OPENSUSE-SU-2026:20607-1 Security update for erlang

This update for erlang fixes the following issues: Security issues fixed: - CVE-2026-21620: improper isolation and compartmentalization can lead to TFTP relative path traversal and remote arbitrary reads/writes bsc1258663. - CVE-2026-23941: improper handling of duplicate Content-Length headers in...

CVE-2026-6799 Comfast CF-N1-S Endpoint mbox-config command injection

A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET&section=pingconfig of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The...

CVE-2026-6058

UNSUPPORTED WHEN ASSIGNED An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service DoS condition in the web management interface by convincing an authenticated...

CVE-2026-6058

UNSUPPORTED WHEN ASSIGNED An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service DoS condition in the web management interface by convincing an authenticated...

CVE-2026-6058

UNSUPPORTED WHEN ASSIGNED An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service DoS condition in the web management interface by convincing an authenticated...

CVE-2026-6058

UNSUPPORTED WHEN ASSIGNED An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service DoS condition in the web management interface by convincing an authenticated...

Zyxel WRE6505 安全漏洞

The Zyxel WRE6505 is a wireless signal extension device produced by the Chinese company Zyxel. The Zyxel WRE6505 v2 firmware version 1.00ABDV.3C0 contains a security vulnerability. This vulnerability stems from improper CGI program coding or escaping, which may allow adjacent WLAN attackers to...

[SECURITY] Fedora 42 Update: awstats-8.0-1.fc42

Advanced Web Statistics is a powerful and full-featured tool that generates advanced web server graphical statistics. This server log analyzer works from the command line or as a CGI and shows all information your log contains, in graphical web pages. It can analyze a lot of web/wap/proxy servers...

CVE-2026-6559 Wavlink WL-WN579A3 login.cgi sub_401F80 cross site scripting

A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub401F80 of the file /cgi-bin/login.cgi. This manipulation of the argument Hostname causes cross site scripting. Remote exploitation of the attack is possible. Upgrading the affected component is recommended...

CVE-2026-6112

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The...

CVE-2026-6139

A vulnerability has been found in Totolink A7100RU 7.4cu.2313b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The...

CVE-2026-6155

A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument pppoeServiceName can lead to os command injection. The attack may be launched...

CVE-2026-6113

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument ttyEnable leads to os command injection. The attack...

RLSA-2023:7025 Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 ruby...

CVE-2026-5996

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument ttyserver leads to os command injection. It is possible to...

CVE-2026-5976

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sambaEnabled results in os command injection. It is possible to initiate th...

RockyLinux 8 : ruby:2.5 (RLSA-2023:7025)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7025 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 ruby: ReDoS vulnerability i...

CVE-2026-6115

A flaw has been found in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has...

EUVD-2026-22036

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be...

CVE-2026-6195

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be...