MITRE ATT&CK Mapping

Zero Day Initiative CVE Jan 9

ZDI-26-042: (0Day) Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit this vul...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-041: (0Day) (Pwn2Own) Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Enel X JuiceBox 40 charging stations. Authenticat...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-039: (0Day) WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WatchYourLAN. Authentication is not required to e...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-038: (0Day) Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulner...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-037: (0Day) Langflow PythonFunction Code Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depen...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-036: (0Day) Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vu...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-035: (0Day) Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vu...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-034: (0Day) Langflow code Code Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vu...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-032: (0Day) Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vuln...

T1190 T1059 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-031: (0Day) Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vuln...

T1190 T1059 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-030: (0Day) GPT Academic upload Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authentication is not required to exploit thi...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-029: (0Day) GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authentication is not required to exploit thi...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-028: (0Day) GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Interaction with a malicious DAAS server is r...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-027: (0Day) Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required t...

T1190 1 IOC

Zero Day Initiative →

Exploit Database Vulnerability Disclosure Dec 25

[webapps] FreeBSD rtsold 15.x - Remote Code Execution via DNSSL

FreeBSD rtsold 15.

T1190

Exploit Database →

Mandiant Blog CVE Google Intel Dec 12

Multiple Threat Actors Exploit React2Shell (CVE-2025-55182)

Written by: Aragorn Tseng, Robert Weiner, Casey Charrier, Zander Work, Genevieve Stark, Austin Larsen Introduction On Dec. 3, 2025, a critical unauthenticate...

T1190 1 IOC

Mandiant Blog →

Exploit Database Vulnerability Disclosure Oct 31

[webapps] Flowise 3.0.4 - Remote Code Execution (RCE)

Flowise 3.0.

T1190

Exploit Database →