8.6
CVE-2026-2566 - Wavlink WL-NU516U1 adm.cgi sub_406194 stack-based overflow
A security vulnerability has been detected in Wavlink WL-NU516U1 up to 130/260. This affects the function sub_406194 of the file /cgi-bin/adm.cgi. Such manipulation of the argument firmware_url leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosedβ¦
7.5
CVE-2026-2565 - Wavlink WL-NU516U1 adm.cgi sub_40785C stack-based overflow
A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub_40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument time_zone causes stack-based buffer overflow. The attack can be initiated remotely. The attack is considered to have high β¦
7.2
CVE-2026-26930 - XSS via MAPI Requests in SmarterMail Prior to 9526
SmarterTools SmarterMail before 9526 allows XSS via MAPI requests.
8.7
CVE-2026-2101 - Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Veβ¦
A Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Version 1 Release 16 through ENOVIAvpm Version 1 Release 19 allows an attacker to execute arbitrary script code in user's browser session.
9.2
CVE-2026-2564 - Intelbras VIP 3260 Z IA OutsideCmd password recovery
A security flaw has been discovered in Intelbras VIP 3260 Z IA 2.840.00IB005.0.T. Affected by this vulnerability is an unknown functionality of the file /OutsideCmd. The manipulation results in weak password recovery. It is possible to launch the attack remotely. Attacks of this nature are highly cβ¦
5.3
CVE-2026-2563 - JingDong JD Cloud Box AX6600 jdcapp_rpc controlDevice get_status privileges management
A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the function set_stcreenen_deabled_status/get_status of the file /f/service/controlDevice of the component jdcapp_rpc. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the β¦
5.3
CVE-2026-2562 - JingDong JD Cloud Box AX6600 jdcweb_rpc jdcapi cast_streen privileges management
A vulnerability was determined in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This impacts the function cast_streen of the file /jdcapi of the component jdcweb_rpc. Executing a manipulation of the argument File can lead to Remote Privilege Escalation. The attack may be performed from remote. Thβ¦
5.3
CVE-2026-2561 - JingDong JD Cloud Box AX6600 jdcweb_rpc jdcapi web_get_ddns_uptime privileges management
A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This affects the function web_get_ddns_uptime of the file /jdcapi of the component jdcweb_rpc. Performing a manipulation results in Remote Privilege Escalation. The attack is possible to be carried out remotely. The exploiβ¦
4.3
CVE-2026-2032 - Interrupted page loads in new tabs could allow website spoofing under trusted domains in Firefox iOS
Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in Firefox for iOS 147.2.1.
8.8
CVE-2026-2447 - Heap buffer overflow in libvpx
Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.