CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
A security flaw has been discovered in Totolink N300RH version 3.2.4-B20220812 in the loginauth function of the /cgi-bin/cstecgi.cgi file, affecting the Parameter Handler component. Manipulating the Password argument results in a buffer overflow, which can be exploited in remote attacks.
W aplikacji wsparcia online firmy Tegsoft Management and Information Services Trade Limited Company występuje podatność na atak typu 'cross-site scripting' (XSS) z powodu niewłaściwego neutralizowania danych wejściowych podczas generowania stron internetowych. Problem ten dotyczy wersji aplikacji od V3 do 31122025.
A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call.
A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227 in the loginauth function of the /cgi-bin/cstecgi.cgi file, affecting the POST Request Handler component. Manipulation of the http_host argument results in buffer overflow.
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to arbitrary code execution.
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak.
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to arbitrary code execution.
GV-VMS V20 is a video monitoring software that allows remote access to manage and monitor cameras. A stack overflow vulnerability has been discovered in the base64 decoding mechanism, which may facilitate an attacker in exploiting this flaw.
A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute privileged operation.
There is an os command injection vulnerability in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 version 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution.
The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to and including 2.0.46. This is due to the use of a loose PHP comparison operator to validate OTP codes in the 'user_verification_form_wrap_process_otpLogin' function.
The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAF_AJAX::method_upload' function in all versions up to and including 1.6.20. This allows unauthenticated attackers to upload arbitrary files on the affected site's server.
CVE-2026-37541 describes a buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005. Improper validation of the length field in GVRET binary data allows remote attackers to cause a denial of service or potentially execute arbitrary code via crafted GVRET frames.
CVE-2026-37539 describes a buffer overflow vulnerability in version 2.0.0 of the cannelloni software occurring during CAN frame parsing in the parseCANFrame and decodeFrame functions. This allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted CAN FD frames.
CVE-2026-37534 describes an integer underflow vulnerability in Open-SAE-J1939, allowing attackers to write to arbitrary memory via a crafted sequence number from the CAN frame.
The AGL app framework in versions up to 17.1.12 contains a Zip Slip vulnerability allowing path traversal and a TOCTOU race condition in the widget installation process. The is_valid_filename function does not check for dot notation directory traversal sequences, allowing files to be written anywhere on the filesystem.
MixPHP Framework versions 2.x through 2.2.17 have an unsafe deserialization vulnerability. The session and cache handlers use unserialize() on data from the filesystem in the FileHandler object.
MixPHP Framework versions 2.x through 2.2.17 have an unsafe deserialization vulnerability. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object.
A vulnerability has been identified in the Linux kernel that involves missing packet data copying from the XDP buffer to the skb structure, leading to kernel memory leakage to user space. Additionally, improper skb recycling marking may corrupt the page pool state.
In the Linux kernel, a vulnerability in ip6_err_gen_icmpv6_unreach() fails to clear the cb[] field in skb2, allowing an attacker to craft a malicious ICMPv4 packet with a CIPSO option, leading to out-of-bounds read and potential security compromise.

