CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2026-9058 Improper Certificate Verification in Szafir SDK 25.05.2026 9.3
CVE-2026-9457 Totolink A8000RU Web Management cstecgi.cgi UploadFirmwareFile os command injection 25.05.2026 9.3
CVE-2026-9458 Totolink A8000RU Web Management cstecgi.cgi setWanCfg os command injection 25.05.2026 9.3
CVE-2026-9454 Totolink A8000RU Web Management cstecgi.cgi setOpenVpnCertGenerationCfg os command injection 25.05.2026 9.3
CVE-2026-9455 Totolink A8000RU Web Management cstecgi.cgi UploadOpenVpnCert os command injection 25.05.2026 9.3
CVE-2026-9456 Totolink A8000RU Web Management cstecgi.cgi setOpenVpnCfg os command injection 25.05.2026 9.3
CVE-2026-9435 Totolink A8000RU Web Management cstecgi.cgi setQosCfg os command injection 25.05.2026 9.3
CVE-2026-9436 Totolink A8000RU Web Management cstecgi.cgi setL2tpServerCfg os command injection 25.05.2026 9.3
CVE-2026-2651 Missing Authorization Validation in mlflow/mlflow 25.05.2026 9
CVE-2026-9432 Totolink A8000RU Web Management cstecgi.cgi setWiFiAdvancedCfg os command injection 25.05.2026 9.3
CVE-2026-9433 Totolink A8000RU Web Management cstecgi.cgi setMacFilterRules os command injection 25.05.2026 9.3
CVE-2026-9434 Totolink A8000RU Web Management cstecgi.cgi setWiFiWpsCfg os command injection 25.05.2026 9.3
CVE-2026-9407 Totolink A8000RU Web Management cstecgi.cgi setFirewallType os command injection 24.05.2026 9.3
CVE-2026-9408 Totolink A8000RU Web Management cstecgi.cgi setStaticDhcpRules os command injection 25.05.2026 9.3
CVE-2026-9405 Totolink A8000RU Web Management cstecgi.cgi setGameSpeedCfg os command injection 24.05.2026 9.3
CVE-2026-9406 Totolink A8000RU Web Management cstecgi.cgi setRemoteCfg os command injection 24.05.2026 9.3
CVE-2026-9404 Totolink A8000RU Web Management cstecgi.cgi setDdnsCfg os command injection 24.05.2026 9.3
CVE-2026-9397 Besen BS20 EV Charging Station OTA Update Installation improper authorization 24.05.2026 9.2
CVE-2026-9388 Totolink A8000RU Web Management cstecgi.cgi setScheduleCfg os command injection 24.05.2026 9.3
CVE-2026-9386 Totolink A8000RU Web Management cstecgi.cgi setLanguageCfg os command injection 24.05.2026 9.3
CVE-2026-9387 Totolink A8000RU Web Management cstecgi.cgi setUpgradeFW os command injection 24.05.2026 9.3
CVE-2026-9384 Totolink A8000RU Web Management cstecgi.cgi setDiagnosisCfg os command injection 24.05.2026 9.3
CVE-2026-9385 Totolink A8000RU Web Management cstecgi.cgi setTracerouteCfg os command injection 24.05.2026 9.3
CVE-2018-25350 userSpice 4.3.24 Username Enumeration via existingUsernameCheck.php 23.05.2026 9.3
CVE-2018-25357 Dolibarr ERP CRM 7.0.3 Remote Code Evaluation via install/step1.php 23.05.2026 9.3
CVE-2026-23652 Microsoft Power Pages Remote Code Execution Vulnerability 22.05.2026 10
CVE-2026-33843 Microsoft Azure Active Directory B2C Elevation of Privilege Vulnerability 22.05.2026 9.1
CVE-2026-40411 Azure Virtual Network Gateway Remote Code Execution Vulnerability 22.05.2026 9.9
CVE-2026-40412 Azure Orbital Spatio Remote Code Execution Vulnerability 22.05.2026 10
CVE-2026-41090 Microsoft Copilot Tampering Vulnerability 22.05.2026 9.3
CVE-2026-41104 Microsoft Planetary Computer Pro Information Disclosure Vulnerability 22.05.2026 10
CVE-2026-42901 Microsoft Entra ID Elevation of Privilege Vulnerability 23.05.2026 10
CVE-2026-47280 Azure Resource Manager Elevation of Privilege Vulnerability 22.05.2026 10
CVE-2026-48700 24.05.2026 9.3
CVE-2026-32253 Sunshine: Authentication bypass via improper client certificate validation 22.05.2026 9.8
CVE-2026-33712 TypeBot: Unauthenticated SSRF via isolated-vm fetch in preview chat endpoint bypasses SSRF controls 22.05.2026 10
CVE-2026-9256 NGINX ngx_http_rewrite_module vulnerability 23.05.2026 9.2
CVE-2026-8670 Insecure session handling on metrics web server 22.05.2026 9.6
CVE-2026-9277 shell-quote `quote()` does not validate object-token shapes, allowing command injection via line terminators in `.op` 23.05.2026 9.2
CVE-2026-9054 Invalid IP packets cause a kernel panic 22.05.2026 9.2
CVE-2026-33000 23.05.2026 9.1
CVE-2026-34908 23.05.2026 10
CVE-2026-34909 22.05.2026 10
CVE-2026-34910 23.05.2026 10
CVE-2026-6960 BookingPress Pro <= 5.6 - Unauthenticated Arbitrary File Upload via Signature Custom Field 22.05.2026 9.8
CVE-2026-8134 Concrete CMS 9.5.0 and below is vulnerable to Authenticated RCE via Composer customTemplate Path Traversal leading to PHP File Inclusion 22.05.2026 9.4
CVE-2026-48241 Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in loader.php 21.05.2026 9.2
CVE-2026-48242 Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in import_mdb.php 23.05.2026 9.2
CVE-2026-39531 WordPress WP Directory Kit plugin <= 1.5.0 - SQL Injection vulnerability 21.05.2026 9.3
CVE-2025-71210 21.05.2026 9.8
CVE-2025-71211 21.05.2026 9.8
CVE-2026-5118 Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role' 21.05.2026 9.8
CVE-2026-5433 Improper Sanitization in CNM Web Interface 21.05.2026 9.1
CVE-2026-44050 Heap buffer overflow in CNID daemon comm_rcv() 22.05.2026 9.9
CVE-2026-6279 Avada (Fusion) Builder <= 3.15.2 - Unauthenticated Remote Code Execution via PHP Function Injection via 'render_logics' Shortcode Attribute via Widget AJAX Handler 21.05.2026 9.8
CVE-2026-48172 24.05.2026 10
CVE-2026-9152 Unauthenticated SOAP Endpoint in Altium 365 SearchService Allows Cross-Tenant Data Exfiltration and Index Destruction 21.05.2026 10
CVE-2026-8631 HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary Code Execution 21.05.2026 9.3
CVE-2026-39405 Frappe has Path Transversal via SCORM 21.05.2026 9.4
CVE-2026-9139 Taiko AG1000-01A Rev 7.3/8 Hard-coded Credentials via login.zhtml 21.05.2026 9.3
CVE-2026-9141 Taiko AG1000-01A Rev 7.3/8 Authentication Bypass via Web Interface 21.05.2026 9.3
CVE-2026-23734 XWiki Platform: Path traversal via resources parameter in ssx and jsx endpoints when using leading slash 21.05.2026 9.3
CVE-2026-33137 XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName} 21.05.2026 9.3
CVE-2026-45444 WordPress Gift Cards For WooCommerce Pro plugin <= 4.2.6 - Arbitrary File Upload vulnerability 21.05.2026 10
CVE-2026-9082 Drupal core - Highly critical - SQL injection - SA-CORE-2026-004 23.05.2026 9.8
CVE-2026-9102 Path Traversal in Altium Enterprise Server ComparisonService Allows Arbitrary File Write 20.05.2026 9.4
CVE-2026-9129 Path Traversal in Altium Enterprise Server Viewer StorageController Allows Arbitrary File Read 20.05.2026 9.4
CVE-2026-20223 Cisco Secure Workload Unauthorized API Access Vulnerability 21.05.2026 10
CVE-2026-8598 Unauthenticated Export Service in ZKTeco CCTV Cameras 20.05.2026 9.1
CVE-2026-8467 Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground 22.05.2026 9.5
CVE-2026-22314 20.05.2026 9
CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation 20.05.2026 9.1
CVE-2026-9059 NextGEN Gallery - SQL Injection 20.05.2026 9.3
CVE-2026-9065 Surecart - SQL Injection 20.05.2026 9.3
CVE-2026-24207 20.05.2026 9.8
CVE-2026-7637 Boost <= 2.0.3 - Unauthenticated PHP Object Injection via STYXKEY-BOOST_USER_LOCATION Cookie 20.05.2026 9.8
CVE-2026-6555 ProSolution WP Client <= 2.0.0 - Unauthenticated Arbitrary File Upload via 'files' 20.05.2026 9.8
CVE-2026-7284 Easy Elements for Elementor <= 1.4.4 - Unauthenticated Privilege Escalation via easyel_handle_register 20.05.2026 9.8
CVE-2026-34234 CtrlPanel: Unauthenticated RCE using installer script 20.05.2026 10
CVE-2026-33642 Kitty has a Heap Buffer Over-Read/Write via Integer Overflow in compose_rectangles Bounds Check 19.05.2026 9.9
CVE-2026-47357 19.05.2026 9.3
CVE-2026-47358 19.05.2026 9.3
CVE-2026-2586 20.05.2026 9.1
CVE-2026-2587 20.05.2026 9.6
CVE-2026-44159 Tyler Identity Local (TID-L) default administrative credentials 19.05.2026 9.3
CVE-2026-8711 NGINX JavaScript vulnerability 21.05.2026 9.2
CVE-2026-42097 Authentication Bypass in Sparx Pro Cloud Server 19.05.2026 9.3
CVE-2026-43633 HestiaCP 1.9.0-1.9.4 Deserialization RCE via Web Terminal 19.05.2026 9.5
CVE-2026-4883 Piotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File Upload 19.05.2026 9.8
CVE-2026-43493 crypto: pcrypt - Fix handling of MAY_BACKLOG requests 20.05.2026 9.8
CVE-2026-2611 Improper Origin Validation in mlflow/mlflow 19.05.2026 9.6
CVE-2026-46725 Remote Code Execution in extension "Content Element Selector" (ceselector) 19.05.2026 9.2
CVE-2026-4885 Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload 19.05.2026 9.8
CVE-2026-27130 Dokploy has Command Injection in its Service Operations 19.05.2026 9.9
CVE-2026-25244 WebdriverIO has Command Injection in the BrowserStack Service 19.05.2026 9.8
CVE-2026-8838 Remote Code Execution via eval() Injection in amazon-redshift-python-driver 19.05.2026 9.3
CVE-2026-8836 lwIP snmpv3 USM snmp_msg.c snmp_parse_inbound_frame stack-based overflow 23.05.2026 9.3

Latest Updates

CVE Title Updated Score
CVE-2026-42782 Apache Syncope: Post-auth RCE via Groovy static 25.05.2026
CVE-2026-42797 Apache Syncope: JexlContextBuilder Information Disclosure 25.05.2026
CVE-2026-9466 Tiandy Easy7 Integrated Management Platform API Endpoint updateUserPassword password recovery 25.05.2026
CVE-2026-9467 debugmcp mcp-debugger server.ts handleGetSourceContext path traversal 25.05.2026
CVE-2026-9468 dazeb cline-mcp-memory-bank index.ts handleInitializeMemoryBank path traversal 25.05.2026
CVE-2026-9469 yashpokharna2555 StudentManagementSystem success.php sql injection 25.05.2026
CVE-2026-9470 yashpokharna2555 StudentManagementSystem student_trans.php confirm_logged_in sql injection 25.05.2026
CVE-2018-25359 Splinterware System Scheduler Pro 5.12 Privilege Escalation 25.05.2026
CVE-2018-25360 AgataSoft Auto PingMaster 1.5 Buffer Overflow SEH 25.05.2026
CVE-2018-25361 Soroush IM Desktop App 0.17.0 Authentication Bypass via Database Injection 25.05.2026
CVE-2018-25362 Twitter-Clone 1 SQL Injection via follow.php 25.05.2026
CVE-2018-25363 Twitter-Clone 1 Cross-Site Request Forgery via tweetdel.php 25.05.2026
CVE-2018-25364 Twitter-Clone 1 SQL Injection via search.php 25.05.2026
CVE-2018-25365 PCViewer vt1000 Directory Traversal via GET Request 25.05.2026
CVE-2018-25366 CuteFTP 5.0 XP Buffer Overflow via Site Manager Label Field 25.05.2026
CVE-2018-25367 NASA openVSP 3.16.1 Denial of Service via Buffer Overflow 25.05.2026
CVE-2018-25368 Nord VPN 6.14.31 Denial of Service via Password Field 25.05.2026
CVE-2018-25369 Visual Ping 0.8.0.0 Buffer Overflow Denial of Service 25.05.2026
CVE-2018-25370 Admidio 3.3.5 Cross-Site Request Forgery via roles_function.php 25.05.2026
CVE-2018-25371 mooSocial Store Plugin 2.6 SQL Injection via product parameter 25.05.2026
CVE-2018-25372 MedDream PACS Server Premium 6.7.1.1 SQL Injection via email 25.05.2026
CVE-2018-25373 DVD Photo Slideshow Professional 8.07 Buffer Overflow SEH 25.05.2026
CVE-2018-25374 Softneta MedDream PACS Server Premium 6.7.1.1 Directory Traversal 25.05.2026
CVE-2018-25375 SocuSoft iPod Photo Slideshow 8.05 Buffer Overflow SEH 25.05.2026
CVE-2018-25376 Socusoft 3GP Photo Slideshow 8.05 Buffer Overflow SEH 25.05.2026
CVE-2018-25377 Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH 25.05.2026
CVE-2018-25378 Notebook Pro 2.0 Denial of Service via Notebook Name Field 25.05.2026
CVE-2018-25379 Collectric CMU 1.0 SQL Injection via lang Parameter 25.05.2026
CVE-2018-25380 Joomla Component eXtroForms 2.1.5 SQL Injection via filter parameters 25.05.2026
CVE-2018-25381 Joomla Responsive Portfolio 1.6.1 SQL Injection via filter parameters 25.05.2026
CVE-2026-47066 Infinite loop in Alt-Svc header parser in hackney 25.05.2026
CVE-2026-47067 Atom table exhaustion via unrecognized URL schemes in hackney 25.05.2026
CVE-2026-47069 CRLF injection in cookie domain/path options in hackney 25.05.2026
CVE-2026-47070 HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect target in hackney 25.05.2026
CVE-2026-47071 SOCKS5 TLS upgrade ignores caller timeout in hackney 25.05.2026
CVE-2026-47072 CRLF injection in WebSocket upgrade request in hackney 25.05.2026
CVE-2026-47073 Unbounded memory consumption in WebSocket client in hackney 25.05.2026
CVE-2026-47075 CR/LF injection in query parameter in hackney 25.05.2026
CVE-2026-47076 SSRF allowlist bypass via percent-encoded host in hackney 25.05.2026
CVE-2026-47077 Unbounded body accumulation in HTTP/3 response loop in hackney 25.05.2026
CVE-2026-9078 Firefox iOS RTL Domain Rendering Issue in Link Preview 25.05.2026
CVE-2026-9462 Edimax EW-7438RPn formWpsProxyEnable stack-based overflow 25.05.2026
CVE-2026-9463 Edimax EW-7438RPn formLicence stack-based overflow 25.05.2026
CVE-2026-9464 YunaiV yudao-cloud Admin API Endpoint create IotDataSinkHttpConfig server-side request forgery 25.05.2026
CVE-2026-9465 Tiandy Easy7 Integrated Management Platform GetDBDataEx.jsp sql injection 25.05.2026
CVE-2026-9058 Improper Certificate Verification in Szafir SDK 25.05.2026
CVE-2026-9457 Totolink A8000RU Web Management cstecgi.cgi UploadFirmwareFile os command injection 25.05.2026
CVE-2026-9458 Totolink A8000RU Web Management cstecgi.cgi setWanCfg os command injection 25.05.2026
CVE-2026-9459 Edimax EW-7438RPn formConnectionSetting stack-based overflow 25.05.2026
CVE-2026-9460 Edimax EW-7438RPn formAccept stack-based overflow 25.05.2026
CVE-2026-9461 Edimax EW-7438RPn formRadius stack-based overflow 25.05.2026
CVE-2026-7766 Path Traversal in Kenik cameras 25.05.2026
CVE-2026-9453 FoundDream miniclawd SkillsLoader skills-loader.ts which command injection 25.05.2026
CVE-2026-9454 Totolink A8000RU Web Management cstecgi.cgi setOpenVpnCertGenerationCfg os command injection 25.05.2026
CVE-2026-9455 Totolink A8000RU Web Management cstecgi.cgi UploadOpenVpnCert os command injection 25.05.2026
CVE-2026-9456 Totolink A8000RU Web Management cstecgi.cgi setOpenVpnCfg os command injection 25.05.2026
CVE-2026-40127 Authorization Bypass Through User-Controlled Key in OutSystems Lifetime 25.05.2026
CVE-2026-46745 Apache Airflow FAB provider: LDAP Filter Injection in FAB Auth Manager _search_ldap reachable via /auth/token 25.05.2026
CVE-2026-9447 SourceCodester Simple POS and Inventory System search.php sql injection 25.05.2026
CVE-2026-9448 code-projects Employee Management System applyleave.php cross site scripting 25.05.2026
CVE-2026-9449 code-projects Employee Management System changepassemp.php sql injection 25.05.2026
CVE-2026-9450 code-projects Employee Management System psubmit.php sql injection 25.05.2026
CVE-2026-9451 code-projects Employee Management System applyleaveprocess.php sql injection 25.05.2026
CVE-2026-9452 FoundDream miniclawd exec.ts ExecTool.execute os command injection 25.05.2026
CVE-2026-45361 Apache Airflow Google provider: SSH host key verification disabled in ComputeEngineSSHHook (paramiko AutoAddPolicy default) 25.05.2026
CVE-2026-5222 Cargo can be coerced to share credentials between registries 25.05.2026
CVE-2026-5223 Crates in third party registries can override the cached source of other crates 25.05.2026
CVE-2026-9274 Information Exposure Vulnerability in CP-Plus Wi-Fi Camera 25.05.2026
CVE-2026-9441 Edimax BR-6478AC POST Request formiNICbasic command injection 25.05.2026
CVE-2026-9442 Edimax BR-6478AC POST Request formiNICSiteSurvey buffer overflow 25.05.2026
CVE-2026-9443 Edimax BR-6478AC POST Request formL2TPSetup buffer overflow 25.05.2026
CVE-2026-9444 SourceCodester Simple POS and Inventory System GET Parameter deleteproduct.php delete sql injection 25.05.2026
CVE-2026-9445 SourceCodester Simple POS and Inventory System File Extension addproduct.php unrestricted upload 25.05.2026
CVE-2026-9446 SourceCodester Simple POS and Inventory System edit_customer.php sql injection 25.05.2026
CVE-2026-45249 Apache ECharts: XSS in Lines series tooltip rendering 25.05.2026
CVE-2026-4915 Server panic via outgoing webhook responses 25.05.2026 6.5
CVE-2026-9435 Totolink A8000RU Web Management cstecgi.cgi setQosCfg os command injection 25.05.2026
CVE-2026-9436 Totolink A8000RU Web Management cstecgi.cgi setL2tpServerCfg os command injection 25.05.2026
CVE-2026-9437 DTStack Taier REST API Runtime.exec os command injection 25.05.2026
CVE-2026-9438 yashpokharna2555 StudentManagementSystem courseDel.php resource injection 25.05.2026
CVE-2026-9439 Edimax BR-6675nD stainfo command injection 25.05.2026
CVE-2026-9440 Edimax BR-6478AC POST Request formAccept command injection 25.05.2026
CVE-2026-9490 Acer Care Center creates a Named Pipe with a weak Security Descriptor 25.05.2026
CVE-2026-25193 25.05.2026 8.1
CVE-2026-2651 Missing Authorization Validation in mlflow/mlflow 25.05.2026
CVE-2026-41863 LLM-influenced filename used unsanitized in Path.resolve before file write in Spring AI support for Anthropic Skills API 25.05.2026 6.5
CVE-2026-9428 Tenda F1202 PPTPUserSetting fromPPTPUserSetting stack-based overflow 25.05.2026
CVE-2026-9429 Tenda F1202 WrlExtraSet formWrlExtraSet stack-based overflow 25.05.2026
CVE-2026-9430 Tenda F1202 GstDhcpSetSerof formGstDhcpSetSer stack-based overflow 25.05.2026
CVE-2026-9431 Tenda F1202 PptpUserAdd fromPptpUserAdd stack-based overflow 25.05.2026
CVE-2026-9432 Totolink A8000RU Web Management cstecgi.cgi setWiFiAdvancedCfg os command injection 25.05.2026
CVE-2026-9433 Totolink A8000RU Web Management cstecgi.cgi setMacFilterRules os command injection 25.05.2026
CVE-2026-9434 Totolink A8000RU Web Management cstecgi.cgi setWiFiWpsCfg os command injection 25.05.2026
CVE-2026-9422 KLiK SocialMediaWebsite HTTP POST Request Parameter injection 25.05.2026
CVE-2026-9423 Edimax BR-6675nD POST Request mp command injection 25.05.2026
CVE-2026-9424 Edimax EW-7438RPn Content-Type formWlanMP os command injection 25.05.2026
CVE-2026-9425 Edimax EW-7438RPn formWlanMP stack-based overflow 25.05.2026
CVE-2026-9426 Edimax EW-7438RPn formHwSet stack-based overflow 25.05.2026
CVE-2026-9427 Edimax EW-7438RPn webs formWlSiteSurvey stack-based overflow 25.05.2026
CVE-2026-6059 25.05.2026
CVE-2026-8652 25.05.2026
CVE-2026-9417 code-projects Employee Management System myprofileup.php cross site scripting 25.05.2026
CVE-2026-9418 code-projects Employee Management System changepassemp.php cross site scripting 25.05.2026
CVE-2026-9419 code-projects Employee Management System empproject.php cross site scripting 25.05.2026
CVE-2026-9420 KLiK SocialMediaWebsite HTTP GET Request Parameter injection 25.05.2026
CVE-2026-9421 KLiK SocialMediaWebsite File upload.inc.php uniqid unrestricted upload 25.05.2026
CVE-2026-9414 SourceCodester Indian Invoicing System Invoice Template Render Database-Backed add_order.php cross site scripting 25.05.2026
CVE-2026-9415 code-projects Employee Management System eloginwel.php cross site scripting 25.05.2026
CVE-2026-9416 code-projects Employee Management System myprofile.php cross site scripting 25.05.2026
CVE-2026-9489 NitroSense V3: Local Privilege Escalation (LPE) vulnerability 25.05.2026
CVE-2026-9409 Sushmi-pal Invoice-System User Management user improper authorization 25.05.2026
CVE-2026-9410 Sushmi-pal Invoice-System Profile Workflow profile improper authorization 25.05.2026
CVE-2026-9411 SourceCodester Indian Invoicing System Invoice Generation IGST_Invoice.php sql injection 25.05.2026
CVE-2026-9412 SourceCodester Indian Invoicing System Backend Endpoint access control 25.05.2026
CVE-2026-9413 SourceCodester Indian Invoicing System category.php cross site scripting 25.05.2026
CVE-2026-9407 Totolink A8000RU Web Management cstecgi.cgi setFirewallType os command injection 24.05.2026
CVE-2026-9408 Totolink A8000RU Web Management cstecgi.cgi setStaticDhcpRules os command injection 25.05.2026
CVE-2026-9405 Totolink A8000RU Web Management cstecgi.cgi setGameSpeedCfg os command injection 24.05.2026
CVE-2026-9406 Totolink A8000RU Web Management cstecgi.cgi setRemoteCfg os command injection 24.05.2026
CVE-2026-9404 Totolink A8000RU Web Management cstecgi.cgi setDdnsCfg os command injection 24.05.2026
CVE-2026-48832 24.05.2026 3.5
CVE-2026-9402 Edimax BR-6675nD POST Request formWlanMP command injection 24.05.2026
CVE-2026-9403 Edimax BR-6675nD POST Request formWlSiteSurvey buffer overflow 24.05.2026
CVE-2026-9400 Edimax BR-6675nD POST Request formUSBStorage command injection 24.05.2026
CVE-2026-9401 Edimax BR-6675nD POST Request formWanTcpipSetup buffer overflow 24.05.2026
CVE-2026-48831 25.05.2026
CVE-2026-9399 Edimax BR-6675nD POST Request formsetPPPoE buffer overflow 24.05.2026
CVE-2026-9398 Besen BS20 EV Charging Station BLE/WiFi authentication replay 24.05.2026
CVE-2026-9396 Besen BS20 EV Charging Station Firmware Version Check ui layer 24.05.2026
CVE-2026-9397 Besen BS20 EV Charging Station OTA Update Installation improper authorization 24.05.2026
CVE-2026-9395 Besen BS20 EV Charging Station BLE/UDP insufficiently protected credentials 24.05.2026
CVE-2026-9394 Besen BS20 EV Charging Station Bluetooth Low Energy weak password 24.05.2026
CVE-2026-9393 H3C Magic B0 aspForm Edit_BasicSSID_5G buffer overflow 24.05.2026