Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.1 CVE-2026-40941

Cacti: Package Import Signature Validation Bypass Allows Self-Signed Packages_CVE-2026-40941

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass all...

Cacti cacti < 1.2.31 CVE
MEDIUM 6.5 CVE-2026-40084

Cacti: Arbitrary File Read via Path Traversal in Report `format_file` Parameter_CVE-2026-40084

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report ...

Cacti cacti < 1.2.31 CVE
HIGH 7.2 CVE-2026-40083

Cacti: SQL Injection in managers.php_CVE-2026-40083

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+im...

Cacti cacti < 1.2.31 CVE
MEDIUM 5.4 CVE-2026-40082

Cacti: Session Fixation via missing session_regenerate_id() after login_CVE-2026-40082

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing session_regenerate_id() after login, lea...

Cacti cacti < 1.2.31 CVE
CRITICAL 9.2 CVE-2026-9222

Setracker2 Children’s Smartwatch Ecosystem Use of password hash instead of password for authentication_CVE-2026-9222

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend serv...

Shenzhen i365-Tech Co. Ltd. Setracker2 Parental Control App (Android) package com.tgelec.setracker 3.1.5 CVE
HIGH 8.7 CVE-2026-9221

Setracker2 Children’s Smartwatch Ecosystem Use of a Broken or Risky Cryptographic Algorithm_CVE-2026-9221

The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating ...

Shenzhen i365-Tech Co. Ltd. Setracker2 Parental Control App (Android) package com.tgelec.setracker CVE
HIGH 8.7 CVE-2026-9220

Setracker2 Children’s Smartwatch Ecosystem Use of hard-coded cryptographic key_CVE-2026-9220

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hard...

Shenzhen i365-Tech Co. Ltd. Setracker2 Parental Control App (Android) package com.tgelec.setracker 3.1.5 CVE
HIGH 8.3 CVE-2026-9219

Setracker2 Children’s Smartwatch Ecosystem Generation of Predictable Numbers or Identifiers_CVE-2026-9219

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment...

Shenzhen i365-Tech Co. Ltd. Setracker2 Parental Control App (Android) package com.tgelec.setracker CVE
MEDIUM 6.9 CVE-2026-43920

FOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance execution_CVE-2026-43920

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in ...

FOSSBilling FOSSBilling >= 0.5.4, < 0.8.0 CVE
MEDIUM 6.4 CVE-2026-13318

Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ip_CVE-2026-13318

A server-side request forgery (SSRF) flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a Virtua...

Red Hat Red Hat OpenShift Virtualization 4 CVE