CVE-2026-0148

In multiple functions of VideoRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0126

In WC-Radio, a missing bounds check enables an out-of-bounds write, potentially allowing remote code execution without extra privileges or user interaction. This is supported by the CVE entry and OSV detail; no vendor/version specifics or remediation are provided in the supplied documents.

CVE-2026-5416

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...

ChanCMS <= 3.3.0 - SQL Injection

yanyutao0402 ChanCMS = 3.3.0 contains a SQL injection caused by manipulation of the "key" argument in app/modules/api/service/Api.js Search function, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request. id: CVE-2025-10210 info: name: ChanCMS = 3.3.0 - SQL...

n8n >= 0.123.0 and < 1.121.3 - Remote Code Execution

n8n versions = 0.123.0 and = 0.123.0 and = 0.123.0 and 1.121.3 contain a critical authenticated remote code execution vulnerability via arbitrary file write. An authenticated user can exploit the Git node to overwrite critical files and execute untrusted code on the n8n server, potentially leadin...

TP-Link Archer AX21 (AX1800) - Unauthenticated Command Injection

TP-Link Archer AX21 AX1800 routers are vulnerable to unauthenticated OS command injection via the country parameter in the locale endpoint. This allows remote attackers to execute arbitrary commands as root. id: CVE-2023-1389 info: name: TP-Link Archer AX21 AX1800 - Unauthenticated Command...

Langflow <= 1.8.4 - Path Traversal to RCE via File Upload

The application contains a path traversal vulnerability caused by unsanitized 'filename' parameter in the 'POST /api/v2/files' multipart form data, letting attackers write files to arbitrary filesystem locations, exploit requires crafted request. id: CVE-2026-5027 info: name: Langflow = 1.8.4 -...

TYPO3 ceselector Extension - Insecure Deserialization

TYPO3 extension contains a PHP Object Injection caused by passing attacker-controlled cookie to unserialize without validation, letting remote unauthenticated attackers achieve remote code execution, exploit requires Persistent Mode: Static configuration. id: CVE-2026-46725 info: name: TYPO3...

WAVLINK WN530H4 live_api.cgi - Command Injection

A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication. id: CVE-2020-12124 info: name: WAVLINK WN530H4 liveapi.cgi - Command Injection author...

Evertz SDVN 3080ipx-10G - Unauthenticated Arbitrary Command Injection

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among...

SolarWinds Orion API - Auth Bypass

SolarWinds Orion API is vulnerable to an authentication bypass vulnerability that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance...

Laravel Livewire v3 - Remote Command Execution

Livewire v3 Laravel contains a vulnerability in its component hydration/update mechanism that can be exploited to reach remote command execution RCE without authentication under certain conditions. id: CVE-2025-54068 info: name: Laravel Livewire v3 - Remote Command Execution author: flame-11...

Advantech R-SeeNet 2.4.12 - OS Command Injection

Advantech R-SeeNet 2.4.12 is susceptible to remote OS command execution via the ping.php script functionality. An attacker, via a specially crafted HTTP request, can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering...

Cuppa CMS v1.0 - Authenticated Local File Inclusion

The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using function parameter value as LFI payload. id: CVE-2022-37191 info: name: Cuppa CMS v1.0 - Authenticated Local File Inclusion author: theamanrawat...

Spring Cloud Gateway Code Injection

Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote...

Apache ActiveMQ Fileserver - Arbitrary File Write

Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request via the Fileserver web application. id: CVE-2016-3088 info: name: Apache ActiveMQ Fileserver - Arbitrary File Write author: fqhsu severity: critical...

DELMIA Apriso - Command Injection

An Improper Control of Generation of Code code injection / file upload → RCE vulnerability affecting DELMIA Apriso Release 2020 → Release 2025. When an authenticated user can upload files and the upload handler fails to canonicalize filenames or enforce storage restrictions, an attacker may place...

MajorDoMo thumb.php - OS Command Injection

MajorDoMo aka Major Domestic Module before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager. id: CVE-2023-50917 info: name: MajorDoMo thumb.php - OS Command Injection author: DhiyaneshDK severity: critical...

Apache Spark - Authentication Bypass

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...

Apache Unomi <1.5.2 - Remote Code Execution

Apache Unomi allows conditions to use OGNL and MVEL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process. This vulnerability affects all versions of Apache Unomi prior to 1.5.2. id:...