8.7
CVE-2026-41039 - Information Disclosure Vulnerability in Quantum Networks Router QN-I-470
This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device. Successful exploitatβ¦
7.6
CVE-2026-41038 - Weak Password Policy Vulnerability in Quantum Networks Router QN-I-470
This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing password guessing or brute-force attacks against user accounts, leading tβ¦
8.7
CVE-2026-41036 - Command Injection Vulnerability in Quantum Networks Router QN-I-470
This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device. Successful exploitation of this vβ¦
8.7
CVE-2026-41037 - Missing Rate Limiting Vulnerability in Quantum Networks Router QN-I-470
This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative credentβ¦
7.3
CVE-2026-6553 - TYPO3 CMS Stores Cleartext Password in User Settings Module
Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.
7.2
CVE-2026-39467 - WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0.
5.1
CVE-2026-3317 - Reflected Cross-Site Scripting in Navigate CMS application
Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker tβ¦
8.2
CVE-2025-13826 - Incorrect input validation on the Zervit portable HTTP/Web server
Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is successfulβ¦
6.1
CVE-2026-6711 - Website LLMs.txt <= 8.2.6 - Reflected Cross-Site Scripting
The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filter_input() without a sanitization filter and insufficient output escaping. This makes it possible for unauthenβ¦
4.4
CVE-2026-6712 - Website LLMs.txt <= 8.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting
The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions β¦