CVEs from 2026
Total
13,839
critical
critical 1,106
high
high 3,908
medium
medium 3,956
low
low 413
% Critical
8.0%
% with KEV
0.4%
% with exploit
0.4%
Top products
- firepower_threat_defense 298
- chrome 298
- firepower_threat_defense_software 295
- gcp 221
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-7154 | critical | 9.8 | 9.8 | 1mo ago | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipu… | |
| CVE-2026-7153 | critical | 9.8 | 9.8 | 1mo ago | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. … | |
| CVE-2026-7152 | critical | 9.8 | 9.8 | 1mo ago | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulat… | |
| CVE-2026-35903 | critical | 9.8 | 9.8 | 1mo ago | MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP service. After successful Digest authentication in an initial DESCRIBE request, … | |
| CVE-2026-31255 | critical | 9.8 | 9.8 | 1mo ago | A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows… | |
| CVE-2026-41409 | critical | 9.8 | 9.8 | 1mo ago | Apache MINA Vulnerable to Deserialization of Untrusted Data (CVE-2024-52046 Incomplete Fix) | |
| CVE-2026-41635 | critical | 9.8 | 9.8 | 1mo ago | Apache MINA vulnerable to Deserialization of Untrusted Data | |
| CVE-2026-40860 | critical | 9.8 | 9.8 | 1mo ago | JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject() … | |
| CVE-2026-4800 | critical | 9.8 | 9.8 | 1mo ago | Important: pcs security update | |
| CVE-2026-7036 | critical | 9.8 | 9.8 | 1mo ago | A vulnerability was identified in Tenda i9 1.0.0.5(2204). This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal… | |
| CVE-2026-6987 | critical | 9.8 | 9.8 | 1mo ago | PicoClaw has an Injection issue in its Web Launcher Management Plane component | |
| CVE-2026-6951 | critical | 9.8 | 9.8 | 1mo ago | simple-git is vulnerable to Remote Code Execution | |
| CVE-2026-41492 | critical | 9.8 | 9.8 | 1mo ago | Dgraph: Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars | |
| CVE-2026-41898 | critical | 9.8 | 9.8 | 1mo ago | rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callbac… | |
| CVE-2026-41681 | critical | 9.8 | 9.8 | 1mo ago | rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller th… | |
| CVE-2026-41678 | critical | 9.8 | 9.8 | 1mo ago | rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 <= in_.len(), but t… | |
| CVE-2026-41676 | critical | 9.8 | 9.8 | 1mo ago | rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out len… | |
| CVE-2026-31669 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in __inet_lookup_established The ehash table lookups are lockless and rely on SLAB_TYPESAFE_BY_RCU… | |
| CVE-2026-31668 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: seg6: separate dst_cache for input and output paths in seg6 lwtunnel The seg6 lwtunnel uses a single dst_cache per encap route, s… | |
| CVE-2026-31659 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buffers batadv_tt_prepare_tvlv_global_data() builds the allocation length for a g… | |
| CVE-2026-31657 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadv_bla_add_claim() can replace claim->backbone_gw and drop the old gate… | |
| CVE-2026-31649 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix integer underflow in chain mode The jumbo_frm() chain-mode implementation unconditionally computes len = no… | |
| CVE-2026-31637 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkad_decrypt_ticket() decrypts the RXKAD response ticket and then parses the … | |
| CVE-2026-31633 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix integer overflow in rxgk_verify_response() In rxgk_verify_response(), there's a potential integer overflow due to roun… | |
| CVE-2026-31609 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush() smbd_send_batch_flush() already calls smbd_fr… | |
| CVE-2026-31608 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list() smb_direct_flush_send_list() already… | |
| CVE-2026-31589 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mm: call ->free_folio() directly in folio_unmap_invalidate() We can only call filemap_free_folio() if we have a reference to (or … | |
| CVE-2026-31536 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: server: let send_done handle a completion without IB_SEND_SIGNALED With smbdirect_send_batch processing we likely have reque… | |
| CVE-2026-1951 | critical | 9.8 | 9.8 | 1mo ago | Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability. | |
| CVE-2026-1950 | critical | 9.8 | 9.8 | 1mo ago | Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerability. | |
| CVE-2026-1949 | critical | 9.8 | 9.8 | 1mo ago | Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service. | |
| CVE-2026-40630 | critical | 9.8 | 9.8 | 1mo ago | A vulnerability in SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network acc… | |
| CVE-2026-40620 | critical | 9.8 | 9.8 | 1mo ago | A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config appli… | |
| CVE-2026-35503 | critical | 9.8 | 9.8 | 1mo ago | A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rath… | |
| CVE-2026-41274 | critical | 9.8 | 9.8 | 1mo ago | Flowise: Cypher Injection in GraphCypherQAChain | |
| CVE-2026-33819 | critical | 9.8 | 9.8 | 1mo ago | Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network. | |
| CVE-2026-26210 | critical | 9.8 | 9.8 | 1mo ago | KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authe… | |
| CVE-2026-6942 | critical | 9.8 | 9.8 | 1mo ago | radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metachara… | |
| CVE-2026-25874 | critical | 9.8 | 9.8 | 1mo ago | LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels wit… | |
| CVE-2026-41247 | critical | 9.8 | 9.8 | 1mo ago | elFinder: Command injection in resize background color parameter when using ImageMagick CLI | |
| CVE-2026-31533 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption The -EBUSY handling in tls_do_encryption(), introduced by c… | |
| CVE-2026-39087 | critical | 9.8 | 9.8 | 1mo ago | ntfy.sh allows a remote attacker to execute arbitrary code via the parseActions function | |
| CVE-2026-41460 | critical | 9.8 | 9.8 | 1mo ago | SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized befo… | |
| CVE-2026-6887 | critical | 9.8 | 9.8 | 1mo ago | Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, mod… | |
| CVE-2026-6886 | critical | 9.8 | 9.8 | 1mo ago | Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user. | |
| CVE-2026-6885 | critical | 9.8 | 9.8 | 1mo ago | Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell back… | |
| CVE-2026-3960 | critical | 9.8 | 9.8 | 1mo ago | H2O-3 is Vulnerable to Code Injection | |
| CVE-2026-5935 | critical | 9.8 | 9.8 | 1mo ago | IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due … | |
| CVE-2026-41179 | critical | 9.8 | 9.8 | 1mo ago | RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution | |
| CVE-2026-29198 | critical | 9.8 | 9.8 | 1mo ago | In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OA… | |
| CVE-2026-31501 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix use-after-free of CPPI descriptor in RX path cppi5_hdesc_get_psdata() returns a pointer into the CPPI … | |
| CVE-2026-31478 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() After this commit (e2b76ab8b5c9 "ksmbd: add supp… | |
| CVE-2026-31463 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: iomap: fix invalid folio access when i_blkbits differs from I/O granularity Commit aa35dd5cbc06 ("iomap: fix invalid folio access… | |
| CVE-2026-31444 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NULL deref in smb_grant_oplock() smb_grant_oplock() has two issues in the oplock publication sequen… | |
| CVE-2026-31436 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() At the end of this function, d is the traversal c… | |
| CVE-2026-6023 | critical | 9.8 | 9.8 | 1mo ago | In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the c… | |
| CVE-2026-41144 | critical | 9.8 | 9.8 | 1mo ago | F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize > fileSize … | |
| CVE-2026-33519 | critical | 9.8 | 9.8 | 1mo ago | An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentia… | |
| CVE-2026-5965 | critical | 9.8 | 9.8 | 1mo ago | NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server. | |
| CVE-2026-32311 | critical | 9.8 | 9.8 | 1mo ago | Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to ma… | |
| CVE-2026-5760 | critical | 9.8 | 9.8 | 1mo ago | SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered usin… | |
| CVE-2026-5964 | critical | 9.8 | 9.8 | 1mo ago | EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | |
| CVE-2026-5963 | critical | 9.8 | 9.8 | 1mo ago | EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | |
| CVE-2026-40351 | critical | 9.8 | 9.8 | 1mo ago | FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attac… | |
| CVE-2026-35546 | critical | 9.8 | 9.8 | 1mo ago | Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell. | |
| CVE-2026-31843 | critical | 9.8 | 9.8 | 1mo ago | goodoneuz/pay-uz: the /payment/api/editable/update endpoint overwrites existing PHP payment hook files | |
| CVE-2026-6350 | critical | 9.8 | 9.8 | 1mo ago | MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code. | |
| CVE-2026-6349 | critical | 9.8 | 9.8 | 1mo ago | The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server. | |
| CVE-2026-40504 | critical | 9.8 | 9.8 | 1mo ago | Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string li… | |
| CVE-2026-22564 | critical | 9.8 | 9.8 | 1mo ago | An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system. Affected Products: UniFi Play… | |
| CVE-2026-22563 | critical | 9.8 | 9.8 | 1mo ago | A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp (Version 1.0… | |
| CVE-2026-22562 | critical | 9.8 | 9.8 | 1mo ago | A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code exe… | |
| CVE-2026-31282 | critical | 9.8 | 9.8 | 2mo ago | Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the log… | |
| CVE-2026-31414 | critical | 9.8 | 9.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect: use expect->helper Use expect->helper in ctnetlink and /proc to dump the helper name. Using nfct_… | |
| CVE-2026-25208 | critical | 9.8 | 9.8 | 2mo ago | Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335. | |
| CVE-2026-25207 | critical | 9.8 | 9.8 | 2mo ago | Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335. | |
| CVE-2026-25205 | critical | 9.8 | 9.8 | 2mo ago | Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write.This issue affects Escargot:commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335 . | |
| CVE-2026-6110 | critical | 9.8 | 9.8 | 2mo ago | MetaGPT has an eval injection in metagpt/strategy/tot.py | |
| CVE-2026-6057 | critical | 9.8 | 9.8 | 2mo ago | FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution. | |
| CVE-2026-6024 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. … | |
| CVE-2026-5264 | critical | 9.8 | 9.8 | 2mo ago | Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow. | |
| CVE-2026-5974 | critical | 9.8 | 9.8 | 2mo ago | FoundationAgents MetaGPT vulnerable to OS Command Injection in metagpt/tools/libs/terminal.py | |
| CVE-2026-5973 | critical | 9.8 | 9.8 | 2mo ago | FoundationAgents MetaGPT vulnerable to OS Command Injection in metagpt/utils/common.py | |
| CVE-2026-5972 | critical | 9.8 | 9.8 | 2mo ago | FoundationAgents MetaGPT vulnerable to os command injection via the Terminal.run_command | |
| CVE-2026-28205 | critical | 9.8 | 9.8 | 2mo ago | OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API. | |
| CVE-2026-5971 | critical | 9.8 | 9.8 | 2mo ago | A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_node.py of the component XML Handler. Exe… | |
| CVE-2026-5970 | critical | 9.8 | 9.8 | 2mo ago | MetaGPT has an Injection issue | |
| CVE-2026-5962 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack m… | |
| CVE-2026-5849 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack … | |
| CVE-2026-5841 | critical | 9.8 | 9.8 | 2mo ago | A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a manipulation can lead to path traversal… | |
| CVE-2026-31789 | critical | 9.8 | 9.8 | 2mo ago | Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a cr… | |
| CVE-2026-33816 | critical | 9.8 | 9.8 | 2mo ago | Memory-safety vulnerability in github.com/jackc/pgx/v5. | |
| CVE-2026-33815 | critical | 9.8 | 9.8 | 2mo ago | Memory-safety vulnerability in github.com/jackc/pgx/v5. | |
| CVE-2026-5735 | critical | 9.8 | 9.8 | 2mo ago | Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exp… | |
| CVE-2026-22679 | critical | 9.8 | 9.8 | 2mo ago | Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows att… | |
| CVE-2026-1114 | critical | 9.8 | 9.8 | 2mo ago | In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens (JWT). This vulnerabili… | |
| CVE-2026-35022 | critical | 9.8 | 9.8 | 2mo ago | Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configuration values are executed using shell=true without… | |
| CVE-2026-31405 | critical | 9.8 | 9.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_ext_handlers[] and ule_optional_ext_handlers[] ta… | |
| CVE-2026-5584 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability has been found in Fosowl agenticSeek 0.1.0. Impacted is the function PyInterpreter.execute of the file sources/tools/PyInterpreter.py of the component query Endpoint. Such manipulatio… | |
| CVE-2026-5573 | critical | 9.8 | 9.8 | 2mo ago | A weakness has been identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This impacts an unknown function of the file /fs. Executing a manipulation of the argument cwd can lead to unrestricted… |