7.3
CVE-2026-2542 - Total VPN win-service.exe unquoted search path
A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability is an unknown functionality of the file C:\Program Files\Total VPN\win-service.exe. Executing a manipulation can lead to unquoted search path. It is possible to launch the attack on the local host. This β¦
7.3
CVE-2026-2538 - Flos Freeware Notepad2 Msimg32.dll uncontrolled search path
A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The attack's complexity is rated as high. The expβ¦
4.3
CVE-2026-0929 - RegistrationMagic < 6.0.7.2 - Subscriber+ Form Creation
The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site.
5.1
CVE-2026-2537 - Comfast CF-E4 HTTP POST Request mbox-config command injection
A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=ntp_timezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched remβ¦
5.3
CVE-2026-2536 - opencc JFlow Workflow WF_Admin_AttrFlow.java Imp_Done xml external entity reference
A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be initiβ¦
5.3
CVE-2026-2535 - Comfast CF-N1 V2 mbox-config sub_44AB9C command injection
A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub_44AB9C of the file /cgi-bin/mbox-config?method=SET§ion=ptest_channel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has been β¦
5.3
CVE-2026-2534 - Comfast CF-N1 V2 mbox-config sub_44AC4C command injection
A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub_44AC4C of the file /cgi-bin/mbox-config?method=SET§ion=ptest_bandwidth. The manipulation of the argument bandwidth leads to command injection. The attack can be initiated remotely. The exploit hβ¦
6.9
CVE-2026-2533 - Tosei Self-service Washing Machine tosei_datasend.php command injection
A flaw has been found in Tosei Self-service Washing Machine 4.02. Impacted is an unknown function of the file /cgi-bin/tosei_datasend.php. Executing a manipulation of the argument adr_txt_1 can lead to command injection. It is possible to launch the attack remotely. The exploit has been published aβ¦
5.3
CVE-2026-2532 - lintsinghua DeepAudit IP Address embedding_config.py server-side request forgery
A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding_config.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initiatβ¦
5.3
CVE-2026-2531 - MindsDB File Upload security.py clear_filename server-side request forgery
A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exβ¦