Gradio - Server-Side Request Forgery

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP...

CVE-2026-12223

A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function modwebd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack need...

CVE-2026-12218

A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local...

CVE-2026-12218 Yealink SIP-T46U Web FastCGI Service beforewifitest StartReportInformation stack-based overflow

A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local...

EUVD-2026-35463

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

CVE-2026-0413 Buffer overflow vulnerability in certain NETGEAR Nighthawk routers

A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

CVE-2026-0417 Insufficient input validation in certain NETGEAR routers

Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity...

NETGEAR Routers 缓冲区错误漏洞

NETGEAR Routers are a series of routers produced by NETGEAR, a company in the United States. NETGEAR Routers have a buffer error vulnerability; this vulnerability arises from unauthorized local network users sending specially crafted requests, which may cause the router to become unavailable. The...

NETGEAR多款产品 输入验证错误漏洞

NETGEAR RAX120 and other wireless routers are products of NETGEAR Corporation. Several NETGEAR products have a vulnerability related to input validation errors. This vulnerability stems from insufficient authentication and input validation, which may allow users with local network access to execu...

Allocation of Resources Without Limits or Throttling

Overview zeroconf is a Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the DNSIncoming.logexceptiondebug function and the exception-deduplication, which stores...

CVE-2026-9818

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2026-44830

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when APITOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS alloworigins="",...

CVE-2026-9395 Besen BS20 EV Charging Station BLE/UDP insufficiently protected credentials

A vulnerability was identified in Besen BS20 EV Charging Station up to 20260426. Affected is an unknown function of the component BLE/UDP. The manipulation leads to insufficiently protected credentials. The attack needs to be initiated within the local network. The original disclosure mentions,...

CVE-2026-41125

A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M10 All versions, blueplanet 125 TL3 All versions, blueplanet...

UGREEN CM933 授权问题漏洞

The UGREEN CM933 is a USB hub device from the Chinese company UGREEN, which provides multi-port expansion and data transmission capabilities. Version 1.1.59.4319 of the UGREEN CM933 has an authorization issue vulnerability. This vulnerability stems from unknown functions in the management interfa...

GHSA-JV4P-MHMP-69VW Langchain-Chatchat Uses Insufficiently Random Values

A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function getfileid of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently rando...

GHSA-X229-W2J4-H748 Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API

A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument file.filename leads to...

CVE-2026-7847

A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function getfileid of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently rando...

CVE-2026-7847

A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function getfileid of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently rando...

CVE-2026-7847

CVE-2026-7847 affects chatchat-space Langchain-Chatchat up to v0.3.1.3. The vulnerability is in the function _get_file_id within libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the Uploaded File Handler. Manipulation leads to insufficiently random values, with local-network ac...