6.9
CVE-2026-5678 - Totolink A7100RU cstecgi.cgi setScheduleCfg os command injection
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument mode can lead to os command injection. The attack may be launched remotely. The exploit has been maβ¦
6.9
CVE-2026-5677 - Totolink A7100RU cstecgi.cgi CsteSystem os command injection
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument resetFlags results in os command injection. The attack may be initiated remotely. The exploit has been releasβ¦
6.2
CVE-2026-0049 - Persistent Denial of Service via Resource Exhaustion in LocalImageResolver
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
5.5
CVE-2025-48651 - Local Information Disclosure via Improper Input Validation in Android Keymaster Applet
In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
6.9
CVE-2026-5676 - Totolink A8000R cstecgi.cgi setLanguageCfg missing authentication
A vulnerability was identified in Totolink A8000R 5.9c.681_B20180413. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument langType leads to missing authentication. The attack can be launched remotely. The exploit is publicly available aβ¦
6.2
CVE-2026-33817 - Vulnerability in go.etcd.io/bbolt
CVE confirmed to be a false positive
5.3
CVE-2026-5675 - itsourcecode Construction Management System Parameter borrowed_tool.php sql injection
A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /borrowed_tool.php of the component Parameter Handler. The manipulation of the argument emp results in sql injection. It is possible to launch the attack remotely. The exploit has β¦
4.1
CVE-2026-35177 - Path traversal issue with zip.vim in Vim
Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280.
7.2
CVE-2026-35175 - Ajenti has an authorization bypass during custom package installation
Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user (using the auth_users plugin authentication method) could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15.
9.1
CVE-2026-35174 - Chyrp Lite has a Path Traversal to Remote Code Execution
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download aβ¦