9.3
CVE-2026-6139 - Totolink A7100RU CGI cstecgi.cgi UploadOpenVpnCert os command injection
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The explβ¦
9.3
CVE-2026-6138 - Totolink A7100RU CGI cstecgi.cgi setAccessDeviceCfg os command injection
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mac causes os command injection. The attack can be initiated remotely. The exploitβ¦
7.5
CVE-2026-30997 - FFmpeg: FFmpeg: Denial of Service via out-of-bounds read
An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
5.4
CVE-2025-70936 - Reflected XSS in Vtiger CRM 8.4.0 MailManager via Double URLβEncoded Folder Parameter
Vtiger CRM 8.4.0 contains a reflected cross-site scripting (XSS) vulnerability in the MailManager module. Improper handling of user-controlled input in the _folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user sβ¦
0.0
CVE-2026-31048 -
An issue in the <code>pickle</code> protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string message.
0.0
CVE-2026-29955 -
The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute shell commands, and the user-supplied `chartName` parameter is directly concatenated into the command β¦
0.0
CVE-2025-51414 -
In Phpgurukul Online Course Registration v3.1, an arbitrary file upload vulnerability was discovered within the profile picture upload functionality on the /my-profile.php page.
2.7
CVE-2026-36873 -
Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php.
5.5
CVE-2026-31424 - netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP
In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP Weiming Shi says: xt_match and xt_target structs registered with NFPROTO_UNSPEC can be loaded by any protocol family through nft_compat. Wheβ¦
0.0
CVE-2026-31418 - netfilter: ipset: drop logically empty buckets in mtype_del
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: drop logically empty buckets in mtype_del mtype_del() counts empty slots below n->pos in k, but it only drops the bucket when both n->pos and k are zero. This misses buckets whose live entries have all been remoβ¦