CVE-2026-9347

A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mask/gateway leads to os command injection. It is possible to initiate the attack remotely. The explo...

Malicious code in metricflow-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9a1c269ce5e462d7e555ce1ca34b7f2e54e3d34ea094d35a67aa7c61d1fe34e The package's exported Metricflow React component defaults serverUrl to http://51.38.65.105:21531 and, when rendered, appends a tag to document.head ...

CVE-2026-48132

The CVE-2026-48132 entry describes a vulnerability in Security Gateway where length values in certain IKE packets over NAT-T (UDP/4500) are not validated correctly. This can cause the VPN processing service to terminate unexpectedly, resulting in a denial-of-service (temporary interruption of VPN...

CVE-2026-48132

The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used 4500/UDP. As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service temporary interruption of VPN...

Malicious code in test-nonmal-pkg-5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f52d81c9285fd103cfe5f8dc724c173c1b4e57e96cd56313cec119fbbbc9982 index.js is hex-name-obfuscated 0x-style string array and, on require, enumerates the entire process.env via Object.keysprocess.env into a snapshot...

curl: Mentioned unites are at the same time .Then we have to increase the bounty.

Summary: Once you done with the coding then we have to increase the bounty and then write the reviwe on the same Once we find the error then we have to submit the margin and find the events Affected version Use a language that is not susceptible to these issues. However, be careful of null byte...

CVE-2026-48694

CVE-2026-48694 affects FastNetMon Community Edition up to 1.2.9 via the Juniper router integration plugin. The vulnerability arises because the variable $IP_ATTACK (from argv[1]) is directly interpolated into NETCONF set-configuration commands without validation, allowing an attacker-controlled I...

Important: cni-plugins

Issue Overview: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escapi...

Important: docker

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

Important: docker

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

Important: runc

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

Important: libcap

Issue Overview: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escapi...

Important: containerd

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

PT-2026-43354

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.3.0 Description A configuration injection issue exists in the Juniper router integration plugin. In the file src/juniper plugin/fastnetmon juniper.php, the variable IP ATTACK received from argv1...

Amazon Linux 2023 : perl-Net-CIDR-Lite (ALAS2023-2026-1732)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1732 advisory. Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digi...

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov, based on multiple packet capture engines. Versions of FastNetMon prior to 1.2.9 contain security vulnerabilities. These vulnerabilities stem from the lack of validation or cleaning of IP address variables in the...

Important: containerd

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

PT-2026-43405

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via work flow template Import. Authenticated users can supply arbitrary URLs in work flow template.downloadUrl which are fetched server-side without any URL validation or internal IP filtering. This vulnerability is fixed i...

Malicious code in bandkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 687dcebaf30461a2325de226851b84abfb6db6359a12c9392ece9c5ff02a620d bandkit ships a React component BandPanel that, when rendered without an explicit strategyWalletAddress prop — the configuration shown in the package...

MAL-2026-4496 Malicious code in bandkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 687dcebaf30461a2325de226851b84abfb6db6359a12c9392ece9c5ff02a620d bandkit ships a React component BandPanel that, when rendered without an explicit strategyWalletAddress prop — the configuration shown in the package...