CVE-2026-7719

A security flaw has been discovered in Totolink WA300 5.2cu.7112B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument httphost results in buffer overflow. The attack may be launched...

CVE-2026-7725

A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commitsha/directories results in argument injection. It is...

CVE-2026-7857

A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /usergroup.asp of the component CGI Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and m...

CVE-2026-34464

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field from NAMEDPIPEOPENREQ into a fixed WCHAR pipename160 stack buffer using wcscat without verifying null termination. The handler only...

CVE-2026-34464

Summary (CVE-2026-34464): Sandboxie-Plus

CVE-2026-34462

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

CVE-2026-34459 Sandboxie-Plus sandbox escape via uninitialized memory leak and stack overflow in GetRawInputDeviceInfoSlave

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains two vulnerabilities that can be chained for sandbox escape. First, when a sandboxed process sends an IPC request...

CVE-2026-7854

A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function urlruleasp of the file /urlrule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploi...

CVE-2026-7857 D-Link DI-8100 CGI user_group.asp sprintf buffer overflow

A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /usergroup.asp of the component CGI Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and m...

CVE-2026-7857 D-Link DI-8100 CGI user_group.asp sprintf buffer overflow

A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /usergroup.asp of the component CGI Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and m...

CVE-2026-7857

CVE-2026-7857 concerns D-Link DI-8100 (firmware 16.07.26A1) where the CGI Handler’s function sprintf in the /user_group.asp file is vulnerable to a buffer overflow. The affected component is the CGI/Scripting interface; the underlying root cause is unsafe handling in sprintf, enabling overflow th...

Insecure Randomness

Overview langchain-chatchat is a Langchain-Chatchat formerly langchain-ChatGLM, local knowledge based LLM like ChatGLM, Qwen and Llama RAG and Agent app with langchain Affected versions of this package are vulnerable to Insecure Randomness via the getfileid function in the Uploaded File Handler...

EUVD-2026-27418

A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /autoreboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made...

EUVD-2026-27390

A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webuipages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument...

Use of a Broken or Risky Cryptographic Algorithm

Overview langchain-chatchat is a Langchain-Chatchat formerly langchain-ChatGLM, local knowledge based LLM like ChatGLM, Qwen and Llama RAG and Agent app with langchain Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the PIL.Image.tobytes...

EUVD-2026-27335

The ping diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using she...

EUVD-2026-27337

The traceroute diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters usi...

CVE-2026-7855 D-Link DI-8100 HTTP Request tggl.asp tggl_asp buffer overflow

A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tgglasp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of the argument Name results in buffer overflow. The attack can be initiated remotely. The exploit is no...

CVE-2026-7855

A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tgglasp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of the argument Name results in buffer overflow. The attack can be initiated remotely. The exploit is no...

CVE-2026-7855

CVE-2026-7855 affects D-Link DI-8100 firmware 16.07.26A1. The vulnerability is in the HTTP Request Handler, specifically the function tggl_asp in the file tggl.asp ; manipulating the Name argument triggers a buffer overflow. The issue is exploitable remotely and the exploit is public. CVSS-based ...