CVE-2026-30650

A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device...

CVE-2026-30652

A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device...

CVE-2026-30650

A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device...

CVE-2026-30652

A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device...

PT-2026-46762

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the Media component allows a remote attacker who has compromised the renderer process to perform UI spoofing using a crafted HTML page...

CVE-2026-38978

Transmission 4.1.1 and earlier is affected by a clickjacking weakness in its browser-facing WebUI and RPC response paths. The CVE entry CVE-2026-38978 records a MEDIUM severity with CVSS v3.1 metrics: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, base score 5.3. Connected sources confirm vulnerable compon...

PT-2026-45777

Name of the Vulnerable Software and Affected Versions transmission versions prior to 4.1.2 Description A clickjacking weakness exists in the browser-facing WebUI and RPC response paths. Clickjacking is a technique where an attacker uses transparent or opaque layers to trick a user into clicking o...

PT-2026-46719

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the Password Manager allows a remote attacker to perform UI spoofing via malicious network traffic. UI spoofing is a technique where an...

PT-2026-46742

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Incorrect security UI in the File Input component allows a remote attacker to perform UI spoofing via a crafted HTML page, provided they can convince a user to perform specific UI...

PT-2026-46560

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the Password Manager allows a remote attacker to perform UI spoofing via malicious network traffic. UI spoofing is a technique where an...

PT-2026-45772

Name of the Vulnerable Software and Affected Versions Vivotek FD8136 version FD8136-VVTK-0300a Description A remote buffer overflow occurs in the admin interface. An authenticated attacker can exploit this to execute arbitrary code with root privileges on the device via the...

CVE-2026-35716

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

EUVD-2026-33971

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...

PT-2026-46722

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in MHTML MIME HTML, a web page archive format allows a remote attacker to leak cross-origin data. This occurs when a user is convinced to perform specifi...

CVE-2026-38978

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...

📄 WebRemoteControl Unauthenticated Remote Filesystem Access

Proof of concept tool that demonstrates how WebRemoteControl suffers from unauthenticated remote filesystem access and potential remote code execution. ================================================================================================================================== | Title :...

PT-2026-46751

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the WebUI allows a remote attacker to perform domain spoofing by using a crafted domain name. Recommendations Update to version 149.0.7827.53 or later...

CVE-2026-38978

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...

PT-2026-46632

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the WebUI allows a remote attacker who has compromised the renderer process to leak cross-origin data through the use of a crafted HTML pag...

PT-2026-46475

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A heap buffer overflow occurs in the Media component. This issue allows a remote attacker to execute arbitrary code within a sandbox if a user is convinced to perform specific UI gestur...