CVE-2026-32616

Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $SERVER'HTTPHOST' without validation to construct email verification URLs in the register and resendmail flows. An attacker can manipulate the Host header in the HTTP request, causing the verification lin...

CVE-2018-25219

creationtimestamp| type| source ---|---|--- 2026-03-26 15:01:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhxuot65ky24...

CVE-2026-33680

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.2, the LinkSharing.ReadAll method allows link share authenticated users to list all link shares for a project, including their secret hashes. While LinkSharing.CanRead correctly blocks link share users from readi...

CVE-2026-24018

A UNIX symbolic link Symlink following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root...

CVE-2026-2890

The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler handleonetimestripelinkreturnurl marking payment records as complete based solely on the Stripe PaymentIntent status...

CVE-2026-2513

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session...

CVE-2026-4188

A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack may be initiated remotely...

CVE-2026-4184

A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a manipulation of the argument pskValue results in stack-based buffer overflow. The attack is possib...

CVE-2026-4555

A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overflow. The attack can be initiated remotely. The...

CVE-2026-4212

A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects the function...

CVE-2026-4627

A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handlerupdatesystemtime of the file libdeuteronmodules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only...

CVE-2026-4214

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...

CVE-2026-4529

A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirectcountdownpage of the component SOAP Handler. Such manipulation leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. This...

CVE-2026-4227

A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub44D844 of the file /goform/gethidessidcfg. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be...

CVE-2026-4255

A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows 64-bit allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library DLL dependencies using the default Windows search order, which includes directories...

CVE-2026-4211

A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this issue is the functio...

CVE-2026-4183

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer overflow. The attack can be executed remotely. The...

CVE-2026-4226

A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub44E8D0 of the file /goform/getvirtualcfg. Executing a manipulation can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public...

CVE-2026-4181

A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-based buffer overflow. The attack may be launched...

CVE-2026-22322

A stored cross‑site scripting XSS vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’...