CVE-2026-0412

Insufficient input validation vulnerability in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in...

EUVD-2026-35979

A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5208 and later...

EulerOS 2.0 SP13 : tigervnc (EulerOS-SA-2026-2359)

According to the versions of the tigervnc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application...

QNAP Systems File Station 5 安全漏洞

QNAP Systems File Station 5 is a file management system developed by QNAP Systems, a company based in Taiwan, China. QNAP Systems File Station 5 has a security vulnerability that stems from a buffer overflow issue. This vulnerability could allow remote attackers to modify memory or cause processe...

EUVD-2026-35459

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

EUVD-2026-35452

Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality...

EUVD-2026-35462

Insufficient input validation of buffers vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

CVE-2026-0415

CVE-2026-0415 affects certain NETGEAR Orbi routers where insufficient input validation by the device allows authenticated administrators on the local network to modify router software and functionality without authorization. The description specifies that the vulnerability arises from input valid...

CVE-2026-0412 Insufficient input validation vulnerability in NETGEAR JR6150 Web UI

Insufficient input validation vulnerability in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in...

CVE-2026-8902

The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rcoptionspage function. This makes it possible for unauthenticated attackers to modify plugin settings...

CVE-2026-8902 AJAX Report Comments <= 2.0.4 - Cross-Site Request Forgery to Settings Update

The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rcoptionspage function. This makes it possible for unauthenticated attackers to modify plugin settings...

EUVD-2026-35308

The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rcoptionspage function. This makes it possible for unauthenticated attackers to modify plugin settings...

CVE-2026-36720

Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...

PT-2026-47819

Name of the Vulnerable Software and Affected Versions NETGEAR affected versions not specified Description Insufficient input validation allows authenticated administrators connected to the local network to make unauthorized modifications to router software and functionality...

PT-2026-47820

Name of the Vulnerable Software and Affected Versions NETGEAR router models affected versions not specified Description Insufficient input validation allows an authenticated administrator with local network access to submit crafted input. This action bypasses intended management interface...

PT-2026-47817

Insufficient input validation vulnerability in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in...

PT-2026-47818

Name of the Vulnerable Software and Affected Versions NETGEAR affected versions not specified Description A buffer overflow occurs due to insufficient input validation of buffers. This allows authenticated administrators connected to the local network to make unauthorized modifications to the...

PT-2026-47678

The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rc options page function. This makes it possible for unauthenticated attackers to modify plugin settin...

PT-2026-47684

The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the six storage get user info and six storage update profile AJAX actions. This is due to the six storage getUserInfo...

CVE-2026-49141

WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by supplying an arbitrary caller-controlled contactid in the POST request body without tenant ownership...