CVEs from 2026
Total
14,697
critical
critical 1,323
high
high 4,976
medium
medium 4,753
low
low 501
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 660
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-11184 | medium | 6.3 | 6.3 | 23h ago | Insufficient policy enforcement in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medi… | |||
| CVE-2026-11181 | medium | 6.3 | 6.3 | 23h ago | Inappropriate implementation in Media Session in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medi… | |||
| CVE-2026-10875 | medium | 6.3 | 6.3 | 23h ago | A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument… | |||
| CVE-2026-10874 | medium | 6.3 | 6.3 | 23h ago | A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument soc… | |||
| CVE-2026-5066 | medium | 6.3 | 6.3 | 1d ago | A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c). When the TLS session cache is enabled, tls_session_… | |||
| CVE-2026-42538 | medium | 6.3 | 6.3 | 1d ago | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application ca… | |||
| CVE-2026-5589 | medium | 6.3 | 6.3 | 1d ago | An integer underflow in bt_mesh_sol_recv() in the Bluetooth Mesh solicitation handling (subsys/bluetooth/mesh/solicitation.c) leads to an out-of-bounds write. When CONFIG_BT_MESH_OD_PRIV_PROXY_SRV is… | |||
| CVE-2026-21404 | medium | 6.3 | 6.3 | 1d ago | NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can e… | |||
| CVE-2026-10815 | medium | 6.3 | 6.3 | 1d ago | A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the com… | |||
| CVE-2026-10811 | medium | 6.3 | 6.3 | 1d ago | A security vulnerability has been detected in itsourcecode Fees Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /receipt.php. Such manipulation of the ar… | |||
| CVE-2026-10809 | medium | 6.3 | 6.3 | 1d ago | A security flaw has been discovered in itsourcecode Fees Management System 1.0. This impacts an unknown function of the file /manage_user.php. The manipulation of the argument ID results in sql injec… | |||
| CVE-2026-10808 | medium | 6.3 | 6.3 | 1d ago | A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown function of the file /manage_student.php. The manipulation of the argument ID leads to sql injection… | |||
| CVE-2026-10807 | medium | 6.3 | 6.3 | 1d ago | A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change_profile_image.php. Executing a manipulation of t… | |||
| CVE-2026-10806 | medium | 6.3 | 6.3 | 1d ago | A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add_post.php. Performing a manipulation of the argument up_fi… | |||
| CVE-2026-10703 | medium | 6.3 | 6.3 | 3d ago | A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c of the component SendRRData… | |||
| CVE-2026-10693 | medium | 6.3 | 6.3 | 3d ago | A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative Endpoint. T… | |||
| CVE-2026-10690 | medium | 6.3 | 6.3 | 3d ago | A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read_file. Such manipulation … | |||
| CVE-2026-39107 | medium | 6.3 | 6.3 | 3d ago | A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails to properly sanitize or encode HTML/JavaScript payloads generated by the AI mo… | |||
| CVE-2026-10662 | medium | 6.3 | 6.3 | 3d ago | A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blender_mcp/server.py of the compon… | |||
| CVE-2026-49943 | medium | 6.3 | 6.3 | 3d ago | CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matching implementation in nest/a-path.c. The as_path_match() function uses a fixed-s… | |||
| CVE-2026-35716 | medium | 6.3 | 6.3 | 3d ago | A stack-based buffer overflow in the motion_privacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1… | |||
| CVE-2026-35717 | medium | 6.3 | 6.3 | 3d ago | A stack-based buffer overflow in the export_language.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST… | |||
| CVE-2026-10581 | medium | 6.3 | 6.3 | 4d ago | A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side … | |||
| CVE-2026-10568 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was detected in itsourcecode Fees Management System 1.0. Affected is an unknown function of the file /manage_payment.php. The manipulation of the argument ID results in sql injection.… | |||
| CVE-2026-10559 | medium | 6.3 | 6.3 | 4d ago | A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is an unknown function of the file /index.php. Executing a manipulation of the argument page can lead to fil… | |||
| CVE-2026-10558 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is an unknown function of the file /admin/index.php. Performing a manipulation of the argument page results in fi… | |||
| CVE-2026-10550 | medium | 6.3 | 6.3 | 4d ago | A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argum… | |||
| CVE-2026-10302 | medium | 6.3 | 6.3 | 4d ago | A flaw has been found in itsourcecode Fees Management System 1.0. The impacted element is an unknown function of the file /manage_fee.php. Executing a manipulation of the argument ID can lead to sql … | |||
| CVE-2026-10297 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /manage_course.php. The manipulation of the argument ID leads to sql injection. It … | |||
| CVE-2026-10296 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was determined in itsourcecode Fees Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php. Executing a manipulation of the argument Usernam… | |||
| CVE-2026-10286 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /home_employee.php. The manipulation of the argument emp_id results in sql injection. The attack ma… | |||
| CVE-2026-10283 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote… | |||
| CVE-2026-10279 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/wezterm_executor.ts of the component switch_pane/write_to_specific_pan… | |||
| CVE-2026-10278 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component read_file/write_file. Executing a manipulation of the argum… | |||
| CVE-2026-10277 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP G… | |||
| CVE-2026-10276 | medium | 6.3 | 6.3 | 4d ago | A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component get_build_status/get_build_log/trigger_bu… | |||
| CVE-2026-45157 | medium | 6.3 | 6.3 | 4d ago | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of… | |||
| CVE-2026-10274 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the comp… | |||
| CVE-2026-10271 | medium | 6.3 | 6.3 | 4d ago | A flaw has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The affected element is an unknown function of the file admin/ of the component Admin Endpoint.… | |||
| CVE-2026-10269 | medium | 6.3 | 6.3 | 4d ago | A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The … | |||
| CVE-2026-10265 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_topic.php. Such manipulation of the argument… | |||
| CVE-2026-10258 | medium | 6.3 | 6.3 | 4d ago | A weakness has been identified in itsourcecode Content Management System 1.0. Impacted is an unknown function of the file /admin/add_sub_topic.php. This manipulation of the argument topic_id causes s… | |||
| CVE-2026-10257 | medium | 6.3 | 6.3 | 4d ago | A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/update_ss_img.php. The manipulation of the argument to… | |||
| CVE-2026-10256 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was identified in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /save_comment.php. The manipulation of the argument Name leads to sql… | |||
| CVE-2026-25599 | medium | 6.3 | 6.3 | 4d ago | Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that ena… | |||
| CVE-2026-10242 | medium | 6.3 | 6.3 | 5d ago | A weakness has been identified in itsourcecode Content Management System 1.0. This impacts an unknown function of the file /instructions.php. This manipulation of the argument topic_id causes sql inj… | |||
| CVE-2026-10241 | medium | 6.3 | 6.3 | 5d ago | A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the comp… | |||
| CVE-2026-10240 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side … | |||
| CVE-2026-10239 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request … | |||
| CVE-2026-10235 | medium | 6.3 | 6.3 | 5d ago | A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stock_manager.php. This manipulation of the argument… | |||
| CVE-2026-10217 | medium | 6.3 | 6.3 | 5d ago | A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function handleSave of the file internal/http/tts_config.go of the component RoleAdmin Gateway. This manipul… | |||
| CVE-2026-10223 | medium | 6.3 | 6.3 | 5d ago | A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function _scan_memory_content of the file tools/memory_tool.py. This manipulation causes injection. The a… | |||
| CVE-2026-10212 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astr_main_agent of the file astrbot/core/astr_main_agent.py. Such manipulation of the argument session_id leads… | |||
| CVE-2026-10211 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected by this issue is the function _normalize_rw_path of the file astrbot/core/tools/computer_tools/fs.py. This manipulation causes i… | |||
| CVE-2026-10210 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function _sanitize_prompt_description of the file astrbot/core/skills/skill_manager.py. The manipulation… | |||
| CVE-2026-10209 | medium | 6.3 | 6.3 | 5d ago | A vulnerability has been found in code-projects Online Hospital Management System 1.0. Affected is an unknown function of the file appointmentdetail.php of the component Appointment Handler. The mani… | |||
| CVE-2026-10205 | medium | 6.3 | 6.3 | 5d ago | A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6.4.0. The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp. Such manipulation leads to un… | |||
| CVE-2026-10204 | medium | 6.3 | 6.3 | 5d ago | A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the c… | |||
| CVE-2026-10203 | medium | 6.3 | 6.3 | 5d ago | A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemParamController.java of the comp… | |||
| CVE-2026-10202 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the com… | |||
| CVE-2026-10194 | medium | 6.3 | 6.3 | 5d ago | A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp… | |||
| CVE-2026-10193 | medium | 6.3 | 6.3 | 5d ago | A security flaw has been discovered in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\ComnController.java of the c… | |||
| CVE-2026-10182 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument enrollee … | |||
| CVE-2026-10180 | medium | 6.3 | 6.3 | 5d ago | A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection.… | |||
| CVE-2026-10176 | medium | 6.3 | 6.3 | 6d ago | A weakness has been identified in Aider-AI Aider 0.86.3. Affected by this issue is some unknown functionality of the component Code Generation Workflow. Executing a manipulation can lead to sql injec… | |||
| CVE-2026-10177 | medium | 6.3 | 6.3 | 6d ago | A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file api_docs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads … | |||
| CVE-2026-10175 | medium | 6.3 | 6.3 | 6d ago | A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editor_coder.run of the file auth.py of the component Architect Mode. Performing a manipul… | |||
| CVE-2026-10174 | medium | 6.3 | 6.3 | 6d ago | A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-comm… | |||
| CVE-2026-10172 | medium | 6.3 | 6.3 | 6d ago | A security flaw has been discovered in Bdtask Multi-Store Inventory Management System 1.0. The affected element is the function Upload of the file application/modules/dashboard/controllers/Module.php… | |||
| CVE-2026-10170 | medium | 6.3 | 6.3 | 6d ago | A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone_0.php. This manipulation of the argument phone ca… | |||
| CVE-2026-10168 | medium | 6.3 | 6.3 | 6d ago | A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected is the function marks of the file appl… | |||
| CVE-2026-10166 | medium | 6.3 | 6.3 | 6d ago | A vulnerability was determined in Edimax BR-6478AC 1.23. The affected element is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. This manipulation of t… | |||
| CVE-2026-10152 | medium | 6.3 | 6.3 | 6d ago | A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.ja… | |||
| CVE-2026-10127 | medium | 6.3 | 6.3 | 6d ago | A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. This manipulation of the … | |||
| CVE-2026-9831 | medium | 6.3 | 6.3 | 7d ago | A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with… | |||
| CVE-2026-44287 | medium | 6.3 | 6.3 | 7d ago | FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() with the regex /\bimport\s*\(/.t… | |||
| CVE-2026-10101 | medium | 6.3 | 6.3 | 7d ago | ACM/MCE assisted-service writes raw referenced pull-secret contents into `InfraEnv.status.conditions[].message` when pull-secret validation fails. A namespace principal with the stock `view` ClusterR… | |||
| CVE-2026-9989 | medium | 6.3 | 6.3 | 8d ago | Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. (Chromium security severity: High) | |||
| CVE-2026-46416 | medium | 6.3 | 6.3 | 9d ago | Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for mult… | |||
| CVE-2026-47270 | medium | 6.3 | 6.3 | 9d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb is a PAM module loaded into the host process (sudo, login, GDM, GNOME Shell). Display manage… | |||
| CVE-2026-47274 | medium | 6.3 | 6.3 | 9d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pam_usb helper tools resolved external binaries through the PATH environment variable rathe… | |||
| CVE-2026-2254 | medium | 6.3 | 6.3 | 10d ago | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notficatio… | |||
| CVE-2026-9607 | medium | 6.3 | 6.3 | 10d ago | A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcel_list.php. Performing a manipulation of the argument s results … | |||
| CVE-2026-30498 | medium | 6.3 | 6.3 | 10d ago | A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the delete.php endpoint of Jason2605 AdminPanel 4.0. | |||
| CVE-2026-9581 | medium | 6.3 | 6.3 | 10d ago | A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can … | |||
| CVE-2026-9579 | medium | 6.3 | 6.3 | 10d ago | A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument u… | |||
| CVE-2026-27331 | medium | 6.3 | 6.3 | 10d ago | Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5. | |||
| CVE-2026-9565 | medium | 6.3 | 6.3 | 10d ago | A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function is_dangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handle… | |||
| CVE-2026-9542 | medium | 6.3 | 6.3 | 10d ago | A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/add_staff.php. Executing a manipulation of the argument email_i… | |||
| CVE-2026-9534 | medium | 6.3 | 6.3 | 11d ago | A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the arg… | |||
| CVE-2026-9533 | medium | 6.3 | 6.3 | 11d ago | A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a mani… | |||
| CVE-2026-9532 | medium | 6.3 | 6.3 | 11d ago | A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Su… | |||
| CVE-2026-9531 | medium | 6.3 | 6.3 | 11d ago | A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the arg… | |||
| CVE-2026-9524 | medium | 6.3 | 6.3 | 11d ago | A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522_Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportPa… | |||
| CVE-2026-9515 | medium | 6.3 | 6.3 | 11d ago | A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation… | |||
| CVE-2026-9514 | medium | 6.3 | 6.3 | 11d ago | A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. Impacted is the function setNetworkDiag of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation … | |||
| CVE-2026-9513 | medium | 6.3 | 6.3 | 11d ago | A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulat… | |||
| CVE-2026-9512 | medium | 6.3 | 6.3 | 11d ago | A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performin… | |||
| CVE-2026-42776 | medium | 6.3 | 6.3 | 11d ago | Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a throu… | |||
| CVE-2026-9511 | medium | 6.3 | 6.3 | 11d ago | A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argu… |