Skip to main content

N A

457 CVEs product

Monthly

CVE-2025-70071 MEDIUM PATCH This Month

Denial of service in Assimp 6.0.2 allows remote attackers to crash the application by sending specially crafted FBX files that trigger memory exhaustion or infinite loops in the FBXParser ParseVectorDataArray() function. The vulnerability requires network access but involves high attack complexity, indicating the attacker must precisely craft malformed input. Public exploit code exists; CISA SSVC analysis indicates the vulnerability is not automatable and results in partial technical impact (availability loss only), suggesting targeted rather than mass-scale exploitation.

Denial Of Service N A
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-70072 MEDIUM PATCH This Month

Assimp version 6.0.2 is vulnerable to denial of service through improper buffer handling in the FBXConverter::ConvertMeshMultiMaterial() function when processing crafted FBX model files. A remote attacker can trigger a crash by supplying a malicious FBX file via network or local file access, causing the application to become unavailable. Publicly available exploit code exists, though the vulnerability requires user interaction to process the malicious file.

Denial Of Service Information Disclosure Buffer Overflow N A
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-70070 MEDIUM PATCH This Month

Denial of service vulnerability in Assimp 6.0.2 via null pointer dereference in FBXMeshGeometry.cpp MeshGeometry constructor allows remote attackers to crash applications processing malicious FBX files. Requires user interaction (opening/processing a crafted file) but affects any application using the vulnerable library version. Publicly available exploit code exists; CVSS 6.5 reflects network attack vector with user interaction requirement.

Null Pointer Dereference Denial Of Service N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-70067 CRITICAL PATCH Act Now

Heap buffer overflow in Assimp's FBX importer allows remote code execution when processing malicious FBX files. The vulnerability affects Assimp versions up to 6.0.2 through unsafe strcpy() operations in aiMaterial::AddBinaryProperty, enabling attackers to achieve arbitrary code execution with high CVSS severity (9.8). A proof-of-concept exploit is publicly available via GitHub Gist, though EPSS indicates only 0.02% exploitation probability and no CISA KEV listing exists, suggesting limited active exploitation despite the theoretical severity.

Heap Overflow Buffer Overflow N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-42475 PHP MEDIUM This Month

SQL injection in MixPHP Framework versions 2.0 through 2.2.17 allows unauthenticated remote attackers to execute arbitrary SQL queries by supplying crafted array parameters to the joinOn function in BuildHelper.php. The vulnerability has a CVSS score of 6.5 with network-accessible exploitation requiring no authentication or user interaction. SSVC signals indicate exploitation is automatable, though no active exploitation in the wild has been reported at time of analysis.

PHP SQLi N A
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-37457 HIGH PATCH This Week

Remote denial of service in FRRouting stable/10.0 allows unauthenticated attackers to crash the BGP daemon via malformed FlowSpec NLRI messages. The off-by-one vulnerability in bgp_flowspec_op_decode() enables out-of-bounds writes when parsing crafted BGP FlowSpec components, causing process termination. EPSS exploitation probability data not available, but SSVC marks this as automatable with partial technical impact. No public exploit code identified at time of analysis, and not listed in CISA KEV, suggesting theoretical rather than actively exploited risk.

Denial Of Service Buffer Overflow Memory Corruption N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-37552 HIGH This Week

Arbitrary code execution in MixPHP Framework 2.x through 2.2.17 allows local attackers to execute malicious PHP closures via unauthenticated TCP connections to the sync-invoke server. The vulnerability stems from unsafe deserialization of untrusted data on localhost-bound port 127.0.0.1, where Server.php directly passes socket data to Opis\Closure\unserialize() and executes the result without authentication or signature verification. Exploitation requires local network access or SSRF capability against the application server. No public exploit code identified at time of analysis, but the attack mechanism is straightforward for attackers with PHP deserialization knowledge.

PHP Deserialization RCE N A
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-36340 PHP HIGH PATCH GHSA This Week

Remote code execution in Krayin CRM 2.1.5 allows authenticated attackers to execute arbitrary code through the compose email function via code injection. The vulnerability was patched in version 2.1.6 released by the vendor. A public proof-of-concept exploit exists on GitHub (cybercrewinc/CVE-2026-36340), significantly lowering the barrier to exploitation. With CVSS 8.1 (High) and network accessibility requiring only low-privilege authentication, this presents immediate risk to organizations running unpatched Krayin CRM instances, particularly those exposing the CRM to internal users or external partners.

RCE Code Injection N A
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-56568 HIGH This Week

Denial of service in Open5GS SMF component (versions before v2.7.5) allows unauthenticated remote attackers to crash the 5G core network Session Management Function by sending NGAP messages with malformed Protocol Configuration Options containing invalid length fields. The vulnerability triggers assertion failures in the PCO parser (CWE-617), causing service termination. With CVSS 7.5 (High) severity and network-accessible attack vector requiring no authentication, this poses significant operational risk to 5G networks, though the low EPSS score (0.07%, 22nd percentile) suggests limited observed exploitation attempts. No active exploitation confirmed (not in CISA KEV). Upstream fix available via commit d770787 incorporated in v2.7.5 release.

Denial Of Service N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-46115 HIGH This Week

Remote denial of service in Open5GS 2.7.3 allows unauthenticated attackers to crash the 5G core network by sending malformed PDU Session Modification Request messages. The vulnerability stems from improper input validation (CWE-20) in session management functions. EPSS score of 0.07% indicates low observed exploitation probability, and no active exploitation has been confirmed via CISA KEV. However, the attack requires no authentication or user interaction (AV:N/AC:L/PR:N/UI:N), making it trivially exploitable against exposed 5G core deployments, potentially disrupting mobile network services for enterprise or carrier environments.

Denial Of Service N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-36766 Maven MEDIUM This Month

Authenticated cross-site scripting (XSS) vulnerabilities in Shopizer v3.2.5's XssHttpServletRequestWrapper class allow authenticated attackers to execute arbitrary web scripts or HTML by injecting crafted payloads into the getInputStream() or getReader() functions. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting exploitation to logged-in users who can be socially engineered into clicking malicious links or submitting forms. No public exploit code or active exploitation has been confirmed at time of analysis.

XSS N A
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-36765 HIGH This Week

XML external entity injection in SpringBlade v4.8.0's /designer/loadReport endpoint enables authenticated attackers to execute arbitrary code remotely. The vulnerability requires low-privilege authentication (PR:L) but no other special conditions (AC:L, UI:N), allowing attackers with basic credentials to compromise confidentiality, integrity, and availability. EPSS probability is low (0.02%, 6th percentile) indicating minimal observed exploitation activity. No CISA KEV listing confirms this is not yet widely exploited in the wild, though a GitHub issue documents the flaw suggesting proof-of-concept details may exist.

XXE RCE N A
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-36763 MEDIUM This Month

Stored cross-site scripting (XSS) in SpringBlade v4.8.0 allows unauthenticated remote attackers to inject arbitrary web scripts or HTML via the /api/blade-desk/notice/submit endpoint's content parameter, executing malicious code in the browsers of subsequent users who view the injected notice. The vulnerability requires user interaction (viewing the stored payload) to trigger, affecting the confidentiality and integrity of affected applications. No public exploit code or active exploitation has been confirmed at the time of analysis.

XSS N A
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-36762 HIGH This Week

Path traversal in JeeSite v5.15.1's file upload endpoint allows authenticated users with file upload permissions to write arbitrary files to any filesystem location, enabling remote code execution by uploading malicious files (e.g., JSP webshells) outside intended directories. The vulnerability exists in the fileEntityId parameter of /a/file/upload, bypassing directory restrictions while respecting file extension whitelists. EPSS score of 0.01% (3rd percentile) indicates low predicted exploitation probability, and no public exploit or CISA KEV listing exists at time of analysis, though vendor issue tracker discussion provides technical details that could facilitate POC development.

Path Traversal File Upload N A
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-36761 MEDIUM This Month

Stored cross-site scripting (XSS) in JeeSite v5.15.1 allows unauthenticated remote attackers to inject arbitrary web scripts or HTML via the msgContent parameter in the /msg/msgInner/save endpoint, affecting any user who views a message containing the malicious payload. The vulnerability requires user interaction (viewing the crafted message) but can impact confidentiality and integrity of user sessions through script execution in the victim's browser context. No public exploit code or active exploitation has been confirmed at this time.

XSS N A
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-36757 MEDIUM This Month

Server-Side Request Forgery (SSRF) in Halo v2.22.14's /plugins/{name}/upgrade-from-uri endpoint permits authenticated attackers to scan internal network resources and retrieve sensitive data via crafted GET requests, potentially enabling reconnaissance of internal infrastructure. The vulnerability requires valid authentication credentials but operates with low attack complexity, affecting the confidentiality of internal resources without requiring user interaction or administrative privileges.

SSRF N A
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-36759 MEDIUM This Month

Server-side request forgery (SSRF) in Halo v2.22.14's /themes/{name}/upgrade-from-uri endpoint allows authenticated attackers to scan internal network resources and services by submitting crafted GET requests, enabling reconnaissance of backend infrastructure without direct network access.

SSRF N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-36758 MEDIUM This Month

Server-side request forgery in Halo v2.22.14 /themes/-/install-from-uri endpoint allows authenticated attackers to scan internal resources and access sensitive network information via crafted GET requests. The vulnerability requires valid authentication credentials but operates with low attack complexity and results in confidentiality impact through information disclosure of internal network topology and services.

SSRF N A
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-36756 MEDIUM This Month

Server-Side Request Forgery (SSRF) in Halo v2.22.14's /plugins/-/install-from-uri endpoint enables authenticated attackers to scan internal resources and potentially access sensitive information via crafted GET requests. The vulnerability requires valid authentication credentials but operates with low attack complexity over the network, exposing internal network topology and services to enumeration attacks.

SSRF N A
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-38940 MEDIUM This Month

Cross-site scripting (XSS) in RafyMrX TOKO-ONLINE-ROTI v.1.0 allows remote attackers to execute arbitrary JavaScript in a victim's browser via the detail_produk.php component when a user visits a malicious link. The vulnerability requires user interaction (clicking a link) and affects confidentiality and integrity with a CVSS score of 6.1. No active exploitation has been confirmed in CISA KEV, but a proof-of-concept payload exists in public repositories.

RCE PHP XSS N A
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-38939 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows remote attackers to execute arbitrary JavaScript in victim browsers and exfiltrate sensitive information through the product_catalogue.php component. The vulnerability requires user interaction (clicking a malicious link or visiting a compromised page) but affects all users due to stored or reflected XSS impact across site sessions. CVSS 6.1 reflects moderate risk with network-based attack vector and low complexity, though no active exploitation in CISA KEV has been confirmed at time of analysis.

RCE PHP XSS N A
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-36960 HIGH This Week

Cross-site request forgery in U-SPEED N300 Router V1.0.0 allows remote attackers to execute administrative actions through victim browsers when authenticated administrators visit attacker-controlled webpages. The router's web management interface lacks CSRF tokens and Origin/Referer validation, enabling attackers to craft malicious pages that trigger state-changing operations using the victim's valid session cookie. A proof-of-concept exploit exists (GitHub repository linked), though no active exploitation is confirmed in CISA KEV at time of analysis. CVSS 8.8 severity reflects high impact across confidentiality, integrity, and availability when exploitation succeeds.

CSRF N A
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-36959 HIGH This Week

Brute-force attacks against U-SPEED N300 router V1.0.0 can compromise administrator credentials due to missing rate limiting on the /api/login endpoint. Local network attackers can execute unlimited authentication attempts without account lockout, enabling credential compromise and unauthorized access to router management. SSVC indicates proof-of-concept exists and the attack is automatable with partial technical impact. CVSS 7.5 reflects network accessibility, but the vulnerability description specifies 'local network' access requirement, suggesting the actual attack vector may be more constrained than the AV:N metric indicates.

Authentication Bypass N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-36958 HIGH This Week

Remote unauthenticated attackers can crash the U-SPEED N300 V1.0.0 wireless router by flooding its web management interface with concurrent HTTP requests to random or non-existent endpoints, exhausting resources in the embedded Boa HTTP server until manual reboot is required. SSVC framework confirms proof-of-concept exploit code exists and the attack is fully automatable. CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates this is trivially exploitable from the internet without authentication, though impact is limited to availability disruption with no data compromise.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36957 HIGH This Week

Remote attackers can crash Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 and disable all routing functionality by flooding the boa web server with HTTP GET requests to non-existent URIs. The attack exhausts file descriptors and memory buffers, causing kernel deadlock that kills both the web management interface and core routing services. SSVC framework confirms proof-of-concept exploit exists and the attack is fully automatable against default router configurations with no authentication required (CVSS AV:N/AC:L/PR:N/UI:N).

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36956 HIGH This Week

Cross-site request forgery in Dbit N300 T1 Pro wireless router V1.0.0 allows remote unauthenticated attackers to execute arbitrary administrative actions by convincing an authenticated administrator to visit a malicious webpage. The router lacks anti-CSRF tokens and Origin/Referer validation on configuration endpoints like /api/setWlan, enabling complete router compromise through social engineering. Publicly available exploit code exists (SSVC: poc status) with EPSS data not provided, indicating proof-of-concept demonstration but no confirmed active exploitation at time of analysis.

CSRF N A
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-38993 PHP MEDIUM PATCH This Month

Cockpit CMS versions 2.13.5 and earlier allow authenticated attackers to write files to arbitrary locations within the uploads directory or overwrite assets via directory traversal in the Buckets component. The vulnerability requires valid user authentication and does not impact confidentiality, but enables integrity compromise through malicious file placement or asset replacement. A proof-of-concept exists, though the SSVC framework rates automatable exploitation as unlikely, suggesting manual attack steps are required.

Path Traversal N A
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-38992 PHP CRITICAL PATCH GHSA Act Now

Remote code execution in Cockpit CMS versions 2.13.5 and earlier allows unauthenticated attackers to execute arbitrary system commands on the server by injecting malicious payloads through the filter parameter across multiple endpoints. The vulnerability exploits the MongoLite database layer's $func operator, which processes user-controlled input as executable code. Public proof-of-concept exists and the attack is fully automatable with total system compromise potential, though EPSS scoring suggests limited observed exploitation attempts (2nd percentile) at time of analysis.

Code Injection RCE N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-38949 HIGH This Week

Stored Cross-Site Scripting in HTMLy 3.1.1 allows authenticated users with content creation privileges to inject malicious JavaScript via the image upload endpoint (/add/content?type=image), executing arbitrary code in victim browsers with scope change (S:C) indicating potential account takeover or session hijacking. Public proof-of-concept exists (YouTube demonstration and GitHub writeup), though EPSS score remains low (2%, 4th percentile) and no active exploitation has been confirmed by CISA KEV. CVSS 8.9 reflects high confidentiality and integrity impact but requires victim interaction.

XSS RCE N A
NVD GitHub
CVSS 3.1
8.9
EPSS
0.0%
CVE-2026-30350 HIGH This Week

An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-30346 MEDIUM This Month

An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL.

Google Open Redirect N A
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-30352 CRITICAL Act Now

A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter.

Command Injection RCE N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-59308 MEDIUM This Month

Institution administrators with Site staff role in Mahara can impersonate institution members in other institutions where they lack administrative privileges, bypassing intended access controls on multi-tenanted deployments. Affects Mahara versions before 24.04.10 and 25.x before 25.04.1. This requires high-privilege authentication (Site staff role) and does not involve network exploitation of unauthenticated services, limiting real-world attack surface to insider threats within organizations running affected versions.

Authentication Bypass N A
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-67259 MEDIUM This Month

Broken access control in ClassroomIO v0.1.13 allows authenticated low-privileged students to disclose sensitive course information including other students' details, tutor/admin profiles, and internal metadata by modifying API requests from POST to GET against the PostgREST endpoint. The vulnerability requires valid student account credentials but no special privileges, enabling unauthorized horizontal and vertical access escalation within course contexts.

Authentication Bypass N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-39087 Go MEDIUM PATCH GHSA This Month

An issue in Ntfy ntfy.sh before v.2.21 allows a remote attacker to execute arbitrary code via the parseActions function

RCE Code Injection N A
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2026-30139 Maven MEDIUM This Month

Reflected cross-site scripting (XSS) in Silverpeas Core before version 6.4.6 allows unauthenticated remote attackers to execute arbitrary JavaScript in users' browsers via malicious input to the AdvancedSearch functionality. The vulnerability requires user interaction (clicking a crafted link) and affects confidentiality and integrity with partial technical impact. Publicly available exploit code exists, and CISA SSVC assessment confirms proof-of-concept availability, though this vulnerability is not yet confirmed in active widespread exploitation.

XSS N A
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-31019 PHP HIGH GHSA This Week

Remote code execution in Dolibarr ERP 22.0.4 and earlier allows authenticated users with PHP content editing permissions to execute arbitrary OS commands on the server. The vulnerability stems from a bypassable blacklist-based filter for dangerous PHP functions in the Website module. Attack complexity is low (CVSS AV:N/AC:L/PR:L), requiring only valid low-privilege credentials. Public proof-of-concept code exists on GitHub, though CISA has not confirmed active exploitation. EPSS data is unavailable, but SSVC assessment indicates total technical impact with no current exploitation evidence.

PHP Command Injection RCE N A
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-29644 MEDIUM This Month

XiangShan open-source RISC-V processor commit edb1dfaf7d290ae99724594507dc46c2c2125384 and earlier versions fail to properly gate the Control and Status Register (CSR) write-enable path for Physical Memory Attribute (PMA) configuration, allowing local attackers with code execution privileges to write to PMA CSRs that should raise illegal-instruction exceptions per the RISC-V specification. Successful exploitation enables attackers to alter memory attribute enforcement, potentially leading to privilege escalation, information disclosure, or denial of service depending on platform security boundaries. No public exploit code or active exploitation has been confirmed at time of analysis.

Authentication Bypass Information Disclosure Privilege Escalation Denial Of Service N A
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-31018 PHP HIGH GHSA This Week

Authenticated users with restricted HTML/JavaScript editing permissions in Dolibarr ERP & CRM 22.0.4 and earlier can escalate privileges to execute arbitrary PHP code via the Website module. The vulnerability exploits inconsistent permission enforcement across input parameters during website page creation, allowing low-privileged authenticated users to bypass intended restrictions and inject PHP code. Public proof-of-concept exists on GitHub (PhDg1410), though no active exploitation is confirmed by CISA KEV. EPSS data unavailable, but the CVSS 8.8 score reflects high impact across confidentiality, integrity, and availability when exploited by authenticated insiders or compromised accounts.

PHP Code Injection RCE N A
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-29647 MEDIUM This Month

OpenXiangShan NEMU fails to properly enforce Smstateen permission controls, allowing authenticated local users to access IMSIC (Incoming Message Signal Interrupt Controller) state through stopei/vstopei CSRs despite mstateen0.IMSIC being cleared. This privilege escalation enables cross-context information disclosure of interrupt state and potential disruption of interrupt handling mechanisms in lower-privileged execution contexts.

Privilege Escalation N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-29643 HIGH This Week

Control-flow disruption in XiangShan open-source RISC-V processor allows local authenticated attackers to trigger denial of service through malformed CSR operations that fail to properly invoke trap handlers. Affected commits from November 2024 contain improper exception handling in the NewCSR subsystem that can leave the processor core in a hung state when targeting non-existent CSR addresses. GitHub issue #3959 and pull request #3966 document the flaw and proposed fix. EPSS score of 0.02% (5th percentile) indicates very low predicted exploitation probability. No public exploit code identified and not listed in CISA KEV, suggesting primarily theoretical risk limited to specialized RISC-V development environments.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-29648 HIGH This Week

Privilege escalation in OpenXiangShan NEMU allows authenticated local attackers to bypass state-enable isolation controls when Smstateen extension is enabled. Clearing mstateen0.ENVCFG fails to properly restrict access to henvcfg and senvcfg Control and Status Registers (CSRs), enabling less-privileged code to read or write privileged configuration registers without triggering required exceptions. This undermines virtualization boundaries and multi-privilege isolation in RISC-V processor emulation environments. EPSS exploitation probability is low (0.02%, 4th percentile), no active exploitation confirmed, and publicly available exploit code exists via GitHub issue #690.

Privilege Escalation N A
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-29646 CRITICAL Act Now

OpenXiangShan NEMU emulator's RISC-V Hypervisor extension implementation allows VS-mode guest writes to the sie (supervisor interrupt-enable) CSR to corrupt machine-level mie state, breaking privilege isolation between virtualization layers. Fixed in commit 55295c4 per GitHub PR #938. Despite CVSS 9.8 Critical rating with network attack vector (AV:N), the EPSS score of 0.03% (9th percentile) indicates extremely low observed exploitation probability, and the vulnerability specifically affects RISC-V emulator environments rather than typical network-accessible services. No CISA KEV listing or public exploit identified at time of analysis, suggesting this is a theoretical high-severity issue in specialized research/development contexts rather than an imminent widespread threat.

Denial Of Service N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-29642 HIGH This Week

Privileged CSR manipulation in XiangShan RISC-V processor core (commit aecf601e80, 2024-11-19) allows local attackers with M-mode access to corrupt processor status registers by exploiting improper handling of WPRI (Write Preserve, Read Ignore) fields in menvcfg operations. Carefully crafted csrrs instructions targeting menvcfg unexpectedly set reserved bits in xstatus to 1, violating RISC-V specification requirements that WPRI fields remain unchanged during CSR operations. Upstream fix committed (5e3dd63) but released version not confirmed. EPSS score 5th percentile indicates low real-world exploitation probability despite theoretical high impact, with no active exploitation or public POC identified.

Information Disclosure N A
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-39110 HIGH This Week

SQL injection in Apartment Visitors Management System v1.1 allows unauthenticated remote attackers to extract sensitive database contents via the contactno parameter on the password reset page. The vulnerability bypasses authentication controls through crafted input during password recovery operations. EPSS and KEV data not available, but SSVC framework indicates proof-of-concept exists and the vulnerability is automatable with partial technical impact. The CVSS score of 8.2 reflects high confidentiality impact with network-accessible attack surface requiring no user interaction.

PHP SQLi N A
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-39109 CRITICAL Act Now

SQL injection in Apartment Visitors Management System V1.1's login form allows remote unauthenticated attackers to bypass authentication and extract database contents via the username parameter. The vulnerability scores 9.4 CVSS with network attack vector and low complexity. Public exploit code exists (SSVC confirms POC status), making this immediately exploitable. EPSS data unavailable, but SSVC framework rates it as automatable with partial technical impact, indicating high practical risk for internet-exposed installations.

PHP SQLi N A
NVD GitHub VulDB
CVSS 3.1
9.4
EPSS
0.2%
CVE-2026-30266 HIGH This Week

Local privilege escalation in DeepCool DeepCreative software version 1.2.7 and earlier allows unauthenticated attackers to execute arbitrary code with elevated privileges through malicious file processing. The vulnerability stems from insecure permission configuration (CWE-277) requiring user interaction to open a crafted file. Public exploit research exists on GitHub (uncle-hash repository), though CISA has not confirmed active exploitation. CVSS 7.8 indicates high severity, but EPSS data unavailable; SSVC framework rates technical impact as total with no confirmed exploitation and non-automatable attack path.

RCE N A
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-70795 MEDIUM This Month

STProcessMonitor 11.11.4.0 driver in Safetica Application suite allows local privileged users to send crafted IOCTL requests (0xB822200C) that terminate processes protected by third-party security implementations due to insufficient caller validation in the kernel-mode driver handler. This enables denial of service attacks against critical services without requiring user interaction. Publicly available exploit code exists, and the vulnerability is tracked in CISA's LOLDrivers database as a legitimate-but-abused Windows driver.

Privilege Escalation Denial Of Service N A
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-37749 CRITICAL NEWS Act Now

SQL injection in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php. CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) indicates trivial exploitation. CISA SSVC framework confirms proof-of-concept exists, attack is automatable, and technical impact is total (full system compromise). Public POC available on GitHub enables immediate weaponization by attackers with no specialized skills.

PHP SQLi N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-31317 PHP HIGH GHSA This Week

Server-Side Request Forgery (SSRF) in Craftql PHP library versions 1.3.7 and earlier enables remote attackers to force the server to make unintended requests, potentially leading to arbitrary code execution. The vulnerability resides in the GetAssetsFieldSchema.php listener component. No active exploitation is confirmed (not in CISA KEV), but a proof-of-concept repository with detailed exploitation documentation exists on GitHub. Despite the CVSS 7.5 rating, the extremely low EPSS score (0.01%, 0th percentile) indicates minimal real-world exploitation activity observed to date. The description claims RCE capability, but the CVSS vector shows only confidentiality impact (C:H/I:N/A:N), suggesting the SSRF may enable information disclosure that could chain into RCE rather than direct code execution - verification with vendor advisories needed.

PHP SSRF RCE N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-37100 MEDIUM This Month

Yamaha SR-B30A sound bar firmware 2.40 allows remote attackers within Bluetooth Low Energy (BLE) radio range to connect to the device and modify settings without authentication via the Sound Bar Remote protocol. The vulnerability enables unauthenticated integrity compromise (modification of device configuration) but does not expose sensitive data or cause denial of service. This affects only devices within BLE proximity range, significantly limiting practical attack scope despite the moderate CVSS score.

Authentication Bypass N A
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-30459 HIGH This Week

An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message.

Information Disclosure N A
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-30461 HIGH This Week

Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule.

PHP Command Injection RCE N A
NVD GitHub VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2025-65134 MEDIUM This Month

Reflected cross-site scripting (XSS) in School Management System 1.0 allows unauthenticated remote attackers to inject malicious scripts via the email POST parameter in the contact-us.php admin interface. A victim must click a crafted link, enabling attackers to steal session cookies, perform administrative actions, or redirect users to malicious sites. Public proof-of-concept code exists; however, real-world exploitation probability remains low (EPSS 0.02%) due to reliance on user interaction and limited automaton.

XSS PHP N A
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-61260 npm CRITICAL GHSA Act Now

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads project-local .env and .codex/config.toml files without requiring user confirmation, allowing attackers to embed arbitrary commands that execute immediately.

Code Injection RCE N A
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-36920 LOW Monitor

SQL injection in Sourcecodester Online Reviewer System v1.0 allows high-privileged authenticated users to extract limited data via a crafted SQL query in the questions-view.php endpoint. The vulnerability requires administrator-level credentials and lacks evidence of active exploitation or public exploit tooling, resulting in a minimal real-world risk profile despite confirmed SQL injection capability.

SQLi PHP N A
NVD GitHub VulDB
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-36919 LOW Monitor

SQL injection in Sourcecodester Online Reviewer System v1.0 allows high-privileged authenticated attackers to conduct limited information disclosure through the exam update functionality at /system/system/admins/assessments/examproper/exam-update.php. The vulnerability carries minimal real-world risk due to required administrative privileges (PR:H), low EPSS exploitation probability (0.02%), and CISA SSVC assessment indicating no exploitation trend, non-automatable attack, and only partial technical impact.

SQLi PHP N A
NVD GitHub VulDB
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-36872 LOW Monitor

SQL injection in Sourcecodester Basic Library System v1.0 allows high-privilege authenticated attackers to extract limited information from the database via crafted input to /librarysystem/load_book.php. The vulnerability requires administrative credentials and has very low real-world risk (EPSS 0.02%, CVSS 2.7) with no public exploit code identified; CISA does not list it as actively exploited.

SQLi PHP N A
NVD GitHub VulDB
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-36873 LOW Monitor

SQL injection in Sourcecodester Basic Library System v1.0 allows high-privilege authenticated attackers to extract sensitive data via the /librarysystem/load_admin.php endpoint. The vulnerability requires administrative authentication, limiting exposure to compromised or malicious admin accounts. EPSS exploitation probability is minimal at 0.02% (6th percentile), and no public exploit code has been identified, making this a low-priority issue despite the SQL injection vector.

SQLi PHP N A
NVD GitHub VulDB
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-31280 MEDIUM NEWS This Month

Denial of service in Parani M10 Motorcycle Intercom v2.1.3 via crafted Bluetooth RFCOMM frames allows unauthenticated attackers within wireless range to crash the device. The vulnerability exploits a buffer overflow in the RFCOMM service handler, causing high availability impact. A proof-of-concept exists but active exploitation has not been confirmed; EPSS score of 0.02% suggests limited real-world exploitation pressure despite the accessible attack vector.

Denial Of Service Buffer Overflow N A
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-63743 MEDIUM This Month

Stored cross-site scripting in Snipe-IT asset management system v8.3.0-8.3.1 allows authenticated users with basic login privileges to inject malicious JavaScript via Name and Surname fields, which executes when other users view Activity Reports or modified profiles. This vulnerability requires the victim's Display Name to be unset and affects all users with sufficient permissions to access those views. Patch available in v8.3.2; EPSS score is minimal (0.01%), indicating low empirical exploitation likelihood despite network-accessible attack vector.

XSS N A
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-69627 HIGH This Week

Heap use-after-free in Nitro PDF Pro 14.41.1.4 for Windows allows local code execution via malicious PDF containing crafted JavaScript calling this.mailDoc(). The vulnerability stems from premature deallocation of an XID object whose freed pointer is passed to wcscmp() and other functions, where attacker-controlled strings in the freed heap region can manipulate program flow. CVSS 8.4 (AV:L/PR:N) indicates local attack vector requiring no privileges or user interaction. EPSS 0.01% suggests low immediate exploitation probability; no public exploit identified at time of analysis.

Denial Of Service Use After Free Microsoft Memory Corruption N A
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-69624 HIGH This Week

Nitro PDF Pro 14.41.1.4 for Windows crashes when processing maliciously crafted PDFs that invoke app.alert() with null arguments, causing denial of service through NULL pointer dereference in the JavaScript engine. Remote attackers can deliver weaponized PDF files requiring no authentication or user interaction beyond opening the document (AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis, with EPSS exploitation probability at 0.01% (2nd percentile), indicating low real-world targeting despite theoretical automation potential.

Denial Of Service Null Pointer Dereference Microsoft N A
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36947 LOW Monitor

SQL injection in Sourcecodester Computer and Mobile Repair Shop Management System v1.0 at /rsms/admin/services/view_service.php allows authenticated administrators to extract sensitive database information with low complexity. The vulnerability requires high-privilege (admin) access and does not enable data modification or denial of service, limiting real-world impact despite the unauthenticated attack vector network availability. No active exploitation or public proof-of-concept tools have been confirmed; EPSS score of 0.02% and SSVC framework rating 'none' exploitation status indicate minimal practical risk despite CVSS 2.7 rating.

SQLi PHP N A
NVD GitHub VulDB
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-36923 LOW Monitor

SQL Injection in Sourcecodester Cab Management System 1.0 allows high-privilege administrators to extract limited database information via the /cms/admin/bookings/view_booking.php endpoint. The vulnerability requires authenticated admin access and carries minimal real-world risk given its low EPSS score (0.02%) and CISA SSVC assessment indicating no exploitation status, non-automatable exploitation, and only partial technical impact.

SQLi PHP N A
NVD GitHub VulDB
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-36922 LOW Monitor

SQL injection in Sourcecodester Cab Management System v1.0 allows high-privilege authenticated attackers to extract sensitive data via the /cms/admin/categories/view_category.php endpoint. The vulnerability requires administrative credentials and has minimal real-world impact (CVSS 2.7, EPSS 0.02%), with no evidence of active exploitation or public exploit code.

SQLi PHP N A
NVD GitHub VulDB
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-70364 HIGH This Week

Arbitrary PHP code execution in Kiamo customer engagement platform (pre-8.4) allows authenticated administrative users to run commands on the underlying server. The vulnerability exploits a code injection weakness (CWE-94) via network-accessible interfaces with low complexity. No public exploit identified at time of analysis, with EPSS indicating 2% (5th percentile) exploitation probability. Detailed technical write-up published by security researcher at Hackvens confirms exploitability through administrative access.

PHP Code Injection RCE N A
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-29923 HIGH This Week

PowerStrip driver (pstrip64.sys) through version 3.90.736 enables authenticated local users to escalate privileges to SYSTEM by sending malicious IOCTL requests that map arbitrary physical memory into user-mode address space, allowing modification of kernel structures. EPSS score of 0.02% (5th percentile) indicates low automated exploitation likelihood, though publicly available exploit code exists (PacketStorm Security reference), making this a realistic threat in environments where PowerStrip is deployed and local access is possible. No CISA KEV listing indicates no confirmed widespread exploitation at time of analysis.

Privilege Escalation N A
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-30479 CRITICAL Act Now

Remote code execution in OSGeo MapServer versions prior to 8.0 enables unauthenticated attackers to execute arbitrary code through dynamic-link library (DLL) injection via a specially crafted executable. The vulnerability requires no user interaction and has low attack complexity (CVSS 9.1 Critical), though real-world exploitation probability remains low (EPSS 2%, 5th percentile). Publicly available exploit code exists in a researcher's GitHub repository, but no confirmed active exploitation (CISA KEV) has been documented at time of analysis.

Code Injection RCE N A
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-70365 MEDIUM This Month

Stored cross-site scripting in Kiamo before version 8.4 allows authenticated administrative users to inject persistent JavaScript payloads into administrative interfaces due to improper output encoding, resulting in execution within browsers of subsequent users accessing affected pages. The vulnerability requires valid admin credentials and user interaction (clicking a link or viewing a page) to trigger payload execution, making it a targeted attack vector against administrative personnel. EPSS probability is extremely low at 0.02%, and no active exploitation has been confirmed, though the issue affects a web-based application platform.

XSS N A
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-31017 CRITICAL Act Now

Server-Side Request Forgery in ERPNext 16.0.1 and Frappe Framework 16.1.1 enables unauthenticated attackers to force servers to make arbitrary HTTP requests to internal services through insufficiently sanitized HTML in Print Format PDF generation. Attackers inject HTML elements like <iframe> referencing external resources, which the PDF rendering engine automatically fetches server-side, exposing cloud metadata endpoints and internal network resources. No public exploit identified at time of analysis. CVSS 9.1 severity reflects network-accessible attack vector requiring no authentication or user interaction.

Information Disclosure SSRF N A
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-69515 CRITICAL Act Now

GPS spoofing vulnerability in JXL 9 Inch Car Android Double Din Player (Android 12.0) allows unauthenticated remote attackers to inject falsified GPS signals that the infotainment system accepts as legitimate, forcing incorrect or static location reporting. Exploitation requires no user interaction and achieves high integrity and availability impact through manipulation of navigation data. No public exploit identified at time of analysis. CVSS 9.1 reflects network-accessible attack vector with low complexity.

Google Information Disclosure N A
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-31271 CRITICAL Act Now

Unauthenticated account creation bypass in megagao production_ssm v1.0 allows remote attackers to create super administrator accounts via direct API access to /user/insert endpoint. The UserController.java insert() method processes account creation requests without authentication enforcement (CVSS vector PR:N confirms unauthenticated access). Successful exploitation grants full administrative control, enabling attackers to compromise confidentiality, integrity, and availability of the entire application. No public exploit identified at time of analysis.

Authentication Bypass Java N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-30460 HIGH This Week

Authenticated remote code execution in Daylight Studio FuelCMS version 1.5.2 allows low-privileged users to execute arbitrary code via the Blocks module. CVSS 8.8 rating indicates network-accessible attack requiring low-complexity exploitation without user interaction, enabling full system compromise (confidentiality, integrity, availability impact). No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).

RCE Code Injection N A
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-31313 PHP MEDIUM GHSA This Month

Stored cross-site scripting (XSS) in Feehi CMS v2.1.1 allows authenticated attackers to inject malicious scripts into the Content field during page/post creation or editing, which execute in the browsers of other users viewing the affected content. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting its severity to CVSS 5.4 (medium). No public exploit code or active exploitation has been identified; EPSS score of 0.02% indicates extremely low real-world exploitation probability despite public disclosure.

XSS N A
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-30603 MEDIUM This Month

Qianniao QN-L23PA0904 firmware v20250721.1640 contains an insecure firmware update mechanism that allows local attackers with SD card access to execute arbitrary code as root by supplying a crafted iu.sh script, enabling complete device compromise including backdoor installation and data exfiltration. No CVSS score is available; exploitation requires physical or logical access to the device's SD card interface. Public research documentation exists detailing the vulnerability.

Information Disclosure N A
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-26895 MEDIUM This Month

User enumeration in osTicket v1.18.2's password reset endpoint (/pwreset.php) enables remote attackers to discover valid usernames through response analysis, facilitating targeted account compromise attempts. No CVSS score, CISA KEV status, or confirmed patch information is available; exploitation likelihood depends on whether timing or behavioral differences between valid and invalid usernames can be reliably detected without authentication.

PHP Information Disclosure N A
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-29598 MEDIUM This Month

Stored cross-site scripting (XSS) vulnerabilities in DDSN Interactive Acora CMS v10.7.1 allow unauthenticated attackers to inject malicious scripts via the submit_add_user.asp endpoint's First Name and Last Name parameters, enabling arbitrary JavaScript execution in the context of victim browsers. Public proof-of-concept code is available on GitHub; no patch information or CVSS/EPSS quantification is currently available.

XSS N A
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-30278 CRITICAL Act Now

Arbitrary file overwrite in FLY is FUN Aviation Navigation v35.33 permits attackers to overwrite critical internal files through the file import process, enabling remote code execution or information disclosure. No CVSS score, CVE severity classification, or patch status has been established. The vulnerability affects a niche aviation navigation software product with limited public disclosure.

Path Traversal RCE Information Disclosure N A
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-30277 HIGH This Week

Arbitrary file overwrite in PDF Reader App TA/UTAX Mobile Print v3.7.2.251001 allows remote attackers to overwrite critical internal files during the file import process, potentially leading to remote code execution or unauthorized information exposure. The vulnerability affects a mobile print utility with demonstrated proof-of-concept documentation available on GitHub, though CVSS scoring and formal vendor patch status remain unavailable at time of analysis.

Path Traversal RCE Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-30283 CRITICAL Act Now

Arbitrary file overwrite in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 allows attackers to overwrite critical internal files during the file import process, enabling remote code execution or sensitive information exposure. The vulnerability affects the application's import functionality without requiring authentication. No public exploit code or active exploitation has been independently confirmed at the time of analysis.

Path Traversal RCE Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-30279 HIGH This Week

Arbitrary file overwrite in My Location Travel Timeline v11.80 by Squareapps LLC permits attackers to overwrite critical internal files through the file import process, resulting in arbitrary code execution or information disclosure. Attack vector and complexity details are not confirmed from available CVSS data, and active exploitation status is unconfirmed.

Path Traversal RCE Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-30282 CRITICAL Act Now

Arbitrary file overwrite in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 enables remote attackers to overwrite critical application files through a malicious file import process, resulting in remote code execution or information disclosure. No CVSS score, exploit code availability, or active exploitation status confirmed from available data.

Path Traversal RCE Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-30082 MEDIUM This Month

Stored cross-site scripting (XSS) vulnerabilities in IngEstate Server v11.14.0 allow remote attackers to execute arbitrary web scripts or HTML by injecting malicious payloads into the About application, What's news, or Release note parameters within the Software Package List edit feature. The vulnerabilities affect the stored XSS class, meaning injected payloads persist and execute for all users accessing the affected page. Public exploit code is available on GitHub, and the vendor (IngEstate/Ingenico) has not released a confirmed patched version as of this analysis.

XSS N A
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-29597 MEDIUM This Month

Incorrect access control in the file_details.asp endpoint of DDSN Interactive Acora CMS version 10.7.1 permits authenticated users with editor privileges to access sensitive files through crafted requests, resulting in information disclosure. This vulnerability requires valid editor-level credentials and direct knowledge of the vulnerable endpoint, limiting but not eliminating real-world risk. No active exploitation or public proof-of-concept code has been independently confirmed at this time.

Authentication Bypass N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-61190 MEDIUM This Month

DSpace JSPUI 6.5 contains a reflected cross-site scripting (XSS) vulnerability in the search/discover filtering functionality where the filter_type_1 parameter is not properly sanitized, allowing remote attackers to inject malicious scripts that execute in the context of other users' browsers. The vulnerability affects DSpace repository instances running version 6.5. A proof-of-concept has been publicly disclosed via GitHub (https://gist.github.com/MerttTuran/9cf7de549749fe3ef7ce08d65e3540bd), though no active exploitation via CISA KEV listing has been confirmed at the time of analysis.

XSS N A
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-30689 MEDIUM This Month

Blog.Admin versions 8.0 and earlier expose sensitive administrator account information through an improper access control vulnerability in the getinfobytoken API endpoint. An attacker possessing a valid authentication token can bypass authorization checks to retrieve confidential administrator credentials and account details, potentially enabling lateral movement or privilege escalation attacks. No public exploit code or active exploitation has been confirmed at the time of analysis.

Information Disclosure Authentication Bypass N A
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-30458 CRITICAL Act Now

Daylight Studio FuelCMS v1.5.2 allows remote attackers to exfiltrate password reset tokens through a mail splitting attack, enabling account takeover without authentication. The vulnerability exploits improper handling of email headers during the password reset workflow, permitting attackers to intercept or redirect sensitive reset tokens to attacker-controlled addresses. No public exploit code or active exploitation has been independently confirmed at time of analysis.

Information Disclosure N A
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-30463 HIGH This Week

SQL injection in Daylight Studio FuelCMS v1.5.2 Login.php component allows remote attackers to execute arbitrary SQL queries against the application database. The vulnerability affects the authentication mechanism, potentially enabling account enumeration, credential bypass, or unauthorized data extraction. No public exploit code or active exploitation has been confirmed at this time, though the specific attack vector suggests direct manipulation of login form parameters.

PHP SQLi N A
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-30457 CRITICAL Act Now

Remote code execution in Daylight Studio FuelCMS v1.5.2 through the /parser/dwoo component enables unauthenticated attackers to execute arbitrary PHP code via specially crafted input. The vulnerability exploits insufficient input validation in the Dwoo template engine integration, allowing direct PHP code injection. Attack complexity appears low given the public references to exploitation techniques in the provided pentest-tools PDF, though no formal CVSS scoring or CISA KEV confirmation is available to assess real-world exploitation prevalence.

PHP RCE Code Injection N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Denial of service in Assimp 6.0.2 allows remote attackers to crash the application by sending specially crafted FBX files that trigger memory exhaustion or infinite loops in the FBXParser ParseVectorDataArray() function. The vulnerability requires network access but involves high attack complexity, indicating the attacker must precisely craft malformed input. Public exploit code exists; CISA SSVC analysis indicates the vulnerability is not automatable and results in partial technical impact (availability loss only), suggesting targeted rather than mass-scale exploitation.

Denial Of Service N A
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Assimp version 6.0.2 is vulnerable to denial of service through improper buffer handling in the FBXConverter::ConvertMeshMultiMaterial() function when processing crafted FBX model files. A remote attacker can trigger a crash by supplying a malicious FBX file via network or local file access, causing the application to become unavailable. Publicly available exploit code exists, though the vulnerability requires user interaction to process the malicious file.

Denial Of Service Information Disclosure Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Denial of service vulnerability in Assimp 6.0.2 via null pointer dereference in FBXMeshGeometry.cpp MeshGeometry constructor allows remote attackers to crash applications processing malicious FBX files. Requires user interaction (opening/processing a crafted file) but affects any application using the vulnerable library version. Publicly available exploit code exists; CVSS 6.5 reflects network attack vector with user interaction requirement.

Null Pointer Dereference Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Heap buffer overflow in Assimp's FBX importer allows remote code execution when processing malicious FBX files. The vulnerability affects Assimp versions up to 6.0.2 through unsafe strcpy() operations in aiMaterial::AddBinaryProperty, enabling attackers to achieve arbitrary code execution with high CVSS severity (9.8). A proof-of-concept exploit is publicly available via GitHub Gist, though EPSS indicates only 0.02% exploitation probability and no CISA KEV listing exists, suggesting limited active exploitation despite the theoretical severity.

Heap Overflow Buffer Overflow N A
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

SQL injection in MixPHP Framework versions 2.0 through 2.2.17 allows unauthenticated remote attackers to execute arbitrary SQL queries by supplying crafted array parameters to the joinOn function in BuildHelper.php. The vulnerability has a CVSS score of 6.5 with network-accessible exploitation requiring no authentication or user interaction. SSVC signals indicate exploitation is automatable, though no active exploitation in the wild has been reported at time of analysis.

PHP SQLi N A
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in FRRouting stable/10.0 allows unauthenticated attackers to crash the BGP daemon via malformed FlowSpec NLRI messages. The off-by-one vulnerability in bgp_flowspec_op_decode() enables out-of-bounds writes when parsing crafted BGP FlowSpec components, causing process termination. EPSS exploitation probability data not available, but SSVC marks this as automatable with partial technical impact. No public exploit code identified at time of analysis, and not listed in CISA KEV, suggesting theoretical rather than actively exploited risk.

Denial Of Service Buffer Overflow Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Arbitrary code execution in MixPHP Framework 2.x through 2.2.17 allows local attackers to execute malicious PHP closures via unauthenticated TCP connections to the sync-invoke server. The vulnerability stems from unsafe deserialization of untrusted data on localhost-bound port 127.0.0.1, where Server.php directly passes socket data to Opis\Closure\unserialize() and executes the result without authentication or signature verification. Exploitation requires local network access or SSRF capability against the application server. No public exploit code identified at time of analysis, but the attack mechanism is straightforward for attackers with PHP deserialization knowledge.

PHP Deserialization RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in Krayin CRM 2.1.5 allows authenticated attackers to execute arbitrary code through the compose email function via code injection. The vulnerability was patched in version 2.1.6 released by the vendor. A public proof-of-concept exploit exists on GitHub (cybercrewinc/CVE-2026-36340), significantly lowering the barrier to exploitation. With CVSS 8.1 (High) and network accessibility requiring only low-privilege authentication, this presents immediate risk to organizations running unpatched Krayin CRM instances, particularly those exposing the CRM to internal users or external partners.

RCE Code Injection N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Open5GS SMF component (versions before v2.7.5) allows unauthenticated remote attackers to crash the 5G core network Session Management Function by sending NGAP messages with malformed Protocol Configuration Options containing invalid length fields. The vulnerability triggers assertion failures in the PCO parser (CWE-617), causing service termination. With CVSS 7.5 (High) severity and network-accessible attack vector requiring no authentication, this poses significant operational risk to 5G networks, though the low EPSS score (0.07%, 22nd percentile) suggests limited observed exploitation attempts. No active exploitation confirmed (not in CISA KEV). Upstream fix available via commit d770787 incorporated in v2.7.5 release.

Denial Of Service N A
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in Open5GS 2.7.3 allows unauthenticated attackers to crash the 5G core network by sending malformed PDU Session Modification Request messages. The vulnerability stems from improper input validation (CWE-20) in session management functions. EPSS score of 0.07% indicates low observed exploitation probability, and no active exploitation has been confirmed via CISA KEV. However, the attack requires no authentication or user interaction (AV:N/AC:L/PR:N/UI:N), making it trivially exploitable against exposed 5G core deployments, potentially disrupting mobile network services for enterprise or carrier environments.

Denial Of Service N A
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Authenticated cross-site scripting (XSS) vulnerabilities in Shopizer v3.2.5's XssHttpServletRequestWrapper class allow authenticated attackers to execute arbitrary web scripts or HTML by injecting crafted payloads into the getInputStream() or getReader() functions. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting exploitation to logged-in users who can be socially engineered into clicking malicious links or submitting forms. No public exploit code or active exploitation has been confirmed at time of analysis.

XSS N A
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

XML external entity injection in SpringBlade v4.8.0's /designer/loadReport endpoint enables authenticated attackers to execute arbitrary code remotely. The vulnerability requires low-privilege authentication (PR:L) but no other special conditions (AC:L, UI:N), allowing attackers with basic credentials to compromise confidentiality, integrity, and availability. EPSS probability is low (0.02%, 6th percentile) indicating minimal observed exploitation activity. No CISA KEV listing confirms this is not yet widely exploited in the wild, though a GitHub issue documents the flaw suggesting proof-of-concept details may exist.

XXE RCE N A
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Stored cross-site scripting (XSS) in SpringBlade v4.8.0 allows unauthenticated remote attackers to inject arbitrary web scripts or HTML via the /api/blade-desk/notice/submit endpoint's content parameter, executing malicious code in the browsers of subsequent users who view the injected notice. The vulnerability requires user interaction (viewing the stored payload) to trigger, affecting the confidentiality and integrity of affected applications. No public exploit code or active exploitation has been confirmed at the time of analysis.

XSS N A
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Path traversal in JeeSite v5.15.1's file upload endpoint allows authenticated users with file upload permissions to write arbitrary files to any filesystem location, enabling remote code execution by uploading malicious files (e.g., JSP webshells) outside intended directories. The vulnerability exists in the fileEntityId parameter of /a/file/upload, bypassing directory restrictions while respecting file extension whitelists. EPSS score of 0.01% (3rd percentile) indicates low predicted exploitation probability, and no public exploit or CISA KEV listing exists at time of analysis, though vendor issue tracker discussion provides technical details that could facilitate POC development.

Path Traversal File Upload N A
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Stored cross-site scripting (XSS) in JeeSite v5.15.1 allows unauthenticated remote attackers to inject arbitrary web scripts or HTML via the msgContent parameter in the /msg/msgInner/save endpoint, affecting any user who views a message containing the malicious payload. The vulnerability requires user interaction (viewing the crafted message) but can impact confidentiality and integrity of user sessions through script execution in the victim's browser context. No public exploit code or active exploitation has been confirmed at this time.

XSS N A
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Server-Side Request Forgery (SSRF) in Halo v2.22.14's /plugins/{name}/upgrade-from-uri endpoint permits authenticated attackers to scan internal network resources and retrieve sensitive data via crafted GET requests, potentially enabling reconnaissance of internal infrastructure. The vulnerability requires valid authentication credentials but operates with low attack complexity, affecting the confidentiality of internal resources without requiring user interaction or administrative privileges.

SSRF N A
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Server-side request forgery (SSRF) in Halo v2.22.14's /themes/{name}/upgrade-from-uri endpoint allows authenticated attackers to scan internal network resources and services by submitting crafted GET requests, enabling reconnaissance of backend infrastructure without direct network access.

SSRF N A
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Server-side request forgery in Halo v2.22.14 /themes/-/install-from-uri endpoint allows authenticated attackers to scan internal resources and access sensitive network information via crafted GET requests. The vulnerability requires valid authentication credentials but operates with low attack complexity and results in confidentiality impact through information disclosure of internal network topology and services.

SSRF N A
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) in Halo v2.22.14's /plugins/-/install-from-uri endpoint enables authenticated attackers to scan internal resources and potentially access sensitive information via crafted GET requests. The vulnerability requires valid authentication credentials but operates with low attack complexity over the network, exposing internal network topology and services to enumeration attacks.

SSRF N A
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) in RafyMrX TOKO-ONLINE-ROTI v.1.0 allows remote attackers to execute arbitrary JavaScript in a victim's browser via the detail_produk.php component when a user visits a malicious link. The vulnerability requires user interaction (clicking a link) and affects confidentiality and integrity with a CVSS score of 6.1. No active exploitation has been confirmed in CISA KEV, but a proof-of-concept payload exists in public repositories.

RCE PHP XSS +1
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows remote attackers to execute arbitrary JavaScript in victim browsers and exfiltrate sensitive information through the product_catalogue.php component. The vulnerability requires user interaction (clicking a malicious link or visiting a compromised page) but affects all users due to stored or reflected XSS impact across site sessions. CVSS 6.1 reflects moderate risk with network-based attack vector and low complexity, though no active exploitation in CISA KEV has been confirmed at time of analysis.

RCE PHP XSS +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Cross-site request forgery in U-SPEED N300 Router V1.0.0 allows remote attackers to execute administrative actions through victim browsers when authenticated administrators visit attacker-controlled webpages. The router's web management interface lacks CSRF tokens and Origin/Referer validation, enabling attackers to craft malicious pages that trigger state-changing operations using the victim's valid session cookie. A proof-of-concept exploit exists (GitHub repository linked), though no active exploitation is confirmed in CISA KEV at time of analysis. CVSS 8.8 severity reflects high impact across confidentiality, integrity, and availability when exploitation succeeds.

CSRF N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Brute-force attacks against U-SPEED N300 router V1.0.0 can compromise administrator credentials due to missing rate limiting on the /api/login endpoint. Local network attackers can execute unlimited authentication attempts without account lockout, enabling credential compromise and unauthorized access to router management. SSVC indicates proof-of-concept exists and the attack is automatable with partial technical impact. CVSS 7.5 reflects network accessibility, but the vulnerability description specifies 'local network' access requirement, suggesting the actual attack vector may be more constrained than the AV:N metric indicates.

Authentication Bypass N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote unauthenticated attackers can crash the U-SPEED N300 V1.0.0 wireless router by flooding its web management interface with concurrent HTTP requests to random or non-existent endpoints, exhausting resources in the embedded Boa HTTP server until manual reboot is required. SSVC framework confirms proof-of-concept exploit code exists and the attack is fully automatable. CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates this is trivially exploitable from the internet without authentication, though impact is limited to availability disruption with no data compromise.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote attackers can crash Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 and disable all routing functionality by flooding the boa web server with HTTP GET requests to non-existent URIs. The attack exhausts file descriptors and memory buffers, causing kernel deadlock that kills both the web management interface and core routing services. SSVC framework confirms proof-of-concept exploit exists and the attack is fully automatable against default router configurations with no authentication required (CVSS AV:N/AC:L/PR:N/UI:N).

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Cross-site request forgery in Dbit N300 T1 Pro wireless router V1.0.0 allows remote unauthenticated attackers to execute arbitrary administrative actions by convincing an authenticated administrator to visit a malicious webpage. The router lacks anti-CSRF tokens and Origin/Referer validation on configuration endpoints like /api/setWlan, enabling complete router compromise through social engineering. Publicly available exploit code exists (SSVC: poc status) with EPSS data not provided, indicating proof-of-concept demonstration but no confirmed active exploitation at time of analysis.

CSRF N A
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Cockpit CMS versions 2.13.5 and earlier allow authenticated attackers to write files to arbitrary locations within the uploads directory or overwrite assets via directory traversal in the Buckets component. The vulnerability requires valid user authentication and does not impact confidentiality, but enables integrity compromise through malicious file placement or asset replacement. A proof-of-concept exists, though the SSVC framework rates automatable exploitation as unlikely, suggesting manual attack steps are required.

Path Traversal N A
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in Cockpit CMS versions 2.13.5 and earlier allows unauthenticated attackers to execute arbitrary system commands on the server by injecting malicious payloads through the filter parameter across multiple endpoints. The vulnerability exploits the MongoLite database layer's $func operator, which processes user-controlled input as executable code. Public proof-of-concept exists and the attack is fully automatable with total system compromise potential, though EPSS scoring suggests limited observed exploitation attempts (2nd percentile) at time of analysis.

Code Injection RCE N A
NVD GitHub
EPSS 0% CVSS 8.9
HIGH This Week

Stored Cross-Site Scripting in HTMLy 3.1.1 allows authenticated users with content creation privileges to inject malicious JavaScript via the image upload endpoint (/add/content?type=image), executing arbitrary code in victim browsers with scope change (S:C) indicating potential account takeover or session hijacking. Public proof-of-concept exists (YouTube demonstration and GitHub writeup), though EPSS score remains low (2%, 4th percentile) and no active exploitation has been confirmed by CISA KEV. CVSS 8.9 reflects high confidentiality and integrity impact but requires victim interaction.

XSS RCE N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL.

Google Open Redirect N A
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter.

Command Injection RCE N A
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM This Month

Institution administrators with Site staff role in Mahara can impersonate institution members in other institutions where they lack administrative privileges, bypassing intended access controls on multi-tenanted deployments. Affects Mahara versions before 24.04.10 and 25.x before 25.04.1. This requires high-privilege authentication (Site staff role) and does not involve network exploitation of unauthenticated services, limiting real-world attack surface to insider threats within organizations running affected versions.

Authentication Bypass N A
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Broken access control in ClassroomIO v0.1.13 allows authenticated low-privileged students to disclose sensitive course information including other students' details, tutor/admin profiles, and internal metadata by modifying API requests from POST to GET against the PostgREST endpoint. The vulnerability requires valid student account credentials but no special privileges, enabling unauthorized horizontal and vertical access escalation within course contexts.

Authentication Bypass N A
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

An issue in Ntfy ntfy.sh before v.2.21 allows a remote attacker to execute arbitrary code via the parseActions function

RCE Code Injection N A
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

Reflected cross-site scripting (XSS) in Silverpeas Core before version 6.4.6 allows unauthenticated remote attackers to execute arbitrary JavaScript in users' browsers via malicious input to the AdvancedSearch functionality. The vulnerability requires user interaction (clicking a crafted link) and affects confidentiality and integrity with partial technical impact. Publicly available exploit code exists, and CISA SSVC assessment confirms proof-of-concept availability, though this vulnerability is not yet confirmed in active widespread exploitation.

XSS N A
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Dolibarr ERP 22.0.4 and earlier allows authenticated users with PHP content editing permissions to execute arbitrary OS commands on the server. The vulnerability stems from a bypassable blacklist-based filter for dangerous PHP functions in the Website module. Attack complexity is low (CVSS AV:N/AC:L/PR:L), requiring only valid low-privilege credentials. Public proof-of-concept code exists on GitHub, though CISA has not confirmed active exploitation. EPSS data is unavailable, but SSVC assessment indicates total technical impact with no current exploitation evidence.

PHP Command Injection RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

XiangShan open-source RISC-V processor commit edb1dfaf7d290ae99724594507dc46c2c2125384 and earlier versions fail to properly gate the Control and Status Register (CSR) write-enable path for Physical Memory Attribute (PMA) configuration, allowing local attackers with code execution privileges to write to PMA CSRs that should raise illegal-instruction exceptions per the RISC-V specification. Successful exploitation enables attackers to alter memory attribute enforcement, potentially leading to privilege escalation, information disclosure, or denial of service depending on platform security boundaries. No public exploit code or active exploitation has been confirmed at time of analysis.

Authentication Bypass Information Disclosure Privilege Escalation +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated users with restricted HTML/JavaScript editing permissions in Dolibarr ERP & CRM 22.0.4 and earlier can escalate privileges to execute arbitrary PHP code via the Website module. The vulnerability exploits inconsistent permission enforcement across input parameters during website page creation, allowing low-privileged authenticated users to bypass intended restrictions and inject PHP code. Public proof-of-concept exists on GitHub (PhDg1410), though no active exploitation is confirmed by CISA KEV. EPSS data unavailable, but the CVSS 8.8 score reflects high impact across confidentiality, integrity, and availability when exploited by authenticated insiders or compromised accounts.

PHP Code Injection RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

OpenXiangShan NEMU fails to properly enforce Smstateen permission controls, allowing authenticated local users to access IMSIC (Incoming Message Signal Interrupt Controller) state through stopei/vstopei CSRs despite mstateen0.IMSIC being cleared. This privilege escalation enables cross-context information disclosure of interrupt state and potential disruption of interrupt handling mechanisms in lower-privileged execution contexts.

Privilege Escalation N A
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

Control-flow disruption in XiangShan open-source RISC-V processor allows local authenticated attackers to trigger denial of service through malformed CSR operations that fail to properly invoke trap handlers. Affected commits from November 2024 contain improper exception handling in the NewCSR subsystem that can leave the processor core in a hung state when targeting non-existent CSR addresses. GitHub issue #3959 and pull request #3966 document the flaw and proposed fix. EPSS score of 0.02% (5th percentile) indicates very low predicted exploitation probability. No public exploit code identified and not listed in CISA KEV, suggesting primarily theoretical risk limited to specialized RISC-V development environments.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Privilege escalation in OpenXiangShan NEMU allows authenticated local attackers to bypass state-enable isolation controls when Smstateen extension is enabled. Clearing mstateen0.ENVCFG fails to properly restrict access to henvcfg and senvcfg Control and Status Registers (CSRs), enabling less-privileged code to read or write privileged configuration registers without triggering required exceptions. This undermines virtualization boundaries and multi-privilege isolation in RISC-V processor emulation environments. EPSS exploitation probability is low (0.02%, 4th percentile), no active exploitation confirmed, and publicly available exploit code exists via GitHub issue #690.

Privilege Escalation N A
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

OpenXiangShan NEMU emulator's RISC-V Hypervisor extension implementation allows VS-mode guest writes to the sie (supervisor interrupt-enable) CSR to corrupt machine-level mie state, breaking privilege isolation between virtualization layers. Fixed in commit 55295c4 per GitHub PR #938. Despite CVSS 9.8 Critical rating with network attack vector (AV:N), the EPSS score of 0.03% (9th percentile) indicates extremely low observed exploitation probability, and the vulnerability specifically affects RISC-V emulator environments rather than typical network-accessible services. No CISA KEV listing or public exploit identified at time of analysis, suggesting this is a theoretical high-severity issue in specialized research/development contexts rather than an imminent widespread threat.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Privileged CSR manipulation in XiangShan RISC-V processor core (commit aecf601e80, 2024-11-19) allows local attackers with M-mode access to corrupt processor status registers by exploiting improper handling of WPRI (Write Preserve, Read Ignore) fields in menvcfg operations. Carefully crafted csrrs instructions targeting menvcfg unexpectedly set reserved bits in xstatus to 1, violating RISC-V specification requirements that WPRI fields remain unchanged during CSR operations. Upstream fix committed (5e3dd63) but released version not confirmed. EPSS score 5th percentile indicates low real-world exploitation probability despite theoretical high impact, with no active exploitation or public POC identified.

Information Disclosure N A
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Week

SQL injection in Apartment Visitors Management System v1.1 allows unauthenticated remote attackers to extract sensitive database contents via the contactno parameter on the password reset page. The vulnerability bypasses authentication controls through crafted input during password recovery operations. EPSS and KEV data not available, but SSVC framework indicates proof-of-concept exists and the vulnerability is automatable with partial technical impact. The CVSS score of 8.2 reflects high confidentiality impact with network-accessible attack surface requiring no user interaction.

PHP SQLi N A
NVD GitHub VulDB
EPSS 0% CVSS 9.4
CRITICAL Act Now

SQL injection in Apartment Visitors Management System V1.1's login form allows remote unauthenticated attackers to bypass authentication and extract database contents via the username parameter. The vulnerability scores 9.4 CVSS with network attack vector and low complexity. Public exploit code exists (SSVC confirms POC status), making this immediately exploitable. EPSS data unavailable, but SSVC framework rates it as automatable with partial technical impact, indicating high practical risk for internet-exposed installations.

PHP SQLi N A
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in DeepCool DeepCreative software version 1.2.7 and earlier allows unauthenticated attackers to execute arbitrary code with elevated privileges through malicious file processing. The vulnerability stems from insecure permission configuration (CWE-277) requiring user interaction to open a crafted file. Public exploit research exists on GitHub (uncle-hash repository), though CISA has not confirmed active exploitation. CVSS 7.8 indicates high severity, but EPSS data unavailable; SSVC framework rates technical impact as total with no confirmed exploitation and non-automatable attack path.

RCE N A
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

STProcessMonitor 11.11.4.0 driver in Safetica Application suite allows local privileged users to send crafted IOCTL requests (0xB822200C) that terminate processes protected by third-party security implementations due to insufficient caller validation in the kernel-mode driver handler. This enables denial of service attacks against critical services without requiring user interaction. Publicly available exploit code exists, and the vulnerability is tracked in CISA's LOLDrivers database as a legitimate-but-abused Windows driver.

Privilege Escalation Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

SQL injection in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php. CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) indicates trivial exploitation. CISA SSVC framework confirms proof-of-concept exists, attack is automatable, and technical impact is total (full system compromise). Public POC available on GitHub enables immediate weaponization by attackers with no specialized skills.

PHP SQLi N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Server-Side Request Forgery (SSRF) in Craftql PHP library versions 1.3.7 and earlier enables remote attackers to force the server to make unintended requests, potentially leading to arbitrary code execution. The vulnerability resides in the GetAssetsFieldSchema.php listener component. No active exploitation is confirmed (not in CISA KEV), but a proof-of-concept repository with detailed exploitation documentation exists on GitHub. Despite the CVSS 7.5 rating, the extremely low EPSS score (0.01%, 0th percentile) indicates minimal real-world exploitation activity observed to date. The description claims RCE capability, but the CVSS vector shows only confidentiality impact (C:H/I:N/A:N), suggesting the SSRF may enable information disclosure that could chain into RCE rather than direct code execution - verification with vendor advisories needed.

PHP SSRF RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Yamaha SR-B30A sound bar firmware 2.40 allows remote attackers within Bluetooth Low Energy (BLE) radio range to connect to the device and modify settings without authentication via the Sound Bar Remote protocol. The vulnerability enables unauthenticated integrity compromise (modification of device configuration) but does not expose sensitive data or cause denial of service. This affects only devices within BLE proximity range, significantly limiting practical attack scope despite the moderate CVSS score.

Authentication Bypass N A
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH This Week

An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message.

Information Disclosure N A
NVD GitHub
EPSS 0% CVSS 8.3
HIGH This Week

Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule.

PHP Command Injection RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

Reflected cross-site scripting (XSS) in School Management System 1.0 allows unauthenticated remote attackers to inject malicious scripts via the email POST parameter in the contact-us.php admin interface. A victim must click a crafted link, enabling attackers to steal session cookies, perform administrative actions, or redirect users to malicious sites. Public proof-of-concept code exists; however, real-world exploitation probability remains low (EPSS 0.02%) due to reliance on user interaction and limited automaton.

XSS PHP N A
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads project-local .env and .codex/config.toml files without requiring user confirmation, allowing attackers to embed arbitrary commands that execute immediately.

Code Injection RCE N A
NVD
EPSS 0% CVSS 2.7
LOW Monitor

SQL injection in Sourcecodester Online Reviewer System v1.0 allows high-privileged authenticated users to extract limited data via a crafted SQL query in the questions-view.php endpoint. The vulnerability requires administrator-level credentials and lacks evidence of active exploitation or public exploit tooling, resulting in a minimal real-world risk profile despite confirmed SQL injection capability.

SQLi PHP N A
NVD GitHub VulDB
EPSS 0% CVSS 2.7
LOW Monitor

SQL injection in Sourcecodester Online Reviewer System v1.0 allows high-privileged authenticated attackers to conduct limited information disclosure through the exam update functionality at /system/system/admins/assessments/examproper/exam-update.php. The vulnerability carries minimal real-world risk due to required administrative privileges (PR:H), low EPSS exploitation probability (0.02%), and CISA SSVC assessment indicating no exploitation trend, non-automatable attack, and only partial technical impact.

SQLi PHP N A
NVD GitHub VulDB
EPSS 0% CVSS 2.7
LOW Monitor

SQL injection in Sourcecodester Basic Library System v1.0 allows high-privilege authenticated attackers to extract limited information from the database via crafted input to /librarysystem/load_book.php. The vulnerability requires administrative credentials and has very low real-world risk (EPSS 0.02%, CVSS 2.7) with no public exploit code identified; CISA does not list it as actively exploited.

SQLi PHP N A
NVD GitHub VulDB
EPSS 0% CVSS 2.7
LOW Monitor

SQL injection in Sourcecodester Basic Library System v1.0 allows high-privilege authenticated attackers to extract sensitive data via the /librarysystem/load_admin.php endpoint. The vulnerability requires administrative authentication, limiting exposure to compromised or malicious admin accounts. EPSS exploitation probability is minimal at 0.02% (6th percentile), and no public exploit code has been identified, making this a low-priority issue despite the SQL injection vector.

SQLi PHP N A
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Denial of service in Parani M10 Motorcycle Intercom v2.1.3 via crafted Bluetooth RFCOMM frames allows unauthenticated attackers within wireless range to crash the device. The vulnerability exploits a buffer overflow in the RFCOMM service handler, causing high availability impact. A proof-of-concept exists but active exploitation has not been confirmed; EPSS score of 0.02% suggests limited real-world exploitation pressure despite the accessible attack vector.

Denial Of Service Buffer Overflow N A
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored cross-site scripting in Snipe-IT asset management system v8.3.0-8.3.1 allows authenticated users with basic login privileges to inject malicious JavaScript via Name and Surname fields, which executes when other users view Activity Reports or modified profiles. This vulnerability requires the victim's Display Name to be unset and affects all users with sufficient permissions to access those views. Patch available in v8.3.2; EPSS score is minimal (0.01%), indicating low empirical exploitation likelihood despite network-accessible attack vector.

XSS N A
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Week

Heap use-after-free in Nitro PDF Pro 14.41.1.4 for Windows allows local code execution via malicious PDF containing crafted JavaScript calling this.mailDoc(). The vulnerability stems from premature deallocation of an XID object whose freed pointer is passed to wcscmp() and other functions, where attacker-controlled strings in the freed heap region can manipulate program flow. CVSS 8.4 (AV:L/PR:N) indicates local attack vector requiring no privileges or user interaction. EPSS 0.01% suggests low immediate exploitation probability; no public exploit identified at time of analysis.

Denial Of Service Use After Free Microsoft +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Nitro PDF Pro 14.41.1.4 for Windows crashes when processing maliciously crafted PDFs that invoke app.alert() with null arguments, causing denial of service through NULL pointer dereference in the JavaScript engine. Remote attackers can deliver weaponized PDF files requiring no authentication or user interaction beyond opening the document (AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis, with EPSS exploitation probability at 0.01% (2nd percentile), indicating low real-world targeting despite theoretical automation potential.

Denial Of Service Null Pointer Dereference Microsoft +1
NVD
EPSS 0% CVSS 2.7
LOW Monitor

SQL injection in Sourcecodester Computer and Mobile Repair Shop Management System v1.0 at /rsms/admin/services/view_service.php allows authenticated administrators to extract sensitive database information with low complexity. The vulnerability requires high-privilege (admin) access and does not enable data modification or denial of service, limiting real-world impact despite the unauthenticated attack vector network availability. No active exploitation or public proof-of-concept tools have been confirmed; EPSS score of 0.02% and SSVC framework rating 'none' exploitation status indicate minimal practical risk despite CVSS 2.7 rating.

SQLi PHP N A
NVD GitHub VulDB
EPSS 0% CVSS 2.7
LOW Monitor

SQL Injection in Sourcecodester Cab Management System 1.0 allows high-privilege administrators to extract limited database information via the /cms/admin/bookings/view_booking.php endpoint. The vulnerability requires authenticated admin access and carries minimal real-world risk given its low EPSS score (0.02%) and CISA SSVC assessment indicating no exploitation status, non-automatable exploitation, and only partial technical impact.

SQLi PHP N A
NVD GitHub VulDB
EPSS 0% CVSS 2.7
LOW Monitor

SQL injection in Sourcecodester Cab Management System v1.0 allows high-privilege authenticated attackers to extract sensitive data via the /cms/admin/categories/view_category.php endpoint. The vulnerability requires administrative credentials and has minimal real-world impact (CVSS 2.7, EPSS 0.02%), with no evidence of active exploitation or public exploit code.

SQLi PHP N A
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Arbitrary PHP code execution in Kiamo customer engagement platform (pre-8.4) allows authenticated administrative users to run commands on the underlying server. The vulnerability exploits a code injection weakness (CWE-94) via network-accessible interfaces with low complexity. No public exploit identified at time of analysis, with EPSS indicating 2% (5th percentile) exploitation probability. Detailed technical write-up published by security researcher at Hackvens confirms exploitability through administrative access.

PHP Code Injection RCE +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

PowerStrip driver (pstrip64.sys) through version 3.90.736 enables authenticated local users to escalate privileges to SYSTEM by sending malicious IOCTL requests that map arbitrary physical memory into user-mode address space, allowing modification of kernel structures. EPSS score of 0.02% (5th percentile) indicates low automated exploitation likelihood, though publicly available exploit code exists (PacketStorm Security reference), making this a realistic threat in environments where PowerStrip is deployed and local access is possible. No CISA KEV listing indicates no confirmed widespread exploitation at time of analysis.

Privilege Escalation N A
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Remote code execution in OSGeo MapServer versions prior to 8.0 enables unauthenticated attackers to execute arbitrary code through dynamic-link library (DLL) injection via a specially crafted executable. The vulnerability requires no user interaction and has low attack complexity (CVSS 9.1 Critical), though real-world exploitation probability remains low (EPSS 2%, 5th percentile). Publicly available exploit code exists in a researcher's GitHub repository, but no confirmed active exploitation (CISA KEV) has been documented at time of analysis.

Code Injection RCE N A
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored cross-site scripting in Kiamo before version 8.4 allows authenticated administrative users to inject persistent JavaScript payloads into administrative interfaces due to improper output encoding, resulting in execution within browsers of subsequent users accessing affected pages. The vulnerability requires valid admin credentials and user interaction (clicking a link or viewing a page) to trigger payload execution, making it a targeted attack vector against administrative personnel. EPSS probability is extremely low at 0.02%, and no active exploitation has been confirmed, though the issue affects a web-based application platform.

XSS N A
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

Server-Side Request Forgery in ERPNext 16.0.1 and Frappe Framework 16.1.1 enables unauthenticated attackers to force servers to make arbitrary HTTP requests to internal services through insufficiently sanitized HTML in Print Format PDF generation. Attackers inject HTML elements like <iframe> referencing external resources, which the PDF rendering engine automatically fetches server-side, exposing cloud metadata endpoints and internal network resources. No public exploit identified at time of analysis. CVSS 9.1 severity reflects network-accessible attack vector requiring no authentication or user interaction.

Information Disclosure SSRF N A
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

GPS spoofing vulnerability in JXL 9 Inch Car Android Double Din Player (Android 12.0) allows unauthenticated remote attackers to inject falsified GPS signals that the infotainment system accepts as legitimate, forcing incorrect or static location reporting. Exploitation requires no user interaction and achieves high integrity and availability impact through manipulation of navigation data. No public exploit identified at time of analysis. CVSS 9.1 reflects network-accessible attack vector with low complexity.

Google Information Disclosure N A
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated account creation bypass in megagao production_ssm v1.0 allows remote attackers to create super administrator accounts via direct API access to /user/insert endpoint. The UserController.java insert() method processes account creation requests without authentication enforcement (CVSS vector PR:N confirms unauthenticated access). Successful exploitation grants full administrative control, enabling attackers to compromise confidentiality, integrity, and availability of the entire application. No public exploit identified at time of analysis.

Authentication Bypass Java N A
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated remote code execution in Daylight Studio FuelCMS version 1.5.2 allows low-privileged users to execute arbitrary code via the Blocks module. CVSS 8.8 rating indicates network-accessible attack requiring low-complexity exploitation without user interaction, enabling full system compromise (confidentiality, integrity, availability impact). No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).

RCE Code Injection N A
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored cross-site scripting (XSS) in Feehi CMS v2.1.1 allows authenticated attackers to inject malicious scripts into the Content field during page/post creation or editing, which execute in the browsers of other users viewing the affected content. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting its severity to CVSS 5.4 (medium). No public exploit code or active exploitation has been identified; EPSS score of 0.02% indicates extremely low real-world exploitation probability despite public disclosure.

XSS N A
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

Qianniao QN-L23PA0904 firmware v20250721.1640 contains an insecure firmware update mechanism that allows local attackers with SD card access to execute arbitrary code as root by supplying a crafted iu.sh script, enabling complete device compromise including backdoor installation and data exfiltration. No CVSS score is available; exploitation requires physical or logical access to the device's SD card interface. Public research documentation exists detailing the vulnerability.

Information Disclosure N A
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

User enumeration in osTicket v1.18.2's password reset endpoint (/pwreset.php) enables remote attackers to discover valid usernames through response analysis, facilitating targeted account compromise attempts. No CVSS score, CISA KEV status, or confirmed patch information is available; exploitation likelihood depends on whether timing or behavioral differences between valid and invalid usernames can be reliably detected without authentication.

PHP Information Disclosure N A
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored cross-site scripting (XSS) vulnerabilities in DDSN Interactive Acora CMS v10.7.1 allow unauthenticated attackers to inject malicious scripts via the submit_add_user.asp endpoint's First Name and Last Name parameters, enabling arbitrary JavaScript execution in the context of victim browsers. Public proof-of-concept code is available on GitHub; no patch information or CVSS/EPSS quantification is currently available.

XSS N A
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Arbitrary file overwrite in FLY is FUN Aviation Navigation v35.33 permits attackers to overwrite critical internal files through the file import process, enabling remote code execution or information disclosure. No CVSS score, CVE severity classification, or patch status has been established. The vulnerability affects a niche aviation navigation software product with limited public disclosure.

Path Traversal RCE Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Arbitrary file overwrite in PDF Reader App TA/UTAX Mobile Print v3.7.2.251001 allows remote attackers to overwrite critical internal files during the file import process, potentially leading to remote code execution or unauthorized information exposure. The vulnerability affects a mobile print utility with demonstrated proof-of-concept documentation available on GitHub, though CVSS scoring and formal vendor patch status remain unavailable at time of analysis.

Path Traversal RCE Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Arbitrary file overwrite in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 allows attackers to overwrite critical internal files during the file import process, enabling remote code execution or sensitive information exposure. The vulnerability affects the application's import functionality without requiring authentication. No public exploit code or active exploitation has been independently confirmed at the time of analysis.

Path Traversal RCE Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Arbitrary file overwrite in My Location Travel Timeline v11.80 by Squareapps LLC permits attackers to overwrite critical internal files through the file import process, resulting in arbitrary code execution or information disclosure. Attack vector and complexity details are not confirmed from available CVSS data, and active exploitation status is unconfirmed.

Path Traversal RCE Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 9.0
CRITICAL Act Now

Arbitrary file overwrite in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 enables remote attackers to overwrite critical application files through a malicious file import process, resulting in remote code execution or information disclosure. No CVSS score, exploit code availability, or active exploitation status confirmed from available data.

Path Traversal RCE Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

Stored cross-site scripting (XSS) vulnerabilities in IngEstate Server v11.14.0 allow remote attackers to execute arbitrary web scripts or HTML by injecting malicious payloads into the About application, What's news, or Release note parameters within the Software Package List edit feature. The vulnerabilities affect the stored XSS class, meaning injected payloads persist and execute for all users accessing the affected page. Public exploit code is available on GitHub, and the vendor (IngEstate/Ingenico) has not released a confirmed patched version as of this analysis.

XSS N A
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Incorrect access control in the file_details.asp endpoint of DDSN Interactive Acora CMS version 10.7.1 permits authenticated users with editor privileges to access sensitive files through crafted requests, resulting in information disclosure. This vulnerability requires valid editor-level credentials and direct knowledge of the vulnerable endpoint, limiting but not eliminating real-world risk. No active exploitation or public proof-of-concept code has been independently confirmed at this time.

Authentication Bypass N A
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

DSpace JSPUI 6.5 contains a reflected cross-site scripting (XSS) vulnerability in the search/discover filtering functionality where the filter_type_1 parameter is not properly sanitized, allowing remote attackers to inject malicious scripts that execute in the context of other users' browsers. The vulnerability affects DSpace repository instances running version 6.5. A proof-of-concept has been publicly disclosed via GitHub (https://gist.github.com/MerttTuran/9cf7de549749fe3ef7ce08d65e3540bd), though no active exploitation via CISA KEV listing has been confirmed at the time of analysis.

XSS N A
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Blog.Admin versions 8.0 and earlier expose sensitive administrator account information through an improper access control vulnerability in the getinfobytoken API endpoint. An attacker possessing a valid authentication token can bypass authorization checks to retrieve confidential administrator credentials and account details, potentially enabling lateral movement or privilege escalation attacks. No public exploit code or active exploitation has been confirmed at the time of analysis.

Information Disclosure Authentication Bypass N A
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL Act Now

Daylight Studio FuelCMS v1.5.2 allows remote attackers to exfiltrate password reset tokens through a mail splitting attack, enabling account takeover without authentication. The vulnerability exploits improper handling of email headers during the password reset workflow, permitting attackers to intercept or redirect sensitive reset tokens to attacker-controlled addresses. No public exploit code or active exploitation has been independently confirmed at time of analysis.

Information Disclosure N A
NVD GitHub
EPSS 0% CVSS 7.7
HIGH This Week

SQL injection in Daylight Studio FuelCMS v1.5.2 Login.php component allows remote attackers to execute arbitrary SQL queries against the application database. The vulnerability affects the authentication mechanism, potentially enabling account enumeration, credential bypass, or unauthorized data extraction. No public exploit code or active exploitation has been confirmed at this time, though the specific attack vector suggests direct manipulation of login form parameters.

PHP SQLi N A
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution in Daylight Studio FuelCMS v1.5.2 through the /parser/dwoo component enables unauthenticated attackers to execute arbitrary PHP code via specially crafted input. The vulnerability exploits insufficient input validation in the Dwoo template engine integration, allowing direct PHP code injection. Attack complexity appears low given the public references to exploitation techniques in the provided pentest-tools PDF, though no formal CVSS scoring or CISA KEV confirmation is available to assess real-world exploitation prevalence.

PHP RCE Code Injection +1
NVD GitHub
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy