6.8
CVE-2026-31850 - Plaintext Storage of Credentials in Configuration Backup in Nexxt Nebula 300+
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other weaknesโฆ
7.2
CVE-2026-31849 - Missing CSRF Protection on Administrative Endpoints in Nexxt Nebula 300+
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an authentiโฆ
8.7
CVE-2026-31848 - Reversible ecos_pw Cookie Allows Authentication Bypass in Nexxt Nebula 300+
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid cโฆ
5.3
CVE-2026-4586 - CodePhiliaX Chat2DB JDBC Driver Upload JdbcDriverController.java upload unrestricted upload
A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of the file chat2db-server/chat2db-server-web/chat2db-server-web-api/src/main/java/ai/chat2db/server/web/api/controller/driver/JdbcDriverController.java of the component JDBC Driver Upload. Performing a mโฆ
9.3
CVE-2025-41007 - SQL Injection in Cuantis
SQL Injection in Cuantis. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'search' parameter in the '/search.php' endpoint.
8.5
CVE-2026-31847 - Hidden Functionality Enables Remote Telnet Activation via /goform/setSysTools in Nexxt Nebula 300+
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can activโฆ
7.1
CVE-2026-31846 - Unauthenticated Credential Disclosure via /goform/ate in Nexxt Nebula 300+
Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing parameterโฆ
7.5
CVE-2026-32969 - Pre-Auth Blind SQLi in userinfo Endpoint
An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpointโs authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
9.8
CVE-2026-32968 - Unauthenticated RCE in com_mb24sysapi
Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383.
9.3
CVE-2026-4585 - Tiandy Easy7 Integrated Management Platform Configuration ImportSystemConfiguration.jsp os command โฆ
A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/ImportSystemConfiguration.jsp of the component Configuration Handler. The manipulation of the argument File leads to os command injeโฆ