Latest CVE Feed
-
9.1
CRITICALCVE-2025-61546
There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 that enables remote attacker to create financial discrepancies by purchasing items with a negative quantity. This ... Read more
Affected Products : print_shop_pro_webdesk- Published: Jan. 08, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
9.1
CRITICALCVE-2025-68715
An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HTTP endpoints (/goform/setWan, /goform/setLan, /goform/wirelessBasic) that do not enforce authentication. A remote unauthenticated attacker can modify WAN, ... Read more
- Published: Jan. 08, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Authentication
-
9.1
CRITICALCVE-2026-22909
Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.... Read more
- Published: Jan. 15, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Authorization
-
9.1
CRITICALCVE-2025-62741
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Pool Services pool-services allows Server Side Request Forgery.This issue affects Pool Services: from n/a through <= 3.3.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Server-Side Request Forgery
-
9.0
CRITICALCVE-2026-23520
Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-u... Read more
Affected Products : arcane- Published: Jan. 15, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Injection
-
9.0
HIGHCVE-2026-1329
A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the function fromGetWifiGuestBasic of the file /goform/WifiGuestSet. Executing a manipulation of the argument guestWrlPwd/guestEn/guestSsid/hideSsid/guestSecurity can lead to stack-bas... Read more
- Published: Jan. 22, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-1143
A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument ssid can lead to buffer overflow. The attack may be launched ... Read more
- Published: Jan. 19, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-1328
A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. Impacted is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow... Read more
- Published: Jan. 22, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
9.0
CRITICALCVE-2025-68015
Improper Control of Generation of Code ('Code Injection') vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Code Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through <= 2.8.3.... Read more
Affected Products : event_tickets_with_ticket_scanner- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Injection
-
9.0
HIGHCVE-2026-0837
A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit is public... Read more
- Published: Jan. 11, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-1157
A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This affects the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack remotel... Read more
- Published: Jan. 19, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-0838
A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buffer overflow. The attack is possible to be carried out r... Read more
- Published: Jan. 11, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-1139
A vulnerability has been found in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/ConfigExceptMSN. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been... Read more
- Published: Jan. 19, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-1686
A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argument apcliSsid results in buffer overflow. It is possibl... Read more
Affected Products : a3600r_firmware- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-1637
A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation leads to stack-based buffer overflow. Remote exploitation of the attack is possible. T... Read more
Affected Products : ac21_firmware- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-2086
A vulnerability was detected in UTT HiPER 810G up to 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formFireWall of the component Management Interface. The manipulation of the argument GroupName results in buffer o... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 07, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-0841
A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl results in buffer overflow. It is possible to launch the attack r... Read more
- Published: Jan. 11, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-2071
A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formP2PLimitConfig. Performing a manipulation of the argument except results in buffer overflow. The attack is possible to be carried ou... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 07, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-1140
A vulnerability was found in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/ConfigExceptAli. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public ... Read more
- Published: Jan. 19, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
9.0
CRITICALCVE-2026-24769
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a stored cross-site scripting (XSS) vulnerability exists in NocoDB’s attachment handling mechanism. Authenticated users can upload malicious SVG files containing embedded... Read more
Affected Products : nocodb- Published: Jan. 28, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting