🟠 CVE-2026-4946 - High (8.8)

Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation (which ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4946/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-0558 - High (7.5)

A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the `/api/files/extract-text` endpoint. This endpoint does not enforce authentication, unlike other file-relate...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0558/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-0562 - High (8.3)

A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The `respond_request()` function in `backend/routers/friends.py` does not impleme...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0562/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-0560 - High (7.5)

A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to validat...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0560/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-34005 - High (8.8)

In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol (TCP port 34567) request to the NetWork.NetCommon...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34005/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-5046 - High (8.8)

A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component Parameter Handler. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5046/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-5045 - High (8.8)

A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer over...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5045/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

CVE Alert: CVE-2026-5036 - Tenda - 4G06 - https://www.redpacketsecurity.com/cve-alert-cve-2026-5036-tenda-4g06/

#OSINT #ThreatIntel #CyberSecurity #cve-2026-5036 #tenda #4g06

CVE Alert: CVE-2026-5021 - Tenda - F453 - https://www.redpacketsecurity.com/cve-alert-cve-2026-5021-tenda-f453/

#OSINT #ThreatIntel #CyberSecurity #cve-2026-5021 #tenda #f453

🔴 CVE-2026-32922 - Critical (9.9)

OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current s...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32922/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack