6.9
CVE-2018-25264 - TransMac 12.2 Denial of Service via License Key Field
TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a payload file containing 4000 bytes of data, paste it into the License Key field, and trigger a deniaโฆ
8.6
CVE-2018-25263 - Faleemi Desktop Software 1.8.2 Local Buffer Overflow SEH
Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Device alias field within the Managing Log intโฆ
5.3
CVE-2026-7043 - GreenCMS index.php pluginAddLocal unrestricted upload
A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Thisโฆ
6.9
CVE-2026-7042 - 666ghj MiroFish REST API Endpoint __init__.py create_app missing authentication
A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function create_app of the file backend/app/__init__.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been publisheโฆ
6.3
CVE-2026-7041 - 666ghj MiroFish Werkzeug Debugger PIN console information disclosure
A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack remโฆ
8.5
CVE-2026-7039 - tufantunc ssh-mcp index.ts shell.write command injection
A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. The attack must be carried out locally. The exploit has been disclosed puโฆ
4.8
CVE-2026-7038 - tufantunc ssh-mcp Command Line index.ts insufficiently protected credentials
A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made avaiโฆ
9.3
CVE-2026-7037 - Totolink A8000RU CGI cstecgi.cgi setVpnPassCfg os command injection
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru results in os command injection. The attack can be executed remotelโฆ
6.9
CVE-2026-7036 - Tenda i9 HTTP R7WebsSecurityHandlerfunction path traversal
A vulnerability was identified in Tenda i9 1.0.0.5(2204). This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
8.7
CVE-2026-7035 - Tenda FH1202 httpd WrlclientSet fromWrlclientSet stack-based overflow
A vulnerability was determined in Tenda FH1202 1.2.0.14. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. Executing a manipulation of the argument Go can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has beenโฆ