Common Vulnerabilities and Exposures (CVE)

CVE-2026-6025

Apr 10, 2026 05:30:21 UTC

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command inje...

CVE-2026-6024

Apr 10, 2026 05:15:13 UTC

A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack rem...

CVE-2026-5477

Apr 10, 2026 05:06:22 UTC

An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The function wc_CmacUpdate used the guard `if (cmac->totalSz != 0)` to skip XOR-chaining on the first block (where digest is all-z...

CVE-2026-6016

Apr 10, 2026 05:00:23 UTC

A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of the argument WANS results in stack-based...

CVE-2026-6015

Apr 10, 2026 04:45:15 UTC

A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buff...

CVE-2026-6014

Apr 10, 2026 04:30:21 UTC

A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It ...

CVE-2026-4482

Apr 10, 2026 04:22:38 UTC

The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems (users have read and execute access). For the client.key file in particular, this could potentially lead to e...

CVE-2026-6013

Apr 10, 2026 04:15:13 UTC

A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of the argument curTime results in buffer ove...

CVE-2026-4622

Apr 10, 2026 04:14:44 UTC

OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.

CVE-2026-4621

Apr 10, 2026 04:13:59 UTC

Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network.

CVE-2026-4620

Apr 10, 2026 04:13:14 UTC

OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.

CVE-2026-4619

Apr 10, 2026 04:12:05 UTC

Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network.

CVE-2026-4309

Apr 10, 2026 04:10:43 UTC

Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.

CVE-2026-6012

Apr 10, 2026 04:00:16 UTC

A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer...

CVE-2026-21915

Apr 10, 2026 03:56:13 UTC

A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows a local, high privileged attacker to escalate their privileges to root. The CLI menu accepts...