Sun, Apr 12 · 04:16 AM CDTCVE-2026-6112
9.8/10 · Must read/watchNVDvuln
Summary
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The exploit has been made av
CVECVE-2026-6112
SeverityCRITICAL
TypeNEW
PublishedSun, Apr 12 · 04:16 AM CDT
ModifiedSun, Apr 12 · 04:16 AM CDT
CVE-2026-6113
9.8/10 · Must read/watchNVDvuln
Summary
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument ttyEnable leads to os command injection. The attack can be launched remote
CVECVE-2026-6113
SeverityCRITICAL
TypeNEW
PublishedSun, Apr 12 · 04:16 AM CDT
ModifiedSun, Apr 12 · 04:16 AM CDT
CVE-2026-6114
9.8/10 · Must read/watchNVDvuln
Summary
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument proto results in os command injection. The attack may be initiated remotely. The exploit is
CVECVE-2026-6114
SeverityCRITICAL
TypeNEW
PublishedSun, Apr 12 · 04:16 AM CDT
ModifiedSun, Apr 12 · 04:16 AM CDT
CVE-2026-6115
9.8/10 · Must read/watchNVDvuln
Summary
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has been published and may
CVECVE-2026-6115
SeverityCRITICAL
TypeNEW
PublishedSun, Apr 12 · 05:16 AM CDT
ModifiedSun, Apr 12 · 05:16 AM CDT
CVE-2026-6116
9.8/10 · Must read/watchNVDvuln
Summary
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument ip leads to os command injection. Remote exploitation of the attack is possible. The exploit ha
CVECVE-2026-6116
SeverityCRITICAL
TypeNEW
PublishedSun, Apr 12 · 05:16 AM CDT
ModifiedSun, Apr 12 · 05:16 AM CDT
CVE-2026-31845
9.3/10 · Must read/watchNVDvuln
Summary
A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflects user-supplied input from the 'zd_echo' GET parameter into the HTTP response without proper sanitization, output encodin
CVECVE-2026-31845
SeverityCRITICAL
TypeNEW
PublishedSat, Apr 11 · 07:16 PM CDT
ModifiedSat, Apr 11 · 07:16 PM CDT
CVE-2025-54236
9.1/10 · Must read/watchNVDvuln
Summary
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue doe
CVECVE-2025-54236
SeverityCRITICAL
TypeUPDATED
PublishedTue, Sep 09 · 02:15 PM CDT
ModifiedThu, Apr 09 · 01:00 AM CDT
CVE-2026-6120
8.8/10 · Worth your timeNVDvuln
Summary
A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.
CVECVE-2026-6120
SeverityHIGH
TypeNEW
PublishedSun, Apr 12 · 06:16 AM CDT
ModifiedSun, Apr 12 · 06:16 AM CDT
CVE-2026-6121
8.8/10 · Worth your timeNVDvuln
Summary
A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of the argument GO causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.
CVECVE-2026-6121
SeverityHIGH
TypeNEW
PublishedSun, Apr 12 · 08:16 AM CDT
ModifiedSun, Apr 12 · 08:16 AM CDT
CVE-2026-6122
8.8/10 · Worth your timeNVDvuln
Summary
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and
CVECVE-2026-6122
SeverityHIGH
TypeNEW
PublishedSun, Apr 12 · 08:16 AM CDT
ModifiedSun, Apr 12 · 08:16 AM CDT
CVE-2026-6123
8.8/10 · Worth your timeNVDvuln
Summary
A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of the argument entrys results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and co
CVECVE-2026-6123
SeverityHIGH
TypeNEW
PublishedSun, Apr 12 · 09:16 AM CDT
ModifiedSun, Apr 12 · 09:16 AM CDT
CVE-2026-6124
8.8/10 · Worth your timeNVDvuln
Summary
A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /goform/SafeMacFilter of the component httpd. Executing a manipulation of the argument page/menufacturer can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit h
CVECVE-2026-6124
SeverityHIGH
TypeNEW
PublishedSun, Apr 12 · 09:16 AM CDT
ModifiedSun, Apr 12 · 09:16 AM CDT
CVE-2026-34621
8.6/10 · Worth your timeNVDvuln
Summary
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction
CVECVE-2026-34621
SeverityHIGH
TypeUPDATED
PublishedSat, Apr 11 · 07:16 AM CDT
ModifiedSun, Apr 12 · 05:15 AM CDT
CVE-2026-1116
8.2/10 · Worth your timeNVDvuln
Summary
A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the `content` field when deserializing user-provided data. This allows an attacker to
CVECVE-2026-1116
SeverityHIGH
TypeNEW
PublishedSun, Apr 12 · 03:16 AM CDT
ModifiedSun, Apr 12 · 03:16 AM CDT
CVE-2024-27022
7.8/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfs_fallocate dup_mmap hugetlbfs_punch_hole i_mmap_lock_write(mapping); vma_interval_tree_insert_after
CVECVE-2024-27022
SeverityHIGH
TypeUPDATED
PublishedWed, May 01 · 06:15 AM CDT
ModifiedSat, Apr 11 · 01:16 PM CDT
CVE-2026-6105
7.3/10 · Worth your timeNVDvuln
Summary
A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the file src/main/java/com/perfree/controller/InstallController.java of the component doInstall Interface. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit
CVECVE-2026-6105
SeverityHIGH
TypeNEW
PublishedSat, Apr 11 · 10:16 PM CDT
ModifiedSat, Apr 11 · 10:16 PM CDT
CVE-2026-6110
7.3/10 · Worth your timeNVDvuln
Summary
A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is publicly available and
CVECVE-2026-6110
SeverityHIGH
TypeNEW
PublishedSun, Apr 12 · 03:16 AM CDT
ModifiedSun, Apr 12 · 03:16 AM CDT
CVE-2026-6108
6.3/10 · Skim only if relevantNVDvuln
Summary
A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/step_node/mcp_node/impl/base_mcp_node.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is possible to be carried
CVECVE-2026-6108
SeverityMEDIUM
TypeNEW
PublishedSun, Apr 12 · 01:16 AM CDT
ModifiedSun, Apr 12 · 01:16 AM CDT
CVE-2026-6111
6.3/10 · Skim only if relevantNVDvuln
Summary
A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decode_image of the file metagpt/utils/common.py. The manipulation of the argument img_url_or_b64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit has been released to
CVECVE-2026-6111
SeverityMEDIUM
TypeNEW
PublishedSun, Apr 12 · 03:16 AM CDT
ModifiedSun, Apr 12 · 03:16 AM CDT
CVE-2026-6117
6.3/10 · Skim only if relevantNVDvuln
Summary
A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack can be executed remotely. The exploit h
CVECVE-2026-6117
SeverityMEDIUM
TypeNEW
PublishedSun, Apr 12 · 05:16 AM CDT
ModifiedSun, Apr 12 · 05:16 AM CDT
CVE-2026-6118
6.3/10 · Skim only if relevantNVDvuln
Summary
A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection. The attack is possible to be carried out remotely. The exploit has
CVECVE-2026-6118
SeverityMEDIUM
TypeNEW
PublishedSun, Apr 12 · 05:16 AM CDT
ModifiedSun, Apr 12 · 05:16 AM CDT
CVE-2026-6119
6.3/10 · Skim only if relevantNVDvuln
Summary
A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The project was info
CVECVE-2026-6119
SeverityMEDIUM
TypeNEW
PublishedSun, Apr 12 · 06:16 AM CDT
ModifiedSun, Apr 12 · 06:16 AM CDT
CVE-2026-6125
6.3/10 · Skim only if relevantNVDvuln
Summary
A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code injection. The attack may be
CVECVE-2026-6125
SeverityMEDIUM
TypeNEW
PublishedSun, Apr 12 · 10:16 AM CDT
ModifiedSun, Apr 12 · 10:16 AM CDT
CVE-2024-47736
5.5/10 · Skim only if relevantNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: erofs: handle overlapped pclusters out of crafted images properly syzbot reported a task hang issue due to a deadlock case where it is waiting for the folio lock of a cached folio that will be used for cache I/Os. After looking into the crafted fuzzed
CVECVE-2024-47736
SeverityMEDIUM
TypeUPDATED
PublishedMon, Oct 21 · 01:15 PM CDT
ModifiedSat, Apr 11 · 01:16 PM CDT
CVE-2025-37945
5.5/10 · Skim only if relevantNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY DSA has 2 kinds of drivers: 1. Those who call dsa_switch_suspend() and dsa_switch_resume() from their device PM ops: qca8k-8xxx, bcm_sf2, microchip ksz 2. Those who
CVECVE-2025-37945
SeverityMEDIUM
TypeUPDATED
PublishedTue, May 20 · 04:15 PM CDT
ModifiedSat, Apr 11 · 01:16 PM CDT
