🔴 CVE-2026-1181 - Critical (9)

A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing server-side input sanitization in forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts, which is stored and execu...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1181/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-1156 - High (8.8)

A vulnerability was determined in Totolink LR350 9.3.5u.6369_B20220309. Affected by this issue is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid causes buffer overflow. It is possible to initi...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1156/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2026-23839 - Critical (9.3)

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is `?categoryUpdated=`...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23839/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2026-23836 - Critical (9.9)

HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23836/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack