Skip to main content

N A

454 CVEs product

Monthly

CVE-2025-60474 HIGH POC This Week

Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by supplying a crafted media file. The flaw is an out-of-bounds read of a language metadata string in gf_media_import (media_import.c), where three characters were read without verifying the string's length. Publicly available exploit code exists (sigdevel PoC), but it is not listed in CISA KEV and EPSS is low (0.19%, 8th percentile), indicating minimal observed real-world exploitation.

Buffer Overflow Denial Of Service Stack Overflow N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-49269 HIGH This Week

Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader that reads stale register values left by a separate sandboxed victim app. In the proof of concept, GPUVictim.app generates a fresh random 128-bit secret using SecRandomCopyBytes and loads it into GPU registers. GPUAttacker.app, a separate sandboxed app, recovers the exact secret from stale GPU register state. NOTE: The vendor stated that this behavior affects only legacy hardware and has already been addressed at the hardware level in current-generation Apple Silicon.

Apple Information Disclosure N A
NVD GitHub
CVSS 3.1
8.6
EPSS
0.3%
CVE-2025-60471 MEDIUM POC This Month

Use-after-free in GPAC MP4Box before version 26.02.0 allows a local attacker to crash the application by supplying a crafted media file, resulting in Denial of Service. The flaw resides in the filter PID lifecycle management within filter_pid.c, where a PID instance could be freed prematurely while a pending reconfiguration task still held a reference to it. Publicly available exploit code exists, though the attack requires user interaction to process the malicious file and exploitation is limited to DoS with no confidentiality or integrity impact.

Memory Corruption Denial Of Service Use After Free N A
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-60468 MEDIUM POC This Month

Heap use-after-free in GPAC MP4Box 2.5-DEV-rev1593-gfe88c3545-master crashes the application when a local authenticated user processes a specially crafted MPEG-2 TS or MP4 file. The defect resides in `gf_filter_pid_inst_swap_delete_task()` within `filter_core/filter_pid.c`, where PID instance cleanup dereferences already-freed objects during a swap/delete operation, causing a heap corruption and denial of service. No public exploit has triggered active exploitation per CISA KEV, but a proof-of-concept is publicly available; EPSS sits at 0.18% (7th percentile), consistent with limited real-world targeting.

Heap Overflow Denial Of Service Buffer Overflow N A
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-52673 MEDIUM This Month

SQL Injection vulnerability in Cboard v.0.4.2 and before allows a remote attacker to execute arbitrary code via the getDimensionsValues component

SQLi RCE N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-61018 HIGH This Week

An issue in the sqlo_place_dt_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Denial Of Service N A SQLi
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-61019 HIGH This Week

Denial of service in OpenLink Virtuoso Open-Source Edition 7.2.11 lets attackers crash the database server by submitting crafted SQL statements that mishandle the sqlo_key_part_best query-optimizer routine. The flaw carries no confidentiality or integrity impact (availability-only, CVSS 7.5) and there is no public exploit identified at time of analysis; EPSS is low at 0.15% (4th percentile), and it is not listed in CISA KEV. The only public reference is the upstream GitHub issue (#1222) tracking the crash.

SQLi Denial Of Service N A Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55639 MEDIUM POC This Month

GPAC MP4Box v2.4 was discovered to contain a NULL pointer dereference in the gf_isom_add_track_kind() function at isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

Denial Of Service N A Null Pointer Dereference
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-61020 HIGH This Week

Denial of service in OpenLink Virtuoso OpenSource v7.2.11 allows remote unauthenticated attackers to crash the database server by submitting crafted SQL statements that trigger a fault in the sqlo_strip_in_join query-optimization component. The CVSS 3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N) reflects network-reachable, no-auth exploitation with high availability impact and no confidentiality or integrity loss. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

SQLi Denial Of Service N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-39253 HIGH This Week

Remote code execution in Pivotal CRM 6.6.04.08 Smart Client arises from insecure deserialization in the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components, allowing remote attackers to execute arbitrary code on affected installations. The vendor (Aurea/Pivotal) has published a remediation advisory and a researcher has released a public technical advisory, but the issue is not currently listed in CISA KEV and SSVC indicates no observed exploitation. CVSS 8.1 reflects high impact tempered by high attack complexity, while no public exploit identified at time of analysis is corroborated by SSVC's 'Exploitation: none'.

Deserialization RCE N A
NVD VulDB
CVSS 3.1
8.1
EPSS
0.8%
CVE-2025-61028 HIGH This Week

Denial of service in OpenLink Virtuoso Open Source Edition 7.2.11 lets attackers crash the database server by submitting crafted SQL statements that reach the time_t_to_dt date/time conversion routine. The defect is availability-only (no data exposure or integrity loss) and is tracked publicly via GitHub issue #1233; it carries a CVSS 3.1 base score of 7.5 but a low EPSS of 0.15% (4th percentile), and there is no public exploit identified at time of analysis and no evidence of active exploitation.

SQLi Denial Of Service N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-61027 HIGH This Week

Denial of service in OpenLink Virtuoso Open Source Edition 7.2.11 lets attackers crash the database engine by submitting crafted SQL statements that mishandle the internal t_set_push routine. The flaw carries availability-only impact (CVSS 7.5, A:H) with no confidentiality or integrity loss. EPSS is low (0.15%, 4th percentile), there is no public exploit identified at time of analysis, and it is not listed in CISA KEV - so risk is theoretical rather than actively exploited.

SQLi Denial Of Service N A Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-61024 HIGH This Week

Denial of service in OpenLink Virtuoso OpenSource v7.2.11 allows remote attackers to crash the database server by submitting crafted SQL statements that trigger a fault in the sqlo_try_in_loop SQL optimizer component. No public exploit identified at time of analysis, though SSVC indicates a proof-of-concept exists in the referenced GitHub issue. The flaw is tagged as SQLi-class (CWE-89) but the demonstrated impact is availability-only, with no confidentiality or integrity loss per the CVSS vector.

SQLi Denial Of Service N A Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-61021 HIGH This Week

Denial of service in OpenLink Virtuoso Open Source Edition 7.2.11 lets attackers crash the database server by submitting crafted SQL statements that trigger a fault in the sqlo_natural_join_cond query-optimizer component. The flaw carries no confidentiality or integrity impact but fully degrades availability (CVSS 7.5, A:H). There is no public exploit identified at time of analysis and EPSS is low (0.15%), indicating limited near-term exploitation likelihood; only a GitHub issue documenting the defect is published.

SQLi Denial Of Service N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-61023 HIGH This Week

Denial of service in OpenLink Virtuoso (open-source edition) v7.2.11 allows attackers to crash the database server by submitting crafted SQL statements that mishandle the internal st_compare comparison routine. The flaw affects availability only (CVSS A:H, no confidentiality or integrity impact) and carries a 7.5 base score; EPSS is low (0.15%, 5th percentile) with no public exploit identified at time of analysis and no CISA KEV listing. Despite the CWE-89 (SQL Injection) classification, the reported effect is a service crash rather than data manipulation or extraction.

SQLi Denial Of Service N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-61022 HIGH This Week

Denial of service in OpenLink Virtuoso Open Source Edition v7.2.11 allows remote attackers to crash the database engine by submitting crafted SQL statements that mishandle column predicate processing inside the sqlo_tb_col_preds query optimizer component. CVSS 7.5 reflects high availability impact with no authentication required, though no public exploit identified at time of analysis and the issue is tracked only as an upstream GitHub bug report.

SQLi Denial Of Service N A Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-61029 HIGH This Week

Denial of service in OpenLink Virtuoso OpenSource v7.2.11 allows remote attackers to crash the database server by submitting specially crafted SQL statements that trigger a flaw in the sqlo_untry query-optimization component. The CVSS 7.5 score reflects unauthenticated network exploitability with high availability impact, but no public exploit identified at time of analysis and the issue is currently tracked only as an upstream GitHub issue without a released fix.

SQLi Denial Of Service N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-61025 HIGH This Week

Denial of service in OpenLink Virtuoso OpenSource v7.2.11 allows remote attackers to crash the database server by submitting crafted SQL statements that trigger a fault in the sslr_qst_get component. The flaw is classified under CWE-89 (SQL injection class) but the documented impact is availability-only with no confidentiality or integrity loss per the CVSS vector. No public exploit identified at time of analysis, and the issue is tracked only via an upstream GitHub issue (#1229) rather than a tagged fixed release.

SQLi Denial Of Service N A Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-66389 HIGH This Week

GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_webpage. Therefore, exfiltration could occur if there is indirect prompt injection.

N A Information Disclosure Path Traversal
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-62821 CRITICAL Act Now

Out-of-bounds read in Microsoft HEIF Image Extensions 1.2.22.0 allows remote attackers to disclose memory contents and crash the process by serving a crafted HEIF image. The flaw stems from CHEIFItemInfoEntry_GetDataSize returning success with a reported data size of zero, leading to a 1-byte allocation that is later overrun by a memmove in CopyPixels. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Microsoft Buffer Overflow Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.4%
CVE-2026-38718 HIGH This Week

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a buffer overflow vulnerability in the device registration function. This vulnerability could allow an attacker to cause a denial of service attack on the remote target device.

Denial Of Service Buffer Overflow N A
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-38715 CRITICAL Act Now

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.

Command Injection N A
NVD VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2026-38716 CRITICAL Act Now

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.

Python Command Injection N A
NVD VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2026-38717 CRITICAL Act Now

Unauthenticated remote command execution affects InHand Networks IR912 and IR915 industrial cellular routers running firmware V1.0.0.r20042 and earlier, where the file upload function fails to sanitize input and passes attacker-controlled data to a shell context. Successful exploitation yields code execution as root on the device. No public exploit identified at time of analysis, but the CVSS 9.8 rating and network-reachable file upload endpoint make this a high-priority patching target for any operator with these routers exposed to untrusted networks.

File Upload Command Injection N A
NVD VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2026-38714 CRITICAL Act Now

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python configuration function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.

Python Command Injection N A
NVD VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2026-36418 CRITICAL Act Now

JimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper handling of Aviator expressions. The /jmreport/executeSelectApi endpoint passes user-supplied input directly to the Aviator expression engine without adequate validation allowing attackers to execute arbitrary code.

RCE N A Code Injection
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.5%
CVE-2025-26240 PyPI HIGH GHSA This Week

In JazzCore python-pdfkit 1.0.0, the from_string method enables the execution of JavaScript code within the context of the server application and the exfiltration of local files.

Python N A Buffer Overflow
NVD VulDB
CVSS 3.1
8.4
EPSS
0.4%
CVE-2025-66391 HIGH POC This Week

In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account.

Information Disclosure Citrix N A
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-39118 HIGH This Week

Local privilege escalation in Iru, Inc Kandji Agent versions prior to 4.7.5(5374) allows a local attacker to invoke restricted agent functionality by exploiting a client-side validation gap. The flaw maps to CWE-269 (Improper Privilege Management) and carries a CVSS 8.4 rating due to high impact on confidentiality, integrity, and availability, though no public exploit identified at time of analysis and EPSS is low at 0.14%.

Privilege Escalation N A
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-39196 CRITICAL Act Now

Datadog, Inc Vector v0.54.0 was discovered to contain a SQL injection vulnerability in the set_uri_query parameter in the KeyPartitioner::partition function. This vulnerability allows attackers to access sensitive database information via crafted SQL statements.

SQLi N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-39006 CRITICAL Act Now

Remote code execution in SNMP4J-Agent 3.8.3 is enabled through the snmp4jCfgStoragePath component, allowing remote attackers to run arbitrary code on hosts running the agent. The CWE-73 (External Control of File Name or Path) classification indicates the storage path parameter can be manipulated to influence file operations, and no public exploit identified at time of analysis though a third-party advisory has been published on GitHub. EPSS is low at 0.21% (11th percentile) despite the 9.8 CVSS, suggesting limited current exploitation activity.

RCE N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-38060 CRITICAL Act Now

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin parameter.

Command Injection Tenda N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-38061 CRITICAL Act Now

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volume parameter.

Command Injection Tenda N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-39197 MEDIUM This Month

Uncontrolled resource consumption in Datadog Vector v0.54.0 allows authenticated remote attackers to crash or degrade the observability pipeline by sending crafted HTTP requests to the /util/http/prelude.rs handler. The vulnerability is classified as CWE-400 and carries a CVSS 3.1 score of 6.5 (Medium), requiring low-privilege network access with no user interaction. No public exploit identified at time of analysis beyond a GitHub gist that may contain proof-of-concept material; EPSS sits at 0.15% (4th percentile), indicating very low observed exploitation probability in the broader threat landscape.

Denial Of Service N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-38062 CRITICAL Act Now

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the ratMode parameter.

Command Injection Tenda N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-39007 HIGH This Week

An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component.

Information Disclosure N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-36537 CRITICAL Act Now

ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote attacker can bypass authentication and gain full access to any existing user account on the platform without possessing the target user's credentials. This results in a complete account takeover.

Microsoft Authentication Bypass N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-36670 HIGH This Week

Authenticated SQL injection in OpenSIPS Control Panel (opensips-cp) versions prior to 9.3.3 allows attackers with valid panel credentials to execute arbitrary SQL via the 'table' GET parameter in alias_management.php using time-based blind techniques. The flaw resides in the alias_management module and yields full database confidentiality, integrity, and availability impact per CVSS 8.8. No public exploit identified at time of analysis, and EPSS is low (0.28%, 19th percentile), but a third-party advisory documents the issue on GitHub.

PHP SQLi N A
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-36933 MEDIUM This Month

An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature.

RCE N A Authentication Bypass
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2026-36521 MEDIUM This Month

PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability in the site configuration management module.

XSS N A
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-45388 CRITICAL Act Now

Server impersonation in OCaml-TLS before 2.1.0 allows a malicious TLS server to present a certificate not intended for server authentication and still be accepted by client code, enabling man-in-the-middle and impersonation attacks against any application linking the library as a TLS client. The client fails to validate KeyUsage and ExtendedKeyUsage extensions properly, breaking a core PKIX trust assumption. No public exploit identified at time of analysis and EPSS sits at 0.15% (4th percentile), but the CVSS 9.1 reflects the broad confidentiality and integrity impact on encrypted sessions.

Information Disclosure N A
NVD VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-30121 npm CRITICAL PATCH GHSA Act Now

Arbitrary file write in remotion-dev Remotion v4.0.409 allows remote attackers to write attacker-controlled content to arbitrary filesystem locations without authentication, per the CVSS:3.1 vector (AV:N/AC:L/PR:N/UI:N) and CWE-123 (Write-what-where) classification. Remotion is a React-based programmatic video rendering framework, and the flaw can lead to integrity and availability compromise of the host running the rendering engine. No public exploit identified at time of analysis, and the EPSS score of 0.15% (4th percentile) indicates low predicted exploitation likelihood despite the high CVSS score.

Information Disclosure N A
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-36213 HIGH POC This Week

Local privilege escalation in Microvirt MEmu Android Emulator 9.2.7.0 allows a low-privileged local user to abuse the MemuService.exe component to gain elevated rights on the host Windows system. Mapped to CWE-269 (Improper Privilege Management), with no public exploit identified at time of analysis and an EPSS score of 0.21% indicating low predicted exploitation likelihood. Researcher PoC repository exists on GitHub (sec-zone/CVE-2026-36213) but active exploitation has not been reported.

Privilege Escalation Google N A
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-37216 MEDIUM This Month

Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.

XSS N A
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-55652 MEDIUM This Month

Heap buffer overflow in GPAC MP4Box v2.4 crashes the application when parsing a maliciously crafted MP4 file containing an invalid VP codec configuration. The vulnerable function, gf_isom_vp_config_new in isomedia/avc_ext.c, fails to safely handle attacker-controlled input during ISO Base Media File Format parsing, resulting in a Denial of Service condition. No active exploitation has been confirmed by CISA KEV and no public exploit code has been identified at time of analysis, placing this in a low-urgency remediation tier per SSVC signals.

Denial Of Service Heap Overflow Buffer Overflow N A
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-56814 HIGH This Week

Arbitrary code execution in OpenCPN v5.12.0 allows local authenticated users to run shell commands by embedding shell metacharacters in input passed to the wxExecute() function. CVSS 3.1 rates it 7.8 (High) with local attack vector and low privileges required, and SSVC assesses technical impact as total but with no observed exploitation. No public exploit identified at time of analysis beyond a researcher write-up referenced in the advisory.

Command Injection RCE N A
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-68713 HIGH This Week

An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's trusted Received interface. These conditions establish a vector for arbitrary code execution if the payload is an APK file, or a denial-of-service condition through resource exhaustion from oversized transfers.

Denial Of Service Google RCE N A
NVD GitHub
CVSS 3.1
8.0
EPSS
0.2%
CVE-2025-55645 MEDIUM This Month

Heap buffer overflow in GPAC MP4Box v2.4 crashes the application when processing a maliciously crafted MP4 file, triggering a DoS condition in the CENC DRM sample handler. The vulnerable code path resides in gf_cenc_set_pssh (isomedia/drm_sample.c), which processes Protection System Specific Header data embedded in MP4 containers. SSVC confirms no active exploitation, no public exploit exists, and the CVSS local-vector/user-interaction requirement significantly constrains real-world attack surface.

Denial Of Service Heap Overflow Buffer Overflow N A
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-70102 MEDIUM This Month

NULL pointer dereference in dhcpcd 10.3.0 allows an unauthenticated attacker on the same network segment to crash the DHCP client daemon by sending a crafted packet with unexpected or invalid option tokens. The fault occurs in parse_option() at src/if-options.c:1886, where a NULL return from option lookup is immediately dereferenced as a 'struct dhcp_opt' member without a null check, causing a runtime abort. No public exploit or CISA KEV listing exists, and EPSS sits at the 4th percentile, indicating low but real crash-level risk for any host running this specific dhcpcd version on a shared or adversarially accessible network segment.

Denial Of Service Null Pointer Dereference N A Red Hat Suse
NVD VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-55643 MEDIUM This Month

NULL pointer dereference in GPAC MP4Box v2.4 crashes the application when processing a specially crafted MP4 file, delivering a denial of service against any user or automated pipeline invoking the tool. The flaw is isolated to the TrackWriter handling component in filters/mux_isom.c, triggered by malformed MP4 input that causes an unvalidated pointer dereference. No public exploit code has been identified and this CVE does not appear in CISA KEV; SSVC rates exploitation status as none with no automation potential, consistent with a limited, file-delivery-dependent attack surface.

Denial Of Service Null Pointer Dereference N A
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-30120 npm CRITICAL PATCH GHSA Act Now

Remote code execution affects remotion-dev's Remotion framework at version 4.0.409, enabling attackers to execute arbitrary code on systems running the affected version per CWE-94 code injection semantics. The CVSS 9.8 vector indicates network-reachable, unauthenticated exploitation without user interaction, though no public exploit identified at time of analysis and EPSS probability remains low at 0.25% (16th percentile). The vulnerability is reported by MITRE with a third-party advisory on GitHub but lacks detailed exploitation specifics.

Code Injection RCE N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-45389 CRITICAL Act Now

Authentication bypass in OCaml-TLS server implementations before version 2.1.0 allows remote attackers to impersonate legitimate clients during mutual TLS authentication by presenting certificates whose KeyUsage and ExtendedKeyUsage extensions do not authorize client authentication. The server fails to enforce these X.509 certificate purpose constraints, so any valid certificate chain trusted by the server may be accepted regardless of intended use. EPSS probability is low (0.12%, 2nd percentile) and no public exploit identified at time of analysis, but the CVSS 9.1 reflects the high impact on confidentiality and integrity of mTLS-protected services.

Information Disclosure N A
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-50889 HIGH This Week

Denial of service in LLDAP v0.6.2 allows remote unauthenticated attackers to disrupt the authentication service by sending a crafted refresh-token header to the HTTP refresh endpoint. The flaw is a CWE-400 resource handling defect with CVSS 7.5 (availability-only impact); no public exploit is identified, though a referenced gist may contain proof-of-concept material. EPSS is low at 0.18% (8th percentile) and the issue is not on CISA KEV.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-50890 CRITICAL Act Now

Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement.

SQLi N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-50887 CRITICAL Act Now

Server-side request forgery in Shlink v5.0.1's automatic short URL title resolution allows remote unauthenticated attackers to probe internal network resources by submitting a crafted longUrl value. The flaw carries a CVSS 9.1 rating reflecting high confidentiality and integrity impact, though EPSS exploitation probability remains low at 0.15% and there is no public exploit identified at time of analysis beyond a referenced gist. Shlink is a self-hosted URL shortener, making this a meaningful pivot point for attackers targeting internal infrastructure behind the shortener host.

SSRF N A
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-50885 HIGH This Week

Unauthorized information disclosure in Sismics Docs (Teedy) v1.11 allows remote attackers to bypass access controls on share-based read endpoints and retrieve sensitive document data via crafted requests. The flaw stems from broken access control logic (CWE-284) on endpoints intended for shared documents, enabling unauthenticated retrieval of resources that should be restricted. There is no public exploit identified at time of analysis, EPSS is low (0.15%), and the vulnerability is not listed in CISA KEV.

Authentication Bypass N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-50891 HIGH This Week

Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request.

N A Authentication Bypass
NVD GitHub
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-50886 CRITICAL Act Now

Server-Side Request Forgery in Project Firefly III v6.5.9 allows remote attackers to scan internal network resources by abusing improper access controls in the webhook management component via crafted POST requests. SSVC indicates a proof-of-concept exists and exploitation is automatable with total technical impact, though EPSS remains low (0.15%) and no public exploit identified at time of analysis beyond a referenced gist. The flaw is unauthenticated per the CVSS vector (PR:N) and provides a pivot point into otherwise unreachable internal services.

Authentication Bypass N A
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-50880 CRITICAL Act Now

Remote code execution in YouTransfer v1.0.6 allows unauthenticated attackers to run arbitrary code by sending a crafted request to the sendmail transport integration component. The flaw is a CWE-94 code injection issue with a critical CVSS 9.8 score and publicly available exploit code exists via a referenced GitHub gist, though no active exploitation has been confirmed by CISA KEV.

Code Injection RCE N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-50881 HIGH This Week

Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes.

Authentication Bypass N A
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-50882 HIGH This Week

Denial of service in anna-is-cute paste v0.1.1 allows remote unauthenticated attackers to disrupt service availability by sending a crafted POST request to the /api/v0/pastes endpoint. The flaw is categorized under CWE-400 (Uncontrolled Resource Consumption) and carries a CVSS 3.1 score of 7.5 with availability-only impact; no public exploit identified at time of analysis, and EPSS is low at 0.15% (4th percentile), suggesting minimal observed interest. The vulnerability is not listed in CISA KEV.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-50879 HIGH This Week

Denial of service in Andrei Marcu linx-server v2.3.8 allows remote unauthenticated attackers to crash or exhaust the file-upload service by sending a crafted POST request to the uploadPostHandler component. CVSS 3.1 rates availability impact High (7.5) with no confidentiality or integrity loss, and publicly available exploit code exists via a referenced GitHub gist, though there is no public exploit identified as actively exploited at time of analysis.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-50892 MEDIUM This Month

Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request.

Nginx N A Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-50884 HIGH This Week

Incorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive components.

N A Authentication Bypass
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-50877 HIGH This Week

Directory traversal in Zhoros SuperBin v1.0.0 allows remote unauthenticated attackers to read or write files outside intended directories by uploading files whose names contain traversal sequences such as '../'. The flaw stems from inadequate sanitization of user-supplied filenames during file handling operations. Publicly available exploit code exists via a referenced GitHub gist, though there is no public exploit identified as weaponized at scale and the vulnerability is not listed in CISA KEV.

Path Traversal N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-50878 HIGH This Week

Denial of service in Feuerhamster MailForm v1.1.0 allows remote unauthenticated attackers to exhaust server resources by sending a crafted request to the attachment handling component. The flaw aligns with CWE-400 (Uncontrolled Resource Consumption) and carries a CVSS 3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/A:H), with no public exploit identified at time of analysis and no inclusion in CISA KEV.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-50883 CRITICAL Act Now

Stored HTML/script injection in matze wastebin v3.4.1 allows remote unauthenticated attackers to execute arbitrary JavaScript in the browser of any user who views a crafted paste, by abusing improper output encoding in the /src/highlight.rs syntax-highlighting component. A public gist appears to demonstrate the issue, but no public exploit identified at time of analysis as weaponized tooling, and EPSS exploitation probability is low at 0.18% (8th percentile).

XSS N A
NVD GitHub
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-50888 HIGH This Week

An authenticated Server-Side Request Forgery (SSRF) in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows attackers to scan internal resources via supplying a crafted URL.

SSRF N A
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-50872 CRITICAL Act Now

Remote code execution in fossar selfoss v2.20-SNAPSHOT allows unauthenticated attackers to execute arbitrary commands and retrieve sensitive data by sending a crafted HTTP request to the loopback request handling component. The flaw carries a CVSS 9.8 score and a public gist (likely containing proof-of-concept material) is referenced, though EPSS exploitation probability remains low at 0.19% and the issue is not listed in CISA KEV.

Code Injection RCE N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-50873 CRITICAL Act Now

Arbitrary code execution in flatnotes v5.5.4 is achievable by uploading crafted HTML or SVG files through the attachment handling component, enabling remote attackers to run code in the context of the application. The CVSS 9.8 rating reflects network-reachable, unauthenticated exploitation with full impact on confidentiality, integrity, and availability. Publicly available exploit code exists via a referenced GitHub gist, though there is no public exploit identified as actively exploited in the CISA KEV catalog at time of analysis.

File Upload RCE N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-50874 HIGH This Week

Authenticated command injection in kanishka-linux Reminiscence v0.3.0 lets remote attackers execute arbitrary OS commands by submitting crafted input to the /manage/features/media endpoint. The flaw maps to CWE-78 with CVSS 8.1 (PR:L), and publicly available exploit code exists in a referenced gist; EPSS is modest at 0.66% (47th percentile) and the issue is not on CISA KEV.

Command Injection N A
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2026-50871 CRITICAL Act Now

Remote code execution in kanishka-linux Reminiscence v0.3.0 allows unauthenticated attackers to execute arbitrary OS commands by supplying crafted input to the media archiving and export pipeline component. The CVSS 9.8 rating reflects network-reachable, unauthenticated exploitation with full impact to confidentiality, integrity, and availability, though no public exploit identified at time of analysis and EPSS sits at 0.67% (47th percentile) indicating limited observed exploitation pressure so far.

Command Injection Code Injection RCE N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-45390 CRITICAL Act Now

In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar(1) rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file writes outside of the desired extraction directory (to an attacker that can reach a tar decompression endpoint).

N A Path Traversal
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-50869 CRITICAL Act Now

Path traversal in Bludit 3.19.0's api/plugin.php endpoint allows remote attackers to escape the intended directory and access arbitrary files on the server via crafted requests. The CVSS 9.8 rating reflects unauthenticated network-based exploitation with high impact across confidentiality, integrity, and availability, and publicly available exploit code exists in a public gist, though EPSS remains low at 0.25%.

Path Traversal PHP N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-50875 HIGH This Week

{form}/webhooks/{webhook} endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request.

N A Authentication Bypass
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-50870 HIGH This Week

An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request.

Information Disclosure N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-38064 CRITICAL Act Now

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_dial_call via the dialNumber parameter.

Command Injection Tenda N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-38065 CRITICAL Act Now

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the ims_apn parameter.

Command Injection Tenda N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-38329 CRITICAL Act Now

{key} endpoint in bl-plugins/api/plugin.php. Publicly available exploit code exists as a gist, though EPSS rates exploitation probability at only 0.21% (11th percentile).

Authentication Bypass PHP RCE N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-38063 CRITICAL Act Now

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via the ia parameter.

Command Injection Tenda N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-50876 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

XSS N A
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-38812 CRITICAL Act Now

RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information.

SQLi N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-55659 MEDIUM This Month

NULL pointer dereference in GPAC MP4Box v2.4 allows unauthenticated remote attackers to crash the application by delivering a crafted MP4 file that a user opens. The vulnerable function ctts_box_write in isomedia/box_code_base.c fails to validate a pointer before dereferencing it when processing a malformed Composition Time to Sample (ctts) box, resulting in a denial-of-service condition. No public exploit code or active exploitation has been identified; SSVC rates exploitation status as none, though delivery is rated automatable.

Denial Of Service Null Pointer Dereference N A
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-36722 MEDIUM This Month

Arbitrary file upload via the /api/create-car-image endpoint in bookcars v8.3 enables server-side code execution by uploading a crafted file (e.g., a web shell). The vulnerability targets an image upload API that fails to restrict file types per CWE-434. No public exploit identified at time of analysis, and EPSS sits at 0.02% (6th percentile), indicating negligible observed exploitation pressure - however, two data conflicts significantly affect confidence: the description asserts an authenticated attacker is required while the CVSS vector records PR:N (no privileges required), and the CVSS impact scores of C:L/I:L are inconsistent with the claimed remote code execution outcome.

RCE File Upload N A
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-55658 MEDIUM This Month

Denial-of-service in GPAC MP4Box v2.4 allows remote attackers to crash the multimedia tool via a crafted MP4 file that triggers a floating-point exception in the gf_opus_parse_packet_header function. No public exploit identified at time of analysis, and CISA has not listed this in KEV; SSVC scoring indicates exploitation has not been observed but the flaw is automatable with partial technical impact. CVSS 7.5 reflects high availability impact achievable without authentication or user interaction once a malicious file is processed.

Denial Of Service N A
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-36723 HIGH This Week

Remote code execution in BookCars v8.3 is achievable by authenticated attackers who abuse a path traversal flaw in the /api/create-user endpoint to rename and relocate files from temporary storage to attacker-chosen filesystem paths. The flaw is tagged as Authentication Bypass, Path Traversal, and RCE, and a public write-up exists in a third-party GitHub repository, though it is not listed in CISA KEV and EPSS is low at 0.17% (38th percentile).

RCE Path Traversal Authentication Bypass N A
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-52293 HIGH This Week

Denial of service in GPAC MP4Box v2.4 allows remote attackers to crash the application by supplying a crafted HEVC Sequence Parameter Set (SPS), triggering a segmentation violation in the gf_hevc_read_sps_bs_internal function within media_tools/av_parsers.c. No public exploit identified at time of analysis, though the bug is reachable without authentication or user interaction per the CVSS vector. Real-world impact is limited to availability of the parsing process, with no integrity or confidentiality consequences.

Denial Of Service N A
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-55651 MEDIUM This Month

NULL pointer dereference in GPAC MP4Box v2.4 crashes the application when parsing a maliciously crafted MP4 file, enabling a Denial of Service against any user or pipeline that processes untrusted media with this tool. The flaw resides in gf_isom_get_user_data_count within isomedia/isom_read.c, where an unvalidated pointer is dereferenced during user-data atom counting. Publicly available exploit code exists as a crafted MP4 PoC, though no public exploit identified at time of analysis in CISA KEV and EPSS sits at the 5th percentile, suggesting minimal observed exploitation activity.

Denial Of Service Null Pointer Dereference N A
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-36726 MEDIUM This Month

{file} endpoint, which fails to restrict path traversal sequences in the file parameter. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms exploitation requires no authentication, no privileges, and no user interaction from a network position. No public exploit identified at time of analysis, and the EPSS score of 0.12% (30th percentile) reflects low observed exploitation probability, though the no-auth attack surface warrants attention for publicly exposed deployments.

Path Traversal N A
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-55657 HIGH This Week

Denial of service in GPAC MP4Box v2.4 allows remote attackers to crash the application by supplying a malicious MP4 file that triggers a NULL pointer dereference in the VVC (Versatile Video Coding) configuration writer. The flaw resides in gf_odf_vvc_cfg_write_bs within odf/descriptors.c and requires no authentication or user privileges beyond convincing the target to process the crafted file. No public exploit identified at time of analysis, and SSVC indicates exploitation has not been observed despite the issue being automatable.

Denial Of Service Null Pointer Dereference N A
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH POC This Week

Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by supplying a crafted media file. The flaw is an out-of-bounds read of a language metadata string in gf_media_import (media_import.c), where three characters were read without verifying the string's length. Publicly available exploit code exists (sigdevel PoC), but it is not listed in CISA KEV and EPSS is low (0.19%, 8th percentile), indicating minimal observed real-world exploitation.

Buffer Overflow Denial Of Service Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader that reads stale register values left by a separate sandboxed victim app. In the proof of concept, GPUVictim.app generates a fresh random 128-bit secret using SecRandomCopyBytes and loads it into GPU registers. GPUAttacker.app, a separate sandboxed app, recovers the exact secret from stale GPU register state. NOTE: The vendor stated that this behavior affects only legacy hardware and has already been addressed at the hardware level in current-generation Apple Silicon.

Apple Information Disclosure N A
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Use-after-free in GPAC MP4Box before version 26.02.0 allows a local attacker to crash the application by supplying a crafted media file, resulting in Denial of Service. The flaw resides in the filter PID lifecycle management within filter_pid.c, where a PID instance could be freed prematurely while a pending reconfiguration task still held a reference to it. Publicly available exploit code exists, though the attack requires user interaction to process the malicious file and exploitation is limited to DoS with no confidentiality or integrity impact.

Memory Corruption Denial Of Service Use After Free +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Heap use-after-free in GPAC MP4Box 2.5-DEV-rev1593-gfe88c3545-master crashes the application when a local authenticated user processes a specially crafted MPEG-2 TS or MP4 file. The defect resides in `gf_filter_pid_inst_swap_delete_task()` within `filter_core/filter_pid.c`, where PID instance cleanup dereferences already-freed objects during a swap/delete operation, causing a heap corruption and denial of service. No public exploit has triggered active exploitation per CISA KEV, but a proof-of-concept is publicly available; EPSS sits at 0.18% (7th percentile), consistent with limited real-world targeting.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

SQL Injection vulnerability in Cboard v.0.4.2 and before allows a remote attacker to execute arbitrary code via the getDimensionsValues component

SQLi RCE N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

An issue in the sqlo_place_dt_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Denial Of Service N A SQLi
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in OpenLink Virtuoso Open-Source Edition 7.2.11 lets attackers crash the database server by submitting crafted SQL statements that mishandle the sqlo_key_part_best query-optimizer routine. The flaw carries no confidentiality or integrity impact (availability-only, CVSS 7.5) and there is no public exploit identified at time of analysis; EPSS is low at 0.15% (4th percentile), and it is not listed in CISA KEV. The only public reference is the upstream GitHub issue (#1222) tracking the crash.

SQLi Denial Of Service N A +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM POC This Month

GPAC MP4Box v2.4 was discovered to contain a NULL pointer dereference in the gf_isom_add_track_kind() function at isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

Denial Of Service N A Null Pointer Dereference
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in OpenLink Virtuoso OpenSource v7.2.11 allows remote unauthenticated attackers to crash the database server by submitting crafted SQL statements that trigger a fault in the sqlo_strip_in_join query-optimization component. The CVSS 3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N) reflects network-reachable, no-auth exploitation with high availability impact and no confidentiality or integrity loss. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

SQLi Denial Of Service N A
NVD GitHub VulDB
EPSS 1% CVSS 8.1
HIGH This Week

Remote code execution in Pivotal CRM 6.6.04.08 Smart Client arises from insecure deserialization in the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components, allowing remote attackers to execute arbitrary code on affected installations. The vendor (Aurea/Pivotal) has published a remediation advisory and a researcher has released a public technical advisory, but the issue is not currently listed in CISA KEV and SSVC indicates no observed exploitation. CVSS 8.1 reflects high impact tempered by high attack complexity, while no public exploit identified at time of analysis is corroborated by SSVC's 'Exploitation: none'.

Deserialization RCE N A
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in OpenLink Virtuoso Open Source Edition 7.2.11 lets attackers crash the database server by submitting crafted SQL statements that reach the time_t_to_dt date/time conversion routine. The defect is availability-only (no data exposure or integrity loss) and is tracked publicly via GitHub issue #1233; it carries a CVSS 3.1 base score of 7.5 but a low EPSS of 0.15% (4th percentile), and there is no public exploit identified at time of analysis and no evidence of active exploitation.

SQLi Denial Of Service N A
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in OpenLink Virtuoso Open Source Edition 7.2.11 lets attackers crash the database engine by submitting crafted SQL statements that mishandle the internal t_set_push routine. The flaw carries availability-only impact (CVSS 7.5, A:H) with no confidentiality or integrity loss. EPSS is low (0.15%, 4th percentile), there is no public exploit identified at time of analysis, and it is not listed in CISA KEV - so risk is theoretical rather than actively exploited.

SQLi Denial Of Service N A +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in OpenLink Virtuoso OpenSource v7.2.11 allows remote attackers to crash the database server by submitting crafted SQL statements that trigger a fault in the sqlo_try_in_loop SQL optimizer component. No public exploit identified at time of analysis, though SSVC indicates a proof-of-concept exists in the referenced GitHub issue. The flaw is tagged as SQLi-class (CWE-89) but the demonstrated impact is availability-only, with no confidentiality or integrity loss per the CVSS vector.

SQLi Denial Of Service N A +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in OpenLink Virtuoso Open Source Edition 7.2.11 lets attackers crash the database server by submitting crafted SQL statements that trigger a fault in the sqlo_natural_join_cond query-optimizer component. The flaw carries no confidentiality or integrity impact but fully degrades availability (CVSS 7.5, A:H). There is no public exploit identified at time of analysis and EPSS is low (0.15%), indicating limited near-term exploitation likelihood; only a GitHub issue documenting the defect is published.

SQLi Denial Of Service N A
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in OpenLink Virtuoso (open-source edition) v7.2.11 allows attackers to crash the database server by submitting crafted SQL statements that mishandle the internal st_compare comparison routine. The flaw affects availability only (CVSS A:H, no confidentiality or integrity impact) and carries a 7.5 base score; EPSS is low (0.15%, 5th percentile) with no public exploit identified at time of analysis and no CISA KEV listing. Despite the CWE-89 (SQL Injection) classification, the reported effect is a service crash rather than data manipulation or extraction.

SQLi Denial Of Service N A
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in OpenLink Virtuoso Open Source Edition v7.2.11 allows remote attackers to crash the database engine by submitting crafted SQL statements that mishandle column predicate processing inside the sqlo_tb_col_preds query optimizer component. CVSS 7.5 reflects high availability impact with no authentication required, though no public exploit identified at time of analysis and the issue is tracked only as an upstream GitHub bug report.

SQLi Denial Of Service N A +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in OpenLink Virtuoso OpenSource v7.2.11 allows remote attackers to crash the database server by submitting specially crafted SQL statements that trigger a flaw in the sqlo_untry query-optimization component. The CVSS 7.5 score reflects unauthenticated network exploitability with high availability impact, but no public exploit identified at time of analysis and the issue is currently tracked only as an upstream GitHub issue without a released fix.

SQLi Denial Of Service N A
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in OpenLink Virtuoso OpenSource v7.2.11 allows remote attackers to crash the database server by submitting crafted SQL statements that trigger a fault in the sslr_qst_get component. The flaw is classified under CWE-89 (SQL injection class) but the documented impact is availability-only with no confidentiality or integrity loss per the CVSS vector. No public exploit identified at time of analysis, and the issue is tracked only via an upstream GitHub issue (#1229) rather than a tagged fixed release.

SQLi Denial Of Service N A +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_webpage. Therefore, exfiltration could occur if there is indirect prompt injection.

N A Information Disclosure Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL Act Now

Out-of-bounds read in Microsoft HEIF Image Extensions 1.2.22.0 allows remote attackers to disclose memory contents and crash the process by serving a crafted HEIF image. The flaw stems from CHEIFItemInfoEntry_GetDataSize returning success with a reported data size of zero, leading to a 1-byte allocation that is later overrun by a memmove in CopyPixels. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Microsoft Buffer Overflow Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a buffer overflow vulnerability in the device registration function. This vulnerability could allow an attacker to cause a denial of service attack on the remote target device.

Denial Of Service Buffer Overflow N A
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.

Command Injection N A
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.

Python Command Injection N A
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Unauthenticated remote command execution affects InHand Networks IR912 and IR915 industrial cellular routers running firmware V1.0.0.r20042 and earlier, where the file upload function fails to sanitize input and passes attacker-controlled data to a shell context. Successful exploitation yields code execution as root on the device. No public exploit identified at time of analysis, but the CVSS 9.8 rating and network-reachable file upload endpoint make this a high-priority patching target for any operator with these routers exposed to untrusted networks.

File Upload Command Injection N A
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python configuration function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.

Python Command Injection N A
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL Act Now

JimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper handling of Aviator expressions. The /jmreport/executeSelectApi endpoint passes user-supplied input directly to the Aviator expression engine without adequate validation allowing attackers to execute arbitrary code.

RCE N A Code Injection
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH This Week

In JazzCore python-pdfkit 1.0.0, the from_string method enables the execution of JavaScript code within the context of the server application and the exfiltration of local files.

Python N A Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account.

Information Disclosure Citrix N A
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Week

Local privilege escalation in Iru, Inc Kandji Agent versions prior to 4.7.5(5374) allows a local attacker to invoke restricted agent functionality by exploiting a client-side validation gap. The flaw maps to CWE-269 (Improper Privilege Management) and carries a CVSS 8.4 rating due to high impact on confidentiality, integrity, and availability, though no public exploit identified at time of analysis and EPSS is low at 0.14%.

Privilege Escalation N A
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Datadog, Inc Vector v0.54.0 was discovered to contain a SQL injection vulnerability in the set_uri_query parameter in the KeyPartitioner::partition function. This vulnerability allows attackers to access sensitive database information via crafted SQL statements.

SQLi N A
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution in SNMP4J-Agent 3.8.3 is enabled through the snmp4jCfgStoragePath component, allowing remote attackers to run arbitrary code on hosts running the agent. The CWE-73 (External Control of File Name or Path) classification indicates the storage path parameter can be manipulated to influence file operations, and no public exploit identified at time of analysis though a third-party advisory has been published on GitHub. EPSS is low at 0.21% (11th percentile) despite the 9.8 CVSS, suggesting limited current exploitation activity.

RCE N A
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin parameter.

Command Injection Tenda N A
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volume parameter.

Command Injection Tenda N A
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Uncontrolled resource consumption in Datadog Vector v0.54.0 allows authenticated remote attackers to crash or degrade the observability pipeline by sending crafted HTTP requests to the /util/http/prelude.rs handler. The vulnerability is classified as CWE-400 and carries a CVSS 3.1 score of 6.5 (Medium), requiring low-privilege network access with no user interaction. No public exploit identified at time of analysis beyond a GitHub gist that may contain proof-of-concept material; EPSS sits at 0.15% (4th percentile), indicating very low observed exploitation probability in the broader threat landscape.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the ratMode parameter.

Command Injection Tenda N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component.

Information Disclosure N A
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote attacker can bypass authentication and gain full access to any existing user account on the platform without possessing the target user's credentials. This results in a complete account takeover.

Microsoft Authentication Bypass N A
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated SQL injection in OpenSIPS Control Panel (opensips-cp) versions prior to 9.3.3 allows attackers with valid panel credentials to execute arbitrary SQL via the 'table' GET parameter in alias_management.php using time-based blind techniques. The flaw resides in the alias_management module and yields full database confidentiality, integrity, and availability impact per CVSS 8.8. No public exploit identified at time of analysis, and EPSS is low (0.28%, 19th percentile), but a third-party advisory documents the issue on GitHub.

PHP SQLi N A
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM This Month

An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature.

RCE N A Authentication Bypass
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability in the site configuration management module.

XSS N A
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

Server impersonation in OCaml-TLS before 2.1.0 allows a malicious TLS server to present a certificate not intended for server authentication and still be accepted by client code, enabling man-in-the-middle and impersonation attacks against any application linking the library as a TLS client. The client fails to validate KeyUsage and ExtendedKeyUsage extensions properly, breaking a core PKIX trust assumption. No public exploit identified at time of analysis and EPSS sits at 0.15% (4th percentile), but the CVSS 9.1 reflects the broad confidentiality and integrity impact on encrypted sessions.

Information Disclosure N A
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Arbitrary file write in remotion-dev Remotion v4.0.409 allows remote attackers to write attacker-controlled content to arbitrary filesystem locations without authentication, per the CVSS:3.1 vector (AV:N/AC:L/PR:N/UI:N) and CWE-123 (Write-what-where) classification. Remotion is a React-based programmatic video rendering framework, and the flaw can lead to integrity and availability compromise of the host running the rendering engine. No public exploit identified at time of analysis, and the EPSS score of 0.15% (4th percentile) indicates low predicted exploitation likelihood despite the high CVSS score.

Information Disclosure N A
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

Local privilege escalation in Microvirt MEmu Android Emulator 9.2.7.0 allows a low-privileged local user to abuse the MemuService.exe component to gain elevated rights on the host Windows system. Mapped to CWE-269 (Improper Privilege Management), with no public exploit identified at time of analysis and an EPSS score of 0.21% indicating low predicted exploitation likelihood. Researcher PoC repository exists on GitHub (sec-zone/CVE-2026-36213) but active exploitation has not been reported.

Privilege Escalation Google N A
NVD GitHub Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM This Month

Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.

XSS N A
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Heap buffer overflow in GPAC MP4Box v2.4 crashes the application when parsing a maliciously crafted MP4 file containing an invalid VP codec configuration. The vulnerable function, gf_isom_vp_config_new in isomedia/avc_ext.c, fails to safely handle attacker-controlled input during ISO Base Media File Format parsing, resulting in a Denial of Service condition. No active exploitation has been confirmed by CISA KEV and no public exploit code has been identified at time of analysis, placing this in a low-urgency remediation tier per SSVC signals.

Denial Of Service Heap Overflow Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in OpenCPN v5.12.0 allows local authenticated users to run shell commands by embedding shell metacharacters in input passed to the wxExecute() function. CVSS 3.1 rates it 7.8 (High) with local attack vector and low privileges required, and SSVC assesses technical impact as total but with no observed exploitation. No public exploit identified at time of analysis beyond a researcher write-up referenced in the advisory.

Command Injection RCE N A
NVD VulDB
EPSS 0% CVSS 8.0
HIGH This Week

An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's trusted Received interface. These conditions establish a vector for arbitrary code execution if the payload is an APK file, or a denial-of-service condition through resource exhaustion from oversized transfers.

Denial Of Service Google RCE +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Heap buffer overflow in GPAC MP4Box v2.4 crashes the application when processing a maliciously crafted MP4 file, triggering a DoS condition in the CENC DRM sample handler. The vulnerable code path resides in gf_cenc_set_pssh (isomedia/drm_sample.c), which processes Protection System Specific Header data embedded in MP4 containers. SSVC confirms no active exploitation, no public exploit exists, and the CVSS local-vector/user-interaction requirement significantly constrains real-world attack surface.

Denial Of Service Heap Overflow Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

NULL pointer dereference in dhcpcd 10.3.0 allows an unauthenticated attacker on the same network segment to crash the DHCP client daemon by sending a crafted packet with unexpected or invalid option tokens. The fault occurs in parse_option() at src/if-options.c:1886, where a NULL return from option lookup is immediately dereferenced as a 'struct dhcp_opt' member without a null check, causing a runtime abort. No public exploit or CISA KEV listing exists, and EPSS sits at the 4th percentile, indicating low but real crash-level risk for any host running this specific dhcpcd version on a shared or adversarially accessible network segment.

Denial Of Service Null Pointer Dereference N A +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

NULL pointer dereference in GPAC MP4Box v2.4 crashes the application when processing a specially crafted MP4 file, delivering a denial of service against any user or automated pipeline invoking the tool. The flaw is isolated to the TrackWriter handling component in filters/mux_isom.c, triggered by malformed MP4 input that causes an unvalidated pointer dereference. No public exploit code has been identified and this CVE does not appear in CISA KEV; SSVC rates exploitation status as none with no automation potential, consistent with a limited, file-delivery-dependent attack surface.

Denial Of Service Null Pointer Dereference N A
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution affects remotion-dev's Remotion framework at version 4.0.409, enabling attackers to execute arbitrary code on systems running the affected version per CWE-94 code injection semantics. The CVSS 9.8 vector indicates network-reachable, unauthenticated exploitation without user interaction, though no public exploit identified at time of analysis and EPSS probability remains low at 0.25% (16th percentile). The vulnerability is reported by MITRE with a third-party advisory on GitHub but lacks detailed exploitation specifics.

Code Injection RCE N A
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

Authentication bypass in OCaml-TLS server implementations before version 2.1.0 allows remote attackers to impersonate legitimate clients during mutual TLS authentication by presenting certificates whose KeyUsage and ExtendedKeyUsage extensions do not authorize client authentication. The server fails to enforce these X.509 certificate purpose constraints, so any valid certificate chain trusted by the server may be accepted regardless of intended use. EPSS probability is low (0.12%, 2nd percentile) and no public exploit identified at time of analysis, but the CVSS 9.1 reflects the high impact on confidentiality and integrity of mTLS-protected services.

Information Disclosure N A
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in LLDAP v0.6.2 allows remote unauthenticated attackers to disrupt the authentication service by sending a crafted refresh-token header to the HTTP refresh endpoint. The flaw is a CWE-400 resource handling defect with CVSS 7.5 (availability-only impact); no public exploit is identified, though a referenced gist may contain proof-of-concept material. EPSS is low at 0.18% (8th percentile) and the issue is not on CISA KEV.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement.

SQLi N A
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

Server-side request forgery in Shlink v5.0.1's automatic short URL title resolution allows remote unauthenticated attackers to probe internal network resources by submitting a crafted longUrl value. The flaw carries a CVSS 9.1 rating reflecting high confidentiality and integrity impact, though EPSS exploitation probability remains low at 0.15% and there is no public exploit identified at time of analysis beyond a referenced gist. Shlink is a self-hosted URL shortener, making this a meaningful pivot point for attackers targeting internal infrastructure behind the shortener host.

SSRF N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Unauthorized information disclosure in Sismics Docs (Teedy) v1.11 allows remote attackers to bypass access controls on share-based read endpoints and retrieve sensitive document data via crafted requests. The flaw stems from broken access control logic (CWE-284) on endpoints intended for shared documents, enabling unauthenticated retrieval of resources that should be restricted. There is no public exploit identified at time of analysis, EPSS is low (0.15%), and the vulnerability is not listed in CISA KEV.

Authentication Bypass N A
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request.

N A Authentication Bypass
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

Server-Side Request Forgery in Project Firefly III v6.5.9 allows remote attackers to scan internal network resources by abusing improper access controls in the webhook management component via crafted POST requests. SSVC indicates a proof-of-concept exists and exploitation is automatable with total technical impact, though EPSS remains low (0.15%) and no public exploit identified at time of analysis beyond a referenced gist. The flaw is unauthenticated per the CVSS vector (PR:N) and provides a pivot point into otherwise unreachable internal services.

Authentication Bypass N A
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution in YouTransfer v1.0.6 allows unauthenticated attackers to run arbitrary code by sending a crafted request to the sendmail transport integration component. The flaw is a CWE-94 code injection issue with a critical CVSS 9.8 score and publicly available exploit code exists via a referenced GitHub gist, though no active exploitation has been confirmed by CISA KEV.

Code Injection RCE N A
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes.

Authentication Bypass N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in anna-is-cute paste v0.1.1 allows remote unauthenticated attackers to disrupt service availability by sending a crafted POST request to the /api/v0/pastes endpoint. The flaw is categorized under CWE-400 (Uncontrolled Resource Consumption) and carries a CVSS 3.1 score of 7.5 with availability-only impact; no public exploit identified at time of analysis, and EPSS is low at 0.15% (4th percentile), suggesting minimal observed interest. The vulnerability is not listed in CISA KEV.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Andrei Marcu linx-server v2.3.8 allows remote unauthenticated attackers to crash or exhaust the file-upload service by sending a crafted POST request to the uploadPostHandler component. CVSS 3.1 rates availability impact High (7.5) with no confidentiality or integrity loss, and publicly available exploit code exists via a referenced GitHub gist, though there is no public exploit identified as actively exploited at time of analysis.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request.

Nginx N A Authentication Bypass
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Incorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive components.

N A Authentication Bypass
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Directory traversal in Zhoros SuperBin v1.0.0 allows remote unauthenticated attackers to read or write files outside intended directories by uploading files whose names contain traversal sequences such as '../'. The flaw stems from inadequate sanitization of user-supplied filenames during file handling operations. Publicly available exploit code exists via a referenced GitHub gist, though there is no public exploit identified as weaponized at scale and the vulnerability is not listed in CISA KEV.

Path Traversal N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Feuerhamster MailForm v1.1.0 allows remote unauthenticated attackers to exhaust server resources by sending a crafted request to the attachment handling component. The flaw aligns with CWE-400 (Uncontrolled Resource Consumption) and carries a CVSS 3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/A:H), with no public exploit identified at time of analysis and no inclusion in CISA KEV.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL Act Now

Stored HTML/script injection in matze wastebin v3.4.1 allows remote unauthenticated attackers to execute arbitrary JavaScript in the browser of any user who views a crafted paste, by abusing improper output encoding in the /src/highlight.rs syntax-highlighting component. A public gist appears to demonstrate the issue, but no public exploit identified at time of analysis as weaponized tooling, and EPSS exploitation probability is low at 0.18% (8th percentile).

XSS N A
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

An authenticated Server-Side Request Forgery (SSRF) in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows attackers to scan internal resources via supplying a crafted URL.

SSRF N A
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution in fossar selfoss v2.20-SNAPSHOT allows unauthenticated attackers to execute arbitrary commands and retrieve sensitive data by sending a crafted HTTP request to the loopback request handling component. The flaw carries a CVSS 9.8 score and a public gist (likely containing proof-of-concept material) is referenced, though EPSS exploitation probability remains low at 0.19% and the issue is not listed in CISA KEV.

Code Injection RCE N A
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Arbitrary code execution in flatnotes v5.5.4 is achievable by uploading crafted HTML or SVG files through the attachment handling component, enabling remote attackers to run code in the context of the application. The CVSS 9.8 rating reflects network-reachable, unauthenticated exploitation with full impact on confidentiality, integrity, and availability. Publicly available exploit code exists via a referenced GitHub gist, though there is no public exploit identified as actively exploited in the CISA KEV catalog at time of analysis.

File Upload RCE N A
NVD GitHub
EPSS 1% CVSS 8.1
HIGH This Week

Authenticated command injection in kanishka-linux Reminiscence v0.3.0 lets remote attackers execute arbitrary OS commands by submitting crafted input to the /manage/features/media endpoint. The flaw maps to CWE-78 with CVSS 8.1 (PR:L), and publicly available exploit code exists in a referenced gist; EPSS is modest at 0.66% (47th percentile) and the issue is not on CISA KEV.

Command Injection N A
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Remote code execution in kanishka-linux Reminiscence v0.3.0 allows unauthenticated attackers to execute arbitrary OS commands by supplying crafted input to the media archiving and export pipeline component. The CVSS 9.8 rating reflects network-reachable, unauthenticated exploitation with full impact to confidentiality, integrity, and availability, though no public exploit identified at time of analysis and EPSS sits at 0.67% (47th percentile) indicating limited observed exploitation pressure so far.

Command Injection Code Injection RCE +1
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar(1) rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file writes outside of the desired extraction directory (to an attacker that can reach a tar decompression endpoint).

N A Path Traversal
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Path traversal in Bludit 3.19.0's api/plugin.php endpoint allows remote attackers to escape the intended directory and access arbitrary files on the server via crafted requests. The CVSS 9.8 rating reflects unauthenticated network-based exploitation with high impact across confidentiality, integrity, and availability, and publicly available exploit code exists in a public gist, though EPSS remains low at 0.25%.

Path Traversal PHP N A
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

{form}/webhooks/{webhook} endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request.

N A Authentication Bypass
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request.

Information Disclosure N A
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_dial_call via the dialNumber parameter.

Command Injection Tenda N A
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the ims_apn parameter.

Command Injection Tenda N A
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

{key} endpoint in bl-plugins/api/plugin.php. Publicly available exploit code exists as a gist, though EPSS rates exploitation probability at only 0.21% (11th percentile).

Authentication Bypass PHP RCE +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via the ia parameter.

Command Injection Tenda N A
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

XSS N A
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information.

SQLi N A
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

NULL pointer dereference in GPAC MP4Box v2.4 allows unauthenticated remote attackers to crash the application by delivering a crafted MP4 file that a user opens. The vulnerable function ctts_box_write in isomedia/box_code_base.c fails to validate a pointer before dereferencing it when processing a malformed Composition Time to Sample (ctts) box, resulting in a denial-of-service condition. No public exploit code or active exploitation has been identified; SSVC rates exploitation status as none, though delivery is rated automatable.

Denial Of Service Null Pointer Dereference N A
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Arbitrary file upload via the /api/create-car-image endpoint in bookcars v8.3 enables server-side code execution by uploading a crafted file (e.g., a web shell). The vulnerability targets an image upload API that fails to restrict file types per CWE-434. No public exploit identified at time of analysis, and EPSS sits at 0.02% (6th percentile), indicating negligible observed exploitation pressure - however, two data conflicts significantly affect confidence: the description asserts an authenticated attacker is required while the CVSS vector records PR:N (no privileges required), and the CVSS impact scores of C:L/I:L are inconsistent with the claimed remote code execution outcome.

RCE File Upload N A
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Denial-of-service in GPAC MP4Box v2.4 allows remote attackers to crash the multimedia tool via a crafted MP4 file that triggers a floating-point exception in the gf_opus_parse_packet_header function. No public exploit identified at time of analysis, and CISA has not listed this in KEV; SSVC scoring indicates exploitation has not been observed but the flaw is automatable with partial technical impact. CVSS 7.5 reflects high availability impact achievable without authentication or user interaction once a malicious file is processed.

Denial Of Service N A
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in BookCars v8.3 is achievable by authenticated attackers who abuse a path traversal flaw in the /api/create-user endpoint to rename and relocate files from temporary storage to attacker-chosen filesystem paths. The flaw is tagged as Authentication Bypass, Path Traversal, and RCE, and a public write-up exists in a third-party GitHub repository, though it is not listed in CISA KEV and EPSS is low at 0.17% (38th percentile).

RCE Path Traversal Authentication Bypass +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in GPAC MP4Box v2.4 allows remote attackers to crash the application by supplying a crafted HEVC Sequence Parameter Set (SPS), triggering a segmentation violation in the gf_hevc_read_sps_bs_internal function within media_tools/av_parsers.c. No public exploit identified at time of analysis, though the bug is reachable without authentication or user interaction per the CVSS vector. Real-world impact is limited to availability of the parsing process, with no integrity or confidentiality consequences.

Denial Of Service N A
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

NULL pointer dereference in GPAC MP4Box v2.4 crashes the application when parsing a maliciously crafted MP4 file, enabling a Denial of Service against any user or pipeline that processes untrusted media with this tool. The flaw resides in gf_isom_get_user_data_count within isomedia/isom_read.c, where an unvalidated pointer is dereferenced during user-data atom counting. Publicly available exploit code exists as a crafted MP4 PoC, though no public exploit identified at time of analysis in CISA KEV and EPSS sits at the 5th percentile, suggesting minimal observed exploitation activity.

Denial Of Service Null Pointer Dereference N A
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

{file} endpoint, which fails to restrict path traversal sequences in the file parameter. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms exploitation requires no authentication, no privileges, and no user interaction from a network position. No public exploit identified at time of analysis, and the EPSS score of 0.12% (30th percentile) reflects low observed exploitation probability, though the no-auth attack surface warrants attention for publicly exposed deployments.

Path Traversal N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in GPAC MP4Box v2.4 allows remote attackers to crash the application by supplying a malicious MP4 file that triggers a NULL pointer dereference in the VVC (Versatile Video Coding) configuration writer. The flaw resides in gf_odf_vvc_cfg_write_bs within odf/descriptors.c and requires no authentication or user privileges beyond convincing the target to process the crafted file. No public exploit identified at time of analysis, and SSVC indicates exploitation has not been observed despite the issue being automatable.

Denial Of Service Null Pointer Dereference N A
NVD VulDB
Prev Page 2 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy