CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/01/23 3:0 a.m.•11 views

CVE-2026-0785

CVE-2026-0785 covers an issue in the ALGO 8180 IP Audio Alerter where the API interface fails to properly validate a user-supplied string before it is used in a system call. This leads to a remote command injection and remote code execution on affected devices. Authentication is required to explo...

8.8CVSS6.5AI score0.01256EPSS

ATTACKERKB•added 2026/01/23 2:58 a.m.•4 views

CVE-2026-0784

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...

7.2CVSS6.3AI score0.0148EPSS

Cvelist•added 2026/01/23 2:58 a.m.•29 views

CVE-2026-0784 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability

7.2CVSS0.0148EPSS

Vulnrichment•added 2026/01/23 2:58 a.m.•4 views

CVE-2026-0784 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability

7.2CVSS6.5AI score0.0148EPSS

CVE•added 2026/01/23 2:58 a.m.•16 views

CVE-2026-0783

CVE-2026-0783 affects ALGO 8180 IP Audio Alerter devices, targeting the web UI. The flaw is insufficient validation of a user-supplied string used in a system call, enabling an attacker to achieve remote code execution within the device context. Reported as a Web UI command injection with authent...

8.8CVSS6.5AI score0.0148EPSS

CVE•added 2026/01/23 2:58 a.m.•17 views

CVE-2026-0782

CVE-2026-0782 affects ALGO 8180 IP Audio Alerter, Web UI. Root cause: insufficient validation of a user-supplied string before it is used in a system call, enabling remote code execution in the device context. Exploitation requires authentication; confirmed in ZDI advisory ZDI-26-004 and related ...

8.8CVSS6.5AI score0.0148EPSS

CVE•added 2026/01/23 2:58 a.m.•11 views

CVE-2026-0781

The CVE-2026-0781 entry concerns ALGO 8180 IP Audio Alerter devices. Affected component: the web-based user interface, where improper validation of a user-supplied string before it is used to construct/execute a system call enables remote code execution in the device context. Exploitation require...

8.8CVSS6.5AI score0.01497EPSS

Cvelist•added 2026/01/23 2:57 a.m.•31 views

CVE-2026-0780 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability

7.2CVSS0.01497EPSS

ATTACKERKB•added 2026/01/23 2:57 a.m.•4 views

CVE-2026-0780

7.2CVSS6.3AI score0.01497EPSS

CVE•added 2026/01/23 2:57 a.m.•12 views

CVE-2026-0780

CVE-2026-0780 concerns the ALGO 8180 IP Audio Alerter, where the web UI fails to validate a user-supplied string before it is used in a system call, enabling a remote attacker to execute arbitrary code in the device’s context. The vulnerability is described as a Web UI command injection that requ...

8.8CVSS6.5AI score0.01497EPSS

Cvelist•added 2026/01/23 2:57 a.m.•28 views

CVE-2026-0779 ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability

ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw...

7.2CVSS0.01497EPSS

Vulnrichment•added 2026/01/23 2:57 a.m.•7 views

CVE-2026-0779 ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability

7.2CVSS6.5AI score0.01497EPSS

Vulnrichment•added 2026/01/23 2:55 a.m.•3 views

CVE-2026-0796 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability

7.2CVSS6.5AI score0.01511EPSS

ATTACKERKB•added 2026/01/23 2:55 a.m.•2 views

CVE-2026-0796

7.2CVSS6.3AI score0.01511EPSS

CVE•added 2026/01/22 1:55 a.m.•17 views

CVE-2026-23964

Mastodon vendor: Mastodon server (ActivityPub). Vulnerability CVE-2026-23964 is an insecure direct object reference in the web push subscription update endpoint affecting versions < 4.5.5, < 4.4.12, and

6.5CVSS5.6AI score0.00195EPSS

Exploits0References4Affected Software1

ATTACKERKB•added 2026/01/22 1:17 a.m.•2 views

CVE-2025-27379

A stored cross-site scripting XSS vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content...

6.8CVSS5.2AI score0.00201EPSS

Cisco•added 2026/01/21 4:0 p.m.•13 views

Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise Packaged CCE and Cisco Unified Contact Center Enterprise Unified CCE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-base...

4.8CVSS5.8AI score0.00173EPSS

RedhatCVE•added 2026/01/21 6:33 a.m.•15 views

CVE-2026-1045

The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS5.7AI score0.00189EPSS

RedhatCVE•added 2026/01/20 5:21 p.m.•3 views

CVE-2026-23522

LobeChat is an open source chat application platform. Prior to version 2.0.0-next.193, knowledgeBase.removeFilesFromKnowledgeBase tRPC ep allows authenticated users to delete files from any knowledge base without verifying ownership. userId filter in the database query is commented out, so it's...

3.7CVSS5.6AI score0.00194EPSS