GHSA-42XW-2XVC-QX8M

creationtimestamp| type| source ---|---|--- 2026-04-09 09:46:45+00:00| seen| https://gist.github.com/podhmo/d72566411eddd2d13a2e11b9b06e9d7c...

CVE-2026-5854

creationtimestamp| type| source ---|---|--- 2026-04-09 07:39:20+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mj2cinfgnd2j 2026-04-09 08:17:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj2emvj2ql2z 2026-04-09 09:15:57+00:00| published-proof-of-concept|...

CVE-2026-5853

creationtimestamp| type| source ---|---|--- 2026-04-09 07:39:12+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mj2cifymxh2s 2026-04-09 08:22:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj2evtxrk32i 2026-04-09 09:15:57+00:00| published-proof-of-concept|...

CVE-2026-5844

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been...

CVE-2026-5844

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been...

CVE-2026-5844 D-Link DIR-882 HNAP1 SetNetworkSettings prog.cgi sprintf os command injection

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been...

CVE-2026-5844

The CVE-2026-5844 entry describes a vulnerability in D-Link DIR-882 (firmware 1.01B02) affecting the HNAP1 SetNetworkSettings handler, specifically the prog.cgi function sprintf. Manipulating the IPAddress argument triggers an OS command injection, with remote exploitation possible. Public exploi...

CVE-2026-5844 D-Link DIR-882 HNAP1 SetNetworkSettings prog.cgi sprintf os command injection

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been...

CVE-2026-5836

creationtimestamp| type| source ---|---|--- 2026-04-09 04:34:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mizy624wpt2s...

CVE-2026-5837

creationtimestamp| type| source ---|---|--- 2026-04-09 04:24:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mizxm573fh2o 2026-04-09 05:15:27+00:00| published-proof-of-concept| Telegram/qm3ZDWS3OwUpmw9ncg5iRXx1aqT9bGCn0-RoRVSAPQoeyYE...

CVE-2026-34185

creationtimestamp| type| source ---|---|--- 2026-04-09 03:55:00+00:00| seen| https://cert.pl/en/posts/2026/04/CVE-2026-4901/ 2026-04-09 10:42:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj2mqgrzzd22 2026-04-09 11:16:38+00:00| seen|...

EUVD-2026-20809

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgimain of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only...

EUVD-2026-20757

A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction...

EUVD-2026-20769

parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file paths are passed unsanitized into an os.popen shell command, allowing arbitrary command execution via crafted .lnk filenames containing shell metacharacters. An attacker can craft a .lnk filename wi...

CVE-2026-25462

creationtimestamp| type| source ---|---|--- 2026-04-09 00:30:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mizkj6bdel2o...

CVE-2026-5815

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgimain of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only...

CVE-2026-5173

creationtimestamp| type| source ---|---|--- 2026-04-09 00:07:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mizja35rgk2t 2026-04-09 01:28:16+00:00| published-proof-of-concept| Telegram/XRvc7f-x7KgmkvO7GcbaizI94C7ZhNHc5jsbe-dfAO5iAWk 2026-04-09 04:36:02+00:00| seen|...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.22 contained security vulnerabilities. These vulnerabilities were caused by symbolic link traversal issues in the agents.create and agents.update handlers, which could lead to...

D-Link DIR-605L 安全漏洞

The D-Link DIR-605L is a wireless router produced by D-Link Corporation. The D-Link DIR-605L version 2.13B01 has a security vulnerability. This vulnerability stems from the operation of the curTime parameter in the formSetDDNS function of the POST Request Handler component, which may lead to a...

PT-2026-31814

Name of the Vulnerable Software and Affected Versions D-Link DIR-605L version 2.13B01 Description A buffer overflow issue exists in the POST Request Handler component of D-Link DIR-605L version 2.13B01. The issue is located in the formSetDDNS function within the /goform/formSetDDNS file...