2026-04-10
2026-04-10 02:16Z
HIGH

CVE-2026-4351 — Perfmatters: The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4351

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the `PMCS::action_handler()` method processing the bulk action `activate`/`deactivate` handlers without any authorization check or nonce verification. The `$_GET['snippets'][]` values are passed unsanitized to `Snippet::activate()`/`Snippet::deactivate()` which call `Snippet::update()` then `file_put_contents()` with the CVSSv3.1 8.1 (HIGH) · EPSS 19th percentile

CWECWE 22VNDPerfmattersTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-10
2026-04-10 01:16Z
CRIT

CVE-2026-5995 — Executing a manipulation of the argument lan_info can lead to os command injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5995

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument lan_info can lead to os command injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77CWECWE 78TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-10
2026-04-10 01:16Z
CRIT

CVE-2026-5994 — Performing a manipulation of the argument telnet_enabled results in os command injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5994

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument telnet_enabled results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77CWECWE 78TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-10
2026-04-10 01:16Z
CRIT

CVE-2026-5993 — Totolink: Such manipulation of the argument wifiOff leads to os command injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5993

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wifiOff leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77CWECWE 78VNDTotolinkTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-10
2026-04-10 00:16Z
HIGH

CVE-2026-5992 — Tenda: This manipulation of the argument page causes stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5992

A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2pListFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119VNDTendaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-10
2026-04-10 00:16Z
HIGH

CVE-2026-5991 — Tenda: The manipulation of the argument GO results in stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5991

A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119VNDTendaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-10
2026-04-10 00:16Z
HIGH

CVE-2026-5990 — The manipulation of the argument page leads to stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5990

A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-04-10
2026-04-10 00:16Z
HIGH

CVE-2026-5989 — Executing a manipulation of the argument page can lead to stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5989

A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-10
2026-04-10 00:16Z
CRIT

CVE-2026-5393 — Wolfssl Wolfssl: Dual-Algorithm CertificateVerify out-of-bounds read.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5393

Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL. CVSSv3.1 9.1 (CRITICAL) · EPSS 13th percentile

CWECWE 125VNDDualVNDWolfsslTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-09
2026-04-09 23:17Z
HIGH

CVE-2026-5988 — Tenda: Performing a manipulation of the argument mit_ssid results in stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5988

A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Performing a manipulation of the argument mit_ssid results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119VNDTendaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-09
2026-04-09 23:17Z
CRIT

CVE-2026-5503 — Wolfssl Wolfssl: In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5503

In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL. This caused TLSX_UseSNI to attach the attacker-controlled publicName to the shared WOLFSSL_CTX when no inner SNI was configured. TLSX_EchRestoreSNI then failed to clean it up because its removal was gated on serverNameX != NULL. The inner ClientHello was sized before the pollution but written after it, causing TLSX_SNI_Write to memcpy 255 bytes past the allocatio CVSSv3.1 9.1 (CRITICAL) · EPSS 17th percentile

CWECWE 787VNDWolfsslVNDTlsx EchchangesniTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-09
2026-04-09 23:17Z
HIGH

CVE-2026-5295 — Wolfssl Wolfssl: A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() function in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5295

A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() function in wolfcrypt/src/pkcs7.c. When processing a CMS EnvelopedData message containing an OtherRecipientInfo (ORI) recipient, the function copies an ASN.1-parsed OID into a fixed 32-byte stack buffer (oriOID[MAX_OID_SZ]) via XMEMCPY without first validating that the parsed OID length does not exceed MAX_OID_SZ. A crafted CMS EnvelopedData message with an ORI recipient containing a CVSSv3.1 8.0 (HIGH) · EPSS 5th percentile

CWECWE 121VNDWolfsslTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2026-04-09
2026-04-09 23:17Z
CRIT

CVE-2026-34424 — Smart: Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34424

Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via HTTP headers, establish authenticated backdoors accepting arbitrary PHP code or OS commands, create hidden administrator accounts, exfiltrate credentials and access keys, and maintain CVSSv3.1 9.8 (CRITICAL)

CWECWE 506VNDSmartTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-09
2026-04-09 22:16Z
HIGH

CVE-2026-5984 — The manipulation of the argument curTime leads to buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5984

A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formSetLog of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. CVSSv3.1 8.8 (HIGH)

CWECWE 120CWECWE 119TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-09
2026-04-09 22:16Z
HIGH

CVE-2026-5983 — Executing a manipulation of the argument curTime can lead to buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5983

A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. CVSSv3.1 8.8 (HIGH)

CWECWE 120CWECWE 119TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-09
2026-04-09 22:16Z
HIGH

CVE-2026-5982 — Performing a manipulation of the argument curTime results in buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5982

A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file /goform/formAdvNetwork of the component POST Request Handler. Performing a manipulation of the argument curTime results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. CVSSv3.1 8.8 (HIGH)

CWECWE 120CWECWE 119TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-09
2026-04-09 22:16Z
HIGH

CVE-2026-5981 — Such manipulation of the argument curTime leads to buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5981

A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform/formAdvFirewall of the component POST Request Handler. Such manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. CVSSv3.1 8.8 (HIGH)

CWECWE 120CWECWE 119TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-09
2026-04-09 22:16Z
CRIT

CVE-2026-5264 — Wolfssl Wolfssl: Heap buffer overflow in DTLS 1.3 ACK message processing.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5264

Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow. CVSSv3.1 9.8 (CRITICAL) · EPSS 47th percentile

CWECWE 122VNDHeapVNDWolfsslTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-09
2026-04-09 22:16Z
CRIT

CVE-2026-40154 — PraisonAI: Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40154

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through malicious templates. This vulnerability is fixed in 4.5.128. CVSSv3.1 9.3 (CRITICAL)

CWECWE 829VNDPraisonaiTYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2026-04-09
2026-04-09 22:16Z
HIGH

CVE-2026-40113 — PraisonAI: Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40113

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openai_model, openai_key, and openai_base without validating that these values do not contain commas. gcloud uses a comma as the key-value pair separator for --set-env-vars. A comma in any of the three values causes gcloud to parse the trailing text as additional KEY=VALUE definitions, injec CVSSv3.1 8.4 (HIGH)

CWECWE 88VNDPraisonaiTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-04-09
2026-04-09 22:16Z
HIGH

CVE-2026-35645 — OpenClaw: before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35645

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to execute privileged operations with unintended administrative scope. CVSSv3.1 8.1 (HIGH)

CWECWE 648VNDOpenclawTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-09
2026-04-09 22:16Z
HIGH

CVE-2026-35639 — OpenClaw: before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35639

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation to escalate privileges to operator.admin and achieve remote code execution on the Node infrastructure. CVSSv3.1 8.8 (HIGH)

CWECWE 648VNDOpenclawTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-09
2026-04-09 22:16Z
HIGH

CVE-2026-35638 — OpenClaw: before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35638

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated sessions to retain self-declared privileged scopes without device identity verification. Attackers can exploit the device-less allow path in the trusted-proxy mechanism to maintain elevated permissions by declaring arbitrary scopes, bypassing device identity requirements. CVSSv3.1 8.8 (HIGH)

CWECWE 286VNDOpenclawTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-09
2026-04-09 22:16Z
HIGH

CVE-2026-34512 — OpenClaw: before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34512

OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation. Attackers can exploit this by sending authenticated requests to kill arbitrary subagent sessions via the killSubagentRunAdmin function, bypassing ownership and operator scope restrictions. CVSSv3.1 8.1 (HIGH)

CWECWE 863VNDOpenclawTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-09
2026-04-09 22:16Z
HIGH

CVE-2026-33785 — Authorization: A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33785

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices. Any user logged in, without requiring specific privileges, can issue 'request csds' CLI operational commands. These commands are only meant to be executed by high privileged or users designated for Juniper Device Manager (JDM) / Connected Secu CVSSv3.1 8.8 (HIGH)

CWECWE 862TYPVulnerability
8.8
CVSS v3.1
94
Edit Score