7.1
CVE-2026-4620 - OS Command Injection via Network on NEC Aterm Routers
OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.
7.1
CVE-2026-4622 - Network-Based OS Command Injection in NEC Aterm Series Routers
OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.
6.3
CVE-2026-4621 - Enable Telnet via Hidden Functionality in NEC Aterm Devices
Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network.
6
CVE-2026-4619 - NetworkβBased Path Traversal Allowing Arbitrary File Write on NEC Aterm WX3600HP
Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network.
6.3
CVE-2026-4309 - Missing Authorization Enables Unauthorized Retrieval and Modification on NEC Aterm Routers
Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.
6.5
CVE-2023-7339 - Data collection for dowloading leads into buffer overflow
Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers. This issue affects pnGate: through 1.30 epGate: through 1.30 mbGate: through 1.30 smartLink HW-DP: through 1.30 smartLink HW-PN: through 1.01.
7
CVE-2026-3457 - Stored XSS vulnerability in Sentinel ACC
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects Sentinel LDK Runtime: before 10.22.
5.3
CVE-2026-27859 - dovecot: Dovecot: Denial of Service via excessive RFC 2231 MIME parameters
A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed vβ¦
3.7
CVE-2026-27860 - dovecot: Dovecot: Authentication bypass and information disclosure via LDAP filter injection
If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out auth_username_chars, or install fixed version. No publicly available exploits areβ¦
7.5
CVE-2026-27858 - dovecot: denial of service via crafted message before authentication
Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to managesieve protocol, or install fixed version. No publicβ¦