๐ CVE-2026-29972 - High (8.2)
nanoMODBUS through v1.22.0 has a stack-based buffer overflow in recv_read_registers_res() in nanomodbus.c. When a client calls nmbs_read_holding_registers() or nmbs_read_input_registers(), the library writes register data from the server response ...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-29972/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-29975 - High (7.5)
lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser (lwjson_stream.c). The end-of-string detection logic incorrectly identifies escaped quote characters by only checking the immediately preceding character...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-29975/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-29974 - High (7.5)
An issue was discovered in kosma minmea 0.3.0. The minmea_scan functions format specifier copies NMEA field data to a caller-provided buffer without a size parameter. Applications using minmea_scan on untrusted input are vulnerable to a stack buff...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-29974/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-41883 - High (8.1)
OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution (RCE). This affects applications that use CDNResourceHandler with a wildcar...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-41883/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-41693 - High (8.2)
i18next-fs-backend is a backend layer for i18next using in Node.js and for Deno to load translations from the filesystem. Prior to version 2.6.4, i18next-fs-backend substitutes the lng and ns options directly into the configured loadPath / addPath...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-41693/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ด CVE-2026-38360 - Critical (9.8)
Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, aseHttpRequestHandler.get_temp_root(), BaseHttpRequestHandler._po...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-38360/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ด CVE-2026-42072 - Critical (9.8)
Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag (and NORNICDB_ADDRESS / server.host config key) is plumbed through ...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-42072/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-6659 - High (7.5)
Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts.
The built-in rand function is predictable, and unsuitable for cryptography.
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-6659/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-29203 - High (8.8)
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user place...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-29203/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-29202 - High (8.8)
Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user.
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-29202/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
TheHackerWire