Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.3 CVE-2026-49191

Exposed Hard-coded M3WebServer Backend API Key_CVE-2026-49191

The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages.

Acer Connect M6E 5G Portable WiFi Router * CVE
CRITICAL 9.4 CVE-2026-49190

Missing Per-Instruction Authorization Checks_CVE-2026-49190

The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application instal...

Acer Connect M6E 5G Portable WiFi Router * CVE
NONE THN:1914490991B...

DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets_THN:1914490991B466716EED3AB4A2342670

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTf5wAHnoXtVauiln2MwlVvLc4LxcL8SBTLuW648LfFhUd8QyuOUfjmg0Hd91QlksmWF2u-PQhxHDTDmseMI...

N/A N/A THN
CRITICAL 9.8 021063E9-0EFC-

Exploit for SQL Injection in Wpdeveloper Notificationx_021063E9-0EFC-5BB3-A717-3C9223961E61

CVE-2024-1698 – NotificationX WordPress Plugin SQL Injection Time‑Based Blind Unauthenticated Time‑Based Blind SQL Injection → Extract admin userna...

N/A N/A GITHUBEXPLOIT
NONE 74A7BA4E-D496-

Exploit for CVE-2026-49975_74A7BA4E-D496-587B-A72A-FA0BE663F994

CVE-2026-49975 — HTTP/2 Bomb PoC Proof-of-concept exploit for CVE-2026-49975, a remote denial-of-service vulnerability in HTTP/2 server implementat...

N/A N/A GITHUBEXPLOIT
MEDIUM 5.8 CVE-2026-46447

CVE-2026-46447_CVE-2026-46447

OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.

OpenStack Ironic 17.0.0 CVE
HIGH 8.6 CVE-2026-49186

Lack of MQTT Broker Topic Access Control Lists_CVE-2026-49186

The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or...

Acer Connect M6E 5G Portable WiFi Router * CVE
CRITICAL 10 CVE-2026-49185

Instruction Injection via FieldX MDM_CVE-2026-49185

The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection.

Acer Connect M6E 5G Portable WiFi Router * CVE
MEDIUM 5.9 CVE-2026-48681

CVE-2026-48681_CVE-2026-48681

OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.

OpenStack Ironic 17.0.0 CVE
MEDIUM 4.9 CVE-2026-44917

CVE-2026-44917_CVE-2026-44917

OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_temp...

OpenStack Ironic 17.0.0 CVE