8.7
CVE-2026-7031 - Tenda F456 SafeMacFilter fromSafeMacFilter buffer overflow
A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.
8.7
CVE-2026-7030 - Tenda F456 RouteStatic fromRouteStatic buffer overflow
A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and maโฆ
8.7
CVE-2026-7029 - Tenda F456 addressNat fromaddressNat buffer overflow
A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function fromaddressNat of the file /goform/addressNat. Executing a manipulation of the argument menufacturer/Go can lead to buffer overflow. The attack may be performed from remote. The exploit has been made availablโฆ
5.1
CVE-2026-7028 - CodeAstro Online Job Portal All Jobs delete-jobs.php sql injection
A security flaw has been discovered in CodeAstro Online Job Portal 1.0. The affected element is an unknown function of the file /admin/jobs-admins/delete-jobs.php of the component All Jobs Page. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be carrโฆ
4.8
CVE-2026-7027 - D-Link DSL-2740R Wireless Setup Section cross site scripting
A vulnerability was identified in D-Link DSL-2740R EU_01.15. Impacted is an unknown function of the component Wireless Setup Section. Such manipulation of the argument Wireless Network Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and migโฆ
6.8
CVE-2026-7026 - D-Link DGS-3420 System Information Settings cross site scripting
A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects some unknown processing of the component System Information Settings Page. This manipulation of the argument System Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been puโฆ
6.9
CVE-2026-7025 - Typecho Ping Back Service Endpoint Service.php sendPingHandle server-side request forgery
A vulnerability was found in Typecho up to 1.3.0. This vulnerability affects the function Service::sendPingHandle of the file var/Widget/Service.php of the component Ping Back Service Endpoint. The manipulation of the argument X-Pingback/link results in server-side request forgery. The attack may bโฆ
5.3
CVE-2026-7024 - rawchen sims deleteFileServlet Endpoint DeleteFileServlet.java path traversal
A flaw has been found in rawchen sims up to 004f783b1db5ecdfad81c8fdc3b34171211112de. Affected by this issue is some unknown functionality of the file sims-master/src/web/servlet/file/DeleteFileServlet.java of the component deleteFileServlet Endpoint. Executing a manipulation of the argument filenaโฆ
5.3
CVE-2026-7023 - ByteDance coze-studio databaseTool database_impl.go ExecuteSQL sql injection
A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/database_impl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be initiโฆ
6.9
CVE-2026-7022 - SmythOS sre HTTP Header AgentRuntime.class.ts AgentRuntime improper authentication
A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improperโฆ