Skip to main content
CVE-2026-9407 HIGH POC This Week

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the firewallType parameter sent to /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the SSVC framework rates the technical impact as total with automatable exploitation, though it is not currently listed in CISA KEV. EPSS sits at 0.89% (76th percentile), suggesting moderate but not yet widespread opportunistic exploitation.

Command Injection A8000Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-9406 HIGH POC This Week

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands via the 'enable' parameter of the setRemoteCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, raising the practical risk despite the device not being listed in CISA KEV; EPSS sits at 0.89% (76th percentile), reflecting moderate predicted exploitation likelihood.

Command Injection A8000Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-9405 HIGH POC This Week

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the 'enable' parameter passed to the setGameSpeedCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, raising the practical threat despite a modest EPSS score of 0.89% (76th percentile). No active exploitation has been confirmed via CISA KEV at time of analysis.

Command Injection A8000Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-9404 HIGH POC This Week

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary shell commands by manipulating the 'provider' argument passed to the setDdnsCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (CVSS 4.0 base 8.9, EPSS 0.89%), and no CISA KEV listing has been issued, but the combination of zero-privilege network exploitation and a working PoC against consumer/SOHO networking gear makes this a high-priority issue for any exposed device.

Command Injection A8000Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-9388 HIGH POC This Week

OS command injection in the TOTOLINK A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the 'mode' parameter sent to the setScheduleCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (published via VulDB and a GitHub PoC), though there is no public exploit identified as actively exploited in the wild and EPSS probability is modest at 0.89%. The flaw resides in the device's Web Management Interface and can be triggered over the network without user interaction, making any internet-exposed device immediately at risk.

Command Injection A8000Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-9387 HIGH POC This Week

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands via the resetFlags parameter handled by the setUpgradeFW function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the SSVC framework classifies exploitation as automatable with total technical impact, though EPSS remains modest at 0.89% (76th percentile).

Command Injection A8000Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-9386 HIGH POC This Week

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands through the setLanguageCfg function in /cgi-bin/cstecgi.cgi. The flaw is triggered by manipulating the lang argument in the Web Management Interface, with publicly available exploit code existing and SSVC classifying the issue as automatable with total technical impact. EPSS sits at 0.89% (76th percentile), indicating moderate but non-trivial exploitation probability.

Command Injection A8000Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-9385 HIGH POC This Week

Remote OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows unauthenticated attackers to execute arbitrary operating system commands by manipulating the 'command' argument in the setTracerouteCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the CVSS 4.0 vector confirms network-reachable, low-complexity exploitation without authentication or user interaction, though EPSS remains modest at 0.89% (76th percentile) and the issue is not listed in CISA KEV.

Command Injection A8000Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-9384 HIGH POC This Week

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands via the ip parameter handled by the setDiagnosisCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the CVSS 4.0 score of 8.9 reflects high impact across confidentiality, integrity, and availability. EPSS is moderate at 0.89% (76th percentile), and the vulnerability is not currently listed in CISA KEV.

Command Injection A8000Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-9389 HIGH POC This Week

Buffer overflow in the Tenda F456 router (firmware 1.0.0.5) allows remote attackers with low privileges to corrupt memory via the page parameter handled by the frmL7ImForm function exposed at /goform/L7Im. Publicly available exploit code exists, though EPSS rates near-term exploitation probability at only 0.05% (14th percentile) and the issue is not listed in CISA KEV.

Tenda Buffer Overflow F456
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9346 HIGH POC This Week

Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 enables authenticated remote attackers to execute arbitrary code via crafted POST requests to the wireless table management interface. The vulnerability affects the formWirelessTbl function when processing the submit-url parameter, with publicly available exploit code on GitHub demonstrating the attack method.

Buffer Overflow Ew 7438Rpn
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9345 HIGH POC This Week

Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware versions up to 1.31 enables authenticated remote attackers to execute arbitrary code by sending malformed parameters to the device configuration interface. The vulnerability affects the formWizSurvey function in /goform/formWizSurvey when processing ssid, manualssid, ip, mask, or gateway parameters, with publicly available exploit code existing on GitHub.

Buffer Overflow Ew 7438Rpn
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9403 HIGH POC This Week

Stack/heap buffer overflow in the Edimax BR-6675nD 1.12 wireless router allows authenticated remote attackers to corrupt memory by sending a crafted POST request with an oversized selSSID parameter to /goform/formWlSiteSurvey, potentially achieving code execution on the device. Publicly available exploit code exists (disclosed by VulDB), and the vendor was contacted early but did not respond, leaving the device without an official fix. EPSS probability is low (0.04%, 13th percentile) and the issue is not listed in CISA KEV.

Buffer Overflow Br 6675Nd
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9401 HIGH POC This Week

Buffer overflow in the Edimax BR-6675nD 1.12 wireless router's web management interface allows remote attackers with low-level credentials to corrupt memory via a crafted pppUserName parameter sent to the /goform/formWanTcpipSetup endpoint. Publicly available exploit code exists (disclosed via VulDB and a Notion writeup), and SSVC rates the technical impact as total, though EPSS remains very low at 0.04%. The vendor did not respond to coordinated disclosure, leaving affected devices without a confirmed fix.

Buffer Overflow Br 6675Nd
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9399 HIGH POC This Week

Stack buffer overflow in the Edimax BR-6675nD 1.12 wireless router allows remote authenticated attackers to corrupt memory and achieve total compromise via a crafted pppUserName parameter sent to /goform/formsetPPPoE. Publicly available exploit code exists and the vendor did not respond to the disclosure, leaving deployed devices exposed without an official fix. EPSS exploitation probability is low (0.04%) despite the public POC, but SSVC rates technical impact as total.

Buffer Overflow Br 6675Nd
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9393 HIGH POC This Week

Buffer overflow in the H3C Magic B0 router (firmware up to 100R002) allows authenticated remote attackers to corrupt memory via the param argument handled by the Edit_BasicSSID_5G function in /goform/aspForm, leading to high impact on confidentiality, integrity, and availability. Publicly available exploit code exists per VulDB, though EPSS remains very low (0.04%, 13th percentile) and the issue is not listed in CISA KEV, indicating no public exploit identified as actively used at time of analysis. The vendor was contacted but did not respond, increasing risk of an unpatched window for exposed devices.

Buffer Overflow Magic B0
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9382 HIGH POC This Week

Stack buffer overflow in the Edimax BR-6675nD 1.12 router's PPTP setup handler allows remote authenticated attackers to corrupt memory and potentially execute arbitrary code via an oversized pptpUserName POST parameter to /goform/formPPTPSetup. Publicly available exploit code exists (SSVC: PoC), though EPSS estimates exploitation probability at only 0.04% (13th percentile), reflecting the niche, end-of-life nature of the device. The vendor was notified prior to disclosure but did not respond, leaving affected units without an official fix.

Buffer Overflow Br 6675Nd
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9381 HIGH POC This Week

Buffer overflow in the Edimax BR-6675nD 1.12 wireless router allows remote attackers to corrupt memory by sending a malicious pppUserName parameter to the /goform/formPPPoESetup endpoint. Publicly available exploit code exists, raising the risk of opportunistic targeting despite a low EPSS score of 0.04%, and the vendor has not responded to coordinated disclosure attempts.

Buffer Overflow Br 6675Nd
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9380 HIGH POC This Week

Stack/heap buffer overflow in Edimax BR-6675nD 1.12 routers allows authenticated remote attackers to corrupt memory via an oversized L2TPUserName parameter sent to the /goform/formL2TPSetup endpoint, with publicly available exploit code exists. The vendor was notified early but has not responded, and no patch has been released, leaving deployed devices exposed. EPSS probability is low (0.04%, 13th percentile) but the combination of public POC, network reachability, and total technical impact (per SSVC) makes this a credible threat against unpatched edge devices.

Buffer Overflow Br 6675Nd
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9360 HIGH POC This Week

Buffer overflow in Edimax EW-7438RPn Wi-Fi range extender firmware 1.28a enables authenticated remote attackers to execute arbitrary code via malformed POST requests to the wireless encryption configuration endpoint. The vulnerability requires low-privilege authentication and has publicly available exploit code. No vendor response or patch has been provided despite early disclosure attempts.

Buffer Overflow Ew 7438Rpn
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9348 HIGH POC This Week

Stack-based buffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 enables authenticated remote attackers to execute arbitrary code by sending malicious input to the /goform/mp endpoint in the web server component. Public exploit code exists on GitHub, though the vulnerability is not listed in CISA KEV. The vendor failed to respond to responsible disclosure attempts, leaving devices unpatched.

Stack Overflow Buffer Overflow Ew 7438Rpn
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9344 HIGH POC This Week

Stack-based buffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 allows authenticated remote attackers to crash or execute code on the device by sending malicious input to the WPS configuration interface. The vulnerability occurs when processing the pinCode or wlan-url parameters in /goform/formWpsStart, with publicly available exploit code on GitHub demonstrating the attack.

Stack Overflow Buffer Overflow Ew 7438Rpn
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-3515 HIGH GHSA This Week

Command injection in Prefect 3.6.18's GitHub integration allows authenticated users to execute arbitrary git commands through the unsanitized reference field. The GitHubRepository block concatenates user input directly into git clone commands, enabling attackers to inject malicious options that can lead to SSRF, credential theft, or remote code execution. While no active exploitation is confirmed, the straightforward attack vector and high impact make this a priority for organizations using Prefect's GitHub integration features.

Gitlab RCE SSRF
NVD
CVSS 3.0
8.5
EPSS
0.1%
CVE-2026-9397 HIGH PATCH This Week

Improper authorization in the OTA Update Installation Handler of Besen BS20 EV Charging Station versions up to 20260426 allows remote attackers to install spoofed firmware updates on affected charging stations. The flaw is network-reachable with no authentication required, but exploitation carries high attack complexity (CVSS 4.0 8.2), and publicly available exploit code exists via the original researcher disclosure on GitHub. EPSS rates exploitation probability at only 0.04% (12th percentile), and CISA SSVC flags exploitation status as 'none' despite the public proof-of-concept.

Authentication Bypass Bs20 Ev Charging Station
NVD VulDB GitHub
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-4372 HIGH PATCH GHSA This Week

Remote code execution in HuggingFace Transformers prior to 5.3.0 allows attackers to achieve arbitrary code execution on a victim's machine by publishing a malicious model whose config.json sets the `_attn_implementation_internal` field to an attacker-controlled Hub repository. When the victim calls the standard `AutoModelForCausalLM.from_pretrained()` API, the library silently downloads and executes Python kernels from that repository with the victim's privileges, bypassing the `trust_remote_code` safety gate. No public exploit is identified at time of analysis (EPSS 0.03%, SSVC exploitation: none), but the technical impact is total and the attack uses the documented, default usage pattern.

Python Deserialization RCE Huggingface Transformers
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-48829 HIGH PATCH This Week

Unauthenticated denial of service in GNU SASL before version 2.2.3 occurs through a NULL pointer dereference in the DIGEST-MD5 authentication mechanism. Remote attackers can crash both client and server applications by sending a malformed authentication token that lacks an equals sign character, causing the getsubopt.c parser to dereference a NULL pointer.

Null Pointer Dereference Denial Of Service Gnu Sasl
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-48831 HIGH This Week

Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap sandboxes, because MIME handlers are not intended for use by code interpreters and loaders. NOTE: some parties feel that this is not a bug to be addressed in Wine, because there is no known solution that avoids a severe loss of usability (Wine could be a binfmt-misc handler, but binfmt-misc does not exist on all platforms supported by Wine).

Microsoft Information Disclosure Suse
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy