Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.8 CVE-2026-14090

CVE-2026-14090_CVE-2026-14090

Insufficient validation of untrusted input in CameraCapture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to perfor...

Google Chrome 150.0.7871.47 CVE
CRITICAL 9.3 CVE-2026-34112

Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speechmac.php_CVE-2026-34112

Guardian language-system passes the id GET parameter directly into a PHP exec() call in speechmac.php (line 18) without sanitization: exec(\"php jo...

guardian language-system CVE
CRITICAL 9.3 CVE-2026-34109

Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speech.php_CVE-2026-34109

Guardian language-system passes the id GET parameter directly into a PHP exec() call in speech.php (line 18) without sanitization: exec(\"php jobs/...

guardian language-system CVE
CRITICAL 9.3 CVE-2026-58457

Shenzhen Aitemi M300 MT02 Unauthenticated OS Command Injection via protocol.csp_CVE-2026-58457

Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) contains an unauthenticated OS command injection vulnerability that allows network-adjace...

Shenzhen Aitemi E Commerce Co. Ltd. M300 Wi-Fi Repeater * CVE
CRITICAL 10 9300A862-8FDF-

Exploit for SQL Injection in Sangoma Freepbx_9300A862-8FDF-5FB3-B6EB-72DB0241BA85

CVE-2025-57819 Exploit Metadata - Severity: Critical 9.8 - Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - Type: Unauthenticated SQL Injecti...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.8 MSF:EXPLOIT-MULTI-

Flowise CSV Agent Prompt Injection RCE_MSF:EXPLOIT-MULTI-HTTP-FLOWISE_AUTH_RCE_CVE_2026_41264-

This vulnerability allows remote attackers to execute arbitrary code on affected installations of FlowiseAI Flowise. Authentication is not required...

N/A N/A METASPLOIT
CRITICAL 9.4 F59E18E1-8D28-

Exploit for OS Command Injection in Devcode Openstamanager_F59E18E1-8D28-5DFC-B6C7-B647B9B2BC1E

CVE-2025-69212 - OpenSTAManager OS Command Injection PoC Usage Install dependencies: bash pip install -r requirements.txt Run a single command and ...

N/A N/A GITHUBEXPLOIT
CRITICAL 10 8CE9463B-8C4B-

Exploit for SQL Injection in Sangoma Freepbx_8CE9463B-8C4B-5C24-983C-468AF40F53CB

CVE-2025-57819 Exploit Metadata - Severity: Critical 9.8 - Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - Type: Unauthenticated SQL Injecti...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.6 CVE-2026-14017

CVE-2026-14017_CVE-2026-14017

Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer proce...

Google Chrome 150.0.7871.47 CVE
CRITICAL 9.6 CVE-2026-13920

CVE-2026-13920_CVE-2026-13920

Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromise...

Google Chrome 150.0.7871.47 CVE