8.2
CVE-2026-32316 - jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow
jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffโฆ
8.7
CVE-2026-6196 - Tenda F456 exeCommand fromexeCommand stack-based overflow
A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the argument cmdinput results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and maโฆ
9.3
CVE-2026-6195 - Totolink A7100RU CGI cstecgi.cgi setPasswordCfg os command injection
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be executโฆ
9.1
CVE-2026-6100 - Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under โฆ
Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dโฆ
8.7
CVE-2026-6194 - Totolink A3002MU HTTP Request formWlanSetup sub_410188 stack-based overflow
A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. This manipulation of the argument wan-url causes stack-based buffer overflow. Remote exploitation of โฆ
8.1
CVE-2026-28291 - simple-git has Command Execution via Option-Parsing Bypass
simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an incomplete fix for CVโฆ
7.1
CVE-2025-3756 - Denial of Service Vulnerabilities in System 800xA, Symphonyยฎ Plus IEC 61850
A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks could exploit the vulnera bility by using a specially crafted 61850 packet, forcing the communication iโฆ
6.9
CVE-2026-6193 - PHPGurukul Daily Expense Tracking System register.php sql injection
A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may bโฆ
9.3
CVE-2026-23891 - Decidim has a Cross-site scripting (XSS) vulnerability via user name field
Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting iโฆ
4.8
CVE-2026-6192 - uclouvain openjpeg pi.c opj_pi_initialise_encode integer overflow
A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The idenโฆ