CVE Alerts

CVE-2026-3698 - UTT HiPER 810G NTP strcpy buffer overflow
CVE ID : CVE-2026-3698

Published : March 8, 2026, 2:16 a.m. | 56 minutes ago

Description : A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. This affects the function strcpy of the file /goform/...

CVE-2026-3699 - UTT HiPER 810G formRemoteControl strcpy buffer overflow
CVE ID : CVE-2026-3699

Published : March 8, 2026, 3:16 a.m. | 1 hour, 56 minutes ago

Description : A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-171114. This impacts the function ...

CVE-2026-3697 - Planet ICG-2510 Language Package Configuration httpd sub_40C8E4 stack-based overflow
CVE ID : CVE-2026-3697

Published : March 8, 2026, 2:16 a.m. | 56 minutes ago

Description : A vulnerability was determined in Planet ICG-2510 1.0_20250811. The impacted el...

CVE-2026-3698 - UTT HiPER 810G NTP strcpy buffer overflow
CVE ID : CVE-2026-3698

Published : March 8, 2026, 2:16 a.m. | 2 hours, 56 minutes ago

Description : A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. This affects the function strcpy of the file...

CVE-2026-3700 - UTT HiPER 810G formConfigDnsFilterGlobal strcpy buffer overflow
CVE ID : CVE-2026-3700

Published : March 8, 2026, 3:16 a.m. | 1 hour, 56 minutes ago

Description : A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. Affected is the functio...

CVE-2026-30910 - Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows
CVE ID : CVE-2026-30910

Published : March 8, 2026, 2:16 a.m. | 56 minutes ago

Description : Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer ov...

CVE-2026-3682 - welovemedia FFmate ffmpeg.go Execute argument injection
CVE ID : CVE-2026-3682

Published : March 8, 2026, 12:16 a.m. | 56 minutes ago

Description : A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects t...

CVE-2026-3683 - bufanyun HotGo Endpoint upload.go ImageTransferStorage server-side request forgery
CVE ID : CVE-2026-3683

Published : March 8, 2026, 12:16 a.m. | 56 minutes ago

Description : A vulnerability was detected in bufanyun HotGo up to 2.0. This issue affects the...

CVE-2026-3680 - RyuzakiShinji biome-mcp-server biome-mcp-server.ts command injection
CVE ID : CVE-2026-3680

Published : March 7, 2026, 11:15 p.m. | 1 hour, 56 minutes ago

Description : A security flaw has been discovered in RyuzakiShinji biome-mcp-server up to 1.0.0. Aff...

CVE-2026-3681 - welovemedia FFmate webhook.go fireWebhook server-side request forgery
CVE ID : CVE-2026-3681

Published : March 7, 2026, 11:15 p.m. | 1 hour, 56 minutes ago

Description : A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the f...

CVE-2026-30909 - Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows
CVE ID : CVE-2026-30909

Published : March 8, 2026, 12:46 a.m. | 26 minutes ago

Description : Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer ove...

CVE-2026-3696 - Totolink N300RH CGI cstecgi.cgi setWiFiWpsConfig os command injection
CVE ID : CVE-2026-3696

Published : March 8, 2026, 12:32 a.m. | 40 minutes ago

Description : A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is th...

CVE-2026-3695 - SourceCodester Modern Image Gallery App delete.php path traversal
CVE ID : CVE-2026-3695

Published : March 8, 2026, 12:32 a.m. | 40 minutes ago

Description : A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unk...

CVE-2026-3693 - Shy2593666979 AgentChat User Endpoint user.py update_user_info resource injection
CVE ID : CVE-2026-3693

Published : March 8, 2026, 12:32 a.m. | 40 minutes ago

Description : A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects ...

CVE-2026-3679 - Tenda FH451 QuickIndex formQuickIndex stack-based overflow
CVE ID : CVE-2026-3679

Published : March 7, 2026, 11:15 p.m. | 1 hour, 56 minutes ago

Description : A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerability is the fun...

CVE-2026-3677 - Tenda FH451 setcfm fromSetCfm stack-based overflow
CVE ID : CVE-2026-3677

Published : March 7, 2026, 10:15 p.m. | 2 hours, 56 minutes ago

Description : A vulnerability was found in Tenda FH451 1.0.0.9. This impacts the function fromSetCfm of the file /gof...

CVE-2026-3678 - Tenda FH451 AdvSetWan sub_3C434 stack-based overflow
CVE ID : CVE-2026-3678

Published : March 7, 2026, 11:15 p.m. | 1 hour, 56 minutes ago

Description : A vulnerability was determined in Tenda FH451 1.0.0.9. Affected is the function sub_3C434 of the file ...

CVE-2026-3670 - Freedom Factory dGEN1 com.dgen.alarm improper authorization
CVE ID : CVE-2026-3670

Published : March 7, 2026, 7:15 p.m. | 1 hour, 56 minutes ago

Description : A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. Affected is an unknown fun...

CVE-2026-3669 - Freedom Factory dGEN1 com.dgen.alarm AlarmService improper authorization
CVE ID : CVE-2026-3669

Published : March 7, 2026, 7:15 p.m. | 1 hour, 56 minutes ago

Description : A security vulnerability has been detected in Freedom Factory dGEN1 up to 20260221....

CVE-2026-2671 - Mendi Neurofeedback Headset Bluetooth Low Energy cleartext transmission
CVE ID : CVE-2026-2671

Published : March 7, 2026, 6:16 p.m. | 2 hours, 56 minutes ago

Description : A vulnerability was detected in Mendi Neurofeedback Headset V4. Affected by this vu...

CVE-2026-30856 - WeKnora: Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection
CVE ID : CVE-2026-30856

Published : March 7, 2026, 4:32 p.m. | 38 minutes ago

Description : WeKnora is an LLM-powered framework designed for deep...

CVE-2026-30852 - Caddy: vars_regexp double-expands user input, leaking env vars and files
CVE ID : CVE-2026-30852

Published : March 7, 2026, 4:28 p.m. | 43 minutes ago

Description : Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to be...

CVE-2026-3667 - Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppService improper authorization
CVE ID : CVE-2026-3667

Published : March 7, 2026, 4:15 p.m. | 55 minutes ago

Description : A security flaw has been discovered in Freedom Factory dGEN1 up to 2026022...

CVE-2026-30855 - WeKnora: Broken Access Control in Tenant Management
CVE ID : CVE-2026-30855

Published : March 7, 2026, 4:31 p.m. | 40 minutes ago

Description : WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to ...

CVE-2026-29787 - mcp-memory-service: System Information Disclosure via Health Endpoint
CVE ID : CVE-2026-29787

Published : March 7, 2026, 4:15 p.m. | 55 minutes ago

Description : mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to versio...

CVE-2026-30859 - WeKnora: Broken Access Control - Cross-Tenant Data Exposure
CVE ID : CVE-2026-30859

Published : March 7, 2026, 4:35 p.m. | 36 minutes ago

Description : WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. P...

CVE-2026-30832 - Soft Serve: SSRF via unvalidated LFS endpoint in repo import
CVE ID : CVE-2026-30832

Published : March 7, 2026, 4:15 p.m. | 55 minutes ago

Description : Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0...

CVE-2026-30851 - Caddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege Escalation
CVE ID : CVE-2026-30851

Published : March 7, 2026, 4:28 p.m. | 42 minutes ago

Description : Caddy is an extensible server platfor...

CVE-2026-30834 - PinchTab: SSRF with Full Response Exfiltration via Download Handler
CVE ID : CVE-2026-30834

Published : March 7, 2026, 4:15 p.m. | 55 minutes ago

Description : PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser...

CVE-2026-3665 - xlnt-community xlnt XLSX File xlsx_consumer.cpp read_office_document null pointer dereference
CVE ID : CVE-2026-3665

Published : March 7, 2026, 4:15 p.m. | 55 minutes ago

Description : A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The...