5.3
CVE-2026-2536 - opencc JFlow Workflow WF_Admin_AttrFlow.java Imp_Done xml external entity reference
A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be initiβ¦
5.3
CVE-2026-2535 - Comfast CF-N1 V2 mbox-config sub_44AB9C command injection
A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub_44AB9C of the file /cgi-bin/mbox-config?method=SET§ion=ptest_channel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has been β¦
5.3
CVE-2026-2534 - Comfast CF-N1 V2 mbox-config sub_44AC4C command injection
A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub_44AC4C of the file /cgi-bin/mbox-config?method=SET§ion=ptest_bandwidth. The manipulation of the argument bandwidth leads to command injection. The attack can be initiated remotely. The exploit hβ¦
6.9
CVE-2026-2533 - Tosei Self-service Washing Machine tosei_datasend.php command injection
A flaw has been found in Tosei Self-service Washing Machine 4.02. Impacted is an unknown function of the file /cgi-bin/tosei_datasend.php. Executing a manipulation of the argument adr_txt_1 can lead to command injection. It is possible to launch the attack remotely. The exploit has been published aβ¦
5.3
CVE-2026-2532 - lintsinghua DeepAudit IP Address embedding_config.py server-side request forgery
A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding_config.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initiatβ¦
5.3
CVE-2026-2531 - MindsDB File Upload security.py clear_filename server-side request forgery
A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exβ¦
5.3
CVE-2026-2530 - Wavlink WL-WN579A3 wireless.cgi AddMac command injection
A weakness has been identified in Wavlink WL-WN579A3 up to 20210219. This affects the function AddMac of the file /cgi-bin/wireless.cgi. This manipulation of the argument macAddr causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to the β¦
5.3
CVE-2026-2529 - Wavlink WL-WN579A3 wireless.cgi DeleteMac command injection
A security flaw has been discovered in Wavlink WL-WN579A3 up to 20210219. Affected by this issue is the function DeleteMac of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list results in command injection. The attack can be executed remotely. The vendor was contacted earlβ¦
5.3
CVE-2026-2528 - Wavlink WL-WN579A3 wireless.cgi Delete_Mac_list command injection
A vulnerability was identified in Wavlink WL-WN579A3 up to 20210219. Affected by this vulnerability is the function Delete_Mac_list of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list leads to command injection. Remote exploitation of the attack is possible. The exploit β¦
5.3
CVE-2026-2527 - Wavlink WL-WN579A3 login.cgi command injection
A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utβ¦