20 vulnerabilities across 2 products scored HIGH or above on May 25, 2026.

  • HIGH: 20

[HIGH] totolink/a8000ru

19 CVEs | CVSS 8.9 | AAS 8.4

Totolink A8000RU routers through firmware version 7.1cu.643_b20200521 are affected by 19 vulnerabilities including multiple high-severity flaws with a maximum CVSS score of 8.9. The lead vulnerability allows unauthenticated remote OS command injection via the provider parameter in the Web Management Interface at /cgi-bin/cstecgi.cgi, with public exploits currently available. Network administrators and organizations operating this router model should immediately update to patched firmware and restrict access to the Web Management Interface until patches are deployed.

Vendor Advisory


[HIGH] krajowa_izba_rozliczeniowa/szafir_sdk

1 CVE | CVSS 9.3 | AAS 7.2

Szafir SDK, used by Krajowa Izba Rozliczeniowa and financial institutions across Poland, contains a critical vulnerability (CVE-2026-9058, CVSS 9.3) in its digital signature verification function that incorrectly returns success when signer certificate trust status cannot be established. The flaw causes consuming applications to accept unverified digital signatures as valid, creating a severe authentication bypass affecting all organizations relying on Szafir SDK for signature validation in financial and legal transactions. Organizations using this SDK should immediately audit applications for signature validation bypasses and apply vendor patches without delay, while implementing supplementary certificate trust validation controls as a compensating measure.

Vendor Advisory