CVE Database

CVE-2026-22337CRITICALnone
CVSS 9.8
EPSS 0.04%
Priority 0
CWE CWE-266

Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4.

CVE-2026-33518CRITICALnone
CVSS 9.8
EPSS 0.04%
Priority 0
CWE CWE-266

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.

CVE-2026-34424KEVCRITICALin_the_wild
CVSS 9.8
EPSS 0.15%
Priority 0
CWE CWE-506

Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via HTTP headers, establish authenticated backdoors accepting arbitrary PHP code or OS commands, create hidden administrator accounts, exfiltrate credentials and access keys, and maintain persistence through multiple injection points including must-use plugins and core file modifications.

CVE-2026-3705CRITICALnone
CVSS 9.8
EPSS 0.03%
Priority 0
CWE CWE-74

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. This issue affects some unknown processing of the file /Adminsearch.php. The manipulation of the argument flightno results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.

CVE-2019-25499CRITICALnone
CVSS 9.8
EPSS 0.18%
Priority 0
CWE CWE-89

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the job_id parameter. Attackers can send POST requests to get_job_applications_ajax.php with malicious job_id values to bypass authentication, extract sensitive data, or modify database contents.

CVE-2026-3703CRITICALnone
CVSS 9.8
EPSS 0.07%
Priority 0
CWE CWE-119

A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be performed from remote. The exploit has been published and may be used. Upgrading the affected component is recommended. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

CVE-2026-6156CRITICALnone
CVSS 9.8
EPSS 0.89%
Priority 0
CWE CWE-77

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument Comment leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

CVE-2026-5731CRITICALnone
CVSS 9.8
EPSS
Priority 0
CWE CWE-119

Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.

CVE-2026-28105CRITICALnone
CVSS 9.8
EPSS 0.04%
Priority 0
CWE CWE-502

Deserialization of Untrusted Data vulnerability in ThemeREX Good Energy goodenergy allows Object Injection.This issue affects Good Energy: from n/a through <= 1.7.7.

CVE-2026-9259CRITICALnone
CVSS 9.8
EPSS 0.19%
Priority 0
CWE CWE-295

Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier

CVE-2026-21656CRITICALnone
CVSS 9.8
EPSS 0.08%
Priority 0
CWE CWE-94

Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior.

CVE-2026-32746CRITICALpoc
CVSS 9.8
EPSS 0.04%
Priority 0
CWE CWE-120

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.

CVE-2025-71243KEVCRITICALin_the_wild
CVSS 9.8
EPSS 0.11%
Priority 29
CWE CWE-94

The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later.

CVE-2026-26705CRITICALnone
CVSS 9.8
EPSS 0.03%
Priority 0

sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_product.php.

CVE-2026-10109CRITICALnone
CVSS 9.8
EPSS
Priority 0
CWE CWE-94

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling.

CVE-2026-9404CRITICALnone
CVSS 9.8
EPSS 0.89%
Priority 0
CWE CWE-77

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit is publicly available and might be used.

CVE-2026-14104CRITICALnone
CVSS 9.8
EPSS 0.21%
Priority 0
CWE CWE-20

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-2772CRITICALnone
CVSS 9.8
EPSS 0.05%
Priority 29

Use-after-free in the Audio/Video: Playback component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

CVE-2026-2758CRITICALnone
CVSS 9.8
EPSS 0.05%
Priority 29

Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

CVE-2026-33078CRITICALnone
CVSS 9.8
EPSS 0.03%
Priority 0
CWE CWE-89

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxy_section_save function in app/routes/config/routes.py. The server_ip parameter, sourced from the URL path, is passed unsanitized through multiple function calls and ultimately interpolated into a SQL query string using Python string formatting, allowing attackers to execute arbitrary SQL commands. Version 8.2.6.4 fixes the issue.

CVE-2026-32974CRITICALnone
CVSS 9.8
EPSS 0.11%
Priority 0
CWE CWE-347

OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forged Feishu events and trigger downstream tool execution by reaching the webhook endpoint.

CVE-2025-70042CRITICALnone
CVSS 9.8
EPSS 0.02%
Priority 0

An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master.

CVE-2026-35319CRITICALnone
CVSS 9.8
EPSS 0.48%
Priority 0
CWE CWE-284

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVE-2026-31233CRITICALnone
CVSS 9.8
EPSS 0.06%
Priority 0

Guardrails AI thru 0.6.7 contains a code injection vulnerability (CWE-94) in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the post_install field. The script path is constructed from untrusted manifest data and executed without proper validation or sanitization, allowing remote code execution. An attacker who can publish malicious packages to the Hub can inject arbitrary code that will be executed on any system where a victim installs the malicious package.

CVE-2026-28474CRITICALnone
CVSS 9.8
EPSS 0.04%
Priority 0
CWE CWE-863

OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an allowlisted user ID and gain unauthorized access to restricted conversations.

CVE-2026-33815CRITICALnone
CVSS 9.8
EPSS 0.02%
Priority 0

Memory-safety vulnerability in github.com/jackc/pgx/v5.

CVE-2026-3818CRITICALnone
CVSS 9.8
EPSS 0.01%
Priority 0
CWE CWE-74

A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-70237CRITICALnone
CVSS 9.8
EPSS 0.02%
Priority 0

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr.

CVE-2026-4163CRITICALnone
CVSS 9.8
EPSS 0.16%
Priority 0
CWE CWE-74

A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading the affected component is recommended.

CVE-2025-71338CRITICALnone
CVSS 9.8
EPSS 0.61%
Priority 0
CWE CWE-73

Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters with ../ sequences to overwrite critical files like package.json and achieve remote code execution when the application restarts.

CVE-2026-4277CRITICALnone
CVSS 9.8
EPSS 0.01%
Priority 0
CWE CWE-862

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged `POST` data in `GenericInlineModelAdmin`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank N05ec@LZU-DSLab for reporting this issue.

CVE-2026-43379CRITICALnone
CVSS 9.8
EPSS 0.05%
Priority 0

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close() opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is being accessed after rcu_read_unlock() has been called. This creates a race condition where the memory could be freed by a concurrent writer between the unlock and the subsequent pointer dereferences (opinfo->is_lease, etc.), leading to a use-after-free.

CVE-2026-33032KEVCRITICALin_the_wild
CVSS 9.8
EPSS 0.05%
Priority 0
CWE CWE-306

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message. While /mcp requires both IP whitelisting and authentication (AuthRequired() middleware), the /mcp_message endpoint only applies IP whitelisting - and the default IP whitelist is empty, which the middleware treats as "allow all". This means any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering automatic config reloads - achieving complete nginx service takeover. At time of publication, there are no publicly available patches.

CVE-2026-4700CRITICALnone
CVSS 9.8
EPSS 0.02%
Priority 0

Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2025-52998CRITICALnone
CVSS 9.8
EPSS 0.04%
Priority 0
CWE CWE-502

Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, and thus modify the logic of the web application's operation. This issue has been patched in version 1.11.30.

CVE-2026-53055CRITICALnone
CVSS 9.8
EPSS 0.17%
Priority 0

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec2 - prevent req used-after-free for sec During packet transmission, if the system is under heavy load, the hardware might complete processing the packet and free the request memory (req) before the transmission function finishes. If the software subsequently accesses this req, a use-after-free error will occur. The qp_ctx memory exists throughout the packet sending process, so replace the req with the qp_ctx.

CVE-2024-40489CRITICALnone
CVSS 9.8
EPSS 0.31%
Priority 0
CWE CWE-94

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests.

CVE-2026-20184CRITICALnone
CVSS 9.8
EPSS 0.05%
Priority 0
CWE CWE-295

A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.

CVE-2026-30305CRITICALnone
CVSS 9.8
EPSS 0.14%
Priority 0

Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails to account for standard Shell command substitution syntax (specifically $(...)and backticks ...). An attacker can construct a command such as git log --grep="$(malicious_command)", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction.

CVE-2026-50872CRITICALnone
CVSS 9.8
EPSS 0.56%
Priority 0

An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request.

CVE-2026-4104CRITICALnone
CVSS 9.8
EPSS
Priority 0
CWE CWE-89

Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This issue affects TeknoPass: from 20210501 through 20260429.

CVE-2021-47965CRITICALnone
CVSS 9.8
EPSS 0.24%
Priority 0
CWE CWE-434

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote code execution and complete system compromise.

CVE-2025-40639CRITICALnone
CVSS 9.8
EPSS 0.03%
Priority 0
CWE CWE-89

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promo_send' parameter in the '/assets/php/calculate_discount.php'.

CVE-2019-25510CRITICALnone
CVSS 9.8
EPSS 0.09%
Priority 0
CWE CWE-89

Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and password fields of the admingiris.php login form to bypass authentication and access the administrative interface.

CVE-2025-70220CRITICALnone
CVSS 9.8
EPSS 0.04%
Priority 0

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4.

CVE-2026-50871CRITICALnone
CVSS 9.8
EPSS 1.57%
Priority 0

An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.

CVE-2026-34875CRITICALnone
CVSS 9.8
EPSS 0.04%
Priority 0
CWE CWE-120

An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.

CVE-2026-24015CRITICALnone
CVSS 9.8
EPSS 0.02%
Priority 0
CWE CWE-1327

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.

CVE-2021-47936CRITICALnone
CVSS 9.8
EPSS 0.22%
Priority 0
CWE CWE-306

OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system commands via POST requests to the uploaded file in the upload directory.

CVE-2026-34901CRITICALnone
CVSS 9.8
EPSS 0.32%
Priority 0
CWE CWE-266

Unauthenticated Privilege Escalation in iControlWP <= 5.5.3 versions.

← PreviousPage 44 of 691Next →