vulns

by zer0x0ne — on rss , infosec 02 May 2021

Vulnerability Notes

CVE-2026-32272 - Craft Commerce: Blind SQL Injection via hasVariant/hasProduct
CVE-2026-6199 - Tenda F456 qossetting fromqossetting stack-based overflow
CVE-2026-6197 - Tenda F456 AdvSetWrlsafeset formWrlsafeset stack-based overflow
CVE-2026-40044 - Pachno 1.0.6 FileCache Deserialization Remote Code Execution
CVE-2026-40040 - Pachno 1.0.6 Unrestricted File Upload Remote Code Execution
CVE-2026-6194 - Totolink A3002MU HTTP Request formWlanSetup sub_410188 stack-based overflow
CVE-2026-6100 - Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure
CVE-2026-32316 - jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow
CVE-2026-28291 - simple-git has Command Execution via Option-Parsing Bypass
CVE-2026-23891 - Decidim has a Cross-site scripting (XSS) vulnerability via user name field
CVE-2026-6186 - UTT HiPER 1200GW formNatStaticMap strcpy buffer overflow
CVE-2026-34186 - SQL Injection in Custom Fields leads to Database Compromise
CVE-2026-30813 - SQL Injection in Module Search leads to Database Compromise
CVE-2026-30804 - Unrestricted File Upload in Extension Uploader leads to Remote Code Execution
CVE-2026-33858 - Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API
CVE-2026-1462 - Safe Mode Bypass in keras-team/keras
CVE-2026-6204 - LibreNMS Remote Code Execution Vulnerability