Skip to main content
CVE-2026-2886 HIGH POC This Week

Stack Overflow and Tenda A21 1.0.0.0 are vulnerable to remote code execution through a stack-based buffer overflow in the device name configuration function, exploitable by authenticated attackers without user interaction. Public exploit code exists for this vulnerability, enabling attackers to achieve complete compromise of affected systems. No patch is currently available.

Buffer Overflow Stack Overflow A21 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2874 HIGH POC This Week

Remote code execution in Tenda A21 1.0.0.0 firmware via stack-based buffer overflow in the WiFi settings endpoint allows authenticated attackers to execute arbitrary code with full system privileges. The vulnerability exists in the fast_setting_wifi_set function where unsanitized SSID parameter input can overflow the stack, and public exploit code is currently available. No patch has been released for this high-severity vulnerability affecting both the A21 firmware and Stack Overflow products.

Buffer Overflow Stack Overflow A21 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2873 HIGH POC This Week

Stack-based buffer overflow in Tenda A21 firmware allows remote attackers with valid credentials to achieve complete system compromise through malicious input to the schedStartTime/schedEndTime parameters in the openSchedWifi function. Public exploit code exists for this vulnerability, and no patch is currently available. This affects confidentiality, integrity, and availability with high severity (CVSS 8.8).

Buffer Overflow Stack Overflow A21 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2872 HIGH POC This Week

Stack-based buffer overflow in Tenda A21 1.0.0.0 MAC filtering configuration allows remote authenticated attackers to achieve full system compromise through malicious devName/mac parameters. Public exploit code exists for this vulnerability, which remains unpatched. The flaw affects the set_device_name function in the /goform/setBlackRule endpoint with high exploitability due to network accessibility and low attack complexity.

Buffer Overflow Stack Overflow A21 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2870 HIGH POC This Week

Remote code execution in Tenda A21 firmware through a stack buffer overflow in the QoS bandwidth configuration endpoint allows unauthenticated attackers to execute arbitrary code with full system privileges. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the set_qosMib_list function when processing unsanitized input, enabling network-based attacks from authenticated users or potentially lower-privileged roles.

Buffer Overflow Stack Overflow A21 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-27168 HIGH POC This Week

The SAIL image library contains a heap buffer overflow in its XWD file parser that fails to validate the bytes_per_line value read from untrusted files, allowing attackers to trigger out-of-bounds memory writes during image processing. Public exploit code exists for this vulnerability affecting all versions of SAIL. No patch is currently available, leaving users of this cross-platform image loading library exposed to potential code execution or denial of service attacks.

Buffer Overflow Heap Overflow Sail
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2885 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 1.01.07 firmware allows remote authenticated attackers to achieve complete system compromise through crafted input to the IPv6 setup function. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2884 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution through a malformed submit-url parameter in the WAN interface configuration handler. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can leverage this to gain complete system compromise.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2882 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution by manipulating the submit-url parameter in the /boafrm/formDosCfg function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires low complexity with no user interaction, affecting device confidentiality, integrity, and availability.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2881 HIGH POC This Week

Remote code execution in D-Link DWR-M960 firmware through stack-based buffer overflow in the Advanced Firewall Configuration endpoint allows authenticated attackers to achieve complete system compromise. The vulnerability exists in the /boafrm/formFirewallAdv component where improper input validation on the submit-url parameter enables stack overflow attacks. Public exploit code is available and no patch has been released.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2871 HIGH POC This Week

Remote code execution in Tenda A21 1.0.0.0 firmware results from a stack buffer overflow in the SetIpMacBind function accessible via the /goform/SetIpMacBind endpoint, allowing unauthenticated remote attackers to execute arbitrary code with high integrity and availability impact. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for affected devices.

DNS Buffer Overflow Stack Overflow A21 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-27470 HIGH POC This Week

SQL injection in ZoneMinder's status.php getNearEvents() function allows authenticated users with event management permissions to execute arbitrary database queries through improperly sanitized Event Name and Cause fields in versions 1.36.37 and below or 1.37.61 through 1.38.0. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker could extract sensitive data, modify database contents, or potentially achieve code execution depending on database permissions and configuration.

PHP SQLi Zoneminder
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2883 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows remote attackers with low privileges to achieve complete system compromise through manipulation of the submit-url parameter in the /boafrm/formIpQoS function. Public exploit code exists for this vulnerability and no patch is currently available, creating immediate risk for affected deployments.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-27212 HIGH POC PATCH This Week

Prototype pollution in Swiper versions 6.5.1 through 12.1.1 allows local authenticated attackers to manipulate Object.prototype through improperly validated user input, enabling authentication bypass, denial of service, and remote code execution. Public exploit code exists for this vulnerability, which affects applications on Linux and Windows using Node.js or Bun runtimes. A patch is available and should be applied immediately to affected systems processing untrusted input.

Linux Denial Of Service Authentication Bypass Swiper
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-27479 HIGH POC PATCH This Week

Wallos versions 4.6.0 and below allow authenticated attackers to perform Server-Side Request Forgery attacks through the logo upload feature by exploiting HTTP redirects that bypass IP validation checks, enabling access to internal resources and cloud metadata endpoints. Public exploit code exists for this vulnerability, and an available patch should be applied immediately to prevent unauthorized disclosure of sensitive configuration and credentials.

SSRF Wallos
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-27161 HIGH POC This Week

Unauthenticated attackers can access sensitive files in GetSimple CMS when Apache's AllowOverride directive is disabled, bypassing .htaccess protections that restrict directory access. This configuration is common in hardened and shared hosting environments, exposing authorization credentials, API keys, and cryptographic salts in files like authorization.xml. Public exploit code exists for this vulnerability, and no patch is currently available.

Apache Getsimple Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27202 HIGH POC This Week

Arbitrary file read vulnerability in GetSimple CMS affects all versions through its Uploaded Files feature, allowing unauthenticated remote attackers to access sensitive files on affected systems. Public exploit code exists for this vulnerability, and no patch is currently available. The high-severity flaw (CVSS 7.5) poses a significant confidentiality risk to all GetSimple CMS deployments.

Path Traversal Getsimple Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27466 HIGH POC PATCH This Week

BigBlueButton versions 3.0.21 and below allow remote denial of service when ClamAV is configured following official documentation, as the exposed clamd ports (3310, 7357) can be targeted by attackers to send malicious documents that exhaust server resources or crash the scanning service. This vulnerability affects Ubuntu and Docker deployments since standard firewall rules do not restrict container traffic, and public exploit code exists. An unauthenticated remote attacker requires only network access to trigger the denial of service condition.

Ubuntu Docker Denial Of Service Bigbluebutton
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-27169 HIGH This Week

Stored cross-site scripting in OpenSift versions 1.1.2-alpha and below allows authenticated attackers to execute arbitrary JavaScript in victims' browsers by injecting malicious content into study materials, quizzes, or flashcards that render without proper HTML sanitization. An attacker with the ability to create or modify stored content could perform unauthorized actions within authenticated user sessions. No patch is currently available for this vulnerability.

XSS AI / ML Opensift
NVD GitHub
CVSS 3.1
8.9
EPSS
0.0%
CVE-2026-2877 HIGH This Week

Stack-based buffer overflow in Tenda A18 firmware versions up to 15.13.07.13 allows remote attackers with low privileges to achieve code execution through the wpapsk_crypto5g parameter in the /goform/WifiExtraSet endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score (8.8) reflects the combination of remote exploitability and complete system compromise potential.

Buffer Overflow Stack Overflow A18 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2876 HIGH This Week

Stack overflow in Tenda A18 firmware version 15.13.07.13 allows remote attackers with low privileges to achieve complete system compromise through a malformed deviceList parameter in the /goform/setBlackRule endpoint. Public exploit code is available and the vulnerability remains unpatched, creating significant risk for affected devices.

Buffer Overflow Stack Overflow A18 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-27198 HIGH PATCH This Week

Formwork CMS versions 2.0.0 through 2.3.3 fail to validate user privileges during account creation, allowing authenticated editors to create admin accounts and gain full CMS control. An attacker with editor-level access can exploit this authorization bypass to escalate privileges without restriction, completely compromising the application. A patch is available in version 2.3.4.

Privilege Escalation Formwork
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-27203 HIGH This Week

eBay API MCP Server's ebay_set_user_tokens tool fails to validate environment variable inputs in the updateEnvFile function, allowing authenticated attackers to inject arbitrary variables into the .env configuration file. An attacker with login credentials can exploit this to overwrite existing configurations, trigger denial of service conditions, or achieve remote code execution through malicious environment variable injection. No patch is currently available for this vulnerability affecting all versions of the AI/ML product.

Denial Of Service AI / ML
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-27206 HIGH PATCH This Week

Zumba Json Serializer versions 3.2.2 and below allow unrestricted PHP object instantiation during JSON deserialization, enabling attackers to trigger arbitrary class constructors and magic methods via malicious @type fields. When processing untrusted JSON input, this vulnerability can lead to PHP Object Injection and remote code execution if vulnerable gadget chains are present in the application or its dependencies. The vulnerability affects applications using affected PHP serialization libraries and currently lacks a patched version.

PHP RCE Deserialization
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-27134 HIGH This Week

Strimzi Kafka Operator versions 0.49.0-0.50.0 incorrectly trusts all intermediate CAs in a multistage certificate chain for mTLS authentication, allowing any user with a certificate signed by any CA in the chain to authenticate to Kafka listeners. This authentication bypass affects only deployments using custom Cluster or Clients CA with multi-level CA chains. No patch is currently available.

Apache Kubernetes Strimzi Kafka Operator Authentication Bypass
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-27196 HIGH PATCH This Week

Versions 5.73.8 and below in addition to 6.0.0-alpha.1 versions up to 6.3.1 is affected by cross-site scripting (xss) (CVSS 8.1).

XSS Statamic
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-27192 HIGH PATCH This Week

Origin validation bypass in Feathers framework versions 5.0.39 and below allows remote attackers to hijack OAuth tokens by registering domains with a common prefix to legitimate allowed origins, exploiting insufficient string comparison in the getAllowedOrigin() function. An attacker can craft a domain like https://target.com.attacker.com to bypass validation configured for https://target.com and intercept authentication credentials. This affects iOS applications and systems using vulnerable Feathers versions, though exploitation requires specific OAuth flow configurations.

Feathers
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-27464 HIGH PATCH This Week

Metabase versions prior to 0.57.13 and 0.58.x through 0.58.6 allow authenticated users to extract sensitive data including database credentials through template injection in the notification system. An attacker with low privileges can exploit unsafe template evaluation to retrieve confidential information and expose database access credentials. A patch is available in versions 0.57.13 and 0.58.7, or administrators can disable notifications as a temporary mitigation.

Industrial Metabase
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-27487 HIGH PATCH This Week

OpenClaw AI assistant on macOS versions 2026.2.13 and earlier is vulnerable to command injection through the credential refresh mechanism, which improperly handles user-controlled OAuth tokens when constructing shell commands for Keychain operations. An authenticated attacker with local access could exploit this to execute arbitrary OS commands with the privileges of the application user. The vulnerability has been patched in version 2026.2.14.

macOS Command Injection AI / ML Openclaw
NVD GitHub
CVSS 3.1
7.6
EPSS
0.1%
CVE-2026-27579 HIGH This Week

CollabPlatform's misconfigured CORS policy allows credentialed cross-origin requests from attacker-controlled domains, enabling unauthorized access to sensitive user account data including email addresses, account identifiers, and MFA status. All versions of the application are affected by this vulnerability, which remains unpatched and exploitable through simple web-based attacks requiring user interaction.

CSRF Information Disclosure
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-27488 HIGH PATCH This Week

OpenClaw versions 2026.2.17 and earlier allow unauthenticated remote attackers to access internal and metadata endpoints through unprotected cron webhook delivery mechanisms that lack SSRF validation. An attacker can exploit this to reach private services and endpoints that should be restricted, potentially leading to information disclosure or lateral movement within the infrastructure. A patch is available in version 2026.2.19.

SSRF AI / ML Openclaw
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-26046 HIGH This Week

Moodle's TeX filter fails to properly sanitize administrative configuration inputs, enabling command injection on systems with ImageMagick installed. An authenticated administrator can inject arbitrary system commands through a malicious TeX filter setting, achieving code execution with the privileges of the Moodle server process. No patch is currently available, and exploitation requires administrative access but could compromise the entire Moodle installation.

Moodle Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-26045 HIGH PATCH This Week

Moodle's backup restore function fails to properly validate malicious backup files, allowing authenticated administrators to achieve remote code execution through crafted file processing. An attacker with restore privileges can exploit this code injection vulnerability to fully compromise the Moodle server. No patch is currently available.

Moodle
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-27170 HIGH This Week

OpenSift versions 1.1.2-alpha and below allow authenticated attackers to abuse the URL ingest feature's overly permissive server-side request functionality to probe or access private and local network resources from the OpenSift host. The vulnerability requires valid credentials but no user interaction, enabling attackers to enumerate or interact with internal infrastructure not otherwise accessible. No patch is currently available, though version 1.1.3-alpha contains a fix.

Code Injection AI / ML Opensift
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy