CVE-2026-7183 aligungr UERANSIM Radio Link Simulation Layer rls_pdu.cpp DecodeRlsMessage uncaught exception

A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rlspdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may be...

CVE-2025-15635

creationtimestamp| type| source ---|---|--- 2026-04-27 21:32:05+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mkizgd36qt2h...

Malicious code in mypypipkg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a94a9bbd6a292f754fedd6ae737eaf5259925cf382a610c9d63e9d210a3f3677 When running as a module, the package starts a VSCode tunnel and exfiltrates the connection link to the hardcoded target. This lets the attacker connect the...

MAL-2026-3105 Malicious code in mypypipkg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a94a9bbd6a292f754fedd6ae737eaf5259925cf382a610c9d63e9d210a3f3677 When running as a module, the package starts a VSCode tunnel and exfiltrates the connection link to the hardcoded target. This lets the attacker connect the...

CVE-2026-7158

A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...

CVE-2026-31666

creationtimestamp| type| source ---|---|--- 2026-04-27 20:00:24+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mkiucd2w242g 2026-05-31 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/suse-linux-kernel-multiple-vulnerabilities20260601...

CVE-2026-7026

A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects some unknown processing of the component System Information Settings Page. This manipulation of the argument System Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-30346

An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL...

CVE-2026-7025

A vulnerability was found in Typecho up to 1.3.0. This vulnerability affects the function Service::sendPingHandle of the file var/Widget/Service.php of the component Ping Back Service Endpoint. The manipulation of the argument X-Pingback/link results in server-side request forgery. The attack may...

CVE-2026-42611

creationtimestamp| type| source ---|---|--- 2026-04-27 12:18:35+00:00| published-proof-of-concept| https://github.com/getgrav/grav/security/advisories/GHSA-w8cg-7jcj-4vv2 2026-05-11 16:59:35+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mllqp7tblb2e...

CVE-2026-42607

creationtimestamp| type| source ---|---|--- 2026-04-27 12:14:32+00:00| published-proof-of-concept| https://github.com/getgrav/grav/security/advisories/GHSA-w48r-jppp-rcfw 2026-05-11 17:04:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mllqxvaxcy26...

CVE-2026-7099

A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument mitlinktype results in buffer overflow. The attack may be initiated remotely. The exploit is now...

EUVD-2026-25799

A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument mitlinktype results in buffer overflow. The attack may be initiated remotely. The exploit is now...

CVE-2026-7075

creationtimestamp| type| source ---|---|--- 2026-04-27 05:48:46+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mkhepjxamw27...

CVE-2026-7074

creationtimestamp| type| source ---|---|--- 2026-04-27 05:47:56+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mkhenzedky2v...

CVE-2026-7084

A vulnerability was found in HBAI-Ltd Toonflow-app up to 1.1.1. This affects the function fetch of the file src/routes/setting/vendorConfig/getCodeByLink.ts of the component getCodeByLink Endpoint. The manipulation of the argument Link results in server-side request forgery. The attack may be...

CVE-2026-7068

A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBDprocess of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack can only be initiated within the local network. The exploit is publicly available and might be used...

CVE-2026-7067

A vulnerability was determined in D-Link DIR-822 A101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been...

CVE-2026-7069

A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer overflow. The attack needs to be approached within...

EUVD-2026-25744

A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer overflow. The attack needs to be approached within...