CVE-2026-0840
(8.8 HIGH)

EPSS: 0.00%

updated 2026-01-11T07:15:49.680000

1 posts

A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Affected by this vulnerability is the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but

CVE-2026-0839
(8.8 HIGH)

EPSS: 0.00%

updated 2026-01-11T06:15:57.567000

1 posts

A weakness has been identified in UTT 进取 520W 1.7.7-180627. Affected is the function strcpy of the file /goform/APSecurity. Executing a manipulation of the argument wepkey1 can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in

CVE-2026-0838
(8.8 HIGH)

EPSS: 0.00%

updated 2026-01-11T06:15:57.300000

1 posts

A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did no

CVE-2026-0837
(8.8 HIGH)

EPSS: 0.00%

updated 2026-01-11T05:15:58.893000

2 posts

A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-0836
(8.8 HIGH)

EPSS: 0.00%

updated 2026-01-11T05:15:47.947000

1 posts

A vulnerability was determined in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formConfigFastDirectionW. This manipulation of the argument ssid causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any

CVE-2025-14524
(5.3 MEDIUM)

EPSS: 0.03%

updated 2026-01-09T21:32:41

2 posts

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

CVE-2025-66848
(9.8 CRITICAL)

EPSS: 0.40%

updated 2026-01-09T19:57:09.533000

1 posts

JD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 (4.5.1.r4533 and earlier), BE6500 (4.4.1.r4308 and earlier), ER1 (4.5.1.r4518 and earlier), and ER2 (4.5.1.r4518 and earlier) contain an unauthorized remote command execution vulnerability.

CVE-2025-70974
(10.0 CRITICAL)

EPSS: 0.06%

updated 2026-01-09T19:33:18

1 posts

Fastjson before 1.2.48 mishandles autoType because, when an `@type` key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an attacker-supplied payload located elsewhere in that JSON document. This was exploited in the wild in 2023 thro

CVE-2025-65731
(6.8 MEDIUM)

EPSS: 0.03%

updated 2026-01-09T19:16:06.820000

1 posts

An issue was discovered in D-Link Router DIR-605L (Hardware version F1; Firmware version: V6.02CN02) allowing an attacker with physical access to the UART pins to execute arbitrary commands due to presence of root terminal access on a serial interface without proper access control.

1 repos

https://github.com/whitej3rry/CVE-2025-65731

CVE-2025-15035(CVSS UNKNOWN)

EPSS: 0.03%

updated 2026-01-09T18:31:43

1 posts

Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤ build 20250107.

CVE-2025-67004(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-01-09T18:31:43

1 posts

An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly.

CVE-2025-70161(CVSS UNKNOWN)

EPSS: 0.24%

updated 2026-01-09T18:31:43

1 posts

EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing arbitrary code execution.

CVE-2025-69425(CVSS UNKNOWN)

EPSS: 0.10%

updated 2026-01-09T18:31:43

1 posts

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static token. An attacker who extracts these credentials from the appliance or a compromised device can generate valid authentication

CVE-2025-14598
(9.8 CRITICAL)

EPSS: 0.03%

updated 2026-01-09T18:31:36

1 posts

BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login functionality of affected sites. The vulnerability enables arbitrary SQL commands to be executed on the backend database.

1 repos

https://github.com/Afnaan-Ahmed/CVE-2025-14598

CVE-2025-64091
(8.6 HIGH)

EPSS: 0.04%

updated 2026-01-09T18:31:35

1 posts

This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device.

CVE-2025-64093
(10.0 CRITICAL)

EPSS: 0.22%

updated 2026-01-09T18:31:35

1 posts

Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.

CVE-2025-64092
(7.5 HIGH)

EPSS: 0.06%

updated 2026-01-09T18:15:50.450000

1 posts

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database.

CVE-2025-64090
(10.0 CRITICAL)

EPSS: 0.06%

updated 2026-01-09T18:15:49.873000

1 posts

This vulnerability allows authenticated attackers to execute commands via the hostname of the device.

CVE-2025-69426
(0 None)

EPSS: 0.04%

updated 2026-01-09T17:15:53.997000

1 posts

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY allocation, an attacker can authenticate using the hardcoded credentials and establish SSH local port fo

CVE-2026-22082(CVSS UNKNOWN)

EPSS: 0.18%

updated 2026-01-09T12:32:33

1 posts

This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and capturing the session ID during insecure transmission. Successful exploitation of this vulnerability

CVE-2026-22081(CVSS UNKNOWN)

EPSS: 0.06%

updated 2026-01-09T12:32:33

1 posts

This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by capturing session cookies transmitted over an insecure HTTP connection. Successful exploitation of this vulnerability could all

CVE-2025-7072(CVSS UNKNOWN)

EPSS: 0.12%

updated 2026-01-09T12:32:33

1 posts

The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text (shared across all routers of this model) that an unauthenticated remote attacker could use to execute commands with root privileges. This vulnerability has been fixed in firmware version: 1.00.67 for CG3000TC and 1.00.27 for CG3000T.

CVE-2025-66049(CVSS UNKNOWN)

EPSS: 0.07%

updated 2026-01-09T12:32:32

1 posts

Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security.  The vendor has not replied to the CNA. Possibly all fir

CVE-2026-22080
(0 None)

EPSS: 0.03%

updated 2026-01-09T11:15:51.150000

1 posts

This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network could exploit this vulnerability by intercepting network traffic and capturing the Base64-encoded credentials. Successful exploitat

CVE-2026-22079
(0 None)

EPSS: 0.03%

updated 2026-01-09T11:15:50.617000

1 posts

This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the plaintext transmission of login credentials during the initial login or post-factory reset setup through the web-based administrative interface. An attacker on the same network could exploit this vulnerability by intercepting network traffic and capturing the credentials transmitt

CVE-2025-69194
(8.8 HIGH)

EPSS: 0.03%

updated 2026-01-09T09:31:24

2 posts

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially allow further compromise of the user’s environment.

1 repos

https://github.com/secdongle/POC_CVE-2025-69194

CVE-2025-69195
(7.6 HIGH)

EPSS: 0.08%

updated 2026-01-09T08:15:58.147000

1 posts

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted URL, which, upon user interaction with wget2, can lead to memory corruption. This can cause the applic

CVE-2026-0731
(5.3 MEDIUM)

EPSS: 0.13%

updated 2026-01-09T00:30:34

1 posts

A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

CVE-2026-0732
(6.3 MEDIUM)

EPSS: 0.43%

updated 2026-01-09T00:30:34

1 posts

A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used.

CVE-2025-14025
(8.6 HIGH)

EPSS: 0.06%

updated 2026-01-09T00:30:28

1 posts

A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attacker‘s capabilities would only be limited by role based access contro

CVE-2025-12543
(9.6 CRITICAL)

EPSS: 0.13%

updated 2026-01-08T23:15:42.690000

2 posts

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user session

CVE-2025-52691
(10.0 CRITICAL)

EPSS: 10.87%

updated 2026-01-08T21:31:33

3 posts

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Nuclei template

10 repos

https://github.com/nxgn-kd01/smartermail-cve-scanner

https://github.com/you-ssef9/CVE-2025-52691

https://github.com/SuJing-cy/CVE-2025-2025-52691-SmarterMail-Exp

https://github.com/hilwa24/CVE-2025-52691

https://github.com/Ashwesker/Ashwesker-CVE-2025-52691

https://github.com/watchtowrlabs/watchTowr-vs-SmarterMail-CVE-2025-52691

https://github.com/DeathShotXD/CVE-2025-52691-APT-PoC

https://github.com/rxerium/CVE-2025-52691

https://github.com/yt2w/CVE-2025-52691

https://github.com/sajjadsiam/CVE-2025-52691-poc

CVE-2025-65518
(7.5 HIGH)

EPSS: 0.02%

updated 2026-01-08T21:30:40

1 posts

Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) condition. The vulnerability exists in the get_password.php endpoint, where a crafted request containing a malicious payload can cause the affected web interface to continuously reload, rendering the service unavailable to legitimate users. An attacker can exploit this issue remotely without authentication, r

1 repos

https://github.com/Jainil-89/CVE-2025-65518

CVE-2025-13151
(7.5 HIGH)

EPSS: 0.04%

updated 2026-01-08T21:30:33

1 posts

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.

CVE-2025-15346(CVSS UNKNOWN)

EPSS: 0.06%

updated 2026-01-08T20:57:58

1 posts

A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced.  Because the WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT flag was not included, the behavior effectively matched CERT_OPTIONAL: a peer certificate was verified if presented, but connections were incorrectly authenticated when no client

CVE-2026-21858
(10.0 CRITICAL)

EPSS: 0.03%

updated 2026-01-08T20:15:45.453000

10 posts

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise dependi

3 repos

https://github.com/Chocapikk/CVE-2026-21858

https://github.com/Ashwesker/Ashwesker-CVE-2026-21858

https://github.com/eduardorossi84/CVE-2026-21858-POC

CVE-2025-59468
(9.0 CRITICAL)

EPSS: 0.22%

updated 2026-01-08T20:15:43.817000

2 posts

This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter.

CVE-2025-50334
(7.5 HIGH)

EPSS: 0.12%

updated 2026-01-08T19:15:56.130000

1 posts

An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-limiting component

CVE-2017-20216
(9.8 CRITICAL)

EPSS: 0.31%

updated 2026-01-08T19:15:54.793000

1 posts

FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem() function through shell_exec() calls. Exploitation evidence was observed by the Shadowserver Foundation on 2

CVE-2017-20214
(7.5 HIGH)

EPSS: 0.03%

updated 2026-01-08T19:15:54.560000

1 posts

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system.

CVE-2025-15029
(9.8 CRITICAL)

EPSS: 0.02%

updated 2026-01-08T18:31:36

1 posts

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.

CVE-2025-15026
(9.8 CRITICAL)

EPSS: 0.03%

updated 2026-01-08T18:31:36

1 posts

Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.

CVE-2025-5965
(7.2 HIGH)

EPSS: 0.11%

updated 2026-01-08T18:31:36

1 posts

In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in the administration setup modules) allows OS Command Injection.This issue affects Infra Monitoring: from 25.10.0 before 25.10

CVE-2025-59469
(9.0 None)

EPSS: 0.04%

updated 2026-01-08T18:30:56

2 posts

This vulnerability allows a Backup or Tape Operator to write files as root.

CVE-2025-59470
(9.0 None)

EPSS: 0.22%

updated 2026-01-08T18:30:56

6 posts

This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.

1 repos

https://github.com/b1gchoi/CVE-2025-59470

CVE-2025-67089
(8.1 HIGH)

EPSS: 0.23%

updated 2026-01-08T18:30:56

1 posts

A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.install_package` RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands with root privileges

CVE-2025-67090
(5.1 MEDIUM)

EPSS: 0.03%

updated 2026-01-08T18:30:56

1 posts

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint (`/cgi-bin/luci`). An unauthenticated attacker on the local network can perform unlimited password attempts against the admin interface.

CVE-2026-21881
(9.1 CRITICAL)

EPSS: 0.07%

updated 2026-01-08T18:15:59.500000

1 posts

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSE_PROXY_AUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a trusted reverse proxy. An attacker can impersonate any user, including administrators, by simply send

CVE-2025-55125
(7.8 HIGH)

EPSS: 0.06%

updated 2026-01-08T18:15:58.450000

2 posts

This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file.

CVE-2026-21440
(0 None)

EPSS: 0.32%

updated 2026-01-08T18:09:49.800000

3 posts

AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patched in @adonisjs/bodyparser versions 10.1.2 and 11.

3 repos

https://github.com/Ashwesker/Ashwesker-CVE-2026-21440

https://github.com/k0nnect/cve-2026-21440-writeup

https://github.com/you-ssef9/CVE-2026-21440

CVE-2026-21634
(6.5 MEDIUM)

EPSS: 0.02%

updated 2026-01-08T18:09:49.800000

1 posts

A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart. Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later.

CVE-2025-12519
(5.3 MEDIUM)

EPSS: 0.01%

updated 2026-01-08T18:09:49.800000

1 posts

Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

CVE-2025-13056
(6.8 MEDIUM)

EPSS: 0.01%

updated 2026-01-08T18:09:49.800000

1 posts

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration ACL menu configuration modules) allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

CVE-2025-12511
(6.8 MEDIUM)

EPSS: 0.01%

updated 2026-01-08T18:09:49.800000

1 posts

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (DSM extenstio configuration modules) allows Stored XSS to user with elevated privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10.0 before 24.10.4, from 24.04.0 before 24.04.8.

CVE-2025-12513
(6.8 MEDIUM)

EPSS: 0.01%

updated 2026-01-08T18:09:49.800000

1 posts

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts configuration form modules) allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

CVE-2025-68428
(0 None)

EPSS: 0.06%

updated 2026-01-08T18:09:23.230000

4 posts

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents

1 repos

https://github.com/12nio/CVE-2025-68428_PoC

CVE-2026-0625
(0 None)

EPSS: 0.36%

updated 2026-01-08T18:09:23.230000

3 posts

Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DNS settings without valid credentials, enabling DNS hijacking (“DNSChanger”) attacks that redirect user

CVE-2026-0641
(6.3 MEDIUM)

EPSS: 3.17%

updated 2026-01-08T18:09:23.230000

1 posts

A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

CVE-2025-14942
(0 None)

EPSS: 0.07%

updated 2026-01-08T18:09:23.230000

1 posts

wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must update or apply the fix patch and it’s recommended to update credentials used. This fix is also recommend

CVE-2020-36920
(8.8 HIGH)

EPSS: 0.05%

updated 2026-01-08T18:09:23.230000

1 posts

iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by exploiting insecure direct object references.

CVE-2020-36915
(7.5 HIGH)

EPSS: 0.04%

updated 2026-01-08T18:09:23.230000

1 posts

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions.

CVE-2020-36922
(7.5 HIGH)

EPSS: 0.08%

updated 2026-01-08T18:09:23.230000

1 posts

Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API.

CVE-2020-36907
(7.5 HIGH)

EPSS: 0.38%

updated 2026-01-08T18:09:23.230000

1 posts

Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trigger a 5-minute service disruption.

CVE-2020-36910
(8.8 HIGH)

EPSS: 0.33%

updated 2026-01-08T18:09:23.230000

1 posts

Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root.

CVE-2020-36914
(7.5 HIGH)

EPSS: 0.04%

updated 2026-01-08T18:09:23.230000

1 posts

QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse stored authentication credentials transmitted in an insecure manner.

CVE-2020-36913
(5.3 MEDIUM)

EPSS: 0.09%

updated 2026-01-08T18:09:23.230000

1 posts

All-Dynamics Software enlogic:show 2.0.2 contains a session fixation vulnerability that allows attackers to set a predefined PHP session identifier during the login process. Attackers can forge HTTP GET requests to welcome.php with a manipulated session token to bypass authentication and potentially execute cross-site request forgery attacks.

CVE-2020-36906
(4.3 MEDIUM)

EPSS: 0.02%

updated 2026-01-08T18:09:23.230000

1 posts

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted form.

CVE-2020-36909
(6.5 MEDIUM)

EPSS: 0.03%

updated 2026-01-08T18:09:23.230000

1 posts

SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the edit_config_files CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/edit_config_files to access and modify files outside the intended /etc/config/ directory.

CVE-2026-20029
(4.9 MEDIUM)

EPSS: 0.03%

updated 2026-01-08T18:08:54.147000

2 posts

A vulnerability in the licensing features of&nbsp;Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information.&nbsp; This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE

CVE-2026-22184
(0 None)

EPSS: 0.08%

updated 2026-01-08T18:08:54.147000

2 posts

zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using an unbounded strcpy() call without length validation. Supplying an archive name longer than 1024 bytes results in an out-of-bounds write that can lead to memory corruption

CVE-2025-69222
(9.1 CRITICAL)

EPSS: 0.09%

updated 2026-01-08T18:08:54.147000

1 posts

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actions that can interact with remote services via OpenAPI specifications, supporting various HTTP methods

CVE-2026-22536
(0 None)

EPSS: 0.01%

updated 2026-01-08T18:08:54.147000

1 posts

The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions

CVE-2025-14631
(0 None)

EPSS: 0.02%

updated 2026-01-08T18:08:54.147000

1 posts

A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allows  an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914.

CVE-2026-20027
(5.3 MEDIUM)

EPSS: 0.03%

updated 2026-01-08T18:08:54.147000

1 posts

Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in buffer handling logic when processing DCE/RPC requests, which can result in

CVE-2026-20026
(5.8 MEDIUM)

EPSS: 0.09%

updated 2026-01-08T18:08:54.147000

1 posts

Multiple&nbsp;Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in buffer handling logic when processing DCE/RPC requests, which can resu

CVE-2026-22540
(0 None)

EPSS: 0.04%

updated 2026-01-08T18:08:54.147000

1 posts

The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.

CVE-2025-15472
(7.2 HIGH)

EPSS: 0.12%

updated 2026-01-08T18:08:54.147000

1 posts

A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL  of the file uapply.cgi of the component httpd . This manipulation of the argument DeviceURL causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-21877
(9.9 CRITICAL)

EPSS: 0.05%

updated 2026-01-08T18:08:18.457000

6 posts

n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version 1.121.3. Administrators can reduce exposure by disabling the Git node and limiting access for untrusted u

1 repos

https://github.com/Ashwesker/Ashwesker-CVE-2026-21877

CVE-2025-67091
(6.5 MEDIUM)

EPSS: 0.01%

updated 2026-01-08T18:08:18.457000

1 posts

An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is executed with root privileges when triggered via the LuCI web interface or authenticated API calls to manage packages. The vulnerable code uses shell redirection to create a lock file in the world-wr

CVE-2025-14819
(5.3 MEDIUM)

EPSS: 0.03%

updated 2026-01-08T18:08:18.457000

2 posts

When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.

CVE-2025-14017
(0 None)

EPSS: 0.01%

updated 2026-01-08T18:08:18.457000

2 posts

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.

CVE-2025-15224
(3.1 LOW)

EPSS: 0.05%

updated 2026-01-08T18:08:18.457000

2 posts

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.

CVE-2025-69259
(7.5 HIGH)

EPSS: 0.09%

updated 2026-01-08T18:08:18.457000

1 posts

A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability..

CVE-2025-37164
(10.0 CRITICAL)

EPSS: 81.31%

updated 2026-01-08T16:59:33.230000

4 posts

A remote code execution issue exists in HPE OneView.

Nuclei template

3 repos

https://github.com/rxerium/CVE-2025-37164

https://github.com/LACHHAB-Anas/Exploit_CVE-2025-37164

https://github.com/g0vguy/CVE-2025-37164-PoC

CVE-2025-15079
(5.3 MEDIUM)

EPSS: 0.03%

updated 2026-01-08T15:32:30

2 posts

When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.

CVE-2025-13034
(5.9 MEDIUM)

EPSS: 0.02%

updated 2026-01-08T15:32:29

2 posts

When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper check, thus not noticing a possible impostor. To skip this check, the connection had to be done with

CVE-2025-69260
(7.5 HIGH)

EPSS: 0.09%

updated 2026-01-08T15:31:29

1 posts

A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability.

CVE-2025-69258
(9.8 CRITICAL)

EPSS: 0.15%

updated 2026-01-08T15:31:28

3 posts

A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.