8.7
CVE-2026-7099 - Tenda F456 httpd QuickIndex formQuickIndex buffer overflow
A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument mit_linktype results in buffer overflow. The attack may be initiated remotely. The exploit is now β¦
8.7
CVE-2026-7098 - Tenda F456 httpd DhcpListClient fromDhcpListClient buffer overflow
A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosβ¦
8.7
CVE-2026-7097 - Tenda F456 httpd webExcptypemanFilter fromwebExcptypemanFilter buffer overflow
A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been mβ¦
8.7
CVE-2026-7096 - Tenda HG3 formgponConf os command injection
A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. It is possible to launch the attack remotely. The exploit has bβ¦
5.6
CVE-2026-22077 - Sensitive Information Disclosure Vulnerability Caused by Trusted Domain Bypass in OPPO Wallet
OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure.
5.3
CVE-2026-7095 - code-projects Employee Management System edit.php cross site scripting
A vulnerability was identified in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and mighβ¦
6.9
CVE-2026-7094 - ShadowCloneLabs GlutamateMCPServers puppeteer_navigate index.ts server-side request forgery
A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteer_navigate. Executing a manipulation of the argument url can lead toβ¦
10
CVE-2026-3008 - Vulnerability in Notepad++
Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application.
5.3
CVE-2026-7093 - code-projects Invoice System in Laravel Invoice Endpoint invoice improper authorization
A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to be β¦
5.1
CVE-2026-42371 -
uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes.