CVE Vulnerabilities - 10 April 2026

A flaw in the Totolink A7100RU router's password management system can allow an attacker to change administrator passwords without needing a password. This means an attacker could gain control of the ...

A security flaw in the Totolink A7100RU router's CGI Handler allows an attacker to execute arbitrary system commands over the internet. This could potentially allow an attacker to gain control of the ...

Hackers can potentially run unauthorized commands on the Totolink A7100RU router by manipulating a specific setting. This makes the router vulnerable to attacks from anywhere on the internet. Users sh...

A security issue in the Totolink A7100RU router's configuration tool allows hackers to remotely access and control the device. This means that an attacker can potentially take control of your router a...

A vulnerability in the Totolink A7100RU router's web interface allows an attacker to execute malicious commands on the device, potentially giving them control over the router. This could lead to unaut...

A security flaw in the Tenda F451 software version 1.0.0.7 allows a hacker to potentially take control of the device from a remote location. This could happen if the hacker knows how to manipulate the...

The Tenda F451 router's configuration page has a bug that can be exploited by a hacker to execute malicious code remotely. This means a hacker could potentially take control of the router. To protect ...

A bug in the Tenda F451 router's email filter can cause the device to crash if it receives a specially crafted email. This can happen remotely, and exploit code is now publicly available. Update your ...

A critical flaw in the Tenda F451 router's page handling code can allow an attacker to execute malicious code on the router. This could potentially allow the attacker to take control of the router. Up...

A security update is available for Nginx, a popular web server software. This update fixes four security issues that could allow hackers to crash the server, modify files, or execute malicious code. T...

The Perfmatters plugin for WordPress is insecure, allowing attackers with Subscriber-level access to delete any file on the server. This could cause your website to stop working or behave unexpectedly...

The MagicINFO 9 Server has a default permission setting that could allow an attacker to gain elevated access to the system. This means that an unauthorized user could potentially get access to sensiti...

An attacker can modify any user's billing information by guessing or finding an incomplete order ID. This can happen because the plugin doesn't check if the user making the change is authorized to do ...

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: Nodejs denial of service (CVE-2026...

A security issue in Simple IT Discussion Forum 1.0 allows attackers to access sensitive database information. This could lead to unauthorized changes or theft of data. Update to the latest version of ...

The Webling plugin for WordPress has a security flaw that allows hackers to inject malicious code into certain areas of the admin dashboard, potentially allowing them to take control of the site. This...

A vulnerability in JeecgBoot's announcement system can allow an attacker to access unauthorized areas. This could potentially lead to sensitive information being viewed or modified without permission....

The wolfSSL TLS 1.3 implementation for post-quantum cryptography has a bug that allows sensitive data to be leaked. This is a security risk because it could potentially expose confidential information...

A specific input can cause wolfSSL to access memory it shouldn't. When using wolfSSL with certain experimental features enabled, a crafted certificate can cause the software to accidentally read memor...

The Royal WordPress Backup & Restore Plugin is at risk of being exploited if an administrator is tricked into clicking on a malicious link. Attackers could inject malicious scripts into the plugin's i...

The WP-Optimize plugin for WordPress has a security issue that lets users with basic access levels perform actions reserved for administrators, such as accessing logs, deleting files, and modifying se...

A critical issue has been discovered in the CowAgent component of ChatGPT on WeChat, which could allow an attacker to access files on your system. This means that a hacker could potentially access sen...

This plugin for WooCommerce has a security weakness that lets anyone submit, modify, or inject fake reviews for any product without needing a password. This can happen because the plugin doesn't prope...

An unknown function in the SQL Database Backup File Handler of Code-projects Online Library Management System 1.0 can leak sensitive information. This could happen if an attacker remotely exploits a p...

The UsersWP plugin for WordPress is affected by a security flaw that allows attackers with subscriber-level access to delete sensitive user information. This can happen when an attacker uses the plugi...