Account takeover in self-hosted Bitwarden Server before 2026.6.0 lets a low-privileged organization member steal any other member's vault key and a victim-scoped access token. The POST /auth-requests/admin-request handler never verifies that the email in the request body belongs to the authenticated caller (CWE-639), so an attacker can create a Trusted Device Encryption admin-approval request for a victim, bound to an attacker-controlled public key; once approved, the encrypted key material is retrievable from an unauthenticated endpoint. Publicly available exploit code exists (a VulnCheck advisory plus a public write-up), and the CVSS 4.0 base score of 9.3 reflects high confidentiality and integrity impact plus a cross-user scope change.
Uncontrolled resource consumption in the smallnest rpcx Go RPC framework (through 1.9.3) lets a single unauthenticated client crash the server by sending a small (<2 MB) gzip-compressed protocol message that decompresses into gigabytes of heap. Because protocol.Message.Decode inflates the payload via util.Unzip during readRequest - before any authentication - and the only size guard (protocol.MaxMessageLength) is checked against the compressed frame rather than the decompressed output, the server exhausts memory and becomes unavailable. Publicly available exploit code exists and a vendor patch (commit 047aec1) has been released; no public evidence of active exploitation at time of analysis.
The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin through 1.1.28 does not validate data before passing it to a PHP deserialization function, allowing unauthenticated attackers to inject arbitrary PHP objects; where a suitable gadget chain is present on the site this can be leveraged to achieve remote code execution.
Cross-origin WebSocket session hijacking in Midscene Bridge Server through version 1.10.3 lets any web page a victim visits connect to the locally running Socket.IO server without an Origin check or authentication token, seizing the tool's single-client slot. Once connected, a remote attacker can intercept and inject browser-automation commands, exfiltrate command-payload data, or unconditionally kill the server via the MIDSCENE_BRIDGE_SIGNAL_KILL query parameter. Publicly available exploit code exists (reported by VulnCheck) and a vendor patch is available (commit 86f4118); no active exploitation has been confirmed.
Remote denial of service in the JavaScript @libp2p/gossipsub module (all versions prior to 16.0.0) lets any connected peer stall a victim node by sending oversized IHAVE/IWANT control messages. Because defaultDecodeRpcLimits left maxIhaveMessageIDs and maxIwantMessageIDs set to Infinity, a single 4 MB RPC frame forces roughly 180,000 message IDs to be iterated synchronously, blocking the Node.js event loop and freezing the process. No public exploit identified at time of analysis; the flaw is remotely reachable without authentication against affected default configurations.
Denial of service in the httplib2 Python HTTP client library (all versions prior to 0.32.0) lets a malicious or compromised HTTP server crash the client by returning a small gzip- or deflate-compressed response body that expands without bound during automatic decompression, exhausting memory and triggering a MemoryError or OS OOM-kill. Any application that uses httplib2 to fetch content from untrusted or attacker-controllable endpoints is affected. No public exploit identified at time of analysis; EPSS not provided, but the class is trivially demonstrable and the fix is a one-line-scope behavioral change shipped in 0.32.0.
Arbitrary code execution on Code27 Companion Hub (firmware SQ3A.220705.003.A1) is achievable by a physically proximate attacker through improper access controls on the device's USB debugging (ADB) interface. The Android Debug Bridge component fails to enforce adequate restrictions, allowing an unauthenticated attacker with physical USB access to execute arbitrary commands at elevated privilege. A publicly available proof-of-concept exploit exists on GitHub, and SSVC assessment rates the technical impact as total despite no confirmed active exploitation in the wild.
Kiosk restriction bypass in the Code 27 Companion Hub allows an attacker with physical device access to perform a factory reset that completely circumvents the kiosk protection mechanism, granting full control over the device. The flaw (CWE-288) represents a protection mechanism failure where an alternate path - the factory reset function - is not gated by the same access controls as the restricted kiosk environment. A publicly available proof-of-concept exploit exists on GitHub, and while SSVC rates exploitation status as none and EPSS sits at 0.21% (11th percentile), the availability of working exploit code lowers the barrier for opportunistic physical-access attacks.
OS command injection in Nuclio (serverless platform) versions <= 1.15.27 lets attackers run arbitrary shell commands as root inside Kubernetes CronJob pods by submitting a function with a crafted cron trigger. The controller concatenates unsanitized `event.headers` keys and `event.body` values into a `/bin/sh -c` curl string; a header key containing a double-quote breaks quoting, and a body containing `$()` triggers command substitution (strconv.Quote does not escape it). Because the Nuclio Dashboard API is unauthenticated in its default configuration, this is remotely reachable; no public exploit is identified in KEV, though a detailed, dynamically-verified PoC accompanies the advisory.
Cross-tenant credential disclosure in WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to enumerate domains belonging to other tenants through the XML-RPC API, because ownership checks are applied only to certain lookup filters and schema validation is skipped for legacy protocol versions. Because affected FTP credentials are stored in cleartext, an attacker retrieves another tenant's FTP password and can pivot to executing code as that tenant's system user. No public exploit has been identified at time of analysis, but the flaw was reported via HackerOne and carries a CVSS 9.9 rating.
Unauthenticated SQL injection in IBM API Connect's password reset functionality allows remote attackers to inject arbitrary SQL against the backing database without credentials, affecting versions 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3. With a CVSS 9.8 vector (AV:N/AC:L/PR:N/UI:N) and total technical impact, exploitation can lead to full compromise of confidentiality, integrity, and availability of the API management data store. No public exploit identified at time of analysis, and EPSS remains low (0.44%), but IBM has released patches and CISA's SSVC flags the flaw as automatable with total impact.
Authentication bypass via default credentials in IBM API Connect 12.1.0.0 through 12.1.0.3 lets remote unauthenticated attackers log in with vendor-shipped default credentials during the window before the system forces a credential change on first use. Rated CVSS 9.8 with total confidentiality, integrity, and availability impact, the flaw grants full access to the API management platform. There is no public exploit identified at time of analysis and SSVC reports no observed exploitation, but the low attack complexity and known-credential nature make opportunistic abuse of freshly deployed instances plausible.
Authorization bypass in the WP Learn Manager WordPress plugin (all versions through 1.1.8) lets unauthenticated attackers install and activate arbitrary plugins from the WordPress.org repository on a vulnerable site. The flaw stems from AJAX handlers that fail to verify a caller's authorization, and Wordfence rates it CVSS 9.8. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the unauthenticated, low-complexity nature makes it a high-priority patch target.
Authentication bypass in Dassault Systèmes DELMIA Apriso (Release 2020 through Release 2026) lets remote unauthenticated attackers obtain privileged access to the manufacturing operations server, consistent with the CVSS PR:N/UI:N metrics. Rated CVSS 9.8 (C:H/I:H/A:H), it exposes shop-floor and production-control functions to full compromise. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Account takeover in the Eventer WordPress event-manager plugin (all versions through 4.4.2) stems from the plugin writing the password-reset key in cleartext to the `eventer_verification_code` field in `wp_usermeta`; any actor who can read that value can drive the plugin's custom reset action to set an arbitrary password for any user, including administrators. Chained with the companion SQL injection flaw CVE-2026-9700, remote attackers can extract the stored key without authentication and fully hijack accounts. There is no public exploit identified at time of analysis, and exploitation is constrained to sites running PHP 7.4 or earlier, where the reset routine functions.
Path-equivalence weakness in Progress MOVEit Transfer's File Upload modules lets remote attackers bypass path-normalization checks to reach or place files outside their intended scope, carrying an NVD CVSS of 9.8. It affects MOVEit Transfer before 2025.0.8 and the 2025.1.x line before 2025.1.4, and a vendor patch is available. There is no public exploit identified at time of analysis and EPSS is low (0.25%), while CISA SSVC rates exploitation as none and technical impact as only partial.
Remote code execution in the Generic OEM UZ801_v2.1 4G LTE Router (firmware V3.4.3) lets unauthenticated attackers run arbitrary code by sending crafted requests to the /ajax web management API served by the device's MifiService.apk component. The flaw stems from broken access control on the management endpoint, giving remote attackers full control of the device with no credentials. Publicly available exploit code exists on GitHub, though EPSS probability is low (0.24%, 15th percentile) and it is not on the CISA KEV list.
Denial of service in the Imager image-processing module for Perl (all versions before 1.033) allows remote attackers to crash a worker process by submitting an image whose EXIF IFD entry count is mishandled as a signed integer, triggering an near-address-space-sized memory allocation that fails and aborts the process. Any application that passes untrusted images through Imager's EXIF parsing is exposed. There is no public exploit identified at time of analysis, EPSS is low (0.18%, 8th percentile), and it is not listed in CISA KEV.
SQL injection in Webbeyaz Web Design's Mediküm Web application (all versions through build 08072026) lets remote unauthenticated attackers inject arbitrary SQL commands, yielding full read/write control over the backend database. The CVSS 9.8 rating reflects network-reachable exploitation with no authentication or user interaction; no public exploit has been identified at time of analysis. Critically, the vendor confirmed to TR-CERT that the product is end-of-life and unsupported, so no fix will be issued.
SQL injection in the Snowflake Snowpark Python SDK (snowpark-python) before 1.53.0 lets an authenticated low-privilege Snowflake user execute SQL beyond their authorization scope, enabling cross-tenant data theft and source-database compromise. Three distinct injection points are involved - malicious source column names via DataFrameReader.dbapi(), a crafted location parameter that redirects COPY INTO in DataFrameWriter, and a backslash-single-quote bypass of normalize_path() in DataFrame.to_csv(). Rated CVSS 9.6 with a scope change; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Sandbox escape in Google Chrome for Android before 150.0.7871.115 stems from a use-after-free in the Autofill component, letting a remote attacker who lures a victim to a crafted HTML page potentially break out of the renderer sandbox. Rated High by Chromium and carrying a CVSS 9.6 due to the scope-changing impact, it currently has no public exploit identified at time of analysis and is not listed in CISA KEV. A vendor patch shipped via the Chrome Stable channel update.
Unauthenticated remote code execution in Joro ≤ v1.1.0 (BishopFox's offensive-security tooling) allows an attacker to gain a shell as the operator's user when that operator merely visits a malicious web page. In the default proxy mode, Joro exposes an unauthenticated local API on 127.0.0.1:9090 with a wildcard CORS policy; because plugin uploads use the CORS-safelisted multipart/form-data content type, cross-origin JavaScript can upload a native Go plugin and trigger a restart through the operator's browser with no preflight or credentials, and the plugin's init() executes on load. No public exploit is identified at time of analysis, but the advisory documents a complete, reproducible attack chain, and the assigned CVSS is 9.6 (Critical).
Memory corruption in the OpenSSH client (ssh) before 10.4 lets a malicious or compromised SSH server trigger a use-after-free on the connecting client by changing its host key during a key re-exchange (rekey), potentially leading to information disclosure or code execution in the client process. Only the client side is affected; the server is not vulnerable. There is no public exploit identified at time of analysis and it is not on CISA KEV, and EPSS is low (0.25%, 16th percentile), but the flaw is fixed in OpenSSH 10.4/10.4p1.
Server-side request forgery in Repomix's hosted API (POST /api/pack) lets unauthenticated remote attackers coerce the server into making arbitrary outbound requests. Because the endpoint passes user-supplied URLs to git clone without validating the http://, https://, or file:// schemes, an attacker can reach internal-only network addresses, cloud metadata endpoints (e.g. GCP), and read local filesystem paths. VulnCheck reported the flaw and a vendor fix exists; no public exploit is identified at time of analysis.
Uncontrolled resource consumption in node-tar before 7.5.19 lets a small crafted gzip bomb exhaust disk space and CPU on any Node.js application that extracts or parses attacker-supplied tar archives. Because node-tar imposes no upper bound on total decompressed size, entry count, or compression ratio in its extract and parse paths, a tiny malicious file can inflate to consume all available storage and processing, causing denial of service. No public exploit has been identified, but the fix is a straightforward, well-documented behavior change published in the vendor advisory GHSA-23hp-3jrh-7fpw.
Arbitrary file deletion in the Simple Coherent Form WordPress plugin (all versions up to and including 2.4.13) allows unauthenticated attackers to delete any file the web server can reach, and deleting wp-config.php can cascade into full remote code execution. The plugin's two intended access controls are illusory: the scf_get_id_upload endpoint hands a valid scf_upload_file_removal nonce to any anonymous visitor, and the secondary hash check can be reproduced offline because it derives from a salt hardcoded in the plugin source. There is no public exploit identified at time of analysis, but the flaw carries a high 9.1 CVSS and reflects a genuine unauthenticated-network attack path.
Remote code execution in the Blocksy Companion Pro WordPress plugin (all versions before 2.1.47) lets unauthenticated attackers upload executable PHP files through the Advanced Reviews feature, taking over the site. The save_attachments function relies on a flawed strpos() substring check inherited from the Custom Fonts extension, so a double-extension filename like shell.woff2.php passes validation while the server executes it as PHP. No public exploit has been identified at time of analysis, but a vendor patch (2.1.47) is available and the flaw was reported by VulnCheck.
Missing authentication in Dgraph Alpha lets an unauthenticated network client destroy and overwrite an entire database group's data via the external-snapshot import RPCs exposed on the public gRPC port :9080. Any attacker able to reach port 9080 can open a StreamExtSnapshot session; because the receiver calls Prepare() before ingesting the stream, the existing store is deleted and replaced with attacker-supplied Badger data. Fixed in version 25.3.5; no public exploit identified at time of analysis.
Use-after-free in the GLX dispatch layer of X.Org X Server and Xwayland allows an authenticated X client to corrupt heap memory by triggering a contextTags array reallocation while a stale pointer is still held. The attacker crafts a deterministic sequence of exactly 34 GLX requests - 17 CreateContext and 17 MakeCurrent calls - to force the realloc, after which GlxFreeContextTag writes zeros into freed memory at five fixed offsets. No CVSS vector or KEV listing is present; the vulnerability was discovered by an anonymous researcher through Trend Micro Zero Day Initiative (ZDI-CAN-30561), indicating active vulnerability research interest though no public exploit has been confirmed.
Sensitive file exfiltration in Composio SDK (the @composio/cli package) before 0.2.32-beta.283 lets attackers steal credential files by abusing a missing path-safety check in the readFileFromDisk function of tool-file-uploads.ts. Because the assertSafeFileUploadPath guard is absent, an attacker who can influence the agent's prompt can manipulate file_uploadable parameters to point at arbitrary paths such as ~/.ssh private keys, causing the CLI to upload those files to attacker-controlled storage. There is no public exploit identified at time of analysis, but the upstream fix, issue, and pull request are all public, which lowers the bar for reproduction.
Arbitrary code execution in libXfont2 before 2.0.8 lets an authenticated X client corrupt heap memory inside the X server via a maliciously crafted PCF bitmap font. The flaw sits in ComputeScaledProperties(), where a missing bounds check on the property buffer allows a heap overflow (CWE-122) that runs in the X server's security context - typically root on traditional Linux desktops. There is no public exploit identified at time of analysis; EPSS is modest at 0.58% and CISA SSVC rates exploitation as 'none' with 'total' technical impact.
Arbitrary file upload in the WHMCS Bridge plugin for WordPress (all versions through 6.9) lets authenticated users with Custom-level access or above upload files of any type via the unvalidated connect() function, potentially achieving remote code execution on the host. Reported by Wordfence and tracked as CWE-434, the flaw carries a CVSS of 8.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The impact hinges on the plugin's failure to enforce file-type checks before writing uploaded content to disk.
Command injection in yt-dlp and youtube-dl before 2026.7.4 lets a malicious video/webpage host smuggle attacker-controlled data into shortcut files generated by the --write-link, --write-url-link, and --write-desktop-link options. Because webpage_url and filename metadata are written to .url/.desktop files without validation or escaping, an attacker can inject a file:// URI on Windows or a newline-based Desktop Entry key on Linux that runs commands when the victim later opens the generated shortcut. No public exploit identified at time of analysis; EPSS is modest at 0.55% and CISA SSVC records exploitation as none, but technical impact is rated total.
Heap-based code execution in libXfont2 before 2.0.8 allows an authenticated X client to run arbitrary code inside the X server by supplying a malformed PCF font that trips missing glyph bounds checking in pcfReadFont(). Because X servers frequently run with elevated (often root) privileges, a successful exploit can escalate from a low-privileged client to full host compromise. No public exploit is identified at time of analysis and CISA SSVC rates current exploitation as none, but the technical impact is rated total.
Remote code execution in the Widget Logic Visual WordPress plugin (all versions through 1.52) lets low-privileged authenticated users run arbitrary PHP on the server. The flaw stems from the widget-logic-update-conditional-tags AJAX action lacking a capability check and nonce verification, allowing any subscriber-and-above account to store attacker-controlled data in the 'nwlv[cod-tag]' parameter that is later passed to an eval() call by widget_logic_visual_check_visibility. Reported by Wordfence with no public exploit identified at time of analysis and no CISA KEV listing.
Authentication bypass in the DoLogin Security plugin for WordPress (all versions through 4.3) lets remote attackers forge passwordless magic-link tokens and log in as any user, including administrators. The 32-character token is generated by seeding the Mersenne Twister PRNG (mt_srand) with a value derived from microtime() that carries only ~20 bits of entropy, so the entire token is a deterministic function of a ~10^6-value seed space that can be brute-forced offline. No public exploit identified at time of analysis, but the flaw was reported by Wordfence and the vulnerable code paths are cited directly in the WordPress plugin repository.
Server-controlled buffer overflow in Das U-Boot (bootloader) through 2026.04-rc3 lets a malicious or compromised NFS server corrupt memory in an U-Boot client built with CONFIG_CMD_NFS. The flaw lives in nfs_readlink_reply() (net/nfs-common.c), where relative symlink targets from consecutive READLINK responses are appended to the fixed 2048-byte nfs_path_buff without cumulative length checks; two responses of ~1100 bytes each overflow it and clobber adjacent BSS state (nfs_server_ip, nfs_server_mount_port, nfs_server_port, nfs_our_port, nfs_state, rpc_id), giving control over the NFS client state machine. Reported by VulnCheck with a CVSS 4.0 base score of 8.8; there is no public exploit identified at time of analysis and it is not on CISA KEV.
SQL and DDL injection in the Snowflake Terraform Provider before 2.18.0 lets an attacker who can influence pipeline workspace variables execute arbitrary SQL inside the provider's privileged Snowflake session (CWE-89), enabling data exfiltration and creation of long-lived credentials. A second flaw allows identifier-injection into user-management DDL, so accounts can be minted with attacker-controlled credentials that bypass operator-configured security controls. No public exploit identified at time of analysis; risk is authenticated/insider-driven rather than remote-unauthenticated.
Arbitrary code execution in the X.Org libXfont2 library (versions before 2.0.8) stems from a heap buffer overflow in the BitmapScaleBitmaps routine, where a 32-bit size calculation overflows during bitmap font scaling. Any client able to connect to the X Server and request scaled bitmap fonts can corrupt heap memory and run code within the X server's process context, which is frequently privileged. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; EPSS is low at 0.37% (29th percentile), consistent with the SSVC finding of no observed exploitation despite total technical impact.
Privilege escalation in the Duoshuo (多说社会化评论框) social commenting plugin for WordPress (all versions through 1.2) lets remote attackers seize full administrator control. An unauthenticated, web-accessible API endpoint (api.php/LocalServer.php) exposes an `update_option` handler that lacks capability and nonce checks and relies on a trivially forgeable HMAC-SHA1 signature keyed on an always-empty option, allowing attackers to overwrite any WordPress option - for example flipping `default_role` to `administrator` and enabling open registration, then self-registering an admin account. No public exploit is identified at time of analysis, and it is not in CISA KEV, but the flaw is straightforward to weaponize.
Authentication bypass in LiteLLM (BerriAI) proxy/AI Gateway before 1.84.0 lets a remote unauthenticated attacker reach MCP tooling by sending a fabricated Authorization header. The malformed header forces the MCP Streamable HTTP endpoint down an OAuth2 passthrough fallback that substitutes a failed key validation with an empty UserAPIKeyAuth() object, effectively treating the caller as authorized without any valid LiteLLM key. The CVSS 4.0 score of 8.8 reflects network-reachable, no-privilege access with high confidentiality impact; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Remote code execution in Google Chrome desktop before 150.0.7871.115 stems from a use-after-free in the InterestGroups component (the Protected Audience / FLEDGE ad-auction API of Privacy Sandbox), letting a remote attacker run arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. Google rates the Chromium severity High, and the CVSS 8.8 reflects network-reachable, low-complexity, unauthenticated exploitation gated only by user interaction (visiting a page). There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, though EPSS-style risk for Chrome memory-corruption bugs is typically elevated once details circulate.
Sandboxed remote code execution in Google Chrome versions prior to 150.0.7871.115 stems from a use-after-free in the Forms component, allowing a remote attacker to run arbitrary code within the renderer sandbox when a victim opens a crafted HTML page. The flaw carries a High Chromium severity rating and CVSS 8.8; Google has shipped a stable-channel fix, but no public exploit has been identified at time of analysis. Because code execution is confined to the sandbox, a separate sandbox-escape bug would be required for full host compromise.
Sandboxed remote code execution in Google Chrome desktop before 150.0.7871.115 lets a remote attacker run arbitrary code within the renderer sandbox when a victim opens a crafted HTML page, stemming from an inappropriate implementation in the Forms component (Chromium severity: High). No public exploit identified at time of analysis, and the flaw is not on CISA KEV; Google has shipped a fixed Stable channel build. The high CVSS (8.8) reflects full compromise of the affected renderer process, though code execution is stated to be confined to the sandbox rather than a full host takeover.
Use after free in WebRTC in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Remote code execution in Google Chrome desktop before 150.0.7871.115 stems from a use-after-free in the browser's Input component, letting a remote attacker who lures a victim to a crafted HTML page run arbitrary code inside the renderer sandbox. Google rates the Chromium severity High and CVSS is 8.8, requiring user interaction (visiting a malicious page) but no authentication. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the memory-corruption class and network attack vector make it a standard high-priority browser patch.
Remote code execution in Google Chrome desktop before 150.0.7871.115 lets a remote attacker run arbitrary code (constrained to the renderer sandbox) by luring a victim to a crafted HTML page that triggers a use-after-free in the Actor component. The flaw is network-reachable and requires only that the user visit a malicious page, but Chromium rates the severity High rather than Critical because code execution stays inside the renderer sandbox. No public exploit identified at time of analysis; no EPSS or KEV signal was supplied in the input.
Renderer-process code execution in Google Chrome desktop before 150.0.7871.115 arises from a use-after-free in the IndexedDB implementation, letting a remote attacker run arbitrary code within the Chromium sandbox when a victim opens a crafted HTML page. Chromium rated the flaw Medium severity even though the CVSS base score is 8.8, reflecting that execution is confined to the sandboxed renderer rather than the host. A vendor patch is available and no public exploit has been identified at time of analysis.
Trust-boundary bypass in Copier 9.5.0 through 9.15.1 lets an attacker-controlled template execute arbitrary commands without the usual --trust confirmation. The flaw stems from the trust prefix check using a raw str.startswith on the un-normalized template URL, so a reference that textually begins with a trusted prefix but contains '..' is granted trust while actually resolving to a different template whose tasks/migrations/jinja_extensions then run. No public exploit identified at time of analysis, and it is not in CISA KEV; fixed in 9.15.2.