XCharge C6 安全漏洞

XCharge C6 is a series of intelligent electric vehicle DC charging stations developed by the German company XCharge. There is a security vulnerability in the XCharge C6, which stems from a configuration flaw in the device’s remote management service. This flaw allows for the establishment of...

D-Link DWR-X1820 安全漏洞

The D-Link DWR-X1820 is a wireless router produced by D-Link Corporation. The D-Link DWR-X1820 has a security vulnerability. This vulnerability stems from the use of weak default passwords generated from the IMEI number, and no requirement is placed on users to change them. As a result, attackers...

PT-2026-44492

Name of the Vulnerable Software and Affected Versions Portainer CE affected versions not specified Description Insecure default settings grant regular non-administrative users privileges that allow access to the host filesystem and host-level code execution. An authenticated user with endpoint...

PT-2026-44279

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the LoongArch architecture where the loongson gpu fixup dma hang function may fail to handle certain switch cases. This can lead to an Address Detection Error ADE...

PT-2026-44467

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, get shared secret in crates/ecstore/src/rpc/http auth.rs, falls back...

PT-2026-44500

A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...

rustfs 安全漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-beta.2 contained security vulnerabilities. These vulnerabilities stemmed from the internal RPC layer reverting to the public default key when no shared key was configured, which could lead to...

PT-2026-44226

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

Kuma 安全漏洞

Kuma is a modern service mesh developed by Kuma OpenSource, based on Envoy. It can be run on Kubernetes and VMs, with single- or multi-zone capabilities, across various clouds. There were security vulnerabilities in versions of Kuma before 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5. These...

Oracle Linux 8 : firefox (ELSA-2026-21382)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-21382 advisory. 140.11.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 - diable wasisdk to prevent build failure with newer llvm 140.11.0 -...

Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override

Remote Code Execution via Mission Database algorithm override Summary The Nashorn ScriptEngine used to evaluate user-supplied algorithm text in MdbOverrideApi.updateAlgorithm is constructed without a ClassFilter, allowing a user with the ChangeMissionDatabase privilege to execute arbitrary Java...

CVE-2026-45137

Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, an logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential arbitrary cpi in progra...

CVE-2026-45137 Anchor: Program<'info, System> is not properly validated

Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, an logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential arbitrary cpi in progra...

CVE-2026-44888

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTPPORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minutes...

CVE-2026-8361 Gladinet Triofox Path Traversal in WOSDefaultHttpModule.dll

A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome...

CVE-2026-8361 Gladinet Triofox Path Traversal in WOSDefaultHttpModule.dll

A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome...

EUVD-2026-32634

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTPPORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minutes...

EUVD-2026-32624

Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...

CVE-2026-45046

Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...

CVE-2026-45087

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options...