EulerOS Virtualization 2.13.0 : libpcap (EulerOS-SA-2026-2173)

According to the versions of the libpcap package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8...

EulerOS Virtualization 2.10.1 : libpcap (EulerOS-SA-2026-2024)

According to the versions of the libpcap package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : pcapetheraton is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string...

📄 MATLAB R2024a Arbitrary Local System Information Disclosure

This proof of concept tool demonstrates arbitrary local system information disclosure via MATLAB using system/fileread primitives. ================================================================================================================================== | Title : MATLAB R2024a Full...

EUVD-2026-33510

A flaw has been found in Tenda W12 3.0.0.74763. This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

CVE-2026-49196 Predator Connect W6x: Web Interface Command Injection

The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands...

EUVD-2026-33263

The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands...

CVE-2026-49196

Predator Connect W6x firmware exposes a web-interface command injection via the Wi‑Fi device blocking feature, caused by inadequate MAC address input sanitization. This permits arbitrary shell command execution through the affected component. The CVSS details indicate network access with high imp...

PT-2026-43098

A security flaw has been discovered in Totolink A8000RU 7.1cu.643 b20200521. This issue affects the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. The attack is...

Malicious code in claw_messenger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15ae01d96f3589f6660b2aa5f459595c9346ab885eda35196dae6252775f986a On npm install, this package's postinstall hook performs two unsafe install-time actions. First, dist/postinstall.js spawns a detached npm install -g...

MAL-2026-4526 Malicious code in claw_messenger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15ae01d96f3589f6660b2aa5f459595c9346ab885eda35196dae6252775f986a On npm install, this package's postinstall hook performs two unsafe install-time actions. First, dist/postinstall.js spawns a detached npm install -g...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: Wifi: brcmfmac: Fixed an issue where invalid address access occurred when enabling the SCAN log level. The variable i is changed when setting a random MAC address, causing invalid address access when printing the value of...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fixed the “scheduling while atomic” issue in IPsec MAC address queries. A bug involving “scheduling while atomic” was addressed in mlx5eipsecinitmacs, by replacing mlx5querymacaddress with etheraddrcopy to retrieve the...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: i40e: Fixed potential invalid access when the MAC list is empty. The listfirstentry function never returns NULL—if the list is empty, it still returns a pointer to an invalid object, leading to potential invalid memory access whe...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: usb: aqc111: Fixed error handling of usbnet read calls Syzkaller, with the help of syzbot, identified an error in the aqc111 driver. This error was caused by incomplete sanitization of the results of usbnet read calls. Th...

MAL-2026-3692 Malicious code in guan (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e04a9a658bc7616e72a5edf276dd049e5b697f2492c46929caf2e01fac95d84 The top-level src/guan/init.py unconditionally calls statisticsofguanpackage on every import guan. That function in src/guan/others.py opens a raw TC...

Malicious code in guan (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e04a9a658bc7616e72a5edf276dd049e5b697f2492c46929caf2e01fac95d84 The top-level src/guan/init.py unconditionally calls statisticsofguanpackage on every import guan. That function in src/guan/others.py opens a raw TC...

CVE-2026-8263

A security flaw has been discovered in Tenda AC6 15.03.06.49multiTDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack...

SUSE CVE-2026-43199

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query Fix a "scheduling while atomic" bug in mlx5eipsecinitmacs by replacing mlx5querymacaddress with etheraddrcopy to get the local MAC address directly from...

Linux Distros Unpatched Vulnerability : CVE-2026-43199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5e: Fix scheduling while atomic in IPsec MAC address query Fix a scheduling while atomic bug in mlx5eipsecinitmacs by replacing mlx5querymacaddress with...

CVE-2026-43199

A flaw was found in the Linux kernel's net/mlx5e component. This vulnerability, identified as a "scheduling while atomic" bug, occurs when the mlx5eipsecinitmacs function attempts to query the hardware for a MAC address in an atomic context, which can lead to the system attempting to sleep. A loc...