Exploit Intelligence Platform

CVE-2026-21510 8.8 HIGH KEV 2 PoCs Analysis EPSS 0.04

Windows Shell < unknown - Privilege Escalation

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

CWE-693 Feb 10, 2026

CVE-2026-25115 9.9 CRITICAL EPSS 0.00

n8n <2.4.8 - Code Injection

n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8.

CWE-693 Feb 04, 2026

CVE-2026-25056 8.8 HIGH EPSS 0.00

N8n < 1.118.0 - Remote Code Execution

n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remote code execution. This issue has been patched in versions 1.118.0 and 2.4.0.

CWE-693 Feb 04, 2026

CVE-2026-0620 EPSS 0.00

Archer AXE75 V1 - Info Disclosure

When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled. This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality.

CWE-693 Feb 03, 2026

CVE-2026-1232 EPSS 0.00

BeyondTrust Privilege Management <25.7 - Privilege Escalation

A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions <=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product’s anti-tamper protections, which could allow access to protected application components and the ability to modify product configuration.

CWE-693 Feb 02, 2026

CVE-2026-23553 2.9 LOW EPSS 0.00

Xen - Info Disclosure

In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1) vCPU runs on CPU A, running task 1. 2) vCPU moves to CPU B, idle gets scheduled on A. Xen skips IBPB. 3) On CPU B, guest kernel switches from task 1 to 2, issuing IBPB. 4) vCPU moves back to CPU A. Xen skips IBPB again. Now, task 2 is running on CPU A with task 1's training still in the BTB.

CWE-665 Jan 28, 2026

CVE-2025-40536 8.1 HIGH KEV 1 PoC Analysis NUCLEI EPSS 0.68

SolarWinds Web Help Desk unauthenticated RCE

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

CWE-693 Jan 28, 2026

CVE-2026-23830 10.0 CRITICAL 2 PoCs Analysis EPSS 0.00

SandboxJS <0.8.26 - RCE

SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`. The library attempts to sandbox code execution by replacing the global `Function` constructor with a safe, sandboxed version (`SandboxFunction`). This is handled in `utils.ts` by mapping `Function` to `sandboxFunction` within a map used for lookups. However, before version 0.8.26, the library did not include mappings for `AsyncFunction`, `GeneratorFunction`, and `AsyncGeneratorFunction`. These constructors are not global properties but can be accessed via the `.constructor` property of an instance (e.g., `(async () => {}).constructor`). In `executor.ts`, property access is handled. When code running inside the sandbox accesses `.constructor` on an async function (which the sandbox allows creating), the `executor` retrieves the property value. Since `AsyncFunction` was not in the safe-replacement map, the `executor` returns the actual native host `AsyncFunction` constructor. Constructors for functions in JavaScript (like `Function`, `AsyncFunction`) create functions that execute in the global scope. By obtaining the host `AsyncFunction` constructor, an attacker can create a new async function that executes entirely outside the sandbox context, bypassing all restrictions and gaining full access to the host environment (Remote Code Execution). Version 0.8.26 patches this vulnerability.

CWE-94 Jan 28, 2026

CVE-2026-24868 6.5 MEDIUM EPSS 0.00

Firefox < 147.0.2 - Privilege Escalation

Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 147.0.2.

CWE-693 Jan 27, 2026

CVE-2026-22709 9.8 CRITICAL 1 Writeup EPSS 0.00

NPM Vm2 < 3.10.2 - Code Injection

vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of `localPromise.prototype.then` is sanitized, but `globalPromise.prototype.then` is not sanitized. The return value of async functions is `globalPromise` object. Version 3.10.2 fixes the issue.

CWE-94 Jan 26, 2026

CVE-2025-55249 3.5 LOW EPSS 0.00

HCL AION - Info Disclosure

HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks.

CWE-693 Jan 19, 2026

CVE-2026-22686 10.0 CRITICAL 3 PoCs Analysis EPSS 0.00

NPM Enclave-vm < 2.7.0 - Code Injection

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. When a tool invocation fails, enclave-vm exposes a host-side Error object to sandboxed code. This Error object retains its host realm prototype chain, which can be traversed to reach the host Function constructor. An attacker can intentionally trigger a host error, then climb the prototype chain. Using the host Function constructor, arbitrary JavaScript can be compiled and executed in the host context, fully bypassing the sandbox and granting access to sensitive resources such as process.env, filesystem, and network. This breaks enclave-vm’s core security guarantee of isolating untrusted code. This vulnerability is fixed in 2.7.0.

CWE-94 Jan 14, 2026

CVE-2026-20824 5.5 MEDIUM EPSS 0.00

Windows Remote Assistance < unknown - Privilege Escalation

Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally.

CWE-693 Jan 13, 2026

CVE-2026-0881 10.0 CRITICAL EPSS 0.00

Mozilla Firefox < 147.0 - Improper Access Control

Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147 and Thunderbird < 147.

CWE-284 Jan 13, 2026

CVE-2026-0877 8.1 HIGH EPSS 0.00

Firefox <147- Thunderbird <140.7 - Mitigation Bypass

Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

CWE-693 Jan 13, 2026

CVE-2025-69264 8.8 HIGH 1 Writeup EPSS 0.00

Pnpm < 10.26.0 - Remote Code Execution

pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature "Dependency lifecycle scripts execution disabled by default". While pnpm v10 blocks postinstall scripts via the onlyBuiltDependencies mechanism, git dependencies can still execute prepare, prepublish, and prepack scripts during the fetch phase, enabling remote code execution without user consent or approval. This issue is fixed in version 10.26.0.

CWE-693 Jan 07, 2026

CVE-2025-15422 5.3 MEDIUM EPSS 0.00

EmpireSoft EmpireCMS <8.0 - Code Injection

A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE-693 Jan 02, 2026

CVE-2025-68668 9.9 CRITICAL 1 PoC Analysis EPSS 0.00

n8n <2.0.0 - Command Injection

n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process. This issue has been patched in version 2.0.0. Workarounds for this issue involve disabling the Code Node by setting the environment variable NODES_EXCLUDE: "[\"n8n-nodes-base.code\"]", disabling Python support in the Code node by setting the environment variable N8N_PYTHON_ENABLED=false, which was introduced in n8n version 1.104.0, and configuring n8n to use the task runner based Python sandbox via the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables.

CWE-693 Dec 26, 2025

CVE-2025-59849 4.7 MEDIUM EPSS 0.00

HCL BigFix Remote Control Lite Web Portal <10.1.0.0326 - XSS

Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages.

CWE-1021 Dec 17, 2025

CVE-2025-46291 7.8 HIGH EPSS 0.00

macOS Tahoe <26.2 - Privilege Escalation

A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may bypass Gatekeeper checks.

CWE-693 Dec 17, 2025

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps