CVE-2026-40210

An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash...

CVE-2026-40210 Out-of-bounds read in SetMacAddrAction

An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash...

CVE-2026-53230

The CVE-2026-53230 entry concerns the Linux kernel mlx5 driver (net/mlx5) where mlx5_query_nic_vport_mac_list() incorrectly sizes the firmware command buffer using the PF caps, risking a slab-out-of-bounds read when querying a VF vport with a larger max configured via devlink. The issue manifests...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: fix error handling of usbnet read calls Syzkaller, with the help of syzbot, identified an error in the aqc111 driver. This error was caused by incomplete sanitization of the results of usbnet read calls. This...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: i40e: Fixed potential invalid access when the MAC list is empty. listfirstentry never returns NULL—if the list is empty, it still returns a pointer to an invalid object, leading to potential invalid memory access when dereferenci...

CVE-2026-36819

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2026-36822

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the macAddr parameter of the formDelStaState function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2026-36822

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the macAddr parameter of the formDelStaState function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

Tenda W20E 安全漏洞

The Tenda W20E is a router produced by the Chinese company Tenda. The version 15.11.0.6 of the Tenda W20E contains a security vulnerability. This vulnerability stems from a buffer overflow in the macAddr parameter of the formDelStaState function, which could allow attackers to cause...

CVE-2026-36822

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the macAddr parameter of the formDelStaState function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2026-11556

A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack i...

EulerOS Virtualization 2.13.0 : libpcap (EulerOS-SA-2026-2173)

According to the versions of the libpcap package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8...

EulerOS Virtualization 2.10.1 : libpcap (EulerOS-SA-2026-2024)

According to the versions of the libpcap package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : pcapetheraton is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string...

📄 MATLAB R2024a Arbitrary Local System Information Disclosure

This proof of concept tool demonstrates arbitrary local system information disclosure via MATLAB using system/fileread primitives. ================================================================================================================================== | Title : MATLAB R2024a Full...

EUVD-2026-33510

A flaw has been found in Tenda W12 3.0.0.74763. This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

CVE-2026-49196 Predator Connect W6x: Web Interface Command Injection

The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands...

EUVD-2026-33263

The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands...

CVE-2026-49196

Predator Connect W6x firmware exposes a web-interface command injection via the Wi‑Fi device blocking feature, caused by inadequate MAC address input sanitization. This permits arbitrary shell command execution through the affected component. The CVSS details indicate network access with high imp...

PT-2026-43098

A security flaw has been discovered in Totolink A8000RU 7.1cu.643 b20200521. This issue affects the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. The attack is...

Malicious code in claw_messenger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b621afa50fe31026a12750b83eeb309366f95b07a9e0c5095d3e862f0007b70f The postinstall lifecycle script in dist/postinstall.js spawns two detached, hidden child processes during npm install. 1 spawn'npm', 'install', '-g'...