Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6137 | HIGH | 8.8 | A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument wanmode/PPPOEPassword … | Apr 13, 2026 |
| CVE-2026-6136 | HIGH | 8.8 | A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page … | Apr 13, 2026 |
| CVE-2026-6135 | HIGH | 8.8 | A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. Executing a manipulation of the argument … | Apr 13, 2026 |
| CVE-2026-6134 | HIGH | 8.8 | A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the … | Apr 12, 2026 |
| CVE-2026-6133 | HIGH | 8.8 | A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Such manipulation of the argument page leads to … | Apr 12, 2026 |
| CVE-2026-6132 | CRITICAL | 9.8 | A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. … | Apr 12, 2026 |
| CVE-2026-6131 | CRITICAL | 9.8 | A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. … | Apr 12, 2026 |
| CVE-2026-6130 | HIGH | 7.3 | A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context … | Apr 12, 2026 |
| CVE-2026-6129 | HIGH | 7.3 | A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation … | Apr 12, 2026 |
| CVE-2026-40396 | MEDIUM | 4.0 | Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after timeout_linger. A malicious client could send an HTTP/1 request, wait … | Apr 12, 2026 |
| CVE-2026-40395 | MEDIUM | 4.0 | Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) for shared VCL. The headerplus.write_req0() function from vmod_headerplus updates the underlying req0, … | Apr 12, 2026 |
| CVE-2026-40394 | MEDIUM | 4.0 | Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certain amounts of prefetched data. … | Apr 12, 2026 |
| CVE-2026-40393 | HIGH | 8.1 | In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted … | Apr 12, 2026 |
| CVE-2026-40386 | MEDIUM | 4.0 | In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak … | Apr 12, 2026 |
| CVE-2026-40385 | MEDIUM | 4.0 | In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. … | Apr 12, 2026 |
| CVE-2019-25713 | HIGH | 7.1 | MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attackers … | Apr 12, 2026 |
| CVE-2019-25712 | MEDIUM | 6.2 | BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key … | Apr 12, 2026 |
| CVE-2019-25711 | MEDIUM | 6.2 | SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized buffer in the … | Apr 12, 2026 |
| CVE-2019-25710 | HIGH | 8.2 | Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. … | Apr 12, 2026 |
| CVE-2019-25709 | CRITICAL | 9.8 | CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers … | Apr 12, 2026 |
| CVE-2019-25708 | MEDIUM | 4.3 | Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. … | Apr 12, 2026 |
| CVE-2019-25707 | HIGH | 7.1 | eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. … | Apr 12, 2026 |
| CVE-2019-25706 | HIGH | 7.5 | Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple … | Apr 12, 2026 |
| CVE-2019-25705 | HIGH | 8.4 | Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized … | Apr 12, 2026 |
| CVE-2019-25703 | HIGH | 7.1 | ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. … | Apr 12, 2026 |