CVE-2026-40852

This CVE describes a code-execution vulnerability where a highly authenticated attacker can modify the config generator to inject a payload into future configurations. The device may pass the manipulated value to a system execute call, enabling code execution and potentially compromising confiden...

MB Connect Line mbNET和MB Connect Line mbNET.mini 操作系统命令注入漏洞

MB Connect Line mbNET and MB Connect Line mbNET.mini are both products of the German company MB Connect Line. MB Connect Line mbNET is an industrial router. MB Connect Line mbNET.mini is a remote access router. Both MB Connect Line mbNET and MB Connect Line mbNET.mini have operating system comman...

Automatic Cipher Suite Ordering in crypto/tls

This is the first article I wrote for the Go blog !! about how TLS cipher suites configuration got so complicated, and how weve made it way easier in Go 1.17. The Go standard library provides crypto/tls, a robust implementation of Transport Layer Security TLS, the most important security protocol...

RHEL 3 / 4 : squirrelmail (RHSA-2007:0022)

A new squirrelmail package that fixes security issues is now available for Red Hat Enterprise Linux 3 and 4. SquirrelMail is a standards-based webmail package written in PHP. Several cross-site scripting bugs were discovered in SquirrelMail. An attacker could inject arbitrary JavaScript or HTML...