D-Link DI-8100 缓冲区错误漏洞

The D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link Corporation. The D-Link DI-8100 version 16.07.26A1 contains a buffer overflow vulnerability. This vulnerability stems from a function in the CGI Handler component called sprintf,...

Code-MCP 路径遍历漏洞

Code-MCP is an AI-integrated tool for terminal and file operations developed by Steven Yu. Versions of Code-MCP 4cfc4643541a110c906d93635b391bf7e357f4a8 and earlier have a path traversal vulnerability. This vulnerability stems from a problem with the MCP File Handler component in the issafepath...

CVE-2026-31196

OS command injection vulnerability in the traceroute diagnostic handler in /bin/httpdclientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system call, allowing authenticated remote attackers ...

CVE-2026-31195

The ping diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using she...

ROS-20260505-73-0047

A vulnerability in the urllib.request.DataHandler component of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability may allow a remote attacker to affect the integrity of protected information...

ROS-20260505-73-0046

A vulnerability in the urllib.request.DataHandler component of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability may allow a remote attacker to affect the integrity of protected information...

ROS-20260505-73-0049

A vulnerability in the urllib.request.DataHandler component of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability may allow a remote attacker to affect the integrity of protected information...

ROS-20260505-73-0015

A vulnerability in the ElementDeclHandler component of the Python Programming Language Interpreter CPython is related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

LangChain-Chatchat 加密问题漏洞

LangChain-Chatchat is a chatbot software developed based on the LangChain framework, open-sourced by Chatchat-Space. Versions of LangChain-Chatchat 0.3.1.3 and earlier had an encryption vulnerability. This vulnerability stems from a function in the Uploaded File Handler component, specifically th...

D-Link DI-8100 缓冲区错误漏洞

The D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link Corporation. The D-Link DI-8100 version 16.07.26A1 contains a buffer overflow vulnerability. This vulnerability stems from the function sprintf in the HTTP Handler component, where...

LangChain-Chatchat 加密问题漏洞

LangChain-Chatchat is a chatbot software developed based on the LangChain framework, open-sourced by Chatchat-Space. Versions of Langchain-Chatchat 0.3.1.3 and earlier had encryption-related vulnerabilities. These vulnerabilities stemmed from an issue in the Vision Chat Paste Image Handler...

Sandboxie-Plus 安全漏洞

Sandboxie-Plus is a sandbox isolation software developed by Sandboxie-Plus Inc. Versions of Sandboxie-Plus 1.17.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of wcscat to copy the server field in NamedPipeServer::OpenHandler, without verifying the...

PT-2026-36972

A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is safe path of the file src/code mcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack...

PT-2026-37223

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A buffer overflow exists in the CGI Handler component within the /user group.asp file. This issue occurs in the sprintf function and can be triggered remotely through manipulation. Recommendations ...

PT-2026-37248

Name of the Vulnerable Software and Affected Versions Inngest versions 3.22.0 through 3.53.1 Description Unauthenticated remote attackers can exfiltrate environment variables from the host process via the 'serve' HTTP handler. While the 'serve' handler implements GET, POST, and PUT methods,...

PT-2026-37216

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A buffer overflow occurs in the HTTP Request Handler component when manipulating the Name argument. This issue is located within the tggl asp function of the '/tggl.asp' endpoint and can be trigger...

PT-2026-37082

A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webui pages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument paste...

CVE-2026-31196

The traceroute diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters usi...

Altice Labs GR140DG和Altice Labs GR140IG 安全漏洞

Altice Labs GR140DG and Altice Labs GR140IG are fiber-optic access gateway devices from the Portuguese company Altice Labs. Both devices have security vulnerabilities. The vulnerability stems from the ping diagnostic handler in /bin/httpdclientside, which inserts uncleaned user inputs into the...

PT-2026-37057

Name of the Vulnerable Software and Affected Versions ALTICE LABS / SFR France GR140DG affected versions not specified ALTICE LABS / SFR France GR140IG affected versions not specified Description The ping diagnostic handler in the '/bin/httpd clientside' endpoint allows authenticated remote...