CVE-2026-10123

TRENDnet TEW-432BRP 3.10B20 is affected by CVE-2026-10123 in the formSetDomainFilter handler (/goform/formSetDomainFilter). The issue is a stack-based buffer overflow triggered by manipulating arguments such as blocked_domain, permitted_domain, blocked_domain_list, or permitted_domain_list, with ...

CVE-2026-9604 JeecgBoot AiragModelController access control

A vulnerability was detected in JeecgBoot up to 3.9.1. This vulnerability affects unknown code of the component AiragModelController. The manipulation of the argument list/queryById results in improper access controls. The attack can be executed remotely. The exploit is now public and may be used...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: The code correctly moves the list within scdisable. Commit 13bac861952a “IB/hfi1: Fix the abba locking issue with scdisable”. However, the code incorrectly attempts to move a list from one list head to another. This...

CVE-2026-7305 Xuxueli xxl-job trigger Endpoint XxlJobServiceImpl.java triggerJob server-side request forgery

A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the component trigger Endpoint. This manipulation of the argument addressList causes...

CVE-2026-40149 PraisonAI has an Unauthenticated Allow-List Manipulation Bypasses Agent Tool Approval Safety Controls

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unauthenticated modification of the tool approval allowlist when no authtoken is configured the default. By adding dangerous tool names e.g., shellexec, filewrite to the allowlist, a...

CVE-2026-2000

A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function applyconfig of the file /function/system/basic/bridgecfg.php of the component Web Management Backend. Performing a manipulation of the argument iplist results in command injection. The attack is possible to be...

CVE-2018-14085

An issue was discovered in a smart contract implementation for UserWallet 0x0a7bca9FB7AfF26c6ED8029BB6f0F5D291587c42, an Ethereum token. First, suppose that the owner adds the evil contract address to his sweepers. The evil contract looks like this: contract Exploit uint public start; function...

Tenda AC23 安全漏洞

Tenda AC23 is a dual-band gigabit wireless router from Tenda China. A security vulnerability exists in Tenda AC23 version 16.03.07.52, which stems from an incorrect manipulation of the parameter list and could result in a buffer overflow...

CVE-2023-54032

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when deleting quota root from the dirty cow roots list When disabling quotas we are deleting the quota root from the list fsinfo-dirtycowonlyroots without taking the lock that protects it, which is struct...

CVE-2025-13445

A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing a manipulation of the argument list can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used...

EUVD-2022-43073

Malicious code in bioql PyPI...

EUVD-2025-31453

Malicious code in bioql PyPI...

EUVD-2025-25186

Malicious code in bioql PyPI...

PT-2025-38059

Name of the Vulnerable Software and Affected Versions: Element Web versions prior to 1.11.112 Element Desktop versions prior to 1.11.112 Description: Element Web and Element Desktop are susceptible to a room list manipulation issue due to insufficient validation of room predecessor links. A remot...

CVE-2025-7544

A vulnerability was found in Tenda AC1206 15.03.06.23. It has been rated as critical. This issue affects the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. Th...

CVE-2025-5607

A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been...

CVE-2024-50273

In the Linux kernel, the following vulnerability has been resolved: btrfs: reinitialize delayed ref list after deleting it from the list At insertdelayedref if we need to update the action of an existing ref to BTRFSDROPDELAYEDREF, we delete the ref from its ref head's refaddlist using listdel,...

CVE-2024-40925

In the Linux kernel, the following vulnerability has been resolved: block: fix request.queuelist usage in flush Friedrich Weber reported a kernel crash problem and bisected to commit 81ada09cc25e "blk-flush: reuse rq queuelist in flush state machine". The root cause is that we use...

CVE-2024-39503 netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type Lion Ackermann reported that there is a race condition between namespace cleanup in ipset and the garbage collection of the list:set type. The...

UBUNTU-CVE-2024-27005

In the Linux kernel, the following vulnerability has been resolved: interconnect: Don't access reqlist while it's being manipulated The icclock mutex was split into separate icclock and iccbwlock mutexes in 1 to avoid lockdep splats. However, this didn't adequately protect access to...