CVE & Exploit Intelligence Database

CVE-2020-37184 9.8 CRITICAL 1 PoC Analysis EPSS 0.00

Allok Video Converter 4.6.1217 contains a stack overflow vulnerability in the License Name input field that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite SEH handlers and execute system commands by injecting malicious bytecode into the input field.

CWE-121 Feb 11, 2026

CVE-2020-37183 9.8 CRITICAL 1 PoC Analysis EPSS 0.00

Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload in the License Name input field to trigger a buffer overflow and execute system commands like calc.exe.

CWE-121 Feb 11, 2026

CVE-2020-37181 9.8 CRITICAL 1 PoC Analysis EPSS 0.00

Torrent FLV Converter 1.51 Build 117 contains a stack overflow vulnerability that allows attackers to overwrite Structured Exception Handler (SEH) through a malicious registration code input. Attackers can craft a payload with specific offsets and partial SEH overwrite techniques to potentially execute arbitrary code on vulnerable Windows 32-bit systems.

CWE-121 Feb 11, 2026

CVE-2020-37176 9.8 CRITICAL 1 PoC Analysis EPSS 0.00

Torrent 3GP Converter 1.51 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload targeting the application's registration dialog to trigger code execution and open the calculator through carefully constructed buffer overflow techniques.

CWE-121 Feb 11, 2026

CVE-2020-37153 9.8 CRITICAL 1 PoC Analysis EPSS 0.00

ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with root permissions through cron task manipulation.

CWE-79 Feb 11, 2026

CVE-2026-2249 9.8 CRITICAL 2 PoCs Analysis EPSS 0.00

METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the software, granting unauthorized access to modify configuration, read and alter sensitive data, or disrupt services.

CWE-306 Feb 11, 2026

CVE-2026-2248 9.8 CRITICAL 1 PoC Analysis EPSS 0.00

METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root (UID 0) privileges. This results in full system compromise, allowing unauthorized access to modify system configuration, read sensitive data, or disrupt device operations

CWE-306 Feb 11, 2026

CVE-2026-1357 9.8 CRITICAL EXPLOITED 7 PoCs Analysis EPSS 0.00

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when writing uploaded files. When the plugin fails to decrypt a session key using openssl_private_decrypt(), it does not terminate execution and instead passes the boolean false value to the phpseclib library's AES cipher initialization. The library treats this false value as a string of null bytes, allowing an attacker to encrypt a malicious payload using a predictable null-byte key. Additionally, the plugin accepts filenames from the decrypted payload without sanitization, enabling directory traversal to escape the protected backup directory. This makes it possible for unauthenticated attackers to upload arbitrary PHP files to publicly accessible directories and achieve Remote Code Execution via the wpvivid_action=send_to_site parameter.

CWE-434 Feb 11, 2026

CVE-2026-21531 9.8 CRITICAL 2 PoCs Analysis EPSS 0.00

Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.

CWE-502 Feb 10, 2026

CVE-2026-23906 9.8 CRITICAL 1 PoC Analysis EPSS 0.00

Affected Products and Versions * Apache Druid * Affected Versions: 0.17.0 through 35.x (all versions prior to 36.0.0) * Prerequisites: * druid-basic-security extension enabled * LDAP authenticator configured * Underlying LDAP server permits anonymous bind                                                                                                                                                    Vulnerability Description An authentication bypass vulnerability exists in Apache Druid when using the druid-basic-security extension with LDAP authentication. If the underlying LDAP server is configured to allow anonymous binds, an attacker can bypass authentication by providing an existing username with an empty password. This allows unauthorized access to otherwise restricted Druid resources without valid credentials. The vulnerability stems from improper validation of LDAP authentication responses when anonymous binds are permitted, effectively treating anonymous bind success as valid user authentication. Impact A remote, unauthenticated attacker can: * Gain unauthorized access to the Apache Druid cluster * Access sensitive data stored in Druid datasources * Execute queries and potentially manipulate data * Access administrative interfaces if the bypassed account has elevated privileges * Completely compromise the confidentiality, integrity, and availability of the Druid deployment                                                                                                                                                                                     Mitigation   Immediate Mitigation (No Druid Upgrade Required):                                                                                                                                                   * Disable anonymous bind on your LDAP server. This prevents the vulnerability from being exploitable and is the recommended immediate action. Resolution * Upgrade Apache Druid to version 36.0.0 or later, which includes fixes to properly reject anonymous LDAP bind attempts.

CWE-287 Feb 10, 2026

CVE-2026-25939 9.1 CRITICAL 2 PoCs Analysis EPSS 0.00

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through version 1.2.10, an authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on actions. This has been patched in FUXA version 1.2.11.

CWE-862 Feb 09, 2026

CVE-2026-1868 9.9 CRITICAL 1 PoC Analysis EPSS 0.00

GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied data via crafted Duo Agent Platform Flow definitions. This vulnerability could be used to cause Denial of Service or gain code execution on the Gateway. This has been fixed in versions 18.6.2, 18.7.1, and 18.8.1 of the GitLab AI Gateway.

CWE-1336 Feb 09, 2026

CVE-2020-37162 9.8 CRITICAL 1 PoC Analysis EPSS 0.00

Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload of 1608 bytes to trigger a stack-based buffer overflow and execute commands through the registration key field.

CWE-122 Feb 07, 2026

CVE-2020-37161 9.8 CRITICAL 1 PoC Analysis EPSS 0.00

Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote code execution, demonstrating the ability to run system commands like launching the calculator.

CWE-121 Feb 07, 2026

CVE-2020-37159 9.8 CRITICAL 1 PoC Analysis EPSS 0.00

Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution with potential remote code execution.

CWE-121 Feb 07, 2026

CVE-2020-37095 9.8 CRITICAL 1 PoC Analysis EPSS 0.00

Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell on port 1337 with system-level access.

CWE-121 Feb 07, 2026

CVE-2026-1731 9.8 CRITICAL KEV RANSOMWARE 8 PoCs Analysis NUCLEI EPSS 0.65

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

CWE-78 Feb 06, 2026

CVE-2026-25643 9.1 CRITICAL 4 PoCs Analysis EPSS 0.00

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution (RCE) vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream configuration (config.yaml), allowing direct injection of system commands via the exec: directive. The go2rtc service executes these commands without restrictions. This vulnerability is only exploitable by an administrator or users who have exposed their Frigate install to the open internet with no authentication which allows anyone full administrative control. This vulnerability is fixed in 0.16.4.

CWE-78 Feb 06, 2026

CVE-2025-64111 9.8 CRITICAL 1 PoC Analysis EPSS 0.00

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve remote command execution. This issue has been patched in versions 0.13.4 and 0.14.0+dev.

CWE-78 Feb 06, 2026

CVE-2019-25298 9.1 CRITICAL 1 PoC Analysis EPSS 0.00

html5_snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through Router_ID and Router_IP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by sending crafted payloads.

CWE-89 Feb 06, 2026