🟠 CVE-2026-5548 - High (8.8)

A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overf...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5548/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-5550 - High (8.8)

A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endp...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5550/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-5544 - High (8.8)

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5544/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-4636 - High (8.1)

A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, ev...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4636/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-4634 - High (7.5)

A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect (OIDC) token endpoint. This leads to high resource ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4634/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-28805 - High (8.8)

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, multiple AJAX select handlers in OpenSTAManager are vulnerable to Time-Based Blind SQL Injection through the options[stato] GET p...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28805/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2026-2701 - Critical (9.1)

Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2701/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2026-2699 - Critical (9.8)

Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2699/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-31933 - High (7.5)

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been patched in versions 7.0.15 and 8.0.4.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31933/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-4896 - High (8.1)

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions includ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4896/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack