Skip to main content
CVE-2026-10187 HIGH POC This Week

Stack-based buffer overflow in the Totolink N300RH router (firmware 6.1c.1353_B20190305) allows remote attackers to corrupt memory via the KeyStr argument processed by the setWiFiBasicConfig function in wireless.so, reachable through the Web Management Interface. Publicly available exploit code exists, and the CVSS 4.0 vector indicates network-reachable, unauthenticated exploitation with high impact to confidentiality, integrity, and availability. No CISA KEV listing has been published, so exploitation is not confirmed in the wild despite the public PoC.

Buffer Overflow Stack Overflow N300Rh
NVD VulDB
CVSS 4.0
8.9
EPSS
0.1%
CVE-2026-49489 HIGH POC This Week

SQL injection in OpenCATS through 0.9.7.4 allows authenticated users to extract arbitrary database contents by injecting malicious SQL into the sortDirection parameter of ajax/getDataGridPager.php. Publicly available exploit code exists (Exploit-DB 52579, Packet Storm), and the issue was disclosed via a GitHub Security Advisory coordinated with VulnCheck. The CVSS 4.0 base score of 8.4 reflects high confidentiality impact with a subsequent-system scope change, though exploitation requires a valid low-privileged account.

PHP Information Disclosure SQLi
NVD GitHub Exploit-DB VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-10192 HIGH POC This Week

Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows remote attackers to corrupt memory in the embedded HTTP daemon by supplying a crafted Time argument to the set_local_time_0 function in /bin/httpd. Publicly available exploit code exists, and the CVSS 4.0 base score of 7.4 reflects high impact to confidentiality, integrity, and availability with low-privilege network access. No CISA KEV listing or EPSS score is provided, so widespread opportunistic exploitation is not confirmed at this time.

Buffer Overflow Tenda Stack Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-10191 HIGH POC This Week

Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows remote authenticated attackers to corrupt memory in the embedded HTTP daemon by supplying an oversized wifiMacFilterSet.macList.mac parameter to the cgiWifiMacFilterSet handler in /bin/httpd. Publicly available exploit code exists, raising the practical risk of device compromise, denial of service, or potential code execution on affected access points, though no CISA KEV listing or active exploitation has been confirmed.

Buffer Overflow Tenda Stack Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-10189 HIGH POC This Week

Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows authenticated remote attackers to corrupt memory in the embedded HTTP daemon via the 'sec' parameter of the cgiSysTimeInfoSet handler. Publicly available exploit code exists for this issue, raising the practical risk for exposed management interfaces despite no public exploit identified at time of analysis in the CISA KEV catalog.

Buffer Overflow Tenda Stack Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-10188 HIGH POC This Week

Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows remote attackers with low privileges to corrupt memory via the staMac parameter processed by the cgistaKickOff function in /bin/httpd. Publicly available exploit code exists (hosted at cdn2.v50to.cc), elevating practical risk despite no current CISA KEV listing. The CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact achievable over the network against this enterprise wireless access point.

Buffer Overflow Tenda Stack Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-10183 HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router allows remote attackers with low privileges to corrupt memory via the enrollee parameter in the formWlanSetup handler at /goform/formWlanSetup. Publicly available exploit code exists, and the vendor has explicitly declined to patch because the device reached end-of-life in 2009. No CISA KEV listing is present, but the combination of public PoC, network-reachable attack surface, and permanent unpatched status makes any internet-exposed unit a standing risk.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10181 HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP wireless router firmware 3.10B20 allows remote authenticated attackers to corrupt memory via a crafted submit-url argument to the formSysCmd handler at /goform/formSysCmd. Publicly available exploit code exists per VulDB submission and a GitHub PoC, while the device has been end-of-life since 2009 and the vendor has explicitly stated they will not issue a fix. No CISA KEV listing or EPSS score was provided, but the combination of public PoC and abandoned product status makes any exposed device a concrete target.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10165 HIGH POC This Week

Stack-based buffer overflow in the Edimax BR-6478AC 1.23 wireless router enables authenticated remote attackers to corrupt memory by sending a crafted pppUserName parameter to the /goform/formWanTcpipSetup endpoint. Publicly available exploit code exists (published via VulDB and a Notion writeup), elevating this from a theoretical issue to a practical threat, though no CISA KEV listing or active exploitation has been confirmed. The CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact on the device itself, with exploitation requiring only low-level authentication.

Buffer Overflow Stack Overflow Br 6478Ac
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10164 HIGH POC This Week

Remote buffer overflow in the Edimax BR-6478AC 1.23 wireless router allows authenticated attackers to corrupt memory via the formUSBFolder POST handler by supplying oversized ShareName or SelectName arguments. Publicly available exploit code exists (hosted on a Notion page referenced by VulDB), and the CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact on the device with low privileges required. No CISA KEV listing, so this is best treated as a publicly weaponizable bug awaiting a vendor response.

Buffer Overflow Br 6478Ac
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10163 HIGH POC This Week

Buffer overflow in the Edimax BR-6478AC v1.23 wireless router allows authenticated remote attackers to corrupt memory by sending oversized UserName or Password values to the /goform/formUSBAccount endpoint. Publicly available exploit code exists for this issue, raising the practical risk despite the requirement for low-level credentials, though no active exploitation has been confirmed via CISA KEV.

Buffer Overflow Br 6478Ac
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10162 HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows authenticated remote attackers to corrupt memory via the webpage parameter in the formSetPassword handler at /goform/formSetPassword, with publicly available exploit code increasing risk. The vendor has formally declined to patch this end-of-life device (EOL since 2009), making any deployment permanently vulnerable. CVSS 4.0 rates this 7.4 (High) with proven exploit maturity, though no CISA KEV listing exists at this time.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10161 HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP router (firmware 3.10B20) allows authenticated remote attackers to corrupt memory via the status_statistic parameter in the /goform/formResetStatistic endpoint, potentially leading to code execution or device compromise. Publicly available exploit code exists on GitHub, and the vendor has confirmed the product is end-of-life (EOL since 2009) and will not be patched. No CISA KEV listing or EPSS data is provided in the input, so widespread exploitation status is unconfirmed.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10160 HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 wireless router allows authenticated remote attackers to corrupt memory via the start_wizard parameter in the /goform/formSetEnableWizard endpoint. Publicly available exploit code exists, and the vendor has confirmed they will not issue a fix because the device has been end-of-life since 2009. EPSS data was not provided, and the CVE is not listed in CISA KEV, but the combination of trivial exploitability and no forthcoming patch makes this a permanent risk for any still-deployed units.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10159 HIGH POC Monitor

Stack-based buffer overflow in the TRENDnet TEW-432BRP wireless router (firmware 3.10B20) allows authenticated remote attackers to corrupt memory via the current_page parameter handled by the formSysLog function at /goform/formSysLog, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists, and the vendor has explicitly declined to issue a fix because the product has been end-of-life since 2009. Affected deployments are unsupported legacy hardware with no remediation path other than replacement.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10158 HIGH POC Monitor

Stack-based buffer overflow in the TRENDnet TEW-432BRP 3.10B20 wireless router's web interface allows authenticated remote attackers to corrupt memory by sending a crafted server_name parameter to the formPortFw handler at /goform/formPortFw, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists, and the vendor has explicitly refused to issue a fix because the product has been end-of-life since 2009.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-42359 HIGH PATCH GHSA This Week

Authenticated remote code execution in Apache Airflow 3.2.0 through 3.2.1 allows users with permission to update XCom entries to achieve code execution by submitting reserved deserialization metadata keys (e.g. __classname__, __type, __data__, __var) to the PATCH XCom endpoint. The XComUpdateBody datamodel omitted the FORBIDDEN_XCOM_KEYS validator that XComCreateBody enforced, letting attackers smuggle a malicious typed payload that is later deserialized into an arbitrary Python class. No public exploit identified at time of analysis and EPSS risk is negligible (0.02%), but a vendor fix has shipped and the root cause is a classic CWE-502 untrusted deserialization.

Apache Deserialization
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-49298 HIGH PATCH GHSA This Week

Sensitive information disclosure in Apache Airflow versions prior to 3.2.2 exposes JWT authentication tokens via KubernetesExecutor command-line arguments, allowing low-privileged users with process listing access on worker pods to harvest credentials and impersonate workers against the Execution API. The flaw, addressed in PR #60108 alongside a redesign of workload/execution token lifetimes, carries a CVSS 8.8 due to high impact across confidentiality, integrity, and availability. No public exploit has been identified at time of analysis and EPSS sits at 0.02%, suggesting limited mass-exploitation activity.

Apache Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-49490 HIGH This Week

SQL injection in OpenCATS 0.9.1a and later allows authenticated attackers to execute arbitrary SQL queries against the backend database by abusing DataGrid filter handling on the Candidates module's Tags column. The flaw bypasses the application's column filterable restrictions, enabling data theft or modification of the recruitment platform's stored candidate records. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

SQLi Opencats
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-8796 HIGH PATCH This Week

Heap out-of-bounds read in Sereal::Decoder for Perl before version 5.005 allows remote attackers to leak up to 31 bytes of adjacent heap memory when a victim application decodes attacker-controlled Sereal-encoded data. The flaw lives in COPY tag handling within srl_read_object() and srl_read_hash(), where a crafted COPY offset can redirect the decoder to mid-value bytes that are then re-interpreted as a SHORT_BINARY tag without bounds checking against the COPY tag's own offset. No public exploit identified at time of analysis, and EPSS is 0.01%, but a vendor patch is available in Sereal-Decoder 5.005.

Information Disclosure Buffer Overflow Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-41084 HIGH PATCH GHSA This Week

API authorization bypass in Apache Airflow 3.2.0 through versions before 3.2.2 allows authenticated users with access to one DAG to mutate TaskInstances belonging to other DAGs they should not control, via the bulk TaskInstances PUT/DELETE endpoints. The flaw stems from the bulk handler omitting per-DAG authorization checks, enabling cross-DAG state tampering with high integrity impact (CVSS 7.5, vector AV:N/AC:L/PR:N/UI:N/I:H). No public exploit identified at time of analysis and EPSS probability is low at 0.01%.

Apache Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-10179 HIGH This Week

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 wireless router allows authenticated remote attackers to corrupt memory and likely achieve code execution by manipulating the 'webpage' argument in the formSetWlanEncrypt handler at /goform/formSetWlanEncrypt. Publicly available exploit code exists per the VulDB submission, and the vendor has explicitly refused to patch because the device has been end-of-life since 2009, making any deployed units permanently vulnerable.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-45360 HIGH PATCH GHSA This Week

Arbitrary Python module import in Apache Airflow versions prior to 3.2.2 occurs when the scheduler deserializes custom DeadlineReference objects, because the prior implementation called import_string() directly on an attacker-controllable __class_path field. Rated CVSS 7.3 with low confidentiality/integrity/availability impact, this issue has no public exploit identified at time of analysis and EPSS estimates exploitation probability at 0.02% (6th percentile).

Apache Deserialization Python
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-40961 HIGH PATCH GHSA This Week

Open redirect bypass in Apache Airflow 3.0.0 through 3.2.1 allows remote unauthenticated attackers to craft URLs that evade the `is_safe_url` host check by using triple-slash (`///`), backslash, or URL-encoded backslash prefixes, redirecting victims to attacker-controlled domains. The flaw stems from a parsing inconsistency between WHATWG URL semantics and Python's urllib. No public exploit has been identified at time of analysis, and EPSS rates exploitation probability at only 0.01% (4th percentile).

Open Redirect Apache
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy