The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. Follow links with caution.

CVE-2025-8110

• Severity: 8.7 HIGH
• Impacted Products: Gogs
• Description: Gogs is affected by an improper symbolic link handling vulnerability in its PutContents API, allowing authenticated users to achieve arbitrary code execution. This flaw acts as a bypass for a previously patched path traversal vulnerability.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-8110
• PoC:
  • https://github.com/111ddea/goga-cve-2025-8110

CVE-2026-22686 NEW

• Severity: 10.0 CRITICAL
• Impacted Products: enclave-vm
• Description: The enclave-vm library is affected by a sandbox escape vulnerability that allows untrusted JavaScript code to execute arbitrary commands within the host Node.js runtime. This flaw stems from the improper exposure of host-realm Error objects to the sandboxed environment during failed tool invocations.
• Remediation:
  • Sandbox Escape via Host Error Prototype Chain in enclave-vm
  • Sandbox Escape via Host Error Prototype Chain in enclave-vm · Advisory · agentfront/enclave · GitHub
• More Info: NVD - CVE-2026-22686
• PoC:
  • https://github.com/amusedx/CVE-2026-22686

CVE-2026-21876 NEW

• Severity: 9.3 CRITICAL
• Impacted Products: OWASP core rule set 4.22.0, OWASP core rule set 3.3.8
• Description: The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a collection (like MULTIPART\_PART\_HEADERS), the capture variables (TX:0, TX:1) get overwritten with each iteration.
• Remediation:
  • OWASP CRS has multipart bypass using multiple content-type parts
  • Multipart bypass using multiple content-type parts
• More Info: NVD - CVE-2026-21876
• PoC:
  • https://github.com/daytriftnewgen/CVE-2026-21876/blob/main/README.md

CVE-2026-21858 NEW

• Severity: 10.0 CRITICAL
• Impacted Products: n8n < 1.121.0
• Description: n8n is affected by a vulnerability in its workflow execution component that allows unauthenticated remote attackers to access files on the underlying server. This issue stems from improper input validation during the handling of form-based webhook requests in versions prior to 1.121.0.
• Remediation:
  • Unauthenticated File Access via Improper Webhook Request Handling
• More Info: NVD - CVE-2026-21858
• PoC:
  • https://github.com/Chocapikk/CVE-2026-21858
  • https://github.com/Ashwesker/Ashwesker-CVE-2026-21858

CVE-2026-21854 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Tarkov Data Manager
• Description: The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, an authentication bypass vulnerability in the login endpoint allows any unauthenticated user to gain full admin access to the Tarkov Data Manager admin panel by exploiting a JavaScript prototype property access vulnerability, combined with loose equality type coercion. A series of fix commits on 02 January 2025 fixed this and other vulnerabilities.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-21854
• PoC:
  • https://github.com/the-hideout/tarkov-data-manager/security/advisories/GHSA-r8w6-9xwg-6h73

CVE-2026-0628 NEW

• Severity: 8.8 HIGH
• Impacted Products: Google Chrome versions prior to 143.0.7499.192
• Description: Google Chrome is affected by a vulnerability involving insufficient policy enforcement in the tag component. This flaw allows a malicious extension to inject scripts or HTML into privileged browser pages, such as internal settings pages.
• Remediation:
  • PAN-SA-2026-0001 Chromium: Monthly Vulnerability Update (January 2026)
  • VuXML: chromium – multiple security fixes
  • Chrome Releases: Long Term Support Channel Update for ChromeOS
• More Info: NVD - CVE-2026-0628
• PoC:
  • https://github.com/fevar54/CVE-2026-0628-POC

CVE-2025-70974 NEW

• Severity: 10.0 CRITICAL
• Impacted Products: Fastjson, before 1.2.48
• Description: Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an attacker-supplied payload located elsewhere in that JSON document. This was exploited in the wild in 2023 through 2025. NOTE: this issue exists because of an incomplete fix for CVE-2017-18349.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-70974
• PoC:
  • https://github.com/vulhub/vulhub/tree/master/fastjson/1.2.47-rce

CVE-2025-70161 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: EDIMAX BR-6208AC V2_1.02
• Description: EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing arbitrary code execution.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-70161
• PoC:
  • https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Command-Injection-Vulnerability-in-Web-setWAN-handler-2d3b5c52018a80d7ae8dce2bf5e3294c

CVE-2025-69258 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Trend Micro Apex Central
• Description: Trend Micro Apex Central is affected by a remote code execution vulnerability due to an uncontrolled search path element flaw in the MsgReceiver.exe component. An unauthenticated attacker can exploit this to load a malicious library and execute arbitrary code with elevated privileges.
• Remediation:
  • Trend Micro Apex Central January 2026 Multiple Vulnerabilities
  • [サポートニュース]アラート/アドバイザリ：Trend Micro Apex Centralで確認された複数の脆弱性（CVE-2025-69258, CVE-2025-69259, CVE-2025-69260）
• More Info: NVD - CVE-2025-69258
• PoC:
  • https://www.tenable.com/security/research/tra-2026-01

CVE-2025-66913 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: JimuReport thru version 2.1.3
• Description: JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than CVE-2025-10770.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-66913
• PoC:
  • https://github.com/jeecgboot/jimureport/issues/4306

CVE-2025-65212

• Severity: 9.8 CRITICAL
• Impacted Products: NJHYST HY511 POE core before 2.1, plugins before 0.1
• Description: An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the device’s insufficient cookie verification, allowing an attacker to directly request the configuration file address and download the core configuration file without logging into the device management backend.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-65212
• PoC:
  • https://github.com/a2148001284/test1/blob/main/%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E5%90%8E%E5%8F%B0%E6%BC%8F%E6%B4%9EEN.md

CVE-2025-64155 NEW

• Severity: 10.0 CRITICAL
• Impacted Products: Fortinet FortiSIEM
• Description: Fortinet FortiSIEM is affected by an OS command injection vulnerability in the phMonitor service that allows for unauthenticated remote code execution. This flaw enables an attacker to execute arbitrary commands or write files to the system via crafted TCP requests.
• Remediation:
  • Cybersecurity and Infrastructure Security Agency (CISA)
  • PSIRT | FortiGuard Labs
• More Info: NVD - CVE-2025-64155
• PoC:
  • https://github.com/cyberdudebivash/CYBERDUDEBIVASH-FortiSIEM-CVE-2025-64155-Scanner
  • https://github.com/purehate/CVE-2025-64155-hunter
  • https://github.com/horizon3ai/CVE-2025-64155

CVE-2025-61492 NEW

• Severity: 10.0 CRITICAL
• Impacted Products: terminal-controller-mcp 0.1.7
• Description: A command injection vulnerability in the execute_command function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input.
• Remediation:
  • Security Vulnerability: Command Injection in execute_command Tool · Issue #19 · cfdude/super-shell-mcp · GitHub
• More Info: NVD - CVE-2025-61492
• PoC:
  • https://github.com/GongRzhe/terminal-controller-mcp/issues/7

CVE-2025-61246 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: indieka900 online-shopping-system-php 1.0
• Description: indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/review_action.php via the proId parameter.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-61246
• PoC:
  • https://github.com/hackergovind/CVE-2025-61246

CVE-2025-52694 NEW

• Severity: 10.0 CRITICAL
• Impacted Products: Advantech SaaS Composer.
• Description: Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-52694
• PoC:
  • https://github.com/Winz18/CVE-2025-52694-POC

CVE-2025-15501 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Sangfor Operation and Maintenance Management System up to 3.0.8
• Description: A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipulation of the argument sessionPath causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-15501
• PoC:
  • https://github.com/master-abc/cve/issues/12

CVE-2025-15500 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Sangfor Operation and Maintenance Management System up to 3.0.8
• Description: A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-15500
• PoC:
  • https://github.com/master-abc/cve/issues/11

CVE-2023-54335 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: eXtplorer 2.1.14
• Description: eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2023-54335
• PoC:
  • https://www.exploit-db.com/exploits/51067

CVE-2022-50919 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Tdarr 2.00.15
• Description: Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input filtering by chaining commands like --help; curl .py | python to execute remote code without authentication.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2022-50919
• PoC:
  • https://www.exploit-db.com/exploits/50822

CVE-2020-36911 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Covenant 0.1.3 - 0.5
• Description: Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2020-36911
• PoC:
  • https://www.exploit-db.com/exploits/51141

CVE-2025-55182

• Severity: 10.0 CRITICAL
• Impacted Products: React Server Components (RSC) 19.0.0, React Server Components (RSC) 19.1.0, React Server Components (RSC) 19.1.1, React Server Components (RSC) 19.2.0
• Description: React Server Components (RSC) versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 are affected by a deserialization of untrusted data vulnerability. This flaw allows an unauthenticated, remote attacker to achieve arbitrary code execution on affected systems.
• Remediation:
  • oss-security - CVE-2025-55182: RCE in React Server Components
  • Critical Security Vulnerability in React Server Components – React
  • GCP-2025-072
• More Info: NVD - CVE-2025-55182
• PoC:
  • https://github.com/assetnote/react2shell-scanner/blob/master/scanner.py
  • https://github.com/sickwell/CVE-2025-55182/blob/main/cve-2025-55182.yaml
  • https://github.com/Cillian-Collins/CVE-2025-55182/blob/main/CVE-2025-55182.py

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.