CVE-2026-36608

The advisory concerns the Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909. A UPnP AddPortMapping issue allows an unauthenticated LAN attacker to forward external ports to the router’s admin interface by abusing the InternalClient field (accepting 192.168.1.1 or 127.0.0.1). This en...

CVE-2026-36616

CVE-2026-36616 affects the Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909. The issue is the presence of hardcoded WiFi driver credentials embedded in the production firmware binary: a RADIUS shared secret, a WPS test key, and a default PSK. The vulnerability arises from these sensitive ...

CVE-2026-26378

Affects Koha 25.11 and earlier. Cross-Site Scripting via the file upload function in Invoice features allows a remote attacker to execute arbitrary code. Root cause details are not provided beyond this description. No remediation or patch version is stated in the available documents.

CVE-2026-36612

CVE-2026-36612 affects Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909. The issue: WPS 2.0 is enabled by default and a weak lockout policy allows 60-second lockouts after 10 attempts, per connected records. CVSSv3.1 base score 6.4 (MEDIUM) with attack vector: Adjacent, attack complexity:...

CVE-2026-49977

Technical details for CVE-2026-49977 are not publicly available in the provided documents. Monitor for updates as new information becomes available.

CVE-2026-36604

Mercusys AC12G (EU) V1 router vulnerable to DNS rebinding due to HTTP Host header validation failure in firmware AC12G(EU)_V1_200909. An external attacker could rebound a domain to the router’s internal IP, taking advantage of an existing CORS wildcard weakness (Access-Control-Allow-Origin: *). C...

CVE-2026-36613

Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 is affected by a vulnerability where HTTP POST requests to undefined paths return 128 bytes of uninitialized internal buffer contents, exposing server state to unauthenticated adjacent network attackers. Affected component: the device’s HTT...

CVE-2026-36615

Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 is affected by CVE-2026-36615 due to an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network. The issue stems from exposure of internal data to nearby devices wit...

CVE-2026-36618

Mercusys AC12G (EU) V1 devices (firmware AC12G(EU)_V1_200909) are affected. The issue arises because the DNS resolver (unbound 1.22.0) reveals its version when responding to version.bind CHAOS TXT queries, which can aid targeted attacks against known vulnerabilities. The vulnerability pertains to...

CVE-2026-36610

Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding; the firmware contains no TLS, enabling man-in-the-middle interception of DDNS credentials.

CVE-2026-37700

MaxSite CMS v.109.2 is affected by a Cross Site Scripting (XSS) vulnerability via the Backend page file upload endpoint used by admin_page. The CVE-2026-37700 description states an attacker can obtain sensitive information through this endpoint. CVSS v3.1 score is 4.1 (Medium); attack vector Netw...

CVE-2026-10769

CVE-2026-10769 maps to Drupal Commerce contributions vulnerability DRUPAL-CONTRIB-2026-041 and PT-2026-46113. It describes insufficient sanitization of customer comments in the order receipt email template, enabling Cross-site Scripting (XSS) when Checkout is enabled and the Comments pane (custom...

CVE-2026-48019

PT-2026-45900 confirms a severe Laravel CRLF injection vulnerability tied to CVE-2026-48019, enabling mail-relay abuse in affected web apps. The report notes exploitation risks and recommends applying the latest CVE-2026-48019 patch to mitigate. No further exploit details are provided in the conn...

CVE-2025-70100

CVE-2025-70100 affects lwext4 1.0.0. A divide-by-zero in ext4_block_set_lb_size (src/ext4_blockdev.c) can cause denial of service when processing a malformed ext4 image, triggering a Floating-Point Exception or crash due to missing lb_size validation during mount/image handling. Connected sources...

CVE-2026-37462

CVE-2026-37462 affects gobgp v4.3.0. A vulnerability in BGPUpdate.DecodeFromBytes (/bgp/bgp.go) allows an attacker to trigger a Denial of Service by sending a crafted BGP UPDATE message. The issue is described consistently across multiple sources (NVD/EUVD/CVE listings and vulnerability trackers)...

CVE-2026-39107

CVE-2026-39107 affects the Kimi AI v1.0 web interface, specifically the Preview feature. The issue is a Cross Site Scripting vulnerability where HTML/JavaScript payloads generated by the AI model are not properly sanitized or encoded, causing the payload to be rendered into the DOM when users vie...

CVE-2026-36460

CVE-2026-36460 affects Dovestones Softwares ADPhonebook prior to v4.0.1.1. The issue is a Cross Site Scripting flaw in the /Admin/Save API where an authenticated admin can store malicious JavaScript payloads in multiple configuration sections due to missing input validation or output encoding. Af...

CVE-2025-60477

Summary: CVE-2025-60477 arises from a NULL pointer dereference in GPAC Project/MP4Box, specifically in the function gf_filter_pid_resolve_file_template_ex (file: filter_core/filter_pid.c). The issue affects MP4Box builds prior to version 26.02.0 and allows an attacker to cause a Denial of Service...

CVE-2026-37460

CVE-2026-37460 affects FRRouting (FRR) stable/10.0–10.6. The issue is in the rfapiRibBi2Ri() function (rfapi_rib.c) where missing input validation can be triggered by a crafted BGP UPDATE message, leading to Denial of Service. Connected sources consistently describe the same flaw and affected ran...

CVE-2026-10692

The CVE-2026-10692 affects johnhuang316 code-index-mcp up to version 2.14.0, specifically the is_safe_regex_pattern function in the search_code_advanced component. Manipulating the regex argument can cause inefficient regex processing (potentially a denial-of-service), with remote attack potentia...

CVE-2026-10691

CVE-2026-10691 affects wonderwhy-er DesktopCommanderMCP

CVE-2026-9732

The CVE concerns the WordPress plugin “EmergencyWP – Dead Man's switch & legacy deliverance” up to version 1.4.2. The root cause is missing or incorrect nonce validation in the form_settings_ui (settings save handler) function, enabling Cross-Site Request Forgery. This allows unauthenticated atta...

CVE-2026-7421

The Passeum Ticketing plugin for WordPress (all versions up to 1.0) is vulnerable to Stored XSS when the shop_name setting starts with http. The get_shop_url() method returns the raw shop_name without sufficient sanitization, and validate_shop_name() only checks for emptiness and type, allowing a...

CVE-2026-10690

This CVE affects wonderwhy-er DesktopCommanderMCP 0.2.37. The vulnerability is in the readFileFromUrl function (src/tools/filesystem.ts, read_file component) where manipulating the url argument enables server-side request forgery. It can be triggered remotely and an exploit is publicly available....

CVE-2026-40108

CVE-2026-40108 - GLPI Stored XSS in ITIL costs : Affects GLPI versions 11.0.0 through 11.0.6 where a technician can store an XSS payload in ITIL costs. The issue has been fixed in version 11.0.7. CVSS 4.0 base score is 7.1 (HIGH) with user interaction required and HIGH impact on confidentiality, ...

CVE-2026-41412

CVE-2026-41412 affects alf.io prior to 2.0-M5-2606. The extension sandbox injects a fully-functional HTTP client (simpleHttpClient) into every extension script’s scope, and the postFileAndSaveResponse() method accepts an arbitrary filesystem path using new FileInputStream(file) without path valid...

CVE-2026-35482

CVE-2026-35482 : alf.io’s extension script engine vulnerability allows an authenticated administrator to escape the Rhino sandbox and execute arbitrary OS commands on the server. The issue stems from an unguarded injected Java object (returnClass) combined with an incomplete AST blocklist, enabli...

CVE-2026-44654

CVE-2026-44654 (LibreChat) : In versions up to 0.8.3, a shared-agent editor can issue DELETE /api/files to remove file records that a user has reused across multiple agents. The deletion is global, not limited to the shared agent, which can break the owner’s other private agents that reference th...

CVE-2026-10688

The CVE-2026-10688 affects the ahujasid blender-mcp project; the vulnerable component is execute_blender_code in /src/blender_mcp/server.py. Manipulating the code argument allows code injection, with remote execution possible. Public exploitation is indicated, and the project uses a rolling relea...

CVE-2026-44653

LibreChat contains a vulnerability in versions up to 0.8.3 where users with only VIEW access to an MCP server can retrieve decrypted admin secrets via GET /api/mcp/servers and GET /api/mcp/servers/:serverName. The API returns plaintext values for apiKey.key and oauth.client_secret, enabling viewe...

CVE-2026-32625

LibreChat vulnerability CVE-2026-32625 affects versions up to 0.8.3 where MCP server URL validation expands ${VAR} against process.env during Zod schema checks. An authenticated user can configure a malicious MCP URL to exfiltrate secrets (CREDS_KEY, CREDS_IV, JWT_SECRET, MONGO_URI) to an attacke...

CVE-2026-10719

CVE-2026-10719 affects Seagate’s openSeaChest/Seachest (v25.05.3). The issue is an out-of-bounds write in openSeaChest’s --showSupportedFormats, permitting writing one extra byte past allocated memory when a malicious NVMe device with a bogus FLBAS value in the namespace is processed. As describe...

CVE-2026-31942

LibreChat (up to version 0.7.6) is affected by an Insecure Direct Object Reference (IDOR) in the API keys management endpoint (PUT /api/keys). After setting the authenticated user’s ID, an attacker can inject a userId parameter in the request body to overwrite other users’ API keys (e.g., OpenAI,...

CVE-2026-10718

CVE-2026-10718 affects Seagate’s openSeaChest (v26.03.0) and is triggered by the Trim/Unmap operation. The root cause is an out-of-bounds write that allows writing extra memory describing a range of LBAs to deallocate, extending 16 bytes outside the allocated space across all supported platforms....

CVE-2026-25861

CVE-2026-25861 affects QloApps 1.7.0. The vulnerability is in the password hashing path: Tools::encrypt() in classes/Tools.php uses MD5 with a static cookie key, allowing offline brute-forcing of credentials. The risk is heightened by auto-generated 8-character guest-to-customer passwords in clas...

CVE-2026-10717

The vulnerability CVE-2026-10717 affects openSeaChest v25.05.3 (Seagate Open-Seachest/Seachest) and specifically the --showSCSIDefects feature. Out-of-bounds writes/reads occur when handling very large defect lists or a maliciously crafted SCSI defect response length, enabling writing defect info...

CVE-2026-42507

CVE-2026-42507 affects the Go net/textproto package. The root issue is that error returns include user-controlled input as part of the error string, which could allow an attacker to inject misleading content into errors that are printed or logged. The connected sources confirm this behavior acros...

CVE-2026-42504

CVE-2026-42504 affects the WordDecoder.DecodeHeader function in the mime package, where decoding a malicious MIME header with many invalid encoded-words leads to quadratic time complexity and potential high CPU usage. Public descriptions identify the root cause as quadratic complexity in that dec...

CVE-2026-27145

The CVE-2026-27145 issue affects the Go standard library’s crypto/x509 VerifyHostname path, where VerifyHostname previously calls matchHostnames in a loop over all DNS SAN entries. This design causes strings.Split(host, ".") to run repeatedly on the same input, leading to a quadratic increase in ...

CVE-2026-10662

The CVE concerns ahujasid blender-mcp (up to commit 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b) and targets the ZIP File Handler’s server.py, specifically the requests.get usage. Flaw: manipulation of the argument zip_file_url enables server-side request forgery (SSRF). Impact is described as remot...

CVE-2021-4481

CVE-2021-4481 involves Dräger Protector Software, prior to version 6.4.2, which has a local privilege escalation vulnerability caused by insecure file system permissions. According to the connected records, this allows local attackers to replace binaries or loaded modules on the host and execute ...

CVE-2021-4480

CVE-2021-4480 affects Dräger Protector Software prior to version 6.4.2. The issue is a local privilege escalation caused by insecure file system permissions that allow a local attacker to replace binaries or loaded modules and execute code with NT SYSTEM privileges. The description does not speci...

CVE-2026-10661

The CVE concerns ahujasid blender-mcp with a vulnerability in the Open function of src/blender_mcp/server.py. Manipulating the input_image_url parameter leads to injection, with remote exploitation possible. The affected project uses rolling releases, so specific version details are not listed; p...

CVE-2026-35212

OpenCTI vulnerability CVE-2026-35212: XSS in rendering of email-message observable body data due to insufficient sanitization in versions prior to 7.260227.0. The body content is rendered without proper sanitization, requiring user interaction and could be triggered by sharing STIX or ingesters, ...

CVE-2025-15653

The affected products are Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations. The vulnerability is a local privilege escalation via unprotected USB interfaces that attackers with physical access can exploit to compromise software integrity. Reported impact includes ...

CVE-2024-14036

Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 are affected by a denial-of-service vulnerability where specially crafted, unencrypted SDC discovery messages exhaust CPU resources. Network-adjacent attackers with hospital-network access can trigger high CPU load, causing subsequent SDC ...

CVE-2026-10650

warmcat libwebsockets (up to 4.5.8) contains a flaw in the SSH Protocol Handler: lws_ssh_parse_plaintext (plugins/protocol_lws_ssh_base/sshd.c) can be triggered by manipulating msg_len, leading to resource consumption. The issue can be exploited remotely; a proof-of-concept exploit has been publi...

CVE-2026-8936

CVE-2026-8936 describes an unbounded recursion in the grpcfuse kernel module that can cause a VM panic in the Docker Desktop VM when a container creates deeply nested directories on a bind-mounted host folder, triggering a dentry invalidation event. The issue has been fixed in Docker Desktop 4.76...

CVE-2022-4992

CVE-2022-4992 affects Dräger Infinity Acute Care System and Standalone Infinity M540, VG4.1.1, VG4.0.3 and lower (VG4.2 partially affected). The issue is a network message handling vulnerability that lets remote attackers inject spoofed/tampered data to cause denial-of-service, potentially modify...

CVE-2026-45289

CloudburstMC Protocol (Minecraft Bedrock Edition) has a vulnerability in the EncryptionUtils validation for FULL type auth tokens prior to version 3.0.0.Beta12-20260420.182526-15. Exploitation affects software depending on this protocol library by potentially weakening authentication payload vali...