5.3
CVE-2026-3682 - welovemedia FFmate ffmpeg.go Execute argument injection
A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. The manipulation leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed publicly β¦
5.3
CVE-2026-3681 - welovemedia FFmate webhook.go fireWebhook server-side request forgery
A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The exploit has been made available to thβ¦
5.3
CVE-2026-3680 - RyuzakiShinji biome-mcp-server biome-mcp-server.ts command injection
A security flaw has been discovered in RyuzakiShinji biome-mcp-server up to 1.0.0. Affected by this issue is some unknown functionality of the file biome-mcp-server.ts. Performing a manipulation results in command injection. The attack can be initiated remotely. The exploit has been released to theβ¦
8.7
CVE-2026-3679 - Tenda FH451 QuickIndex formQuickIndex stack-based overflow
A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex. Such manipulation of the argument mit_linktype/PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The eβ¦
8.7
CVE-2026-3678 - Tenda FH451 AdvSetWan sub_3C434 stack-based overflow
A vulnerability was determined in Tenda FH451 1.0.0.9. Affected is the function sub_3C434 of the file /goform/AdvSetWan. This manipulation of the argument wanmode/PPPOEPassword causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly discloseβ¦
8.7
CVE-2026-3677 - Tenda FH451 setcfm fromSetCfm stack-based overflow
A vulnerability was found in Tenda FH451 1.0.0.9. This impacts the function fromSetCfm of the file /goform/setcfm. The manipulation of the argument funcname/funcpara1 results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.
4.8
CVE-2026-3675 - Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppReceiver improper authorization
A vulnerability was determined in Freedom Factory dGEN1 up to 20260221. Affected by this issue is the function FakeAppReceiver of the component org.ethosmobile.ethoslauncher. Executing a manipulation can lead to improper authorization. The attack needs to be launched locally. The exploit has been pβ¦
4.8
CVE-2026-3674 - Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppProvider improper authorization
A vulnerability was found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function FakeAppProvider of the component org.ethosmobile.ethoslauncher. Performing a manipulation results in improper authorization. The attack must be initiated from a local position. The explβ¦
5.3
CVE-2026-3672 - JeecgBoot getDictItems isExistSqlInjectKeyword sql injection
A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
4.8
CVE-2026-3671 - Freedom Factory dGEN1 org.ethereumphone.walletmanager.testing123 TokenBalanceContentProvider impropβ¦
A flaw has been found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function TokenBalanceContentProvider of the component org.ethereumphone.walletmanager.testing123. Executing a manipulation can lead to improper authorization. The attack requires local access. The eβ¦