Recent CVEs

TRENDnet TEW-432BRP formSetWlanEncrypt stack-based overflow

Edimax BR-6478AC POST Request formWanTcpipSetup stack-based overflow

Edimax BR-6478AC POST Request formUSBFolder buffer overflow

Edimax BR-6478AC POST Request formUSBAccount buffer overflow

TRENDnet TEW-432BRP formSetPassword stack-based overflow

TRENDnet TEW-432BRP formResetStatistic stack-based overflow

TRENDnet TEW-432BRP formSetEnableWizard stack-based overflow

TRENDnet TEW-432BRP formSysLog stack-based overflow

TRENDnet TEW-432BRP formPortFw stack-based overflow

Edimax BR-6478AC POST Request formQoS buffer overflow

Edimax BR-6478AC POST Request formPPPoESetup stack-based overflow

Shibby Tomato Zserv ripd rip_zebra_read_ipv4 stack-based overflow

TRENDnet TEW-432BRP formSetDomainFilter stack-based overflow

TRENDnet TEW-432BRP formSetProtocolFilter stack-based overflow

TRENDnet TEW-432BRP formSetUrlFilter stack-based overflow

TRENDnet TEW-432BRP formSetFirewallRule stack-based overflow

TRENDnet TEW-432BRP formSetMACFilter stack-based overflow

Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction Endpoint

Spectra Gutenberg Blocks <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution via Arbitrary PHP Function Call via Block Attributes

GEO my WP <= 4.5.5 - Unauthenticated SQL Injection via 'swlatlng' / 'nelatlng' Parameters

iskorotkov/avro: CPU Exhaustion in Avro Decoder

iskorotkov/avro: Integer Overflow in Avro Decoder

FreeScout: Agent Impersonation via Missing HMAC Verification on Notification Reply Message-ID Path

Heap-buffer-overflow write in planar bitmap decoder

FreeRDP cliprdr server heap-buffer-overflow via undersized capabilitySetLength in CB_CLIP_CAPS

FreeRDP RDPEAR NDR ref-id aliasing causes client-side UAF/double-free and type confusion

FreeRDP RDPGFX CacheToSurface heap-buffer-overflow via clamped-rectangle validation bypass

FastGPT: SSRF Protection Bypass via `externalFile` in Dataset Preview API

cpp-httplib: HTTP header value percent-decoding in server-side `parse_header` enables CRLF injection

cpp-httplib: Malicious `X-Forwarded-For` Under Trusted-Proxy Configuration Triggers Empty `vector::front()`, Leading to Undefined Behavior and Server Crash

Formie: Unauthenticated front-end submission editing can overwrite existing submissions

Formie: Pre-authenticated server-side template injection in Hidden fields

Authentication Bypass Vulnerability in NI SystemLink Enterprise

Shopper: Authorization bypass in multiple Livewire admin components

Shopper: Authorization bypass and RBAC privilege escalation in team settings

SillyTavern: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

SillyTavern: Existing sessions are not invalidated after password change, allowing session reuse and account takeover

SillyTavern: Authentication Bypass via SSO Header Injection

SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl

Trilium Notes : Note Import to RCE via #docName Path Traversal (Safe Import Enabled)

Klever-Go MultiDataInterceptor: remote OOM via crafted compressed P2P payload

Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials

Arcane: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs

Arcane: Unauthenticated reflected XSS via SVG color parameter in /api/app-images/logo enables admin account takeover

Arcane: Missing admin authorization on global variables endpoint

Arcane: Authenticated Arbitrary Host File Read via Docker Compose Include Directives in Arcane

xiaomusic 0.5.7 Path Traversal via GET /music endpoint

MoviePilot v2 SSRF via /api/v1/system/img/{proxy} Endpoint

CP Plus 8 Ch. Network Video Recorder Cross-site Scripting

Dokploy: Authenticated Remote Code Execution via Command Injection in /listen-deployment WebSocket Endpoint

Dokploy: Command Injection via Unescaped Branch Fields in Deployment Pipeline

KMW CCTV Security Cameras Unverified Password Change

agno 2.6.5 SQL Injection via ClickHouse delete_by_metadata()

Dokploy: Authenticated Remote Code Execution via Command Injection in updateTraefikConfig Echo Statement

Dokploy: Pre-Auth Admin Takeover via Hardcoded Authentication Secret

Dokploy: Schedule Authorization Bypass Enables Host/Server Command Execution

Dokploy: Command Injection in /docker-container-logs Endpoint

Dokploy: Remote Code Execution through Path Traversal

Dokploy: Command Injection via incomplete shell escaping in docker logout (registry deletion)

Dokploy: Remote Code Execution via destinationPath in Container File Upload

Shibby Tomato miniupnpd resource consumption

Shibby Tomato multimon.cgi sub_90F0 stack-based overflow

Shibby Tomato UPS Service tomatoups.cgi sub_9068 stack-based overflow

GitHub CLI tokens leak via `gh attestation` commands

Shibby Tomato tomatodata.cgi get_ups_field stack-based overflow

manga-image-translator RCE via Unsafe Pickle Deserialization in Share Model

WP Travel Pro <= 10.6.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion Including Administrators

TRENDnet TEW-432BRP formWPS stack-based overflow

mcp-security: Unvalidated URL Fetching (SSRF)

TRENDnet TEW-432BRP formSetRoute stack-based overflow

Prototype pollution in form-data-objectizer via bracket-notation form keys

n8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incomplete

Home Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injection

mouse07410/asn1c: 1-byte Heap Out-of-Bounds Read in `INTEGER_decode_oer` via Malformed OER Payload

WWBN AVideo Live: OS command injection in on_publish.php execAsync via unescaped m3u8 URL

WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint

Roslyn CodeLens MCP Server: Untrusted Roslyn Analyzer Execution via get_diagnostics Leads to Arbitrary Code Execution

FreePBX: Authenticated Access can lead to Subsequent OAuth2 Authentication Bypass in API Module

FreePBX: Authenticated SQL Injection via ORDER BY in CDR Reports

FreePBX: Authenticated Local File Inclusion in Dashboard Module

FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface

Interinfo｜DreamMaker - Arbitrary File Read

Interinfo｜DreamMaker - Arbitrary File Upload

Interinfo｜DreamMaker - Arbitrary File Upload

HaxCMS has a stored Cross-Site Scripting (XSS) bypass in saveNode endpoint

RustFS: ImportIam Allows Creation of Backdoor Service Accounts Under Any Parent Including Root

RAGFlow: Server-Side Template Injection in Prompt Generator leads to Remote Code Execution

Uncaught exception vulnerability in Suprema's BioStar

Openshift/router: openshift/router: cloud metadata ssrf via fqdn-typed endpointslice bypasses destination validation

Openshift/router: openshift/router: mtls client certificate spoofing via unstripped x-ssl-client headers on http frontend

Acer Wave 7 router: Hardcoded Cryptographic Key

Acer Wave 7 router: Broken Access Control

Predator Connect W6x: RCE via MQTT

Predator Connect W6x: MQTT Broker Access Control

Predator Connect W6x: Improper Authentication

Predator Connect W6x: Web Interface Command Injection

Predator Connect W6x: unauthenticated Debug Service

Media Library Assistant <= 3.35 - Cross-Site Request Forgery via Bulk Action Form

OTP Login With Phone Number, OTP Verification <= 1.8.60 - Unauthenticated Authentication Bypass via Firebase OTP Verification

BankPro E-Service Technology｜Service Center - Insecure Direct Object Reference