing file MIME types within the plone.app.textfield and plone.restapi packages, announced June 5, 2026. An attacker with content-upload access can craft a file whose declared MIME type bypasses Plone's content-type enforcement, causing browsers to render the payload as HTML or JavaScript when other users access the stored content. No public exploit code or CISA KEV listing has been identified at time of analysis; the moderate severity rating (4.3) reflects the stored persistence risk offset by the upload-privilege requirement.
Denial of service in Plone's RSS feed portlet component (plone.app.portlets) allows an attacker to exhaust server resources by supplying or triggering the parsing of a maliciously crafted RSS/Atom feed, rendering the Plone application unavailable. Disclosed June 23, 2026 as part of a coordinated Plone security release, the issue carries a critical severity rating of 9.1. No public exploit code or CISA KEV listing has been identified at time of analysis.
Denial-of-service via malformed iCalendar import in Plone's plone.app.event package, rated 9.1 critical, enables remote disruption of affected Plone installations by submitting a crafted ICS file to the event import endpoint. Disclosed June 23, 2026 as part of a coordinated Plone security release addressing six distinct vulnerabilities across multiple packages. No public exploit code or CISA KEV listing has been identified at time of analysis, though the critical severity rating and co-disclosure of a related icalendar library CVE (CVE-2026-55099) the same week warrant prompt patching.
Denial of Service in the collective/icalendar Python library allows attackers to crash or hang applications that process externally supplied iCalendar data. The vulnerability carries a CVSS score of 7.5 High and affects Plone CMS deployments as well as any Python application using the library to parse .ics input. No public exploit code has been identified at time of analysis, and the issue is not listed in CISA KEV.
Heap overflow in rsyslog's contributed imhttp module allows remote unauthenticated clients to corrupt the rsyslog process heap by sending an oversized HTTP Basic Authentication header. The root cause is a one-character typo - `calloc(0, len)` instead of `calloc(1, len)` - which allocates zero or minimal bytes before the Base64 decoder writes up to `len` bytes into the buffer. The practical expected impact is denial of service (rsyslog process crash); remote code execution is theoretically possible but depends on heap allocator behavior, compiler hardening, and platform. No public exploit identified at time of analysis, and the vulnerability is not in CISA KEV.