Cve

A buffer overflow vulnerability exists in Totolink N300RH 3.2.4-B20220812 allowing remote attackers to execute arbitrary code by manipulating the mac_address argument in the setMacFilterRules function of the /cgi-bin/cstecgi.cgi POST request handler.

osrg GoBGP up to version 4.3.0 is vulnerable to an integer underflow in the parseRibEntry function, potentially allowing a remote attacker to cause a denial of service or other unspecified impacts; version 4.4.0 addresses this issue.

Funadmin versions up to 7.1.0-rc6 are vulnerable to unrestricted file uploads due to improper handling of the File argument in the UploadService::chunkUpload function, potentially leading to remote code execution.

InnoShop version 0.7.8 and earlier contains an improper authentication vulnerability in the InstallServiceProvider::boot function (CVE-2026-7630) that allows remote attackers to bypass authentication and gain unauthorized access to the installation endpoint.

The Salon Booking System WordPress plugin is vulnerable to arbitrary file read, allowing unauthenticated attackers to exfiltrate local files by manipulating file-field values in booking confirmation emails.

A remote attacker can inject OS commands by manipulating the dev_script argument in the Preview Endpoint of eyal-gor's p_69_branch_monkey_mcp (up to commit 69bc71874ce40050ef45fde5a435855f18af3373), leading to arbitrary code execution on the server.

An integer overflow vulnerability exists in libssh2 versions up to 1.11.1 within the userauth_password function of src/userauth.c, which can be triggered remotely by manipulating username_len/password_len arguments.

itsourcecode Courier Management System 1.0 is vulnerable to SQL Injection via the ID parameter in /edit_staff.php, potentially allowing remote attackers to execute arbitrary SQL commands.

A stack-based buffer overflow vulnerability (CVE-2026-7546) in the Totolink NR1800X router allows remote attackers to achieve arbitrary code execution by sending a crafted HTTP request with a manipulated Host header to the vulnerable lighttpd component.

A buffer overflow vulnerability exists in UTT HiPER 1200GW devices up to version 2.5.3-170306, stemming from manipulation of the `strcpy` function in the `/goform/formRemoteControl` file, which allows remote attackers to execute arbitrary code.

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read, potentially causing information disclosure or denial of service.

CVE-2026-5778 is an integer underflow vulnerability in the ChaCha decrypt path of an unspecified Microsoft product, leading to an out-of-bounds access issue.

Microsoft published information regarding CVE-2026-32776, however, further details require JavaScript to be enabled, limiting the actionable intelligence at this time.

Microsoft published information regarding vulnerability CVE-2026-32778, but no details regarding the vulnerability are available at this time.

CVE-2026-1005 is an integer underflow vulnerability in a Microsoft product that leads to out-of-bounds memory access during AES-GCM/CCM/ARIA-GCM decryption processes, potentially allowing for code execution or information disclosure.

XATABoost CMS 1.0.0 is vulnerable to union-based SQL injection, allowing unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter via GET requests to news.php, enabling extraction of sensitive database information.

Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability (CVE-2018-25303) in the License Name field, allowing a local attacker to execute arbitrary code by triggering a structured exception handler (SEH) overwrite.

A path traversal vulnerability exists in eiceblue spire-pdf-mcp-server version 0.1.1, allowing remote attackers to access arbitrary files via manipulation of the filepath argument in the get_pdf_path function.

CVE-2026-41898 describes a vulnerability in rust-openssl where unchecked callback-returned length in PSK and cookie generation can cause OpenSSL to leak adjacent memory to a network peer.

OpenClaw before 2026.3.28 is vulnerable to a denial-of-service attack by accepting unbounded concurrent unauthenticated WebSocket upgrades, allowing attackers to exhaust server resources.

D-Link DIR-825M version 1.1.12 is vulnerable to a buffer overflow via manipulation of the submit-url argument in the /boafrm/formWanConfigSetup file's sub_414BA8 function, allowing a remote attacker to execute arbitrary code.

A path traversal vulnerability (CVE-2026-7237) exists in AgiFlow scaffold-mcp versions up to 1.0.27, allowing remote attackers to write to arbitrary files by manipulating the file_path argument in the write-to-file tool.

CVE-2026-7131 is a SQL injection vulnerability in code-projects Online Lot Reservation System up to version 1.0, affecting the /loginuser.php component via manipulation of the email/password arguments, which could allow remote attackers to execute arbitrary SQL queries.

A buffer overflow vulnerability exists in Tenda F456 version 1.0.0.5 in the `fromGstDhcpSetSer` function, allowing remote attackers to execute arbitrary code by manipulating the 'dips' argument via a crafted HTTP request to `/goform/GstDhcpSetSer`.

CVE-2026-23398 is a vulnerability related to a NULL pointer dereference in the ICMP protocol, potentially leading to a denial-of-service condition in affected Microsoft products.

A remote attacker can exploit an out-of-bounds read vulnerability in Open Virtual Network (OVN) by sending crafted DHCPv6 SOLICIT packets, leading to sensitive information disclosure.

OpenShell before 2026.3.28 is vulnerable to arbitrary code execution via mirror mode when converting untrusted sandbox files into workspace hooks, allowing attackers with mirror mode access to execute code during gateway startup.

OpenClaw before 2026.3.31 allows attackers to execute arbitrary code by overriding the OPENCLAW_BUNDLED_HOOKS_DIR environment variable using a workspace .env file, enabling the loading of attacker-controlled hook code.

Microsoft has published information regarding CVE-2026-35236, but no details about the vulnerability or its exploitation are currently available.

CVE-2026-31478 is a vulnerability in Microsoft's ksmbd implementation related to incorrect calculation of maximum output buffer length, potentially leading to a denial-of-service or remote code execution.

CVE-2026-34303 is a vulnerability affecting an unspecified Microsoft product, requiring further investigation upon disclosure of details.

InstructLab is vulnerable to arbitrary code execution because the `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace, allowing remote attackers to execute code by convincing a user to load a malicious model.

FreeScout before 1.8.215 has an incorrect authorization vulnerability where a direct POST request to the `save_draft` AJAX path can create a draft inside a hidden conversation when `APP_SHOW_ONLY_ASSIGNED_CONVERSATIONS` is enabled, potentially allowing unauthorized access or modification of data.

Microsoft released a security update for CVE-2026-41254, a vulnerability with unspecified details.

FastGPT versions prior to 4.14.9.5 are vulnerable to NoSQL injection in the password change endpoint, allowing authenticated attackers to bypass password verification and perform account takeover.

CVE-2026-6421 is an uncontrolled search path vulnerability in Mobatek MobaXterm Home Edition up to version 26.1, affecting msimg32.dll, that can be exploited locally with high complexity.

Creolabs Gravity before 0.9.6 is vulnerable to a heap buffer overflow in the gravity_vm_exec function, allowing attackers to achieve arbitrary code execution by crafting scripts with many string literals at global scope that exploit insufficient bounds checking in gravity_fiber_reassign().

CVE-2026-6297 is a critical use-after-free vulnerability in the Proxy component of Google Chrome before version 147.0.7727.101, enabling a privileged network attacker to potentially achieve sandbox escape via a crafted HTML page.

Git for Windows versions prior to 2.53.0.windows.3 are vulnerable to NTLM hash theft by attackers who can trick users into cloning malicious repositories or checking out malicious branches, leading to potential credential compromise.

CVE-2026-26177 is a use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock, allowing a local attacker to elevate privileges.

Fortinet FortiSandbox versions 4.4.0 through 4.4.8 are vulnerable to OS Command Injection (CVE-2026-39808), potentially allowing unauthenticated attackers to execute arbitrary code or commands.

CVE-2026-32087 is a heap-based buffer overflow vulnerability in the Function Discovery Service (fdwsd.dll) that allows an authorized local attacker to elevate privileges on a Windows system.

CVE-2026-27920 is a local privilege escalation vulnerability in the Windows Universal Plug and Play (UPnP) Device Host due to an untrusted pointer dereference.

CVE-2026-40436 is a vulnerability in the ZTE ZXEDM iEMS product that allows attackers to reset user passwords due to improper access control on the user list acquisition function within the cloud EMS portal, potentially leading to unauthorized operations and system compromise.

An out-of-bounds write vulnerability exists in Mesa versions before 25.3.6 and 26 before 26.0.1 due to an untrusted allocation size in WebGPU, potentially leading to code execution.

CouchCMS is vulnerable to privilege escalation, allowing authenticated Admin-level users to create SuperAdmin accounts by manipulating the 'f_k_levels_list' parameter during user creation, granting them full application control.

A buffer overflow vulnerability exists in the D-Link DIR-605L router version 2.13B01, allowing a remote attacker to execute arbitrary code by manipulating the `curTime` argument in the `formSetMACFilter` function.

A low-privileged remote attacker can exploit CVE-2026-4436 by sending Modbus packets to manipulate register values controlling odorant injection in gas lines, potentially leading to hazardous conditions.

AGiXT versions prior to 1.9.2 are vulnerable to path traversal (CVE-2026-39981) due to insufficient validation in the safe_join() function, allowing authenticated attackers to read, write, or delete arbitrary files.

CVE-2026-5842 is an authorization bypass vulnerability in decolua 9router versions up to 0.3.47, allowing remote attackers to gain unauthorized access via manipulation of the /api endpoint.

CVE-2026-4498 allows an authenticated Kibana user with Fleet sub-feature privileges to read index data beyond their direct Elasticsearch RBAC scope due to improper privilege handling in debug route handlers.

CVE-2026-1343 allows an attacker to contact internal authentication endpoints protected by the Reverse Proxy in IBM Verify Identity Access Container and IBM Security Verify Access Container.

Emissary, a P2P data-driven workflow engine, is vulnerable to OS command injection due to insufficient sanitization of the PLACE_NAME parameter in versions prior to 8.39.0, allowing for arbitrary command execution.

CVE-2026-5373 is an improper privilege management vulnerability in the runZero platform that allows all-organization administrators to promote accounts to superuser status, which was fixed in version 4.0.260202.0.

A remote authenticated attacker can execute arbitrary commands as root on the virtual desktop host by crafting a malicious session name in AWS Research and Engineering Studio (RES) versions 2025.03 through 2025.12.01 due to unsanitized input, leading to complete system compromise.

CVE-2026-21374 describes a memory corruption vulnerability due to insufficient buffer size validation when processing auxiliary sensor input/output control commands, potentially allowing a local attacker to execute arbitrary code with elevated privileges.

CVE-2026-21371 is a memory corruption vulnerability due to insufficient size validation when retrieving an output buffer, potentially leading to information disclosure or arbitrary code execution on affected Qualcomm devices.

CVE-2026-5570 is an improper authentication vulnerability in the index_config function of the /LoginCB file of Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30, allowing remote attackers to bypass authentication.

CVE-2026-5429 is a code execution vulnerability in Kiro IDE before version 0.8.140 that allows a remote, unauthenticated attacker to execute arbitrary code by exploiting a crafted color theme name when a local user opens a workspace.

OneUptime versions prior to 10.0.42 are vulnerable to unauthenticated access to Notification test and Phone Number management endpoints, leading to potential abuse of SMS, Call, Email, and WhatsApp functionalities, and unauthorized phone number purchases, fixed in version 10.0.42.

Endian Firewall versions 3.3.25 and prior allow authenticated users to delete arbitrary files due to a path traversal vulnerability in the `remove ARCHIVE` parameter of the `/cgi-bin/backup.cgi` script, leading to unauthorized file system modification.

A denial of service vulnerability, CVE-2026-31935, exists in Suricata versions prior to 7.0.15 and 8.0.4, where flooding the system with crafted HTTP2 continuation frames leads to memory exhaustion and process termination.

SciTokens C++ library before 1.4.1 is vulnerable to an authorization bypass (CVE-2026-32725) due to improper path normalization, allowing attackers to escalate privileges by using parent-directory traversal in scope claims.

NVIDIA BioNeMo is vulnerable to deserialization of untrusted data (CVE-2026-24164), potentially leading to code execution, denial of service, information disclosure, and data tampering.

Botan C++ cryptography library versions 2.3.0 before 3.11.0 are vulnerable to a heap over-read during SM2 decryption due to insufficient validation of the authentication code length, potentially leading to crashes or undefined behavior.

OpenClaw before 2026.3.11 is vulnerable to privilege escalation in the device.token.rotate function, allowing attackers with limited operator.pairing scope to mint tokens with elevated operator.admin privileges, potentially leading to remote code execution.

A stack-based buffer overflow vulnerability exists in Wavlink WL-WN579X3-C 231124's UPNP Handler component, specifically in the /cgi-bin/firewall.cgi file and the sub_4019FC function, allowing remote attackers to execute arbitrary code by manipulating the UpnpEnabled argument; public exploits are available, but the vendor has not responded to the disclosure.

JAD Java Decompiler 1.5.8e-1kali1 and prior is vulnerable to a stack-based buffer overflow, allowing attackers to execute arbitrary code by providing overly long input to the jad command leading to a return-oriented programming chain execution and shell spawning.

Multi Emulator Super System 0.154-3.1 is vulnerable to a buffer overflow (CVE-2016-20039) allowing local attackers to achieve arbitrary code execution by supplying a malicious gamma parameter, leading to potential system compromise.

A stack-based buffer overflow vulnerability exists in xwpe version 1.5.30a-2.1 and prior, allowing a local attacker to execute arbitrary code or cause denial of service by supplying a crafted command-line argument with an overly long input string.

A stack-based buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44 within the fromSetSysTime function of the /goform/SetSysTimeCfg component's POST Request Handler, allowing a remote attacker to potentially execute arbitrary code by manipulating the 'Time' argument.

A remote attacker can exploit CVE-2026-28367 in Undertow by sending '\r\r\r' as a header block terminator, leading to request smuggling on vulnerable proxy servers.

A stack-based buffer overflow vulnerability in Zen C compiler versions before 0.4.4 allows attackers to crash the compiler or potentially execute arbitrary code via a crafted `.zc` source file with overly long identifiers.

EVerest, an EV charging software stack, has an out-of-bounds access vulnerability in versions prior to 2026.02.0, which can lead to remote crash or memory corruption when the CSMS sends UpdateAllowedEnergyTransferModes over the network.

CVE-2026-4926 describes a denial-of-service vulnerability due to an inefficient regular expression complexity issue when handling multiple sequential optional groups, leading to exponential growth and resource exhaustion.

The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation, allowing authenticated attackers with subscriber-level access or higher to delete arbitrary files, potentially leading to remote code execution.

CVE-2026-4719 describes an incorrect boundary condition in the Graphics: Text component of Mozilla Firefox and Thunderbird, potentially leading to a denial-of-service condition in vulnerable versions.

CVE-2026-4693 is a vulnerability due to incorrect boundary conditions in the Audio/Video: Playback component of Mozilla Firefox and Thunderbird, potentially leading to a denial-of-service condition.

An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface of a device, leading to full compromise and root access on the underlying Linux-based OS, as described in CVE-2026-3587.

A missing release of memory vulnerability (CVE-2026-33852) in MolotovCherry Android-ImageMagick7 before version 7.1.2-11 can lead to a denial-of-service condition due to memory exhaustion.

CVE-2026-33850 is an out-of-bounds write vulnerability in WujekFoliarz DualSenseY-v2 before version 54, potentially allowing an attacker to execute arbitrary code or cause a denial-of-service by writing data outside the allocated buffer.

An unauthenticated, remote attacker can exploit an out-of-bounds write vulnerability (CVE-2026-33854) in MolotovCherry Android-ImageMagick7 versions before 7.1.2-10 by enticing a user to open a malicious image, potentially leading to arbitrary code execution.

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms before PR#96 could lead to arbitrary code execution.

A remote attacker can exploit an out-of-bounds read vulnerability (CVE-2026-4674) in Google Chrome versions prior to 146.0.7680.165 to achieve out-of-bounds memory access via a crafted HTML page, impacting confidentiality, integrity, and availability.

CVE-2026-4545 describes a vulnerability in Flos Freeware Notepad2 4.2.25, where manipulating PROPSYS.dll leads to an uncontrolled search path, potentially allowing a local attacker to execute arbitrary code with elevated privileges.

CVE-2026-7711 allows for remote, unrestricted file uploads in MindsDB up to version 26.01 due to insufficient validation in the `exec` function of `proc_wrapper.py`, potentially leading to code execution or data exfiltration.

CVE-2026-3229 is an integer overflow vulnerability in certificate chain allocation affecting a Microsoft product, potentially leading to denial of service or arbitrary code execution.

CVE-2026-34293 is an unspecified vulnerability affecting a Microsoft product, for which details are currently unavailable, posing a potential risk to affected systems.

Cisco Catalyst SD-WAN Manager contains an information disclosure vulnerability (CVE-2026-20133) that could allow remote attackers to view sensitive information on affected systems, requiring immediate patching or mitigation.

A path traversal vulnerability exists in the prepare_kaggle_dataset function of kaggle-mcp up to version 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d, allowing remote attackers to access arbitrary files by manipulating the competition_id argument.

CoreDNS is vulnerable to a denial-of-service attack where processing oversized DNS-over-HTTPS GET requests exhausts resources prior to returning an error.

Highland Software's Custom Role Manager plugin for WordPress, versions 1.0.0 and earlier, contains a privilege escalation vulnerability (CVE-2026-7106) that allows authenticated users with subscriber-level access to modify user roles due to insufficient authorization checks in the hscrm_save_user_roles() function.

ChatGPTNextWeb NextChat versions up to 2.16.1 are vulnerable to server-side request forgery (SSRF) due to improper input validation in the storeUrl function, allowing remote attackers to potentially access internal resources or conduct other malicious activities.

CVE-2026-7579 describes a vulnerability in AstrBotDevs AstrBot up to version 4.16.0 where improper handling of the `auth.py` file in the dashboard component leads to hardcoded credentials being exposed, enabling remote exploitation.

MikroTik RouterOS 6.49.8 is vulnerable to an out-of-bounds read in the SCEP endpoint component, triggered by remote manipulation of the transactionID/messageType argument, potentially leading to denial of service or information disclosure.

A command injection vulnerability (CVE-2026-6980) in Divyanshu-hash GitPilot-MCP up to version 9ed9f153ba4158a2ad230ee4871b25130da29ffd allows remote attackers to execute arbitrary commands by manipulating the 'command' argument in the repo_path function of main.py, and public exploit code is available.

A buffer overflow vulnerability (CVE-2026-7069) exists in the AddPortMapping function of the miniupnpd component within D-Link DIR-825 routers (up to version 3.00b32), potentially enabling attackers on the local network to execute arbitrary code.