CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-34938 PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing ... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-1699 In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull_request_target trigger while checking out and executing untrusted pull request code. This a... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-25520 SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function co... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-68121 During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-70974 Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-68271 OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical remote code execution vu... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-2778 Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thund... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-35402 PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters in the ip parameter (for satellite_status). | 10.0 | CRITICAL | β | 0 |
| CVE-2026-2776 Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < ... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-23693 ElementsKit Elementor Addons β Advanced Widgets & Templates Addons for Elementor (elementskit-lite) WordPress plugin versions prior to 3.7.9 expose the REST endpoint /wp-json/elementskit/v1/widget/mai... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-2760 Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Th... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-2761 Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | 10.0 | CRITICAL | β | 0 |
| CVE-2025-61937 The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of βtaoimrβ service, potentially resulting in complete compromis... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-27597 Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by `@enclave-vm/core`, which can be use... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-64090 This vulnerability allows authenticated attackers to execute commands via the hostname of the device. | 10.0 | CRITICAL | β | 0 |
| CVE-2025-64093 Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device. | 10.0 | CRITICAL | β | 0 |
| CVE-2025-63314 A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a rep... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-52694 Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-28289 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with f... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-0881 Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147 and Thunderbird < 147. | 10.0 | CRITICAL | β | 0 |
| CVE-2025-40805 Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitima... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-23800 Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from 2.5.2 before 2.6.0. | 10.0 | CRITICAL | β | 0 |
| CVE-2026-21636 A flaw in Node.js's permission model allows Unix Domain Socket (UDS) connections to bypass network restrictions when `--permission` is enabled. Even without `--allow-net`, attacker-controlled inputs (... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-4320 Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass,... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-26954 SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fr... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-32737 Romeo gives the capability to reach high code coverage of Go β₯1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.1, due to a... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-31852 Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-20127 A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, r... | 10.0 | CRITICAL | KEV | 0 |
| CVE-2025-69828 File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit | 10.0 | CRITICAL | β | 0 |
| CVE-2025-61492 A command injection vulnerability in the execute_command function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input. | 10.0 | CRITICAL | β | 0 |
| CVE-2026-1633 The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or ... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-3587 An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device. | 10.0 | CRITICAL | β | 0 |
| CVE-2025-57792 Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. An attacker can supply crafted input that ... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-25142 SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict __lookupGetter__ which can be used to obtain prototypes, which can be used for escaping the sandbox /... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-27574 OneUptime is a solution for monitoring and managing online services. In versions 9.5.13 and below, custom JavaScript monitor feature uses Node.js's node:vm module (explicitly documented as not a secur... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-11165 A sandbox escape vulnerability exists in dotCMSβs Velocity scripting engine (VTools) that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by Secu... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-26030 Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The ... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-27112 Kargo manages and automates the promotion of software artifacts. From 1.7.0 to before v1.7.8, v1.8.11, and v1.9.3, the batch resource creation endpoints of both Kargo's legacy gRPC API and newer REST ... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-26068 emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments. Prior to 3.21.1, untrusted agent metadata (Transport, Hostname) is accepted during check-in and later interpolated into ... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-23515 Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary s... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-25592 Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic K... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-0963 An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-1470 n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluat... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-64420 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-24740 Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzleβs agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) ... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-0488 An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the abi... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-26009 Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating syst... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-70830 A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker ... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-24849 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, theΒ `disposeDocument()`Β method inΒ `EtherFaxActions.php`Β allows authenti... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-25053 n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to e... | 9.9 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.