GEN
Search Downloads Cloud Contact Status

Critical vulnerabilities Week 2026-02-11

Critical Vulnerabilities pose a significant risk as they can be leveraged to carry out cyber attacks, install malware, steal sensitive data, or gain unauthorised access to systems. It's crucial for organisations and individuals to stay informed about the latest threats in order to assess their potential impact and take timely mitigating actions. If you need help with any of these, contact the HelpDesk for assistance. Cyber Security Services are also available.

Hero Image

Adobe ColdFusion CAR File Parsing Directory Traversal Remote Code Execution Vulnerability (7.2)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe ColdFusion. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2025-61808.

Read More

(0Day) Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-0777.

Read More

Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability (6.7)

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. User interaction on the part of an administrator is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.7. The following CVEs are assigned: CVE-2025-14740.

Read More

Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability (6.7)

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. User interaction on the part of an administrator is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.7. The following CVEs are assigned: CVE-2025-14740.

Read More

(Pwn2Own) Lexmark CX532adwe getCFFNames Heap-based Buffer Overflow Remote Code Execution Vulnerability (8.8)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX532adwe printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-65079.

Read More

(Pwn2Own) Lexmark CX532adwe usecmap Type Confusion Remote Code Execution Vulnerability (8.8)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX532adwe printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-65080.

Read More

Lexmark CX532adwe execuserobject Heap-based Buffer Overflow Remote Code Execution Vulnerability (8.8)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX532adwe printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-65081.

Read More

(Pwn2Own) Lexmark CX532adwe libesffls Directory Traversal Remote Code Execution Vulnerability (8.8)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX532adwe printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-65077.

Read More

(Pwn2Own) Lexmark CX532adwe esfhelper Untrusted Search Path Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark CX532adwe printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-65078.

Read More

NVIDIA Triton Inference Server EVBufferToJson Uncaught Exception Denial-of-Service Vulnerability (7.5)

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of NVIDIA Triton Inference Server. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2025-33201.

Read More

NVIDIA Megatron-LM load_base_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NVIDIA Megatron-LM. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-24149.

Read More

CyberArk Endpoint Privilege Management Improper Privilege Management Local Privilege Escalation Vulnerability (7)

This vulnerability allows local attackers to escalate privileges on affected installations of CyberArk Endpoint Privilege Management. An attacker must first obtain a low-privileged interactive user session on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2025-66374.

Read More

AzeoTech DAQFactory Pro CTL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-66589.

Read More

Apple Safari JavaScriptCore FTL New Array Materialization Type Confusion Remote Code Execution Vulnerability (8.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-46298.

Read More

Apple macOS AppleIntelKBLGraphics Out-Of-Bounds Read Information Disclosure Vulnerability (6.5)

This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2025-43283.

Read More

Progress Software Kemp LoadMaster addapikey Command Injection Remote Code Execution Vulnerability (6.4)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.4. The following CVEs are assigned: CVE-2025-13447.

Read More

Progress Software Kemp LoadMaster delapikey OS Command Injection Remote Code Execution Vulnerability (6.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8. The following CVEs are assigned: CVE-2025-13447.

Read More

Progress Software Kemp LoadMaster listapikeys Command Injection Remote Code Execution Vulnerability (6.4)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.4. The following CVEs are assigned: CVE-2025-13447.

Read More

Progress Software Kemp LoadMaster getcipherset Command Injection Remote Code Execution Vulnerability (7.1)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2025-13444.

Read More

Progress Software Kemp LoadMaster delcert Command Injection Remote Code Execution Vulnerability (7.1)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2025-13447.

Read More

GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-0797.

Read More

Delta Electronics DIAView Exposed Dangerous Method Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAView. User interaction is required to exploit this vulnerability in that the target must open and run a malicious project. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-0975.

Read More

Fortinet FortiSandbox fortisandbox Server-Side Request Forgery Remote Code Execution Vulnerability (8.8)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Fortinet FortiSandbox. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-67685.

Read More

Hancom Office DOC File Parsing Type Confusion Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-29867.

Read More

Cisco Snort _bnfa_search_csparse_nfa Use-After-Free Remote Code Execution Vulnerability (9.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Snort. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2026-20026.

Read More

Cisco Snort _bnfa_search_csparse_nfa Out-Of-Bounds Read Information Disclosure Vulnerability (5.3)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Snort. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2026-20027.

Read More

Microsoft Windows Desktop Window Manager Use-After-Free Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-20871.

Read More

(0Day) npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-0775.

Read More

(0Day) Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability (9.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2026-0773.

Read More

(0Day) (Pwn2Own) Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code Execution Vulnerability (8.8)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Enel X JuiceBox 40 charging stations. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-0778.

Read More

(0Day) Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability (7.3)

This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2026-0776.

Read More

(0Day) WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability (8.8)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WatchYourLAN. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-0774.

Read More

(0Day) Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability (7.5)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-0772.

Read More

(0Day) Langflow PythonFunction Code Injection Remote Code Execution Vulnerability (7.1)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2026-0771.

Read More

(0Day) Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability (9.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2026-0770.

Read More

(0Day) Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability (9.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2026-0769.

Read More

(0Day) Langflow code Code Injection Remote Code Execution Vulnerability (9.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2026-0768.

Read More

(0Day) Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability (5.3)

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2026-0767.

Read More

(0Day) Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability (8.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-0766.

Read More

(0Day) Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability (8.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-0765.

Read More

(0Day) GPT Academic upload Deserialization of Untrusted Data Remote Code Execution Vulnerability (9.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2026-0764.

Read More

(0Day) GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Remote Code Execution Vulnerability (9.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2026-0763.

Read More

(0Day) GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability (8.1)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Interaction with a malicious DAAS server is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2026-0762.

Read More

(0Day) Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability (9.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2026-0761.

Read More

(0Day) Foundation Agents MetaGPT deserialize_message Deserialization of Untrusted Data Remote Code Execution Vulnerability (9.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2026-0760.

Read More

(0Day) Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability (9.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Katana Network Development Starter Kit. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2026-0759.

Read More

(0Day) mcp-server-siri-shortcuts shortcutName Command Injection Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of mcp-server-siri-shortcuts. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-0758.

Read More

(0Day) MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability (8.8)

This vulnerability allows remote attackers to bypass the sandbox on affected installations of MCP Manager for Claude Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-0757.

Read More

(0Day) github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability (9.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of github-kanban-mcp-server. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2026-0756.

Read More

(0Day) gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability (9.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of gemini-mcp-tool. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2026-0755.

Read More

(0Day) Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability (9.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ollama MCP Server. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2025-15063.

Read More

Cisco Identity Services Engine getSpecificPLRfromAuthCode XML External Entity Processing Information Disclosure Vulnerability (4.9)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Identity Services Engine. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.9. The following CVEs are assigned: CVE-2026-20029.

Read More

(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability (7.2)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2026-0796.

Read More

(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability (7.2)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2026-0795.

Read More

(0Day) ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability (8.1)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2026-0794.

Read More

(0Day) ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability (8.1)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2026-0793.

Read More

(0Day) ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info Stack-based Buffer Overflow Remote Code Execution Vulnerability (8.1)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2026-0792.

Read More

(0Day) ALGO 8180 IP Audio Alerter SIP INVITE Replaces Stack-based Buffer Overflow Remote Code Execution Vulnerability (8.1)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2026-0791.

Read More

(0Day) ALGO 8180 IP Audio Alerter Web UI Direct Request Information Disclosure Vulnerability (5.3)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2026-0790.

Read More

(0Day) ALGO 8180 IP Audio Alerter Web UI Inclusion of Authentication Cookie in Response Body Information Disclosure Vulnerability (5.3)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2026-0789.

Read More

(0Day) ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability (5.3)

This vulnerability allows remote attackers to execute web requests with a target user's privileges on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2026-0788.

Read More

(0Day) ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability (8.1)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2026-0787.

Read More

(0Day) ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code Execution Vulnerability (7.5)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-0786.

Read More

(0Day) ALGO 8180 IP Audio Alerter API Command Injection Remote Code Execution Vulnerability (7.5)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-0785.

Read More

(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability (7.2)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2026-0784.

Read More

(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability (7.2)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2026-0783.

Read More

(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability (7.2)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2026-0782.

Read More

(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability (7.2)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2026-0781.

Read More

(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability (7.2)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2026-0780.

Read More

(0Day) ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability (7.2)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2026-0779.

Read More

Index v1.053 Standard v1.133   Copyright © 2026 GEN Partnership. All Rights Reserved, Content Policy, E&OE.   ^sales^  0115 933 9000  Privacy Notice   136 Current Users, 2896 Hits