7.1
CVE-2026-35170 - openFPGALoader has a heap buffer overflow in BitParser::parseHeader() via crafted .bit file
openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-buffer-overflow read vulnerability exists in BitParser::parseHeader() that allows out-of-bounds heap memory access when parsing a crafted .bit file. No FPGA hardware is required to trigger this vulnerability.
8.6
CVE-2026-35020 - Anthropic Claude Code & Agent SDK OS Command Injection via TERMINAL Environment Variable
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL environment variable. Attackers can inject shell metacharaβ¦
6.9
CVE-2026-5678 - Totolink A7100RU cstecgi.cgi setScheduleCfg os command injection
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument mode can lead to os command injection. The attack may be launched remotely. The exploit has been maβ¦
6.9
CVE-2026-5677 - Totolink A7100RU cstecgi.cgi CsteSystem os command injection
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument resetFlags results in os command injection. The attack may be initiated remotely. The exploit has been releasβ¦
6.2
CVE-2026-0049 - Persistent Denial of Service via Resource Exhaustion in LocalImageResolver
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
0.0
CVE-2025-48651 - StrongBox Key Management Vulnerability
StrongBox in Android before security patch level 2026-04-05 has a vulnerability of High Severity, aka A-434039170, A-467765081, A-467765894, and A-467762899.
6.9
CVE-2026-5676 - Totolink A8000R cstecgi.cgi setLanguageCfg missing authentication
A vulnerability was identified in Totolink A8000R 5.9c.681_B20180413. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument langType leads to missing authentication. The attack can be launched remotely. The exploit is publicly available aβ¦
6.2
CVE-2026-33817 - Vulnerability in go.etcd.io/bbolt
Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt
5.3
CVE-2026-5675 - itsourcecode Construction Management System Parameter borrowed_tool.php sql injection
A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /borrowed_tool.php of the component Parameter Handler. The manipulation of the argument emp results in sql injection. It is possible to launch the attack remotely. The exploit has β¦
4.1
CVE-2026-35177 - Path traversal issue with zip.vim in Vim
Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280.