CVE-2026-30816

The CVE-2026-30816 entry details an external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0. An authenticated adjacent attacker can read arbitrary files when a malicious configuration file is processed, potentially leading to unauthorized access to sensitive dat...

CVE-2026-30815 OS Command Injection Vulnerability in OpenVPN Module in TP-Link AX53

An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow modificatio...

CVE-2026-30815 OS Command Injection Vulnerability in OpenVPN Module in TP-Link AX53

An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow modificatio...

CVE-2026-30815

CVE-2026-30815 describes an OS command injection in the OpenVPN module of the TP-Link Archer AX53 (v1.0). The issue arises from insufficient input validation, allowing an authenticated adjacent attacker to run system commands when a specially crafted configuration file is processed, potentially m...

CVE-2026-30814 Buffer Overflow Vulnerability in TP-Link AX53

A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow...

CVE-2026-30814

Affects TP-Link Archer AX53 v1.0. The vulnerability is a stack-based buffer overflow in the tmpServer module, allowing an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a crafted configuration file. Exploitation may crash the device and ...

UNIX Symbolic Link (Symlink) Following

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following through the include, render, and layout directories, when symlinks are placed within a trusted...

CVE-2026-1865

creationtimestamp| type| source ---|---|--- 2026-04-08 14:37:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miyjg536k62t...

CVE-2026-2481

creationtimestamp| type| source ---|---|--- 2026-04-08 14:26:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miyiqzj6ql2o 2026-05-08 04:33:08+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mlcvmdhyas2s...

CVE-2026-35023

creationtimestamp| type| source ---|---|--- 2026-04-08 14:24:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miyinnt2sx2i...

CVE-2026-31411

creationtimestamp| type| source ---|---|--- 2026-04-08 14:19:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miyieo23c52i 2026-05-05 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/debian-linux-kernel-multiple-vulnerabilities20260506 2026-05-31 20:00:00+00:00| seen...

Russian hacking group targets home and small office routers to spy on users

British security officials found that a group linked to the Russian military is spying on users of compromised Small Office/Home Office SOHO routers in a broad cyber espionage campaign. A Microsoft blog goes into the technical details of these attacks. The group, which we’ll refer to as APT28, bu...

CVE-2026-0234

creationtimestamp| type| source ---|---|--- 2026-04-08 13:04:52+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/palo-alto-networks-security-advisory-av26-331 2026-04-08 19:03:24+00:00| seen| https://bsky.app/profile/ripjyr.bsky.social/post/3miyyawy7w22n 2026-04-09 17:14:19+00:00| seen|...

CVE-2025-44560

creationtimestamp| type| source ---|---|--- 2026-04-08 11:57:38+00:00| seen| https://gist.github.com/wenwenyuyu/517851c3fe38c4f97b2d1940597da2d3...

CVE-2026-32530

creationtimestamp| type| source ---|---|--- 2026-04-08 10:30:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3miy3l5c73m2y...

CVE-2026-39712

creationtimestamp| type| source ---|---|--- 2026-04-08 10:08:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miy2fcnj2y25...

CVE-2026-39711

creationtimestamp| type| source ---|---|--- 2026-04-08 10:03:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miy24cy3n42i...

CVE-2026-39713

creationtimestamp| type| source ---|---|--- 2026-04-08 10:02:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mixzzmsihu2i...

EUVD-2026-20427

Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyTrack Affiliate Link Manager: from n/a through = 1.5.5...

EUVD-2026-20346

Server-Side Request Forgery SSRF vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through = 2.3.0...