Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-6126 — zhayujie chatgpt-on-wechat CowAgent Administrative HTTP Endpoint missing authentication

A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation causes missin…

Remote | Authentication
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
6.5 MEDIUM
CVE-2026-6125 — Dromara warm-flow Workflow Definition save-json SpelHelper.parseExpression code injection

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler…

Remote | Injection
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
9.0 HIGH
CVE-2026-6124 — Tenda F451 httpd SafeMacFilter fromSafeMacFilter stack-based overflow

A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /goform/SafeMacFilter of the component httpd. Executing a manipulation of t…

Remote | Memory Corruption
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
9.0 HIGH
CVE-2026-6123 — Tenda F451 httpd addressNat fromAddressNat stack-based overflow

A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of the argument entrys resul…

f451_firmware | Remote | Memory Corruption
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
9.0 HIGH
CVE-2026-6122 — Tenda F451 httpd L7Prot frmL7ProtForm stack-based overflow

A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page le…

f451_firmware | Remote | Memory Corruption
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
9.0 HIGH
CVE-2026-6121 — Tenda F451 httpd WrlclientSet stack-based overflow

A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of the argument GO …

f451_firmware | Remote | Memory Corruption
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
9.0 HIGH
CVE-2026-6120 — Tenda F451 httpd DhcpListClient fromDhcpListClient stack-based overflow

A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. The manipulation of the argument page result…

f451_firmware | Remote | Memory Corruption
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
6.5 MEDIUM
CVE-2026-6119 — AstrBotDevs AstrBot API Endpoint post_data.get server-side request forgery

A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request fo…

astrbot | Remote | Server-Side Request Forgery
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
0.0 NA
CVE-2026-31413 — bpf: Fix unsound scalar forking in maybe_fork_scalars() for BPF_OR

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix unsound scalar forking in maybe_fork_scalars() for BPF_OR maybe_fork_scalars() is called for both BPF_AND and BPF_OR whe…

linux_kernel | Memory Corruption
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
6.5 MEDIUM
CVE-2026-6118 — AstrBotDevs AstrBot MCP Endpoint tools.py add_mcp_server command injection

A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulat…

astrbot | Remote | Injection
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
6.5 MEDIUM
CVE-2026-6117 — AstrBotDevs AstrBot install-upload Endpoint plugin.py install_plugin_upload sandbox

A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload End…

astrbot | Remote | Misconfiguration
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
10.0 HIGH
CVE-2026-6116 — Totolink A7100RU CGI cstecgi.cgi setDiagnosisCfg os command injection

A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The man…

a7100ru_firmware | Remote | Injection
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
10.0 HIGH
CVE-2026-6115 — Totolink A7100RU CGI cstecgi.cgi setAppCfg os command injection

A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argu…

a7100ru_firmware | Remote | Injection
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
10.0 HIGH
CVE-2026-6114 — Totolink A7100RU CGI cstecgi.cgi setNetworkCfg os command injection

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a…

a7100ru_firmware | Remote | Injection
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
10.0 HIGH
CVE-2026-6113 — Totolink A7100RU CGI cstecgi.cgi setTtyServiceCfg os command injection

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component …

a7100ru_firmware | Remote | Injection
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
10.0 HIGH
CVE-2026-6112 — Totolink A7100RU CGI cstecgi.cgi setRadvdCfg os command injection

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the a…

a7100ru_firmware | Remote | Injection
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
6.5 MEDIUM
CVE-2026-6111 — FoundationAgents MetaGPT common.py decode_image server-side request forgery

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decode_image of the file metagpt/utils/common.py. The manipulation of the argument img_url_or_b6…

Remote | Server-Side Request Forgery
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
7.5 HIGH
CVE-2026-6110 — FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The ma…

Remote | Injection
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
8.2 HIGH
CVE-2026-1116 — Cross-site Scripting (XSS) in parisneo/lollms

A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack o…

lollms | Remote | Cross-Site Scripting
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
5.3 MEDIUM
CVE-2026-6109 — FoundationAgents MetaGPT Mineflayer HTTP API index.js evaluateCode cross-site request for…

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the componen…

Remote | Cross-Site Request Forgery
Apr 12, 2026 Apr 12, 2026
Apr 12, 2026
Apr 12, 2026
Showing 20 of 6260 Results