CVEs from 2026
Total
13,682
critical
critical 1,199
high
high 4,384
medium
medium 4,286
low
low 468
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6476 | high | 7.2 | 7.2 | 18d ago | SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next r… | |||
| CVE-2026-3718 | high | 7.2 | 7.2 | 19d ago | The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, 4.9.31. This is due to insuffici… | |||
| CVE-2026-45708 | high | 7.2 | 7.2 | 19d ago | CubeCart is an ecommerce software solution. Prior to 6.7.3, an admin with documents edit permission can save raw <?php … ?> into the Invoice Editor. The next time any admin clicks Print on any order,… | |||
| CVE-2026-44380 | high | 7.2 | 7.2 | 19d ago | MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organ… | |||
| CVE-2026-39358 | high | 7.2 | 7.2 | 19d ago | CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters (sort[price], sort_activity, sort_ad… | |||
| CVE-2026-44000 | high | 7.2 | 7.2 | 19d ago | vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary | |||
| CVE-2026-39459 | high | 7.2 | 7.2 | 19d ago | A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running … | |||
| CVE-2026-36741 | high | 7.2 | 7.2 | 19d ago | U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Command Injection. The Network Time Protocol (NTP) configuration interface does not properly sanitize user-supplied input. A… | |||
| CVE-2026-6177 | high | 7.2 | 7.2 | 19d ago | The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTF_Display_Elemen… | |||
| CVE-2026-35506 | high | 7.2 | 7.2 | 19d ago | ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary … | |||
| CVE-2026-6888 | high | 7.2 | 7.2 | 20d ago | Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to acc… | |||
| CVE-2026-43685 | high | 7.2 | 7.2 | 20d ago | A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External OD… | |||
| CVE-2026-43680 | high | 7.2 | 7.2 | 20d ago | A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operat… | |||
| CVE-2026-44246 | high | 7.2 | 7.2 | 20d ago | nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable… | |||
| CVE-2026-44872 | high | 7.2 | 7.2 | 20d ago | A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arb… | |||
| CVE-2026-44865 | high | 7.2 | 7.2 | 20d ago | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo… | |||
| CVE-2026-44864 | high | 7.2 | 7.2 | 20d ago | SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with adm… | |||
| CVE-2026-44863 | high | 7.2 | 7.2 | 20d ago | SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with adm… | |||
| CVE-2026-44862 | high | 7.2 | 7.2 | 20d ago | SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with adm… | |||
| CVE-2026-44861 | high | 7.2 | 7.2 | 20d ago | SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with adm… | |||
| CVE-2026-44860 | high | 7.2 | 7.2 | 20d ago | SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with adm… | |||
| CVE-2026-44859 | high | 7.2 | 7.2 | 20d ago | Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authent… | |||
| CVE-2026-44858 | high | 7.2 | 7.2 | 20d ago | Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authent… | |||
| CVE-2026-44857 | high | 7.2 | 7.2 | 20d ago | Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authent… | |||
| CVE-2026-44856 | high | 7.2 | 7.2 | 20d ago | Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authent… | |||
| CVE-2026-44855 | high | 7.2 | 7.2 | 20d ago | Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authent… | |||
| CVE-2026-44854 | high | 7.2 | 7.2 | 20d ago | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arb… | |||
| CVE-2026-44853 | high | 7.2 | 7.2 | 20d ago | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arb… | |||
| CVE-2026-44852 | high | 7.2 | 7.2 | 20d ago | An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authentica… | |||
| CVE-2026-8431 | high | 7.2 | 7.2 | 20d ago | An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax. This issue affe… | |||
| CVE-2026-23823 | high | 7.2 | 7.2 | 20d ago | A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacke… | |||
| CVE-2026-23821 | high | 7.2 | 7.2 | 20d ago | A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Su… | |||
| CVE-2026-23820 | high | 7.2 | 7.2 | 20d ago | A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands in a restricted shell environme… | |||
| CVE-2026-8051 | high | 7.2 | 7.2 | 20d ago | OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||
| CVE-2026-6690 | high | 7.2 | 7.2 | 21d ago | The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lp_update_mds AJAX action in all versions up to, and including, 2.2.2. This is due to the … | |||
| CVE-2026-41951 | high | 7.2 | 7.2 | 21d ago | Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI. | |||
| CVE-2026-8273 | high | 7.2 | 7.2 | 22d ago | A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgi_set_host/cgi_set_ntp/cgi_fan_control/cgi_merge_user of the file /cgi-bin/system_mgr.cgi. This manipulation caus… | |||
| CVE-2026-8272 | high | 7.2 | 7.2 | 22d ago | A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile_mgr.cgi. The manipulation results in os comma… | |||
| CVE-2026-8271 | high | 7.2 | 7.2 | 22d ago | A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element is the function cgi_speed/cgi_dhcpd_lease/cgi_ddns/cgi_set_ip/cgi_upnp_del/cgi_dhcpd/cgi_upnp_add/cgi_upnp_edit of the f… | |||
| CVE-2026-8265 | high | 7.2 | 7.2 | 22d ago | A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the… | |||
| CVE-2026-8259 | high | 7.2 | 7.2 | 22d ago | A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip lea… | |||
| CVE-2026-3828 | high | 7.2 | 7.2 | 24d ago | Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can e… | |||
| CVE-2026-7330 | high | 7.2 | 7.2 | 25d ago | The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.8.8 This is due to insufficient input sanitization on the 'url' POST par… | |||
| CVE-2026-27891 | high | 7.2 | 7.2 | 25d ago | FacturaScripts Vulnerable to Remote Code Execution (RCE) via Zip Slip in Plugin Upload Mechanism | |||
| CVE-2026-41641 | high | 7.2 | 7.2 | 26d ago | @nocobase/plugin-collection-sql: SQL Validation Bypass Through Missing `checkSQL` Call | |||
| CVE-2026-20035 | high | 7.2 | 7.2 | 26d ago | A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to i… | |||
| CVE-2026-7332 | high | 7.2 | 7.2 | 27d ago | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking_form_page_url' parameter in all versions up to, … | |||
| CVE-2026-39383 | high | 7.2 | 7.2 | 27d ago | Gotenberg Vulnerable to Unauthenticated SSRF via Unfiltered Webhook URL | |||
| CVE-2026-7857 | high | 7.2 | 7.2 | 27d ago | A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /user_group.asp of the component CGI Handler. The manipulation leads to buffer… | |||
| CVE-2026-7856 | high | 7.2 | 7.2 | 27d ago | A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /url_member.asp of the component Web Management Interface. Executing a manipulation of the argument Name c… | |||
| CVE-2026-7855 | high | 7.2 | 7.2 | 27d ago | A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tggl_asp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of th… | |||
| CVE-2026-43874 | high | 7.2 | 7.2 | 27d ago | AVideo has an Incomplete Fix for YPTSocket autoEvalCodeOnHTML Strip: Unauthenticated Cross-User JavaScript Execution via `$msg['json']` Relay Bypass | |||
| CVE-2026-7851 | high | 7.2 | 7.2 | 27d ago | A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affects the function sprintf of the file yyxz.asp. The manipulation of the argument ID leads to stack-based buffer overflow. The atta… | |||
| CVE-2026-7833 | high | 7.2 | 7.2 | 27d ago | A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub_408F90 of the file /cgi/iux_set.cgi of the component ApplyRestore Endpoint. This manipulatio… | |||
| CVE-2026-4803 | high | 7.2 | 7.2 | 28d ago | The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wpr_update_form_action_meta AJAX action in all versions up to, and inclu… | |||
| CVE-2026-38751 | high | 7.2 | 7.2 | 28d ago | OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality (modules/aggiornamenti/upload_modules.php) | |||
| CVE-2026-3120 | high | 7.2 | 7.2 | 28d ago | Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue aff… | |||
| CVE-2026-5063 | high | 7.2 | 7.2 | 1mo ago | The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submit_nex_form() function in versions up to,… | |||
| CVE-2026-7490 | high | 7.2 | 7.2 | 1mo ago | CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution… | |||
| CVE-2026-5324 | high | 7.2 | 7.2 | 1mo ago | The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce v… | |||
| CVE-2026-6229 | high | 7.2 | 7.2 | 1mo ago | The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs i… | |||
| CVE-2026-7049 | high | 7.2 | 7.2 | 1mo ago | The PixelYourSite Pro – Your smart PIXEL (TAG) Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 12.5.0.1 via the scan_video. This makes … | |||
| CVE-2026-5113 | high | 7.2 | 7.2 | 1mo ago | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation me… | |||
| CVE-2026-5112 | high | 7.2 | 7.2 | 1mo ago | The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output esc… | |||
| CVE-2026-5111 | high | 7.2 | 7.2 | 1mo ago | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping on Hidden … | |||
| CVE-2026-5110 | high | 7.2 | 7.2 | 1mo ago | The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output esc… | |||
| CVE-2026-5109 | high | 7.2 | 7.2 | 1mo ago | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Optio… | |||
| CVE-2026-42404 | high | 7.2 | 7.2 | 1mo ago | Apache Neethi doesn't impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API | |||
| CVE-2026-7435 | high | 7.2 | 7.2 | 1mo ago | SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attack… | |||
| CVE-2026-7461 | high | 7.2 | 7.2 | 1mo ago | Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticat… | |||
| CVE-2026-7246 | high | 7.2 | 7.2 | 1mo ago | Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account. | |||
| CVE-2026-42615 | high | 7.2 | 7.2 | 1mo ago | CyberChef has a Cross-site Scripting issue | |||
| CVE-2026-7247 | high | 7.2 | 7.2 | 1mo ago | A vulnerability has been found in D-Link DI-8100 16.07.26A1. Affected by this issue is the function file_exten_asp of the file file_exten.asp of the component File Extension Handler. The manipulation… | |||
| CVE-2026-7219 | high | 7.2 | 7.2 | 1mo ago | A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry_name can lead to buffer overfl… | |||
| CVE-2026-7218 | high | 7.2 | 7.2 | 1mo ago | A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipu… | |||
| CVE-2026-1460 | high | 7.2 | 7.2 | 1mo ago | A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could al… | |||
| CVE-2026-7191 | high | 7.2 | 7.2 | 1mo ago | Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillm… | |||
| CVE-2026-6992 | high | 7.2 | 7.2 | 1mo ago | A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run_central2.sh of the component JNAP Action Handler. T… | |||
| CVE-2026-4821 | high | 7.2 | 7.2 | 1mo ago | An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands… | |||
| CVE-2026-33518 | high | 7.2 | 7.2 | 1mo ago | An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more priv… | |||
| CVE-2026-26943 | high | 7.2 | 7.2 | 1mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vuln… | |||
| CVE-2026-26942 | high | 7.2 | 7.2 | 1mo ago | Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection vulnerability. A high privileged attacke… | |||
| CVE-2026-24506 | high | 7.2 | 7.2 | 1mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vuln… | |||
| CVE-2026-24505 | high | 7.2 | 7.2 | 1mo ago | Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability,… | |||
| CVE-2026-24504 | high | 7.2 | 7.2 | 1mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation… | |||
| CVE-2026-22761 | high | 7.2 | 7.2 | 1mo ago | Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading … | |||
| CVE-2026-4048 | high | 7.2 | 7.2 | 1mo ago | OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster applian… | |||
| CVE-2026-3519 | high | 7.2 | 7.2 | 1mo ago | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the Loa… | |||
| CVE-2026-3518 | high | 7.2 | 7.2 | 1mo ago | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster applia… | |||
| CVE-2026-3517 | high | 7.2 | 7.2 | 1mo ago | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the Lo… | |||
| CVE-2026-4116 | high | 7.2 | 7.2 | 2mo ago | Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication. | |||
| CVE-2026-4113 | high | 7.2 | 7.2 | 2mo ago | An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials. | |||
| CVE-2026-4112 | high | 7.2 | 7.2 | 2mo ago | Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privile… | |||
| CVE-2026-5844 | high | 7.2 | 7.2 | 2mo ago | A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddres… | |||
| CVE-2026-5338 | high | 7.2 | 7.2 | 2mo ago | A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function action_set_system_settings of the file system.lua of the component Setting Handler. Such manipul… | |||
| CVE-2026-27043 | high | 7.2 | 7.2 | 2mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography allows Path Traversal.This issue affects Photography: from n/a before 7.7.6. | |||
| CVE-2026-23759 | high | 7.2 | 7.2 | 3mo ago | Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command do… | |||
| CVE-2026-4253 | high | 7.2 | 7.2 | 3mo ago | A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function route_set_user_policy_rule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of t… | |||
| CVE-2026-3873 | high | 7.2 | 7.2 | 3mo ago | Use of Hard-coded Credentials vulnerability in Avantra allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Avantra: before 25.3.0. | |||
| CVE-2026-1497 | high | 7.2 | 7.2 | 3mo ago | Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an… |