CVEs from 2026
Total
13,470
critical
critical 1,149
high
high 4,102
medium
medium 4,072
low
low 427
% Critical
8.5%
% with KEV
0.4%
% with exploit
0.5%
Top products
- chrome 384
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7288 | high | 8.8 | 8.8 | 1mo ago | A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads … | |||
| CVE-2026-40968 | high | 8.8 | 8.8 | 1mo ago | Spring gRPC SecurityContext leaks across requests upon authorization failure | |||
| CVE-2026-5781 | high | 8.8 | 8.8 | 1mo ago | An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their … | |||
| CVE-2026-5779 | high | 8.8 | 8.8 | 1mo ago | An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the inf… | |||
| CVE-2026-40978 | high | 8.8 | 8.8 | 1mo ago | Spring AI has SQL Injection in CosmosDBVectorStore.doDelete() | |||
| CVE-2026-20766 | high | 8.8 | 8.8 | 1mo ago | An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras. | |||
| CVE-2026-27785 | high | 8.8 | 8.8 | 1mo ago | Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials. | |||
| CVE-2026-7160 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to co… | |||
| CVE-2026-7151 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer ov… | |||
| CVE-2026-6741 | high | 8.8 | 8.8 | 1mo ago | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authoriz… | |||
| CVE-2026-6265 | high | 8.8 | 8.8 | 1mo ago | Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1 | |||
| CVE-2026-7119 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injec… | |||
| CVE-2026-27172 | high | 8.8 | 8.8 | 1mo ago | Apache Camel-Consul component vulnerable to Deserialization of Untrusted Data | |||
| CVE-2026-40858 | high | 8.8 | 8.8 | 1mo ago | Apache Camel-Infinispan Component Vulnerable to Deserialization of Untrusted Data | |||
| CVE-2026-7102 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in comm… | |||
| CVE-2026-7101 | high | 8.8 | 8.8 | 1mo ago | A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Re… | |||
| CVE-2026-7100 | high | 8.8 | 8.8 | 1mo ago | A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overf… | |||
| CVE-2026-7099 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argumen… | |||
| CVE-2026-7098 | high | 8.8 | 8.8 | 1mo ago | A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argum… | |||
| CVE-2026-40473 | high | 8.8 | 8.8 | 1mo ago | Camel-MINA Vulnerable to Deserialization of Untrusted Data | |||
| CVE-2026-7097 | high | 8.8 | 8.8 | 1mo ago | A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of th… | |||
| CVE-2026-7096 | high | 8.8 | 8.8 | 1mo ago | A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_l… | |||
| CVE-2026-7082 | high | 8.8 | 8.8 | 1mo ago | A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the arg… | |||
| CVE-2026-7081 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips… | |||
| CVE-2026-7080 | high | 8.8 | 8.8 | 1mo ago | A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the ar… | |||
| CVE-2026-7079 | high | 8.8 | 8.8 | 1mo ago | A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. This manipulation of the argument wanmode causes bu… | |||
| CVE-2026-7078 | high | 8.8 | 8.8 | 1mo ago | A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the file /goform/SetIpBind of the component httpd. The manipulation of the argument pa… | |||
| CVE-2026-7068 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack ca… | |||
| CVE-2026-33277 | high | 8.8 | 8.8 | 1mo ago | An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user. | |||
| CVE-2026-7057 | high | 8.8 | 8.8 | 1mo ago | A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes… | |||
| CVE-2026-7056 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results … | |||
| CVE-2026-7055 | high | 8.8 | 8.8 | 1mo ago | A security vulnerability has been detected in Tenda F456 1.0.0.5. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component httpd. The manipulation of the argumen… | |||
| CVE-2026-7054 | high | 8.8 | 8.8 | 1mo ago | A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component httpd. Executing a manipulation of the a… | |||
| CVE-2026-7053 | high | 8.8 | 8.8 | 1mo ago | A security flaw has been discovered in Tenda F456 1.0.0.5. This affects the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page re… | |||
| CVE-2026-7035 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was determined in Tenda FH1202 1.2.0.14. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. Executing a manipulation of the argument G… | |||
| CVE-2026-7034 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function WrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Performing a manipulation of the ar… | |||
| CVE-2026-7033 | high | 8.8 | 8.8 | 1mo ago | A vulnerability has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Such manipulation of the argument menuf… | |||
| CVE-2026-7032 | high | 8.8 | 8.8 | 1mo ago | A flaw has been found in Tenda F456 1.0.0.5. Affected is the function SafeEmailFilter of the file /goform/SafeEmailFilter. This manipulation of the argument page causes buffer overflow. The attack ca… | |||
| CVE-2026-7031 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page results in buffer overflow. It… | |||
| CVE-2026-7030 | high | 8.8 | 8.8 | 1mo ago | A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer over… | |||
| CVE-2026-7029 | high | 8.8 | 8.8 | 1mo ago | A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function fromaddressNat of the file /goform/addressNat. Executing a manipulation of the argument menufacturer/Go can … | |||
| CVE-2026-7023 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/database_impl.go of the… | |||
| CVE-2026-7019 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument menufacturer/Go leads … | |||
| CVE-2026-6989 | high | 8.8 | 8.8 | 1mo ago | A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injecti… | |||
| CVE-2026-6988 | high | 8.8 | 8.8 | 1mo ago | A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the… | |||
| CVE-2026-41476 | high | 8.8 | 8.8 | 1mo ago | Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's clipboard deserialization allows a connected peer to trigger an out-of-bounds re… | |||
| CVE-2026-41429 | high | 8.8 | 8.8 | 1mo ago | arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS… | |||
| CVE-2026-31629 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: add missing return after LLCP_CLOSED checks In nfc_llcp_recv_hdlc() and nfc_llcp_recv_disc(), when the socket state is… | |||
| CVE-2026-31622 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: NFC: digital: Bounds check NFC-A cascade depth in SDD response handler The NFC-A anti-collision cascade in digital_in_recv_sdd_re… | |||
| CVE-2026-31588 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Use scratch field in MMIO fragment to hold small write values When exiting to userspace to service an emulated MMIO wri… | |||
| CVE-2026-31570 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: can: gw: fix OOB heap access in cgw_csum_crc8_rel() cgw_csum_crc8_rel() correctly computes bounds-safe indices via calc_idx(): … | |||
| CVE-2026-31558 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Make kvm_get_vcpu_by_cpuid() more robust kvm_get_vcpu_by_cpuid() takes a cpuid parameter whose type is int, so cp… | |||
| CVE-2026-31553 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix the descriptor address in __kvm_at_swap_desc() Using "(u64 __user *)hva + offset" to get the virtual addresses of… | |||
| CVE-2026-42205 | high | 8.8 | 8.8 | 1mo ago | Avo: Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources | |||
| CVE-2026-41359 | high | 8.8 | 8.8 | 1mo ago | OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send | |||
| CVE-2026-41352 | high | 8.8 | 8.8 | 1mo ago | OpenClaw: Device-Paired Node Skips Node Scope Gate → Host RCE.md | |||
| CVE-2026-41349 | high | 8.8 | 8.8 | 1mo ago | OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to … | |||
| CVE-2026-41344 | high | 8.8 | 8.8 | 1mo ago | OpenClaw: Gateway `operator.write` can reach admin-only persisted `verboseLevel` via `chat.send` `/verbose` | |||
| CVE-2026-5039 | high | 8.8 | 8.8 | 1mo ago | TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in de… | |||
| CVE-2026-6859 | high | 8.8 | 8.8 | 1mo ago | InstructLab Includes Functionality from Untrusted Control Sphere | |||
| CVE-2026-31450 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ext4: publish jinode after initialization ext4_inode_attach_jinode() publishes ei->jinode to concurrent users. It used to set ei-… | |||
| CVE-2026-31435 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment during retry Under certain circumstances, all the remaining subrequests from a read request will get … | |||
| CVE-2026-31433 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in get_file_all_info() for compound requests When a compound request consists of QUERY_DIRECTORY + QUERY… | |||
| CVE-2026-31432 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERY_INFO for compound requests When a compound request such as READ + QUERY_INFO(Security) is received,… | |||
| CVE-2026-4296 | high | 8.8 | 8.8 | 1mo ago | An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party … | |||
| CVE-2026-40906 | high | 8.8 | 8.8 | 1mo ago | Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the ElectricSQL /v1/shape API is vulnerable to error-based SQL injection, allowing any authenticated user to… | |||
| CVE-2026-6819 | high | 8.8 | 8.8 | 1mo ago | HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default. Attacker… | |||
| CVE-2026-41038 | high | 8.8 | 8.8 | 1mo ago | This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this v… | |||
| CVE-2026-41037 | high | 8.8 | 8.8 | 1mo ago | This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same netwo… | |||
| CVE-2026-41036 | high | 8.8 | 8.8 | 1mo ago | This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnera… | |||
| CVE-2026-6249 | high | 8.8 | 8.8 | 1mo ago | Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webs… | |||
| CVE-2026-5967 | high | 8.8 | 8.8 | 1mo ago | ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privilege… | |||
| CVE-2026-40352 | high | 8.8 | 8.8 | 1mo ago | FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verific… | |||
| CVE-2026-40066 | high | 8.8 | 8.8 | 1mo ago | Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution. | |||
| CVE-2026-35682 | high | 8.8 | 8.8 | 1mo ago | Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution (e.g., starting telnetd), resulting in root‑level access. | |||
| CVE-2026-6348 | high | 8.8 | 8.8 | 1mo ago | WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machin… | |||
| CVE-2026-5363 | high | 8.8 | 8.8 | 1mo ago | Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using R… | |||
| CVE-2026-40316 | high | 8.8 | 8.8 | 1mo ago | OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workfl… | |||
| CVE-2026-6360 | high | 8.8 | 8.8 | 1mo ago | Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-6317 | high | 8.8 | 8.8 | 1mo ago | Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-6315 | high | 8.8 | 8.8 | 1mo ago | Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a craf… | |||
| CVE-2026-6306 | high | 8.8 | 8.8 | 1mo ago | Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High) | |||
| CVE-2026-6302 | high | 8.8 | 8.8 | 1mo ago | Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-6301 | high | 8.8 | 8.8 | 1mo ago | Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-6300 | high | 8.8 | 8.8 | 1mo ago | Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-6299 | high | 8.8 | 8.8 | 1mo ago | Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-6318 | high | 8.8 | 8.8 | 1mo ago | Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-6363 | high | 8.8 | 8.8 | 1mo ago | Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-6316 | high | 8.8 | 8.8 | 1mo ago | Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-6305 | high | 8.8 | 8.8 | 1mo ago | Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High) | |||
| CVE-2026-6303 | high | 8.8 | 8.8 | 1mo ago | Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-6358 | high | 8.8 | 8.8 | 1mo ago | Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critic… | |||
| CVE-2026-41133 | high | 8.8 | 8.8 | 2mo ago | pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache `role` and `permission` in the session at login and continues to authorize reques… | |||
| CVE-2026-24893 | high | 8.8 | 8.8 | 2mo ago | openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows a… | |||
| CVE-2026-33120 | high | 8.8 | 8.8 | 2mo ago | Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network. | |||
| CVE-2026-32171 | high | 8.8 | 8.8 | 2mo ago | Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2026-32157 | high | 8.8 | 8.8 | 2mo ago | Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | |||
| CVE-2026-29955 | high | 8.8 | 8.8 | 2mo ago | The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute sh… | |||
| CVE-2026-6137 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument wanmode/PPPOEPassword… | |||
| CVE-2026-6136 | high | 8.8 | 8.8 | 2mo ago | A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to stack-based … |