CVE-2026-9078

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

CVE-2026-9460

A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of the file /goform/formAccept. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made...

CVE-2026-9078 Firefox iOS RTL Domain Rendering Issue in Link Preview

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

CVE-2026-9078 Firefox iOS RTL Domain Rendering Issue in Link Preview

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

CVE-2026-9078

Firefox for iOS suffers a rendering issue in link-preview UI where specially crafted RTL and internationalized domain names could cause the displayed domain to visually reorder, making attacker-controlled sites appear as trusted origins. The vulnerability affects the RTL/IDN rendering surface wit...

EUVD-2026-31693

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

CVE-2026-9078

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

CVE-2026-9078

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

CVE-2026-47102

creationtimestamp| type| source ---|---|--- 2026-05-25 14:00:04+00:00| seen| https://t.me/GithubRedTeam/85833 2026-05-25 15:00:12+00:00| seen| Telegram/X1SzwuqpRNev2GcuASsATzQD-1aeqEPKRVacdyAUElWlBI 2026-05-25 21:00:04+00:00| seen| Telegram/DE8V0W55Lks0xFUNDp9UGyNB0T-CRSwfpeIrdYc5V2Tnj4...

PYSEC-2026-161

creationtimestamp| type| source ---|---|--- 2026-05-25 10:59:12+00:00| seen| https://gist.github.com/konard/e42a66222e8be69e82eda8e4c8a6c943 2026-05-25 13:07:35+00:00| seen| https://gist.github.com/konard/1df63152a8fa23d9ee65875a3fd172e2 2026-05-28 19:29:34+00:00| seen|...

CVE-2026-33079

A flaw was found in Mistune, a Markdown parser. This vulnerability, known as Regular Expression Denial of Service ReDoS, exists in the LINKTITLERE regular expression. A remote attacker can exploit this by providing specially crafted Markdown input, which causes the regular expression engine to...

tplink-priv-zero

TP-Link TL-WR841N v14 — Authenticated OS Command Injection RC...

CVE-2026-9404

creationtimestamp| type| source ---|---|--- 2026-05-25 06:00:28+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mmnsg7hw3k2f 2026-05-25 06:00:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/116633686859071234...

CVE-2026-45758

creationtimestamp| type| source ---|---|--- 2026-05-25 03:51:09+00:00| seen| https://bsky.app/profile/skuebeck.graz.social.ap.brid.gy/post/3mmnl6set7sc2 2026-06-05 20:40:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnkypx7yrf2l 2026-06-05 21:00:21+00:00| seen|...

MAL-2026-4473 Malicious code in @zizie071/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e6d5096096e7e958916c5449a7480949135e6af5cd9acd4e1b1edab8c331163 On require, index.js schedules install.js which locates the installer's @whiskeysockets/baileys package on disk and overwrites lib/Socket/newsletter....

Mozilla Firefox for iOS 安全漏洞

Mozilla Firefox for iOS is a web browser designed for iOS devices by the US-based Mozilla Foundation. A security vulnerability exists in Mozilla Firefox for iOS prior to version 151.1, which stems from the incorrect display of specially crafted right-to-left domain names and internationalized...

PT-2026-43074

Name of the Vulnerable Software and Affected Versions Firefox for iOS versions prior to 151.1 Description Firefox for iOS incorrectly displayed specially crafted right-to-left RTL and internationalized domain names IDNs within link preview UI surfaces. A crafted RTL hostname could visually reorde...

D-Link NAS - Command Injection via Group Parameter

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgiuseradd of the file /cgi-bin/accountmgr.cgi?cmd=cgiuseradd. The manipulation of the argument group leads to os command injection. i...

CVE-2026-9360

creationtimestamp| type| source ---|---|--- 2026-05-24 09:00:28+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mmllz5x2pp2m...

ROS-20260524-73-0044

A vulnerability in the Jenkins Automation Server is related to incorrect symbolic link detection prior to file access during .tar and .tar.gz archive extraction. Exploitation of the vulnerability could allow an attacker acting remotely to write arbitrary files...