Skip to main content
CVE-2026-7037 HIGH POC This Week

OS command injection in Totolink A8000RU firmware 7.1cu.643_b20200521 enables remote unauthenticated attackers to execute arbitrary system commands via the pptpPassThru parameter in the setVpnPassCfg function. Public exploit code exists on GitHub, dramatically lowering the barrier to exploitation. CVSS v4.0 base score of 8.9 reflects network attack vector, low complexity, and no authentication requirements, with high impact to confidentiality, integrity, and availability of the vulnerable device.

Command Injection A8000Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2018-25294 HIGH POC This Week

CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Cewe Photoshow
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2018-25283 HIGH POC This Week

iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Ismartviewpro
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2018-25263 HIGH POC This Week

Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Faleemi Desktop Software
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-7056 HIGH POC This Week

Buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the SafeUrlFilter functionality of the httpd web server component, triggered by manipulating the 'page' parameter. A public proof-of-concept exploit is available on GitHub, significantly lowering the barrier to exploitation, though no CISA KEV listing or widespread exploitation has been confirmed at time of analysis.

Buffer Overflow Tenda
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-7057 HIGH POC This Week

Buffer overflow in Tenda F456 router firmware 1.0.0.5 enables remote authenticated attackers to achieve arbitrary code execution via crafted HTTP requests to the /goform/setcfm endpoint in the httpd service. The vulnerability affects the funcname and funcpara1 parameters and has a publicly available exploit on GitHub, significantly lowering the barrier for exploitation. CVSS v4.0 base score of 7.4 reflects high confidentiality, integrity, and availability impact with low attack complexity, though the requirement for low-privilege authentication provides some defense. No vendor patch has been identified for this IoT router vulnerability.

Buffer Overflow Tenda
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-7055 HIGH POC This Week

Remote code execution in Tenda F456 router firmware 1.0.0.5 allows authenticated attackers to overflow buffers in the httpd service via crafted menufacturer/Go parameters to the VirtualSer endpoint. Public exploit code exists on GitHub (Litengzheng/vuldb_new), enabling attackers with low-privilege credentials to achieve complete system compromise. While CVSS rates this 7.4 (High) with network attack vector and low complexity, the requirement for authentication (PR:L) moderates real-world risk compared to unauthenticated RCE - priority depends on whether default credentials are documented or credential stuffing is viable against target deployments.

Buffer Overflow Tenda
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-7054 HIGH POC This Week

Buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to execute arbitrary code via malformed PPTP client parameters. The vulnerability resides in the fromPptpUserAdd function of the httpd web server component, specifically through manipulation of the opttype/usernamewith arguments. Public exploit code is available on GitHub, significantly lowering the barrier for exploitation against internet-exposed Tenda F456 devices with default or weak administrative credentials.

Buffer Overflow Tenda
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-7053 HIGH POC This Week

Buffer overflow in Tenda F456 router firmware version 1.0.0.5 enables authenticated remote attackers to achieve complete system compromise via crafted HTTP requests to the /goform/L7Prot endpoint. The vulnerability affects the frmL7ProtForm function in the httpd component, triggered by malicious 'page' parameter manipulation. Public exploit code exists on GitHub (Litengzheng/vuldb_new), significantly lowering the barrier to exploitation despite requiring low-privilege authentication (PR:L). CVSS 7.4 reflects high confidentiality, integrity, and availability impact with network attack vector and low complexity.

Buffer Overflow Tenda
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-7035 HIGH POC This Week

Stack-based buffer overflow in Tenda FH1202 router firmware 1.2.0.14 allows authenticated remote attackers to execute arbitrary code via crafted HTTP requests to the /goform/WrlclientSet endpoint. The vulnerability resides in the fromWrlclientSet function of the httpd component, triggered by malicious 'Go' parameter input. Publicly available proof-of-concept exploit code increases immediate exploitation risk for exposed devices. EPSS data not provided, but public POC and low attack complexity (AC:L) indicate elevated real-world risk despite authentication requirement (PR:L).

Buffer Overflow Tenda Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-7034 HIGH POC This Week

Stack-based buffer overflow in Tenda FH1202 router firmware 1.2.0.14(408) allows authenticated remote attackers to execute arbitrary code via crafted 'Go' parameter to the /goform/WrlExtraSet endpoint in the httpd service. A public proof-of-concept exploit exists (GitHub), enabling reliable exploitation despite low attack complexity. CVSS 7.4 (High) severity reflects significant impact potential, though exploitation requires valid user credentials (PR:L), limiting mass-scale attacks to scenarios where default/weak credentials are common in Tenda routers.

Buffer Overflow Tenda Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-7033 HIGH POC This Week

Buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to achieve high-impact compromise of device confidentiality, integrity, and availability through crafted input to the SafeClientFilter function. A proof-of-concept exploit has been published on GitHub, increasing the likelihood of exploitation attempts against exposed management interfaces. While authentication is required (PR:L), the low attack complexity (AC:L) and network accessibility (AV:N) make this exploitable by attackers with basic router credentials.

Buffer Overflow Tenda
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-7032 HIGH POC This Week

Buffer overflow in Tenda F456 wireless router firmware 1.0.0.5 allows authenticated remote attackers to achieve arbitrary code execution through the SafeEmailFilter function. The vulnerability requires low-privilege authentication but enables complete system compromise (confidentiality, integrity, and availability impact all rated High). A public exploit has been published on GitHub, significantly lowering the barrier for exploitation, though no CISA KEV listing or EPSS data indicates the attack remains targeted rather than widespread at this time.

Buffer Overflow Tenda
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-7031 HIGH POC This Week

Buffer overflow in Tenda F456 router version 1.0.0.5 allows authenticated remote attackers to achieve complete device compromise via crafted HTTP requests to the /goform/SafeMacFilter endpoint. The vulnerability resides in the fromSafeMacFilter function's improper validation of the 'page' parameter. Public exploit code is available on GitHub, significantly lowering the technical barrier for exploitation. CVSS 7.4 (High) reflects the network attack vector and high impact across confidentiality, integrity, and availability, though exploitation requires low-privilege authentication.

Buffer Overflow Tenda
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-7030 HIGH POC This Week

Remote code execution in Tenda F456 router firmware version 1.0.0.5 allows authenticated attackers to crash the device or execute arbitrary code via buffer overflow in the RouteStatic configuration handler. The vulnerability targets the 'page' parameter in /goform/RouteStatic endpoint and requires only low-privilege authentication (CVSS PR:L). A publicly available proof-of-concept exploit exists on GitHub, significantly lowering the technical barrier for exploitation. The CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact with low attack complexity (AC:L) and network-based attack vector (AV:N).

Buffer Overflow Tenda
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-7029 HIGH POC This Week

Buffer overflow in Tenda F456 router firmware version 1.0.0.5 allows authenticated remote attackers to execute arbitrary code or crash the device by sending malformed HTTP requests to the /goform/addressNat endpoint. The vulnerability exists in the fromaddressNat function and is actively exploitable with publicly available proof-of-concept code. CVSS 7.4 with low attack complexity indicates straightforward exploitation once authenticated, while EPSS data (if available) would contextualize real-world exploitation likelihood beyond the confirmed POC availability.

Buffer Overflow Tenda
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-7039 HIGH POC This Week

Command injection in ssh-mcp versions up to 1.5.0 allows authenticated local users to execute arbitrary OS commands via the Description parameter to the shell.write function in src/index.ts. Publicly available exploit code exists (GitHub issue #44) demonstrating the vulnerability. Despite CVSS 7.1 severity, real-world risk is moderate due to local-only attack vector and low EPSS score (0.06%, 18th percentile), indicating minimal observed exploitation attempts. Vendor has not responded to early disclosure via issue report.

Command Injection Ssh Mcp
NVD VulDB GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2018-25297 MEDIUM POC This Month

Wansview 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wansview
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25278 MEDIUM POC This Month

PicaJet FX 2.6.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Picajet Fx
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25274 MEDIUM POC This Month

InfraRecorder 0.53 contains a denial of service vulnerability that allows local attackers to crash the application by importing a maliciously crafted text file. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Infrarecorder
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25273 MEDIUM POC This Month

CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Crossfont
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25264 MEDIUM POC This Month

TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Transmac
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25295 MEDIUM POC This Month

ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the IP input field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Observerip Scan Tool
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25293 MEDIUM POC This Month

Prime95 29.4b7 contains a buffer overflow vulnerability in the PrimeNet connection dialog that allows local attackers to crash the application by supplying an excessively long string in the optional. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Prime95
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25292 MEDIUM POC This Month

Bome Restorator 1793 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Restorator
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25291 MEDIUM POC This Month

Project64 2.3.2 contains a buffer overflow vulnerability in the Plugin Directory settings field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Project64
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25290 MEDIUM POC This Month

Easyboot 6.6.0 contains a buffer overflow vulnerability in the Replace Text function that allows local attackers to crash the application by supplying an oversized string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Easyboot
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25289 MEDIUM POC This Month

Softdisk 3.0.3 contains a buffer overflow vulnerability in the registration code dialog that allows local attackers to crash the application by supplying an oversized string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Softdisk
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25288 MEDIUM POC This Month

StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Stylewriter
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25286 MEDIUM POC This Month

Easy PhotoResQ 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Folder/filename field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Easy Photoresq
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25284 MEDIUM POC This Month

HD Tune Pro 5.70 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the folder/file name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Hd Tune Pro
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25282 MEDIUM POC PATCH This Month

Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Red Hat Suse
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25279 MEDIUM POC This Month

jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jina Ocr Image To Text
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25277 MEDIUM POC This Month

PixGPS 1.1.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string to the folder path input field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Pixgps
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25275 MEDIUM POC This Month

Faleemi Plus 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Faleemi Plus
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25281 MEDIUM POC This Month

iCash 7.6.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload through the Connect to Server dialog. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Icash
NVD Exploit-DB VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2018-25296 MEDIUM POC This Month

P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Central Management Software
NVD Exploit-DB VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2018-25287 MEDIUM POC This Month

Drive Power Manager 1.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Drive Power Manager
NVD Exploit-DB VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2018-25285 MEDIUM POC This Month

Fathom 2.4 contains a buffer overflow vulnerability in the Authorization Code field that allows local attackers to crash the application by submitting an oversized input string. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Fathom
NVD Exploit-DB VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2018-25280 MEDIUM POC This Month

Infiltrator Network Security Scanner 4.6 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Infiltrator Network Security Scanner
NVD Exploit-DB VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2018-25276 MEDIUM POC This Month

RoboImport 1.2.0.72 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Roboimport
NVD Exploit-DB VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-7066 MEDIUM POC This Month

Remote OS command injection in simple-openstack-mcp allows unauthenticated attackers to execute arbitrary system commands via the exec_openstack function in server.py. The vulnerability affects all deployments up to commit 767b2f4a8154cca344344b9725537a58399e6036, with confirmed publicly available exploit code (GitHub issue #3). CVSS 7.3 severity reflects network attack vector with no authentication required, enabling direct system compromise. Project maintainer has not responded to vulnerability disclosure at time of analysis.

Command Injection Simple Openstack Mcp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
1.0%
CVE-2026-7058 MEDIUM POC This Month

Remote command injection in MiroFish versions up to 0.1.2 allows unauthenticated attackers to execute arbitrary system commands through the SimulationIPCClient.send_command function in the inter-process communication module. The vulnerability is actively exploitable via network access with low complexity, requiring no user interaction or authentication. A public proof-of-concept exploit has been disclosed (GitHub issue #488), and EPSS data shows moderate exploitation probability. The vendor (666ghj) has been notified via issue report but has not responded or released a patch, leaving all MiroFish installations vulnerable to remote compromise.

Command Injection Mirofish
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
1.0%
CVE-2026-7062 MEDIUM POC This Month

OS command injection in Intina47 context-sync through version 2.0.0 allows remote unauthenticated attackers to execute arbitrary system commands via the Git integration module (src/git-integration.ts). CVSS 7.3 with network attack vector and no authentication required indicates significant exposure. Publicly available exploit code exists (wing3e/public_exp repository), though no CISA KEV listing suggests exploitation remains limited to proof-of-concept demonstrations rather than widespread campaigns. EPSS data unavailable, but the combination of network exposure, authentication bypass, and public exploit warrants immediate remediation priority for organizations using this synchronization tool.

Command Injection Context Sync
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.8%
CVE-2026-7061 MEDIUM POC This Month

OS command injection in Toowiredd chatgpt-mcp-server up to version 0.1.0 allows remote unauthenticated attackers to execute arbitrary system commands through the Docker service component. The vulnerability exists in src/services/docker.service.ts within the MCP/HTTP interface and has publicly available exploit code. The vendor has been notified but has not yet released a patch.

Docker Command Injection
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.8%
CVE-2026-7064 MEDIUM POC This Month

Remote unauthenticated attackers can inject arbitrary operating system commands through the browser-connector.ts file in AgentDeskAI browser-tools-mcp versions up to 1.2.0, leading to command execution with application privileges. The vulnerability stems from improper input sanitization in file browser processing and has been published with publicly available exploit code; the vendor has been notified but has not yet released a patch.

Command Injection Browser Tools Mcp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.2%
CVE-2026-7042 MEDIUM POC This Month

Missing authentication in MiroFish REST API allows remote attackers to bypass security controls and access protected endpoints without credentials. The vulnerability affects MiroFish versions up to 0.1.2 in the create_app function within backend/app/__init__.py. A publicly available exploit demonstrates the attack (GitHub issue #487), and the vulnerability is trivially exploitable with CVSS complexity rated Low and no authentication required (CVSS:3.1/AV:N/AC:L/PR:N/UI:N). The vendor has not responded to responsible disclosure attempts, leaving users without an official patch. With CVSS 7.3 (High) and confirmed public POC, this represents an immediate risk to deployments exposing the REST API to untrusted networks.

Authentication Bypass Mirofish
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-7036 MEDIUM POC This Month

Path traversal in Tenda i9 router firmware version 1.0.0.5(2204) allows remote unauthenticated attackers to access arbitrary files, modify system configurations, and potentially disrupt device operation via the R7WebsSecurityHandlerfunction in the HTTP Handler component. Publicly available exploit code exists on GitHub (Litengzheng/vuldb_new), enabling straightforward exploitation with EPSS-assessed risk. The vulnerability permits confidentiality, integrity, and availability impacts with low attack complexity and no required user interaction, making it a realistic target for automated scanning and exploitation.

Tenda Path Traversal
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-7059 MEDIUM POC This Month

Path traversal in MiroFish up to version 0.1.2 allows remote unauthenticated attackers to read arbitrary files via manipulation of the Platform query parameter in the get_simulation_posts function. The vulnerability affects the backend simulation API endpoint and has publicly available exploit code, though exploitation is limited to information disclosure rather than modification or availability impact.

Path Traversal Mirofish
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7065 MEDIUM POC This Month

Server-side request forgery (SSRF) in BuildingAI up to version 26.0.1 allows remote unauthenticated attackers to abuse the Remote Upload API's uploadRemoteFile function by manipulating the url parameter, enabling unauthorized access to internal resources, data exfiltration from cloud metadata services, and potential pivoting to internal network systems. A publicly available exploit exists (GitHub issue #110), but the vendor has not responded to disclosure. CVSS 7.3 with EPSS data unavailable; exploitation requires no authentication and low attack complexity (AV:N/AC:L/PR:N/UI:N), making this a high-priority remediation target despite unknown CISA KEV status.

SSRF Buildingai
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy