Aggregator

A vulnerability, which was classified as problematic, has been found in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. This vulnerability appears as CVE-2026-2536. The attack may be initiated remotely. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #749196 / VDB-346125

A vulnerability classified as critical was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub_44AB9C of the file /cgi-bin/mbox-config?method=SET&section=ptest_channel. The manipulation of the argument channel results in command injection. This vulnerability is reported as CVE-2026-2535. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub_44AC4C of the file /cgi-bin/mbox-config?method=SET&section=ptest_bandwidth. The manipulation of the argument bandwidth leads to command injection. This vulnerability is documented as CVE-2026-2534. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #748808 / VDB-346124

Submit #748807 / VDB-346124

A vulnerability described as critical has been identified in Tosei Self-service Washing Machine 4.02. Impacted is an unknown function of the file /cgi-bin/tosei_datasend.php. Executing a manipulation of the argument adr_txt_1 can lead to command injection. This vulnerability is registered as CVE-2026-2533. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #748784 / VDB-346123

Submit #748783 / VDB-346122

Всего одна неосторожная переписка разрушила теневую IT-империю.

A vulnerability marked as critical has been reported in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding_config.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. This vulnerability is cataloged as CVE-2026-2532. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

Submit #748771 / VDB-346121

A vulnerability labeled as critical has been found in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. This vulnerability is listed as CVE-2026-2531. The attack may be performed from remote. In addition, an exploit is available. It is best practice to apply a patch to resolve this issue.

Submit #748220 / VDB-346120

A vulnerability identified as critical has been detected in Wavlink WL-WN579A3 up to 20210219. This affects the function AddMac of the file /cgi-bin/wireless.cgi. This manipulation of the argument macAddr causes command injection. This vulnerability is tracked as CVE-2026-2530. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as critical has been discovered in Wavlink WL-WN579A3 up to 20210219. Affected by this issue is the function DeleteMac of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list results in command injection. This vulnerability is identified as CVE-2026-2529. The attack can be executed remotely. There is not any exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. It has been rated as critical. Affected by this vulnerability is the function Delete_Mac_list of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list leads to command injection. This vulnerability is referenced as CVE-2026-2528. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. It has been declared as critical. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command injection. The identification of this vulnerability is CVE-2026-2527. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. It has been classified as critical. This impacts the function multi_ssid of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument SSID2G2 results in command injection. This vulnerability was named CVE-2026-2526. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #748219 / VDB-346119