D-Link DI-8100 缓冲区错误漏洞

The D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link Corporation. The D-Link DI-8100 version 16.07.26A1 contains a buffer overflow vulnerability. This vulnerability stems from the function tgglasp in the file/tggl.asp within the HTTP...

D-Link DI-8100 缓冲区错误漏洞

The D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link Corporation. The D-Link DI-8100 version 16.07.26A1 contains a buffer overflow vulnerability. This vulnerability stems from the handling of parameters in the Web Management Interfac...

PT-2026-37223

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A buffer overflow exists in the CGI Handler component within the /user group.asp file. This issue occurs in the sprintf function and can be triggered remotely through manipulation. Recommendations ...

PT-2026-37216

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A buffer overflow occurs in the HTTP Request Handler component when manipulating the Name argument. This issue is located within the tggl asp function of the '/tggl.asp' endpoint and can be trigger...

PT-2026-37222

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A flaw in the Web Management Interface component allows a remote attacker to cause a buffer overflow, which occurs when more data is written to a memory buffer than it can hold. This is achieved by...

PT-2026-37212

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A stack-based buffer overflow occurs in the sprintf function within the yyxz.asp file. This issue allows a remote attacker to trigger the overflow by manipulating the ID argument. Recommendations A...

PT-2026-37267

Name of the Vulnerable Software and Affected Versions ip-address versions prior to 10.1.1 Description The software fails to HTML-escape attacker-controlled content before embedding it in HTML strings. This occurs in the Address6.group and Address6.link functions, as well as within the...

GHSA-FC86-6RV6-2JPM

creationtimestamp| type| source ---|---|--- 2026-05-04 23:40:29+00:00| seen| https://gist.github.com/alon710/279687d56a2dbfb6a69dcdc1e458b314...

GHSA-96VC-WCXF-JJFF

creationtimestamp| type| source ---|---|--- 2026-05-04 23:31:29+00:00| seen| https://gist.github.com/limcheekin/b22dc88a260c8e395b6d84d05bd62a04...

CVE-2026-7780

creationtimestamp| type| source ---|---|--- 2026-05-04 23:16:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml2sjl3hup2h...

CVE-2026-42220

creationtimestamp| type| source ---|---|--- 2026-05-04 23:01:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml2ropkdtu2p 2026-05-05 21:10:29+00:00| seen| https://gist.github.com/alon710/26efd138450d4334005446be8418f3bc...

CVE-2026-42238

creationtimestamp| type| source ---|---|--- 2026-05-04 22:48:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml2qxefyhg2p 2026-05-05 00:00:41+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3ml2uyhgrmv2p 2026-05-05 00:00:42+00:00| seen|...

CVE-2026-43964

creationtimestamp| type| source ---|---|--- 2026-05-04 22:42:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml2qlyqxfh2k 2026-06-07 07:14:40+00:00| seen| https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mnommkdye732...

CVE-2026-41927

creationtimestamp| type| source ---|---|--- 2026-05-04 22:39:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml2qh4cjwc2v...

CVE-2026-34882

creationtimestamp| type| source ---|---|--- 2026-05-04 22:31:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml2pyphieb2p...

CVE-2026-42235

creationtimestamp| type| source ---|---|--- 2026-05-04 21:11:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml2lkclquk2r...

CVE-2026-7554

A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitatio...

CVE-2026-7209

The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's qcopd-directory shortcode in all versions up to, and including, 8.9.2. This is due to insufficient input sanitization and output escaping on user supplied attributes such as titlefontsize...

GHSA-2HH7-C75G-QJ2R OpenClaw validates Zalo outbound photo URLs through the SSRF guard

Summary Zalo outbound photo URLs are validated through the SSRF guard. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact The Zalo plugin could forward an attacker-controlled outbound photo URL to the Zalo Bot API without first...

CVE-2026-5161

Improper link resolution before file access 'link following' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before 1.2.2...