D-Link DIR-859 - Information Disclosure

A critical information disclosure vulnerability exists in D-Link devices where sensitive device account information including credentials can be retrieved by sending an unauthenticated request to /getcfg.php endpoint with the parameter SERVICES=DEVICE.ACCOUNT. This could allow attackers to obtain...

EUVD-2026-34780

A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service kernel panic or potentially achieve Remote Code Execution via a...

EUVD-2026-34466

Inappropriate implementation in Link Preview in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-10878

A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument actionvalue results in command injection. The attack is possible to be carried out remotely. The exploit is now public and...

CVE-2026-10878

A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument actionvalue results in command injection. The attack is possible to be carried out remotely. The exploit is now public and...

CVE-2026-10878

Summary of vulnerability : CVE-2026-10878 affects D-Link DWR-M920 firmware versions 1.1.50 and 1.1.70. The issue resides in the function sub_41C8E8 of /boafrm/formSmsManage, where manipulation of the argument action_value leads to a command injection . The vulnerability enables remote exploitatio...

PT-2026-46978

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub 41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may...

PT-2026-47006

A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub 412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI value causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used...

PT-2026-46838

A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub 41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action value results in command injection. The attack is possible to be carried out remotely. The exploit is now public a...

Node.js Module node-tar < 7.5.10 Arbitrary File Overwrite

The version of node-tar installed on the remote host is prior to 7.5.10. It is, therefore, affected by a vulnerability: - node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a...

UBUNTU-CVE-2026-7774

tarfile.datafilter could be bypassed using crafted link entries, incl...

PT-2026-47080

Summary The connection-test endpoint opened a raw TCP socket to the user-supplied database host without resolving and range-checking the destination, so private and link-local addresses including IPv4-mapped IPv6 forms and localhost reached the driver. Details A new validateDbConnectionHost helpe...

PT-2026-46994

Summary The password-reset page rendered the URL token directly into a JavaScript string literal in a server-rendered EJS template. EJS HTML-entity-encodes a fixed set of characters but does not escape single quotes or backslashes, so a crafted token could break out of the JS string context and...

CVE-2024-27892

creationtimestamp| type| source ---|---|--- 2026-06-04 23:47:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnisq5n6hz25 2026-06-05 05:12:35+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mnjeupitk72c...

CVE-2026-10870

creationtimestamp| type| source ---|---|--- 2026-06-04 23:31:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnirtinq6s2b...

CVE-2026-42540

creationtimestamp| type| source ---|---|--- 2026-06-04 23:21:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnirblpodl2n...

CVE-2026-11017

Inappropriate implementation in Link Preview in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2026-11017

Inappropriate implementation in Link Preview in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11322

creationtimestamp| type| source ---|---|--- 2026-06-04 23:07:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mniqhz3vnc26...

CVE-2026-11017

Inappropriate implementation in Link Preview in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...