π΄ CVE-2026-7719 - Critical (9.8)
A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument http_host results i...
π https://www.thehackerwire.com/vulnerability/CVE-2026-7719/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-31700 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd()
In tpacket_snd(), when PACKET_VNET_HDR is enabled, vnet_hdr points
directly into the mmap'd TX ring buffer shared...
π https://www.thehackerwire.com/vulnerability/CVE-2026-31700/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-31695 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free
Currently we execute `SET_NETDEV_DEV(dev, &priv->lowerdev->dev)` for
the virt_wifi net devices. However, unregiste...
π https://www.thehackerwire.com/vulnerability/CVE-2026-31695/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π΄ CVE-2026-42364 - Critical (9.9)
An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to tr...
π https://www.thehackerwire.com/vulnerability/CVE-2026-42364/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π΄ CVE-2026-7161 - Critical (9.3)
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigge...
π https://www.thehackerwire.com/vulnerability/CVE-2026-7161/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π΄ CVE-2026-42370 - Critical (9)
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigge...
π https://www.thehackerwire.com/vulnerability/CVE-2026-42370/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-42365 - High (8.6)
A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to tr...
π https://www.thehackerwire.com/vulnerability/CVE-2026-42365/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π΄ CVE-2026-42364 - Critical (9.9)
An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to tr...
π https://www.thehackerwire.com/vulnerability/CVE-2026-42364/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π΄ CVE-2026-7372 - Critical (9)
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigge...
π https://www.thehackerwire.com/vulnerability/CVE-2026-7372/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π΄ CVE-2026-7161 - Critical (9.3)
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigge...
π https://www.thehackerwire.com/vulnerability/CVE-2026-7161/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-32974 - High (8.6)
OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forge...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32974/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
TheHackerWire