CVE-2026-35516 LinkAce has SSRF via CheckLinksCommand - Link URL Update Bypasses laravel-html-meta Protection

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services AWS IMDSv1, cloud metadata, internal APIs by creating a link with a publ...

CVE-2026-24934

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

SUSE-SU-2025:4261-1 Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.30 fixes various security issues The following security issues were fixed: - CVE-2024-53141: netfilter: ipset: add missing range check in bitmapipuadt bsc1245778. - CVE-2025-23145: mptcp: fix NULL pointer in canacceptnewsubflow...

PT-2024-28855 · No Ip · No-Ip Dynamic Update Client

Name of the Vulnerable Software and Affected Versions: No-IP Dynamic Update Client DUC versions 3.x Description: The No-IP Dynamic Update Client DUC v3.x uses cleartext credentials that may occur on a command line or in a file. The vendor's position is that cleartext in /etc/default/noip-duc is...

PT-2023-7781 · Siemens · Scalance M826-2 Shdsl-Router +11

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM RM1224 LTE4G EU versions prior to V8.0 RUGGEDCOM RM1224 LTE4G NAM versions prior to V8.0 SCALANCE M804PB versions prior to V8.0 SCALANCE M812-1 ADSL-Router versions prior to V8.0 SCALANCE M816-1 ADSL-Router versions prior to V8.0...