CVEs from 2026
Total
14,122
critical
critical 1,246
high
high 4,695
medium
medium 4,475
low
low 488
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.8%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 247
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-9938 | high | 8.8 | 8.8 | 6d ago | Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: … | |||
| CVE-2026-9928 | high | 8.8 | 8.8 | 6d ago | Out of bounds read in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9927 | high | 8.8 | 8.8 | 6d ago | Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9923 | high | 8.8 | 8.8 | 6d ago | Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9910 | high | 8.8 | 8.8 | 6d ago | Out of bounds memory access in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity… | |||
| CVE-2026-9897 | high | 8.8 | 8.8 | 6d ago | Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9896 | high | 8.8 | 8.8 | 6d ago | Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9887 | high | 8.8 | 8.8 | 6d ago | Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted PAC script. (Chromium security severity: Critical) | |||
| CVE-2026-9884 | high | 8.8 | 8.8 | 6d ago | Use after free in Browser in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-9883 | high | 8.8 | 8.8 | 6d ago | Use after free in Base in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-9879 | high | 8.8 | 8.8 | 6d ago | Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-9878 | high | 8.8 | 8.8 | 6d ago | Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-9873 | high | 8.8 | 8.8 | 6d ago | Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-10022 | high | 8.8 | 8.8 | 6d ago | Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome… | |||
| CVE-2026-10021 | high | 8.8 | 8.8 | 6d ago | Insufficient validation of untrusted input in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Me… | |||
| CVE-2026-10019 | high | 8.8 | 8.8 | 6d ago | Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-10016 | high | 8.8 | 8.8 | 6d ago | Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10015 | high | 8.8 | 8.8 | 6d ago | Integer overflow in WTF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10013 | high | 8.8 | 8.8 | 6d ago | Use after free in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10007 | high | 8.8 | 8.8 | 6d ago | Use after free in SVG in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10002 | high | 8.8 | 8.8 | 6d ago | Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | |||
| CVE-2026-46837 | high | 8.8 | 8.8 | 6d ago | Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite (component: Security). Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability all… | |||
| CVE-2026-46827 | high | 8.8 | 8.8 | 6d ago | Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Self Service Manager). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability al… | |||
| CVE-2026-46826 | high | 8.8 | 8.8 | 6d ago | Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability all… | |||
| CVE-2026-4944 | high | 8.8 | 8.8 | 7d ago | vllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remote_code=True` parameter is hardcoded in two model implementation files (`vllm/model_executor/models/nemotron_vl.py` and … | |||
| CVE-2026-43000 | high | 8.8 | 8.8 | 7d ago | An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to ad… | |||
| CVE-2026-42999 | high | 8.8 | 8.8 | 7d ago | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionally merges the raw JSON request body into the policy enforcement dictionary … | |||
| CVE-2026-42998 | high | 8.8 | 8.8 | 7d ago | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the… | |||
| CVE-2026-8697 | high | 8.8 | 8.8 | 7d ago | Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web … | |||
| CVE-2026-44462 | high | 8.8 | 8.8 | 7d ago | Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining (${var@P}), allowing arbitrary command execution under an allowliste… | |||
| CVE-2026-35671 | high | 8.8 | 8.8 | 7d ago | phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without… | |||
| CVE-2026-46238 | high | 8.8 | 8.8 | 7d ago | In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop caching unowned originator pointers in BAT IV BAT IV keeps the last-hop neighbor address in each neigh_node, but… | |||
| CVE-2026-46212 | high | 8.8 | 8.8 | 7d ago | In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: prevent use-after-free when deleting claims When batadv_bla_del_backbone_claims() removes all claims for a backb… | |||
| CVE-2026-46198 | high | 8.8 | 8.8 | 7d ago | In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix integer overflow on buff_pos Fixing an integer overflow present in batadv_iv_ogm_send_to_if. The size check is do… | |||
| CVE-2026-46174 | high | 8.8 | 8.8 | 7d ago | In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache Make sure resources are not improperly shared in t… | |||
| CVE-2026-46166 | high | 8.8 | 8.8 | 7d ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use safe list iteration in radar detect work The call to ieee80211_dfs_cac_cancel can cause the iterated chanctx … | |||
| CVE-2026-46152 | high | 8.8 | 8.8 | 7d ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rx_result ieee80211_invoke_fast_rx() is documented as safe for parallel RX, but … | |||
| CVE-2026-46125 | high | 8.8 | 8.8 | 7d ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: remove station if connection prep fails If connection preparation fails for MLO connections, then the interface i… | |||
| CVE-2026-46113 | high | 8.8 | 8.8 | 7d ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN The shadow MMU computes GFNs for direct shadow pages using sp->g… | |||
| CVE-2026-6226 | high | 8.8 | 8.8 | 7d ago | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and including 3.29.2. This is due to insecure form submission handling th… | |||
| CVE-2026-9227 | high | 8.8 | 8.8 | 7d ago | The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_and_ext_json function. This is due to a … | |||
| CVE-2026-9009 | high | 8.8 | 8.8 | 7d ago | The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filter_content function. This is due t… | |||
| CVE-2026-7802 | high | 8.8 | 8.8 | 7d ago | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user … | |||
| CVE-2026-8915 | high | 8.8 | 8.8 | 7d ago | Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31. | |||
| CVE-2026-46414 | high | 8.8 | 8.8 | 7d ago | Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fie… | |||
| CVE-2026-44713 | high | 8.8 | 8.8 | 7d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the so… | |||
| CVE-2026-9208 | high | 8.8 | 8.8 | 7d ago | Tanium addressed an unauthorized code execution vulnerability in Connect. | |||
| CVE-2026-44346 | high | 8.8 | 8.8 | 8d ago | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].n… | |||
| CVE-2026-45716 | high | 8.8 | 8.8 | 8d ago | Budibase: Builder-to-Admin Privilege Escalation via onboardUsers Endpoint Without SMTP Configuration | |||
| CVE-2026-45717 | high | 8.8 | 8.8 | 8d ago | Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameter… | |||
| CVE-2026-42184 | high | 8.8 | 8.8 | 8d ago | Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's is_local_url() function causes it to incorrectly classify remote URLs as trusted loca… | |||
| CVE-2026-44988 | high | 8.8 | 8.8 | 8d ago | LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter, but… | |||
| CVE-2026-48920 | high | 8.8 | 8.8 | 8d ago | Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as `base64` in email content by setting the `data-inline` attribute, without restrictions on the image URLs that c… | |||
| CVE-2026-9617 | high | 8.8 | 8.8 | 8d ago | PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-an… | |||
| CVE-2026-8179 | high | 8.8 | 8.8 | 8d ago | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte… | |||
| CVE-2026-46056 | high | 8.8 | 8.8 | 8d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers hci_conn lookup and field access must be covered by hdev lock in … | |||
| CVE-2026-5065 | high | 8.8 | 8.8 | 8d ago | IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to… | |||
| CVE-2026-9704 | high | 8.8 | 8.8 | 8d ago | A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token … | |||
| CVE-2026-45945 | high | 8.8 | 8.8 | 8d ago | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix race condition during PASID entry replacement The Intel VT-d PASID table entry is 512 bits (64 bytes). When repla… | |||
| CVE-2026-8832 | high | 8.8 | 8.8 | 8d ago | The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code Manager plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.3.5 This is due… | |||
| CVE-2026-8787 | high | 8.8 | 8.8 | 8d ago | The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the `firebase_auth()` function authentica… | |||
| CVE-2026-9632 | high | 8.8 | 8.8 | 8d ago | A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file /goform/formGroupConfig of the component Web Management Interface. Execu… | |||
| CVE-2026-9207 | high | 8.8 | 8.8 | 8d ago | Tanium addressed an unauthorized code execution vulnerability in Connect. | |||
| CVE-2026-9631 | high | 8.8 | 8.8 | 8d ago | A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this vulnerability is the function strcpy of the file /goform/formConfigFastDirectionW of the component Web Man… | |||
| CVE-2026-9628 | high | 8.8 | 8.8 | 8d ago | A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web Management Interface. This manipul… | |||
| CVE-2026-9627 | high | 8.8 | 8.8 | 8d ago | A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management Interface. The manipulation … | |||
| CVE-2026-38807 | high | 8.8 | 8.8 | 8d ago | Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component | |||
| CVE-2026-36044 | high | 8.8 | 8.8 | 8d ago | @pensar/apex <= 0.0.58 is vulnerable to OS command injection via the smart_enumerate tool. The createSmartEnumerateTool() function in src/core/agent/tools.ts constructs a shell command by concatenati… | |||
| CVE-2026-8970 | high | 8.8 | 8.8 | 8d ago | Important: thunderbird security update | |||
| CVE-2026-8974 | high | 8.8 | 8.8 | 8d ago | Important: thunderbird security update | |||
| CVE-2026-8975 | high | 8.8 | 8.8 | 8d ago | Important: thunderbird security update | |||
| CVE-2026-8955 | high | 8.8 | 8.8 | 8d ago | Important: thunderbird security update | |||
| CVE-2026-8957 | high | 8.8 | 8.8 | 8d ago | Important: thunderbird security update | |||
| CVE-2026-8676 | high | 8.8 | 8.8 | 8d ago | An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond. | |||
| CVE-2026-24187 | high | 8.8 | 8.8 | 9d ago | NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to denial of service, escalation of priv… | |||
| CVE-2026-46368 | high | 8.8 | 8.8 | 9d ago | luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — … | |||
| CVE-2026-40033 | high | 8.8 | 8.8 | 9d ago | FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle v… | |||
| CVE-2026-45216 | high | 8.8 | 8.8 | 9d ago | Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation. This issue affects Smart Manager: from n/a through 8.85.0. | |||
| CVE-2026-9482 | high | 8.8 | 8.8 | 10d ago | A vulnerability has been found in Edimax EW-7438RPn 1.31. This impacts the function formSDHCP of the file /goform/formSDHCP. Such manipulation of the argument submit-url leads to stack-based buffer o… | |||
| CVE-2026-9481 | high | 8.8 | 8.8 | 10d ago | A flaw has been found in Edimax EW-7438RPn 1.31. This affects the function formStats of the file /goform/formStats. This manipulation of the argument submit-url causes stack-based buffer overflow. Th… | |||
| CVE-2026-9480 | high | 8.8 | 8.8 | 10d ago | A vulnerability was detected in Edimax EW-7438RPn 1.31. The impacted element is the function formrefresh of the file /goform/formrefresh. The manipulation of the argument submit-url results in stack-… | |||
| CVE-2026-9479 | high | 8.8 | 8.8 | 10d ago | A security vulnerability has been detected in Edimax EW-7438RPn 1.31. The affected element is the function formLogout of the file /goform/formLogout. The manipulation of the argument submit-url leads… | |||
| CVE-2026-9463 | high | 8.8 | 8.8 | 10d ago | A flaw has been found in Edimax EW-7438RPn 1.31. Affected by this issue is the function formLicence of the file /goform/formLicence. This manipulation of the argument submit-url causes stack-based bu… | |||
| CVE-2026-9462 | high | 8.8 | 8.8 | 10d ago | A vulnerability was detected in Edimax EW-7438RPn 1.31. Affected by this vulnerability is the function formWpsProxyEnable of the file /goform/formWpsProxyEnable. The manipulation of the argument subm… | |||
| CVE-2026-9461 | high | 8.8 | 8.8 | 10d ago | A security vulnerability has been detected in Edimax EW-7438RPn 1.31. Affected is the function formRadius of the file /goform/formRadius. The manipulation of the argument submit-url leads to stack-ba… | |||
| CVE-2026-9460 | high | 8.8 | 8.8 | 10d ago | A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of the file /goform/formAccept. Executing a manipulation of the argument submit-url can lead to stack-ba… | |||
| CVE-2026-9459 | high | 8.8 | 8.8 | 10d ago | A security flaw has been discovered in Edimax EW-7438RPn 1.31. This affects the function formConnectionSetting of the file /goform/formConnectionSetting. Performing a manipulation of the argument max… | |||
| CVE-2026-9443 | high | 8.8 | 8.8 | 10d ago | A security vulnerability has been detected in Edimax BR-6478AC 1.23. This vulnerability affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. The… | |||
| CVE-2026-9442 | high | 8.8 | 8.8 | 10d ago | A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. Executing a manipul… | |||
| CVE-2026-9431 | high | 8.8 | 8.8 | 10d ago | A vulnerability was identified in Tenda F1202 1.2.0.20(408). This affects the function fromPptpUserAdd of the file /goform/PptpUserAdd. The manipulation of the argument opttype leads to stack-based b… | |||
| CVE-2026-9430 | high | 8.8 | 8.8 | 10d ago | A vulnerability was determined in Tenda F1202 1.2.0.20(408). Affected by this issue is the function formGstDhcpSetSer of the file /goform/GstDhcpSetSerof. Executing a manipulation of the argument dip… | |||
| CVE-2026-9429 | high | 8.8 | 8.8 | 10d ago | A vulnerability was found in Tenda F1202 1.2.0.20(408). Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet. Performing a manipulation of the argument delno… | |||
| CVE-2026-9428 | high | 8.8 | 8.8 | 10d ago | A vulnerability has been found in Tenda F1202 1.2.0.20(408). Affected is the function fromPPTPUserSetting of the file /goform/PPTPUserSetting. Such manipulation of the argument delno leads to stack-b… | |||
| CVE-2026-9427 | high | 8.8 | 8.8 | 10d ago | A flaw has been found in Edimax EW-7438RPn 1.31. This impacts the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component webs. This manipulation of the argument selSSID/submi… | |||
| CVE-2026-9426 | high | 8.8 | 8.8 | 10d ago | A vulnerability was detected in Edimax EW-7438RPn 1.31. This affects the function formHwSet of the file /goform/formHwSet. The manipulation of the argument Anntena/Mcs/regDomain/nic0Addr/nic1Addr/wla… | |||
| CVE-2026-9425 | high | 8.8 | 8.8 | 10d ago | A security vulnerability has been detected in Edimax EW-7438RPn 1.31. The impacted element is the function formWlanMP of the file /goform/formWlanMP. The manipulation of the argument ateFunc/ateGain/… | |||
| CVE-2026-9403 | high | 8.8 | 8.8 | 10d ago | A vulnerability was determined in Edimax BR-6675nD 1.12. The impacted element is the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component POST Request Handler. This manipul… | |||
| CVE-2026-9401 | high | 8.8 | 8.8 | 10d ago | A vulnerability has been found in Edimax BR-6675nD 1.12. Impacted is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. The manipulation of th… | |||
| CVE-2026-9399 | high | 8.8 | 8.8 | 10d ago | A vulnerability was detected in Edimax BR-6675nD 1.12. This vulnerability affects the function formsetPPPoE of the file /goform/formsetPPPoE of the component POST Request Handler. Performing a manipu… | |||
| CVE-2026-9393 | high | 8.8 | 8.8 | 11d ago | A vulnerability was found in H3C Magic B0 up to 100R002. This affects the function Edit_BasicSSID_5G of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer ove… |