CVE-2026-10608

A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used f...

CVE-2026-10608

A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used f...

CVE-2026-10608 DedeCMS carbuyaction.php RemoveXSS sql injection

A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used f...

EUVD-2026-33997

A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used f...

CVE-2026-10608

This CVE affects DedeCMS 5.7.88 and the vulnerable component is the function RemoveXSS in the file /plus/carbuyaction.php . The root cause is described as manipulation of the arguments postname/des leading to an SQL injection vulnerability. The impact is described as enabling remote exploitation ...

CVE-2026-46077 crypto: atmel-tdes - fix DMA sync direction

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-tdes - fix DMA sync direction Before DMA output is consumed by the CPU, -dmaaddrout must be synced with dmasyncsingleforcpu instead of dmasyncsinglefordevice. Using the wrong direction can return stale cache data on...

CVE-2026-46077

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-tdes - fix DMA sync direction Before DMA output is consumed by the CPU, -dmaaddrout must be synced with dmasyncsingleforcpu instead of dmasyncsinglefordevice. Using the wrong direction can return stale cache data on...

CVE-2026-46077

crypto: atmel-tdes - fix DMA sync direction...

CVE-2026-44061

Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis...

CVE-2026-44061 DES-ECB auth with timing side channel

Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis...

Netatalk 安全漏洞

Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 1.5.0 to 4.4.2 of Netatalk have security vulnerabilities. These vulnerabilities stem from the use of DES-ECB for authenticatio...

SUSE-SU-2026:1970-1 Security update for php-composer2

This update for php-composer2 fixes the following issues - CVE-2026-40176: command injection via malicious Perforce repository definition bsc1262254. - CVE-2026-40261: command injection via malicious Perforce source reference/url bsc1262255. Changes for php-composer2: - version update to 2.2.27...

Astra Linux - уязвимость в heimdal, samba

A heap-based buffer overflow vulnerability was discovered in Samba, within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow for a length-limited write buffer overflow on memory allocated by malloc, when a...

TP-Link WR841N Router multiple vulnerabilities

RISK EVALUATION Multiple TP-Link products TP-Link Archer C20 V5, Archer C20 6.0, Archer AX53 v1.0 and TL-WR841N v13 are affected by multiple vulnerabilities. The most severe of these vulnerabilities could allow an adjacent, unauthenticated attacker to execute administrative commands. 2...

CVE-2026-40514

SmarterTools SmarterMail builds prior to 9610 use DES-CBC with keys/IVs derived from System.Random seeded with insufficient entropy, reducing the seed space to ~19,000 values. An unauthenticated attacker can query the attachment download endpoint to recover the seed and forge sharing tokens for e...

CVE-2026-40514 SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...

CVE-2026-40514 SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...

PT-2026-35434

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...

CVE-2026-5039

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized...

CVE-2026-5039 Predictable Default Cryptographic Key Used for DES Encryption in TP-Link TL-WL841N

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized...