5.3
CVE-2026-1623 - Totolink A7000R cstecgi.cgi setUpgradeFW command injection
A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and coulβ¦
3.1
CVE-2025-15288 - Tanium addressed an improper access controls vulnerability in Interact.
Tanium addressed an improper access controls vulnerability in Interact.
6
CVE-2026-24687 - Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac
Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud ruβ¦
9.1
CVE-2026-22806 - vCluster Platform's Access Keys Allows Access Beyond Scope
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to versions 4.6.0, 4.5.4, 4.4.2, and 4.3.10, when an access key is created with a limited scope, the scope can be bypassed to access resources outside of it. However, the user sβ¦
5.1
CVE-2025-15550 - birkir prime <= 0.4.0.beta.0 - Cross-Site Request Forgery in GraphQL
birkir prime <= 0.4.0.beta.0 contains a cross-site request forgery vulnerability in its GraphQL endpoint that allows attackers to exploit GET-based query requests. Attackers can craft malicious GET requests to trigger unauthorized actions against privileged users by manipulating GraphQL query paramβ¦
4.8
CVE-2025-15549 - FluentCMS 2026 Stored XSS via SVG Upload in File Management
FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the uploadeβ¦
4.6
CVE-2026-25068 - alsa-lib 1.2.15.2 Topology Decoder Heap-based Buffer Overflow
alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from untrusted .tplg data and uses it as a loop bound without validating β¦
9.3
CVE-2026-1453 - Missing Authentication for Critical Function in KiloView Encoder Series
A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.
9.2
CVE-2026-1610 - Tenda AX12 Pro V2 Telnet Service hard-coded credentials
A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24_cn. Affected by this issue is some unknown functionality of the component Telnet Service. Performing a manipulation results in hard-coded credentials. The attack is possible to be carried out remotely. A high degree of complexity is needed β¦
8.5
CVE-2026-1457 - Authenticated RCE Vulnerability Due to Buffer Overflow on TP-Link VIGI C385
An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution.Β Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.