CVE-2026-49196 Predator Connect W6x: Web Interface Command Injection

The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands...

CVE-2026-49196

Predator Connect W6x firmware exposes a web-interface command injection via the Wi‑Fi device blocking feature, caused by inadequate MAC address input sanitization. This permits arbitrary shell command execution through the affected component. The CVSS details indicate network access with high imp...

CVE-2026-4776

An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands...

CVE-2026-7480

An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary code via a crafted RPC call that bypass the validation mechanism. Refer to the 'Security Update for ASUS System Control...

CVE-2026-7480

CVE-2026-7480 : An Incorrect Permission Assignment for Critical Resource vulnerability affects the ASUS System Control Interface. A local user can elevate privileges to SYSTEM and execute arbitrary code by sending a crafted RPC call that bypasses the validation mechanism. This description is supp...

EUVD-2026-33245

An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary code via a crafted RPC call that bypass the validation mechanism. Refer to the 'Security Update for ASUS System Control...

SUSE CVE-2026-46121

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect memcgpath kfree with damonsysfslock Patch series "mm/damon/sysfs-schemes: fix use-after-free for memcgpath". Reads of 'memcgpath' and 'path' files in DAMON sysfs interface could race with their...

SUSE CVE-2026-46148

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: control built-in cs manually The coreQSPI IP supports only a single chip select, which is automagically operated by the hardware - set low when the transmit buffer first gets written to and set high when...

SUSE CVE-2026-46219

In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on unbind The state machine work is scheduled by the interrupt handler and therefore needs to be cancelled after disabling interrupts to avoid a potential use-after-free...

SUSE CVE-2026-46228

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

EUVD-2026-33126

Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

EUVD-2026-33128

Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

EUVD-2026-33113

Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

EUVD-2026-33098

Use after free in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-9937

An use after free flaw was found in the UI component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502112506...

CVE-2026-9885

An insufficient validation of untrusted input flaw was found in the UI component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=508452241...

Ubuntu 24.04 LTS / 25.10 : Foomuuri vulnerabilities (USN-8326-1)

The remote Ubuntu 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8326-1 advisory. Matthias Gerstner discovered that Foomuuri's D-Bus service did not properly enforce authorization. An unprivileged local attacker could possibly...

CVE-2026-23679

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength...

Waterfall WF-500 安全漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. There are security vulnerabilities in the Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040; these vulnerabilities stem fr...

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The version 7.9.1.0 R2502171040 of the Waterfall WF-500 contains an operating system command injection vulnerability. This...