CVE-2026-11409 OS Command Injection in IPv6 PPPoE Configuration in TP-Link TL-WR940N

An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

CVE-2026-11409 OS Command Injection in IPv6 PPPoE Configuration in TP-Link TL-WR940N

An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

CVE-2026-11410 OS Command Injection in BigPond Cable (BPA) Configuration in TP-Link TL-WR940N

An authenticated OS command injection vulnerability exists in the BigPond Cable BPA WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

CVE-2026-11410 OS Command Injection in BigPond Cable (BPA) Configuration in TP-Link TL-WR940N

An authenticated OS command injection vulnerability exists in the BigPond Cable BPA WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

CVE-2026-11410

The CVE-2026-11410 entry concerns TL-WR940N v6 (BigPond Cable BPA WAN config) with an authenticated OS command injection caused by improper input sanitization in the configuration module. An administrator can trigger arbitrary command execution with elevated privileges on the device via the BPA W...

CVE-2026-22313

The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying...

CVE-2026-10303

In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...

CVE-2026-0150

In ExecuteGraph command handler of EdgeTPU firmware, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with root privileges needed. User interaction is not needed for exploitation...

Malicious code in @kalipto/local (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f887073dda96085d83a06048f0010c3e6bef58c035579649a0f1ae6cad66828f The package is a purpose-built remote-control agent. On startup when the bin is invoked with --token, e.g. npx @kalipto/local --token..., index.js...

MAL-2026-5922 Malicious code in @kalipto/local (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f887073dda96085d83a06048f0010c3e6bef58c035579649a0f1ae6cad66828f The package is a purpose-built remote-control agent. On startup when the bin is invoked with --token, e.g. npx @kalipto/local --token..., index.js...

[SECURITY] [DLA 4632-1] atril security update

Debian LTS Advisory DLA-4632-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson June 16, 2026 https://wiki.debian.org/LTS Package : atril Version : 1.26.0-2+deb12u4 CVE ID : CVE-2026-46529 Debian Bug : 1139874 It was discovered that atril, a simple multi-page...

opencode-apk-forge

APKForge - The Dark Version of OpenCode ███╗ ███╗ ██╗...

CVE-2026-46900

Technical details for CVE-2026-46900 are not publicly available in the provided documents. Monitor for updates from official sources to obtain affected products, impact, and remediation information.

CVE-2026-46901

Technical details about CVE-2026-46901 are not publicly available in the provided documents. Monitor for updates.

CVE-2026-46902

Technical details for CVE-2026-46902 are not publicly available in the provided documents; monitor for updates.

CVE-2026-46898

Technical details about CVE-2026-46898 are not publicly provided in the supplied documents. No affected products, vulnerable components, impact, or remediation are specified here. Monitor for official updates from CVE/CVE List and Oracle security alerts.

CVE-2026-46897

Technical details about CVE-2026-46897 are not publicly available in the provided documents. Monitor for updates from Oracle and CVE feeds for affected products, versions, and remediation.

CVE-2026-46899

Technical details about CVE-2026-46899 are not publicly available in the provided documents. Monitor for updates from Oracle and CVE feeds for affected product, vulnerability scope, impact, and remediation.

CVE-2026-46896

Technical details are not publicly available in the provided documents. Monitor for updates from Oracle security alerts and CVE records for affected products and fixed versions.

CVE-2026-46895

Technical details for CVE-2026-46895 are not publicly available in the provided documents. Monitor for updates from Oracle and the CVE list for advisories or fixes.