Security Vulnerabilities
LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection.
CVSS Score
7.1
EPSS Score
0.0
Published
2026-01-27
TapinRadio 2.13.7 contains a denial of service vulnerability in the application proxy settings that allows attackers to crash the program by overflowing input fields. Attackers can paste a large buffer of 20,000 characters into the username and address fields to cause the application to become unresponsive and require reinstallation.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-01-27
Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands by accessing the uploaded file via web browser.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-01-27
n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime.
An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.
CVSS Score
9.9
EPSS Score
0.004
Published
2026-01-27
Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application
CVSS Score
9.1
EPSS Score
0.0
Published
2026-01-27
Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory
CVSS Score
5.3
EPSS Score
0.0
Published
2026-01-27
Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users.
CVSS Score
6.1
EPSS Score
0.001
Published
2026-01-27
Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contains a Plaintext Storage of Password vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVSS Score
7.0
EPSS Score
0.001
Published
2026-01-27
Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI
CVSS Score
8.8
EPSS Score
0.0
Published
2026-01-27
Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inffast.C.
This issue affects root.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-01-27