Lucene search
K

93 matches found

CVE
CVE
added 2026/06/24 4:29 p.m.8 views

CVE-2026-53041

CVE-2026-53041 concerns OCFS2 in the Linux kernel. When an OCFS2 inode has both inline and block-based xattrs, listxattr() could report a size larger than the caller’s buffer if inline names consumed the buffer exactly, triggering a kernel bug/DoS. The root cause was a refactor that used size == ...

7.1CVSS6AI score0.00126EPSS
Exploits0References8
CVE
CVE
added 2026/05/29 7:44 p.m.77 views

CVE-2026-45700

FreeRDP (prior to 3.26.0) has a heap-buffer-overflow in the planar bitmap decoder. The bug occurs in freerdp_bitmap_decompress_planar() validating X destination coordinate against nDstStep; an attacker can bypass the check with large nDstStep and nXDst, causing planar_decompress_plane_rle() to wr...

9.8CVSS5.9AI score0.00462EPSS
Exploits1References5Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/28 3:56 a.m.13 views

SUSE CVE-2026-45917

In the Linux kernel, the following vulnerability has been resolved: ipvs: do not keep destdst if dev is going down There is race between the netdev notifier ipvsdstevent and the code that caches dst with dev that is going down. As the FIB can be notified for the closed device after our handler...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.9 views

CVE-2026-43901

Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities. In 1.1.5 and earlier, wireshark-mcp exposes a wiresharkexportobjects MCP tool that accepts an attacker-controlled destdir parameter and passes it to tshark's...

6.8CVSS5.8AI score0.00281EPSS
Exploits1References1
OSV
OSV
added 2026/05/11 11:20 p.m.4 views

UBUNTU-CVE-2026-43901

Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities. In 1.1.5 and earlier, wireshark-mcp exposes a wiresharkexportobjects MCP tool that accepts an attacker-controlled destdir parameter and passes it to tshark's...

6.8CVSS5.8AI score0.00281EPSS
Exploits1References3
CVE
CVE
added 2026/05/08 1:38 p.m.19 views

CVE-2026-44340

PraisonAI prior to 4.6.37 does not validate member.linkname or reject symlink/hardlink archive members in _safe_extractall, and calls tar.extractall(dest_dir) without a data filter. A bundle could contain a symlink inside dest_dir with a linkname outside it, followed by a file path traversing the...

8.7CVSS5.9AI score0.00433EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/05/02 8:16 a.m.8 views

CVE-2026-7606

A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function findhwid/newguiupdatefirmware of the component Firmware Update Handler. Executing a manipulation of the argument dest can lead to insufficient verification of data authenticity. The attack can be launch...

8.1CVSS0.00234EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/02 6:45 a.m.12 views

CVE-2026-7606

A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function findhwid/newguiupdatefirmware of the component Firmware Update Handler. Executing a manipulation of the argument dest can lead to insufficient verification of data authenticity. The attack can be launch...

6.3CVSS5.4AI score0.00234EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/05/02 6:45 a.m.8 views

EUVD-2026-26760

A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function findhwid/newguiupdatefirmware of the component Firmware Update Handler. Executing a manipulation of the argument dest can lead to insufficient verification of data authenticity. The attack can be launch...

6.3CVSS5.4AI score0.00234EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.12 views

PT-2026-36585

A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function find hwid/new gui update firmware of the component Firmware Update Handler. Executing a manipulation of the argument dest can lead to insufficient verification of data authenticity. The attack can be...

6.3CVSS5.4AI score0.00234EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.9 views

TRENDnet TEW-821DAP 数据伪造问题漏洞

TRENDnet TEW-821DAP is a wireless access point from the company TRENDnet. The version TRENDnet TEW-821DAP 1.12B01 has a vulnerability related to data falsification. This vulnerability stems from improper handling of the parameter dest in the findHWid/newGuiUpdateFirmware function within the...

8.1CVSS5.8AI score0.00234EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/16 11:0 p.m.6 views

Open Redirect

Overview @saltcorn/server is a Server app for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to Open Redirect via the isrelativeurl function. An attacker can redirect users to an external, attacker-controlled domain by crafting a malicious URL that exploit...

7.1CVSS5.8AI score0.00339EPSS
Exploits0References2
CNVD
CNVD
added 2026/04/10 12:0 a.m.6 views

TRENDnet TEW-713RE Command Injection Vulnerability

The TRENDnet TEW-713RE is a wireless network range extender from TRENDnet. The TRENDnet TEW-713RE suffers from a command injection vulnerability that originates from a misuse of the parameter dest in the file /goform/addRouting, which can be exploited by an attacker to cause arbitrary command...

9.8CVSS6.5AI score0.05126EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/04/01 10:58 a.m.5 views

CVE-2026-5183

A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub421494 of the file /goform/addRouting. Executing a manipulation of the argument dest can lead to command injection. It is possible to launch the attack remotely. The exploit has been publicly...

6.5CVSS6.3AI score0.05126EPSS
Exploits1References1
NVD
NVD
added 2026/03/31 6:16 a.m.7 views

CVE-2026-5183

A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub421494 of the file /goform/addRouting. Executing a manipulation of the argument dest can lead to command injection. It is possible to launch the attack remotely. The exploit has been publicly...

9.8CVSS0.05126EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/31 5:45 a.m.2 views

CVE-2026-5183 TRENDnet TEW-713RE addRouting sub_421494 command injection

A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub421494 of the file /goform/addRouting. Executing a manipulation of the argument dest can lead to command injection. It is possible to launch the attack remotely. The exploit has been publicly...

6.5CVSS6.3AI score0.05126EPSS
Exploits1References4
CVE
CVE
added 2026/03/31 5:45 a.m.18 views

CVE-2026-5183

CVE-2026-5183 affects TRENDNet TEW-713RE (up to firmware 1.02). The vulnerable element is the function sub_421494 in the file /goform/addRouting; manipulating the argument dest can cause a remote command injection. Public exploit information exists; vendor has not responded to disclosure. Connect...

9.8CVSS6.3AI score0.05126EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.9 views

PT-2026-29200

A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub 421494 of the file /goform/addRouting. Executing a manipulation of the argument dest can lead to command injection. It is possible to launch the attack remotely. The exploit has been publicly...

6.5CVSS5.6AI score0.05126EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.8 views

TRENDnet TEW-713RE 命令注入漏洞

The TRENDnet TEW-713RE is a wireless network range extender from TRENDnet. The TRENDnet TEW-713RE suffers from a command injection vulnerability that originates from a misuse of the parameter dest in the file /goform/addRouting, which can be exploited by an attacker to cause arbitrary command...

9.8CVSS6.7AI score0.05126EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/07 12:20 a.m.5 views

CVE-2026-25070

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...

9.3CVSS6.5AI score0.02999EPSS
Exploits0References3
Rows per page
Query Builder