HashiCorp Nomad 后置链接漏洞

HashiCorp Nomad is a simple and flexible scheduler and orchestrator provided by the American company HashiCorp. It is used for managing containers and non-containerized applications on both local and cloud environments. Versions of HashiCorp Nomad prior to 0.1.2 contained a post-installation...

PT-2026-39958

The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2026-40280

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

D-Link DIR-816 注入漏洞

The D-Link DIR-816 is a wireless router produced by D-Link Corporation. The D-Link DIR-816 1.10CNB05R1B011D88210 version has a vulnerability related to command injection, which stems from operations on the ipaddress parameter...

PT-2026-40160

Double free in Windows Link-Layer Discovery Protocol LLDP allows an authorized attacker to elevate privileges locally...

CVE-2026-8345

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05R1B011D88210. Affected by this issue is the function sub445E7C of the file /goform/singlePortForward. Such manipulation of the argument ipaddress leads to command injection. It is possible to launch the attack remotely. The...

CVE-2026-43899

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass RCE. While the patch correctly restricted...

CVE-2026-8346

The CVE-2026-8346 entry concerns D-Link DIR-816 devices (firmware 1.10CNB05_R1B011D88210/variants) where the portForward function is vulnerable. A flaw in handling the ip_address argument enables remote command injection, with reported public exploits. The affected component is the portForward lo...

CVE-2026-8346 D-Link DIR-816 portForward command injection

A vulnerability was detected in D-Link DIR-816 1.10CNB05R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ipaddress results in command injection. The attack can be initiated remotely. The exploit is now public and may be used...

CVE-2026-8346

A vulnerability was detected in D-Link DIR-816 1.10CNB05R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ipaddress results in command injection. The attack can be initiated remotely. The exploit is now public and may be used...

CVE-2026-43897

Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1...

CVE-2026-8345 D-Link DIR-816 singlePortForward sub_445E7C command injection

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05R1B011D88210. Affected by this issue is the function sub445E7C of the file /goform/singlePortForward. Such manipulation of the argument ipaddress leads to command injection. It is possible to launch the attack remotely. The...

EUVD-2026-29346

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05R1B011D88210. Affected by this issue is the function sub445E7C of the file /goform/singlePortForward. Such manipulation of the argument ipaddress leads to command injection. It is possible to launch the attack remotely. The...

CVE-2026-8345

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05R1B011D88210. Affected by this issue is the function sub445E7C of the file /goform/singlePortForward. Such manipulation of the argument ipaddress leads to command injection. It is possible to launch the attack remotely. The...

CVE-2026-8345 D-Link DIR-816 singlePortForward sub_445E7C command injection

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05R1B011D88210. Affected by this issue is the function sub445E7C of the file /goform/singlePortForward. Such manipulation of the argument ipaddress leads to command injection. It is possible to launch the attack remotely. The...

CVE-2026-8345

The vulnerability CVE-2026-8345 affects D-Link DIR-816 devices (firmware version 1.10CNB05_R1B011D88210). The issue resides in function sub_445E7C of /goform/singlePortForward, where manipulating the ip_address argument enables command injection. Exploitation can be performed remotely. The public...

CVE-2026-40621

creationtimestamp| type| source ---|---|--- 2026-05-11 22:00:00+00:00| seen| https://jvn.jp/en/jp/JVN03037325 2026-05-13 15:56:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlqo54teta2n 2026-06-03 01:22:01+00:00| seen|...

CVE-2026-43899 DeepChat: Incomplete Fix for CVE-2025-55733 leads to Remote Code Execution via Markdown Links bypassing `isValidExternalUrl`

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass RCE. While the patch correctly restricted...

CVE-2026-45025

creationtimestamp| type| source ---|---|--- 2026-05-11 21:30:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlm7uf7ym52p...

CVE-2026-8344 D-Link DIR-816 formDMZ.cgi sub_445E7C command injection

A weakness has been identified in D-Link DIR-816 1.10CNB05R1B011D88210. Affected by this vulnerability is the function sub445E7C of the file /goform/formDMZ.cgi. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the...