CVE-2025-15464
(7.5 HIGH)

EPSS: 0.00%

updated 2026-01-08T22:16:01.950000

1 posts

Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls.

CVE-2025-50334
(7.5 HIGH)

EPSS: 0.00%

updated 2026-01-08T21:31:39

2 posts

An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-limiting component

CVE-2025-59468
(9.0 None)

EPSS: 0.00%

updated 2026-01-08T21:31:39

2 posts

This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter.

CVE-2025-14025
(8.6 HIGH)

EPSS: 0.00%

updated 2026-01-08T21:31:39

1 posts

A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attacker‘s capabilities would only be limited by role based access contro

CVE-2025-52691
(10.0 CRITICAL)

EPSS: 0.23%

updated 2026-01-08T21:31:33

5 posts

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

9 repos

https://github.com/Ashwesker/Ashwesker-CVE-2025-52691

https://github.com/sajjadsiam/CVE-2025-52691-poc

https://github.com/you-ssef9/CVE-2025-52691

https://github.com/hilwa24/CVE-2025-52691

https://github.com/DeathShotXD/CVE-2025-52691-APT-PoC

https://github.com/yt2w/CVE-2025-52691

https://github.com/nxgn-kd01/smartermail-cve-scanner

https://github.com/watchtowrlabs/watchTowr-vs-SmarterMail-CVE-2025-52691

https://github.com/rxerium/CVE-2025-52691

CVE-2025-66916
(9.4 CRITICAL)

EPSS: 0.00%

updated 2026-01-08T21:30:40

1 posts

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing.

CVE-2025-66913
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-01-08T21:30:40

1 posts

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than CVE-2025-10770.

CVE-2025-65518
(7.5 HIGH)

EPSS: 0.00%

updated 2026-01-08T21:30:40

2 posts

Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) condition. The vulnerability exists in the get_password.php endpoint, where a crafted request containing a malicious payload can cause the affected web interface to continuously reload, rendering the service unavailable to legitimate users. An attacker can exploit this issue remotely without authentication, r

1 repos

https://github.com/Jainil-89/CVE-2025-65518

CVE-2025-65731(CVSS UNKNOWN)

EPSS: 0.00%

updated 2026-01-08T21:30:40

1 posts

An issue was discovered in D-Link Router DIR-605L (Hardware version F1; Firmware version: V6.02CN02) allowing an attacker with physical access to the UART pins to execute arbitrary commands due to presence of root terminal access on a serial interface without proper access control.

1 repos

https://github.com/whitej3rry/CVE-2025-65731

CVE-2025-68719
(8.8 HIGH)

EPSS: 0.00%

updated 2026-01-08T21:15:43.603000

1 posts

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any user is logged in and maintains an active session, an attacker can directly query the backup endpoint and download a full configuration archive. This archive contains sensitive files such as /etc/shadow, enabling credential recovery and potential full compromise of the device.

CVE-2025-68717
(9.4 CRITICAL)

EPSS: 0.00%

updated 2026-01-08T21:15:43.353000

3 posts

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session validation. If any user is logged in, endpoints such as /cgi-bin/system-tool accept unauthenticated requests with empty or invalid session values. This design flaw lets attackers piggyback on another user's active session to retrieve sensitive configuration data or execute privileged actions without authent

CVE-2025-68716
(8.4 HIGH)

EPSS: 0.00%

updated 2026-01-08T21:15:43.187000

1 posts

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configured with no password, and administrators cannot disable SSH or enforce authentication via the CLI or web GUI. This allows any LAN-adjacent attacker to trivially gain root shell access and execute arbitrary commands with full privileges.

CVE-2025-15346(CVSS UNKNOWN)

EPSS: 0.06%

updated 2026-01-08T20:57:58

1 posts

A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced.  Because the WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT flag was not included, the behavior effectively matched CERT_OPTIONAL: a peer certificate was verified if presented, but connections were incorrectly authenticated when no client

CVE-2026-21858
(10.0 CRITICAL)

EPSS: 0.03%

updated 2026-01-08T20:15:45.453000

10 posts

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise dependi

3 repos

https://github.com/eduardorossi84/CVE-2026-21858-POC

https://github.com/Chocapikk/CVE-2026-21858

https://github.com/Ashwesker/Ashwesker-CVE-2026-21858

CVE-2025-61548
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-01-08T20:15:44.070000

1 posts

SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commands

CVE-2025-61246
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-01-08T20:15:43.923000

1 posts

indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/review_action.php via the proId parameter.

1 repos

https://github.com/hackergovind/CVE-2025-61246

CVE-2025-56424
(7.5 HIGH)

EPSS: 0.00%

updated 2026-01-08T20:15:43.677000

1 posts

An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a remote attacker to cause a denial of service via a crafted script

CVE-2025-13151
(7.5 HIGH)

EPSS: 0.04%

updated 2026-01-08T19:15:55.983000

1 posts

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.

CVE-2017-20216
(9.8 CRITICAL)

EPSS: 0.31%

updated 2026-01-08T19:15:54.793000

1 posts

FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem() function through shell_exec() calls. Exploitation evidence was observed by the Shadowserver Foundation on 2

CVE-2017-20215
(8.8 HIGH)

EPSS: 0.26%

updated 2026-01-08T19:15:54.677000

1 posts

FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complete control of the thermal camera system.

CVE-2025-12543
(9.6 CRITICAL)

EPSS: 0.10%

updated 2026-01-08T18:31:46

1 posts

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests. As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessio

CVE-2025-15026
(9.8 CRITICAL)

EPSS: 0.03%

updated 2026-01-08T18:31:36

1 posts

Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.

CVE-2025-15029
(9.8 CRITICAL)

EPSS: 0.02%

updated 2026-01-08T18:31:36

1 posts

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.

CVE-2025-12513
(6.8 MEDIUM)

EPSS: 0.01%

updated 2026-01-08T18:31:36

1 posts

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts configuration form modules) allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

CVE-2025-5965
(7.2 HIGH)

EPSS: 0.10%

updated 2026-01-08T18:31:36

1 posts

In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in the administration setup modules) allows OS Command Injection.This issue affects Infra Monitoring: from 25.10.0 before 25.10

CVE-2025-12519
(5.3 MEDIUM)

EPSS: 0.01%

updated 2026-01-08T18:31:36

1 posts

Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

CVE-2026-22230
(7.6 HIGH)

EPSS: 0.00%

updated 2026-01-08T18:30:57

1 posts

OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0.

CVE-2026-22235
(7.5 HIGH)

EPSS: 0.00%

updated 2026-01-08T18:30:57

1 posts

OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files.

CVE-2025-55125
(7.8 HIGH)

EPSS: 0.00%

updated 2026-01-08T18:30:56

3 posts

This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file.

CVE-2025-59470
(9.0 None)

EPSS: 0.00%

updated 2026-01-08T18:30:56

7 posts

This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.

1 repos

https://github.com/b1gchoi/CVE-2025-59470

CVE-2025-59469
(9.0 None)

EPSS: 0.00%

updated 2026-01-08T18:30:56

3 posts

This vulnerability allows a Backup or Tape Operator to write files as root.

CVE-2025-67090
(5.1 MEDIUM)

EPSS: 0.00%

updated 2026-01-08T18:30:56

1 posts

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint (`/cgi-bin/luci`). An unauthenticated attacker on the local network can perform unlimited password attempts against the admin interface.

CVE-2025-67091
(6.5 MEDIUM)

EPSS: 0.00%

updated 2026-01-08T18:30:56

1 posts

An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is executed with root privileges when triggered via the LuCI web interface or authenticated API calls to manage packages. The vulnerable code uses shell redirection to create a lock file in the world-wr

CVE-2025-67089
(8.1 HIGH)

EPSS: 0.00%

updated 2026-01-08T18:30:56

1 posts

A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.install_package` RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands with root privileges

CVE-2026-0625(CVSS UNKNOWN)

EPSS: 1.38%

updated 2026-01-08T18:30:33

3 posts

Multiple D-Link DSL gateway devices contain a command injection vulnerability in the dnscfg.cgi endpoint due to improper sanitization of user-supplied DNS configuration parameters. An unauthenticated remote attacker can inject and execute arbitrary shell commands, resulting in remote code execution. The affected endpoint is also associated with unauthenticated DNS modification (“DNSChanger”) behav

CVE-2026-21440
(0 None)

EPSS: 0.32%

updated 2026-01-08T18:09:49.800000

1 posts

AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patched in @adonisjs/bodyparser versions 10.1.2 and 11.

3 repos

https://github.com/you-ssef9/CVE-2026-21440

https://github.com/k0nnect/cve-2026-21440-writeup

https://github.com/Ashwesker/Ashwesker-CVE-2026-21440

CVE-2025-67303
(7.5 HIGH)

EPSS: 0.03%

updated 2026-01-08T18:09:49.800000

1 posts

An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface

CVE-2025-13056
(6.8 MEDIUM)

EPSS: 0.01%

updated 2026-01-08T18:09:49.800000

1 posts

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration ACL menu configuration modules) allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

CVE-2025-12511
(6.8 MEDIUM)

EPSS: 0.01%

updated 2026-01-08T18:09:49.800000

1 posts

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (DSM extenstio configuration modules) allows Stored XSS to user with elevated privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10.0 before 24.10.4, from 24.04.0 before 24.04.8.

CVE-2025-12793
(0 None)

EPSS: 0.01%

updated 2026-01-08T18:09:23.230000

1 posts

An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution. Refer to the ' Security Update for MyASUS' section on the ASUS Security Advisory for more information.

CVE-2020-36918
(4.3 MEDIUM)

EPSS: 0.02%

updated 2026-01-08T18:09:23.230000

1 posts

iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in administrators into adding unauthorized users by exploiting the lack of CSRF protections.

CVE-2020-36925
(9.8 CRITICAL)

EPSS: 0.52%

updated 2026-01-08T18:09:23.230000

1 posts

Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without authorization.

CVE-2020-36923
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-01-08T18:09:23.230000

1 posts

Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '/#/content-creation' by manipulating client-side access restrictions.

CVE-2020-36910
(8.8 HIGH)

EPSS: 0.33%

updated 2026-01-08T18:09:23.230000

1 posts

Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root.

CVE-2020-36912
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-01-08T18:09:23.230000

1 posts

Plexus anblick Digital Signage Management 3.1.13 contains an open redirect vulnerability in the 'PantallaLogin' script that allows attackers to manipulate the 'pagina' GET parameter. Attackers can craft malicious links that redirect users to arbitrary websites by exploiting improper input validation in the parameter.

CVE-2020-36915
(7.5 HIGH)

EPSS: 0.04%

updated 2026-01-08T18:09:23.230000

1 posts

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions.

CVE-2026-20026
(5.8 MEDIUM)

EPSS: 0.09%

updated 2026-01-08T18:08:54.147000

1 posts

Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in buffer handling logic when processing DCE/RPC requests, which can resu

CVE-2025-6225
(0 None)

EPSS: 0.71%

updated 2026-01-08T18:08:54.147000

1 posts

Kieback&Peter Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02

CVE-2025-15472
(7.2 HIGH)

EPSS: 0.12%

updated 2026-01-08T18:08:54.147000

1 posts

A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL  of the file uapply.cgi of the component httpd . This manipulation of the argument DeviceURL causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-63611
(8.7 HIGH)

EPSS: 0.00%

updated 2026-01-08T18:08:18.457000

1 posts

Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer (/admin/complaint-details.php?cid=<id>). When an administrator opens the complaint, injected HTML/JavaScript executes in the admin's browser.

CVE-2025-15224
(3.1 LOW)

EPSS: 0.03%

updated 2026-01-08T18:08:18.457000

2 posts

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.

CVE-2025-14819
(5.3 MEDIUM)

EPSS: 0.01%

updated 2026-01-08T18:08:18.457000

2 posts

When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.

CVE-2025-69259
(7.5 HIGH)

EPSS: 0.00%

updated 2026-01-08T18:08:18.457000

1 posts

A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability..

CVE-2025-15079
(5.3 MEDIUM)

EPSS: 0.02%

updated 2026-01-08T15:32:30

2 posts

When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.

CVE-2025-13034
(5.9 MEDIUM)

EPSS: 0.01%

updated 2026-01-08T15:32:29

2 posts

When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper check, thus not noticing a possible impostor. To skip this check, the connection had to be done with

CVE-2025-69260
(7.5 HIGH)

EPSS: 0.00%

updated 2026-01-08T15:31:29

1 posts

A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability.

CVE-2025-69258
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-01-08T15:31:28

1 posts

A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.

CVE-2025-14017(CVSS UNKNOWN)

EPSS: 0.01%

updated 2026-01-08T12:30:38

2 posts

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.

CVE-2025-14524(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-01-08T12:30:37

2 posts

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

CVE-2025-37164
(10.0 CRITICAL)

EPSS: 84.25%

updated 2026-01-08T00:32:16

3 posts

A remote code execution issue exists in HPE OneView.

Nuclei template

3 repos

https://github.com/g0vguy/CVE-2025-37164-PoC

https://github.com/rxerium/CVE-2025-37164

https://github.com/LACHHAB-Anas/Exploit_CVE-2025-37164

CVE-2025-62224
(5.5 MEDIUM)

EPSS: 0.06%

updated 2026-01-08T00:31:21

2 posts

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network.

CVE-2017-20214
(7.5 HIGH)

EPSS: 0.03%

updated 2026-01-08T00:31:21

1 posts

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system.

CVE-2017-20213
(7.5 HIGH)

EPSS: 0.10%

updated 2026-01-08T00:31:21

1 posts

FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without requiring any authentication.

CVE-2017-20212
(6.2 MEDIUM)

EPSS: 0.19%

updated 2026-01-08T00:31:21

1 posts

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile() function to access local system files without authentication.

CVE-2009-0556
(8.8 HIGH)

EPSS: 76.76%

updated 2026-01-07T21:32:42

5 posts

Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."

CVE-2026-22184(CVSS UNKNOWN)

EPSS: 0.08%

updated 2026-01-07T21:32:07

2 posts

zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using an unbounded strcpy() call without length validation. Supplying an archive name longer than 1024 bytes results in an out-of-bounds write that can lead to memory corruption

CVE-2026-20029
(4.9 MEDIUM)

EPSS: 0.03%

updated 2026-01-07T18:30:33

2 posts

A vulnerability in the licensing features of&nbsp;Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information.&nbsp; This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-P

CVE-2026-22536(CVSS UNKNOWN)

EPSS: 0.01%

updated 2026-01-07T18:30:33

1 posts

The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions

CVE-2026-20027
(5.3 MEDIUM)

EPSS: 0.03%

updated 2026-01-07T18:30:33

1 posts

Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in buffer handling logic when processing DCE/RPC requests, which can result in a

CVE-2026-22542(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-01-07T18:30:33

1 posts

An attacker with access to the system's internal network can cause a denial of service on the system by making two concurrent connections through the Telnet service.

CVE-2026-22541(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-01-07T18:30:33

1 posts

The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.

CVE-2026-21635
(5.3 MEDIUM)

EPSS: 0.01%

updated 2026-01-07T18:30:25

1 posts

An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet.

CVE-2025-69277
(4.5 MEDIUM)

EPSS: 0.02%

updated 2026-01-07T18:30:24

1 posts

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. This advisoory lists packages in the GitHub Advisory Database's [supported ecosystems](https://github.com/github/

CVE-2025-13947
(7.4 HIGH)

EPSS: 0.05%

updated 2026-01-07T16:15:48.950000

1 posts

A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser.

CVE-2026-0628
(8.8 HIGH)

EPSS: 0.02%

updated 2026-01-07T15:31:20

2 posts

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

1 repos

https://github.com/fevar54/CVE-2026-0628-POC

CVE-2025-0980
(6.4 MEDIUM)

EPSS: 0.01%

updated 2026-01-07T15:31:20

1 posts

Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing valid authentication credentials.

CVE-2026-22540(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-01-07T15:30:25

1 posts

The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.

CVE-2025-38352
(7.4 HIGH)

EPSS: 0.19%

updated 2026-01-07T15:30:14

5 posts

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that

3 repos

https://github.com/farazsth98/poc-CVE-2025-38352

https://github.com/Crime2/poc-CVE-2025-38352

https://github.com/farazsth98/chronomaly

CVE-2025-68926
(9.8 CRITICAL)

EPSS: 3.14%

updated 2026-01-07T15:22:22

4 posts

## Vulnerability Overview ### Description RustFS implements gRPC authentication using a hardcoded static token `"rustfs rpc"` that is: 1. **Publicly exposed** in the source code repository 2. **Hardcoded** on both client and server sides 3. **Non-configurable** with no mechanism for token rotation 4. **Universally valid** across all RustFS deployments Any attacker with network access to the gRP

Nuclei template

2 repos

https://github.com/Chocapikk/CVE-2025-68926

https://github.com/Arcueld/CVE-2025-68926

CVE-2025-14631(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-01-07T12:31:27

1 posts

A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allows  an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914.

CVE-2025-15471
(9.8 CRITICAL)

EPSS: 0.15%

updated 2026-01-07T03:30:32

3 posts

A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2020-36913
(5.3 MEDIUM)

EPSS: 0.09%

updated 2026-01-06T21:31:40

1 posts

All-Dynamics Software enlogic:show 2.0.2 contains a session fixation vulnerability that allows attackers to set a predefined PHP session identifier during the login process. Attackers can forge HTTP GET requests to welcome.php with a manipulated session token to bypass authentication and potentially execute cross-site request forgery attacks.

CVE-2026-0641
(6.3 MEDIUM)

EPSS: 2.54%

updated 2026-01-06T21:30:45

1 posts

A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

CVE-2025-63525
(9.6 CRITICAL)

EPSS: 0.03%

updated 2026-01-06T21:15:43.240000

1 posts

An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with escalated privileges via crafted request to delete.php.

CVE-2026-0640
(8.8 HIGH)

EPSS: 0.09%

updated 2026-01-06T18:31:44

1 posts

A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

CVE-2025-14942(CVSS UNKNOWN)

EPSS: 0.07%

updated 2026-01-06T18:31:43

1 posts

wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must update or apply the fix patch and it’s recommended to update credentials used. This fix is also recommend

CVE-2025-39477
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-01-06T18:31:43

1 posts

Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through 3.5.8.

CVE-2020-36924
(7.5 HIGH)

EPSS: 0.06%

updated 2026-01-06T18:31:43

1 posts

Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type.

CVE-2025-60262
(9.8 CRITICAL)

EPSS: 0.11%

updated 2026-01-06T18:31:43

1 posts

An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is automatically owned by the root user and remote attackers could gain root-level control over the devices.

CVE-2020-36920
(8.8 HIGH)

EPSS: 0.05%

updated 2026-01-06T18:31:42

1 posts

iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by exploiting insecure direct object references.

CVE-2020-36916
(8.8 HIGH)

EPSS: 0.02%

updated 2026-01-06T18:31:42

1 posts

TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system access.

CVE-2020-36906
(4.3 MEDIUM)

EPSS: 0.02%

updated 2026-01-06T18:31:42

1 posts

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted form.

CVE-2020-36917
(7.5 HIGH)

EPSS: 0.06%

updated 2026-01-06T18:31:42

1 posts

iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middle attacks on HTTP communications.

CVE-2020-36909
(6.5 MEDIUM)

EPSS: 0.03%

updated 2026-01-06T18:31:42

1 posts

SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the edit_config_files CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/edit_config_files to access and modify files outside the intended /etc/config/ directory.

CVE-2020-36921
(7.5 HIGH)

EPSS: 0.19%

updated 2026-01-06T18:31:42

1 posts

RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication.

CVE-2020-36922
(7.5 HIGH)

EPSS: 0.08%

updated 2026-01-06T18:31:42

1 posts

Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API.

CVE-2020-36907
(7.5 HIGH)

EPSS: 0.38%

updated 2026-01-06T18:31:42

1 posts

Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trigger a 5-minute service disruption.

CVE-2020-36914
(7.5 HIGH)

EPSS: 0.04%

updated 2026-01-06T18:31:35

1 posts

QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse stored authentication credentials transmitted in an insecure manner.

CVE-2020-36908
(5.3 MEDIUM)

EPSS: 0.02%

updated 2026-01-06T18:31:34

1 posts

SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full administrative privileges when a logged-in user visits the page.