|
901
|
9.8 |
CRITICAL
Network
|
tenda
|
i9_firmware
|
A vulnerability was identified in Tenda i9 1.0.0.5(2204). This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal…
|
CWE-22
Path Traversal
|
CVE-2026-7036
|
2026-04-30 23:10 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
902
|
8.8 |
HIGH
Network
|
tenda
|
hg10_firmware
|
A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-6988
|
2026-04-30 23:10 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
903
|
8.8 |
HIGH
Network
|
tenda
|
f453_firmware
|
A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injecti…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-6989
|
2026-04-30 23:10 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
904
|
7.2 |
HIGH
Network
|
linksys
|
mr9600_firmware
|
A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run_central2.sh of the component JNAP Action Handler. T…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-6992
|
2026-04-30 23:09 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
905
|
7.3 |
HIGH
Network
|
dlink
|
dir-822_firmware
|
A vulnerability was determined in D-Link DIR-822 A_101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argumen…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7067
|
2026-04-30 23:09 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
906
|
8.8 |
HIGH
Adjacent
|
dlink
|
dir-825_firmware
|
A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack ca…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7068
|
2026-04-30 23:08 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
907
|
8.0 |
HIGH
Adjacent
|
dlink
|
dir-825_firmware
|
A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argum…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7069
|
2026-04-30 23:08 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
908
|
7.8 |
HIGH
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without operator.admin scope requirement. Attackers can…
|
CWE-863
Incorrect Authorization
|
CVE-2026-42432
|
2026-04-30 23:06 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
909
|
8.1 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persistent browser profiles. Attackers can exploit this path to circumvent the …
|
CWE-863
Incorrect Authorization
|
CVE-2026-42431
|
2026-04-30 23:06 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
910
|
7.1 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that widens identity-bearing operator.read requests into runtime operator.wr…
|
CWE-863
Incorrect Authorization
|
CVE-2026-42429
|
2026-04-30 23:06 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
