EUVD-2026-32893

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2026-45245

Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

CVE-2026-7961

CVE-2026-7961 corresponds to a vulnerability in Google Chrome prior to 148.0.7778.96. The connected documents describe insufficient validation of untrusted input in Permissions, enabling an attacker on a local network segment to leak cross-origin data via malicious network traffic. The issue is d...

OpenClaw 访问控制错误漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.2 contained a access control vulnerability, which stemmed from improper access control in the iOS A2UI bridge. This vulnerability could allow attackers to inject unauthorized...

CVE-2026-35409

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.0, a Server-Side Request Forgery SSRF protection bypass has been identified and fixed in Directus. The IP address validation mechanism used to block requests to local and private networks could be...

CVE-2026-35409

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.0, a Server-Side Request Forgery SSRF protection bypass has been identified and fixed in Directus. The IP address validation mechanism used to block requests to local and private networks could be...

Cisco IOS XE Software 资源管理错误漏洞

Cisco IOS XE Software is a network operating system developed by the American company Cisco. There is a resource management vulnerability in Cisco IOS XE Software, which stems from improper handling of BOOTP packets. This vulnerability may lead to BOOTP packets being forwarded between VLANs,...

CVE-2025-15515

The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage...

CVE-2025-15515

The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage...

Media Streaming add-on 缓冲区错误漏洞

The Media Streaming add-on is a supplementary component for media streaming. The Media Streaming add-on has a buffer error vulnerability, which stems from out-of-bounds reading. This vulnerability could allow attackers to obtain sensitive data after gaining access to the local network...

CVE-2026-22245 Mastodon has SSRF Protection bypass

Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses unless specified in ALLOWEDPRIVATEADDRESSES to...

DEBIAN-CVE-2025-59529

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although CLIENTSMAX ...

CVE-2025-11538

Keycloak is affected by CVE-2025-11538 in versions prior to 26.4.4 where enabling debug mode (--debug) binds the JDWP port to all interfaces (0.0.0.0), exposing the debug port on the local network. This potentially allows a local-network attacker to attach a remote debugger and achieve remote cod...

PT-2025-45371

D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to execute arbitrary commands on the device with root privileges. The flaw specifically exists within...

EUVD-2022-1153

Malicious code in bioql PyPI...

The vulnerability of the avahi_alternative_host_name() function in the Avahi service discovery system allows a attacker to cause a service failure.

The vulnerability of the avahialternativehostname function in the Avahi service discovery system in local networks is related to the lack of use of the assert function. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2024-56433

shadow-utils aka shadow 4.4 through 4.17.0 establishes a default /etc/subuid behavior e.g., uid 100000 through 165535 for the first user account that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by...

CVE-2024-56433

shadow-utils aka shadow 4.4 through 4.17.0 establishes a default /etc/subuid behavior e.g., uid 100000 through 165535 for the first user account that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by...

NetBIOS Response Brute Force Spoof

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NetBIOS Response Brute Force Spoof Direct', 'Description' = %q This module continuously spams NetBIOS responses to a target for given hostname,...

0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices

Cybersecurity researchers have discovered a new "0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks. The critical vulnerability "exposes a fundamental flaw in how browsers handle network requests, potentially granting malicious...