CVE-2026-2082

CVE-2026-2082 affects D-Link DIR-823X (build 250416). The flaw lies in the /goform/set_mac_clone path where manipulating the argument mac allows an os command injection due to an identified vulnerable function. This enables remote attackers to execute commands with high privileges; exploitation i...

EUVD-2026-5731

A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/setmacclone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used...

D-Link DIR-823X 操作系统命令注入漏洞

The D-Link DIR-823X is a wireless router produced by D-Link Corporation. The D-Link DIR-823X 250416 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of parameters in the file/goform/setmacclone, which may lead to command...

PT-2026-6900

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in D-Link DIR-823X 250416 that allows remote attackers to execute operating system commands. This is achieved by manipulating the mac argument within the /goform/set mac clone file throu...

AZL-76662 CVE-2025-68121 affecting package golang for versions less than 1.25.6-1

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...

UBUNTU-CVE-2025-68121

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...

CVE-2025-68121

CVE-2025-68121 affects crypto/tls in Go where session resumption can succeed if the underlying Config is mutated between the initial and resumed handshake (e.g., after Config.Clone or GetConfigForClient mutates ClientCAs/RootCAs). The connected advisories tie this issue to the same CVE across mul...

CVE-2025-68121

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...

GO-2026-4337 Unexpected session resumption in crypto/tls

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...

CVE-2026-1802

A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function macAddrClone of the file luci\controller\api\zrMacClone.lua. The manipulation of the argument macType results in command injection. The attack may be launched remotely. The exploit has been released...

CVE-2026-1802

A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function macAddrClone of the file luci\controller\api\zrMacClone.lua. The manipulation of the argument macType results in command injection. The attack may be launched remotely. The exploit has been released...

CVE-2026-1802 Ziroom ZHOME A0101 zrMacClone.lua macAddrClone command injection

A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function macAddrClone of the file luci\controller\api\zrMacClone.lua. The manipulation of the argument macType results in command injection. The attack may be launched remotely. The exploit has been released...

CVE-2026-1802

A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function macAddrClone of the file luci\controller\api\zrMacClone.lua. The manipulation of the argument macType results in command injection. The attack may be launched remotely. The exploit has been released...

EUVD-2026-5182

A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function macAddrClone of the file luci\controller\api\zrMacClone.lua. The manipulation of the argument macType results in command injection. The attack may be launched remotely. The exploit has been released...

PT-2026-6060

Name of the Vulnerable Software and Affected Versions Ziroom ZHOME A0101 version 1.0.1.0 Description A security flaw exists in Ziroom ZHOME A0101. The issue is due to command injection resulting from the manipulation of the macType argument within the macAddrClone function located in the...

Malicious code in learning-curve-projects (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 535d27590bc02eadc7c52e7179ac183cfaac3079b16ae34a204e55b3e145ae62 Package contains hidden highly obfuscated code that is loaded during importing the module. --- Category: MALICIOUS - The campaign has clearly malicious intent,...

MAL-2026-618 Malicious code in learning-curve-projects (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 535d27590bc02eadc7c52e7179ac183cfaac3079b16ae34a204e55b3e145ae62 Package contains hidden highly obfuscated code that is loaded during importing the module. --- Category: MALICIOUS - The campaign has clearly malicious intent,...

Malicious code in fastpi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2928970260fda87aaa57272b8042ae1a9661ad1a1bdeec1e73903e84ce3354cd Malicious copy of the legitimate FastAPI. The modification loads code encrypted in one of the attached files. The final, highly obfuscated code is most likely...

CVE-2025-13205

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the SurveyJSCloneSurve...

CVE-2025-13205

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the SurveyJSCloneSurve...