These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-8243 describes a remote vulnerability in Industrial Application Software IAS Canias ERP 8.03 affecting an unknown function in the JNLP Deployment Endpoint. The reported impact is use of a hard-coded cryptographic key, with the weakness classification pointing to CWE-320 and CWE-321. NVD lists the issue as network-reachable with no privileges required and no user interaction, which makes it worth [truncated]
CVE-2026-8235 is an OS command injection issue in 8421bit MiniClaw’s System Command Handler, affecting resolveSkillScriptPath in src/kernel.ts. The supplied record ties the fix to commit 223c16a1088e138838dcbd18cd65a37c35ac5a84 and notes that a public exploit is available, so affected deployments should patch and review the command-handling path promptly.
CVE-2026-8234 affects EFM ipTIME A8004T 14.18.2 in the formWifiBasicSet handler at /goform/WifiBasicSet. A crafted security_5g argument can trigger a stack-based buffer overflow, and the source corpus says the issue is remotely reachable with a publicly disclosed exploit. The CVE was published on 2026-05-10 and carries a CVSS v4 base score of 7.4 (High).
CVE-2026-8233 is a low-severity access-control issue affecting Dotouch XproUPF 2.0.0-release-088aa7c4. The CVE description says an unknown function in the UPF component can be manipulated to cause improper access controls, and the source material characterizes exploitation as difficult and high-complexity. Public references point to VulDB-supplied CNA material, with NVD recording the advisory as received [truncated]
CVE-2026-8232 is a medium-severity denial-of-service issue reported in Dotouch XproUPF 2.0.0-release-088aa7c4. According to the NVD record, the affected code path is vlib_worker_loop in /usr/xpro/upf/tools/libs/libvlib.so within the UPF Process component. The vulnerability is associated with CWE-404 and the published impact is service interruption rather than code execution. The source corpus also notes t [truncated]
CVE-2026-8228 describes a remotely reachable OS command injection issue in Wavlink NU516U1 240425, centered on the advance function of /cgi-bin/wireless.cgi. The supplied description says manipulation of wlan_conf/Channel/skiplist/ieee_80211h can lead to command injection, and that a public exploit has been disclosed. The reported CVSS score is low (2.1), but any authenticated command injection in router [truncated]
CVE-2026-8227 is a remote command-injection issue affecting Wavlink NU516U1 240425. The supplied record says the vulnerable function is wzdapMesh in /cgi-bin/adm.cgi, and the issue has been publicly disclosed with exploit material available. Although the published CVSS score is low, the combination of remote reachability and public exploit availability makes exposed devices worth prioritizing.
CVE-2026-8226 describes a remotely reachable denial-of-service issue in Open5GS affecting versions up to 2.7.7. The vulnerable function named in the record is ogs_pcc_rule_install_flow_from_media in /lib/proto/types.c. The supplied CVE description says the flaw can be manipulated remotely to cause service disruption and that public exploit code has already been released. Based on the available corpus, the [truncated]
CVE-2026-8225 is a remote denial-of-service issue reported in Open5GS up to version 2.7.7. The flaw is described in the PCF delete handling path, specifically pcf_npcf_smpolicycontrol_handle_delete in src/pcf/sm-sm.c. The available record assigns CWE-404 and a CVSS 4.0 vector indicating network reachability with no privileges or user interaction required, and only availability impact. The source descripti [truncated]
CVE-2026-8224 is a remotely reachable denial-of-service issue in Open5GS PCF, affecting pcf_sess_set_ipv6prefix in /src/pcf/context.c when SmPolicyContextData.ipv6AddressPrefix is manipulated. The supplied record rates the issue MEDIUM severity (CVSS 5.5) and indicates the exploit was publicly disclosed; the CVE was published on 2026-05-10.
CVE-2026-8223 is a medium-severity denial-of-service issue reported in Open5GS up to 2.7.7. The supplied record says a remote attacker can trigger the problem by manipulating the sm-policies endpoint path associated with pcf_sess_sbi_discover_and_send, resulting in service disruption. The record also states that a public exploit exists and that the project was notified early through an issue report.
CVE-2026-8222 describes a remotely reachable denial-of-service condition in Open5GS affecting the sm-policies endpoint. The issue is reported in pcf_nbsf_management_handle_register within src/pcf/nbsf-handler.c, and the source description says the exploit was publicly disclosed. The same source also states the project was informed early via an issue report but had not responded at the time of publication.
CVE-2026-8190 describes a command-injection issue in the Wavlink NU516U1 M16U1_V240425 WAN handling path. The source says attacker-controlled values in /cgi-bin/adm.cgi can reach OS command execution, and that the exploit has been publicly disclosed. Even though the supplied CVSS score is low, internet-exposed devices should be treated carefully because the attack surface is remote and administrative.
CVE-2026-8189 describes a command-injection flaw in the Wavlink NU516U1 M16U1_V240425 web management CGI path. The issue is reported in the wzdrepeater function of /cgi-bin/adm.cgi, where manipulation of the wlan_bssid, sel_Automode, and sel_EncrypTyp arguments can lead to OS command injection. The supplied disclosure says the attack can be launched remotely and that exploit details have been made public. [truncated]
CVE-2026-8188 describes a remotely reachable OS command injection in Wavlink NU516U1 M16U1_V240425. The reported issue is in /cgi-bin/adm.cgi’s change_wifi_password function, where wl_channel, wl_Pass, and EncrypType inputs are implicated. Although the published CVSS score is low, the combination of remote reachability and public exploit disclosure makes exposed administration interfaces worth prompt review.
CVE-2026-8186 was published on 2026-05-09 and describes a remotely reachable out-of-bounds read in Open5GS up to 2.7.7. The affected code path is ogs_sbi_client_send_via_scp_or_sepp in lib/sbi/client.c within the NF component. The supplied record ties remediation to upstream commit d5bc487fcf9ea87d2b03f2ef95123af344773bfb.
CVE-2026-8187 is a medium-severity issue affecting Open5GS UPF in versions up to 2.7.7. The described flaw is in _gtpv1_u_recv_cb within src/upf/gtp-path.c and can be triggered remotely to consume resources. Based on the supplied record, the project was notified early via an issue report, but no response or remediation details were provided in the source corpus.
CVE-2026-8185 describes a missing-authentication issue in the administrative interface of UGREEN CM933 1.1.59.4319. The attack is limited to local-network access, but it can still enable unauthorized use of administrative functions without valid credentials. The record is rated CVSS 5.3 (Medium).