Skip to main content
CVE-2026-1326 LOW POC Monitor

Command injection in Totolik NR1800X firmware allows authenticated remote attackers to execute arbitrary commands through the Hostname parameter in the setWanCfg POST handler. Public exploit code exists for this vulnerability, creating elevated risk despite no patch availability. Affected devices can be compromised to gain full system control with network access and valid credentials.

Command Injection Nr1800x Firmware
NVD VulDB
CVSS 4.0
2.1
EPSS
2.7%
CVE-2026-1327 LOW POC Monitor

Totolik NR1800X firmware versions up to 9.1.0u.6279_B20210910 contain a command injection vulnerability in the setTracerouteCfg function that allows authenticated remote attackers to execute arbitrary commands via malicious POST requests. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can leverage this to achieve remote code execution on affected network devices.

Command Injection Nr1800x Firmware
NVD VulDB
CVSS 4.0
2.1
EPSS
0.7%
CVE-2025-47555 LOW Monitor

Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.4. [CVSS 8.1 HIGH]

Authentication Bypass
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2026-22411 LOW Monitor

Mikado-Themes Dolcino dolcino is affected by authorization bypass through user-controlled key (CVSS 5.4).

Authentication Bypass
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2026-22409 LOW Monitor

Mikado-Themes Justicia justicia is affected by authorization bypass through user-controlled key (CVSS 5.4).

Authentication Bypass
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2026-22407 LOW Monitor

Mikado-Themes Roam through version 2.1.1 contains an authorization bypass vulnerability where attackers with valid user credentials can manipulate access control mechanisms to gain unauthorized access to sensitive functionality. This authentication-required vulnerability allows authenticated users to circumvent properly configured security levels through user-controlled parameters. No patch is currently available for this issue.

Authentication Bypass
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2026-22406 LOW Monitor

Mikado-Themes Overton overton is affected by authorization bypass through user-controlled key (CVSS 5.4).

Authentication Bypass
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2026-22404 LOW Monitor

Mikado-Themes Innovio innovio is affected by authorization bypass through user-controlled key (CVSS 5.4).

Authentication Bypass
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2026-0798 LOW PATCH Monitor

Gitea may send release notification emails for private repositories to users whose access has been revoked. [CVSS 3.5 LOW]

Authentication Bypass Gitea
NVD GitHub
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-22281 LOW Monitor

Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. [CVSS 3.5 LOW]

Denial Of Service Race Condition Powerscale Onefs
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-24001 LOW PATCH Monitor

Denial-of-service in jsdiff versions prior to 8.0.3, 5.2.2, 4.0.4, and 3.5.1 allows unauthenticated remote attackers to crash applications by providing maliciously crafted patches with line break characters in filename headers, triggering an infinite loop that exhausts system memory. Applications calling parsePatch with user-supplied input are vulnerable regardless of input size restrictions. A patch is available for all affected versions.

Denial Of Service Jsdiff
NVD GitHub VulDB
CVSS 4.0
2.7
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy