π CVE-2026-22720 - High (8)
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations.
To remediate CV...
π https://www.thehackerwire.com/vulnerability/CVE-2026-22720/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-27732 - High (8.1)
WWBN AVideo is an open source video platform. Prior to version 22.0, the `aVideoEncoder.json.php` API endpoint accepts a `downloadURL` parameter and fetches the referenced resource server-side without proper validation or an allow-list. This allow...
π https://www.thehackerwire.com/vulnerability/CVE-2026-27732/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2025-63409 - High (8.8)
Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials.
π https://www.thehackerwire.com/vulnerability/CVE-2025-63409/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π΄ CVE-2025-69985 - Critical (9.8)
FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate interna...
π https://www.thehackerwire.com/vulnerability/CVE-2025-69985/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-27732 - High (8.1)
WWBN AVideo is an open source video platform. Prior to version 22.0, the `aVideoEncoder.json.php` API endpoint accepts a `downloadURL` parameter and fetches the referenced resource server-side without proper validation or an allow-list. This allow...
π https://www.thehackerwire.com/vulnerability/CVE-2026-27732/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2025-63409 - High (8.8)
Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials.
π https://www.thehackerwire.com/vulnerability/CVE-2025-63409/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π΄ CVE-2025-69985 - Critical (9.8)
FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate interna...
π https://www.thehackerwire.com/vulnerability/CVE-2025-69985/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-25164 - High (8.1)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in `apis/routes/_rest_routes_standard.inc.php` does not call `RestConfig::request_authorizati...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25164/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π΄ CVE-2026-24908 - Critical (9.9)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows authenticated users with API access to execute ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-24908/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-24890 - High (8.1)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature endpoint allows authenticated portal users to up...
π https://www.thehackerwire.com/vulnerability/CVE-2026-24890/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
TheHackerWire