CVE-2026-2157
(7.2 HIGH)

EPSS: 0.00%

updated 2026-02-08T15:15:52.310000

1 posts

A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub_4175CC of the file /goform/set_static_route_table. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

CVE-2026-2155
(7.2 HIGH)

EPSS: 0.00%

updated 2026-02-08T14:16:26.027000

1 posts

A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub_4208A0 of the file /goform/set_dmz of the component Configuration Handler. The manipulation of the argument dmz_host/dmz_enable results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

CVE-2026-2152
(7.2 HIGH)

EPSS: 0.00%

updated 2026-02-08T13:16:03.507000

1 posts

A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file adv_routing.php of the component Web Configuration Interface. Performing a manipulation of the argument dest_ip/ submask/ gw results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used. This vulnerability only affects products that are

CVE-2026-2151
(7.2 HIGH)

EPSS: 0.00%

updated 2026-02-08T12:15:52.813000

1 posts

A vulnerability has been found in D-Link DIR-615 4.10. This affects an unknown part of the file adv_firewall.php of the component DMZ Host Feature. Such manipulation of the argument dmz_ipaddr  leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the

CVE-2026-2150
(4.3 MEDIUM)

EPSS: 0.03%

updated 2026-02-08T12:15:51.820000

1 posts

A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /checkin.php. This manipulation of the argument patient_id causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used.

7 repos

https://github.com/ksk-itdk/KSK-ITDK-CVE-2026-21509-Mitigation

https://github.com/gavz/CVE-2026-21509-PoC

https://github.com/kimstars/Ashwesker-CVE-2026-21509

https://github.com/PinPin1140/cve-2026-21509

https://github.com/decalage2/detect_CVE-2026-21509

https://github.com/kaizensecurity/CVE-2026-21509

https://github.com/SimoesCTT/CTT-MICROSOFT-OFFICE-OLE-MANIFOLD-BYPASS-CVE-2026-21509

CVE-2026-2143
(7.2 HIGH)

EPSS: 0.19%

updated 2026-02-08T09:15:51.690000

2 posts

A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/set_ddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

2 repos

https://github.com/osmancanvural/CVE-2026-21436

https://github.com/osmancanvural/CVE-2026-21437

CVE-2026-2140
(8.8 HIGH)

EPSS: 0.09%

updated 2026-02-08T07:16:01.577000

3 posts

A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Affected by this issue is the function sub_4223E0 of the file /goform/setMacFilterCfg. Such manipulation of the argument deviceList leads to buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used.

CVE-2026-2139
(8.8 HIGH)

EPSS: 0.09%

updated 2026-02-08T07:15:59.507000

2 posts

A vulnerability was determined in Tenda TX9 up to 22.03.02.10_multi. Affected by this vulnerability is the function sub_432580 of the file /goform/fast_setting_wifi_set. This manipulation of the argument ssid causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

CVE-2026-2138
(8.8 HIGH)

EPSS: 0.09%

updated 2026-02-08T06:31:53

2 posts

A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the function sub_42D03C of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.

CVE-2026-2137
(8.8 HIGH)

EPSS: 0.09%

updated 2026-02-08T06:16:17.900000

2 posts

A vulnerability has been found in Tenda TX3 up to 16.03.13.11_multi. This impacts an unknown function of the file /goform/SetIpMacBind. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2026-2129
(7.2 HIGH)

EPSS: 0.19%

updated 2026-02-08T03:30:35

1 posts

A vulnerability was found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/set_ac_status. Performing a manipulation of the argument ac_ipaddr/ac_ipstatus/ap_randtime results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.

CVE-2025-15027
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-02-08T03:30:35

2 posts

The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_login_register_ajax_create_final_user' function. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.

CVE-2026-2120
(7.2 HIGH)

EPSS: 0.19%

updated 2026-02-08T03:30:35

1 posts

A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/set_server_settings of the component Configuration Parameter Handler. The manipulation of the argument terminal_addr/server_ip/server_port leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

CVE-2025-15100
(8.8 HIGH)

EPSS: 0.04%

updated 2026-02-08T03:30:29

2 posts

The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_panel_ajax_update_profile' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administra

CVE-2026-25857(CVSS UNKNOWN)

EPSS: 0.15%

updated 2026-02-08T00:31:05

1 posts

Tenda G300-F router firmware versio 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality (formSetWanDiag). The implementation constructs a shell command that invokes curl and incorporates attacker-controlled input into the command line without adequate neutralization. As a result, a remote attacker with access to the affected management interface c

1 repos

https://github.com/eeeeeeeeeevan/CVE-2026-25857

CVE-2026-25858
(0 None)

EPSS: 0.15%

updated 2026-02-07T22:16:02.753000

2 posts

macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The password reset flow exposes the one-time password (OTP) directly in the API response and validates password reset requests solely by comparing the pro

CVE-2026-2086
(8.8 HIGH)

EPSS: 0.04%

updated 2026-02-07T15:30:14

3 posts

A vulnerability was detected in UTT HiPER 810G up to 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formFireWall of the component Management Interface. The manipulation of the argument GroupName results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but

CVE-2026-2071
(8.8 HIGH)

EPSS: 0.04%

updated 2026-02-07T03:30:18

2 posts

A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formP2PLimitConfig. Performing a manipulation of the argument except results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any w

CVE-2026-25544
(9.8 CRITICAL)

EPSS: 0.05%

updated 2026-02-07T00:31:53

3 posts

### Impact When querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL Injection attacks. An unauthenticated attacker could extract sensitive data (emails, password reset tokens) and achieve full account takeover without password cracking. **Users are affected if ALL of these are true:** 1. Payload version < v3.73.0 2. Using a Drizzle-ba

CVE-2026-2070
(8.8 HIGH)

EPSS: 0.04%

updated 2026-02-07T00:30:34

2 posts

A vulnerability has been found in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy of the file /goform/formPolicyRouteConf. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2068
(8.8 HIGH)

EPSS: 0.04%

updated 2026-02-07T00:30:34

1 posts

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/formSyslogConf. The manipulation of the argument ServerIp results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1727(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-02-07T00:30:27

1 posts

The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an attacker to engage in "bucket squatting" by establishing these buckets before a victim's initial use. All

CVE-2026-25762
(7.5 HIGH)

EPSS: 0.01%

updated 2026-02-06T23:15:54.670000

2 posts

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service (DoS) vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in memory while attempting to detect file types, potentially leading to excessive memory consumption and pr

CVE-2026-1709
(9.4 CRITICAL)

EPSS: 0.04%

updated 2026-02-06T22:34:46

1 posts

### Impact The Keylime registrar does not enforce mutual TLS (mTLS) client certificate authentication since version 7.12.0. The registrar's TLS context is configured with `ssl.CERT_OPTIONAL` instead of `ssl.CERT_REQUIRED`, allowing any client to connect to protected API endpoints without presenting a valid client certificate. **Who is impacted:** - All Keylime deployments running versions 7.12

CVE-2026-25732
(7.5 HIGH)

EPSS: 0.12%

updated 2026-02-06T22:16:11.993000

1 posts

NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOAD_DIR / file.name. Malicious filenames containing ../ sequences allow attackers to write files outside intended directories, with potential for remote code execution through applicatio

1 repos

https://github.com/mbanyamer/CVE-2026-25732-NiceGUI-3.6.1

CVE-2026-1731
(0 None)

EPSS: 0.44%

updated 2026-02-06T22:16:11.020000

3 posts

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

CVE-2026-25634
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-06T21:57:22.450000

3 posts

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Apply() int IccTagMPE.cpp. This vulnerability is fixed in 2.3.1.4.

CVE-2026-25628
(8.5 HIGH)

EPSS: 0.04%

updated 2026-02-06T21:57:22.450000

2 posts

Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled on_disk.log_file path. Minimal privileges are required (read-only access). This vulnerability is fixed in 1.16.0.

CVE-2026-25641
(10.0 CRITICAL)

EPSS: 0.04%

updated 2026-02-06T21:57:22.450000

2 posts

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Even though the key used in property accesses is annotated as string, this is never enforced. So, attackers can pass malicious objects that coerce to different string values when used

CVE-2025-70963
(7.6 HIGH)

EPSS: 0.04%

updated 2026-02-06T21:57:22.450000

1 posts

Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context.

CVE-2026-25592
(10.0 CRITICAL)

EPSS: 0.10%

updated 2026-02-06T21:43:54

2 posts

### Impact _What kind of vulnerability is it? Who is impacted?_ An Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the `SessionsPythonPlugin`. Developers who have built applications which include Microsoft's Semantic Kernel .NET SDK and are using the `SessionsPythonPlugin`. ### Patches _Has the problem been patched? What version

CVE-2026-25632
(10.0 CRITICAL)

EPSS: 0.11%

updated 2026-02-06T21:43:50

3 posts

### Impact EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer (my_load_from_json) that supports a __type__ field. When __type__ is present, the deserializer dynamically imports an attacker-specified module/class and instantiates it with attacker-supplied arguments. This allows invoking dangerous classes such as subprocess.Popen, which can lead to OS com

CVE-2026-25593
(8.4 HIGH)

EPSS: 0.10%

updated 2026-02-06T21:43:42

1 posts

### Summary An unauthenticated local client could use the Gateway WebSocket API to write config via `config.apply` and set unsafe `cliPath` values that were later used for command discovery, enabling command injection as the gateway user. ### Impact A local process on the same machine could execute arbitrary commands as the gateway process user. ### Details - `config.apply` accepted raw JSON

CVE-2026-25587
(10.0 CRITICAL)

EPSS: 0.05%

updated 2026-02-06T21:42:55

1 posts

### Summary As `Map` is in `SAFE_PROTOYPES`, it's prototype can be obtained via `Map.prototype`. By overwriting `Map.prototype.has` the sandbox can be escaped. ### Details This is effectively equivalent to CVE-2026-25142, but without `__lookupGetter__` (`let` was used during testing), it turns out the `let` implementation is bugged: ```js let a = Map.prototype; console.log(a) // undefined ```

CVE-2026-25586
(10.0 CRITICAL)

EPSS: 0.05%

updated 2026-02-06T21:42:50

2 posts

## Summary A sandbox escape is possible by shadowing `hasOwnProperty` on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to `__proto__` and other blocked prototype properties, enabling **host `Object.prototype` pollution** and persistent cross-sandbox impact. The issue was reproducible on Node `v23.9.0` using the project’s c

CVE-2026-25580
(8.6 HIGH)

EPSS: 0.01%

updated 2026-02-06T21:42:28

1 posts

## Summary A Server-Side Request Forgery (SSRF) vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources, attackers can include malicious URLs that cause the server to make HTTP requests to internal network resources, potentially accessing internal services or cloud credentials. **This vulnerability only affects application

CVE-2026-25520
(10.0 CRITICAL)

EPSS: 0.08%

updated 2026-02-06T21:42:24

2 posts

### Summary The return values of functions aren't wrapped. `Object.values`/`Object.entries` can be used to get an Array containing the host's `Function` constructor, by using `Array.prototype.at` you can obtain the hosts `Function` constructor, which can be used to execute arbitrary code outside of the sandbox. ### Details The return values of functions aren't wrapped, chaining function calls a

CVE-2026-23989
(8.2 HIGH)

EPSS: 0.03%

updated 2026-02-06T21:42:17

1 posts

### Impact A security issue was discovered in Reva based products that enables a malicious user to bypass the scope validation of a public link, allowing it to access resources outside the scope of a public link. ### Details Public link shares in OpenCloud are bound to a specific scope (usually a file or directory). Anonymous users accessing resources via this public link share are only allowed

CVE-2026-25505
(9.8 CRITICAL)

EPSS: 0.09%

updated 2026-02-06T21:38:04

1 posts

### Summary 1. A hardcoded secret key used for signing JWTs is checked into source code 2. ManyAPI routes do not check authentication ### Details I am using the publicly available docker image at `ghcr.io/maziggy/bambuddy` #### 1. Hardcoded JWT Secret Key https://github.com/maziggy/bambuddy/blob/a9bb8ed8239602bf08a9914f85a09eeb2bf13d15/backend/app/core/auth.py#L28 <details> <summary>Copying the

CVE-2026-2067
(8.8 HIGH)

EPSS: 0.04%

updated 2026-02-06T21:30:58

2 posts

A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/formTimeGroupConfig. The manipulation of the argument year1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any

CVE-2026-2066
(8.8 HIGH)

EPSS: 0.04%

updated 2026-02-06T21:30:58

1 posts

A weakness has been identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formIpGroupConfig. Executing a manipulation of the argument groupName can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respo

CVE-2025-13523
(7.7 HIGH)

EPSS: 0.01%

updated 2026-02-06T19:55:58

1 posts

Mattermost Confluence plugin version < 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. Mattermos

CVE-2025-70073
(9.8 CRITICAL)

EPSS: 0.25%

updated 2026-02-06T18:31:38

1 posts

An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function

CVE-2025-69906
(8.8 HIGH)

EPSS: 0.21%

updated 2026-02-06T18:31:38

1 posts

Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to upload files that are interpreted as executable code, resulting in remote code execution.

1 repos

https://github.com/cypherdavy/CVE-2025-69906-Monstra-CMS-3.0.4-Arbitrary-File-Upload-to-RCE

CVE-2026-24423
(9.8 CRITICAL)

EPSS: 9.22%

updated 2026-02-06T18:30:29

7 posts

SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.

1 repos

https://github.com/aavamin/CVE-2026-24423

CVE-2026-0538
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-06T17:49:06.210000

1 posts

A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE-2026-0661
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-06T16:26:55.207000

1 posts

A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE-2025-69619
(7.5 HIGH)

EPSS: 0.05%

updated 2026-02-06T16:16:14.533000

1 posts

A path traversal in My Text Editor v1.6.2 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage.

CVE-2025-15566
(8.8 HIGH)

EPSS: 0.03%

updated 2026-02-06T15:14:47.703000

2 posts

A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secre

CVE-2026-2017
(9.8 CRITICAL)

EPSS: 0.08%

updated 2026-02-06T15:14:47.703000

1 posts

A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this d

1 repos

https://github.com/saaydmr/hikvision-exploiter

CVE-2026-24930
(8.4 HIGH)

EPSS: 0.01%

updated 2026-02-06T15:14:47.703000

1 posts

UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2026-24300
(9.8 CRITICAL)

EPSS: 0.09%

updated 2026-02-06T15:14:47.703000

1 posts

Azure Front Door Elevation of Privilege Vulnerability

1 repos

https://github.com/stephaniesahnihi/CVE-2026-24300

CVE-2025-15080(CVSS UNKNOWN)

EPSS: 0.05%

updated 2026-02-06T09:31:30

1 posts

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected product, write device data in the affected product, or cause a denial of service (DoS) condition on the affected product by sending a specially crafted

CVE-2026-1499
(9.8 CRITICAL)

EPSS: 1.23%

updated 2026-02-06T09:30:36

1 posts

The WP Duplicate plugin for WordPress is vulnerable to Missing Authorization leading to Arbitrary File Upload in all versions up to and including 1.1.8. This is due to a missing capability check on the `process_add_site()` AJAX action combined with path traversal in the file upload functionality. This makes it possible for authenticated (subscriber-level) attackers to set the internal `prod_key_ra

CVE-2026-21643
(9.8 CRITICAL)

EPSS: 0.13%

updated 2026-02-06T09:30:35

2 posts

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

1 repos

https://github.com/DarkSploits/CVE-2026-21643-Exploit

CVE-2026-24926
(8.4 HIGH)

EPSS: 0.01%

updated 2026-02-06T09:30:35

1 posts

Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2026-0106
(9.4 CRITICAL)

EPSS: 0.00%

updated 2026-02-06T03:30:19

1 posts

In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2026-24302
(8.6 HIGH)

EPSS: 0.08%

updated 2026-02-06T00:30:37

1 posts

Azure Arc Elevation of Privilege Vulnerability

CVE-2026-0391
(6.5 MEDIUM)

EPSS: 0.06%

updated 2026-02-06T00:30:32

1 posts

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-21532
(8.2 HIGH)

EPSS: 0.09%

updated 2026-02-06T00:30:32

1 posts

Azure Function Information Disclosure Vulnerability

CVE-2025-11953
(9.8 CRITICAL)

EPSS: 6.95%

updated 2026-02-05T21:38:32

6 posts

The Metro Development Server, which is opened by the React Native CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments

4 repos

https://github.com/Mr-In4inci3le/CVE-2025-11953-POC-

https://github.com/SaidBenaissa/cve-2025-11953-vulnerability-demo

https://github.com/N3k0t-dev/PoC-CVE-collection

https://github.com/boroeurnprach/CVE-2025-11953-PoC

CVE-2026-20979
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-05T21:33:39

1 posts

Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Settings privilege.

CVE-2025-11234
(7.5 HIGH)

EPSS: 0.10%

updated 2026-02-05T21:33:38

1 posts

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VN

CVE-2025-15311
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-05T21:32:48

1 posts

Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.

CVE-2025-15330
(8.8 HIGH)

EPSS: 0.04%

updated 2026-02-05T21:32:42

1 posts

Tanium addressed an improper input validation vulnerability in Deploy.

CVE-2025-68722
(8.8 HIGH)

EPSS: 0.03%

updated 2026-02-05T21:32:40

1 posts

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin interface through improper handling of the _s (breadcrumb) parameter. The application accepts state-changing requests via the GET method and automatically processes base64-encoded commands queued in the _s parameter immediately after administrator authentication. A

1 repos

https://github.com/osmancanvural/CVE-2025-68722

CVE-2026-20983
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-05T21:21:13.780000

1 posts

Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Samsung Dialer privilege.

CVE-2025-68721
(9.1 CRITICAL)

EPSS: 0.01%

updated 2026-02-05T21:15:51.963000

2 posts

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint (page=sslcerts). This allows the attacker to view, download, upload, and delete SSL certificate files, despite lacking the necessary pr

1 repos

https://github.com/osmancanvural/CVE-2025-68721

CVE-2026-25055
(8.1 HIGH)

EPSS: 0.08%

updated 2026-02-05T20:41:47.613000

1 posts

n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those remote systems potentially leading to remote code execution on those systems. As a prerequisites an un

CVE-2026-25236
(9.8 CRITICAL)

EPSS: 0.03%

updated 2026-02-05T18:06:21.580000

1 posts

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN (...) list. This issue has been patched in version 1.33.0.

CVE-2026-25240
(9.8 CRITICAL)

EPSS: 0.03%

updated 2026-02-05T17:56:13.807000

1 posts

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains() when role filters are provided as an array and interpolated into an IN (...) clause. This issue has been patched in version 1.33.0.

CVE-2025-61732
(8.6 HIGH)

EPSS: 0.01%

updated 2026-02-05T15:32:15

2 posts

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

CVE-2025-71031
(7.5 HIGH)

EPSS: 0.04%

updated 2026-02-05T15:32:15

1 posts

Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of service by consuming RAM memory.

CVE-2025-67188
(9.8 CRITICAL)

EPSS: 0.10%

updated 2026-02-05T15:32:11

1 posts

A buffer overflow vulnerability exists in TOTOLINK A950RG V4.1.2cu.5204_B20210112. The issue resides in the setRadvdCfg interface of the /lib/cste_modules/ipv6.so module. The function fails to properly validate the length of the user-controlled radvdinterfacename parameter, allowing remote attackers to trigger a stack buffer overflow.

CVE-2025-67189
(9.8 CRITICAL)

EPSS: 0.15%

updated 2026-02-05T15:32:10

1 posts

A buffer overflow vulnerability exists in the setParentalRules interface of TOTOLINK A950RG V4.1.2cu.5204_B20210112. The urlKeyword parameter is not properly validated, and the function concatenates multiple user-controlled fields into a fixed-size stack buffer without performing boundary checks. A remote attacker can exploit this flaw to cause denial of service or potentially achieve arbitrary co

CVE-2025-69970
(9.3 CRITICAL)

EPSS: 0.05%

updated 2026-02-05T15:16:08.230000

1 posts

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API endpoints, modify projects, and control industrial equipment immediately after installation.

CVE-2025-69620
(5.7 MEDIUM)

EPSS: 0.01%

updated 2026-02-05T15:16:07.940000

1 posts

A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage.

CVE-2026-20098
(8.8 HIGH)

EPSS: 0.90%

updated 2026-02-05T14:57:34.297000

2 posts

A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system. This vulnerability is due to improper input validation in certain sections of the web-based management interface. An attacker could exploit this vulnerability&n

CVE-2025-13379
(8.6 HIGH)

EPSS: 0.09%

updated 2026-02-05T14:57:20.563000

1 posts

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

CVE-2025-10314
(8.8 HIGH)

EPSS: 0.01%

updated 2026-02-05T14:57:20.563000

1 posts

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files (EXE) or DLLs in the installation directory with specially crafted files. As a result, the attacker may be able to disclose, tamper with, delete, or destroy inf

CVE-2026-25585
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-05T14:57:20.563000

1 posts

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a vulnerability IccCmm.cpp:5793 when reading through index during ICC profile processing. The malformed ICC profile triggers improper array bounds validation in the color management module, resulting in an out-of-bounds read

CVE-2026-25546
(7.8 HIGH)

EPSS: 0.07%

updated 2026-02-05T14:57:20.563000

2 posts

Godot MCP is a Model Context Protocol (MCP) server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input (e.g., projectPath) directly to exec(), which spawns a shell. An attacker could inject shell metacharacters like $(command) or &calc to execute a

1 repos

https://github.com/mbanyamer/CVE-2026-25546-godot-mcp-0.1.1-OS-Command-Injection

CVE-2026-25583
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-05T14:57:20.563000

1 posts

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccFileIO::Read8() when processing malformed ICC profile files via unchecked fread operation. This issue has been patched in version 2.3.1.3.

CVE-2026-24884
(8.4 HIGH)

EPSS: 0.02%

updated 2026-02-05T14:57:20.563000

1 posts

Compressing is a compressing and uncompressing lib for node. In version 2.0.0 and 1.10.3 and prior, Compressing extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an attacker can cause subsequent file entries to be written to arbitrary locations on the host file system. Depending on th

CVE-2026-25157
(7.7 HIGH)

EPSS: 0.02%

updated 2026-02-05T14:57:20.563000

2 posts

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When the cd command failed, the unescaped path was interpolated directly into an echo statement, allowing arbi

CVE-2026-25161
(8.8 HIGH)

EPSS: 0.05%

updated 2026-02-05T14:57:20.563000

1 posts

Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal sequences into filename components, enabling unauthorised file removal, movement and copying across user

CVE-2026-25140
(7.5 HIGH)

EPSS: 0.04%

updated 2026-02-05T14:57:20.563000

1 posts

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in pkg/apk/expandapk/expandapk.go expands .apk streams without enforcing decompression limits, allowing a malicious repository to ser

CVE-2025-11730
(7.2 HIGH)

EPSS: 0.20%

updated 2026-02-05T03:30:23

1 posts

A post‑authentication command injection vulnerability in the Dynamic DNS (DDNS) configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50(W) series firmware versions from V5.35 through V5.41, and USG20(W)-VPN series firmware versions from V5.35 through V5.41 could allow an authenticated attacker

CVE-2026-25539
(9.1 CRITICAL)

EPSS: 0.27%

updated 2026-02-05T00:36:45

1 posts

## Summary The `/api/file/copyFile` endpoint does not validate the `dest` parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution (RCE) by writing to sensitive locations such as cron jobs, SSH authorized_keys, or shell configuration files. - Affected Version: 3.5.3 (and likely all prior versions) ## Details - Type:

CVE-2026-25526
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-02-05T00:35:16

1 posts

## Impact **Vulnerability Type**: Sandbox Bypass / Remote Code Execution **Affected Component**: Jinjava **Affected Users**: - Organizations using HubSpot's Jinjava template rendering engine for user-provided template content - Any system that renders untrusted Jinja templates using HubSpot's Jinjava implementation - Users with the ability to create or edit custom code templates **Severity**:

CVE-2025-13192
(8.2 HIGH)

EPSS: 0.08%

updated 2026-02-05T00:31:08

1 posts

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to generic SQL Injection via the multiple REST API endpoints in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthe

CVE-2026-24735
(7.5 HIGH)

EPSS: 0.02%

updated 2026-02-04T21:57:36

1 posts

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized users to retrieve restricted or sensitive information. Users are recommended to upgrade to version 2.0.0, which fixes the issue.

CVE-2026-25160
(9.1 CRITICAL)

EPSS: 0.01%

updated 2026-02-04T21:56:51

2 posts

### Summary The application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle (MitM) attacks. This enables the complete decryption, theft, and manipulation of all data transmitted during storage operations, severely compromising the confidentiality and integrity of user data. ### Details Certificate v

CVE-2026-25143
(7.8 HIGH)

EPSS: 0.02%

updated 2026-02-04T21:56:11

2 posts

An attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds input-derived values (series paths, patch filenames, and numeric parameters) into shell scripts without proper quoting or validation, allowing shell metacharacters to break out of their intended context.

CVE-2026-25121
(7.5 HIGH)

EPSS: 0.04%

updated 2026-02-04T21:55:46

1 posts

A Path Traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package (e.g., via a compromised or typosquatted repository) could create directories or symlinks outside the intended installation root. The MkdirAll, Mkdir, and Symlink methods in pkg/apk/fs/rwosfs.go use filepath.Join() without validating that the resulting path stays

CVE-2026-24844
(7.8 HIGH)

EPSS: 0.02%

updated 2026-02-04T21:55:30

1 posts

An attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses `${{vars.*}}` or `${{inputs.*}}` substitutions in `working-directory`. The field is embedded into shell scripts without proper quote escaping. **Fix:** Fixed with [e51ca30c](https://github.com/chainguard-dev/melange/commit/e51ca30cfb63178f5a86997d23d3fff

CVE-2026-24843
(8.2 HIGH)

EPSS: 0.02%

updated 2026-02-04T21:55:21

1 posts

An attacker who can influence the tar stream from a QEMU guest VM could write files outside the intended workspace directory on the host. The `retrieveWorkspace` function extracts tar entries without validating that paths stay within the workspace, allowing Path Traversal via `../` sequences. **Fix:** Fixed in [6e243d0d](https://github.com/chainguard-dev/melange/commit/6e243d0d46699f837d7c392397a

CVE-2026-23897
(7.5 HIGH)

EPSS: 0.04%

updated 2026-02-04T21:55:12

1 posts

### Impact The default configuration of `startStandaloneServer` from `@apollo/server/standalone` is vulnerable to Denial of Service (DoS) attacks through specially crafted request bodies with exotic character set encodings. This issue does not affect users that use `@apollo/server` as a dependency for integration packages, like `@as integrations/express5` or `@as-integrations/next`, only direct

CVE-2025-13375
(9.8 CRITICAL)

EPSS: 0.06%

updated 2026-02-04T21:30:43

1 posts

IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.

CVE-2026-0536
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-04T21:30:43

1 posts

A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE-2025-59439
(7.5 HIGH)

EPSS: 0.04%

updated 2026-02-04T21:30:32

1 posts

An issue was discovered in Samsung Modem Exynos through 2025-08-29. Incorrect handling of NAS Registration messages leads to a Denial of Service because of Improper Handling of Exceptional Conditions.

CVE-2025-69875
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-04T21:30:32

1 posts

A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged local user to restore quarantined files into protected system directories. This behavior can be abused by a local attacker to place files in high-privilege locations, potentially leading to privilege

CVE-2026-25027
(7.5 HIGH)

EPSS: 0.11%

updated 2026-02-04T21:30:30

1 posts

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects Unicamp: from n/a through <= 2.7.1.

CVE-2026-25049(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-02-04T21:09:38

8 posts

### Impact Additional exploits in the expression evaluation of n8n have been identified and patched following [CVE-2025-68613](https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp). An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. ###

CVE-2026-24512
(8.8 HIGH)

EPSS: 0.10%

updated 2026-02-04T20:04:50

1 posts

A security issue was discovered in ingress-nginx. Tthe `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

CVE-2026-25052(CVSS UNKNOWN)

EPSS: 0.01%

updated 2026-02-04T19:53:39

1 posts

## Impact A vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical configuration data and user credentials, leading to complete account takeover of any user on the instance. ## Patches The issue has been fixed in n8n version 1.123.18 and 2.5.0. U

CVE-2025-64712
(9.8 CRITICAL)

EPSS: 0.06%

updated 2026-02-04T19:53:06

1 posts

A Path Traversal vulnerability in the `partition_msg` function allows an attacker to write or overwrite arbitrary files on the filesystem when processing malicious MSG files with attachments. ## Impact An attacker can craft a malicious .msg file with attachment filenames containing path traversal sequences (e.g., `../../../etc/cron.d/malicious`). When processed with `process_attachments=Tru

CVE-2025-61917
(7.7 HIGH)

EPSS: 0.01%

updated 2026-02-04T19:53:01

1 posts

### Impact The use of `Buffer.allocUnsafe()` and `Buffer.allocUnsafeSlow()` in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process (for example, data from prior requests, tasks, secrets, or tokens), resulting in potential information disclosure. Only authenticated users are able to

CVE-2026-25115(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-02-04T19:42:05

1 posts

## Impact A vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. Only authenticated users are able to execute code through Task Runners. This issue affected any deployment in which the following conditions were met: - Task Runners were enabled using `N8N_RUNNERS_ENABLED=true` (d

CVE-2026-25056(CVSS UNKNOWN)

EPSS: 0.13%

updated 2026-02-04T19:39:42

1 posts

## Impact A vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remote code execution. ## Patches The issue has been fixed in n8n version 2.4.0, 1.118.0. Users should upgrade to this version or later to remediate the vulnerability. ## Workarounds

CVE-2026-25053(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-02-04T18:38:16

1 posts

## Impact Vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. ## Patches The issue has been fixed in n8n versions 2.5.0, and 1.123.10. Users should upgrade to this version or later to remediate the vulnerability. ## Workarounds If upgrading is not immediately pos

CVE-2025-67187
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-02-04T18:31:37

1 posts

A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4.1.2cu.5204_B20210112. The flaw exists in the setIpQosRules interface of /lib/cste_modules/firewall.so where the comment parameter is not properly validated for length.

CVE-2025-46651
(9.1 CRITICAL)

EPSS: 0.02%

updated 2026-02-04T18:31:36

1 posts

Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send crafted requests to localhost by using http://www.127.0.0.1.example.com/ or a similarly constructed domain name. This may lead to unauthorized port scanning or access to internal-only services.

CVE-2025-60865
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-04T18:31:36

1 posts

Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component.

CVE-2025-57529
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-02-04T18:31:36

1 posts

YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could lead to unauthorized data access

1 repos

https://github.com/songqb-xx/CVE-2025-57529

CVE-2025-66374
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-04T18:31:36

1 posts

CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task.

CVE-2026-0660
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-04T18:30:51

1 posts

A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE-2026-20119
(7.5 HIGH)

EPSS: 0.08%

updated 2026-02-04T18:30:51

2 posts

A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of input received by an affected device. An attacker could exploit this vulnerability by getting

CVE-2026-0659
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-04T18:30:51

1 posts

A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE-2026-0662
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-04T18:30:51

1 posts

A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized.

CVE-2026-0537
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-04T18:30:50

2 posts

A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE-2025-59818
(10.0 CRITICAL)

EPSS: 0.10%

updated 2026-02-04T18:30:39

1 posts

This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.

CVE-2025-61506
(9.8 CRITICAL)

EPSS: 0.09%

updated 2026-02-04T18:30:31

1 posts

An issue was discovered in MediaCrush thru 1.0.1 allowing remote unauthenticated attackers to upload arbitrary files of any size to the /upload endpoint.

1 repos

https://github.com/pescada-dev/CVE-2025-61506

CVE-2025-63372
(7.5 HIGH)

EPSS: 0.29%

updated 2026-02-04T18:30:31

1 posts

Articentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents.

CVE-2025-67186
(9.8 CRITICAL)

EPSS: 0.15%

updated 2026-02-04T17:16:10.007000

1 posts

TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cste_modules/firewall.so. The vulnerability occurs because the `url` parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow, potentially leading to arbitrary code execution or denial of service.

CVE-2025-63624
(9.8 CRITICAL)

EPSS: 0.16%

updated 2026-02-04T17:16:09.180000

1 posts

SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform v.1.0 allows a remote attacker to execute arbitrary code via the imei_list.aspx file.

CVE-2026-1340
(9.8 CRITICAL)

EPSS: 0.18%

updated 2026-02-04T16:34:21.763000

3 posts

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

1 repos

https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE

CVE-2025-70560
(8.4 HIGH)

EPSS: 0.06%

updated 2026-02-04T16:34:21.763000

1 posts

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achieve arbitrary code execution when the file is loaded.

CVE-2025-15368
(8.8 HIGH)

EPSS: 0.14%

updated 2026-02-04T16:33:44.537000

1 posts

The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'template_name' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass acce

CVE-2025-15285
(7.5 HIGH)

EPSS: 0.08%

updated 2026-02-04T16:33:44.537000

1 posts

The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkBlogAuthentication() and checkCategoryAuthentication() functions in all versions up to, and including, 2.2.1. These authorization functions only implement basic API key authentication but fail to implement WordPress capability checks. This makes it possib

CVE-2025-5329
(9.8 CRITICAL)

EPSS: 0.01%

updated 2026-02-04T15:30:29

1 posts

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martcode Software Inc. Delta Course Automation allows SQL Injection.This issue affects Delta Course Automation: through 04022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

1 repos

https://github.com/sahici/CVE-2025-5329

CVE-2025-15268
(7.5 HIGH)

EPSS: 0.07%

updated 2026-02-04T09:30:36

1 posts

The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the 'infility_get_data' API action in all versions up to, and including, 2.14.46. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append - with certain server configurati

CVE-2026-1819
(8.8 HIGH)

EPSS: 0.05%

updated 2026-02-04T09:30:35

1 posts

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Karel Electronics Industry and Trade Inc. ViPort allows Stored XSS.This issue affects ViPort: through 23012026.

CVE-2026-1756
(8.8 HIGH)

EPSS: 0.22%

updated 2026-02-04T09:30:30

1 posts

The WP FOFT Loader plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'WP_FOFT_Loader_Mimes::file_and_ext' function in all versions up to, and including, 2.1.39. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution po

CVE-2026-1633
(10.0 CRITICAL)

EPSS: 0.05%

updated 2026-02-04T00:30:41

2 posts

The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device.

CVE-2026-1632
(9.1 CRITICAL)

EPSS: 0.13%

updated 2026-02-04T00:30:41

1 posts

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device.

CVE-2026-1341(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-02-04T00:30:40

1 posts

Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control.

CVE-2025-40551
(9.8 CRITICAL)

EPSS: 22.94%

updated 2026-02-03T21:31:50

5 posts

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Nuclei template