5.3
CVE-2026-1638 - Tenda AC21 mDMZSetCfg command injection
A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file /goform/mDMZSetCfg. The manipulation of the argument dmzIp results in command injection. The attack can be executed remotely. The exploit has been released to tβ¦
5.4
CVE-2026-1665 - Command Injection in nvm via NVM_AUTH_HEADER in wget code path
A command injection vulnerability exists in nvm (Node Version Manager) versions 0.40.3 and below. The nvm_download() function uses eval to execute wget commands, and the NVM_AUTH_HEADER environment variable was not sanitized in the wget code path (though it was sanitized in the curl code path). An β¦
8.7
CVE-2026-1637 - Tenda AC21 AdvSetMacMtuWan fromAdvSetMacMtuWan stack-based overflow
A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might bβ¦
7.1
CVE-2026-25126 - PolarLearn's unvalidated vote direction allows vote count manipulation
PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route (`POST /api/v1/forum/vote`) trusts the JSON bodyβs `direction` value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings (e.g.,β¦
5.3
CVE-2026-1625 - D-Link DWR-M961 SMS Message formSmsManage sub_4250E0 command injection
A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub_4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument action_value results in command injection. The attack may be initiated remotely. The explβ¦
5.3
CVE-2026-1624 - D-Link DWR-M961 formLtefotaUpgradeFibocom command injection
A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota_url leads to command injection. The attack can be launched remotely. The exploit has been disclosedβ¦
8.3
CVE-2026-25117 - pwn.college DOJO vulnerable to sandbox escape leading to arbitrary javascript execution
pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on `/workspace/*` routes allows challenge authors to inject arbitrary javascript which runs on the same origin as `http[:]//dojo[.]website`. This is a sβ¦
7.6
CVE-2026-25116 - Runtipi vulnerable to unauthenticated docker-compose.yml Overwrite via Path Traversal
Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the `UserConfigController` allows any remote user to overwrite the system's `docker-compose.yml` configuration file. By exploiting insecure URN parβ¦
8.3
CVE-2026-25063 - gradle-completion has a Bash command injection issue
gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution when a user triggers Bash tab completion in a project containing a malicious Gradle build file. The β¦
5.5
CVE-2026-25061 - tcpflow has TIM Element OOB Write in wifipcap
tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a large TIM length can cause a 1-byte out-of-bounds write past `tim.bitβ¦