Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10846
Total
736
Critical
3127
High
3471
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6116 | CRITICAL | 9.8 | A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The … | Apr 12, 2026 |
| CVE-2026-6115 | CRITICAL | 9.8 | A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a … | Apr 12, 2026 |
| CVE-2026-6114 | CRITICAL | 9.8 | A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. … | Apr 12, 2026 |
| CVE-2026-6113 | CRITICAL | 9.8 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component … | Apr 12, 2026 |
| CVE-2026-6112 | CRITICAL | 9.8 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation … | Apr 12, 2026 |
| CVE-2026-6111 | MEDIUM | 6.3 | A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decode_image of the file metagpt/utils/common.py. The manipulation of the … | Apr 12, 2026 |
| CVE-2026-6110 | HIGH | 7.3 | A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The … | Apr 12, 2026 |
| CVE-2026-1116 | HIGH | 8.2 | A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from … | Apr 12, 2026 |
| CVE-2026-6109 | MEDIUM | 4.3 | A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer … | Apr 12, 2026 |
| CVE-2026-6108 | MEDIUM | 6.3 | A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/step_node/mcp_node/impl/base_mcp_node.py of the component Model … | Apr 12, 2026 |
| CVE-2026-6107 | LOW | 3.5 | A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some unknown processing of the file apps/common/middleware/chat_headers_middleware.py of the component ChatHeadersMiddleware. … | Apr 12, 2026 |
| CVE-2026-6106 | LOW | 3.5 | A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/static_headers_middleware.py of the component Public Chat … | Apr 11, 2026 |
| CVE-2026-6105 | HIGH | 7.3 | A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the file src/main/java/com/perfree/controller/InstallController.java of the component doInstall … | Apr 11, 2026 |
| CVE-2026-31845 | CRITICAL | 9.3 | A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflects … | Apr 11, 2026 |
| CVE-2026-32146 | UNKNOWN | — | Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and … | Apr 11, 2026 |
| CVE-2026-23900 | UNKNOWN | — | Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discovered. | Apr 11, 2026 |
| CVE-2026-5809 | HIGH | 7.1 | The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step … | Apr 11, 2026 |
| CVE-2026-34621 | CRITICAL | 9.6 | Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in … | Apr 11, 2026 |
| CVE-2026-5226 | MEDIUM | 6.1 | The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and … | Apr 11, 2026 |
| CVE-2026-5217 | HIGH | 7.2 | The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored … | Apr 11, 2026 |
| CVE-2026-5207 | MEDIUM | 6.5 | The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due … | Apr 11, 2026 |
| CVE-2026-5144 | HIGH | 8.8 | The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group … | Apr 11, 2026 |
| CVE-2026-4979 | MEDIUM | 5.0 | The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to blind Server-Side Request … | Apr 11, 2026 |
| CVE-2026-4895 | MEDIUM | 6.4 | The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This … | Apr 11, 2026 |
| CVE-2026-3498 | MEDIUM | 6.4 | The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute in all versions up to, and including, 2.2.15. … | Apr 11, 2026 |