5.3

CVSS4.0

CVE-2026-7690 - Wavlink WL-WN570HA1 adm.cgi set_sys_adm command injection

A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410_221110. This issue affects the function set_sys_adm of the file /cgi-bin/adm.cgi. This manipulation of the argument Username causes command injection. It is possible to initiate the attack remotely. The exploit has been made availab…

📅 Published: May 3, 2026, 9:45 a.m. 🔄 Last Modified: May 3, 2026, 9:45 a.m.

6.3

CVSS4.0

CVE-2026-7689 - Dolibarr ERP CRM Online Signature security.lib.php dol_verifyHash signature verification

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dol_verifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The at…

📅 Published: May 3, 2026, 9:30 a.m. 🔄 Last Modified: May 3, 2026, 9:30 a.m.

2.3

CVSS4.0

CVE-2026-7688 - Dolibarr ERP CRM Shipments API Endpoint expedition.class.php _checkValForAPI sql injection

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function _checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be c…

📅 Published: May 3, 2026, 9:15 a.m. 🔄 Last Modified: May 3, 2026, 9:15 a.m.

5.3

CVSS4.0

CVE-2026-7687 - langflow-ai langflow Full Builtins code_parser.py CodeParser.parse_callable_details command injecti…

A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parse_callable_details of the file src/lfx/src/lfx/custom/code_parser/code_parser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command inje…

📅 Published: May 3, 2026, 8:45 a.m. 🔄 Last Modified: May 3, 2026, 8:45 a.m.

6.9

CVSS4.0

CVE-2026-7686 - eyeo Adblock Plus Legacy Premium Activation premium.preload.js postMessage access control

A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected by this vulnerability is the function postMessage of the file premium.preload.js of the component Legacy Premium Activation. Performing a manipulation results in improper access controls. Remote exploitation of the atta…

📅 Published: May 3, 2026, 7:30 a.m. 🔄 Last Modified: May 3, 2026, 7:30 a.m.
Load More Vulnerability
avatar

Mehmet Ince

@mdisec

CVE stats coming here

avatar

Nuri Çilengir

@ncilengir

CVE stats coming here

avatar

@aydinnyunus

CVE stats coming here

avatar

Onurcan Genç

@onurcangnc

CVE stats coming here

avatar

Seyit Sigirci

@h3xecute

CVE stats coming here

avatar

Ali İltizar

@iltosec

CVE stats coming here

avatar

@b3rsec

CVE stats coming here

avatar

@furkank

CVE stats coming here

avatar

kutaysec

@kutaysec

CVE stats coming here