2174 items
Unread (2164) All Dismissed
HIGH
CVE-2026-5363 (CVSS 8.8) — Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allow...
NVD CVE-2026-5363 52d ago
HIGH
CVE-2026-33805 (CVSS 8.6) — @fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the clie...
NVD CVE-2026-33805 53d ago
CRITICAL
CVE-2026-33808 (CVSS 9.1) — Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express mid...
NVD CVE-2026-33808 53d ago
HIGH
Patch Tuesday, April 2026 Edition
Krebs breachesthreat-actorszero-day 53d ago
HIGH
CVE-2026-27289 (CVSS 7.8) — Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when...
NVD CVE-2026-27289 53d ago
MEDIUM
CVE-2026-40447 (CVSS 5.1) — Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavi...
NVD CVE-2026-40447 55d ago
MEDIUM
CVE-2026-40446 (CVSS 6.9) — Access of resource using incompatible type ('type confusion') vulnerability in Samsung Open Source E...
NVD CVE-2026-40446 55d ago
MEDIUM
CVE-2026-25204 (CVSS 6.2) — Deserialization of untrusted data vulnerability in Samsung Open Source Escargot Java Script allows d...
NVD CVE-2026-25204 55d ago
HIGH
CVE-2026-32146 (CVSS 7.8) — Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows a...
NVD CVE-2026-32146 57d ago
HIGH
CVE-2026-40180 (CVSS 7.5) — Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs gen...
NVD CVE-2026-40180 57d ago
CRITICAL
CVE-2026-6068 (CVSS 9.6) — NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling ...
NVD CVE-2026-6068 58d ago
HIGH
CVE-2021-47961 (CVSS 8.1) — A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows ...
NVD CVE-2021-47961 58d ago
MEDIUM
CVE-2026-5525 (CVSS 6) — A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handl...
NVD CVE-2026-5525 58d ago
CRITICAL
CVE-2026-5194 (CVSS 9.1) — Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA cert...
NVD CVE-2026-5194 58d ago
HIGH
CVE-2026-40072 (CVSS 7.2) — web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.1...
NVD CVE-2026-40072 58d ago
MEDIUM
CVE-2026-4878 (CVSS 6.7) — A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TO...
NVD CVE-2026-4878 58d ago
CRITICAL
CVE-2025-62718 (CVSS 9.9) — Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios ...
NVD CVE-2025-62718 59d ago
HIGH
CVE-2026-5883 (CVSS 8.8) — Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute...
NVD CVE-2026-5883 59d ago
HIGH
CVE-2026-32590 (CVSS 7.1) — A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload p...
NVD CVE-2026-32590 59d ago
MEDIUM
CVE-2026-4837 (CVSS 6.6) — An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions cou...
NVD CVE-2026-4837 59d ago
INFO
Russia Hacked Routers to Steal Microsoft Office Tokens
Krebs breachesthreat-actorsnation-state 60d ago
MEDIUM
CVE-2026-4931 (CVSS 6.8) — Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt posit...
NVD CVE-2026-4931 60d ago
HIGH
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
Krebs breachesthreat-actorsransomware 62d ago
HIGH
CVE-2026-34769 (CVSS 7.7) — Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and C...
NVD CVE-2026-34769 64d ago
HIGH
CVE-2026-31399 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use a...
NVD CVE-2026-31399 64d ago
HIGH
CVE-2026-31395 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: bnxt_en: fix OOB access in DBG_...
NVD CVE-2026-31395 64d ago
HIGH
CVE-2026-23454 (CVSS 7) — In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free i...
NVD CVE-2026-23454 64d ago
HIGH
CVE-2026-23448 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffse...
NVD CVE-2026-23448 64d ago
HIGH
CVE-2026-5463 (CVSS 8.6) — Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version...
NVD CVE-2026-5463 65d ago
HIGH
CVE-2026-35535 (CVSS 7.4) — In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a ...
NVD CVE-2026-35535 65d ago
HIGH
CVE-2025-15620 (CVSS 8.6) — HiOS Switch Platform versions 09.1.00 through 09.4.04 and 10.0.00 through 10.3.00 contain a denial-o...
NVD CVE-2025-15620 65d ago
HIGH
CVE-2026-32145 (CVSS 0) — Allocation of Resources Without Limits or Throttling vulnerability in gleam-wisp wisp allows a denia...
NVD CVE-2026-32145 66d ago
MEDIUM
CVE-2026-34531 (CVSS 6.5) — Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to versi...
NVD CVE-2026-34531 66d ago
HIGH
CVE-2026-34072 (CVSS 8.3) — Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log ...
NVD CVE-2026-34072 66d ago
MEDIUM
CVE-2026-5119 (CVSS 5.9) — A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensit...
NVD CVE-2026-5119 69d ago
CRITICAL
CVE-2026-33728 (CVSS 9.8) — dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to...
NVD CVE-2026-33728 72d ago
HIGH
CVE-2026-34352 (CVSS 8.5) — In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the ...
NVD CVE-2026-34352 72d ago
MEDIUM
CVE-2026-2100 (CVSS 5.3) — A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_Der...
NVD CVE-2026-2100 72d ago
HIGH
CVE-2026-0966 (CVSS 8.2) — A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service w...
NVD CVE-2026-0966 72d ago
CRITICAL
CVE-2026-26213 (CVSS 9.8) — thingino-firmware versions up to the firmware-2026-03-16 release contains an unauthenticated os comm...
NVD CVE-2026-26213 72d ago
HIGH
CVE-2026-32846 (CVSS 7.5) — OpenClaw before 2026.3.28 contains a path traversal vulnerability in media parsing that allows attac...
NVD CVE-2026-32846 72d ago
MEDIUM
CVE-2026-4887 (CVSS 6.1) — A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an of...
NVD CVE-2026-4887 73d ago
HIGH
CVE-2026-3104 (CVSS 7.5) — A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying ...
NVD CVE-2026-3104 74d ago
HIGH
CVE-2026-23327 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: cxl/mbox: validate payload size...
NVD CVE-2026-23327 74d ago
HIGH
CVE-2026-23305 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in ...
NVD CVE-2026-23305 74d ago
HIGH
CVE-2026-23281 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix use-after-f...
NVD CVE-2026-23281 74d ago
CRITICAL
CVE-2026-4698 (CVSS 9.8) — JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox ...
NVD CVE-2026-4698 75d ago
HIGH
CVE-2019-25634 (CVSS 8.4) — Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attacker...
NVD CVE-2019-25634 75d ago
INFO
‘CanisterWorm’ Springs Wiper Attack Targeting Iran
Krebs breachesthreat-actors 75d ago
INFO
CVE-2026-32067 (CVSS 3.7) — OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability in the pairing-st...
NVD CVE-2026-32067 78d ago
HIGH NVD Thu, 16 Apr 2026 00:16:29 UTC
CVE-2026-5363 (CVSS 8.8) — Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allow...
https://nvd.nist.gov/vuln/detail/CVE-2026-5363
TL;DR
Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to intercept network traffic could potentially perform a brute-force or factorization attack against the 1024…
CVE-2026-5363
Read full story ↗