CVEs from 2026
Total
14,382
critical
critical 1,269
high
high 4,878
medium
medium 4,570
low
low 497
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42373 | high | 8.8 | 8.8 | 1mo ago | D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the s… | |||
| CVE-2026-42372 | high | 8.8 | 8.8 | 1mo ago | D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the s… | |||
| CVE-2026-29514 | high | 8.8 | 8.8 | 1mo ago | NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.get_environment_params() method that allows authenticated users with exporttemplate or con… | |||
| CVE-2026-24072 | high | 8.8 | 8.8 | 1mo ago | An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgra… | |||
| CVE-2026-7750 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The … | |||
| CVE-2026-7749 | high | 8.8 | 8.8 | 1mo ago | A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manip… | |||
| CVE-2026-7748 | high | 8.8 | 8.8 | 1mo ago | A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executin… | |||
| CVE-2026-7717 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Execu… | |||
| CVE-2026-42364 | high | 8.8 | 8.8 | 1mo ago | An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An… | |||
| CVE-2026-7685 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway results in buffer ove… | |||
| CVE-2026-7684 | high | 8.8 | 8.8 | 1mo ago | A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway leads to buffe… | |||
| CVE-2026-7675 | high | 8.8 | 8.8 | 1mo ago | A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid l… | |||
| CVE-2026-7674 | high | 8.8 | 8.8 | 1mo ago | A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation… | |||
| CVE-2026-7609 | high | 8.8 | 8.8 | 1mo ago | A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation cause… | |||
| CVE-2026-7489 | high | 8.8 | 8.8 | 1mo ago | CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | |||
| CVE-2026-7607 | high | 8.8 | 8.8 | 1mo ago | A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udpate. The manipulation of the argument str leads t… | |||
| CVE-2026-2052 | high | 8.8 | 8.8 | 1mo ago | The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via… | |||
| CVE-2026-7641 | high | 8.8 | 8.8 | 1mo ago | The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the `save_extra_user_profile_fields()` function. Thi… | |||
| CVE-2026-6963 | high | 8.8 | 8.8 | 1mo ago | The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmg_save_provider_config AJAX action in all versions up to, and including, 1.8. … | |||
| CVE-2026-42468 | high | 8.8 | 8.8 | 1mo ago | Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_pcap.cpp , the parser's phdr.len field is not properly validated, allowing remote attackers to cause a … | |||
| CVE-2026-37536 | high | 8.8 | 8.8 | 1mo ago | miaofng/uds-c commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a (2016-10-05) contains a stack buffer overflow in send_diagnostic_request. A 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) receives … | |||
| CVE-2026-43048 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: HID: core: Mitigate potential OOB by removing bogus memset() The memset() in hid_report_raw_event() has the good intention of cle… | |||
| CVE-2026-43018 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt hci_conn lookup and field access must be covered by h… | |||
| CVE-2026-31773 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: derive legacy responder STK authentication from MITM state The legacy responder path in smp_random() currently la… | |||
| CVE-2026-31739 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: crypto: tegra - Add missing CRYPTO_ALG_ASYNC The tegra crypto driver failed to set the CRYPTO_ALG_ASYNC on its asynchronous algor… | |||
| CVE-2026-31735 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: iommupt: Fix short gather if the unmap goes into a large mapping unmap has the odd behavior that it can unmap more than requested… | |||
| CVE-2026-31717 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a du… | |||
| CVE-2026-31709 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl build_sec_desc() and id_mode_to_cifs_acl() derive a DACL poin… | |||
| CVE-2026-31706 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl() smb_inherit_dacl() trusts the on-disk num_aces value from the … | |||
| CVE-2026-3772 | high | 8.8 | 8.8 | 1mo ago | The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'add_plugins_page' and '… | |||
| CVE-2026-7548 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd result… | |||
| CVE-2026-7513 | high | 8.8 | 8.8 | 1mo ago | A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The manipulation leads to buffer overflow. Th… | |||
| CVE-2026-7512 | high | 8.8 | 8.8 | 1mo ago | A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/formUser. Executing a manipulation can lead to buffer overflow. The attack … | |||
| CVE-2026-7551 | high | 8.8 | 8.8 | 1mo ago | HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Atta… | |||
| CVE-2026-7503 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impacted element is the function setWiFiMultipleConfig in the library /lib/cste_modules/wireless.so of the file /cgi-bin/cst… | |||
| CVE-2026-6543 | high | 8.8 | 8.8 | 1mo ago | IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment varia… | |||
| CVE-2026-36765 | high | 8.8 | 8.8 | 1mo ago | An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload. | |||
| CVE-2026-36762 | high | 8.8 | 8.8 | 1mo ago | An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary fi… | |||
| CVE-2026-5174 | high | 8.8 | 8.8 | 1mo ago | Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before … | |||
| CVE-2026-36960 | high | 8.8 | 8.8 | 1mo ago | A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF… | |||
| CVE-2026-36956 | high | 8.8 | 8.8 | 1mo ago | A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanism… | |||
| CVE-2026-5402 | high | 8.8 | 8.8 | 1mo ago | TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution | |||
| CVE-2026-7470 | high | 8.8 | 8.8 | 1mo ago | A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based… | |||
| CVE-2026-7420 | high | 8.8 | 8.8 | 1mo ago | A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile res… | |||
| CVE-2026-7419 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile… | |||
| CVE-2026-7418 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Pro… | |||
| CVE-2026-34965 | high | 8.8 | 8.8 | 1mo ago | Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privilege… | |||
| CVE-2026-7466 | high | 8.8 | 8.8 | 1mo ago | AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST /api/runs … | |||
| CVE-2026-38991 | high | 8.8 | 8.8 | 1mo ago | Cockpit Vulnerable to Unrestricted Upload of File with Dangerous Type | |||
| CVE-2026-5712 | high | 8.8 | 8.8 | 1mo ago | This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned… | |||
| CVE-2026-6849 | high | 8.8 | 8.8 | 1mo ago | Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Com… | |||
| CVE-2026-5161 | high | 8.8 | 8.8 | 1mo ago | Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus … | |||
| CVE-2026-5141 | high | 8.8 | 8.8 | 1mo ago | Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking… | |||
| CVE-2026-5140 | high | 8.8 | 8.8 | 1mo ago | Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Authentication Bypass. This issue affects P… | |||
| CVE-2026-41651 | high | 8.8 | 8.8 | 1mo ago | Important: PackageKit security update | |||
| CVE-2026-7363 | high | 8.8 | 8.8 | 1mo ago | Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security s… | |||
| CVE-2026-7361 | high | 8.8 | 8.8 | 1mo ago | Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-7359 | high | 8.8 | 8.8 | 1mo ago | Use after free in ANGLE in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C… | |||
| CVE-2026-7358 | high | 8.8 | 8.8 | 1mo ago | Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7356 | high | 8.8 | 8.8 | 1mo ago | Use after free in Navigation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7355 | high | 8.8 | 8.8 | 1mo ago | Use after free in Media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7354 | high | 8.8 | 8.8 | 1mo ago | Out of bounds read and write in Angle in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: … | |||
| CVE-2026-7348 | high | 8.8 | 8.8 | 1mo ago | Use after free in Codecs in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7344 | high | 8.8 | 8.8 | 1mo ago | Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a cr… | |||
| CVE-2026-7342 | high | 8.8 | 8.8 | 1mo ago | Use after free in WebView in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity… | |||
| CVE-2026-7341 | high | 8.8 | 8.8 | 1mo ago | Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7339 | high | 8.8 | 8.8 | 1mo ago | Heap buffer overflow in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7337 | high | 8.8 | 8.8 | 1mo ago | Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7336 | high | 8.8 | 8.8 | 1mo ago | Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7335 | high | 8.8 | 8.8 | 1mo ago | Use after free in media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7334 | high | 8.8 | 8.8 | 1mo ago | Use after free in Views in Google Chrome on Mac prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-42426 | high | 8.8 | 8.8 | 1mo ago | OpenClaw `node.pair.approve` placed in `operator.write` scope instead of `operator.pairing` allows unprivileged pairing approval | |||
| CVE-2026-42422 | high | 8.8 | 8.8 | 1mo ago | OpenClaw `device.token.rotate` mints tokens for unapproved roles, bypassing device role-upgrade pairing | |||
| CVE-2026-41404 | high | 8.8 | 8.8 | 1mo ago | OpenClaw: Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode | |||
| CVE-2026-41378 | high | 8.8 | 8.8 | 1mo ago | OpenClaw: Paired node escalates to gateway RCE via unrestricted node.event agent dispatch | |||
| CVE-2026-24186 | high | 8.8 | 8.8 | 1mo ago | NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization of untrusted data by sending a malicious FOBS- encoded message. A successful exploit of this vulnerabil… | |||
| CVE-2026-7289 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer o… | |||
| CVE-2026-7288 | high | 8.8 | 8.8 | 1mo ago | A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads … | |||
| CVE-2026-40968 | high | 8.8 | 8.8 | 1mo ago | Spring gRPC SecurityContext leaks across requests upon authorization failure | |||
| CVE-2026-5781 | high | 8.8 | 8.8 | 1mo ago | An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their … | |||
| CVE-2026-5779 | high | 8.8 | 8.8 | 1mo ago | An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the inf… | |||
| CVE-2026-40978 | high | 8.8 | 8.8 | 1mo ago | Spring AI has SQL Injection in CosmosDBVectorStore.doDelete() | |||
| CVE-2026-20766 | high | 8.8 | 8.8 | 1mo ago | An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras. | |||
| CVE-2026-27785 | high | 8.8 | 8.8 | 1mo ago | Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials. | |||
| CVE-2026-7160 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to co… | |||
| CVE-2026-7151 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer ov… | |||
| CVE-2026-6741 | high | 8.8 | 8.8 | 1mo ago | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authoriz… | |||
| CVE-2026-6265 | high | 8.8 | 8.8 | 1mo ago | Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1 | |||
| CVE-2026-7119 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injec… | |||
| CVE-2026-27172 | high | 8.8 | 8.8 | 1mo ago | Apache Camel-Consul component vulnerable to Deserialization of Untrusted Data | |||
| CVE-2026-40858 | high | 8.8 | 8.8 | 1mo ago | Apache Camel-Infinispan Component Vulnerable to Deserialization of Untrusted Data | |||
| CVE-2026-7102 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in comm… | |||
| CVE-2026-7101 | high | 8.8 | 8.8 | 1mo ago | A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Re… | |||
| CVE-2026-7100 | high | 8.8 | 8.8 | 1mo ago | A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overf… | |||
| CVE-2026-7099 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argumen… | |||
| CVE-2026-7098 | high | 8.8 | 8.8 | 1mo ago | A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argum… | |||
| CVE-2026-40473 | high | 8.8 | 8.8 | 1mo ago | Camel-MINA Vulnerable to Deserialization of Untrusted Data | |||
| CVE-2026-7097 | high | 8.8 | 8.8 | 1mo ago | A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of th… | |||
| CVE-2026-7096 | high | 8.8 | 8.8 | 1mo ago | A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_l… | |||
| CVE-2026-7082 | high | 8.8 | 8.8 | 1mo ago | A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the arg… |