Vulnerability Notes
- CVE-2026-27785 - Milesight Cameras Use of Hard-coded Credentials
- CVE-2026-40976 - "Spring Boot Default Web Security Bypass"
- CVE-2026-41371 - OpenClaw < 2026.3.28 - Privilege Escalation via chat.send Reset Command
- CVE-2026-41364 - OpenClaw < 2026.3.31 - Arbitrary File Write via Symlink Following in SSH Sandbox Tar Upload
- CVE-2026-7160 - Tenda HG3 formTracert command injection
- CVE-2026-7156 - Totolink A8000RU CGI cstecgi.cgi CsteSystem os command injection
- CVE-2026-7154 - Totolink A8000RU CGI cstecgi.cgi setAdvancedInfoShow os command injection
- CVE-2026-7152 - Totolink A8000RU CGI cstecgi.cgi setTelnetCfg os command injection
- CVE-2026-6741 - LatePoint <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability
- CVE-2025-69689 - Apache Fan Control Elevation of Privilege Vulnerability
- CVE-2026-7139 - Totolink A8000RU CGI cstecgi.cgi setWiFiAclRules os command injection
- CVE-2026-38934 - Diskoverdata Diskover-Community Cross Site Request Forgery Privilege Escalation
- CVE-2026-7137 - Totolink A8000RU CGI cstecgi.cgi setStorageCfg os command injection
- CVE-2026-7136 - Totolink A8000RU CGI cstecgi.cgi setDmzCfg os command injection
- CVE-2026-41462 - ProjeQtor < 12.4.4 Unauthenticated SQL Injection via Login
- CVE-2026-30352 - Leonvanzyl Autocoder RCE
- CVE-2026-40514 - SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG
- CVE-2026-32688 - Atom table exhaustion via HTTP/2 :scheme pseudo-header in plug_cowboy