SUSE CVE-2026-43040

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ndisc: fix ndiscrauseropt to initialize nduseroptpadX fields to zero to prevent an info-leak When processing Router Advertisements with user options the kernel builds an RTMNEWNDUSEROPT netlink message. The nduseroptms...

Cisco IoT Field Network Director 访问控制错误漏洞

The Cisco IoT Field Network Director is an end-to-end IoT management system developed by Cisco, Inc. This system offers features such as device management, asset tracking, and intelligent metering. There is an access control vulnerability present in the Cisco IoT Field Network Director. This...

PT-2026-37652

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of user-supplied data. An...

PT-2026-38218

Name of the Vulnerable Software and Affected Versions ZTE ZXHN H298A version 1.1 ZTE H108N version 2.6 Description A crafted request to the router web interface can cause sensitive data exposure. This issue may leak device and account information, including the administrator password and WLAN...

CVE-2026-34474

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...

CVE-2026-34473

Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST...

CVE-2026-34474

CVE-2026-34474 affects ZTE ZXHN H298A (1.1) and H108N (2.6) routers. A crafted request to the device’s web interface can cause a sensitive-data exposure, potentially returning the administrator password and WLAN PSK, which could enable authentication bypass and wireless/network compromise. Some f...

RHCOS 4 : OpenShift Container Platform 4.2.36 containernetworking-plugins (RHSA-2020:2592)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2592 advisory. - containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters CVE-2020-10749 Note that Nessus has not...

RHCOS 4 : OpenShift Container Platform 4.3.25 containernetworking-plugins (RHSA-2020:2443)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2443 advisory. - containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters CVE-2020-10749 Note that Nessus has not...

RHCOS 4 : OpenShift Container Platform 4.4.8 containernetworking-plugins (RHSA-2020:2403)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2403 advisory. - containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters CVE-2020-10749 Note that Nessus has not...

CVE-2026-7854

The CVE-2026-7854 entry concerns D-Link DI-8100 firmware 16.07.26A1. The vulnerability lies in the POST Parameter Handler, specifically the url_rule_asp function in /url_rule.asp, which is reported to cause a buffer overflow. This could be exploited remotely, and public exploit information is ind...

CVE-2026-7823

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been released to the...

CVE-2026-7718

A vulnerability was identified in Totolink WA300 5.2cu.7112B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiated remotely. The...

CVE-2026-31196

OS command injection vulnerability in the traceroute diagnostic handler in /bin/httpdclientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system call, allowing authenticated remote attackers ...

D-Link DI-8100 缓冲区错误漏洞

The D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link Corporation. The D-Link DI-8100 version 16.07.26A1 contains a buffer error vulnerability. This vulnerability arises from the function sprintf in the file yyxz.asp, where the handli...

D-Link DI-8100 缓冲区错误漏洞

The D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link Corporation. The D-Link DI-8100 version 16.07.26A1 contains a buffer overflow vulnerability. This vulnerability stems from the function sprintf in the HTTP Handler component, where...

D-Link DI-8100 缓冲区错误漏洞

The D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link Corporation. The D-Link DI-8100 version 16.07.26A1 contains a buffer overflow vulnerability. This vulnerability stems from a function in the POST Parameter Handler component called...

📄 SumatraPDF 3.5.2 Remote Code Execution

SumatraPDF versions 3.5.0 to 3.5.2 disable TLS hostname verification during update checks using INTERNETFLAGIGNORECERTCNINVALID and do not perform any signature or integrity validation on the downloaded installer. Exploit Title: SumatraPDF 3.5.2 - Remote Code Execution Date: 2026-02-10 Exploit...

CVE-2026-6522

A flaw was found in Wireshark. The RPKI-Router protocol dissector contains an infinite loop. A remote attacker could exploit this by crafting a malicious RPKI-Router packet, leading to a denial of service DoS condition, making the Wireshark application unresponsive. Mitigation To reduce exposure,...

EUVD-2026-26941

A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The...