Skip to main content

Free 30-min security demo  — We'll scan your real code and show live findings, no commitment Book Now

Offensive360
Real CVEs · Open Source · Updated Daily

ZeroDays

In-depth technical analysis of recently disclosed vulnerabilities in open-source software. Every post includes the vulnerable code, the fix, real-world impact, and how SAST catches it.

Severity:
28 vulnerabilities
High CVSS 7.8
CVE-2026-58459 gpsd Python July 10, 2026

gpsd gpsprof Gnuplot Command Injection

CVE-2026-58459: gpsd's gpsprof tool allows attackers who control GPS device subtype values to execute arbitrary shell commands via unsanitized gnuplot titles.

#command-injection #gnuplot #gps #shell-injection Read analysis →
High CVSS 7.5
CVE-2026-59937 pypdf Python July 10, 2026

pypdf ReDoS via Malformed XRef Streams

CVE-2026-59937: pypdf before 6.14.0 allows denial of service via crafted PDFs with malformed cross-reference streams causing unbounded recovery loops.

#denial-of-service #pdf-parsing #algorithmic-complexity #python Read analysis →
High CVSS 8.8
CVE-2026-59257 n8n TypeScript July 9, 2026

SQL Injection in n8n MySQL v1 executeQuery

CVE-2026-59257 is a SQL injection flaw in n8n's legacy MySQL v1 node that allows attackers to execute arbitrary SQL via expression interpolation.

#SQL Injection #n8n #MySQL #Workflow Automation Read analysis →
High CVSS 8.7
CVE-2026-60104 Bitwarden Server C# July 9, 2026

Bitwarden Admin Auth Request Authorization Bypass

CVE-2026-60104: Bitwarden Server authorization bypass lets a low-privileged org member steal another user's vault key and take over their account.

#authorization-bypass #broken-access-control #account-takeover #trusted-device-encryption Read analysis →
High CVSS 8.5
CVE-2026-54765 Traefik Go July 8, 2026

Traefik Gateway Header Injection

CVE-2026-54765 is a filter-merging flaw in Traefik's Kubernetes Gateway API provider allowing cross-tenant header injection via shared backends.

#header-injection #kubernetes #gateway-api #multi-tenancy Read analysis →
High CVSS 8.8
CVE-2026-60102 Horde Virtual File System (VFS) PHP July 8, 2026

Horde VFS Command Injection

CVE-2026-60102 allows authenticated attackers to execute arbitrary OS commands through malicious filenames in Horde VFS before 3.0.1.

#command-injection #horde #vfs #smb Read analysis →
Critical CVSS 8.1
CVE-2024-6387 OpenSSH C July 1, 2024

regreSSHion — OpenSSH Root RCE

CVE-2024-6387 (regreSSHion) is a signal handler race in OpenSSH sshd allowing unauthenticated root RCE on glibc Linux. Detection and patch guidance.

#race-condition #rce #openssh #signal-handler Read analysis →
High CVSS 8.6
CVE-2024-21626 runc Go February 1, 2024

Leaky Vessels: runc Escape

CVE-2024-21626 (Leaky Vessels) is a runc container escape via a leaked /proc/self/cwd file descriptor, letting attackers access the host filesystem.

#container-escape #runc #docker #kubernetes Read analysis →
Critical CVSS 9.8
CVE-2023-50585 Tenda A18 C January 13, 2024

Tenda A18 Stack Overflow RCE

CVE-2023-50585 is a stack overflow in Tenda A18 v15.13.07.09 formSetDeviceName, allowing unauthenticated remote code execution via the devName parameter.

#stack-overflow #buffer-overflow #IoT #router Read analysis →
Critical CVSS 9.8
CVE-2023-50643 Evernote JavaScript/Node.js January 13, 2024

Evernote macOS Electron RCE

CVE-2023-50643 lets attackers execute arbitrary code in Evernote for macOS 10.68.2 via an unsafe Electron RunAsNode configuration. CVSS 9.8 critical.

#arbitrary-code-execution #electron #rce #node.js Read analysis →
Critical CVSS 9.8
CVE-2023-49235 TRENDnet TV-IP1314PI C January 12, 2024

TRENDnet Camera Command Injection

CVE-2023-49235 is an OS command injection in TRENDnet TV-IP1314PI cameras via unsafe popen() and weak debug filtering, enabling unauthenticated RCE.

#command-injection #c #embedded-systems #rce Read analysis →
Critical CVSS 9.8
CVE-2023-51126 FLIR AX8 PHP January 12, 2024

FLIR AX8 Camera Command Injection

CVE-2023-51126 is a command injection in FLIR AX8 thermal cameras up to firmware 1.46.16, enabling RCE via unsanitized input to the res.php endpoint.

#command-injection #php #flir-ax8 #remote-code-execution Read analysis →
Critical CVSS 9.8
CVE-2023-7220 Totolink NR1800X C January 12, 2024

Totolink NR1800X Stack Overflow

CVE-2023-7220 is a critical stack buffer overflow in the Totolink NR1800X loginAuth function, enabling remote code execution without authentication.

#buffer-overflow #cgi #firmware #remote-code-execution Read analysis →
Critical CVSS 9.8
CVE-2023-7221 Totolink T6 C January 12, 2024

Totolink T6 Login Buffer Overflow

CVE-2023-7221 is a critical buffer overflow in the Totolink T6 HTTP POST login handler, enabling unauthenticated remote code execution. CVSS 9.8.

#buffer-overflow #remote-code-execution #network-device #authentication-bypass Read analysis →
Critical CVSS 9.8
CVE-2023-31446 Cassia Gateway Bash/Firmware January 11, 2024

Cassia Gateway Unauth Root RCE

CVE-2023-31446 is a command injection flaw in Cassia Gateway firmware; the unsanitized queueUrl parameter gives unauthenticated attackers root RCE.

#command-injection #bash #iot-gateway #root-code-execution Read analysis →
Critical CVSS 9.8
CVE-2024-21646 Azure uAMQP C January 11, 2024

Azure uAMQP Integer Overflow RCE

CVE-2024-21646 is an integer overflow in the Azure uAMQP C library when parsing crafted binary type data, enabling RCE in dependent AMQP clients.

#integer-overflow #memory-safety #C #RCE Read analysis →
Critical CVSS 9.8
CVE-2023-49237 TRENDnet TV-IP1314PI C January 10, 2024

TRENDnet Camera Language Pack RCE

CVE-2023-49237 is an OS command injection in the TRENDnet TV-IP1314PI language pack handler; unfiltered URL parameters allow unauthenticated RCE.

#os-command-injection #embedded-systems #iot-security #remote-code-execution Read analysis →
Critical CVSS 10.0
CVE-2024-21650 XWiki Platform Java January 10, 2024

XWiki Registration RCE

CVE-2024-21650 is a critical RCE in XWiki Platform user registration; unsanitized first and last name fields let attackers execute arbitrary code.

#remote-code-execution #java #xwiki #parameter-injection Read analysis →
Critical CVSS 9.8
CVE-2023-49236 TRENDnet TV-IP1314PI C January 9, 2024

TRENDnet RTSP Stack Overflow

CVE-2023-49236 exploits unvalidated sscanf input in TRENDnet TV-IP1314PI, enabling remote code execution through malicious RTSP scale parameters.

#buffer-overflow #C #embedded-device #remote-code-execution Read analysis →
Critical CVSS 9.8
CVE-2024-0321 GPAC C January 8, 2024

GPAC Stack Buffer Overflow

CVE-2024-0321 is a critical stack-based buffer overflow in GPAC prior to v2.3-DEV enabling remote code execution through malformed media files.

#buffer-overflow #stack-overflow #C #gpac Read analysis →
Critical CVSS 9.8
CVE-2024-22087 Pico HTTP Server C January 8, 2024

Pico HTTP Server Stack Overflow

CVE-2024-22087 is a stack buffer overflow in Pico HTTP Server URI handling, allowing unauthenticated remote code execution via oversized request paths.

#buffer-overflow #C #pico-http-server #remote-code-execution Read analysis →
Critical CVSS 9.8
CVE-2024-22051 CommonMarker Ruby January 7, 2024

CommonMarker Table Parser Overflow

CVE-2024-22051 is an integer overflow in CommonMarker's GFM table parser causing heap corruption and potential RCE via oversized marker rows.

#integer-overflow #heap-corruption #markdown-parser #remote-code-execution Read analysis →
Critical CVSS 9.8
CVE-2023-51277 nbviewer-app Swift/Objective-C January 6, 2024

nbviewer Privilege Escalation

CVE-2023-51277 is a macOS entitlement flaw in Jupyter Notebook Viewer before 0.1.6 allowing unauthorized task access and privilege escalation.

#entitlement-misconfig #macOS #privilege-escalation #nbviewer-app Read analysis →
Critical CVSS 9.8
CVE-2024-22086 Cherry HTTP Server C January 6, 2024

Cherry HTTP Server Stack Overflow

CVE-2024-22086 is a stack buffer overflow in Cherry HTTP server URI parsing, enabling unauthenticated remote code execution via malformed requests.

#buffer-overflow #c #cherry #remote-code-execution Read analysis →
Critical CVSS 9.8
CVE-2024-22088 Lotos WebServer C January 6, 2024

Lotos WebServer Use-After-Free

CVE-2024-22088 is a use-after-free in Lotos WebServer buffer management; long URIs trigger mishandled realloc calls, enabling remote code execution.

#use-after-free #C #lotos #memory-corruption Read analysis →
Critical CVSS 9.8
CVE-2023-50921 GL.iNet C/Shell January 5, 2024

GL.iNet Privilege Escalation

CVE-2023-50921 is a pre-auth privilege escalation in GL.iNet routers via the add_user API endpoint, affecting 12 models on firmware 4.3.7 through 4.5.0.

#privilege-escalation #authentication-bypass #api-vulnerability #embedded-systems Read analysis →
Critical CVSS 9.8
CVE-2023-46308 Plotly.js JavaScript January 3, 2024

Plotly.js Prototype Pollution

CVE-2023-46308 is a prototype pollution flaw in Plotly.js before 2.25.2; plot API calls can manipulate __proto__ to enable arbitrary code execution.

#prototype-pollution #javascript #plotly #code-execution Read analysis →
Critical CVSS 9.8
CVE-2024-21623 OTClient YAML January 2, 2024

OTClient GitHub Actions Injection

CVE-2024-21623 exposes critical expression injection vulnerability in OTClient's SonarCloud workflow, enabling remote command execution and secret exfiltration.

#expression-injection #github-actions #ci-cd #remote-code-execution Read analysis →

Find these vulnerabilities in your codebase

Offensive360 SAST detects the vulnerability patterns documented here — plus thousands more — across 60+ programming languages. See what's hiding in your source code.