CVEs from 2026
Total
13,532
critical
critical 1,163
high
high 4,145
medium
medium 4,136
low
low 440
% Critical
8.6%
% with KEV
0.4%
% with exploit
0.5%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6363 | high | 8.8 | 8.8 | 1mo ago | Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-6316 | high | 8.8 | 8.8 | 1mo ago | Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-6305 | high | 8.8 | 8.8 | 1mo ago | Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High) | |||
| CVE-2026-6303 | high | 8.8 | 8.8 | 1mo ago | Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-6358 | high | 8.8 | 8.8 | 1mo ago | Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critic… | |||
| CVE-2026-41133 | high | 8.8 | 8.8 | 2mo ago | pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache `role` and `permission` in the session at login and continues to authorize reques… | |||
| CVE-2026-24893 | high | 8.8 | 8.8 | 2mo ago | openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows a… | |||
| CVE-2026-33120 | high | 8.8 | 8.8 | 2mo ago | Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network. | |||
| CVE-2026-32171 | high | 8.8 | 8.8 | 2mo ago | Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2026-32157 | high | 8.8 | 8.8 | 2mo ago | Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | |||
| CVE-2026-29955 | high | 8.8 | 8.8 | 2mo ago | The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute sh… | |||
| CVE-2026-6137 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument wanmode/PPPOEPassword… | |||
| CVE-2026-6136 | high | 8.8 | 8.8 | 2mo ago | A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to stack-based … | |||
| CVE-2026-6135 | high | 8.8 | 8.8 | 2mo ago | A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. Executing a manipulation of the argument page can lead to… | |||
| CVE-2026-6134 | high | 8.8 | 8.8 | 2mo ago | A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the argument … | |||
| CVE-2026-6133 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Such manipulation of the argument page leads to stack-b… | |||
| CVE-2026-6124 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /goform/SafeMacFilter of the component httpd. Executing a manipulation of t… | |||
| CVE-2026-6123 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of the argument entrys resul… | |||
| CVE-2026-6122 | high | 8.8 | 8.8 | 2mo ago | A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page le… | |||
| CVE-2026-6121 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of the argument GO … | |||
| CVE-2026-6120 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. The manipulation of the argument page result… | |||
| CVE-2026-6109 | high | 8.8 | 8.8 | 2mo ago | MetaGPT has an eval injection via a cross-site request forgery attack | |||
| CVE-2026-40217 | high | 8.8 | 8.8 | 2mo ago | LiteLLM has a sandbox escape in custom-code guardrail | |||
| CVE-2026-6016 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of… | |||
| CVE-2026-6015 | high | 8.8 | 8.8 | 2mo ago | A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argumen… | |||
| CVE-2026-6014 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the arg… | |||
| CVE-2026-6013 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of t… | |||
| CVE-2026-6012 | high | 8.8 | 8.8 | 2mo ago | A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulatio… | |||
| CVE-2026-5992 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2pListFilter. This manipulation of the argument page causes stack-based buffer o… | |||
| CVE-2026-5991 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO results in stack-based buf… | |||
| CVE-2026-5990 | high | 8.8 | 8.8 | 2mo ago | A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page lea… | |||
| CVE-2026-5989 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer ove… | |||
| CVE-2026-5988 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Performing a manipulation of the argument mit_ssid results in stack-… | |||
| CVE-2026-5984 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formSetLog of the component POST Request Handler. The manipulation of the argument c… | |||
| CVE-2026-5983 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation … | |||
| CVE-2026-5982 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file /goform/formAdvNetwork of the component POST Request Handler. Performing a man… | |||
| CVE-2026-5981 | high | 8.8 | 8.8 | 2mo ago | A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform/formAdvFirewall of the component POST Request Handler. Such manipulation of th… | |||
| CVE-2026-5980 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation… | |||
| CVE-2026-5979 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The … | |||
| CVE-2026-39911 | high | 8.8 | 8.8 | 2mo ago | Hashgraph Guardian through version 3.5.1, fixed in commit 45fbe2f, contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standar… | |||
| CVE-2026-5830 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to st… | |||
| CVE-2026-5914 | high | 8.8 | 8.8 | 2mo ago | Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Ext… | |||
| CVE-2026-5912 | high | 8.8 | 8.8 | 2mo ago | Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-5910 | high | 8.8 | 8.8 | 2mo ago | Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low) | |||
| CVE-2026-5909 | high | 8.8 | 8.8 | 2mo ago | Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low) | |||
| CVE-2026-5908 | high | 8.8 | 8.8 | 2mo ago | Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low) | |||
| CVE-2026-5879 | high | 8.8 | 8.8 | 2mo ago | Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chrom… | |||
| CVE-2026-5865 | high | 8.8 | 8.8 | 2mo ago | Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-5863 | high | 8.8 | 8.8 | 2mo ago | Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H… | |||
| CVE-2026-5860 | high | 8.8 | 8.8 | 2mo ago | Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-39981 | high | 8.8 | 8.8 | 2mo ago | AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the essential_abilities extension fails to validate that resolved file paths remain within the designated … | |||
| CVE-2026-35521 | high | 8.8 | 8.8 | 2mo ago | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulner… | |||
| CVE-2026-35520 | high | 8.8 | 8.8 | 2mo ago | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulner… | |||
| CVE-2026-35519 | high | 8.8 | 8.8 | 2mo ago | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulner… | |||
| CVE-2026-35518 | high | 8.8 | 8.8 | 2mo ago | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulner… | |||
| CVE-2026-35517 | high | 8.8 | 8.8 | 2mo ago | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulner… | |||
| CVE-2026-5687 | high | 8.8 | 8.8 | 2mo ago | A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. This manipulation of the argument page causes sta… | |||
| CVE-2026-5686 | high | 8.8 | 8.8 | 2mo ago | A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerability affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page results … | |||
| CVE-2026-5685 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was identified in Tenda CX12L 16.03.53.12. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to stack-based buffer o… | |||
| CVE-2026-31409 | high | 8.8 | 8.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn->binding on failed binding request When a multichannel SMB2_SESSION_SETUP request with SMB2_SESSION_REQ_FLAG_BI… | |||
| CVE-2026-31408 | high | 8.8 | 8.8 | 2mo ago | Important: kernel-rt security update | |||
| CVE-2026-5629 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file /goform/formSetFirewall. The manipulation of the argument webpage results in s… | |||
| CVE-2026-5628 | high | 8.8 | 8.8 | 2mo ago | A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. The ma… | |||
| CVE-2026-5614 | high | 8.8 | 8.8 | 2mo ago | A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument webpage results in stack-… | |||
| CVE-2026-5613 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was identified in Belkin F9K1015 1.00.10. This issue affects the function formReboot of the file /goform/formReboot. The manipulation of the argument webpage leads to stack-based buff… | |||
| CVE-2026-5612 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a manipulation of the argument webpage can… | |||
| CVE-2026-5611 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function formCrossBandSwitch of the file /goform/formCrossBandSwitch. Performing a manipulation of the argument webpage results i… | |||
| CVE-2026-5610 | high | 8.8 | 8.8 | 2mo ago | A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file /goform/formWISP5G. Such manipulation of the argument webpage leads to stack-ba… | |||
| CVE-2026-5609 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component Parameter Handler. This manipulation … | |||
| CVE-2026-5608 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage results in stack-based buffe… | |||
| CVE-2026-5605 | high | 8.8 | 8.8 | 2mo ago | A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. Executing a manipulation of the argument GO can lead to stack-based bu… | |||
| CVE-2026-5604 | high | 8.8 | 8.8 | 2mo ago | A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element is the function formCertLocalPrecreate of the file /goform/CertLocalPrecreate of the component Parameter Handler. Perfo… | |||
| CVE-2026-5567 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulatio… | |||
| CVE-2026-5550 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The… | |||
| CVE-2026-5548 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument … | |||
| CVE-2026-5547 | high | 8.8 | 8.8 | 2mo ago | A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is poss… | |||
| CVE-2026-35029 | high | 8.8 | 8.8 | 2mo ago | LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint | |||
| CVE-2026-5474 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw/src/to_lab_passthru_encode.c of the component CCSDS Packet Header Handler. Per… | |||
| CVE-2026-23462 | high | 8.8 | 8.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HIDP: Fix possible UAF This fixes the following trace caused by not dropping l2cap_conn reference when user->remove ca… | |||
| CVE-2026-23461 | high | 8.8 | 8.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user After commit ab4eedb790ca ("Bluetooth: L2CAP: Fix corrupted list in… | |||
| CVE-2026-5355 | high | 8.8 | 8.8 | 2mo ago | A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the file /setup.cgi. The manipulation of the argument policy_name leads to os command … | |||
| CVE-2026-5354 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpn_connect of the file /setup.cgi. Executing a manipulation of the argument policy_name can lead t… | |||
| CVE-2026-5353 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function ping_test of the file /setup.cgi. Performing a manipulation of the argument c4_IPAddr results in os command inject… | |||
| CVE-2026-5352 | high | 8.8 | 8.8 | 2mo ago | A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.cgi. Such manipulation of the argument pcdb_list leads to os command inject… | |||
| CVE-2026-5351 | high | 8.8 | 8.8 | 2mo ago | A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi. This manipulation of the argument wl_enrolee_pin causes os command injec… | |||
| CVE-2026-5339 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting Handler. Performing a manipulation of th… | |||
| CVE-2026-5317 | high | 8.8 | 8.8 | 2mo ago | A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be pe… | |||
| CVE-2026-5315 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulati… | |||
| CVE-2026-5314 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation resul… | |||
| CVE-2026-5272 | high | 8.8 | 8.8 | 2mo ago | Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-5184 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of the argument admuser leads to command i… | |||
| CVE-2026-5178 | high | 8.8 | 8.8 | 2mo ago | A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this issue is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argum… | |||
| CVE-2026-5177 | high | 8.8 | 8.8 | 2mo ago | A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of … | |||
| CVE-2026-5154 | high | 8.8 | 8.8 | 2mo ago | A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. The manipulation of the argum… | |||
| CVE-2026-5153 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command inj… | |||
| CVE-2026-5105 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Perform… | |||
| CVE-2026-5104 | high | 8.8 | 8.8 | 2mo ago | A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip le… | |||
| CVE-2026-5103 | high | 8.8 | 8.8 | 2mo ago | A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument enable causes … | |||
| CVE-2026-5102 | high | 8.8 | 8.8 | 2mo ago | A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handl… | |||
| CVE-2026-5101 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of … |