CVE-2026-46620

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

CVE-2026-46620 e107: CSRF in comment.php moderation endpoints via token-optional validation in session_handler::check()

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

CVE-2026-46620 e107: CSRF in comment.php moderation endpoints via token-optional validation in session_handler::check()

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the ReadObject function in the Cnut File Handler process. An attacker can achieve arbitrary code execution, data corruption, or application crash by providing crafted input that triggers a heap-based buffe...

CVE-2026-9541

A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been...

CVE-2026-7374

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...

CVE-2026-9541

A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been...

CVE-2026-9300

A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corruption. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. It is best practic...

CVE-2026-7374

CVE-2026-7374 describes a vulnerability in KubeVirt’s virt-handler where improper symlink validation during VM console socket connections allows an authenticated OpenShift user with namespace-level edit permissions to hijack virt-handler’s privileged connection. By substituting the console socket...

CVE-2026-7374 Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...

EUVD-2026-31824

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...

CVE-2026-7374

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...

CVE-2026-7374 Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...

CVE-2026-7374

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper validation of symbolic links in the virt-handler process. An attacker can gain unauthorized access to privileged Unix sockets on the host by replacing a virtual machine console socket with a symlink to a...

CVE-2026-9541

A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been...

CVE-2026-9541 Squirrel Cnut File sqobject.cpp ReadObject heap-based overflow

A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been...

CVE-2026-9541 Squirrel Cnut File sqobject.cpp ReadObject heap-based overflow

A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been...

EUVD-2026-31813

A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been...

CVE-2026-9533

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is possible to initiate...