8.6
CVE-2026-4172 - TRENDnet TEW-632BRP HTTP POST Request ping_response.cgi stack-based overflow
A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /ping_response.cgi of the component HTTP POST Request Handler. The manipulation of the argument ping_ipaddr results in stack-based buffer overflow. The attack may be performed from remote. The expβ¦
5.3
CVE-2026-4171 - CodeGenieApp serverless-express API Endpoint TodoList.ts authorization
A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to aβ¦
9.3
CVE-2026-4170 - Topsec TopACM HTTP Request nmc_sync.php os command injection
A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmc_sync.php of the component HTTP Request Handler. Executing a manipulation of the argument template_path can lead to os command injection. The β¦
4.8
CVE-2026-4169 - Tecnick TCExam XML Export tce_xml_users.php F_xml_export_users cross site scripting
A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function F_xml_export_users of the file admin/code/tce_xml_users.php of the component XML Export. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. There are sβ¦
4.8
CVE-2026-4168 - Tecnick TCExam Group tce_edit_group.php cross site scripting
A vulnerability was identified in Tecnick TCExam 16.5.0. This impacts an unknown function of the file /admin/code/tce_edit_group.php of the component Group Handler. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit is publicly avaβ¦
8.7
CVE-2026-4167 - Belkin F9K1122 formReboot stack-based overflow
A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utiliβ¦
5.1
CVE-2026-4166 - Wavlink WL-NU516U1 login.cgi sub_404F68 cross site scripting
A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub_404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in cross site scripting. The attack can be launched remotely. The exploit has been made public and couldβ¦
4.8
CVE-2026-4165 - Worksuite HR, CRM and Project Management create cross site scripting
A vulnerability has been found in Worksuite HR, CRM and Project Management up to 5.5.25. The affected element is an unknown function of the file /account/orders/create. The manipulation of the argument Client Note leads to cross site scripting. The attack can be initiated remotely. The exploit has β¦
9.3
CVE-2026-4164 - Wavlink WL-WN578W2 POST Request wireless.cgi GuestWifi command injection
A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is possible to launch the attack remotely. The exploit hβ¦
5.3
CVE-2026-2233 - User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registrationβ¦
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the draft_post() function in all versions up to, and including, 4.2.8. This makes it pβ¦