6.8
CVE-2026-7026 - D-Link DGS-3420 System Information Settings cross site scripting
A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects some unknown processing of the component System Information Settings Page. This manipulation of the argument System Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been puβ¦
6.9
CVE-2026-7025 - Typecho Ping Back Service Endpoint Service.php sendPingHandle server-side request forgery
A vulnerability was found in Typecho up to 1.3.0. This vulnerability affects the function Service::sendPingHandle of the file var/Widget/Service.php of the component Ping Back Service Endpoint. The manipulation of the argument X-Pingback/link results in server-side request forgery. The attack may bβ¦
5.3
CVE-2026-7024 - rawchen sims deleteFileServlet Endpoint DeleteFileServlet.java path traversal
A flaw has been found in rawchen sims up to 004f783b1db5ecdfad81c8fdc3b34171211112de. Affected by this issue is some unknown functionality of the file sims-master/src/web/servlet/file/DeleteFileServlet.java of the component deleteFileServlet Endpoint. Executing a manipulation of the argument filenaβ¦
5.3
CVE-2026-7023 - ByteDance coze-studio databaseTool database_impl.go ExecuteSQL sql injection
A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/database_impl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be initiβ¦
6.9
CVE-2026-7022 - SmythOS sre HTTP Header AgentRuntime.class.ts AgentRuntime improper authentication
A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improperβ¦
5.1
CVE-2026-7021 - SmythOS sre Connector Service utils.ts information disclosure
A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The expβ¦
6.3
CVE-2026-7020 - Ollama Tensor Model Transfer transfer.go digestToPath path traversal
A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote. β¦
8.7
CVE-2026-7019 - Tenda F456 P2pListFilter fromP2pListFilter buffer overflow
A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument menufacturer/Go leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly availβ¦
6.3
CVE-2026-7018 - Datavane Datavines JWT Token TokenManager.java hard-coded key
A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a manipulation of the argβ¦
4.8
CVE-2026-7016 - MaxSite CMS ushki Plugin cross site scripting
A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument f_ushka_new/f_ushk results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and coulβ¦