8.8
CVE-2025-70328 -
TOTOLINK X6000R v9.4.0cu.1498_B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The host_time parameter is retrieved via sub_40C404 and passed to a date -s shell command through CsteSystem. While the first two tokens of the iβ¦
5.5
CVE-2025-61145 - libtiff: libtiff: Denial of service via double free in tiffcrop.c
libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.
4
CVE-2026-26365 - Incorrect Processing of Custom HopβbyβHop HTTP Headers in Akamai Ghost Leading to Request Smuggling
Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming request containing the header "Connection: Transfer-Encoding" could result in a forward request with invalid message framing, depending on the Akamai processing path.β¦
7.5
CVE-2025-69700 -
Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler.
8.7
CVE-2026-2959 - D-Link DWR-M960 formNewSchedule sub_44E0F8 stack-based overflow
A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_44E0F8 of the file /boafrm/formNewSchedule. Performing a manipulation of the argument url results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit isβ¦
8.7
CVE-2026-2958 - D-Link DWR-M960 formWsc sub_457C5C stack-based overflow
A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub_457C5C of the file /boafrm/formWsc. Such manipulation of the argument save_apply leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly andβ¦
9.1
CVE-2026-2588 - Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems
Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems. Sodium.xs casts a STRLEN (size_t) to unsigned long long when passing a length pointer to libsodium functions. On 32-bit systems size_t is typically 32-bits while an unsigned long long is at least 6β¦
5.3
CVE-2026-2957 - qinming99 dst-admin File BackupController.java deleteBackup denial of service
A weakness has been identified in qinming99 dst-admin up to 1.5.0. This impacts the function deleteBackup of the file src/main/java/com/tugos/dst/admin/controller/BackupController.java of the component File Handler. This manipulation causes denial of service. The attack may be initiated remotely. Tβ¦
5.3
CVE-2026-2956 - qinming99 dst-admin restore revertBackup command injection
A security flaw has been discovered in qinming99 dst-admin up to 1.5.0. This affects the function revertBackup of the file /home/restore. The manipulation of the argument Name results in command injection. The attack can be launched remotely. The exploit has been released to the public and may be uβ¦
5.3
CVE-2026-2954 - Dromara UJCMS ImportDataController import-channel importChanel injection
A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate the β¦