CVE-2026-5980 D-Link DIR-605L POST Request formSetMACFilter buffer overflow

A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remotely. The exploit...

CVE-2026-5980 D-Link DIR-605L POST Request formSetMACFilter buffer overflow

A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remotely. The exploit...

CVE-2023-54360 Joomla JLex Review 6.0.1 Reflected XSS via review_id Parameter

Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the reviewid URL parameter. Attackers can craft malicious links containing JavaScript payloads that execute in victims' browsers when clicked, enablin...

CVE-2026-5979 D-Link DIR-605L POST Request formVirtualServ buffer overflow

A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can be launched...

CVE-2026-5979

A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can be launched...

CVE-2026-5979

D-Link DIR-605L, firmware 2.13B01, has a vulnerability in the POST Request Handler’s function formVirtualServ. The bug arises from manipulating the curTime argument, causing a buffer overflow. This enables a remote attack, with the exploit publicly available, and affects devices no longer support...

CVE-2026-39961

creationtimestamp| type| source ---|---|--- 2026-04-09 20:10:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj3mhw5dms2o...

CVE-2026-39856

creationtimestamp| type| source ---|---|--- 2026-04-09 19:53:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj3ljwyqoc2j...

CVE-2026-39958

creationtimestamp| type| source ---|---|--- 2026-04-09 19:48:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj3layj6fg2g 2026-04-13 21:22:24+00:00| seen| Telegram/T6lH2Tb9WgoQSprZe9qAhfyNPVN15xjvjGP6Y4-bIX71SI...

CVE-2026-39985

creationtimestamp| type| source ---|---|--- 2026-04-09 19:34:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj3khfxxzc2z...

CVE-2026-25398

creationtimestamp| type| source ---|---|--- 2026-04-09 19:30:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mj3k7n5s2n2c...

CVE-2026-40077

Summary: CVE-2026-40077 describes an IDOR in Beszel’s hub API endpoints that read a system ID from URL parameters. Prior to version 0.18.7, an authenticated user could access routes for any system if they knew the system ID, with system IDs being 15-character alphanumeric tokens and container IDs...

CVE-2026-39670

Server-Side Request Forgery SSRF vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through = 2.3.0...

CVE-2026-35578

ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel' button on the page. For...

CVE-2026-5962

creationtimestamp| type| source ---|---|--- 2026-04-09 19:22:59+00:00| published-proof-of-concept| Telegram/k5gHuzl44UiSjs6WvJKw2ZASZi-uE6KFE3zi6HenZzrhwHY 2026-04-09 20:17:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj3mumbkgo27...

CVE-2026-39912

V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the loginwithmaillinkenable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receiv...

CVE-2026-40190

creationtimestamp| type| source ---|---|--- 2026-04-09 18:42:43+00:00| published-proof-of-concept| https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-fw9q-39r9-c252 2026-04-10 22:10:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj6dnzceml2x...

CVE-2026-39912

The CVE-2026-39912 entry describes a token exposure in the loginWithMailLink flow affecting V2Board (1.6.1–1.7.4) and Xboard (up to 0.1.9). When login_with_mail_link_enable is active, the HTTP response body reveals the full authentication URL, allowing an unauthenticated attacker to POST to login...

CVE-2026-39912 v2board / Xboard Authentication Token Exposure via loginWithMailLink

V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the loginwithmaillinkenable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receiv...

Exploit for CVE-2026-39912

CVE-2026-39912 - Xboard / V2Board Unauth Account Takeover M...