8.7
CVE-2026-3698 - UTT HiPER 810G NTP strcpy buffer overflow
A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. This affects the function strcpy of the file /goform/NTP. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.
5.3
CVE-2026-3697 - Planet ICG-2510 Language Package Configuration httpd sub_40C8E4 stack-based overflow
A vulnerability was determined in Planet ICG-2510 1.0_20250811. The impacted element is the function sub_40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack β¦
7.5
CVE-2026-30910 - Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows
Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows. Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. Tβ¦
9.8
CVE-2026-30909 - Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows
Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows. bin2hex, encrypt, aes256gcm_encrypt_afternm and seal functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. Encountering thβ¦
6.9
CVE-2026-3696 - Totolink N300RH CGI cstecgi.cgi setWiFiWpsConfig os command injection
A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has beβ¦
6.9
CVE-2026-3695 - SourceCodester Modern Image Gallery App delete.php path traversal
A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and β¦
6.9
CVE-2026-3693 - Shy2593666979 AgentChat User Endpoint user.py update_user_info resource injection
A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function get_user_info/update_user_info of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument user_id causes improper control of resource identifiers. Iβ¦
5.3
CVE-2026-3683 - bufanyun HotGo Endpoint upload.go ImageTransferStorage server-side request forgery
A vulnerability was detected in bufanyun HotGo up to 2.0. This issue affects the function ImageTransferStorage of the file /server/internal/logic/common/upload.go of the component Endpoint. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit is β¦
5.3
CVE-2026-3682 - welovemedia FFmate ffmpeg.go Execute argument injection
A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. The manipulation leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed publicly β¦
5.3
CVE-2026-3681 - welovemedia FFmate webhook.go fireWebhook server-side request forgery
A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The exploit has been made available to thβ¦