G Auto-Hyperlink <= 1.0.1 - SQL Injection

The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection id: CVE-2021-24627 info: name: G Auto-Hyperlink = 1.0.1 - SQL...

EUVD-2026-40014

A flaw has been found in Tenda JD12L 16.03.53.23. The impacted element is the function formWifiBasicSet of the file /goform/WifiBasicSet. Executing a manipulation of the argument security5g can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publishe...

CVE-2026-13517 Tenda JD12L WifiBasicSet formWifiBasicSet stack-based overflow

A flaw has been found in Tenda JD12L 16.03.53.23. The impacted element is the function formWifiBasicSet of the file /goform/WifiBasicSet. Executing a manipulation of the argument security5g can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publishe...

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: pulumi, osv-scanner, cilium, cloud-provider-aws, buildah, telegraf, cluster-api-azure-controller, gitlab-runner, gh, external-secrets-operator, wolfictl, helm, flux-kustomize-controller, pulumi-kubernetes-operator, scorecard, syft, terragrunt, guac, aactl, eksctl,...

UBUNTU-CVE-2026-56788

RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in g...

CVE-2026-56111

Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESHBEDLEVELING enabled, contains an out-of-bounds write vulnerability in the M421 G-code handler that allows attackers to corrupt firmware memory by supplying out-of-range X and Y grid indices. Attackers can send a single...

CVE-2026-56111

Marlin Firmware 2.1.2.7 with MESH_BED_LEVELING enabled is affected. The vulnerability is an out-of-bounds write in the M421 G-code handler that allows an attacker-controlled 32-bit float value to be written past the z_values array bounds by providing crafted X/Y grid indices. This can corrupt adj...

Astra Linux – Vulnerability in ntfs-3g

A properly crafted NTFS image with an unallocated bitmap can lead to an endless recursive function call chain starting from ntfsattrpwrite, causing stack consumption in NTFS-3G 2021.8.22...

Astra Linux – Vulnerability in ntfs-3g

An invalid return code in fusekernmount allows for intercepting the libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite...

CVE-2026-36605

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 is vulnerable to a HTTP denial of service via a low number of crafted incomplete HTTP requests, causing a persistent crash that requires physical power cycling to recover...

CVE-2026-8890

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

MINI-G7J4-CMRH-W899

Bulletin has no description...

MINI-3V58-HR53-MH9G

Bulletin has no description...

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the lack of mandatory implementation of topic-level access control lists by the local MQTT Broker. As a result, any client that...

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from a weak validation logic for the device separation API routines. This vulnerability could potentially cause remote entities to forcibly unbin...

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the ability to access internal multimedia session archives without authentication, and lax cross-site resource sharing rules...

SUSE CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

CVE-2026-36604

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's internal IP address, extending the CORS wildcard vulnerability Access-Control-Allow-Origin: to...

Mercusys AC12G 安全漏洞

The Mercusys AC12G is a Gigabit wireless router produced by the Chinese company Mercusys. The Mercusys AC12G EU V1 AC12G EU V1 version has security vulnerabilities. These vulnerabilities stem from unvalidated HTTP header verification, which may allow external attackers to exploit the CORS wildcar...

CVE-2026-37232

An issue was discovered in OpenAirInterface5G 2.4.0 nr-softmodem in the E2SM-KPM RAN Function's PRB utilization metric calculation. The functions fillRRUPrbTotDl and fillRRUPrbTotUl in openair2/E2AP/RANFUNCTION/O-RAN/ranfunckpmsubs.c lines 182 and 197 compute PRB usage percentages by dividing by...