PT-2026-34642

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

PT-2026-34676

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31167

CVE-2026-31167 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. The issue is arbitrary commands execution via the mode parameter to /cgi-bin/cstecgi.cgi. Reported CVSS 3.1 base score 6.5 (Network, low complexity, no privileges required, user interaction not required). The connected sourc...

📄 SocialEngine 7.8.0 Server-Side Request Forgery

SocialEngine versions 7.8.0 and below suffer from a blind server-side request forgery vulnerability. User input passed through the uri request parameter to the /core/link/preview endpoint is not properly sanitized before being used as URL to send an HTTP request from the web server...

PT-2026-34674

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the stun-user parameter to /cgi-bin/cstecgi.cgi...

TP-Link TL-WR841N 安全漏洞

The TP-Link TL-WR841N is a router produced by the TP-Link company. The TP-Link TL-WR841N v13 version has a security vulnerability. This vulnerability stems from the use of DES-CBC encryption in the TDDPv2 debugging protocol, where the key is predictable. This could allow unauthorized attackers to...

PT-2026-34644

EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected...

i-PRO IP Setting Software 代码问题漏洞

i-PRO IP Setting Software is a management tool developed by the Japanese company i-PRO, designed for discovering devices and configuring network parameters in bulk. The i-PRO IP Setting Software has a code vulnerability related to the DLL search path. This vulnerability may lead to the insecure...

PT-2026-34665

SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is not sanitized before being used to construct outbound HTTP requests. Authenticated remote attackers...

CVE-2026-40517

creationtimestamp| type| source ---|---|--- 2026-04-22 23:00:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk4m25iv7s2q 2026-04-22 23:20:48+00:00| seen| Telegram/bXcnMEVg4MqmghIUy-Ivhp7SDQD9oC-u5oUbMXpQMRT1SlU 2026-04-23 02:00:56+00:00| seen|...

CVE-2026-41455

creationtimestamp| type| source ---|---|--- 2026-04-22 23:00:37+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk4lzwf43q2w 2026-04-22 23:21:08+00:00| seen| Telegram/oyZMMan-s6Tiqp0E7GyRtqQJ5Rv8-WlZqCZQGxoSrT1vjc4...

CVE-2026-41040

creationtimestamp| type| source ---|---|--- 2026-04-22 23:00:00+00:00| seen| https://jvn.jp/en/jp/JVN46728373 2026-04-23 07:27:03+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mk5idlknuu2o 2026-04-23 09:15:24+00:00| seen| Telegram/urlzpjryvSvXWqyPhDF692tLL2bCxG68Jn-4GeiaVe6Gc8...

CVE-2009-1285

creationtimestamp| type| source ---|---|--- 2026-04-22 21:02:31+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mk4fgsuhew2t...

CVE-2026-34488

creationtimestamp| type| source ---|---|--- 2026-04-22 20:00:15+00:00| seen| https://jvn.jp/en/jp/JVN42090270 2026-04-23 07:26:16+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mk5ic6i6sy27 2026-04-23 09:15:24+00:00| seen| Telegram/urlzpjryvSvXWqyPhDF692tLL2bCxG68Jn-4GeiaVe6Gc8...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the POST /api/lunchflow/link endpoint, which insufficiently validates user-supplied URLs and fails to restrict access to internal or sensitive network addresses. An attacker can cause the server to...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the POST /api/lunchflow/link endpoint, which insufficiently validates user-supplied URLs and fails to restrict access to internal or sensitive network addresses. An attacker can cause the server to...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the POST /api/lunchflow/link endpoint, which insufficiently validates user-supplied URLs and fails to restrict access to internal or sensitive network addresses. An attacker can cause the server to...

CVE-2026-6744

A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted...

CVE-2025-9611

creationtimestamp| type| source ---|---|--- 2026-04-22 18:52:48+00:00| seen| https://gist.github.com/zachsmith1/a3c31a2b8e89ae1c6c771034a97ffd67...

GHSA-4WRP-79M8-9M9P uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity between input and output files using their file paths before initiating the split operation. However, the utility subsequently...