CVE-2026-32496

creationtimestamp| type| source ---|---|--- 2026-04-08 07:30:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mixrjalkz22h...

CVE-2026-3600

creationtimestamp| type| source ---|---|--- 2026-04-08 07:27:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mixreahevc2z...

CVE-2026-32527

creationtimestamp| type| source ---|---|--- 2026-04-08 05:30:08+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mixkspkerd2b...

CVE-2026-5726

creationtimestamp| type| source ---|---|--- 2026-04-08 04:23:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mixh3yunvl2p 2026-04-08 05:15:09+00:00| seen| Telegram/YYhJcFFLvqGqVRgyASu1q9Oze84gvZKQFNjoLIhh4vbEE 2026-04-16 10:00:00+00:00| seen|...

CVE-2026-27144

creationtimestamp| type| source ---|---|--- 2026-04-08 04:18:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mixgtgp6sn25 2026-04-13 21:22:02+00:00| seen| Telegram/LHQfgYAbtuG7CogYZyWoKm7-py5GuHojGsIqn2GfOFcZFnQ 2026-05-07 18:20:11+00:00| seen|...

CVE-2026-28261

creationtimestamp| type| source ---|---|--- 2026-04-08 04:16:41+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-28261 2026-04-08 15:02:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miykrrqyr42i 2026-04-08 15:16:22+00:00| seen|...

CVE-2026-34781

creationtimestamp| type| source ---|---|--- 2026-04-08 00:19:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miwzhg2zt42i...

GHSA-RFGH-63MG-8PWM pyload-ng has a WebUI JSON permission mismatch that lets ADD/DELETE users invoke MODIFY-only actions

Summary Several WebUI JSON endpoints enforce weaker permissions than the core API methods they invoke. This allows authenticated low-privileged users to execute MODIFY operations that should be denied by pyLoad's own permission model. Confirmed mismatches: - ADD user can reorder packages/files...

CVE-2026-39935

creationtimestamp| type| source ---|---|--- 2026-04-08 00:17:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miwzdl4ks62z...

CVE-2026-4656

creationtimestamp| type| source ---|---|--- 2026-04-08 00:10:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miwywfzpgf22...

EUVD-2026-19879

WWBN AVideo has Stored XSS via Malicious EPG XML Program Titles in AVideo EPG Page...

GHSA-RQP3-GF5H-MRQX WWBN AVideo has Stored XSS via Malicious EPG XML Program Titles in AVideo EPG Page

Summary AVideo's EPG Electronic Program Guide feature parses XML from user-controlled URLs and renders programme titles directly into HTML without any sanitization or escaping. A user with upload permission can set a video's epglink to a malicious XML file whose elements contain JavaScript. This...

CVE-2025-50649

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper input validation in the vlanname parameter in the /shutset.asp endpoint...

CVE-2025-50659

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the customerror parameter in the /user.asp endpoint...

CVE-2025-50647

Consolidated details from connected sources confirm a buffer overflow affecting D-Link DI-8003 routers running 16.07.26A1, caused by improper handling of the wans parameter in the qos.asp endpoint. The issue, traced to boundary/input validation in qos.asp, enables an overflow that leads to a deni...

CVE-2025-50663

CVE-2025-50663 describes a buffer overflow in the D-Link DI-8003 (firmware 16.07.26A1) caused by improper handling of the name parameter in the /usb_paswd.asp endpoint. CVSSv3.1 metrics indicate a network-based, low-attack-complexity, no-prives-cons required, with a high impact on availability an...

CVE-2025-50645

CVE-2025-50645 affects the D-Link DI-8003 (16.07.26A1). The vulnerability arises from improper validation of the s parameter in the pppoe_list_opt.asp endpoint, allowing a crafted request with an oversized s value to trigger a buffer overflow. Connected sources (CNVD-2026-17623, RH:CVE-2025-50645...

CVE-2025-50650

CVE-2025-50650 affects D-Link DI-8003 (firmware 16.07.26A1). A buffer overflow arises from inadequate validation of input size in the routes_static parameter of /router.asp. Documented as causing denial of service (availability impact) with high severity (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N...

CVE-2025-50655

CVE-2025-50655 affects the D-Link DI-8003 router (firmware 16.07.26A1). It is caused by improper handling/boundary checking of the name parameter in the /thd_group.asp endpoint, leading to a buffer overflow. CNVD notes it can be exploited to cause a denial of service; NVD/Red Hat ENISA references...

CVE-2025-50652

The CVE-2025-50652 entry concerns the D-Link DI-8003 (16.07.26A1) and an improper handling of the id parameter in the /saveparm_usb.asp endpoint. Connected sources (CNVD-2026-17630) describe a buffer overflow that can be exploited to cause a denial of service. Other feeds corroborate the same des...