| Website | https://www.thehackerwire.com/ |
| X | https://x.com/TheHackerWire |
π΄ CVE-2026-5852 - Critical (9.8)
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument igmpVer causes os command injection. The ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-5852/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π΄ CVE-2026-5854 - Critical (9.8)
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument merge results in ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-5854/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π΄ CVE-2026-5853 - Critical (9.8)
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument addr...
π https://www.thehackerwire.com/vulnerability/CVE-2026-5853/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-5301 - High (7.6)
Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0 allows unauthenticated attackers to take over the service via malicious JavaScript in poisoned log entries
π https://www.thehackerwire.com/vulnerability/CVE-2026-5301/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-39394 - High (8.1)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Install::index() controller reads the host POST parameter without any validation a...
π https://www.thehackerwire.com/vulnerability/CVE-2026-39394/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-39393 - High (8.1)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the install route guard in ci4ms relies solely on a volatile cache check (cache('setti...
π https://www.thehackerwire.com/vulnerability/CVE-2026-39393/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-33461 - High (7.7)
Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse (CAPEC-122). A user with limited Fleet privileges can exploit an internal API endpoint to retrieve sensitive configuration data, including private k...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33461/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-4498 - High (7.7)
Execution with Unnecessary Privileges (CWE-250) in Kibanaβs Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse (CAPEC-122). This requires an authenticated Kibana user wi...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4498/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-33756 - High (7.5)
Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Saleor supports query batching by submitting multiple GraphQL operations in a single HTTP request as a JSON array but wasn't enforcing any upper limit...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33756/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-33466 - High (8.1)
Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal (CAPEC-139). The archive extraction utilities used by Logstash do n...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33466/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
