CVEs from 2026
Total
13,336
critical
critical 1,126
high
high 3,974
medium
medium 4,024
low
low 422
% Critical
8.4%
% with KEV
0.4%
% with exploit
0.5%
Top products
- chrome 299
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 221
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-37536 | high | 8.8 | 8.8 | 27d ago | miaofng/uds-c commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a (2016-10-05) contains a stack buffer overflow in send_diagnostic_request. A 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) receives … | |||
| CVE-2026-43048 | high | 8.8 | 8.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: HID: core: Mitigate potential OOB by removing bogus memset() The memset() in hid_report_raw_event() has the good intention of cle… | |||
| CVE-2026-43018 | high | 8.8 | 8.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt hci_conn lookup and field access must be covered by h… | |||
| CVE-2026-31773 | high | 8.8 | 8.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: derive legacy responder STK authentication from MITM state The legacy responder path in smp_random() currently la… | |||
| CVE-2026-31739 | high | 8.8 | 8.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: crypto: tegra - Add missing CRYPTO_ALG_ASYNC The tegra crypto driver failed to set the CRYPTO_ALG_ASYNC on its asynchronous algor… | |||
| CVE-2026-31735 | high | 8.8 | 8.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: iommupt: Fix short gather if the unmap goes into a large mapping unmap has the odd behavior that it can unmap more than requested… | |||
| CVE-2026-31717 | high | 8.8 | 8.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a du… | |||
| CVE-2026-31709 | high | 8.8 | 8.8 | 27d ago | Important: kernel-rt security update | |||
| CVE-2026-31706 | high | 8.8 | 8.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl() smb_inherit_dacl() trusts the on-disk num_aces value from the … | |||
| CVE-2026-3772 | high | 8.8 | 8.8 | 27d ago | The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'add_plugins_page' and '… | |||
| CVE-2026-7548 | high | 8.8 | 8.8 | 28d ago | A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd result… | |||
| CVE-2026-7513 | high | 8.8 | 8.8 | 28d ago | A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The manipulation leads to buffer overflow. Th… | |||
| CVE-2026-7512 | high | 8.8 | 8.8 | 28d ago | A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/formUser. Executing a manipulation can lead to buffer overflow. The attack … | |||
| CVE-2026-7551 | high | 8.8 | 8.8 | 28d ago | HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Atta… | |||
| CVE-2026-7503 | high | 8.8 | 8.8 | 28d ago | A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impacted element is the function setWiFiMultipleConfig in the library /lib/cste_modules/wireless.so of the file /cgi-bin/cst… | |||
| CVE-2026-6543 | high | 8.8 | 8.8 | 28d ago | IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment varia… | |||
| CVE-2026-36765 | high | 8.8 | 8.8 | 28d ago | An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload. | |||
| CVE-2026-36762 | high | 8.8 | 8.8 | 28d ago | An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary fi… | |||
| CVE-2026-5174 | high | 8.8 | 8.8 | 28d ago | Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before … | |||
| CVE-2026-36960 | high | 8.8 | 8.8 | 28d ago | A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF… | |||
| CVE-2026-36956 | high | 8.8 | 8.8 | 28d ago | A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanism… | |||
| CVE-2026-5402 | high | 8.8 | 8.8 | 29d ago | TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution | |||
| CVE-2026-7470 | high | 8.8 | 8.8 | 29d ago | A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based… | |||
| CVE-2026-7420 | high | 8.8 | 8.8 | 29d ago | A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile res… | |||
| CVE-2026-7419 | high | 8.8 | 8.8 | 29d ago | A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile… | |||
| CVE-2026-7418 | high | 8.8 | 8.8 | 29d ago | A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Pro… | |||
| CVE-2026-34965 | high | 8.8 | 8.8 | 29d ago | Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privilege… | |||
| CVE-2026-7466 | high | 8.8 | 8.8 | 29d ago | AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST /api/runs … | |||
| CVE-2026-38991 | high | 8.8 | 8.8 | 29d ago | Cockpit Vulnerable to Unrestricted Upload of File with Dangerous Type | |||
| CVE-2026-5712 | high | 8.8 | 8.8 | 29d ago | This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned… | |||
| CVE-2026-6849 | high | 8.8 | 8.8 | 29d ago | Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Com… | |||
| CVE-2026-5161 | high | 8.8 | 8.8 | 29d ago | Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus … | |||
| CVE-2026-5141 | high | 8.8 | 8.8 | 29d ago | Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking… | |||
| CVE-2026-5140 | high | 8.8 | 8.8 | 29d ago | Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Authentication Bypass. This issue affects P… | |||
| CVE-2026-41651 | high | 8.8 | 8.8 | 1mo ago | Important: PackageKit security update | |||
| CVE-2026-7363 | high | 8.8 | 8.8 | 1mo ago | Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security s… | |||
| CVE-2026-7361 | high | 8.8 | 8.8 | 1mo ago | Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-7359 | high | 8.8 | 8.8 | 1mo ago | Use after free in ANGLE in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C… | |||
| CVE-2026-7358 | high | 8.8 | 8.8 | 1mo ago | Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7356 | high | 8.8 | 8.8 | 1mo ago | Use after free in Navigation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7355 | high | 8.8 | 8.8 | 1mo ago | Use after free in Media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7354 | high | 8.8 | 8.8 | 1mo ago | Out of bounds read and write in Angle in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: … | |||
| CVE-2026-7348 | high | 8.8 | 8.8 | 1mo ago | Use after free in Codecs in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7344 | high | 8.8 | 8.8 | 1mo ago | Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a cr… | |||
| CVE-2026-7342 | high | 8.8 | 8.8 | 1mo ago | Use after free in WebView in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity… | |||
| CVE-2026-7341 | high | 8.8 | 8.8 | 1mo ago | Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7339 | high | 8.8 | 8.8 | 1mo ago | Heap buffer overflow in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7337 | high | 8.8 | 8.8 | 1mo ago | Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7336 | high | 8.8 | 8.8 | 1mo ago | Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7335 | high | 8.8 | 8.8 | 1mo ago | Use after free in media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7334 | high | 8.8 | 8.8 | 1mo ago | Use after free in Views in Google Chrome on Mac prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-42426 | high | 8.8 | 8.8 | 1mo ago | OpenClaw `node.pair.approve` placed in `operator.write` scope instead of `operator.pairing` allows unprivileged pairing approval | |||
| CVE-2026-42422 | high | 8.8 | 8.8 | 1mo ago | OpenClaw `device.token.rotate` mints tokens for unapproved roles, bypassing device role-upgrade pairing | |||
| CVE-2026-41404 | high | 8.8 | 8.8 | 1mo ago | OpenClaw: Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode | |||
| CVE-2026-41378 | high | 8.8 | 8.8 | 1mo ago | OpenClaw: Paired node escalates to gateway RCE via unrestricted node.event agent dispatch | |||
| CVE-2026-24186 | high | 8.8 | 8.8 | 1mo ago | NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization of untrusted data by sending a malicious FOBS- encoded message. A successful exploit of this vulnerabil… | |||
| CVE-2026-7289 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer o… | |||
| CVE-2026-7288 | high | 8.8 | 8.8 | 1mo ago | A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads … | |||
| CVE-2026-40968 | high | 8.8 | 8.8 | 1mo ago | Spring gRPC SecurityContext leaks across requests upon authorization failure | |||
| CVE-2026-5781 | high | 8.8 | 8.8 | 1mo ago | An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their … | |||
| CVE-2026-5779 | high | 8.8 | 8.8 | 1mo ago | An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the inf… | |||
| CVE-2026-40978 | high | 8.8 | 8.8 | 1mo ago | Spring AI has SQL Injection in CosmosDBVectorStore.doDelete() | |||
| CVE-2026-20766 | high | 8.8 | 8.8 | 1mo ago | An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras. | |||
| CVE-2026-27785 | high | 8.8 | 8.8 | 1mo ago | Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials. | |||
| CVE-2026-7160 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to co… | |||
| CVE-2026-7151 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer ov… | |||
| CVE-2026-6741 | high | 8.8 | 8.8 | 1mo ago | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authoriz… | |||
| CVE-2026-6265 | high | 8.8 | 8.8 | 1mo ago | Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1 | |||
| CVE-2026-7119 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injec… | |||
| CVE-2026-27172 | high | 8.8 | 8.8 | 1mo ago | Apache Camel-Consul component vulnerable to Deserialization of Untrusted Data | |||
| CVE-2026-40858 | high | 8.8 | 8.8 | 1mo ago | Apache Camel-Infinispan Component Vulnerable to Deserialization of Untrusted Data | |||
| CVE-2026-7102 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in comm… | |||
| CVE-2026-7101 | high | 8.8 | 8.8 | 1mo ago | A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Re… | |||
| CVE-2026-7100 | high | 8.8 | 8.8 | 1mo ago | A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overf… | |||
| CVE-2026-7099 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argumen… | |||
| CVE-2026-7098 | high | 8.8 | 8.8 | 1mo ago | A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argum… | |||
| CVE-2026-40473 | high | 8.8 | 8.8 | 1mo ago | Camel-MINA Vulnerable to Deserialization of Untrusted Data | |||
| CVE-2026-7097 | high | 8.8 | 8.8 | 1mo ago | A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of th… | |||
| CVE-2026-7096 | high | 8.8 | 8.8 | 1mo ago | A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_l… | |||
| CVE-2026-7082 | high | 8.8 | 8.8 | 1mo ago | A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the arg… | |||
| CVE-2026-7081 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips… | |||
| CVE-2026-7080 | high | 8.8 | 8.8 | 1mo ago | A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the ar… | |||
| CVE-2026-7079 | high | 8.8 | 8.8 | 1mo ago | A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. This manipulation of the argument wanmode causes bu… | |||
| CVE-2026-7078 | high | 8.8 | 8.8 | 1mo ago | A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the file /goform/SetIpBind of the component httpd. The manipulation of the argument pa… | |||
| CVE-2026-7068 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack ca… | |||
| CVE-2026-33277 | high | 8.8 | 8.8 | 1mo ago | An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user. | |||
| CVE-2026-7057 | high | 8.8 | 8.8 | 1mo ago | A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes… | |||
| CVE-2026-7056 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results … | |||
| CVE-2026-7055 | high | 8.8 | 8.8 | 1mo ago | A security vulnerability has been detected in Tenda F456 1.0.0.5. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component httpd. The manipulation of the argumen… | |||
| CVE-2026-7054 | high | 8.8 | 8.8 | 1mo ago | A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component httpd. Executing a manipulation of the a… | |||
| CVE-2026-7053 | high | 8.8 | 8.8 | 1mo ago | A security flaw has been discovered in Tenda F456 1.0.0.5. This affects the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page re… | |||
| CVE-2026-7035 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was determined in Tenda FH1202 1.2.0.14. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. Executing a manipulation of the argument G… | |||
| CVE-2026-7034 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function WrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Performing a manipulation of the ar… | |||
| CVE-2026-7033 | high | 8.8 | 8.8 | 1mo ago | A vulnerability has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Such manipulation of the argument menuf… | |||
| CVE-2026-7032 | high | 8.8 | 8.8 | 1mo ago | A flaw has been found in Tenda F456 1.0.0.5. Affected is the function SafeEmailFilter of the file /goform/SafeEmailFilter. This manipulation of the argument page causes buffer overflow. The attack ca… | |||
| CVE-2026-7031 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page results in buffer overflow. It… | |||
| CVE-2026-7030 | high | 8.8 | 8.8 | 1mo ago | A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer over… | |||
| CVE-2026-7029 | high | 8.8 | 8.8 | 1mo ago | A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function fromaddressNat of the file /goform/addressNat. Executing a manipulation of the argument menufacturer/Go can … | |||
| CVE-2026-7023 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/database_impl.go of the… | |||
| CVE-2026-7019 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument menufacturer/Go leads … |