5.3
CVE-2026-3680 - RyuzakiShinji biome-mcp-server biome-mcp-server.ts command injection
A security flaw has been discovered in RyuzakiShinji biome-mcp-server up to 1.0.0. Affected by this issue is some unknown functionality of the file biome-mcp-server.ts. Performing a manipulation results in command injection. The attack can be initiated remotely. The exploit has been released to theβ¦
8.7
CVE-2026-3679 - Tenda FH451 QuickIndex formQuickIndex stack-based overflow
A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex. Such manipulation of the argument mit_linktype/PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The eβ¦
8.7
CVE-2026-3678 - Tenda FH451 AdvSetWan sub_3C434 stack-based overflow
A vulnerability was determined in Tenda FH451 1.0.0.9. Affected is the function sub_3C434 of the file /goform/AdvSetWan. This manipulation of the argument wanmode/PPPOEPassword causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly discloseβ¦
8.7
CVE-2026-3677 - Tenda FH451 setcfm fromSetCfm stack-based overflow
A vulnerability was found in Tenda FH451 1.0.0.9. This impacts the function fromSetCfm of the file /goform/setcfm. The manipulation of the argument funcname/funcpara1 results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.
4.8
CVE-2026-3675 - Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppReceiver improper authorization
A vulnerability was determined in Freedom Factory dGEN1 up to 20260221. Affected by this issue is the function FakeAppReceiver of the component org.ethosmobile.ethoslauncher. Executing a manipulation can lead to improper authorization. The attack needs to be launched locally. The exploit has been pβ¦
4.8
CVE-2026-3674 - Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppProvider improper authorization
A vulnerability was found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function FakeAppProvider of the component org.ethosmobile.ethoslauncher. Performing a manipulation results in improper authorization. The attack must be initiated from a local position. The explβ¦
5.3
CVE-2026-3672 - JeecgBoot getDictItems isExistSqlInjectKeyword sql injection
A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
4.8
CVE-2026-3671 - Freedom Factory dGEN1 org.ethereumphone.walletmanager.testing123 TokenBalanceContentProvider impropβ¦
A flaw has been found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function TokenBalanceContentProvider of the component org.ethereumphone.walletmanager.testing123. Executing a manipulation can lead to improper authorization. The attack requires local access. The eβ¦
4.8
CVE-2026-3670 - Freedom Factory dGEN1 com.dgen.alarm improper authorization
A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. Affected is an unknown function of the component com.dgen.alarm. Performing a manipulation results in improper authorization. The attack requires a local approach. The exploit is now public and may be used. The vendor was contactβ¦
4.8
CVE-2026-3669 - Freedom Factory dGEN1 com.dgen.alarm AlarmService improper authorization
A security vulnerability has been detected in Freedom Factory dGEN1 up to 20260221. This impacts the function AlarmService of the component com.dgen.alarm. Such manipulation leads to improper authorization. The attack needs to be performed locally. The exploit has been disclosed publicly and may beβ¦