CVE-2026-8344

A weakness has been identified in D-Link DIR-816 1.10CNB05R1B011D88210. Affected by this vulnerability is the function sub445E7C of the file /goform/formDMZ.cgi. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the...

CVE-2026-8344

The CVE describes a command injection in D-Link DIR-816 running 1.10CNB05_R1B011D88210. The vulnerability is in the function sub_445E7C of /goform/formDMZ.cgi, enabling remote execution of arbitrary commands. Several connected sources confirm remote exploitability and public availability of explo...

CVE-2026-42872

creationtimestamp| type| source ---|---|--- 2026-05-11 21:27:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlm7okusjp2o...

CVE-2026-42887

creationtimestamp| type| source ---|---|--- 2026-05-11 21:25:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlm7lupnk52e...

CVE-2026-43897

CVE-2026-43897 affects the link-preview-js library. Prior to version 4.0.1, it did not validate IPv6 loopback addresses and could also resolve certain addresses to internal IPs via DNS, enabling potential internal data leaks when extracting link information. The vulnerability is fixed in version ...

CVE-2026-43897 Link Preview JS: vunerable to IPv6 and internal loopback attacks

Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1...

CVE-2026-43897

Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1...

CVE-2026-43875 WWBN AVideo: Password Hash Leaked in MobileManager OAuth Redirect URL Enables Account Takeover

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/MobileManager/oauth2.php completes an OAuth login by sending an HTTP 302 Location: oauth2Success.php?user=&pass= where is the victim's stored password hash md5hash"whirlpool", sha1password read directly fro...

GHSA-Q9FQ-3RX9-7XCV

creationtimestamp| type| source ---|---|--- 2026-05-11 20:29:17+00:00| seen| https://gist.github.com/tw89Coder/cd011dc1842625f821c171e41e812fbc...

GHSA-J6CJ-RP87-MFRX

creationtimestamp| type| source ---|---|--- 2026-05-11 20:29:17+00:00| seen| https://gist.github.com/tw89Coder/cd011dc1842625f821c171e41e812fbc...

CVE-2026-45005

creationtimestamp| type| source ---|---|--- 2026-05-11 19:15:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mllychagb52q 2026-05-11 19:15:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mllychagb52q...

CVE-2026-45002

creationtimestamp| type| source ---|---|--- 2026-05-11 18:55:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mllx7csja72h...

CVE-2026-45001

creationtimestamp| type| source ---|---|--- 2026-05-11 18:49:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mllwtodafh2e...

CVE-2026-44998

creationtimestamp| type| source ---|---|--- 2026-05-11 18:42:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mllwhcxklc2i...

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

EUVD-2026-29087

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

GHSA-HR4R-FWPV-C95J pgAdmin 4 File Manager has symbolic-link path traversal

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

UNIX Symbolic Link (Symlink) Following

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following through the File Manager. An attacker can cause unauthorized file writes or overwrite arbitrary files by planting a symbolic link inside their own storage directory tha...

pgAdmin 4 File Manager has symbolic-link path traversal

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

CVE-2026-43640

creationtimestamp| type| source ---|---|--- 2026-05-11 18:17:51+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mllv3ug34r2k 2026-05-11 18:17:51+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mllv3ug34r2k 2026-05-16 18:07:08+00:00| seen|...