CVE-2026-47242

Net::IMAP (Ruby) CVE-2026-47242 affects versions before 0.6.5 and 0.5.15. The vulnerability arises because Net::IMAP#id (with a hash argument) and Net::IMAP#enable do not properly validate arguments, allowing CRLF or atom-list injections and causing the #to_s value to be sent verbatim. An attacke...

CVE-2026-47242 Net::IMAP: Command Injection via ID command argument

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAPid is called with a hash argument, although the ID field value strings are correctly quoted escaping quoted specials, they were not validated to prohibit CRLF sequence...

MAL-2026-6271 Malicious code in node-fetch-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78aef0d64a7d761d2987d27aea462083425e5692475cd81332b7a3152c754308 On Windows, scripts/postinstall.js XOR-decodes a hardcoded C2 host node22.lunes.host:3258, authenticates with a 5-minute rolling HMAC-SHA256 token,...

CVE-2026-11834

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

CVE-2026-11834 Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

EUVD-2026-38339

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

CVE-2026-11834

CVE-2026-11834 describes a command-injection vulnerability in the DHCP option processing logic of multiple TP-Link routers, caused by insufficient validation of externally supplied DHCP option data. An adjacent attacker can exploit this by sending crafted DHCP responses, potentially during device...

CVE-2026-50178

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown renderer with the isTrusted: true option located in client/src/client.ts. This setting instructs VS...

CVE-2026-54271

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static outp...

CVE-2026-50178

The CVE-2026-50178 entry describes a remote code execution risk in the Angular Language Service VS Code Extension. The issue stems from the client-side tooltip renderer using isTrusted: true, which allows potentially malicious content to be treated as trusted Markdown. The background Angular Lang...

CVE-2026-42089

A flaw was found in Yeoman Environment. This vulnerability allows an attacker to install arbitrary packages and execute code during command-line interface CLI bootstrap. This occurs because the software installs missing local generator packages from caller-supplied names without user confirmation...

CVE-2026-5139

Mattermost versions 11.7.x slash command.. Mattermost Advisory ID: MMSA-2026-00644...

CVE-2026-28381

The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data source to read/write files between the local grafana server and the connected Snowflake host...

EUVD-2026-38246

Mattermost versions 11.7.x slash command.. Mattermost Advisory ID: MMSA-2026-00644...

CVE-2026-5139 GitLab Plugin Allows Non-Admin Users to Modify Default Instance Configuration

Mattermost versions 11.7.x slash command.. Mattermost Advisory ID: MMSA-2026-00644...

CVE-2026-5139

Mattermost plugin vulnerability CVE-2026-5139 affects Mattermost versions 11.7.x ≤ 11.7.0, 11.6.x ≤ 11.6.2, 11.5.x ≤ 11.5.5, 10.11.x ≤ 10.11.17. The issue arises in the /gitlab connect command handler where administrator authorization is not enforced for the setDefaultInstance call, allowing any ...

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

TerraMaster TOS <.1.29 - Remote Code Execution

TerraMaster TOS before 4.1.29 has invalid parameter checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with for example OS commands in the opt parameter. id:...

D-Link DSL 2888a - Authentication Bypass/Remote Command Execution

D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55 are vulnerable to authentication bypass issues which can lead to remote command execution. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. id: CVE-2020-24579 info: name: D-Li...

Evertz SDVN 3080ipx-10G - Unauthenticated Arbitrary Command Injection

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among...