D-Link DNS-320 操作系统命令注入漏洞

The D-Link DNS-320 is a NAS Network Attached Storage device produced by D-Link Corporation. The D-Link DNS-320 version 2.06B01 has a vulnerability related to operating system command injection. This vulnerability arises from functions such as cgisethost, cgisetntp, cgifancontrol, and cgimergeuser...

WSO2 Identity Server 安全漏洞

WSO2 Identity Server is an identity authentication server developed by the American company WSO2. WSO2 Identity Server has a security vulnerability that stems from the lack of verification of user account status. This vulnerability may allow locked accounts to be successfully authenticated throug...

D-Link DCS-932L 安全漏洞

The D-Link DCS-932L is a network surveillance camera from D-Link Corporation. It is used for security and monitoring purposes. The D-Link DCS-932L version 2.18.01 has a security vulnerability. This vulnerability stems from improper handling of the parameter LightSensorControl by the function...

D-Link DIR-816 注入漏洞

The D-Link DIR-816 is a wireless router produced by D-Link Corporation. The version 1.10CNB05R1B011D88210 of the D-Link DIR-816 has a vulnerability related to command injection. This vulnerability originates from the sub445E7C function in the /goform/formDMZ.cgi file, which may lead to command...

PT-2026-39868

Name of the Vulnerable Software and Affected Versions D-Link DIR-816 version 1.10CNB05 R1B011D88210 Description A command injection issue exists that allows a remote attacker to execute arbitrary commands. The flaw is located in the sub 445E7C function within the '/goform/singlePortForward'...

PT-2026-39859

Name of the Vulnerable Software and Affected Versions DeepChat versions prior to 1.0.4-beta.1 Description An incomplete mitigation for a previous issue allows for an arbitrary protocol execution bypass, which can lead to remote code execution RCE. While restrictions were applied to the...

PT-2026-39865

Name of the Vulnerable Software and Affected Versions Outline versions prior to 1.7.1 Description The Slack integration callback for the endpoint "/auth/slack.post" accepts an unsigned, session-independent OAuth state value. This allows a third party with a Slack OAuth code for the same Outline...

PT-2026-39870

A vulnerability was detected in D-Link DIR-816 1.10CNB05 R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip address results in command injection. The attack can be initiated remotely. The exploit is now public and may be used...

PT-2026-39882

Name of the Vulnerable Software and Affected Versions MantisBT affected versions not specified Description An attacker can bypass the Content Security Policy CSP script-src directive by uploading a crafted attachment to an issue. When this attachment is accessed via the 'file download.php'...

CVE-2026-36983

D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection...

PT-2026-39581

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A lack of user account state validation during authentication allows locked user accounts to be successfully accessed using Magic Link or Pass Key methods. This...

PT-2026-39653

Name of the Vulnerable Software and Affected Versions D-Link DCS-932L version 2.18.01 Description Command Injection is possible in the sub 42EF14 function within the /bin/alphapd file. This occurs through the manipulation of the LightSensorControl argument. Recommendations At the moment, there is...

CVE-2026-36983

D-Link DCS-932L v2.18.01 is affected by a Command Injection in the helper function sub_42EF14 of /bin/alphapd. Passing/manipulating the LightSensorControl argument can lead to command execution. CVSSv3.1 base score 7.3 (HIGH); attack vector NETWORK, attack complexity LOW, privileges NONE, user in...

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017707)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017707 advisory. An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5Olinkdecode in H5Olink.c. Tenable has extracted the...

CVE-2026-8248

creationtimestamp| type| source ---|---|--- 2026-05-10 23:05:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mljupr6oeu2p...

CVE-2026-41018

creationtimestamp| type| source ---|---|--- 2026-05-10 20:26:13+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mljlsigkot22 2026-05-11 10:41:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mll3jovpgn2r...

CVE-2026-43826

creationtimestamp| type| source ---|---|--- 2026-05-10 20:21:12+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mljljjypls2s 2026-05-11 10:57:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mll4hefmlq2r...

EUVD-2021-34811

WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access Control settings. Attackers can enter JavaScript payloads in the plugin options that are stored in...

CVE-2022-50949

creationtimestamp| type| source ---|---|--- 2026-05-10 15:19:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlj2ooxzbk2h...

CVE-2022-50954

creationtimestamp| type| source ---|---|--- 2026-05-10 14:48:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mliywj5zzg2i...