Exploit Intelligence Platform

CVE-2026-27971 9.8 CRITICAL NUCLEI EPSS 0.00

Qwik <=1.19.0 - Deserialization RCE

Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a single HTTP request. Affects any deployment where require() is available at runtime. This vulnerability is fixed in 1.19.1.

CWE-502 Mar 03, 2026

CVE-2025-32355 NUCLEI EPSS 0.02

Rocket TRUfusion Enterprise <7.10.4.0 - SSRF

Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.

Feb 17, 2026

CVE-2026-0829 5.8 MEDIUM NUCLEI EPSS 0.02

Frontend File Manager Plugin 23.5 - Info Disclosure

The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess file IDs to access and share uploaded files without permission, exposing sensitive information.

CWE-862 Feb 17, 2026

CVE-2026-1603 8.6 HIGH KEV NUCLEI EPSS 0.12

Ivanti Endpoint Manager < 2024 - Authentication Bypass

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.

CWE-288 Feb 10, 2026

CVE-2026-25892 7.5 HIGH 1 Writeup NUCLEI EPSS 0.02

Vrana Adminer < 5.4.2 - Improper Input Validation

Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version[] parameter which PHP converts to an array. On next page load, openssl_verify() receives this array instead of string and throws TypeError, returning HTTP 500 to all users. Upgrade to Adminer 5.4.2.

CWE-20 Feb 09, 2026

CVE-2026-1731 9.8 CRITICAL KEV RANSOMWARE 8 PoCs Analysis NUCLEI EPSS 0.65

BeyondTrust RS/PRA - RCE

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

CWE-78 Feb 06, 2026

CVE-2020-37123 9.8 CRITICAL 1 PoC Analysis NUCLEI EPSS 0.12

Pinger 1.0 - RCE

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters.

CWE-78 Feb 05, 2026

CVE-2026-25512 8.8 HIGH 3 PoCs Analysis NUCLEI EPSS 0.14

Group-office Group Office < 6.8.150 - OS Command Injection

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled parameter tmp_file into an exec() call. By injecting shell metacharacters into tmp_file, an authenticated attacker can execute arbitrary system commands on the server. This issue has been patched in versions 6.8.150, 25.0.82, and 26.0.5.

CWE-78 Feb 04, 2026

CVE-2025-69971 9.8 CRITICAL 1 Writeup NUCLEI EPSS 0.05

Frangoteam Fuxa - Hard-coded Credentials

FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access.

CWE-798 Feb 03, 2026

CVE-2026-1207 5.4 MEDIUM EXPLOITED NUCLEI EPSS 0.05

Django < 4.2.28 - SQL Injection

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issue.

CWE-89 Feb 03, 2026

CVE-2025-40554 9.8 CRITICAL 2 PoCs Analysis NUCLEI EPSS 0.08

Solarwinds Web Help Desk < 2026.1 - Authentication Bypass

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.

CWE-1390 Jan 28, 2026

CVE-2025-40552 9.8 CRITICAL 1 PoC Analysis NUCLEI EPSS 0.10

Solarwinds Web Help Desk < 2026.1 - Authentication Bypass

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.

CWE-1390 Jan 28, 2026

CVE-2025-40551 9.8 CRITICAL KEV 1 PoC Analysis NUCLEI EPSS 0.81

Solarwinds Web Help Desk < 2026.1 - Insecure Deserialization

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

CWE-502 Jan 28, 2026

CVE-2025-40536 8.1 HIGH KEV 1 PoC Analysis NUCLEI EPSS 0.68

SolarWinds Web Help Desk unauthenticated RCE

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

CWE-693 Jan 28, 2026

CVE-2026-24128 6.1 MEDIUM 1 Writeup NUCLEI EPSS 0.00

XWiki Platform <17.7.0 - XSS

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 7.0-milestone-2 through 16.10.11, 17.0.0-rc-1 through 17.4.4, and 17.5.0-rc-1 through 17.7.0 contain a reflected Cross-site Scripting (XSS) vulnerability, which allows an attacker to craft a malicious URL and execute arbitrary actions with the same privileges as the victim. If the victim has administrative or programming rights, those rights can be exploited to gain full access to the XWiki installation. This issue has been patched in versions 17.8.0-rc-1, 17.4.5 and 16.10.12. To workaround, the patch can be applied manually, only a single line in templates/logging_macros.vm needs to be changed, no restart is required.

CWE-80 Jan 24, 2026

CVE-2022-25369 9.8 CRITICAL EXPLOITED NUCLEI EPSS 0.80

Dynamicweb <9.12.8 - Auth Bypass

An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of the product can be run again. Once an attacker is authenticated as the new admin user they have added, it is possible to upload an executable file and achieve command execution. This is fixed in 9.5.9, 9.6.16, 9.7.8, 9.8.11, 9.9.8, 9.10.18, 9.12.8, and 9.13.0 (and later).

CWE-287 Jan 23, 2026

CVE-2026-0770 9.8 CRITICAL EXPLOITED 4 PoCs Analysis NUCLEI EPSS 0.10

Langflow - RCE

Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the exec_globals parameter provided to the validate endpoint. The issue results from the inclusion of a resource from an untrusted control sphere. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27325.

CWE-829 Jan 23, 2026

CVE-2026-23760 9.8 CRITICAL KEV RANSOMWARE 2 PoCs Analysis NUCLEI EPSS 0.65

SmarterTools SmarterMail <9511 - Auth Bypass

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. NOTE: SmarterMail system administrator privileges grant the ability to execute operating system commands via built-in management functionality, effectively providing administrative (SYSTEM or root) access on the underlying host.

CWE-288 Jan 22, 2026

CVE-2026-24061 9.8 CRITICAL KEV 67 PoCs Analysis NUCLEI EPSS 0.72

GNU Inetutils Telnet Authentication Bypass Exploit CVE-2026-24061

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

CWE-88 Jan 21, 2026

CVE-2026-23744 9.8 CRITICAL EXPLOITED 2 PoCs Analysis NUCLEI EPSS 0.17

MCPJam inspector <1.4.2 - RCE

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.

CWE-306 Jan 16, 2026

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps