PT-2026-45922

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...

PT-2026-45917

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files. This is caused by insufficient validation of...

PT-2026-45921

The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

PT-2026-45918

The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

CVE-2026-37460

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

CVE-2026-37460

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

CVE-2026-36460

Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output encoding...

PT-2026-45988

Name of the Vulnerable Software and Affected Versions Cisco Webex Meetings affected versions not specified Description Insufficient validation of user input in the web-based user interface allows an unauthenticated remote attacker to conduct a cross-site scripting XSS attack. An attacker could...

CVE-2026-36460

CVE-2026-36460 affects Dovestones Softwares ADPhonebook prior to v4.0.1.1. The issue is a Cross Site Scripting flaw in the /Admin/Save API where an authenticated admin can store malicious JavaScript payloads in multiple configuration sections due to missing input validation or output encoding. Af...

CVE-2026-37460

CVE-2026-37460 affects FRRouting (FRR) stable/10.0–10.6. The issue is in the rfapiRibBi2Ri() function (rfapi_rib.c) where missing input validation can be triggered by a crafted BGP UPDATE message, leading to Denial of Service. Connected sources consistently describe the same flaw and affected ran...

PT-2026-45987

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager affected versions not specified Cisco Unified Communications Manager Session Management Edition affected versions not specified Description An issue in the WebDialer service of Cisco Unified Communications...

FRRouting 安全漏洞

FRouting is an open-source network routing software suite that runs on Unix-like platforms. Versions of FRRouting from stable/10.0 to stable/10.6 have security vulnerabilities. These vulnerabilities stem from the lack of input validation in the rfapiRibBi2Ri function, which could allow attackers ...

PT-2026-45920

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

PT-2026-45919

The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

EUVD-2026-34083

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

PT-2026-45923

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...

CVE-2026-37460

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

Cisco Webex Meetings 跨站脚本漏洞

Cisco Webex Meetings is a video conferencing solution provided by the American company Cisco. Cisco Webex Meetings has a cross-site scripting vulnerability, which stems from insufficient user input validation. This vulnerability could allow unauthenticated remote attackers to carry out cross-site...

EUVD-2026-34140

Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output encoding...

CVE-2026-8036

Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...