CVEs from 2026
Total
14,122
critical
critical 1,246
high
high 4,695
medium
medium 4,473
low
low 488
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.8%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 247
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44109 | critical | 9.8 | 9.8 | 28d ago | OpenClaw: Feishu webhook and card-action validation now fail closed | |||
| CVE-2026-43585 | critical | 9.8 | 9.8 | 28d ago | OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation | |||
| CVE-2026-43575 | critical | 9.8 | 9.8 | 28d ago | OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can acces… | |||
| CVE-2026-41930 | critical | 9.8 | 9.8 | 28d ago | Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin con… | |||
| CVE-2026-43208 | critical | 9.8 | 9.8 | 29d ago | In the Linux kernel, the following vulnerability has been resolved: net: do not pass flow_id to set_rps_cpu() Blamed commit made the assumption that the RPS table for each receive queue would have … | |||
| CVE-2026-43198 | critical | 9.8 | 9.8 | 29d ago | In the Linux kernel, the following vulnerability has been resolved: tcp: fix potential race in tcp_v6_syn_recv_sock() Code in tcp_v6_syn_recv_sock() after the call to tcp_v4_syn_recv_sock() is done… | |||
| CVE-2026-43186 | critical | 9.8 | 9.8 | 29d ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data() On the receive path, __ioam6_fill_trace_data() uses trace->node… | |||
| CVE-2026-43185 | critical | 9.8 | 9.8 | 29d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix signededness bug in smb_direct_prepare_negotiation() smb_direct_prepare_negotiation() casts an unsigned __u32 value fr… | |||
| CVE-2026-43125 | critical | 9.8 | 9.8 | 29d ago | In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlm_search_rsb_tree The len parameter in dlm_dump_rsb_name() is not validated and comes from network mess… | |||
| CVE-2026-28780 | critical | 9.8 | 9.8 | 29d ago | Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy… | |||
| CVE-2026-35579 | critical | 9.8 | 9.8 | 29d ago | CoreDNS has TSIG authentication bypass on gRPC and QUIC transports | |||
| CVE-2026-7854 | critical | 9.8 | 9.8 | 29d ago | A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the component POST Parameter Handler.… | |||
| CVE-2026-38428 | critical | 9.8 | 9.8 | 29d ago | Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitiza… | |||
| CVE-2026-27960 | critical | 9.8 | 9.8 | 29d ago | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploi… | |||
| CVE-2026-7853 | critical | 9.8 | 9.8 | 29d ago | A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time… | |||
| CVE-2026-38431 | critical | 9.8 | 9.8 | 1mo ago | ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email templates can inject template expressions that are executed on… | |||
| CVE-2026-38429 | critical | 9.8 | 9.8 | 1mo ago | OpenCMS v20 and before is vulnerable to XML External Entity (XXE) in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml. | |||
| CVE-2026-43067 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ext4: handle wraparound when searching for blocks for indirect mapped blocks Commit 4865c768b563 ("ext4: always allocate blocks o… | |||
| CVE-2026-7834 | critical | 9.8 | 9.8 | 1mo ago | A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation leads to stack-bas… | |||
| CVE-2026-43566 | critical | 9.8 | 9.8 | 1mo ago | OpenClaw: Heartbeat owner downgrade missed untrusted webhook wake events | |||
| CVE-2026-43534 | critical | 9.8 | 9.8 | 1mo ago | OpenClaw: Agent hook events could enqueue trusted system events from unsanitized external input | |||
| CVE-2026-7823 | critical | 9.8 | 9.8 | 1mo ago | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results… | |||
| CVE-2026-5294 | critical | 9.8 | 9.8 | 1mo ago | The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX route allowing attacker-controlled model/function dispa… | |||
| CVE-2026-5722 | critical | 9.8 | 9.8 | 1mo ago | The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or r… | |||
| CVE-2026-42601 | critical | 9.8 | 9.8 | 1mo ago | ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView | |||
| CVE-2026-42238 | critical | 9.8 | 9.8 | 1mo ago | Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore | |||
| CVE-2026-42222 | critical | 9.8 | 9.8 | 1mo ago | Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover | |||
| CVE-2026-42221 | critical | 9.8 | 9.8 | 1mo ago | Nginx-UI: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim | |||
| CVE-2026-42233 | critical | 9.8 | 9.8 | 1mo ago | n8n has SQL Injection in Oracle Database Node via Limit Field | |||
| CVE-2026-42796 | critical | 9.8 | 9.8 | 1mo ago | Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager… | |||
| CVE-2026-42376 | critical | 9.8 | 9.8 | 1mo ago | D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username "Alphanetworks… | |||
| CVE-2026-42076 | critical | 9.8 | 9.8 | 1mo ago | Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution | |||
| CVE-2026-42027 | critical | 9.8 | 9.8 | 1mo ago | Apache OpenNLP ExtensionLoader Vulnerable to Arbitrary Class Instantiation via Model Manifest | |||
| CVE-2026-26956 | critical | 9.8 | 9.8 | 1mo ago | VM2 Has a WASM Sandbox Escape (Node 25 only) | |||
| CVE-2026-25293 | critical | 9.8 | 9.8 | 1mo ago | Buffer overflow due to incorrect authorization in PLC FW | |||
| CVE-2026-24781 | critical | 9.8 | 9.8 | 1mo ago | VM2 Has Sandbox Breakout Through Inspect Function | |||
| CVE-2026-24120 | critical | 9.8 | 9.8 | 1mo ago | VM2 Has Sandbox Breakout Through Promise Species | |||
| CVE-2026-24118 | critical | 9.8 | 9.8 | 1mo ago | VM2 Sandbox Breakout Through __lookupGetter__ | |||
| CVE-2026-23918 | high | 8.8 | 9.8 | 1mo ago | Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which f… | |||
| CVE-2026-7747 | critical | 9.8 | 9.8 | 1mo ago | A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. P… | |||
| CVE-2026-7719 | critical | 9.8 | 9.8 | 1mo ago | A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The … | |||
| CVE-2026-42370 | critical | 9.8 | 9.8 | 1mo ago | A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker ca… | |||
| CVE-2026-42258 | critical | 9.8 | 9.8 | 1mo ago | net-imap vulnerable to command Injection via unvalidated Symbol inputs | |||
| CVE-2026-42257 | critical | 9.8 | 9.8 | 1mo ago | net-imap vulnerable to command Injection via "raw" arguments to multiple commands | |||
| CVE-2026-31402 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache The NFSv4.0 replay cache uses a fixed 112-byte inline buffer (rp_ibuf[NFSD4_… | |||
| CVE-2026-7690 | critical | 9.8 | 9.8 | 1mo ago | A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410_221110. This issue affects the function set_sys_adm of the file /cgi-bin/adm.cgi. This manipulation of the argument Username causes … | |||
| CVE-2026-7458 | critical | 9.8 | 9.8 | 1mo ago | The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operato… | |||
| CVE-2026-4882 | critical | 9.8 | 9.8 | 1mo ago | The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAF_AJAX::method_upload' function in all versions up to… | |||
| CVE-2026-37540 | critical | 9.8 | 9.8 | 1mo ago | OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elf_loader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF h… | |||
| CVE-2026-37539 | critical | 9.8 | 9.8 | 1mo ago | Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of… | |||
| CVE-2026-37534 | critical | 9.8 | 9.8 | 1mo ago | Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Transport_Protocol_Data_Transfer,allows attackers to write to arb… | |||
| CVE-2026-37531 | critical | 9.8 | 9.8 | 1mo ago | AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename fu… | |||
| CVE-2026-42473 | critical | 9.8 | 9.8 | 1mo ago | Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from the filesystem in the FileHandler object. | |||
| CVE-2026-42472 | critical | 9.8 | 9.8 | 1mo ago | Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object. | |||
| CVE-2026-43039 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix missing data copy and wrong recycle in ZC RX dispatch emac_dispatch_skb_zc() allocates a new skb via n… | |||
| CVE-2026-43038 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() Sashiko AI-review observed: In ip6_err_gen_icmpv6_unreach(), the … | |||
| CVE-2026-43037 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() Oskar Kjos reported the following problem. ip4ip6_err() calls icmp_send() on a clon… | |||
| CVE-2026-43011 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix potential double free of skb When alloc_skb fails in x25_queue_rx_frame it calls kfree_skb(skb) at line 48 and retur… | |||
| CVE-2026-42484 | critical | 9.8 | 9.8 | 1mo ago | A heap-based buffer overflow in hex_to_binary in the PKZIP hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted PKZIP hash fi… | |||
| CVE-2026-42483 | critical | 9.8 | 9.8 | 1mo ago | A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The iss… | |||
| CVE-2026-42482 | critical | 9.8 | 9.8 | 1mo ago | A stack-based buffer overflow in mangle_to_hex_lower() and mangle_to_hex_upper() in src/rp_cpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code v… | |||
| CVE-2026-31718 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger When a durable file handle survives session disconnect (TCP… | |||
| CVE-2026-31705 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment smb2_get_ea() applies 4-byte alignment padding via memset() after wr… | |||
| CVE-2026-42779 | critical | 9.8 | 9.8 | 1mo ago | Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41635 Incomplete Fix) | |||
| CVE-2026-42778 | critical | 9.8 | 9.8 | 1mo ago | Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41409 Incomplete Fix) | |||
| CVE-2026-42994 | critical | 9.8 | 9.8 | 1mo ago | Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident. | |||
| CVE-2026-7546 | critical | 9.8 | 9.8 | 1mo ago | A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted element is the function find_host_ip of the component lighttpd. Such manipulation of the argument Ho… | |||
| CVE-2026-7538 | critical | 9.8 | 9.8 | 1mo ago | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation o… | |||
| CVE-2026-40685 | critical | 9.8 | 9.8 | 1mo ago | In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation… | |||
| CVE-2026-2311 | critical | 9.8 | 9.8 | 1mo ago | IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to ru… | |||
| CVE-2026-33447 | critical | 9.8 | 9.8 | 1mo ago | CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrit… | |||
| CVE-2026-33446 | critical | 9.8 | 9.8 | 1mo ago | CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overw… | |||
| CVE-2026-4670 | critical | 9.8 | 9.8 | 1mo ago | Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from… | |||
| CVE-2026-42799 | critical | 9.8 | 9.8 | 1mo ago | Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers. This vulnerability is associated with program files Code/Nr/nr_fw/RA/src/NrPwrCtrl.C. This issue affects … | |||
| CVE-2026-22070 | critical | 9.8 | 9.8 | 1mo ago | ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal. | |||
| CVE-2026-34084 | critical | 9.8 | 9.8 | 1mo ago | PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled | |||
| CVE-2026-26015 | critical | 9.8 | 9.8 | 1mo ago | DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a … | |||
| CVE-2026-38992 | critical | 9.8 | 9.8 | 1mo ago | Cockpit is vulnerable to arbitrary code execution | |||
| CVE-2026-36841 | critical | 9.8 | 9.8 | 1mo ago | TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function. | |||
| CVE-2026-42249 | critical | 9.8 | 9.8 | 1mo ago | Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the applicat… | |||
| CVE-2026-42248 | critical | 9.8 | 9.8 | 1mo ago | Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unco… | |||
| CVE-2026-41446 | critical | 9.8 | 9.8 | 1mo ago | Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both… | |||
| CVE-2026-41386 | critical | 9.8 | 9.8 | 1mo ago | OpenClaw: Unbound bootstrap setup codes allow privilege escalation during pairing | |||
| CVE-2026-24178 | critical | 9.8 | 9.8 | 1mo ago | NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A succ… | |||
| CVE-2026-41873 | critical | 9.8 | 9.8 | 1mo ago | ** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover. This issue affects all … | |||
| CVE-2026-7244 | critical | 9.8 | 9.8 | 1mo ago | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Th… | |||
| CVE-2026-7243 | critical | 9.8 | 9.8 | 1mo ago | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulatio… | |||
| CVE-2026-7242 | critical | 9.8 | 9.8 | 1mo ago | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipul… | |||
| CVE-2026-7241 | critical | 9.8 | 9.8 | 1mo ago | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipula… | |||
| CVE-2026-7240 | critical | 9.8 | 9.8 | 1mo ago | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such ma… | |||
| CVE-2026-7204 | critical | 9.8 | 9.8 | 1mo ago | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulati… | |||
| CVE-2026-7203 | critical | 9.8 | 9.8 | 1mo ago | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipul… | |||
| CVE-2026-7202 | critical | 9.8 | 9.8 | 1mo ago | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of th… | |||
| CVE-2026-32644 | critical | 9.8 | 9.8 | 1mo ago | Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys. | |||
| CVE-2026-40974 | critical | 9.8 | 9.8 | 1mo ago | Spring Boot's Cassandra SSL auto-configuration disables TLS hostname verification | |||
| CVE-2026-7156 | critical | 9.8 | 9.8 | 1mo ago | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argume… | |||
| CVE-2026-7155 | critical | 9.8 | 9.8 | 1mo ago | A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The ma… | |||
| CVE-2026-7154 | critical | 9.8 | 9.8 | 1mo ago | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipu… | |||
| CVE-2026-7153 | critical | 9.8 | 9.8 | 1mo ago | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. … | |||
| CVE-2026-7152 | critical | 9.8 | 9.8 | 1mo ago | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulat… |