Mercusys AC12G 安全漏洞

The Mercusys AC12G is a Gigabit wireless router produced by the Chinese company Mercusys. The Mercusys AC12G EU V1 AC12G EU V1 version released in September 2009 contained security vulnerabilities. These vulnerabilities were caused by the UPnP GetStatusInfo operation, which disclosed the kernel...

PT-2026-45990

Name of the Vulnerable Software and Affected Versions Mercusys AC12G EU V1 version AC12GEU V1 200909 Description The UPnP GetStatusInfo action discloses kernel memory layout. An unauthenticated attacker on the adjacent network can obtain a raw MIPS KSEG0 kernel pointer, which reveals the kernel...

PT-2026-46008

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null pointer dereference exists in the AMD display Hot Plug Detect HPD initialization. The function amdgpu dm hpd init may encounter connectors that lack a valid dc link. While the cod...

Mercusys AC12G 安全漏洞

The Mercusys AC12G is a Gigabit wireless router produced by the Chinese company Mercusys. There are security vulnerabilities in the Mercusys AC12G EU V1 and Mercusys AC12G EU V1 version released in September 2009. These vulnerabilities stem from the UPnP port 1900, where POST requests are receive...

VulnCheck KEV: CVE-2021-27137

DD-WRT router firmware before changeset 45723 contains a stack buffer overflow vulnerability in the UPnP service that allows remote attackers to execute arbitrary code by sending specially crafted M-SEARCH requests with oversized ST:uuid values via UDP port 1900. Attackers can exploit this...

Linux Distros Unpatched Vulnerability : CVE-2026-46245

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amd/display: Fix dclink NULL handling in HPD init amdgpudmhpdinit may see connectors without a valid dclink. The code already checks dclink for the polling...

CVE-2026-3870

A buffer overflow vulnerability in the UPnP AddPortMapping command in Zyxel VMG4005-B50B firmware versions through 5.13ABRL.5.4C0 could allow an adjacent attacker to trigger a temporary denial-of-service DoS condition affecting the UPnP function of the affected device...

CVE-2026-3871

A buffer overflow vulnerability in the UPnP DeletePortMapping command in Zyxel VMG4005-B50B firmware versions through 5.13ABRL.5.4C0 could allow an adjacent attacker to trigger a temporary denial-of-service DoS condition affecting the UPnP function of the affected device...

EUVD-2026-33873

A buffer overflow vulnerability in the UPnP AddPortMapping command in Zyxel VMG4005-B50B firmware versions through 5.13ABRL.5.4C0 could allow an adjacent attacker to trigger a temporary denial-of-service DoS condition affecting the UPnP function of the affected device...

CVE-2026-3870

A buffer overflow vulnerability in the UPnP AddPortMapping command in Zyxel VMG4005-B50B firmware versions through 5.13ABRL.5.4C0 could allow an adjacent attacker to trigger a temporary denial-of-service DoS condition affecting the UPnP function of the affected device...

Zyxel VMG4005-B50B 安全漏洞

The Zyxel VMG4005-B50B is a VDSL2/ADSL2+ broadband modem produced by the Chinese company Zyxel. The firmware version 5.13ABRL.5.4C0 and earlier contain security vulnerabilities. These vulnerabilities stem from a buffer overflow in the UPnP AddPortMapping command, which could allow adjacent...

PT-2026-45688

A buffer overflow vulnerability in the UPnP AddPortMapping command in Zyxel VMG4005-B50B firmware versions through 5.13ABRL.5.4C0 could allow an adjacent attacker to trigger a temporary denial-of-service DoS condition affecting the UPnP function of the affected device...

PT-2026-45689

A buffer overflow vulnerability in the UPnP DeletePortMapping command in Zyxel VMG4005-B50B firmware versions through 5.13ABRL.5.4C0 could allow an adjacent attacker to trigger a temporary denial-of-service DoS condition affecting the UPnP function of the affected device...

Zyxel VMG4005-B50B 安全漏洞

The Zyxel VMG4005-B50B is a VDSL2/ADSL2+ broadband modem produced by the Chinese company Zyxel. The firmware version 5.13ABRL.5.4C0 and earlier contain security vulnerabilities. These vulnerabilities stem from a buffer overflow in the UPnP DeletePortMapping command, which could allow adjacent...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +38 more potentially affected by CVE-2026-41014 via apache-airflow-core (>=3.0.0 <=3.2.1rc3)

apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-41014 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-17137573...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +38 more potentially affected by CVE-2026-45360 via apache-airflow-core (>=3.0.0 <=3.2.1rc3)

apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-45360 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-17137547...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by multiple vulnerabilities when using Web Server Plug-ins CVE-2026-8633, CVE-2026-8620 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

CVE-2026-8468

Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...

CVE-2026-39803

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The chunked clause of 'Elixir.Bandit.HTTP1.Socket':readdata/2 in lib/bandit/http1/socket.ex ignores the caller-supplied :length option when...

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by remote code execution and HTTP request smuggling when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. Vulnerability Details...