CVE-2026-5997
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-04-10T02:16:04.247000

4 posts

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.

CVE-2026-5996
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-04-10T02:16:04.043000

2 posts

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tty_server leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

CVE-2026-4351
(8.1 HIGH)

EPSS: 0.00%

updated 2026-04-10T02:16:03.553000

2 posts

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the `PMCS::action_handler()` method processing the bulk action `activate`/`deactivate` handlers without any authorization check or nonce verification. The `$_GET['snippets'][]` values are passed unsanitized to `Snippet::activate()`/`Snippet::

CVE-2026-3360
(7.5 HIGH)

EPSS: 0.00%

updated 2026-04-10T02:16:03.073000

2 posts

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the `pay_incomplete_order()` function. The function accepts an attacker-controlled `order_id` parameter and uses it to look up order data, then writes billing fie

CVE-2026-25203
(7.8 HIGH)

EPSS: 0.00%

updated 2026-04-10T02:16:02.767000

2 posts

Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability This issue affects MagicINFO 9 Server: less than 21.1091.1.

CVE-2026-5995
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-04-10T01:16:42.490000

4 posts

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument lan_info can lead to os command injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

CVE-2026-5994
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-04-10T01:16:42.280000

2 posts

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument telnet_enabled results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.

CVE-2026-5993
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-04-10T01:16:41.743000

2 posts

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wifiOff leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used.

CVE-2026-29146(CVSS UNKNOWN)

EPSS: 0.00%

updated 2026-04-10T00:30:29

1 posts

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.

CVE-2026-5989
(8.8 HIGH)

EPSS: 0.00%

updated 2026-04-10T00:16:36.170000

2 posts

A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.

CVE-2026-34424
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-04-09T23:17:00.540000

2 posts

Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via HTTP headers, establish authenticated backdoors accepting arbitrary PHP code or OS commands, create hid

CVE-2026-35471
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-04-09T21:20:35.993000

1 posts

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdeleteFile() missing return after path traversal check. This vulnerability is fixed in 2.0.0-beta.3.

CVE-2026-39987(CVSS UNKNOWN)

EPSS: 0.00%

updated 2026-04-09T19:06:18

1 posts

## Summary Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint `/terminal/ws` lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., `/ws`) that correctly call `validate_auth()` for authentication, the `/terminal/ws` endpoint only checks the

Nuclei template

CVE-2026-35575
(8.0 HIGH)

EPSS: 0.04%

updated 2026-04-09T18:47:25.823000

1 posts

ChurchCRM is an open-source church management system. Prior to 6.5.3, a Stored Cross-Site Scripting (Stored XSS) vulnerability in the admin panel’s group-creation feature allows any user with group-creation privileges to inject malicious JavaScript that executes automatically when an administrator views the page. This enables attackers to steal the administrator’s session cookies, potentially lead

CVE-2026-39344
(8.1 HIGH)

EPSS: 0.03%

updated 2026-04-09T18:42:28.200000

1 posts

ChurchCRM is an open-source church management system. Prior to 7.1.0, there is a Reflected Cross-Site Scripting (XSS) vulnerability on the login page, which is caused by the lack of sanitization or encoding of the username parameter received from the URL. The username parameter value is directly displayed in the login page input element without filter, allowing attackers to insert malicious JavaSc

CVE-2026-1342
(8.5 HIGH)

EPSS: 0.01%

updated 2026-04-09T18:29:07.290000

2 posts

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.

CVE-2026-39318
(8.8 HIGH)

EPSS: 0.03%

updated 2026-04-09T18:17:01.647000

1 posts

ChurchCRM is an open-source church management system. Versions prior to 7.1.0 have an SQL injection vulnerability in the endpoints `/GroupPropsFormRowOps.php`, `/PersonCustomFieldsRowOps.php`, and `/FamilyCustomFieldsRowOps.php`. A user has to be authenticated. For `ManageGroups` privileges have to be enabled and for the other two endpoints the attack has to be executed by an administrative user.

CVE-2026-39890
(9.8 CRITICAL)

EPSS: 0.29%

updated 2026-04-09T17:16:29.663000

1 posts

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags (such as !!js/function and !!js/undefined). This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can exploit this vulnerability by uploading a malicious

CVE-2026-39885
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-09T14:29:54

1 posts

## Summary The `mcp-from-openapi` library uses `@apidevtools/json-schema-ref-parser` to dereference `$ref` pointers in OpenAPI specifications without configuring any URL restrictions or custom resolvers. A malicious OpenAPI specification containing `$ref` values pointing to internal network addresses, cloud metadata endpoints, or local files will cause the library to fetch those resources during

CVE-2026-39889
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-09T14:29:17

2 posts

The A2U (Agent-to-User) event stream server in PraisonAI exposes all agent activity without authentication. This is a separate component from the gateway server fixed in CVE-2026-34952. The create_a2u_routes() function registers the following endpoints with NO authentication checks: - GET /a2u/info — exposes server info and stream names - POST /a2u/subscribe — creates event stream subscri

CVE-2026-39429
(8.2 HIGH)

EPSS: 0.07%

updated 2026-04-09T14:28:53

1 posts

### Summary The cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server. ### Details The cache server is routed in the pre-mux chain in the shard code. The preHandlerChainMux is handled before any authn/authz in the cache server: https://github.com/kcp-dev/kcp

CVE-2026-40035
(9.1 CRITICAL)

EPSS: 0.10%

updated 2026-04-09T14:16:32.387000

2 posts

Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run(), causing any non-empty string to evaluate truthy, allowing attackers to access the Werkzeug debugger and disclose sensitive information or achieve remote code execution.

CVE-2026-39891
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-09T14:16:31.537000

2 posts

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the create_agent_centric_tools() function returns tools (like acp_create_file) that process file content using template rendering. When user input from agent.start() is passed directly into these tools without escaping, template expressions in the input are executed rather than treated as literal text. This vulnerability is fixed in 4.5.11

CVE-2024-1490
(7.2 HIGH)

EPSS: 0.23%

updated 2026-04-09T12:31:22

1 posts

An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device.

CVE-2026-5853
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-09T09:31:57

1 posts

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument addrPrefixLen leads to os command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

CVE-2026-5852
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-09T09:31:56

1 posts

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument igmpVer causes os command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

CVE-2026-5854
(9.8 CRITICAL)

EPSS: 0.23%

updated 2026-04-09T09:31:56

1 posts

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument merge results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

CVE-2026-5850
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-09T06:30:36

2 posts

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru leads to os command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

CVE-2026-5851
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-09T06:30:35

2 posts

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

CVE-2026-5844
(7.2 HIGH)

EPSS: 0.19%

updated 2026-04-09T05:16:06.653000

1 posts

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by

CVE-2026-1830
(9.8 CRITICAL)

EPSS: 0.18%

updated 2026-04-09T05:16:03.420000

2 posts

The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated attackers to retrieve the sync code, upload PHP files with path traversal, and achieve remote code exe

CVE-2026-5830
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-09T03:31:24

1 posts

A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.

CVE-2026-4326
(8.8 HIGH)

EPSS: 0.08%

updated 2026-04-09T02:16:16.530000

1 posts

The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activate_required_plugins() function. Specifically, the current_user_can('install_plugins') capability check does not terminate execution when it fails — it only sets an error message variable while allowing

CVE-2026-5173
(8.5 HIGH)

EPSS: 0.02%

updated 2026-04-09T00:32:08

1 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through websocket connections due to improper access control.

1 repos

https://github.com/0xBlackash/CVE-2026-5173

CVE-2026-5815
(8.8 HIGH)

EPSS: 0.08%

updated 2026-04-09T00:32:08

1 posts

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2026-40031
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-09T00:32:07

2 posts

MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompression, and plugin DLLs. An attacker who places a malicious DLL or shared library in the working directory or manipulates LD_LIBRARY_PATH can achieve arbitr

CVE-2026-40032
(7.8 HIGH)

EPSS: 0.02%

updated 2026-04-09T00:32:07

1 posts

UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the _run_command() function passes constructed command strings directly to eval without proper sanitization. Attackers can inject shell metacharacters or command substitutions through attacker-controlled inputs including %line% values

CVE-2026-40030
(7.8 HIGH)

EPSS: 0.02%

updated 2026-04-09T00:32:07

1 posts

parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument (-v flag) is passed unsanitized into an os.popen() shell command with ls, allowing arbitrary command injection via crafted volume path arguments containing shell metacharacters. An attacker can provide a crafted volume path via the -v flag that injects arbitrary commands during volume content

CVE-2026-40036
(7.5 HIGH)

EPSS: 0.10%

updated 2026-04-09T00:32:07

1 posts

Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes, exhausting server memory and crashing the service.

CVE-2026-5859(CVSS UNKNOWN)

EPSS: 0.03%

updated 2026-04-09T00:32:07

1 posts

Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

CVE-2025-12664
(7.5 HIGH)

EPSS: 0.02%

updated 2026-04-09T00:32:01

1 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries.

CVE-2026-1092
(7.5 HIGH)

EPSS: 0.02%

updated 2026-04-09T00:32:01

1 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validation of JSON payloads.

CVE-2026-3199
(0 None)

EPSS: 0.07%

updated 2026-04-08T23:16:59.160000

1 posts

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control.

CVE-2026-40029
(7.8 HIGH)

EPSS: 0.02%

updated 2026-04-08T22:16:23.303000

1 posts

parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file paths are passed unsanitized into an os.popen() shell command, allowing arbitrary command execution via crafted .lnk filenames containing shell metacharacters. An attacker can craft a .lnk filename with embedded shell metacharacters that execute arbitrary commands on the forensic examiner's machine d

CVE-2026-1340
(9.8 CRITICAL)

EPSS: 73.80%

updated 2026-04-08T21:34:17

5 posts

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

2 repos

https://github.com/YunfeiGE18/CVE-2026-1281-CVE-2026-1340-Ivanti-EPMM-RCE

https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE

CVE-2026-5436
(8.1 HIGH)

EPSS: 0.18%

updated 2026-04-08T21:33:45

1 posts

The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter (upload field key) passed to the generate_user_file_dirpath() function, which uses WordPress's path_join() — a function that returns absolute paths unchanged, discarding the intended base directory. The attacker-contr

CVE-2026-2942
(9.8 CRITICAL)

EPSS: 0.13%

updated 2026-04-08T21:33:41

1 posts

The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSol_fileUploadProcess' function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVE-2026-35457
(8.2 HIGH)

EPSS: 0.04%

updated 2026-04-08T21:27:15.610000

1 posts

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbounded memory growth. This vulnerability is fixed in 0.17.1.

CVE-2026-5627
(9.1 CRITICAL)

EPSS: 0.03%

updated 2026-04-08T21:27:15.610000

2 posts

A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the `AgentFlows` component. The vulnerability arises from improper handling of user input in the `loadFlow` and `deleteFlow` methods in `server/utils/agentFlows/index.js`. Specifically, the combination of `path.join` and `normalizePath` allows attackers to bypass directory restrictions an

CVE-2026-24146
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-08T21:27:00.663000

1 posts

NVIDIA Triton Inference Server contains a vulnerability where insufficient input validation and a large number of outputs could cause a server crash. A successful exploit of this vulnerability might lead to denial of service.

CVE-2026-39328
(8.9 HIGH)

EPSS: 0.04%

updated 2026-04-08T21:27:00.663000

1 posts

ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in ChurchCRM's person profile editing functionality. Non-administrative users who have the EditSelf permission can inject malicious JavaScript into their Facebook, LinkedIn, and X profile fields. Due to a 50-character field limit, the payload is distributed across all three fiel

CVE-2026-39355
(9.9 CRITICAL)

EPSS: 0.04%

updated 2026-04-08T21:27:00.663000

1 posts

Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to transfer ownership of arbitrary non-personal teams to themselves. This enables complete takeover of other users’ team workspaces and unrestricted access to all genealogy data associated with the compromised team. This vulnerability

CVE-2026-32864
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-08T21:27:00.663000

1 posts

There is a memory corruption vulnerability due to an out-of-bounds read in mgcore_SH_25_3!aligned_free() in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.

CVE-2026-39371
(8.1 HIGH)

EPSS: 0.01%

updated 2026-04-08T21:27:00.663000

1 posts

RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported from "use server" files could be invoked via GET requests, bypassing their intended HTTP method. In cookie-authenticated applications, this allowed cross-site GET navigations to trigger state-changing functions, because browsers send SameSite=Lax cookies on top-level GET requests. This affected all

1 repos

https://github.com/zebbernCVE/CVE-2026-39371

CVE-2026-29181
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-08T21:27:00.663000

1 posts

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines, even when each individual value is within the 8192-byte per-value parse limit. This vulnerability is

CVE-2026-5373
(8.1 HIGH)

EPSS: 0.03%

updated 2026-04-08T21:27:00.663000

1 posts

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N (8.1 High). This issue was fixed in version 4.0.260202.0 of the runZero Platform.

CVE-2026-25776
(9.8 CRITICAL)

EPSS: 0.05%

updated 2026-04-08T21:26:35.910000

2 posts

Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script.

CVE-2026-24913
(8.8 HIGH)

EPSS: 0.03%

updated 2026-04-08T21:26:35.910000

1 posts

SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, information stored in the database may be obtained or altered by a user who can log in to the product.

CVE-2026-4003
(9.8 CRITICAL)

EPSS: 0.42%

updated 2026-04-08T21:26:35.910000

2 posts

The Users manager – PN plugin for WordPress is vulnerable to Privilege Escalation via Arbitrary User Meta Update in all versions up to and including 1.1.15. This is due to a flawed authorization logic check in the userspn_ajax_nopriv_server() function within the 'userspn_form_save' case. The conditional only blocks unauthenticated users when the user_id is empty, but when a non-empty user_id is su

CVE-2026-39846
(9.0 CRITICAL)

EPSS: 0.14%

updated 2026-04-08T21:26:35.910000

2 posts

SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another user can trigger remote code execution in the SiYuan Electron desktop client. The root cause is that table caption content is stored without safe escaping and later unescaped into rendered HTML, creating a stored XSS sink. Because the desktop renderer runs with nodeIntegration enabled and contextIs

CVE-2026-3357
(8.8 HIGH)

EPSS: 0.07%

updated 2026-04-08T21:26:35.910000

1 posts

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component.

CVE-2026-5208
(8.2 HIGH)

EPSS: 0.05%

updated 2026-04-08T21:26:13.410000

1 posts

Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names

CVE-2026-28261
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-08T21:26:13.410000

1 posts

Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use the exposed secret to access the vulnerable system

CVE-2026-39393
(8.1 HIGH)

EPSS: 0.01%

updated 2026-04-08T21:26:13.410000

1 posts

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the install route guard in ci4ms relies solely on a volatile cache check (cache('settings')) combined with .env file existence to block post-installation access to the setup wizard. When the database is temporarily unreachable during a cac

CVE-2026-4498
(7.7 HIGH)

EPSS: 0.05%

updated 2026-04-08T21:26:13.410000

1 posts

Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse (CAPEC-122). This requires an authenticated Kibana user with Fleet sub-feature privileges (such as agents, agent policies, and settings management).

CVE-2026-35478
(8.3 HIGH)

EPSS: 0.07%

updated 2026-04-08T21:26:13.410000

1 posts

InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1.2.7, any authenticated InvenTree user can create a valid API token attributed to any other user in the system — including administrators and superusers — by supplying the target's user ID in the user field of a POST /api/user/tokens/ request. The returned token is immediately usable for full API authentication as the

CVE-2026-33229
(0 None)

EPSS: 0.03%

updated 2026-04-08T21:26:13.410000

1 posts

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python scripts, allowing full access to the XWiki instance and thereby compromising the confidentiality, integ

CVE-2026-39888
(9.9 CRITICAL)

EPSS: 0.08%

updated 2026-04-08T21:25:14.927000

1 posts

PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools defaults to sandbox_mode="sandbox", which runs user code in a subprocess wrapped with a restricted __builtins__ dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess wrapper (blocked_attrs of python_tools.py) contains only 11 attribute names — a strict subset

CVE-2026-39394
(8.1 HIGH)

EPSS: 0.02%

updated 2026-04-08T19:16:14

1 posts

## Summary The `Install::index()` controller reads the `host` POST parameter without any validation and passes it directly into `updateEnvSettings()`, which writes it into the `.env` file via `preg_replace()`. Because newline characters in the value are not stripped, an attacker can inject arbitrary configuration directives into the `.env` file. The install routes have CSRF protection explicitly

CVE-2026-4740
(8.3 HIGH)

EPSS: 0.01%

updated 2026-04-08T19:13:59

1 posts

A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This enables cross-cluster privilege escalation and may allow an attacker to gain control over other manag

CVE-2026-4338
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-08T18:35:58

1 posts

The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts

CVE-2026-33466
(8.1 HIGH)

EPSS: 0.28%

updated 2026-04-08T18:34:20

1 posts

Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal (CAPEC-139). The archive extraction utilities used by Logstash do not properly validate file paths within compressed archives. An attacker who can serve a specially crafted archive to Logstash through a compromised or at

CVE-2026-33461
(7.7 HIGH)

EPSS: 0.06%

updated 2026-04-08T18:34:08

1 posts

Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse (CAPEC-122). A user with limited Fleet privileges can exploit an internal API endpoint to retrieve sensitive configuration data, including private keys and authentication tokens, that should only be accessible to users with higher-level settings privileges. The endpoint composes its response by fetch

CVE-2026-27806
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-08T18:03:54

1 posts

## Summary The Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via `exec.Command("expect", "-c", script)`. Because the password is inserted into Tcl brace-quoted `send {%s}`, a password containing `}` terminates the literal and injects arbitrary Tcl commands. Since Orbit r

CVE-2026-5301
(7.6 HIGH)

EPSS: 0.02%

updated 2026-04-08T15:31:50

1 posts

Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0 allows unauthenticated attackers to take over the service via malicious JavaScript in poisoned log entries

CVE-2026-3396
(7.5 HIGH)

EPSS: 0.08%

updated 2026-04-08T12:31:36

1 posts

WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queri

CVE-2026-3243
(8.8 HIGH)

EPSS: 0.20%

updated 2026-04-08T12:31:36

1 posts

The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the create_crop function in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right

CVE-2026-39847
(9.1 CRITICAL)

EPSS: 0.05%

updated 2026-04-08T11:57:19

2 posts

The RSGI static handler for Emmett's internal assets (`/__emmett__` paths) is vulnerable to path traversal attacks. An attacker can use `../` sequences (eg `/__emmett__/../rsgi/handlers.py`) to read arbitrary files outside the assets directory.

CVE-2026-3535
(9.8 CRITICAL)

EPSS: 0.28%

updated 2026-04-08T09:31:42

2 posts

The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the `DSGVOGWPdownloadGoogleFonts()` function in all versions up to, and including, 1.1. The function is exposed via a `wp_ajax_nopriv_` hook, requiring no authentication. It fetches a user-supplied URL as a CSS file, extracts URLs from its content, and downloads those

CVE-2026-5726
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-08T03:32:18

1 posts

ASDA-Soft Stack-based Buffer Overflow Vulnerability

CVE-2026-1346
(9.4 CRITICAL)

EPSS: 0.01%

updated 2026-04-08T03:32:18

3 posts

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to escalate their privileges to root due to execution with unnecessary privileges than required.

CVE-2026-4788
(8.4 HIGH)

EPSS: 0.01%

updated 2026-04-08T03:32:18

1 posts

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user.

CVE-2026-3499
(8.8 HIGH)

EPSS: 0.02%

updated 2026-04-08T03:32:18

1 posts

The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 13.4.6 through 13.5.2.1. This is due to missing or incorrect nonce validation on the ajax_migrate_to_custom_post_type, ajax_adt_clear_custom_attributes_product_meta_keys, ajax_update_file_url_to_lower_case, ajax_use_legacy_filters_and_rules,

CVE-2026-3296
(9.8 CRITICAL)

EPSS: 0.02%

updated 2026-04-08T03:32:18

1 posts

The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to the html-admin-page-entries-view.php file calling PHP's native unserialize() on stored entry meta values without passing the allowed_classes parameter. This makes it possible for unauthenticated atta

CVE-2026-39933(CVSS UNKNOWN)

EPSS: 0.05%

updated 2026-04-08T00:30:33

1 posts

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension allows Cross-Site Scripting (XSS).This issue affects non release branches.

CVE-2026-39397
(9.4 CRITICAL)

EPSS: 0.04%

updated 2026-04-08T00:15:54

1 posts

### Impact All `/api/puck/*` CRUD endpoint handlers registered by `createPuckPlugin()` called Payload's local API with the default `overrideAccess: true`, bypassing all collection-level access control. The `access` option passed to `createPuckPlugin()` and any `access` rules defined on Puck-registered collections were silently ignored on these endpoints. An unauthenticated remote attacker could:

CVE-2026-39356
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-08T00:14:59

1 posts

### Summary Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific `escapeName()` implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or backticks. As a result, applications that pass attacker-controlled input to APIs that construct SQL identifiers or aliases, such as `sql.identifier()`, `.as()`

CVE-2026-39376
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-08T00:12:27

1 posts

### Summary When `parse()` fetches a URL that returns an HTML page containing a `<meta http-equiv="refresh">` tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An attacker-controlled server that returns an infinite chain of HTML meta-refresh responses causes unbounded recursion, exhausting the Python call stack an

CVE-2026-39369
(7.6 HIGH)

EPSS: 0.05%

updated 2026-04-08T00:08:46

1 posts

## Summary `objects/aVideoEncoderReceiveImage.json.php` allowed an authenticated uploader to fetch attacker-controlled same-origin `/videos/...` URLs, bypass traversal scrubbing, and expose server-local files through the GIF poster storage path. The vulnerable GIF branch could be abused to read local files such as `/etc/passwd` or application source files and republish those bytes through a norm

CVE-2026-35533
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-07T22:16:56

1 posts

### Summary `mise` loads trust-control settings from a local project `.mise.toml` before the trust check runs. An attacker who can place a malicious `.mise.toml` in a repository can make that same file appear trusted and then reach dangerous directives such as `[env] _.source`, templates, hooks, or tasks. The strongest current variant is `trusted_config_paths = ["/"]`. I confirmed on current `v2

CVE-2026-32862
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-07T21:32:46

1 posts

There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.

CVE-2026-32861
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-07T21:32:46

1 posts

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvclass file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.

CVE-2026-32860
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-07T21:32:46

1 posts

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVLIB file in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvlib file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.

CVE-2026-32863
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-07T21:32:46

1 posts

There is a memory corruption vulnerability due to an out-of-bounds read in sentry_transaction_context_set_operation() in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.

CVE-2026-35464
(7.5 HIGH)

EPSS: 0.08%

updated 2026-04-07T20:00:07

1 posts

## Summary The fix for CVE-2026-33509 (GHSA-r7mc-x6x7-cqxx) added an `ADMIN_ONLY_OPTIONS` set to block non-admin users from modifying security-critical config options. The `storage_folder` option is not in this set and passes the existing path restriction because the Flask session directory is outside both PKGDIR and userdir. A user with SETTINGS and ADD permissions can redirect downloads to the

CVE-2026-35463
(8.8 HIGH)

EPSS: 0.26%

updated 2026-04-07T19:59:57

1 posts

### Summary The `ADMIN_ONLY_OPTIONS` protection mechanism restricts security-critical configuration values (reconnect scripts, SSL certs, proxy credentials) to admin-only access. However, this protection is **only applied to core config options**, not to plugin config options. The `AntiVirus` plugin stores an executable path (`avfile`) in its config, which is passed directly to `subprocess.Popen(

CVE-2026-35405
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-07T19:59:37

1 posts

### Summary The`libp2p-rendezvous` server has no limit on how many namespaces a single peer can register. A malicious peer can repeatedly register unique namespaces in a loop, and the server accepts the requests, allocating memory for each registration without pushback. If an attacker continues submitting malicous requests for long enough, (or with multiple sybil peers) the server process crashes

CVE-2026-24660
(8.1 HIGH)

EPSS: 0.04%

updated 2026-04-07T18:32:41

1 posts

A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2026-24173
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-07T18:31:45

1 posts

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service.

CVE-2026-24175
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-07T18:31:45

1 posts

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request header to the server. A successful exploit of this vulnerability might lead to denial of service.

CVE-2026-24450
(8.1 HIGH)

EPSS: 0.04%

updated 2026-04-07T18:31:35

1 posts

An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2026-34989
(0 None)

EPSS: 0.05%

updated 2026-04-07T17:16:29.093000

1 posts

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 31.0.0.0, the application fails to properly sanitize user-controlled input when users update their profile name (e.g., full name / username). An attacker can inject a malicious JavaScript payload into their profile name, which is then stored server-

CVE-2026-20432
(8.0 HIGH)

EPSS: 0.05%

updated 2026-04-07T15:31:49

1 posts

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01406170; Issue ID: MSV-4461.

CVE-2026-23818
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-07T15:30:58

1 posts

A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an attacker-controlled server hosting a spoofed login page prompting the unsuspecting victim to give away th

CVE-2026-22679
(9.8 CRITICAL)

EPSS: 0.31%

updated 2026-04-07T15:30:53

1 posts

Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft POST requests with attacker-controlled interfaceName and methodName parameters to reach command-executi

CVE-2026-34197
(8.8 HIGH)

EPSS: 5.60%

updated 2026-04-07T15:30:49

4 posts

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) a

Nuclei template

6 repos

https://github.com/0xBlackash/CVE-2026-34197

https://github.com/dinosn/CVE-2026-34197

https://github.com/DEVSECURITYSPRO/CVE-2026-34197

https://github.com/AtoposX-J/CVE-2026-34197-Apache-ActiveMQ-RCE

https://github.com/KONDORDEVSECURITYCORP/CVE-2026-34197

https://github.com/hg0434hongzh0/CVE-2026-34197

CVE-2026-20433
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-07T15:30:48

1 posts

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460.

CVE-2026-1114
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-04-07T14:16:18.567000

2 posts

In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens (JWT). This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret key. Once the secret key is obtained, the attacker can forge administrative tokens by modifying the JWT payload and

CVE-2026-34904
(7.5 HIGH)

EPSS: 0.02%

updated 2026-04-07T13:20:11.643000

1 posts

Cross-Site Request Forgery (CSRF) vulnerability in Analytify Simple Social Media Share Buttons allows Cross Site Request Forgery.This issue affects Simple Social Media Share Buttons: from n/a through 6.2.0.

CVE-2026-31842
(7.5 HIGH)

EPSS: 0.05%

updated 2026-04-07T12:31:21

1 posts

Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The is_chunked_transfer() function uses strcmp() to compare the header value against "chunked", even though RFC 7230 specifies that transfer-coding names are case-insensitive. By sending a request with Transfer-Encoding: Chunked, an unau

CVE-2026-34896
(7.5 HIGH)

EPSS: 0.02%

updated 2026-04-07T09:31:28

1 posts

Cross-Site Request Forgery (CSRF) vulnerability in Analytify Under Construction, Coming Soon & Maintenance Mode allows Cross Site Request Forgery.This issue affects Under Construction, Coming Soon & Maintenance Mode: from n/a through 2.1.1.

CVE-2026-5465
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-07T09:31:28

1 posts

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the `UpdateProviderCommandHandler` failing to validate changes to the `externalId` field when a Provider (Employee) user updates their own profile. The `externalId` maps directly to a WordPress user ID and is pa

1 repos

https://github.com/kaleth4/CVE-2026-5465

CVE-2026-0740
(9.8 CRITICAL)

EPSS: 0.08%

updated 2026-04-07T06:30:28

1 posts

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NF_FU_AJAX_Controllers_Uploads::handle_upload' function in all versions up to, and including, 3.3.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note:

1 repos

https://github.com/xShadow-Here/CVE-2026-0740

CVE-2025-65115
(8.8 HIGH)

EPSS: 0.07%

updated 2026-04-07T06:30:28

1 posts

Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows

CVE-2026-35393
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-04-06T23:43:51

1 posts

### Summary * POST multipart upload directory not sanitized | `httpserver/updown.go:71-174` This finding affect the default configuration, no flags or authentication required. ### Details **File:** `httpserver/updown.go:71-174` **Trigger:** `POST /<path>/upload` (server.go:49-51 checks `HasSuffix(r.URL.Path, "/upload")`) The filename is sanitized (slashes stripped, line 105-106), but the targe

CVE-2026-33579(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-04-06T23:39:45

1 posts

## Summary The `/pair approve` command path called device approval without forwarding caller scopes into the core approval check. ## Impact A caller that held pairing privileges but not admin privileges could approve a pending device request asking for broader scopes, including admin access. ## Affected Component `extensions/device-pair/index.ts, src/infra/device-pairing.ts` ## Fixed Version

1 repos

https://github.com/atalovesyou/openclaw-security-checker

CVE-2026-34976
(10.0 CRITICAL)

EPSS: 0.03%

updated 2026-04-06T23:26:04

1 posts

The `restoreTenant` admin mutation is missing from the authorization middleware config (`admin.go:499-522`), making it completely unauthenticated. Unlike the similar `restore` mutation which requires Guardian-of-Galaxy authentication, `restoreTenant` executes with zero middleware. This mutation accepts attacker-controlled backup source URLs (including `file://` for local filesystem access), S3/Mi

CVE-2026-35616
(9.8 CRITICAL)

EPSS: 5.95%

updated 2026-04-06T18:33:04

5 posts

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Nuclei template

5 repos

https://github.com/BishopFox/CVE-2026-35616-check

https://github.com/fevar54/CVE-2026-35616-detector.py

https://github.com/fevar54/forticlient_ems_cve_2026_35616_poc.py

https://github.com/0xBlackash/CVE-2026-35616

https://github.com/z3r0h3ro/CVE-2026-35616-poc

CVE-2026-3184
(3.7 LOW)

EPSS: 0.10%

updated 2026-04-03T21:31:49

1 posts

A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified d

1 repos

https://github.com/Mothra-1/CVE-2026-31844

CVE-2026-34040
(8.8 HIGH)

EPSS: 0.01%

updated 2026-04-03T16:51:28.670000

3 posts

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

CVE-2026-1668
(9.8 CRITICAL)

EPSS: 0.37%

updated 2026-04-02T15:32:40

1 posts

The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.<br>An unauthenticated attacker with network access to the affected interface may cause memory corruption, service instability, or informatio

1 repos

https://github.com/tangrs/cve-2026-1668-poc

CVE-2025-59032
(7.5 HIGH)

EPSS: 0.07%

updated 2026-03-27T09:31:18

1 posts

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed version. No publicly available exploits are known.

CVE-2026-33509
(7.5 HIGH)

EPSS: 0.08%

updated 2026-03-26T20:47:02.337000

1 posts

pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97, the set_config_value() API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.script config option controls a file path that is passed directly to subprocess.run() in the thread manager's reconnect l

CVE-2026-3497(CVSS UNKNOWN)

EPSS: 0.03%

updated 2026-03-18T21:34:00

1 posts

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange t

CVE-2026-23060
(5.5 MEDIUM)

EPSS: 0.01%

updated 2026-03-13T21:32:48

1 posts

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() can advance past the end of the destination scatterlist and trigger a NULL pointer dereference in scatterwalk_map_and_co

CVE-2025-66614
(9.1 CRITICAL)

EPSS: 0.04%

updated 2026-03-11T20:38:07

1 posts

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected. Tomcat did not validate that the host name provided via the SNI extension

CVE-2025-66168
(5.4 MEDIUM)

EPSS: 0.04%

updated 2026-03-04T22:19:26

1 posts

Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overflow occurs, ActiveMQ may incorrectly compute the total Remaining Length and subsequently misinterpret the payload as multiple MQTT control packets which makes the broker susceptible to unexpected behavior when interacting with non-comp

CVE-2026-1281
(9.8 CRITICAL)

EPSS: 71.80%

updated 2026-01-30T00:31:29

1 posts

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

2 repos

https://github.com/YunfeiGE18/CVE-2026-1281-CVE-2026-1340-Ivanti-EPMM-RCE

https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE

CVE-2025-59718
(9.8 CRITICAL)

EPSS: 7.62%

updated 2025-12-16T21:30:51

1 posts

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7

2 repos

https://github.com/moften/CVE-2025-59718-Fortinet-Poc

https://github.com/exfil0/CVE-2025-59718-PoC

CVE-2025-55182
(10.0 CRITICAL)

EPSS: 66.27%

updated 2025-12-09T16:53:25

4 posts

### Impact There is an unauthenticated remote code execution vulnerability in React Server Components. We recommend upgrading immediately. The vulnerability is present in versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 of: * [react-server-dom-webpack](https://www.npmjs.com/package/react-server-dom-webpack) * [react-server-dom-parcel](https://www.npmjs.com/package/react-server-dom-parcel) * [react-s

Nuclei template

100 repos

https://github.com/pax-k/react2shell-CVE-2025-55182-full-rce-script

https://github.com/zr0n/react2shell

https://github.com/hackersatyamrastogi/react2shell-ultimate

https://github.com/emredavut/CVE-2025-55182

https://github.com/yanoshercohen/React2Shell_CVE-2025-55182

https://github.com/shyambhanushali/React2Shell

https://github.com/alptexans/RSC-Detect-CVE-2025-55182

https://github.com/gensecaihq/react2shell-scanner

https://github.com/Spritualkb/CVE-2025-55182-exp

https://github.com/msanft/CVE-2025-55182

https://github.com/Pizz33/CVE-2025-55182-burpscanner

https://github.com/VeilVulp/RscScan-cve-2025-55182

https://github.com/l4rm4nd/CVE-2025-55182

https://github.com/MoLeft/React2Shell-Toolbox

https://github.com/acheong08/CVE-2025-55182-poc

https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc

https://github.com/MemerGamer/CVE-2025-55182

https://github.com/xcanwin/CVE-2025-55182-React-RCE

https://github.com/CirqueiraDev/MassExploit-CVE-2025-55182

https://github.com/logesh-GIT001/CVE-2025-55182

https://github.com/M4xSec/CVE-2025-55182-React2Shell-RCE-Shell

https://github.com/ejpir/CVE-2025-55182-bypass

https://github.com/subhdotsol/CVE-2025-55182

https://github.com/Chocapikk/CVE-2025-55182

https://github.com/sumanrox/rschunter

https://github.com/hualy13/CVE-2025-55182

https://github.com/heiheishushu/rsc_detect_CVE-2025-55182

https://github.com/sickwell/CVE-2025-55182

https://github.com/hidden-investigations/react2shell-scanner

https://github.com/dwisiswant0/CVE-2025-55182

https://github.com/AdityaBhatt3010/React2Shell-CVE-2025-55182

https://github.com/BlackTechX011/React2Shell

https://github.com/GelukCrab/React-Server-Components-RCE

https://github.com/websecuritylabs/React2Shell-Library

https://github.com/BeichenDream/CVE-2025-55182-GodzillaMemoryShell

https://github.com/whiteov3rflow/CVE-2025-55182-poc

https://github.com/Security-Phoenix-demo/react2shell-scanner-rce-react-next-CVE-2025-55182-CVE-2025-66478

https://github.com/tobiasGuta/Next.js-RSC-RCE-Scanner-Burp-Suite-Extension

https://github.com/theori-io/reactguard

https://github.com/aliclub0x00/CVE-2025-55182-POC-NEXTJS

https://github.com/zack0x01/vuln-app-CVE-2025-55182

https://github.com/Archerkong/CVE-2025-55182

https://github.com/assetnote/react2shell-scanner

https://github.com/techgaun/cve-2025-55182-scanner

https://github.com/RavinduRathnayaka/CVE-2025-55182-PoC

https://github.com/theman001/CVE-2025-55182

https://github.com/pyroxenites/Nextjs_RCE_Exploit_Tool

https://github.com/c0rydoras/CVE-2025-55182

https://github.com/chrahman/react2shell-CVE-2025-55182-full-rce-script

https://github.com/im-ezboy/CVE-2025-55182-zoomeye

https://github.com/fatguru/CVE-2025-55182-scanner

https://github.com/freeqaz/react2shell

https://github.com/BankkRoll/Quickcheck-CVE-2025-55182-React-and-CVE-2025-66478-Next.js

https://github.com/ejpir/CVE-2025-55182-research

https://github.com/RuoJi6/CVE-2025-55182-RCE-shell

https://github.com/AdityaBhatt3010/React2Shell-CVE-2025-55182-The-Deserialization-Bug-That-Broke-the-Web

https://github.com/jf0x3a/CVE-2025-55182-exploit

https://github.com/LemonTeatw1/CVE-2025-55182-exploit

https://github.com/Updatelap/CVE-2025-55182

https://github.com/shamo0/react2shell-PoC

https://github.com/surajhacx/react2shellpoc

https://github.com/mrknow001/RSC_Detector

https://github.com/songsanggggg/CVE-2025-55182

https://github.com/Cr4at0r/Next.js-RCE-Scanner-BurpSuite-Extension-

https://github.com/zzhorc/CVE-2025-55182

https://github.com/alsaut1/react2shell-lab

https://github.com/timsonner/React2Shell-CVE-2025-55182

https://github.com/kavienanj/CVE-2025-55182

https://github.com/momika233/CVE-2025-55182-bypass

https://github.com/zack0x01/CVE-2025-55182-advanced-scanner-

https://github.com/ZihxS/check-react-rce-cve-2025-55182

https://github.com/Cillian-Collins/CVE-2025-55182

https://github.com/StealthMoud/CVE-2025-55182-Scanner

https://github.com/kondukto-io/vulnerable-next-js-poc

https://github.com/Tiger-Foxx/exploit-react-CVE-2025-55182

https://github.com/hoosin/CVE-2025-55182

https://github.com/anuththara2007-W/CVE-2025-55182-Exploit-extension

https://github.com/xalgord/React2Shell

https://github.com/vulncheck-oss/cve-2025-55182

https://github.com/MrR0b0t19/CVE-2025-55182-shellinteractive

https://github.com/Rsatan/Next.js-Exploit-Tool

https://github.com/ThemeHackers/CVE-2025-55182

https://github.com/EynaExp/CVE-2025-55182-POC

https://github.com/vijay-shirhatti/RSC-Detect-CVE-2025-55182

https://github.com/AliHzSec/CVE-2025-55182

https://github.com/keklick1337/CVE-2025-55182-golang-PoC

https://github.com/santihabib/CVE-2025-55182-analysis

https://github.com/jctommasi/react2shellVulnApp

https://github.com/cybertechajju/R2C-CVE-2025-55182-66478

https://github.com/alfazhossain/CVE-2025-55182-Exploiter

https://github.com/nehkark/CVE-2025-55182

https://github.com/xkillbit/cve-2025-55182-scanner

https://github.com/CymulateResearch/React2Shell-Scanner

https://github.com/snipevx/React2Shell-POC

https://github.com/hexsh1dow/CVE-2025-55182

https://github.com/Dh4v4l8/CVE-2025-55182-poc-tool

https://github.com/sudo-Yangziran/CVE-2025-55182POC

https://github.com/rix4uni/CVE-2025-55182

https://github.com/kOaDT/poc-cve-2025-55182

https://github.com/ynsmroztas/NextRce

CVE-2023-48788
(9.8 CRITICAL)

EPSS: 94.13%

updated 2025-10-24T12:54:49.670000

1 posts

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.

Nuclei template

1 repos

https://github.com/horizon3ai/CVE-2023-48788

CVE-2025-59528
(10.0 CRITICAL)

EPSS: 82.39%

updated 2025-09-23T16:45:09.443000

6 posts

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it executes

Nuclei template

1 repos

https://github.com/zimshk/CVE-2025-59528.yaml

CVE-2025-4870
(7.3 HIGH)

EPSS: 0.20%

updated 2025-05-21T21:32:25

1 posts

A vulnerability classified as critical was found in itsourcecode Restaurant Management System 1.0. This vulnerability affects unknown code of the file /admin/menu_save.php. The manipulation of the argument menu leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

4 repos

https://github.com/B1tBreaker/CVE-2025-48708

https://github.com/itstarsec/CVE-2025-48703

https://github.com/ftz7/PoC-CVE-2025-48703

https://github.com/Skynoxk/CVE-2025-48703

CVE-2016-2183
(7.5 HIGH)

EPSS: 40.99%

updated 2025-04-12T10:46:40.837000

1 posts

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

1 repos

https://github.com/ZakyHermawan/Simple-Sweet32

CVE-2020-8562
(2.2 LOW)

EPSS: 0.06%

updated 2024-11-21T05:39:02.180000

1 posts

As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or

CVE-2024-34359
(9.7 CRITICAL)

EPSS: 56.67%

updated 2024-05-28T17:58:37

1 posts

## Description `llama-cpp-python` depends on class `Llama` in `llama.py` to load `.gguf` llama.cpp or Latency Machine Learning Models. The `__init__` constructor built in the `Llama` takes several parameters to configure the loading and running of the model. Other than `NUMA, LoRa settings`, `loading tokenizers,` and `hardware settings`, `__init__` also loads the `chat template` from targeted `.g

CVE-2023-38766
(5.4 MEDIUM)

EPSS: 0.21%

updated 2024-04-04T06:40:24

1 posts

Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component.

CVE-2025-65027
(0 None)

EPSS: 0.03%

1 posts

N/A

CVE-2026-0234
(0 None)

EPSS: 0.00%

2 posts

N/A