Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 12 March 2026
RSS830 vulnerabilities published on 12 March 2026
Severity:
Tenda i12 Router: Remote Attack via Malicious Wi-Fi Network Request
CVE-2026-4043
A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). The impacted element is the function formwrlSSIDget of the file /goform/wifiSSI...
7.4
Tenda i12 Router Allows Remote Code Execution
CVE-2026-4042
A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function formWifiMacFilterGet of the file /goform/WifiMacFilter...
7.4
Tenda i12 Router: Unsecured Code Allows Remote Attack
CVE-2026-4041
A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/exeCommand. The manipulation o...
7.4
Microsoft Azure Backup Server allows authenticated users to manipulate files
CVE-2026-21668
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository....
8.8
Tenda W3 Router Allows Remote Attack via Malicious Network Request
CVE-2026-4008
A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Para...
7.4
Tenda W3 Router Allows Remote Attackers to Crash the Device
CVE-2026-4007
A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST ...
7.4
D-Link DIR-513: Remote Attack Can Crash the Router
CVE-2026-3978
A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipul...
7.4
Tenda W3 Router Allows Remote Code Execution
CVE-2026-3976
A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the co...
7.4
Tenda W3 Router: Remote Attack Possible Through Malformed Network Request
CVE-2026-3975
A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterG...
7.4
Tenda W3 1.0.0.3(2204) allows remote code execution through HTTP request
CVE-2026-3974
A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the...
7.4
Tenda W3 Router: Unsecured Remote Code Execution
CVE-2026-3973
A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component P...
7.4
Tenda W3 Router: Local Network Access Risk
CVE-2026-3972
A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTT...
8.7
Tenda i3 Router: Remote Attack Possible Through Wi-Fi Settings
CVE-2026-3971
A vulnerability has been found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDse...
7.4
Tenda i3 1.0.0.6 (2204) Wi-Fi Configuration Data Exposed to Remote Attack
CVE-2026-3970
A flaw has been found in Tenda i3 1.0.0.6(2204). Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. Executing a manipulation of ...
7.4
Apple Products: Memory Corruption from Malicious Web Content
CVE-2023-43010
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 an...
8.8
Black: Untrusted user input can write files anywhere on your system
GHSA-3936-cmfr-pm3m
CVE-2026-32274
### Impact
Black writes a cache file, the name of which is computed from various formatting options. The value of the `--python-cell-magics` option w...
8.7
Trane HVAC System Software Denial-of-Service Risk
CVE-2026-28253
A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attack...
8.7
Tornado: Large Multipart Files Can Cause Server Crash
CVE-2026-31958
GHSA-qjxf-f2mg-c6mc
In versions of Tornado prior to 6.5.5, the only limit on the number of parts in `multipart/form-data` is the `max_body_size` setting (default 100MB). ...
8.7
Flowmon ADS: Unauthorized Code Execution via Malicious Network Data
CVE-2026-2514
In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vulnerability exists whereby an adversary with access to Flowmon monitoring ports may c...
8.6
Flowmon ADS Security Risk: Malicious Link Attack
CVE-2026-2513
A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by a...
8.6
TP-Link TL-MR6400 Router Telnet Interface Allows Unauthorized Code Execution
CVE-2026-3841
A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by i...
8.5
Tinyauth: TOTP Bypass with User Password and Authorization Code
GHSA-3q28-qjrv-qr39
CVE-2026-32246
### Summary
The OIDC authorization endpoint allows users with a TOTP-pending session (password verified, TOTP not yet completed) to obtain authorizat...
8.5
TinaCMS Development Server Exposes Sensitive Files to Unauthenticated Access
CVE-2026-28793
GHSA-2f24-mg4x-534q
Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path t...
8.4
NEXULEAN (2.0.0 and earlier) Exposes API Keys to Unauthorized Access
CVE-2026-32138
NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vuln...
8.2
Trane Tracer SC: Hard-coded Credentials Exposed
CVE-2026-28255
A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive infor...
8.2