Skip to main content
CVE-2026-9407 HIGH POC This Week

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the firewallType parameter sent to /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the SSVC framework rates the technical impact as total with automatable exploitation, though it is not currently listed in CISA KEV. EPSS sits at 0.89% (76th percentile), suggesting moderate but not yet widespread opportunistic exploitation.

Command Injection A8000Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-9406 HIGH POC This Week

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands via the 'enable' parameter of the setRemoteCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, raising the practical risk despite the device not being listed in CISA KEV; EPSS sits at 0.89% (76th percentile), reflecting moderate predicted exploitation likelihood.

Command Injection A8000Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-9405 HIGH POC This Week

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the 'enable' parameter passed to the setGameSpeedCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, raising the practical threat despite a modest EPSS score of 0.89% (76th percentile). No active exploitation has been confirmed via CISA KEV at time of analysis.

Command Injection A8000Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-9404 HIGH POC This Week

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary shell commands by manipulating the 'provider' argument passed to the setDdnsCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (CVSS 4.0 base 8.9, EPSS 0.89%), and no CISA KEV listing has been issued, but the combination of zero-privilege network exploitation and a working PoC against consumer/SOHO networking gear makes this a high-priority issue for any exposed device.

Command Injection A8000Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-9388 HIGH POC This Week

OS command injection in the TOTOLINK A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the 'mode' parameter sent to the setScheduleCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (published via VulDB and a GitHub PoC), though there is no public exploit identified as actively exploited in the wild and EPSS probability is modest at 0.89%. The flaw resides in the device's Web Management Interface and can be triggered over the network without user interaction, making any internet-exposed device immediately at risk.

Command Injection A8000Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-9387 HIGH POC This Week

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands via the resetFlags parameter handled by the setUpgradeFW function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the SSVC framework classifies exploitation as automatable with total technical impact, though EPSS remains modest at 0.89% (76th percentile).

Command Injection A8000Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-9386 HIGH POC This Week

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands through the setLanguageCfg function in /cgi-bin/cstecgi.cgi. The flaw is triggered by manipulating the lang argument in the Web Management Interface, with publicly available exploit code existing and SSVC classifying the issue as automatable with total technical impact. EPSS sits at 0.89% (76th percentile), indicating moderate but non-trivial exploitation probability.

Command Injection A8000Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-9385 HIGH POC This Week

Remote OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows unauthenticated attackers to execute arbitrary operating system commands by manipulating the 'command' argument in the setTracerouteCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the CVSS 4.0 vector confirms network-reachable, low-complexity exploitation without authentication or user interaction, though EPSS remains modest at 0.89% (76th percentile) and the issue is not listed in CISA KEV.

Command Injection A8000Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-9384 HIGH POC This Week

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands via the ip parameter handled by the setDiagnosisCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the CVSS 4.0 score of 8.9 reflects high impact across confidentiality, integrity, and availability. EPSS is moderate at 0.89% (76th percentile), and the vulnerability is not currently listed in CISA KEV.

Command Injection A8000Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-9389 HIGH POC This Week

Buffer overflow in the Tenda F456 router (firmware 1.0.0.5) allows remote attackers with low privileges to corrupt memory via the page parameter handled by the frmL7ImForm function exposed at /goform/L7Im. Publicly available exploit code exists, though EPSS rates near-term exploitation probability at only 0.05% (14th percentile) and the issue is not listed in CISA KEV.

Tenda Buffer Overflow F456
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9346 HIGH POC This Week

Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 enables authenticated remote attackers to execute arbitrary code via crafted POST requests to the wireless table management interface. The vulnerability affects the formWirelessTbl function when processing the submit-url parameter, with publicly available exploit code on GitHub demonstrating the attack method.

Buffer Overflow Ew 7438Rpn
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9345 HIGH POC This Week

Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware versions up to 1.31 enables authenticated remote attackers to execute arbitrary code by sending malformed parameters to the device configuration interface. The vulnerability affects the formWizSurvey function in /goform/formWizSurvey when processing ssid, manualssid, ip, mask, or gateway parameters, with publicly available exploit code existing on GitHub.

Buffer Overflow Ew 7438Rpn
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9403 HIGH POC This Week

Stack/heap buffer overflow in the Edimax BR-6675nD 1.12 wireless router allows authenticated remote attackers to corrupt memory by sending a crafted POST request with an oversized selSSID parameter to /goform/formWlSiteSurvey, potentially achieving code execution on the device. Publicly available exploit code exists (disclosed by VulDB), and the vendor was contacted early but did not respond, leaving the device without an official fix. EPSS probability is low (0.04%, 13th percentile) and the issue is not listed in CISA KEV.

Buffer Overflow Br 6675Nd
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9401 HIGH POC This Week

Buffer overflow in the Edimax BR-6675nD 1.12 wireless router's web management interface allows remote attackers with low-level credentials to corrupt memory via a crafted pppUserName parameter sent to the /goform/formWanTcpipSetup endpoint. Publicly available exploit code exists (disclosed via VulDB and a Notion writeup), and SSVC rates the technical impact as total, though EPSS remains very low at 0.04%. The vendor did not respond to coordinated disclosure, leaving affected devices without a confirmed fix.

Buffer Overflow Br 6675Nd
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9399 HIGH POC This Week

Stack buffer overflow in the Edimax BR-6675nD 1.12 wireless router allows remote authenticated attackers to corrupt memory and achieve total compromise via a crafted pppUserName parameter sent to /goform/formsetPPPoE. Publicly available exploit code exists and the vendor did not respond to the disclosure, leaving deployed devices exposed without an official fix. EPSS exploitation probability is low (0.04%) despite the public POC, but SSVC rates technical impact as total.

Buffer Overflow Br 6675Nd
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9393 HIGH POC This Week

Buffer overflow in the H3C Magic B0 router (firmware up to 100R002) allows authenticated remote attackers to corrupt memory via the param argument handled by the Edit_BasicSSID_5G function in /goform/aspForm, leading to high impact on confidentiality, integrity, and availability. Publicly available exploit code exists per VulDB, though EPSS remains very low (0.04%, 13th percentile) and the issue is not listed in CISA KEV, indicating no public exploit identified as actively used at time of analysis. The vendor was contacted but did not respond, increasing risk of an unpatched window for exposed devices.

Buffer Overflow Magic B0
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9382 HIGH POC This Week

Stack buffer overflow in the Edimax BR-6675nD 1.12 router's PPTP setup handler allows remote authenticated attackers to corrupt memory and potentially execute arbitrary code via an oversized pptpUserName POST parameter to /goform/formPPTPSetup. Publicly available exploit code exists (SSVC: PoC), though EPSS estimates exploitation probability at only 0.04% (13th percentile), reflecting the niche, end-of-life nature of the device. The vendor was notified prior to disclosure but did not respond, leaving affected units without an official fix.

Buffer Overflow Br 6675Nd
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9381 HIGH POC This Week

Buffer overflow in the Edimax BR-6675nD 1.12 wireless router allows remote attackers to corrupt memory by sending a malicious pppUserName parameter to the /goform/formPPPoESetup endpoint. Publicly available exploit code exists, raising the risk of opportunistic targeting despite a low EPSS score of 0.04%, and the vendor has not responded to coordinated disclosure attempts.

Buffer Overflow Br 6675Nd
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9380 HIGH POC This Week

Stack/heap buffer overflow in Edimax BR-6675nD 1.12 routers allows authenticated remote attackers to corrupt memory via an oversized L2TPUserName parameter sent to the /goform/formL2TPSetup endpoint, with publicly available exploit code exists. The vendor was notified early but has not responded, and no patch has been released, leaving deployed devices exposed. EPSS probability is low (0.04%, 13th percentile) but the combination of public POC, network reachability, and total technical impact (per SSVC) makes this a credible threat against unpatched edge devices.

Buffer Overflow Br 6675Nd
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9360 HIGH POC This Week

Buffer overflow in Edimax EW-7438RPn Wi-Fi range extender firmware 1.28a enables authenticated remote attackers to execute arbitrary code via malformed POST requests to the wireless encryption configuration endpoint. The vulnerability requires low-privilege authentication and has publicly available exploit code. No vendor response or patch has been provided despite early disclosure attempts.

Buffer Overflow Ew 7438Rpn
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9348 HIGH POC This Week

Stack-based buffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 enables authenticated remote attackers to execute arbitrary code by sending malicious input to the /goform/mp endpoint in the web server component. Public exploit code exists on GitHub, though the vulnerability is not listed in CISA KEV. The vendor failed to respond to responsible disclosure attempts, leaving devices unpatched.

Stack Overflow Buffer Overflow Ew 7438Rpn
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9344 HIGH POC This Week

Stack-based buffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 allows authenticated remote attackers to crash or execute code on the device by sending malicious input to the WPS configuration interface. The vulnerability occurs when processing the pinCode or wlan-url parameters in /goform/formWpsStart, with publicly available exploit code on GitHub demonstrating the attack.

Stack Overflow Buffer Overflow Ew 7438Rpn
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9367 MEDIUM POC This Month

Remote command injection in NousResearch hermes-agent allows unauthenticated attackers to execute arbitrary OS commands through the terminal_tool component's approval mechanism. The vulnerability affects all versions up to commit 5157f5427f19488b31c6fdebbacd15d798ce7f63 and has publicly available exploit code demonstrating the attack. The vendor has not responded to disclosure attempts, leaving users without an official patch.

Command Injection Hermes Agent
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
1.0%
CVE-2026-9351 MEDIUM POC This Month

Path traversal in NousResearch hermes-agent through version 2026.4.16 allows remote unauthenticated attackers to bypass path restrictions and modify or disrupt file operations via the read_file tool. The flaw exists in the _is_blocked_device function within tools/file_tools.py. Public exploit code is available (EPSS data not provided, but exploit confirmed). Vendor was notified but did not respond, suggesting no official patch exists at time of analysis.

Path Traversal Hermes Agent
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-9368 MEDIUM POC PATCH This Month

Remote sandbox escape in NousResearch hermes-agent versions up to 2026.4.16 allows unauthenticated attackers to manipulate environment variables through the code execution tool, potentially breaking out of the intended security sandbox. The vulnerability has publicly available exploit code and the vendor has not responded to disclosure attempts, leaving systems unpatched.

Information Disclosure Hermes Agent
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-9366 MEDIUM POC PATCH This Month

Code injection in NousResearch hermes-agent 2026.4.23 allows remote unauthenticated attackers to inject and execute arbitrary code through the _scan_context_content function in agent/prompt_builder.py. The vulnerability has publicly available exploit code and affects all versions up to 2026.4.23, with the vendor failing to respond to disclosure attempts.

Code Injection Hermes Agent
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-9354 MEDIUM POC This Month

Improper output escaping in NousResearch Hermes Agent versions up to 2026.4.16 allows remote unauthenticated attackers to manipulate message formatting in Slack and Mattermost integrations, potentially leading to information disclosure and service disruption. The vulnerability is exploitable via crafted format_message arguments with low attack complexity and requires no user interaction. Public exploit code is available via GitHub Gist. The vendor did not respond to early disclosure attempts, and no patch availability is documented.

Information Disclosure Mattermost
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-9353 MEDIUM POC PATCH This Month

Remote injection vulnerability in NousResearch hermes-agent versions up to 2026.4.23 enables unauthenticated attackers to inject malicious payloads through the Skills Guard component's multi-word prompt handling mechanism. The vulnerability has publicly available exploit code and allows attackers to achieve limited confidentiality, integrity, and availability impacts without user interaction. Despite early vendor notification, no response or patch has been provided.

Information Disclosure Hermes Agent
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-9372 MEDIUM POC This Month

Server-side request forgery (SSRF) in ItzCrazyKns Vane through version 1.12.1 enables unauthenticated remote attackers to manipulate the baseURL parameter in the Model Provider API, potentially accessing internal resources and services. The exploit has been publicly disclosed via a GitHub issue, and the CVSS temporal score indicates proof-of-concept code exists (E:P). The vendor was notified but has not yet responded or released a patch.

SSRF Vane
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-9350 MEDIUM POC This Month

Missing authorization in NousResearch hermes-agent versions up to 2026.4.16 allows remote attackers to bypass authentication checks in the Batch Runner component, potentially executing unauthorized commands. The vulnerability affects the check_all_command_guards function in tools/approval.py and can be exploited without authentication. Publicly available exploit code exists, though the vulnerability is not yet confirmed in CISA KEV.

Authentication Bypass Hermes Agent
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-9383 MEDIUM POC This Month

SQL injection in itsourcecode Electronic Judging System 1.0 exposes the admin login endpoint at /intrams/admin/login.php to unauthenticated remote attackers who can manipulate the Username parameter to alter backend SQL query logic. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms this is exploitable over the network with no privileges or user interaction, and publicly available exploit code (E:P) further lowers the barrier to entry. Although EPSS sits at 0.03% (9th percentile) indicating low observed exploitation activity, no vendor patch has been identified at time of analysis, leaving all known deployments of version 1.0 without an official remediation path.

PHP SQLi Electronic Judging System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-9356 MEDIUM POC This Month

SQL injection in SourceCodester Hospitals Patient Records Management System 1.0 enables remote unauthenticated attackers to manipulate database queries through the ID parameter in /admin/patients/manage_history.php. Public exploit code exists (GitHub), though not listed in CISA KEV. The vulnerability carries moderate risk with CVSS 7.3 reflecting potential for data theft and manipulation of patient records.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-9355 MEDIUM POC This Month

SQL injection in SourceCodester Hospitals Patient Records Management System 1.0 allows remote attackers to compromise patient data without authentication via manipulated ID parameter in /classes/Master.php?f=save_patient_history. The vulnerability has publicly available exploit code (GitHub) and enables unauthorized database access with potential to read, modify, or delete patient records. CVSS 7.3 indicates moderate severity with no exploitation prerequisites.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-9352 MEDIUM POC This Month

Information disclosure in NousResearch hermes-agent allows remote unauthenticated attackers to extract sensitive data via crafted requests to the Messaging Gateway Handler's environment configuration function. The vulnerability affects versions up to 2026.4.23 with publicly available exploit code demonstrating the attack. EPSS data not provided, but public POC availability increases immediate risk. Vendor has not responded to disclosure, suggesting no official patch timeline.

Information Disclosure Hermes Agent
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-9349 MEDIUM POC This Month

Information disclosure in Cal.com cal.diy up to version 4.9.4 allows remote unauthenticated attackers to access sensitive booking data through manipulation of cancelledBy/rescheduledBy parameters in the bookings single view API endpoint. The vulnerability affects the Generic React API's getServerSideProps function, enabling unauthorized retrieval of booking-related information. Public exploit code exists demonstrating the attack technique, and the vendor has not responded to coordinated disclosure attempts, leaving users at elevated risk until patches are self-applied.

Information Disclosure Cal Diy
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-9364 MEDIUM POC This Month

SQL injection in Online Art Gallery Shop 1.0 allows unauthenticated remote attackers to manipulate database queries through the social_linked parameter in /admin/adminHome.php. The vulnerability has publicly available exploit code and a CVSS score of 7.3, indicating high severity with the ability to impact confidentiality, integrity, and availability of the application.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3515 HIGH GHSA This Week

Command injection in Prefect 3.6.18's GitHub integration allows authenticated users to execute arbitrary git commands through the unsanitized reference field. The GitHubRepository block concatenates user input directly into git clone commands, enabling attackers to inject malicious options that can lead to SSRF, credential theft, or remote code execution. While no active exploitation is confirmed, the straightforward attack vector and high impact make this a priority for organizations using Prefect's GitHub integration features.

Gitlab RCE SSRF
NVD
CVSS 3.0
8.5
EPSS
0.1%
CVE-2026-9397 HIGH PATCH This Week

Improper authorization in the OTA Update Installation Handler of Besen BS20 EV Charging Station versions up to 20260426 allows remote attackers to install spoofed firmware updates on affected charging stations. The flaw is network-reachable with no authentication required, but exploitation carries high attack complexity (CVSS 4.0 8.2), and publicly available exploit code exists via the original researcher disclosure on GitHub. EPSS rates exploitation probability at only 0.04% (12th percentile), and CISA SSVC flags exploitation status as 'none' despite the public proof-of-concept.

Authentication Bypass Bs20 Ev Charging Station
NVD VulDB GitHub
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-4372 HIGH PATCH GHSA This Week

Remote code execution in HuggingFace Transformers prior to 5.3.0 allows attackers to achieve arbitrary code execution on a victim's machine by publishing a malicious model whose config.json sets the `_attn_implementation_internal` field to an attacker-controlled Hub repository. When the victim calls the standard `AutoModelForCausalLM.from_pretrained()` API, the library silently downloads and executes Python kernels from that repository with the victim's privileges, bypassing the `trust_remote_code` safety gate. No public exploit is identified at time of analysis (EPSS 0.03%, SSVC exploitation: none), but the technical impact is total and the attack uses the documented, default usage pattern.

Python Deserialization RCE Huggingface Transformers
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-48829 HIGH PATCH This Week

Unauthenticated denial of service in GNU SASL before version 2.2.3 occurs through a NULL pointer dereference in the DIGEST-MD5 authentication mechanism. Remote attackers can crash both client and server applications by sending a malformed authentication token that lacks an equals sign character, causing the getsubopt.c parser to dereference a NULL pointer.

Null Pointer Dereference Denial Of Service Gnu Sasl
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-48831 HIGH This Week

Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap sandboxes, because MIME handlers are not intended for use by code interpreters and loaders. NOTE: some parties feel that this is not a bug to be addressed in Wine, because there is no known solution that avoids a severe loss of usability (Wine could be a binfmt-misc handler, but binfmt-misc does not exist on all platforms supported by Wine).

Microsoft Information Disclosure Suse
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-9365 LOW POC PATCH Monitor

Heap-based buffer overflow in Ettercap's GG protocol dissector (versions up to 0.8.3) allows remote attackers to potentially achieve limited confidentiality, integrity, and availability compromise through crafted network traffic. The vulnerability exists in the ec_gg.c dissector when processing Gadu-Gadu instant messaging protocol packets. Publicly available exploit code exists (GitHub issue #1306), and vendor has released patch version 0.8.4 (commit feeae6fa). Despite network attack vector, exploitation difficulty is high (AC:H) with low EPSS risk, suggesting specialized targeting rather than mass exploitation.

Buffer Overflow Heap Overflow Ettercap
NVD VulDB GitHub
CVSS 4.0
2.9
EPSS
0.1%
CVE-2026-9371 LOW POC Monitor

Missing authentication in Vane up to 1.12.1 allows remote attackers to bypass intended access controls on API route.ts endpoints, potentially exposing or manipulating API functionality without credentials. Publicly available exploit code exists (GitHub issue #1123), though CVSS rates attack complexity as high (AC:H) with difficult exploitation, resulting in limited confidentiality, integrity, and availability impact (C:L/I:L/A:L). EPSS data not provided. Not listed in CISA KEV. Vendor (ItzCrazyKns) reportedly plans to implement basic authentication as remediation.

Authentication Bypass Vane
NVD VulDB GitHub
CVSS 4.0
2.9
EPSS
0.1%
CVE-2026-9370 LOW POC Monitor

Cryptographic salt generation in Jasypt Spring Boot library (versions ≤3.0.5 and ≤4.0.4) uses predictable values, enabling offline password cracking attacks against encrypted configuration properties. The SimpleGCMConfig class's getSecretKeySaltGenerator function generates salts without sufficient entropy, reducing the computational cost for attackers who obtain encrypted passwords to derive plaintext through dictionary or brute-force attacks. Public exploit code exists (POC available) with EPSS indicating low probability of widespread exploitation (3.7 CVSS, AC:H). Vendor has not responded to responsible disclosure as of analysis date.

Information Disclosure Java
NVD VulDB GitHub
CVSS 4.0
2.9
EPSS
0.0%
CVE-2026-9379 LOW POC Monitor

Command injection in the Edimax BR-6675nD 1.12 router's WPS start handler allows remote attackers with low-privilege authentication to execute arbitrary OS-level commands by supplying unsanitized shell metacharacters in the pinCode POST parameter of /goform/formWpsStart. Publicly available exploit code exists, confirmed via a Notion-hosted proof-of-concept referenced in VulDB reporting. The vendor was notified prior to disclosure but did not respond, and no patch has been released - leaving affected deployments without a vendor-supported remediation path.

Command Injection Br 6675Nd
NVD VulDB
CVSS 4.0
2.1
EPSS
1.1%
CVE-2026-9378 LOW POC Monitor

Command injection in the Edimax BR-6675nD firmware 1.12 exposes the POST handler at /goform/formHwSet to OS-level command execution through multiple unsanitized parameters including regulatory domain and MAC address fields. Remote attackers holding low-privilege credentials can exploit this without user interaction, as confirmed by a publicly released proof-of-concept. The vendor was notified prior to disclosure but did not respond, leaving no official patch and no coordinated remediation path.

Command Injection Br 6675Nd
NVD VulDB
CVSS 4.0
2.1
EPSS
1.1%
CVE-2026-9373 MEDIUM This Month

Improper authentication in JeecgBoot 3.9.1 OpenAPI endpoint allows remote attackers to bypass authentication checks and perform unauthorized actions, though exploitation is rated difficult due to high attack complexity. No public exploit code has been identified and no vendor response has been received. With CVSS 3.7 (Low severity) and AV:N/AC:H/PR:N parameters, the vulnerability poses limited immediate risk but requires monitoring given the authentication bypass nature and remote attack vector.

Authentication Bypass Jeecgboot
NVD VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-9347 LOW POC Monitor

OS command injection in Edimax EW-7438RPn WiFi range extender firmware versions up to 1.31 allows authenticated remote attackers to execute arbitrary system commands via the formWizSurvey web interface. The vulnerability exists in the /goform/formWizSurvey endpoint where input validation fails on the ip, mask, and gateway parameters. Publicly available exploit code exists (GitHub POC published), though no active exploitation has been confirmed by CISA KEV. EPSS data not available for this recent CVE. Vendor notified but non-responsive, indicating no official patch is forthcoming.

Command Injection Ew 7438Rpn
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.9%
CVE-2026-9402 LOW POC Monitor

Command injection in Edimax BR-6675nD 1.12 router firmware allows authenticated remote attackers to execute arbitrary OS commands by manipulating over two dozen POST parameters in the formWlanMP wireless calibration handler. The vulnerable endpoint exposes ATE (Automated Test Equipment) and EEPROM power calibration parameters - none requiring special configuration to be present - that pass user input unsanitized to a system-level command interpreter. A publicly available proof-of-concept exploit exists, no vendor patch has been released, and the vendor did not respond to responsible disclosure, leaving affected deployments permanently unmitigated absent compensating controls.

Command Injection Br 6675Nd
NVD VulDB
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-9400 LOW POC Monitor

Command injection in the Edimax BR-6675nD 1.12 router's web management interface allows remote authenticated attackers to execute arbitrary OS commands by manipulating the sub_dir parameter of POST requests to the /goform/formUSBStorage endpoint. The vulnerability stems from unsanitized input passed directly to a system-level command in the formUSBStorage function (CWE-77). A public proof-of-concept exploit has been published, the vendor has not responded to disclosure, and no patch is available, leaving all known-affected deployments without an official remediation path.

Command Injection Br 6675Nd
NVD VulDB
CVSS 4.0
2.1
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy