Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.5 HIGH
CVE-2026-6142 — tushar-2223 Hotel Management System roomdelete.php sql injection

A vulnerability was identified in tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. Affected by this vulnerability is an unknown functionality of the file /admin/roo…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
6.5 MEDIUM
CVE-2026-6141 — danielmiessler Personal_AI_Infrastructure parse_url.ts os command injection

A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parse_url.ts. Executing a manipulation can lea…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
10.0 HIGH
CVE-2026-6140 — Totolink A7100RU CGI cstecgi.cgi UploadFirmwareFile os command injection

A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulati…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
10.0 HIGH
CVE-2026-6139 — Totolink A7100RU CGI cstecgi.cgi UploadOpenVpnCert os command injection

A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation o…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
6.2 MEDIUM
CVE-2026-25204 — Samsung Open Source Escarogt Denial of Service (DoS)

Deserialization of untrusted data vulnerability in Samsung Open Source Escarogt Java Script allows denial of service condition via process abort. This issue affects escarogt prior to commit hash 9…

| Denial of Service
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
10.0 HIGH
CVE-2026-6138 — Totolink A7100RU CGI cstecgi.cgi setAccessDeviceCfg os command injection

A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulatio…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
9.0 HIGH
CVE-2026-6137 — Tenda F451 AdvSetWan fromAdvSetWan stack-based overflow

A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument wanmode/PPPOEPassword…

Remote | Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
9.0 HIGH
CVE-2026-6136 — Tenda F451 L7Im frmL7ImForm stack-based overflow

A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to stack-based …

Remote | Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
9.0 HIGH
CVE-2026-6135 — Tenda F451 SetIpBind fromSetIpBind stack-based overflow

A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. Executing a manipulation of the argument page can lead to…

Remote | Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
9.0 HIGH
CVE-2026-6134 — Tenda F451 qossetting fromqossetting stack-based overflow

A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the argument …

Remote | Memory Corruption
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
9.0 HIGH
CVE-2026-6133 — Tenda F451 SafeUrlFilter fromSafeUrlFilter stack-based overflow

A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Such manipulation of the argument page leads to stack-b…

Remote | Memory Corruption
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
10.0 HIGH
CVE-2026-6132 — Totolink A7100RU CGI cstecgi.cgi setLedCfg os command injection

A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulat…

Remote | Injection
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
10.0 HIGH
CVE-2026-6131 — Totolink A7100RU CGI cstecgi.cgi setTracerouteCfg os command injection

A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The …

Remote | Injection
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
7.5 HIGH
CVE-2026-6130 — chatboxai chatbox Model Context Protocol Server Management System ipc-stdio-transport.ts …

A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server …

Remote | Injection
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
7.5 HIGH
CVE-2026-6129 — zhayujie chatgpt-on-wechat CowAgent Agent Mode Service missing authentication

A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation results in missing aut…

Remote | Authentication
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
4.0 MEDIUM
CVE-2026-40396 — Varnish Cache HTTP/1 Pipeline Denial of Service

Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after timeout_linger. A malicious client could send an HTTP/1 request, wait long enough until the session r…

Remote | Denial of Service
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
4.0 MEDIUM
CVE-2026-40395 — Varnish Enterprise Workspace Overflow Denial of Service

Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) for shared VCL. The headerplus.write_req0() function from vmod_headerplus updates the underlying req…

Remote | Denial of Service
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
4.0 MEDIUM
CVE-2026-40394 — Varnish Cache HTTP/2 Denial of Service

Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certain amounts of prefetched data. The setup of an HTTP/2 sess…

Remote | Denial of Service
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
8.1 HIGH
CVE-2026-40393 — Mesa WebGPU Out-of-Bounds Memory Access Vulnerability

In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.

Remote | Memory Corruption
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
4.0 MEDIUM
CVE-2026-40386 — Fujifilm/Olympus MakerNote Integer Underflow

In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.

| Memory Corruption
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
Showing 20 of 6034 Results