CVE-2026-5080

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...

CVE-2026-41226

CVE-2026-41226 describes an open redirect vulnerability in Ricoh Web Image Monitor used by multiple laser printers and MFPs. The issue occurs when a user accesses a specially crafted URL, which can redirect to an arbitrary site and potentially enable phishing. The CVE is reflected in multiple sou...

CVE-2026-7469

A vulnerability was detected in Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01. This impacts the function sub425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2026-7469 Tenda 4G300 DelFil sub_425A28 command injection

A vulnerability was detected in Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01. This impacts the function sub425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...

EUVD-2026-26306

A vulnerability was detected in Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01. This impacts the function sub425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2026-7469 Tenda 4G300 DelFil sub_425A28 command injection

A vulnerability was detected in Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01. This impacts the function sub425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2026-7468 1024-lab smart-admin Demo Site index.html access control

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has bee...

CVE-2026-36340

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

PT-2026-36116

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

EUVD-2025-209599

Assertion failure vulnerability in the PCO Protocol Configuration Options parser in the SMF Session Management Function component of Open5GS before v2.7.5 allows remote attackers to cause denial of service via specially crafted NGAP messages containing malformed length fields in protocol...

CVE-2025-56568

Assertion failure vulnerability in the PCO Protocol Configuration Options parser in the SMF Session Management Function component of Open5GS before v2.7.5 allows remote attackers to cause denial of service via specially crafted NGAP messages containing malformed length fields in protocol...

LinkStack 授权问题漏洞

LinkStack is a unique platform developed by LinkStack OpenSource, offering efficient solutions for managing and sharing links online. Version 4.8.6 and earlier of LinkStack contained an authorization vulnerability. This vulnerability originated from the saveLink function in the Management Endpoin...

PT-2026-36045

Name of the Vulnerable Software and Affected Versions Ricoh Web Image Monitor affected versions not specified Description An open redirect issue exists in multiple laser printers and MFPs implementing Ricoh Web Image Monitor. By accessing a specially crafted URL, a user can be redirected to an...

PT-2026-36098

Name of the Vulnerable Software and Affected Versions Pallets Click versions 8.3.2 and earlier Description A command injection issue exists in the click.edit function, which allows an unprivileged account to execute arbitrary operating system commands. Recommendations Update to a version later th...

Tenda 4G300 缓冲区错误漏洞

The Tenda 4G300 is a wireless router produced by the Chinese company Tenda. The Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01 version contains a buffer error vulnerability. This vulnerability stems from the operation of the parameter “page” in the function sub427C3C within the file/goform/SafeMacFilte...

PT-2026-36130

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The projec...

Amazon Linux 2023 : rclone (ALAS2023-2026-1607)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1607 advisory. crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir...

CVE-2025-56568

Assertion failure vulnerability in the PCO Protocol Configuration Options parser in the SMF Session Management Function component of Open5GS before v2.7.5 allows remote attackers to cause denial of service via specially crafted NGAP messages containing malformed length fields in protocol...

Tenda 4G300 注入漏洞

The Tenda 4G300 is a wireless router produced by the Chinese company Tenda. The Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01 version has a vulnerability related to injection attacks. This vulnerability stems from the operation of the parameter delflag in the function sub425A28 within the...

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS prior to 2.7.5 contained security vulnerabilities. These vulnerabilities stemmed from assertion failures in the PCO parser within the SMF component,...