CVE-2026-4257

The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection SSTI leading to Remote Code Execution RCE in all versions up to, and including, 1.7.36. This is due to the plugin using the Twig TwigLoaderString template engine without sandboxing, combined with th...

WordPress Contact Form by Supsystic plugin <= 1.7.36 - Unauthenticated Server-Side Template Injection via Prefill Functionality vulnerability

Unauthenticated Server-Side Template Injection via Prefill Functionality vulnerability discovered by kiseki - Heroes Cyber Security in WordPress Plugin Contact Form by Supsystic versions = 1.7.36...

CVE-2026-34881

OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, th...

CVE-2026-30877

baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges o...

CVE-2026-4257 Contact Form by Supsystic <= 1.7.36 - Unauthenticated Server-Side Template Injection via Prefill Functionality

The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection SSTI leading to Remote Code Execution RCE in all versions up to, and including, 1.7.36. This is due to the plugin using the Twig TwigLoaderString template engine without sandboxing, combined with th...

PT-2026-29130

Name of the Vulnerable Software and Affected Versions Contact Form by Supsystic plugin for WordPress versions up to and including 1.7.36 Description The Contact Form by Supsystic plugin for WordPress is susceptible to Server-Side Template Injection SSTI, which can lead to Remote Code Execution RC...

CVE-2026-4621

Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network...

CVE-2026-33280

Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands...

CVE-2021-27942

Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a threat actor to execute arbitrary code from a USB drive via the Smart Cast functionality, because files on the USB drive are effectively under the web root and can be executed...

EUVD-2026-16589

Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network...

CVE-2026-4621

Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network...

CVE-2026-4621

Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network...

CVE-2026-4621

Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network...

CVE-2026-4621

Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network...

CVE-2026-4621

NEC Platforms, Ltd. Aterm Series devices contain a Hidden Functionality vulnerability that allows an attacker to enable Telnet over the network. According to the NVD entry, the issue has a CVSS v4.0 base score of 6.3 (MEDIUM) with Network attackVector, HIGH attackComplexity, no privileges require...

Multiple vulnerabilities in BUFFALO Wi-Fi routers

Overview Wi-Fi router products provided by BUFFALO INC. contain multiple vulnerabilities listed below. Dependency on vulnerable third-party component CWE-1395 - This issue is caused by a vulnerability in minihttpd CVE-2015-1548. OS command injection CWE-78 - CVE-2026-27650 Code injection CWE-94 -...

EUVD-2026-16549

Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands...

CVE-2026-33280

Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands...

CVE-2026-33280

Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands...

CVE-2026-33280

Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands...