Security Vulnerabilities
A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-03-12
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
CVSS Score
9.9
EPSS Score
0.003
Published
2026-03-12
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
CVSS Score
9.9
EPSS Score
0.003
Published
2026-03-12
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-03-12
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
CVSS Score
9.9
EPSS Score
0.003
Published
2026-03-12
A vulnerability allowing a low-privileged user to extract saved SSH credentials.
CVSS Score
7.7
EPSS Score
0.0
Published
2026-03-12
A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.
CVSS Score
9.1
EPSS Score
0.003
Published
2026-03-12
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user.
CVSS Score
5.8
EPSS Score
0.004
Published
2026-03-12
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.
CVSS Score
9.8
EPSS Score
0.012
Published
2026-03-12
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.
CVSS Score
9.8
EPSS Score
0.007
Published
2026-03-12