CVE Database
OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability that allows attackers to execute arbitrary code by exploiting renderer-side vulnerabilities without requiring a sandbox escape. Attackers can leverage the disabled OS-level sandbox protections in the Chromium browser container to achieve code execution on the host system.
A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request.
Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in takeover of Siebel Apps - Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mac causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used.
BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console using default credentials, upload a malicious Java archive as a web service, and execute arbitrary commands on the host via SOAP requests to the deployed service.
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 148 and Thunderbird < 148.
Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through <= 1.3.2.
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.
Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application.
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization or parameterization. In workflows where external input is passed into the Limit field (e.g., from a webhook), an attacker could inject arbitrary SQL and exfiltrate data from the connected Oracle database. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands.
Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incomplete fix for [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221) that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still achieve remote code execution by enabling protocol.ext.allow=always and using an ext:: clone source.
CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or denial of service.
Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network.
An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.
Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0.
Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. At time of publication no public patches are available.
OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.
Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. Attackers can extract payment form data and signatures from POST requests to the payment endpoint, then use SHA1 hash comparison to iteratively test key candidates until discovering the correct production key, enabling them to forge valid payment signatures and manipulate transaction amounts.
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.
In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used.
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used.
OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system commands via POST requests to the uploaded file in the upload directory.
The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to the html-admin-page-entries-view.php file calling PHP's native unserialize() on stored entry meta values without passing the allowed_classes parameter. This makes it possible for unauthenticated attackers to inject a serialized PHP object payload through any public Everest Forms form field. The payload survives sanitize_text_field() sanitization (serialization control characters are not stripped) and is stored in the wp_evf_entrymeta database table. When an administrator views entries or views an individual entry, the unsafe unserialize() call processes the stored data without class restrictions.
SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality.
OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, max_ttl, count, or time_out request parameters due to insufficient input validation when constructing shell commands.
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create specially crafted URLs with overflowing buffer data that overwrites SEH pointers and executes embedded shellcode when imported through the application's web page import functionality.
Deserialization of Untrusted Data vulnerability in park_of_ideas Tasty Daily tastydaily allows Object Injection.This issue affects Tasty Daily: from n/a through < 1.27.
A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET WebClient class methods, an unauthenticated remote attacker can read and write arbitrary files on the host filesystem. The ObjectURIs are identical across all installations by default. Chaining the arbitrary file write primitive with DLL hijacking opportunities in the MediaWriter service (which runs as NT Authority\\SYSTEM and loads missing DLLs such as CRYPTBASE.DLL from the application directory) enables unauthenticated remote code execution as SYSTEM upon service restart.
Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148 and Thunderbird < 148.
D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack.
OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verification in src/infra/device-bootstrap.ts. Attackers can verify a valid bootstrap code multiple times before approval to escalate pending pairing scopes, including privilege escalation to operator.admin.
Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component
Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file through the plugins parameter, causing the Arelle webserver to download and execute the attacker-controlled code within the Arelle process with its privileges.
HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker can bypass authentication by supplying a crafted username (e.g. admin'--) or extract the full contents of the database including user credentials via UNION-based injection at the /search endpoint.
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering.
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Cloud v32.0.2026011614 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
| CVE ID | Priority | CVSS | EPSS | Severity | CWE | Exploit Status | Action | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-32046 | 0 MINIMAL | 9.8 | 0.01% P: 2.0% | CRITICAL | CWE-1188 | none | MONITOR | OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability that allows attackers to execute arbitrary code by exploiting renderer-side vulnerabilities without requiring a sandbox escape. Attackers can leverage the disabled OS-level sandbox protections in the Chromium browser container to achieve code execution on the host system. |
| CVE-2026-3068 | 61 HIGH | 9.8 | 0.03% P: 7.1% | CRITICAL | CWE-74 | poc | PATCH WITHIN 7D | A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. |
| CVE-2026-50880 | 0 MINIMAL | 9.8 | 0.48% P: 37.4% | CRITICAL | — | none | MONITOR | An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request. |
| CVE-2026-46889 | 0 MINIMAL | 9.8 | — P: — | CRITICAL | CWE-284 | none | MONITOR | Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in takeover of Siebel Apps - Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). |
| CVE-2026-6138 | 0 MINIMAL | 9.8 | 0.89% P: 75.6% | CRITICAL | CWE-77 | none | MONITOR | A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mac causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used. |
| CVE-2026-39920 | 0 MINIMAL | 9.8 | 0.20% P: 41.3% | CRITICAL | CWE-1188 | none | MONITOR | BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console using default credentials, upload a malicious Java archive as a web service, and execute arbitrary commands on the host via SOAP requests to the deployed service. |
| CVE-2026-2800 | 29 LOW | 9.8 | 0.04% P: 12.9% | CRITICAL | — | none | SCHEDULE PATCH | Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 148 and Thunderbird < 148. |
| CVE-2026-22501 | 0 MINIMAL | 9.8 | 0.02% P: 6.2% | CRITICAL | CWE-502 | none | MONITOR | Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through <= 1.3.2. |
| CVE-2026-20781 | 0 MINIMAL | 9.8 | 0.08% P: 24.0% | CRITICAL | CWE-306 | none | MONITOR | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend. |
| CVE-2026-2799 | 29 LOW | 9.8 | 0.04% P: 12.9% | CRITICAL | — | none | SCHEDULE PATCH | Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148. |
| CVE-2025-59786 | 0 MINIMAL | 9.8 | 0.04% P: 12.2% | CRITICAL | CWE-613 | none | MONITOR | 2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application. |
| CVE-2026-54806 | 0 MINIMAL | 9.8 | — P: — | CRITICAL | CWE-502 | none | MONITOR | Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions. |
| CVE-2026-42233 | 0 MINIMAL | 9.8 | 0.05% P: 14.1% | CRITICAL | CWE-89 | none | MONITOR | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization or parameterization. In workflows where external input is passed into the Limit field (e.g., from a webhook), an attacker could inject arbitrary SQL and exfiltrate data from the connected Oracle database. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1. |
| CVE-2026-8660 | 0 MINIMAL | 9.8 | 0.55% P: 42.0% | CRITICAL | CWE-78 | none | MONITOR | OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands. |
| CVE-2026-6951 | 0 MINIMAL | 9.8 | 0.08% P: 24.4% | CRITICAL | CWE-94 | none | MONITOR | Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incomplete fix for [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221) that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still achieve remote code execution by enabling protocol.ext.allow=always and using an ext:: clone source. |
| CVE-2026-33447 | 0 MINIMAL | 9.8 | 0.05% P: 14.8% | CRITICAL | — | none | MONITOR | CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or denial of service. |
| CVE-2026-23652 | 0 MINIMAL | 9.8 | 0.07% P: 22.4% | CRITICAL | CWE-77 | none | MONITOR | Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network. |
| CVE-2026-33518 | 0 MINIMAL | 9.8 | 0.04% P: 12.7% | CRITICAL | CWE-266 | none | MONITOR | An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected. |
| CVE-2025-60229 | 0 MINIMAL | 9.8 | — P: — | CRITICAL | CWE-502 | none | MONITOR | Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0. |
| CVE-2026-42222 | 0 MINIMAL | 9.8 | 0.04% P: 12.4% | CRITICAL | CWE-284 | none | MONITOR | Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. At time of publication no public patches are available. |
| CVE-2025-9661 | 0 MINIMAL | 9.8 | 0.05% P: 15.6% | CRITICAL | CWE-78 | none | MONITOR | OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00. |
| CVE-2020-37168 | 0 MINIMAL | 9.8 | 0.04% P: 11.7% | CRITICAL | CWE-328 | none | MONITOR | Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. Attackers can extract payment form data and signatures from POST requests to the payment endpoint, then use SHA1 hash comparison to iteratively test key candidates until discovering the correct production key, enabling them to forge valid payment signatures and manipulate transaction amounts. |
| CVE-2025-14917 | 0 MINIMAL | 9.8 | 0.01% P: 1.4% | CRITICAL | CWE-1393 | none | MONITOR | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings. |
| CVE-2026-0114 | 0 MINIMAL | 9.8 | 0.16% P: 36.6% | CRITICAL | — | none | MONITOR | In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. |
| CVE-2026-9476 | 0 MINIMAL | 9.8 | 0.89% P: 75.8% | CRITICAL | CWE-77 | none | MONITOR | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. |
| CVE-2026-2784 | 29 LOW | 9.8 | 0.04% P: 13.8% | CRITICAL | — | none | SCHEDULE PATCH | Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
| CVE-2026-2786 | 29 LOW | 9.8 | 0.04% P: 13.8% | CRITICAL | — | none | SCHEDULE PATCH | Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
| CVE-2026-3696 | 0 MINIMAL | 9.8 | 2.37% P: 84.7% | CRITICAL | CWE-77 | none | MONITOR | A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used. |
| CVE-2021-47936 | 0 MINIMAL | 9.8 | 0.22% P: 44.9% | CRITICAL | CWE-306 | none | MONITOR | OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system commands via POST requests to the uploaded file in the upload directory. |
| CVE-2026-3296KEV | 0 MINIMAL | 9.8 | 0.02% P: 5.3% | CRITICAL | CWE-502 | in_the_wild | MONITOR | The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to the html-admin-page-entries-view.php file calling PHP's native unserialize() on stored entry meta values without passing the allowed_classes parameter. This makes it possible for unauthenticated attackers to inject a serialized PHP object payload through any public Everest Forms form field. The payload survives sanitize_text_field() sanitization (serialization control characters are not stripped) and is stored in the wp_evf_entrymeta database table. When an administrator views entries or views an individual entry, the unsafe unserialize() call processes the stored data without class restrictions. |
| CVE-2025-40536KEV | 70 HIGH | 9.8 | 66.63% P: 98.5% | CRITICAL | — | in_the_wild | PATCH IMMEDIATELY | SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality. |
| CVE-2026-8666 | 0 MINIMAL | 9.8 | 0.55% P: 42.0% | CRITICAL | CWE-78 | none | MONITOR | OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, max_ttl, count, or time_out request parameters due to insufficient input validation when constructing shell commands. |
| CVE-2026-35273KEV | 0 MINIMAL | 9.8 | 22.21% P: 95.9% | CRITICAL | — | in_the_wild | MONITOR | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). |
| CVE-2019-25628 | 0 MINIMAL | 9.8 | 0.17% P: 38.2% | CRITICAL | CWE-787 | none | MONITOR | Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create specially crafted URLs with overflowing buffer data that overwrites SEH pointers and executes embedded shellcode when imported through the application's web page import functionality. |
| CVE-2026-25031 | 0 MINIMAL | 9.8 | 0.02% P: 6.5% | CRITICAL | CWE-502 | none | MONITOR | Deserialization of Untrusted Data vulnerability in park_of_ideas Tasty Daily tastydaily allows Object Injection.This issue affects Tasty Daily: from n/a through < 1.27. |
| CVE-2026-3053 | 61 HIGH | 9.8 | 0.11% P: 29.7% | CRITICAL | CWE-287 | poc | PATCH WITHIN 7D | A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. |
| CVE-2026-22891 | 0 MINIMAL | 9.8 | 0.10% P: 27.6% | CRITICAL | CWE-122 | none | MONITOR | A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. |
| CVE-2026-58127 | 0 MINIMAL | 9.8 | 0.78% P: 51.4% | CRITICAL | CWE-306 | none | MONITOR | PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET WebClient class methods, an unauthenticated remote attacker can read and write arbitrary files on the host filesystem. The ObjectURIs are identical across all installations by default. Chaining the arbitrary file write primitive with DLL hijacking opportunities in the MediaWriter service (which runs as NT Authority\\SYSTEM and loads missing DLLs such as CRYPTBASE.DLL from the application directory) enables unauthenticated remote code execution as SYSTEM upon service restart. |
| CVE-2026-2807 | 29 LOW | 9.8 | 0.04% P: 12.9% | CRITICAL | — | none | SCHEDULE PATCH | Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148 and Thunderbird < 148. |
| CVE-2022-37055KEV | 70 HIGH | 9.8 | 69.75% P: 98.6% | CRITICAL | — | in_the_wild | PATCH IMMEDIATELY | D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. |
| CVE-2026-31282 | 0 MINIMAL | 9.8 | 0.02% P: 4.7% | CRITICAL | — | none | MONITOR | Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack. |
| CVE-2026-32987 | 0 MINIMAL | 9.8 | 0.04% P: 11.8% | CRITICAL | CWE-294 | none | MONITOR | OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verification in src/infra/device-bootstrap.ts. Attackers can verify a valid bootstrap code multiple times before approval to escalate pending pairing scopes, including privilege escalation to operator.admin. |
| CVE-2026-37709 | 0 MINIMAL | 9.8 | 0.21% P: 43.7% | CRITICAL | CWE-284 | none | MONITOR | Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component |
| CVE-2026-42796 | 0 MINIMAL | 9.8 | 0.28% P: 51.0% | CRITICAL | CWE-306 | none | MONITOR | Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file through the plugins parameter, causing the Arelle webserver to download and execute the attacker-controlled code within the Arelle process with its privileges. |
| CVE-2026-38567 | 0 MINIMAL | 9.8 | 0.10% P: 27.8% | CRITICAL | — | none | MONITOR | HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker can bypass authentication by supplying a crafted username (e.g. admin'--) or extract the full contents of the database including user credentials via UNION-based injection at the /search endpoint. |
| CVE-2026-7538 | 0 MINIMAL | 9.8 | 0.89% P: 75.6% | CRITICAL | CWE-77 | none | MONITOR | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used. |
| CVE-2026-14104 | 0 MINIMAL | 9.8 | 0.21% P: 11.9% | CRITICAL | CWE-20 | none | MONITOR | Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2026-24159 | 0 MINIMAL | 9.8 | 0.12% P: 30.4% | CRITICAL | CWE-502 | none | MONITOR | NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering. |
| CVE-2026-7037 | 0 MINIMAL | 9.8 | 0.89% P: 75.6% | CRITICAL | CWE-77 | none | MONITOR | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. |
| CVE-2026-30286 | 0 MINIMAL | 9.8 | 0.02% P: 4.5% | CRITICAL | — | none | MONITOR | An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Cloud v32.0.2026011614 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure. |