🟠 CVE-2026-43938 - High (8.1)
YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5 and 3.2.12, the application's database logger (YAFNET.Core/Logger/DbLogger.cs) captures the incoming request's User-Agent header into a JObject, serializes it with JsonConvert, an...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-43938/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
🟠 CVE-2026-42260 - High (8.2)
Open-WebSearch is a multi-engine MCP server, CLI, and local daemon for agent web search and content retrieval. Prior to 2.1.7, isPublicHttpUrl / assertPublicHttpUrl in src/utils/urlSafety.ts do not recognize bracketed IPv6 literals and do not reso...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42260/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
🟠 CVE-2026-8110 - High (7.8)
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8110/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
🔴 CVE-2025-6577 - Critical (9.8)
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection.
This issue affects E-Commerce Website: before 4.5.001.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-6577/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
🔴 CVE-2025-40949 - Critical (9.1)
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGED...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-40949/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
🟠 CVE-2026-43938 - High (8.1)
YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5 and 3.2.12, the application's database logger (YAFNET.Core/Logger/DbLogger.cs) captures the incoming request's User-Agent header into a JObject, serializes it with JsonConvert, an...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-43938/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
🟠 CVE-2026-43937 - High (8.8)
YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5, Any admin OnPost… handler executes its side effects before the ResultFilterAttribute rewrites the response to a 302 to /Info/4. The most impactful abuse is /Admin/RunSql, whose...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-43937/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
🟠 CVE-2026-42260 - High (8.2)
Open-WebSearch is a multi-engine MCP server, CLI, and local daemon for agent web search and content retrieval. Prior to 2.1.7, isPublicHttpUrl / assertPublicHttpUrl in src/utils/urlSafety.ts do not recognize bracketed IPv6 literals and do not reso...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42260/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
🟠 CVE-2026-8110 - High (7.8)
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8110/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
🔴 CVE-2026-8043 - Critical (9.6)
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8043/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
TheHackerWire