PT-2026-29799

A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add wps client of the file /setup.cgi. This manipulation of the argument wl enrolee pin causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and...

fast-filesystem-mcp 命令注入漏洞

fast-filesystem-mcp is a model context protocol server developed by Efforthye. Versions of fast-filesystem-mcp 3.5.1 and earlier contained a command injection vulnerability. This vulnerability originated from the handleGetDiskUsage function in the file src/index.ts, which allowed command injectio...

stb 安全漏洞

STB is a publicly available library for C/C++ developed by Sean Barrett. Versions of STB prior to 1.22 contained security vulnerabilities, which stemmed from resource allocation issues in the setupfree function within the file stbvorbis.c. These vulnerabilities could lead to remote attacks...

PT-2026-29725

A security flaw has been discovered in efforthye fast-filesystem-mcp up to 3.5.1. The affected element is the function handleGetDiskUsage of the file src/index.ts. Performing a manipulation results in command injection. The attack is possible to be carried out remotely. The exploit has been...

Ubuntu: Security Advisory (USN-8137-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-34513

A flaw was found in AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python. This vulnerability allows a remote attacker to cause excessive memory usage by exploiting an unbounded Domain Name System DNS cache. This can lead to a Denial of Service DoS condition, making the...

EUVD-2026-18023

A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function...

CVE-2026-2862

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive...

CVE-2026-34202

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5...

CVE-2026-20041 Cisco Nexus Dashboard Server Side Request Forgery Vulnerability

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attack...

CVE-2026-20041

The CVE-2026-20041 entry concerns Cisco Nexus Dashboard and Nexus Dashboard Insights with a server-side request forgery (SSRF) vulnerability due to improper input validation in specific HTTP requests. The flaw could allow an attacker to persuade an authenticated user of the device management inte...

Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller IMC could allow a remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. For more information about these vulnerabilities, see the Details "details"...

CVE-2026-5195

A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely...

EUVD-2026-17849

A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element is the function uploadFileToIIS of the file /Base/BaseHandler.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit i...

CVE-2026-5259 AutohomeCorp frostmourne Alarm Preview AlarmController.java server-side request forgery

A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the file frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AlarmController.java of the component Alarm Preview. Executing a manipulation can lead to...

EUVD-2026-17797

Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

EUVD-2026-17785

Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2026-5291

Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5282

CVE-2026-5282 is an out-of-bounds read in Chrome’s WebCodecs before 146.0.7680.178 that could be triggered by a crafted HTML page, enabling a remote attacker to read memory. Affected: Google Chrome/WebCodecs. Root cause: memory read boundary violation in WebCodecs. Impact: confidentiality and ava...

CVE-2026-5274

CVE-2026-5274 is a Chrome/Chromium vulnerability: an integer overflow in Codecs allows a remote attacker to perform arbitrary read/write through a crafted HTML page. Affected software includes Google Chrome prior to version 146.0.7680.178 (with references to Chromium fixes). The issue is describe...