9.8
CVE-2026-26793 -
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_config function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
6.5
CVE-2025-61154 - Heap Buffer Overflow in LibreDWG Leading to Denial of Service via DWG File Decompression
Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 up to v0.13.3.7835 allows a crafted DWG file to cause a Denial of Service (DoS) via the function decompress_R2004_section at decode.c.
9.8
CVE-2026-26792 -
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade function via the modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type parameters. These vulnerabilities allow attackers to execute arbiโฆ
9.8
CVE-2026-26795 - Command Injection in GL-iNet GL-AR300M16 v4.3.11 via get_system_log
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
9.8
CVE-2026-26791 - Command Injection Vulnerability in GLโiNet GLโAR300M16 v4.3.11
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
8.8
CVE-2026-26794 - SQL Injection in GLโiNet GLโAR300M16 Firmware 4.3.11 via add_group()
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_group() function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request.
9.8
CVE-2026-25823 - Stack Buffer Overflow in HMS Networks Ewon Flexy and Cosy+ Firmware Enabling Remote Code Execution
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have a stack buffer overflow that leads to a Denial of Service, which can also be exploited to achieve Unauthenticated Remote Code Execution.
7.5
CVE-2026-25819 - Unauthenticated HTTP Request Denial of Service on HMS Networks Devices
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service by using a specially crafted HTTP request that leads to a reboot of the device, provided they have โฆ
9.1
CVE-2026-25818 - Weak Cookie Entropy Enabling Password BruteโForce on HMS Networks Ewon Flexy and Cosy+
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have weak entropy for authentication cookies, allowing an attacker with a stolen session cookie to find the user password by brute-forcing an encryption parameteโฆ
8.8
CVE-2026-25817 - Improper Command Neutralization Leading to Remote Code Execution in HMS Networks Ewon Flexy and Cosโฆ
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution by attackers with low privilege access on the gateway, provโฆ