CVEs from 2026
Total
13,307
critical
critical 1,106
high
high 3,925
medium
medium 3,978
low
low 415
% Critical
8.3%
% with KEV
0.4%
% with exploit
0.5%
Top products
- chrome 299
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 221
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-31570 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: can: gw: fix OOB heap access in cgw_csum_crc8_rel() cgw_csum_crc8_rel() correctly computes bounds-safe indices via calc_idx(): … | |
| CVE-2026-31558 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Make kvm_get_vcpu_by_cpuid() more robust kvm_get_vcpu_by_cpuid() takes a cpuid parameter whose type is int, so cp… | |
| CVE-2026-31553 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix the descriptor address in __kvm_at_swap_desc() Using "(u64 __user *)hva + offset" to get the virtual addresses of… | |
| CVE-2026-42205 | high | 8.8 | 8.8 | 1mo ago | Avo: Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources | |
| CVE-2026-41359 | high | 8.8 | 8.8 | 1mo ago | OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send | |
| CVE-2026-41352 | high | 8.8 | 8.8 | 1mo ago | OpenClaw: Device-Paired Node Skips Node Scope Gate → Host RCE.md | |
| CVE-2026-41349 | high | 8.8 | 8.8 | 1mo ago | OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to … | |
| CVE-2026-41344 | high | 8.8 | 8.8 | 1mo ago | OpenClaw: Gateway `operator.write` can reach admin-only persisted `verboseLevel` via `chat.send` `/verbose` | |
| CVE-2026-5039 | high | 8.8 | 8.8 | 1mo ago | TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in de… | |
| CVE-2026-6859 | high | 8.8 | 8.8 | 1mo ago | InstructLab Includes Functionality from Untrusted Control Sphere | |
| CVE-2026-31450 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ext4: publish jinode after initialization ext4_inode_attach_jinode() publishes ei->jinode to concurrent users. It used to set ei-… | |
| CVE-2026-31435 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment during retry Under certain circumstances, all the remaining subrequests from a read request will get … | |
| CVE-2026-31433 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in get_file_all_info() for compound requests When a compound request consists of QUERY_DIRECTORY + QUERY… | |
| CVE-2026-31432 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERY_INFO for compound requests When a compound request such as READ + QUERY_INFO(Security) is received,… | |
| CVE-2026-4296 | high | 8.8 | 8.8 | 1mo ago | An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party … | |
| CVE-2026-40906 | high | 8.8 | 8.8 | 1mo ago | Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the ElectricSQL /v1/shape API is vulnerable to error-based SQL injection, allowing any authenticated user to… | |
| CVE-2026-6819 | high | 8.8 | 8.8 | 1mo ago | HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default. Attacker… | |
| CVE-2026-41038 | high | 8.8 | 8.8 | 1mo ago | This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this v… | |
| CVE-2026-41037 | high | 8.8 | 8.8 | 1mo ago | This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same netwo… | |
| CVE-2026-41036 | high | 8.8 | 8.8 | 1mo ago | This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnera… | |
| CVE-2026-6249 | high | 8.8 | 8.8 | 1mo ago | Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webs… | |
| CVE-2026-5967 | high | 8.8 | 8.8 | 1mo ago | ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privilege… | |
| CVE-2026-40352 | high | 8.8 | 8.8 | 1mo ago | FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verific… | |
| CVE-2026-40066 | high | 8.8 | 8.8 | 1mo ago | Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution. | |
| CVE-2026-35682 | high | 8.8 | 8.8 | 1mo ago | Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution (e.g., starting telnetd), resulting in root‑level access. | |
| CVE-2026-6348 | high | 8.8 | 8.8 | 1mo ago | WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machin… | |
| CVE-2026-5363 | high | 8.8 | 8.8 | 1mo ago | Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using R… | |
| CVE-2026-40316 | high | 8.8 | 8.8 | 1mo ago | OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workfl… | |
| CVE-2026-6360 | high | 8.8 | 8.8 | 1mo ago | Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2026-6317 | high | 8.8 | 8.8 | 1mo ago | Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2026-6315 | high | 8.8 | 8.8 | 1mo ago | Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a craf… | |
| CVE-2026-6306 | high | 8.8 | 8.8 | 1mo ago | Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High) | |
| CVE-2026-6302 | high | 8.8 | 8.8 | 1mo ago | Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2026-6301 | high | 8.8 | 8.8 | 1mo ago | Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2026-6300 | high | 8.8 | 8.8 | 1mo ago | Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2026-6299 | high | 8.8 | 8.8 | 1mo ago | Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | |
| CVE-2026-6318 | high | 8.8 | 8.8 | 1mo ago | Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |
| CVE-2026-6363 | high | 8.8 | 8.8 | 1mo ago | Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | |
| CVE-2026-6316 | high | 8.8 | 8.8 | 1mo ago | Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2026-6305 | high | 8.8 | 8.8 | 1mo ago | Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High) | |
| CVE-2026-6303 | high | 8.8 | 8.8 | 1mo ago | Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2026-6358 | high | 8.8 | 8.8 | 1mo ago | Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critic… | |
| CVE-2026-41133 | high | 8.8 | 8.8 | 1mo ago | pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache `role` and `permission` in the session at login and continues to authorize reques… | |
| CVE-2026-24893 | high | 8.8 | 8.8 | 1mo ago | openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows a… | |
| CVE-2026-33120 | high | 8.8 | 8.8 | 1mo ago | Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network. | |
| CVE-2026-32171 | high | 8.8 | 8.8 | 1mo ago | Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network. | |
| CVE-2026-32157 | high | 8.8 | 8.8 | 1mo ago | Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | |
| CVE-2026-29955 | high | 8.8 | 8.8 | 2mo ago | The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute sh… | |
| CVE-2026-6137 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument wanmode/PPPOEPassword… | |
| CVE-2026-6136 | high | 8.8 | 8.8 | 2mo ago | A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to stack-based … | |
| CVE-2026-6135 | high | 8.8 | 8.8 | 2mo ago | A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. Executing a manipulation of the argument page can lead to… | |
| CVE-2026-6134 | high | 8.8 | 8.8 | 2mo ago | A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the argument … | |
| CVE-2026-6133 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Such manipulation of the argument page leads to stack-b… | |
| CVE-2026-6124 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /goform/SafeMacFilter of the component httpd. Executing a manipulation of t… | |
| CVE-2026-6123 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of the argument entrys resul… | |
| CVE-2026-6122 | high | 8.8 | 8.8 | 2mo ago | A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page le… | |
| CVE-2026-6121 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of the argument GO … | |
| CVE-2026-6120 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. The manipulation of the argument page result… | |
| CVE-2026-6109 | high | 8.8 | 8.8 | 2mo ago | MetaGPT has an eval injection via a cross-site request forgery attack | |
| CVE-2026-40217 | high | 8.8 | 8.8 | 2mo ago | LiteLLM has a sandbox escape in custom-code guardrail | |
| CVE-2026-6016 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of… | |
| CVE-2026-6015 | high | 8.8 | 8.8 | 2mo ago | A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argumen… | |
| CVE-2026-6014 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the arg… | |
| CVE-2026-6013 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of t… | |
| CVE-2026-6012 | high | 8.8 | 8.8 | 2mo ago | A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulatio… | |
| CVE-2026-5992 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2pListFilter. This manipulation of the argument page causes stack-based buffer o… | |
| CVE-2026-5991 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO results in stack-based buf… | |
| CVE-2026-5990 | high | 8.8 | 8.8 | 2mo ago | A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page lea… | |
| CVE-2026-5989 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer ove… | |
| CVE-2026-5988 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Performing a manipulation of the argument mit_ssid results in stack-… | |
| CVE-2026-5984 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formSetLog of the component POST Request Handler. The manipulation of the argument c… | |
| CVE-2026-5983 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation … | |
| CVE-2026-5982 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file /goform/formAdvNetwork of the component POST Request Handler. Performing a man… | |
| CVE-2026-5981 | high | 8.8 | 8.8 | 2mo ago | A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform/formAdvFirewall of the component POST Request Handler. Such manipulation of th… | |
| CVE-2026-5980 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation… | |
| CVE-2026-5979 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The … | |
| CVE-2026-39911 | high | 8.8 | 8.8 | 2mo ago | Hashgraph Guardian through version 3.5.1, fixed in commit 45fbe2f, contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standar… | |
| CVE-2026-5830 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to st… | |
| CVE-2026-5914 | high | 8.8 | 8.8 | 2mo ago | Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Ext… | |
| CVE-2026-5912 | high | 8.8 | 8.8 | 2mo ago | Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2026-5910 | high | 8.8 | 8.8 | 2mo ago | Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low) | |
| CVE-2026-5909 | high | 8.8 | 8.8 | 2mo ago | Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low) | |
| CVE-2026-5908 | high | 8.8 | 8.8 | 2mo ago | Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low) | |
| CVE-2026-5879 | high | 8.8 | 8.8 | 2mo ago | Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chrom… | |
| CVE-2026-5865 | high | 8.8 | 8.8 | 2mo ago | Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2026-5863 | high | 8.8 | 8.8 | 2mo ago | Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H… | |
| CVE-2026-5860 | high | 8.8 | 8.8 | 2mo ago | Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2026-39981 | high | 8.8 | 8.8 | 2mo ago | AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the essential_abilities extension fails to validate that resolved file paths remain within the designated … | |
| CVE-2026-35521 | high | 8.8 | 8.8 | 2mo ago | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulner… | |
| CVE-2026-35520 | high | 8.8 | 8.8 | 2mo ago | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulner… | |
| CVE-2026-35519 | high | 8.8 | 8.8 | 2mo ago | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulner… | |
| CVE-2026-35518 | high | 8.8 | 8.8 | 2mo ago | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulner… | |
| CVE-2026-35517 | high | 8.8 | 8.8 | 2mo ago | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulner… | |
| CVE-2026-5687 | high | 8.8 | 8.8 | 2mo ago | A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. This manipulation of the argument page causes sta… | |
| CVE-2026-5686 | high | 8.8 | 8.8 | 2mo ago | A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerability affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page results … | |
| CVE-2026-5685 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was identified in Tenda CX12L 16.03.53.12. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to stack-based buffer o… | |
| CVE-2026-31409 | high | 8.8 | 8.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn->binding on failed binding request When a multichannel SMB2_SESSION_SETUP request with SMB2_SESSION_REQ_FLAG_BI… | |
| CVE-2026-31408 | high | 8.8 | 8.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold sco_recv_frame() reads conn->sk under sco_conn_lo… | |
| CVE-2026-5629 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file /goform/formSetFirewall. The manipulation of the argument webpage results in s… | |
| CVE-2026-5628 | high | 8.8 | 8.8 | 2mo ago | A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. The ma… |