EUVD-2026-25715

A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made...

CVE-2026-7038 tufantunc ssh-mcp Command Line index.ts insufficiently protected credentials

A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made...

CVE-2026-7037

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru results in os command injection. The attack can be executed...

CVE-2026-7037 Totolink A8000RU CGI cstecgi.cgi setVpnPassCfg os command injection

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru results in os command injection. The attack can be executed...

CVE-2026-7036

This CVE affects Tenda i9 1.0.0.5(2204). The flaw is in the HTTP Handler’s R7WebsSecurityHandlerfunction, enabling path traversal. Remote exploitation is possible and exploits are publicly available. The sources do not specify a remediation in these documents.

EUVD-2026-25712

A vulnerability was identified in Tenda i9 1.0.0.52204. This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...

CVE-2026-7036 Tenda i9 HTTP R7WebsSecurityHandlerfunction path traversal

A vulnerability was identified in Tenda i9 1.0.0.52204. This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...

CVE-2026-7036 Tenda i9 HTTP R7WebsSecurityHandlerfunction path traversal

A vulnerability was identified in Tenda i9 1.0.0.52204. This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...

NFC: digital: Bounds check NFC-A cascade depth in SDD response handler

...

PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup

...

Ollama is Vulnerable to Path Traversal

A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote...

GHSA-X99G-8V8J-25J2 Ollama is Vulnerable to Path Traversal

A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote...

CVE-2026-7022

CVE-2026-7022 affects SmythOS sre up to 0.0.15. The vulnerability lies in the HTTP Header Handler’s AgentRuntime function (packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts), where manipulation of the arguments X-DEBUG-RUN/X-DEBUG-INJ enables improper authentication. The issue allow...

CVE-2026-7022 SmythOS sre HTTP Header AgentRuntime.class.ts AgentRuntime improper authentication

A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...

CVE-2026-7020 Ollama Tensor Model Transfer transfer.go digestToPath path traversal

A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote...

CVE-2026-7020 Ollama Tensor Model Transfer transfer.go digestToPath path traversal

A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote...

EUVD-2026-25695

A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote...

CVE-2026-7018

A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a manipulation of the...

EUVD-2026-25693

A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a manipulation of the...

PT-2026-35221

A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made...