CVE Vulnerabilities - 10 April 2026

A flaw in the Totolink A7100RU router's password management system can allow an attacker to change administrator passwords without needing a password. This means an attacker could gain control of the ...

A security flaw in the Totolink A7100RU router's CGI Handler allows an attacker to execute arbitrary system commands over the internet. This could potentially allow an attacker to gain control of the ...

Hackers can potentially run unauthorized commands on the Totolink A7100RU router by manipulating a specific setting. This makes the router vulnerable to attacks from anywhere on the internet. Users sh...

A security issue in the Totolink A7100RU router's configuration tool allows hackers to remotely access and control the device. This means that an attacker can potentially take control of your router a...

A vulnerability in the Totolink A7100RU router's web interface allows an attacker to execute malicious commands on the device, potentially giving them control over the router. This could lead to unaut...

A security flaw in the Tenda F451 software version 1.0.0.7 allows a hacker to potentially take control of the device from a remote location. This could happen if the hacker knows how to manipulate the...

The Tenda F451 router's configuration page has a bug that can be exploited by a hacker to execute malicious code remotely. This means a hacker could potentially take control of the router. To protect ...

A bug in the Tenda F451 router's email filter can cause the device to crash if it receives a specially crafted email. This can happen remotely, and exploit code is now publicly available. Update your ...

A critical flaw in the Tenda F451 router's page handling code can allow an attacker to execute malicious code on the router. This could potentially allow the attacker to take control of the router. Up...

An attacker can intercept and modify encrypted data, potentially allowing them to access sensitive information. This affects users of wolfSSL, a cryptographic library used in various systems. To prote...

A vulnerability in wolfSSL's OpenSSL compatibility layer allows an attacker to create fake certificates that appear to be from a trusted CA. This could be used to impersonate a trusted website or serv...

A security update is available for Nginx, a popular web server software. This update fixes four security issues that could allow hackers to crash the server, modify files, or execute malicious code. T...

The Perfmatters plugin for WordPress is insecure, allowing attackers with Subscriber-level access to delete any file on the server. This could cause your website to stop working or behave unexpectedly...

The MagicINFO 9 Server has a default permission setting that could allow an attacker to gain elevated access to the system. This means that an unauthorized user could potentially get access to sensiti...

A flaw in wolfSSL's ChaCha20-Poly1305 decryption process can allow an attacker to tamper with encrypted data without being detected. This affects applications using the EVP API to decrypt data. To pro...

A security issue in wolfSSL's ECCSI signature verifier could allow an attacker to create fake signatures that can be used to impersonate anyone, even with limited information. This means an attacker c...

An attacker can modify any user's billing information by guessing or finding an incomplete order ID. This can happen because the plugin doesn't check if the user making the change is authorized to do ...

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: Nodejs denial of service (CVE-2026...

A security issue in Simple IT Discussion Forum 1.0 allows attackers to access sensitive database information. This could lead to unauthorized changes or theft of data. Update to the latest version of ...

An attacker with Contributor-level access or higher can inject malicious scripts into WordPress websites using the AddFunc Head & Footer Code plugin. This can happen when an administrator previews or ...

The Webling plugin for WordPress has a security flaw that allows hackers to inject malicious code into certain areas of the admin dashboard, potentially allowing them to take control of the site. This...

An attacker can exploit a flaw in CodeAstro Online Classroom to access sensitive information. This could happen if a malicious user manipulates certain input fields. To protect your data, update to th...

A flaw in the itsourcecode Construction Management System 1.0 allows an attacker to access sensitive information by manipulating a file deletion function. This could put your company's data at risk. U...

A security flaw in Patient Record Management System 1.0 allows hackers to potentially inject malicious data into the system. This could compromise sensitive patient information. Update the software to...

A security issue has been discovered in the Patient Record Management System 1.0. If an attacker manipulates certain data, they may be able to access sensitive patient information without permission. ...