CVE-2025-52694
(10.0 CRITICAL)

EPSS: 0.00%

updated 2026-01-12T10:16:15.037000

1 posts

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet.

1 repos

https://github.com/Winz18/CVE-2025-52694-POC

CVE-2026-22184(CVSS UNKNOWN)

EPSS: 0.08%

updated 2026-01-12T09:31:31

2 posts

zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using an unbounded strcpy() call without length validation. Supplying an archive name longer than 1024 bytes results in an out-of-bounds write that can lead to memory corruption

CVE-2025-14279
(8.1 HIGH)

EPSS: 0.00%

updated 2026-01-12T09:15:50.577000

1 posts

MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An attacker can query, update, and delete experiments via the affected endpoints, leading to potential data

CVE-2026-0855
(8.8 HIGH)

EPSS: 0.00%

updated 2026-01-12T07:16:19.840000

1 posts

Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

CVE-2026-0854
(8.8 HIGH)

EPSS: 0.00%

updated 2026-01-12T06:16:11.040000

1 posts

Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

CVE-2026-0841
(8.8 HIGH)

EPSS: 0.04%

updated 2026-01-11T09:30:26

1 posts

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15502
(7.3 HIGH)

EPSS: 1.04%

updated 2026-01-10T08:15:48.753000

1 posts

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.8. The affected element is the function SessionController of the file /isomp-protocol/protocol/session. Such manipulation of the argument Hostname leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about

CVE-2026-0830
(7.8 HIGH)

EPSS: 0.03%

updated 2026-01-09T22:16:01.057000

1 posts

Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version.

CVE-2025-65731
(6.8 MEDIUM)

EPSS: 0.03%

updated 2026-01-09T21:32:41

1 posts

An issue was discovered in D-Link Router DIR-605L (Hardware version F1; Firmware version: V6.02CN02) allowing an attacker with physical access to the UART pins to execute arbitrary commands due to presence of root terminal access on a serial interface without proper access control.

1 repos

https://github.com/whitej3rry/CVE-2025-65731

CVE-2025-14524
(5.3 MEDIUM)

EPSS: 0.03%

updated 2026-01-09T21:32:41

2 posts

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

CVE-2025-66848
(9.8 CRITICAL)

EPSS: 0.40%

updated 2026-01-09T21:31:34

1 posts

JD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 (4.5.1.r4533 and earlier), BE6500 (4.4.1.r4308 and earlier), ER1 (4.5.1.r4518 and earlier), and ER2 (4.5.1.r4518 and earlier) contain an unauthorized remote command execution vulnerability.

CVE-2025-70974
(10.0 CRITICAL)

EPSS: 0.06%

updated 2026-01-09T19:33:18

1 posts

Fastjson before 1.2.48 mishandles autoType because, when an `@type` key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an attacker-supplied payload located elsewhere in that JSON document. This was exploited in the wild in 2023 thro

CVE-2025-70161(CVSS UNKNOWN)

EPSS: 0.24%

updated 2026-01-09T18:31:43

1 posts

EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing arbitrary code execution.

CVE-2025-69426(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-01-09T18:31:43

1 posts

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY allocation, an attacker can authenticate using the hardcoded credentials and establish SSH local port fo

CVE-2025-69425(CVSS UNKNOWN)

EPSS: 0.10%

updated 2026-01-09T18:31:43

1 posts

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static token. An attacker who extracts these credentials from the appliance or a compromised device can generate valid authentication

CVE-2025-14598
(9.8 CRITICAL)

EPSS: 0.03%

updated 2026-01-09T18:31:36

1 posts

BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login functionality of affected sites. The vulnerability enables arbitrary SQL commands to be executed on the backend database.

1 repos

https://github.com/Afnaan-Ahmed/CVE-2025-14598

CVE-2025-64093
(10.0 CRITICAL)

EPSS: 0.22%

updated 2026-01-09T18:31:35

1 posts

Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.

CVE-2025-64091
(8.6 HIGH)

EPSS: 0.04%

updated 2026-01-09T18:31:35

1 posts

This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device.

CVE-2025-64092
(7.5 HIGH)

EPSS: 0.06%

updated 2026-01-09T18:15:50.450000

1 posts

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database.

CVE-2025-64090
(10.0 CRITICAL)

EPSS: 0.06%

updated 2026-01-09T18:15:49.873000

1 posts

This vulnerability allows authenticated attackers to execute commands via the hostname of the device.

CVE-2025-67004
(0 None)

EPSS: 0.02%

updated 2026-01-09T17:15:53.030000

1 posts

An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly.

CVE-2025-46645
(6.5 MEDIUM)

EPSS: 0.45%

updated 2026-01-09T17:15:52.720000

1 posts

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged

CVE-2025-15035
(0 None)

EPSS: 0.03%

updated 2026-01-09T17:15:51.823000

1 posts

Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤ build 20250107.

CVE-2026-22081(CVSS UNKNOWN)

EPSS: 0.06%

updated 2026-01-09T12:32:33

1 posts

This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by capturing session cookies transmitted over an insecure HTTP connection. Successful exploitation of this vulnerability could all

CVE-2025-7072(CVSS UNKNOWN)

EPSS: 0.12%

updated 2026-01-09T12:32:33

1 posts

The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text (shared across all routers of this model) that an unauthenticated remote attacker could use to execute commands with root privileges. This vulnerability has been fixed in firmware version: 1.00.67 for CG3000TC and 1.00.27 for CG3000T.

CVE-2026-22079(CVSS UNKNOWN)

EPSS: 0.03%

updated 2026-01-09T12:32:32

1 posts

This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the plaintext transmission of login credentials during the initial login or post-factory reset setup through the web-based administrative interface. An attacker on the same network could exploit this vulnerability by intercepting network traffic and capturing the credentials transmitt

CVE-2026-22080(CVSS UNKNOWN)

EPSS: 0.03%

updated 2026-01-09T12:32:32

1 posts

This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network could exploit this vulnerability by intercepting network traffic and capturing the Base64-encoded credentials. Successful exploitat

CVE-2025-66049(CVSS UNKNOWN)

EPSS: 0.07%

updated 2026-01-09T12:32:32

1 posts

Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security.  The vendor has not replied to the CNA. Possibly all fir

CVE-2026-22082
(0 None)

EPSS: 0.18%

updated 2026-01-09T12:15:54.403000

1 posts

This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and capturing the session ID during insecure transmission. Successful exploitation of this vulnerability

CVE-2025-69195
(7.6 HIGH)

EPSS: 0.08%

updated 2026-01-09T09:31:24

1 posts

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted URL, which, upon user interaction with wget2, can lead to memory corruption. This can cause the applic

CVE-2025-69194
(8.8 HIGH)

EPSS: 0.03%

updated 2026-01-09T08:15:57.980000

1 posts

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially allow further compromise of the user’s environment.

1 repos

https://github.com/secdongle/POC_CVE-2025-69194

CVE-2026-0732
(6.3 MEDIUM)

EPSS: 0.43%

updated 2026-01-09T00:30:34

1 posts

A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used.

CVE-2025-14025
(8.6 HIGH)

EPSS: 0.06%

updated 2026-01-09T00:30:28

1 posts

A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attacker‘s capabilities would only be limited by role based access contro

CVE-2026-0731
(5.3 MEDIUM)

EPSS: 0.13%

updated 2026-01-08T23:15:44.117000

1 posts

A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-12543
(9.6 CRITICAL)

EPSS: 0.13%

updated 2026-01-08T23:15:42.690000

2 posts

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user session

CVE-2025-59468
(9.0 None)

EPSS: 0.22%

updated 2026-01-08T21:31:39

2 posts

This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter.

CVE-2025-50334
(7.5 HIGH)

EPSS: 0.12%

updated 2026-01-08T21:31:39

1 posts

An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-limiting component

CVE-2025-52691
(10.0 CRITICAL)

EPSS: 10.87%

updated 2026-01-08T21:31:33

5 posts

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Nuclei template

10 repos

https://github.com/sajjadsiam/CVE-2025-52691-poc

https://github.com/hilwa24/CVE-2025-52691

https://github.com/yt2w/CVE-2025-52691

https://github.com/DeathShotXD/CVE-2025-52691-APT-PoC

https://github.com/rxerium/CVE-2025-52691

https://github.com/Ashwesker/Ashwesker-CVE-2025-52691

https://github.com/nxgn-kd01/smartermail-cve-scanner

https://github.com/watchtowrlabs/watchTowr-vs-SmarterMail-CVE-2025-52691

https://github.com/you-ssef9/CVE-2025-52691

https://github.com/SuJing-cy/CVE-2025-2025-52691-SmarterMail-Exp

CVE-2025-65518
(7.5 HIGH)

EPSS: 0.02%

updated 2026-01-08T21:30:40

1 posts

Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) condition. The vulnerability exists in the get_password.php endpoint, where a crafted request containing a malicious payload can cause the affected web interface to continuously reload, rendering the service unavailable to legitimate users. An attacker can exploit this issue remotely without authentication, r

1 repos

https://github.com/Jainil-89/CVE-2025-65518

CVE-2025-13151
(7.5 HIGH)

EPSS: 0.04%

updated 2026-01-08T21:30:33

1 posts

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.

CVE-2026-21858
(10.0 CRITICAL)

EPSS: 0.03%

updated 2026-01-08T20:15:45.453000

11 posts

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise dependi

Nuclei template

3 repos

https://github.com/Chocapikk/CVE-2026-21858

https://github.com/eduardorossi84/CVE-2026-21858-POC

https://github.com/Ashwesker/Ashwesker-CVE-2026-21858

CVE-2017-20212
(6.2 MEDIUM)

EPSS: 0.19%

updated 2026-01-08T19:15:53.680000

1 posts

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile() function to access local system files without authentication.

CVE-2025-5965
(7.2 HIGH)

EPSS: 0.15%

updated 2026-01-08T18:31:36

1 posts

In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in the administration setup modules) allows OS Command Injection.This issue affects Infra Monitoring: from 25.10.0 before 25.10

CVE-2025-12513
(6.8 MEDIUM)

EPSS: 0.02%

updated 2026-01-08T18:31:36

1 posts

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts configuration form modules) allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

CVE-2025-13056
(6.8 MEDIUM)

EPSS: 0.02%

updated 2026-01-08T18:31:36

1 posts

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration ACL menu configuration modules) allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

CVE-2025-15029
(9.8 CRITICAL)

EPSS: 0.03%

updated 2026-01-08T18:31:36

1 posts

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.

CVE-2025-55125
(7.8 HIGH)

EPSS: 0.06%

updated 2026-01-08T18:30:56

2 posts

This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file.

CVE-2025-59470
(9.0 None)

EPSS: 0.22%

updated 2026-01-08T18:30:56

6 posts

This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.

1 repos

https://github.com/b1gchoi/CVE-2025-59470

CVE-2025-67091
(6.5 MEDIUM)

EPSS: 0.01%

updated 2026-01-08T18:30:56

1 posts

An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is executed with root privileges when triggered via the LuCI web interface or authenticated API calls to manage packages. The vulnerable code uses shell redirection to create a lock file in the world-wr

CVE-2025-67090
(5.1 MEDIUM)

EPSS: 0.03%

updated 2026-01-08T18:30:56

1 posts

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint (`/cgi-bin/luci`). An unauthenticated attacker on the local network can perform unlimited password attempts against the admin interface.

CVE-2026-0625(CVSS UNKNOWN)

EPSS: 0.43%

updated 2026-01-08T18:30:33

3 posts

Multiple D-Link DSL gateway devices contain a command injection vulnerability in the dnscfg.cgi endpoint due to improper sanitization of user-supplied DNS configuration parameters. An unauthenticated remote attacker can inject and execute arbitrary shell commands, resulting in remote code execution. The affected endpoint is also associated with unauthenticated DNS modification (“DNSChanger”) behav

CVE-2026-21881
(9.1 CRITICAL)

EPSS: 0.07%

updated 2026-01-08T18:15:59.500000

1 posts

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSE_PROXY_AUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a trusted reverse proxy. An attacker can impersonate any user, including administrators, by simply send

CVE-2025-59469
(9.0 CRITICAL)

EPSS: 0.04%

updated 2026-01-08T18:15:58.570000

2 posts

This vulnerability allows a Backup or Tape Operator to write files as root.

CVE-2025-59157
(9.9 CRITICAL)

EPSS: 0.22%

updated 2026-01-08T18:09:49.800000

1 posts

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, the Git Repository field during project creation is vulnerable to command injection. User input is not properly sanitized, allowing attackers to inject arbitrary shell commands that execute on the underlying server during the deployment workflow. A regular member u

CVE-2025-67303
(7.5 HIGH)

EPSS: 0.05%

updated 2026-01-08T18:09:49.800000

1 posts

An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface

1 repos

https://github.com/joker-xiaoyan/CVE-2025-67303

CVE-2025-12511
(6.8 MEDIUM)

EPSS: 0.02%

updated 2026-01-08T18:09:49.800000

1 posts

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (DSM extenstio configuration modules) allows Stored XSS to user with elevated privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10.0 before 24.10.4, from 24.04.0 before 24.04.8.

CVE-2025-12519
(5.3 MEDIUM)

EPSS: 0.01%

updated 2026-01-08T18:09:49.800000

1 posts

Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

CVE-2025-15026
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-01-08T18:09:49.800000

1 posts

Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.

CVE-2025-68428
(0 None)

EPSS: 0.08%

updated 2026-01-08T18:09:23.230000

4 posts

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents

1 repos

https://github.com/12nio/CVE-2025-68428_PoC

CVE-2020-36925
(9.8 CRITICAL)

EPSS: 0.52%

updated 2026-01-08T18:09:23.230000

2 posts

Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without authorization.

CVE-2025-14997
(7.2 HIGH)

EPSS: 0.46%

updated 2026-01-08T18:09:23.230000

1 posts

The BuddyPress Xprofile Custom Field Types plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete_field' function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code executio

CVE-2026-0641
(6.3 MEDIUM)

EPSS: 3.17%

updated 2026-01-08T18:09:23.230000

2 posts

A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

CVE-2025-15471
(9.8 CRITICAL)

EPSS: 0.15%

updated 2026-01-08T18:09:23.230000

3 posts

A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-0980
(6.4 MEDIUM)

EPSS: 0.01%

updated 2026-01-08T18:09:23.230000

1 posts

Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing valid authentication credentials.

CVE-2020-36907
(7.5 HIGH)

EPSS: 0.38%

updated 2026-01-08T18:09:23.230000

1 posts

Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trigger a 5-minute service disruption.

CVE-2020-36909
(6.5 MEDIUM)

EPSS: 0.03%

updated 2026-01-08T18:09:23.230000

1 posts

SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the edit_config_files CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/edit_config_files to access and modify files outside the intended /etc/config/ directory.

CVE-2020-36918
(4.3 MEDIUM)

EPSS: 0.02%

updated 2026-01-08T18:09:23.230000

1 posts

iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in administrators into adding unauthorized users by exploiting the lack of CSRF protections.

CVE-2020-36922
(7.5 HIGH)

EPSS: 0.08%

updated 2026-01-08T18:09:23.230000

1 posts

Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API.

CVE-2020-36923
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-01-08T18:09:23.230000

1 posts

Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '/#/content-creation' by manipulating client-side access restrictions.

CVE-2020-36915
(7.5 HIGH)

EPSS: 0.04%

updated 2026-01-08T18:09:23.230000

1 posts

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions.

CVE-2020-36924
(7.5 HIGH)

EPSS: 0.06%

updated 2026-01-08T18:09:23.230000

1 posts

Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type.

CVE-2025-6225
(0 None)

EPSS: 0.89%

updated 2026-01-08T18:08:54.147000

2 posts

Kieback&Peter Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02

CVE-2026-0628
(8.8 HIGH)

EPSS: 0.02%

updated 2026-01-08T18:08:54.147000

2 posts

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

1 repos

https://github.com/fevar54/CVE-2026-0628-POC

CVE-2025-69222
(9.1 CRITICAL)

EPSS: 0.09%

updated 2026-01-08T18:08:54.147000

1 posts

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actions that can interact with remote services via OpenAPI specifications, supporting various HTTP methods

CVE-2026-22540
(0 None)

EPSS: 0.04%

updated 2026-01-08T18:08:54.147000

1 posts

The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.

CVE-2026-21877
(9.9 CRITICAL)

EPSS: 0.05%

updated 2026-01-08T18:08:18.457000

6 posts

n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version 1.121.3. Administrators can reduce exposure by disabling the Git node and limiting access for untrusted u

1 repos

https://github.com/Ashwesker/Ashwesker-CVE-2026-21877

CVE-2025-62224
(5.5 MEDIUM)

EPSS: 0.06%

updated 2026-01-08T18:08:18.457000

2 posts

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network.

CVE-2025-67089
(8.1 HIGH)

EPSS: 0.23%

updated 2026-01-08T18:08:18.457000

1 posts

A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.install_package` RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands with root privileges

CVE-2025-15346
(0 None)

EPSS: 0.06%

updated 2026-01-08T18:08:18.457000

1 posts

A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced.  Because the WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT flag was not included, the behavior effectively matched CERT_OPTIONAL: a peer certificate was verified if presented, but connections were incorrectly authenticated when no client

CVE-2025-14819
(5.3 MEDIUM)

EPSS: 0.03%

updated 2026-01-08T18:08:18.457000

2 posts

When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.

CVE-2025-15224
(3.1 LOW)

EPSS: 0.05%

updated 2026-01-08T18:08:18.457000

2 posts

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.