CVE-2026-49196 Predator Connect W6x: Web Interface Command Injection

The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands...

kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets

A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because the eui64mt6 function, which processes IPv6 packets, does not properly validate the MAC header for all packets. Specifically, packets with a zero fragment offset could bypass an existing guard, allowing...

CVE-2026-8263 Tenda AC6 httpd WifiExtraSet fromSetWirelessRepeat os command injection

A security flaw has been discovered in Tenda AC6 15.03.06.49multiTDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack...

CVE-2026-43199

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query Fix a "scheduling while atomic" bug in mlx5eipsecinitmacs by replacing mlx5querymacaddress with etheraddrcopy to get the local MAC address directly from...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: igb: Initialize the mailbox message for VF reset When a MAC address is not assigned to the VF, that portion of the message sent to the VF is not set. However, the memory is allocated from the stack, which means that information m...

Snap One Wattbox 信任管理问题漏洞

The Snap One Wattbox is a series of power solutions developed by Snap One Corporation. The Snap One WattBox 800 and 820, versions prior to 2.10.0.0, had a trust management vulnerability. This vulnerability stemmed from the inclusion of undisclosed diagnostic HTTP endpoints, which could allow...

EUVD-2026-25652

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6teui64: reject invalid MAC header for all packets eui64mt6 derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address. The existing guard only rejects ...

CVE-2026-4057

The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makeMediaPublic and makeMediaPrivate functions in all versions up to, and including, 3.3.51. This is due to the functions only checking for editposts capability...

PT-2026-31847

Name of the Vulnerable Software and Affected Versions Download Manager plugin for WordPress versions up to and including 3.3.51 Description The Download Manager plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check in the makeMediaPublic...

CVE-2025-58349

An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Incorrect handling of LTE MAC packets containing many MAC...

CVE-2025-58349

CVE-2025-58349 affects Samsung Exynos-based devices listed (Mobile, Wearable, Modem lines) due to incorrect handling of LTE MAC packets with many MAC CE elements, causing baseband crashes. Root cause: improper parsing of MAC CE payloads in LTE MAC layer. Impact described as baseband instability/c...

Samsung多款产品 安全漏洞

SAMSUNG Exynos 980 and other products are manufactured by Samsung Electronics of South Korea. The SAMSUNG Exynos 980 is the first 5G-integrated SOC product, as well as the world’s first A77 architecture processor. The SAMSUNG Exynos 2100 is a high-end SOC with 8 cores across three clusters, along...

bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded

...

Tenda A18 Pro 安全漏洞

The Tenda A18 Pro is a wireless signal extender produced by the Chinese company Tenda. Version 02.03.02.28 of the Tenda A18 Pro contains a security vulnerability. This vulnerability stems from an overflow in the stack buffer during the operation of the sub423B50 function in the...

CVE-2025-67114

Use of a deterministic credential generation algorithm in /ftl/bin/calcf2 in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the device's MAC address, enabling authentication bypass an...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-8070-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8070-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

CVE-2026-23809 MAC Address Spoofing leads to Inter-BSSID Isolation Bypass Resulting in Traffic Redirection

A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation m...

CVE-2025-47384

Transient DOS when MAC configures config id greater than supported maximum value...

EUVD-2025-208191

Transient DOS when MAC configures config id greater than supported maximum value...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. There is a security vulnerability in Qualcomm Chipsets, which may lead to a sudden denial-of-service attack when the configuration ID of the MAC exceeds the supported maximum value...