CVE-2026-7069

A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer overflow. The attack needs to be approached within...

CVE-2026-41883

OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...

UBUNTU-CVE-2026-50259

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. XkbSetMapChecks declares a fixed-size stack buffer mapWidths256 indexed by key type index. The helper function CheckKeyTypes writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This...

Graphite-Web 数字错误漏洞

Graphite-Web is a highly scalable real-time plotting system developed by the Graphite Project. Versions of Graphite-Web prior to 1.3.15 contained a numerical error vulnerability. This vulnerability stemmed from integer underflow and out-of-bounds writes, as slotat did not ensure that the offset w...

X.Org X server和Xwayland 安全漏洞

X.Org X Server is an X Window system display server developed by the X.Org Foundation. Xwayland is an open-source communication protocol developed by Xwayland that defines the communication method between the display server and its clients. Both X.Org X Server and Xwayland have security...

Node.js Module axios < 0.32.0 / 1.x < 1.16.0 NO_PROXY Bypass (SSRF)

The version of the axios Node.js module installed on the remote host is prior to 0.32.0 or 1.x prior to 1.16.0. It is, therefore, affected by the following vulnerability: - shouldBypassProxy, introduced in v1.15.0 to fix CVE-2025-62718, does not normalise IPv4-mapped IPv6 addresses. When NOPROXY...

SUSE CVE-2026-46248

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: clear stale link mapping of ahvif-linksmap When an arvif is initialized in non-AP STA mode but MLO connection preparation fails before the arvif is created arvif-iscreated remains false, the error path attempts to...

CVE-2026-46248

A flaw was found in the Linux kernel's ath12k Wi-Fi driver. When an arvif Access Point Virtual Interface is initialized in non-AP STA mode and a Multi-Link Operation MLO connection fails before the arvif is fully created, a stale link mapping can persist. This can lead to a kernel warning WARNON...

CVE-2026-46268

In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Fix p2pmemallocmmap warning condition Commit b7e282378773 has already changed the initial page refcount of p2pdma page from one to zero, however, in p2pmemallocmmap it uses "VMWARNONONCEPAGE!pagerefcountpage" to asser...

CVE-2026-46248

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: clear stale link mapping of ahvif-linksmap When an arvif is initialized in non-AP STA mode but MLO connection preparation fails before the arvif is created arvif-iscreated remains false, the error path attempts to...

CVE-2026-36603

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN device to create arbitrary...

CVE-2026-46268 PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition

In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Fix p2pmemallocmmap warning condition Commit b7e282378773 has already changed the initial page refcount of p2pdma page from one to zero, however, in p2pmemallocmmap it uses "VMWARNONONCEPAGE!pagerefcountpage" to asser...

CVE-2026-46268

The CVE relates to the Linux kernel PCI/P2PDMA subsystem. A warning in p2pmem_alloc_mmap() was triggered by an assertion VM_WARN_ON_ONCE_PAGE(!page_ref_count(page)) after the initial page refcount was changed to zero by a prior patch. The issue arises only when CONFIG_DEBUG_VM is enabled, produci...

CVE-2026-46248

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: clear stale link mapping of ahvif-linksmap When an arvif is initialized in non-AP STA mode but MLO connection preparation fails before the arvif is created arvif-iscreated remains false, the error path attempts to...

CVE-2026-46248 wifi: ath12k: clear stale link mapping of ahvif->links_map

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: clear stale link mapping of ahvif-linksmap When an arvif is initialized in non-AP STA mode but MLO connection preparation fails before the arvif is created arvif-iscreated remains false, the error path attempts to...

CVE-2026-46248

CVE-2026-46248 pertains to the Linux kernel ath12k Wi‑Fi driver. When an arvif (Access Point Virtual Interface) is initialized in non-AP STA mode and MLO connection setup fails before arvif-&gt;is_created becomes true, the error path can leave a stale ahvif-&gt;links_map entry and, on reusing the...

Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore

Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop betting the org on winning that race. You don't control which bug lands. You control what it can reach once it does. That is a question abo...

Exploit for Improper Access Control in Proftpd

OpenVAS-Vulnerability-Analysis-Incident-Response-Report Real-W...

PT-2026-46031

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the PCI/P2PDMA component where the p2pmem alloc mmap function triggers a warning condition when CONFIG DEBUG VM is enabled. This occurs because the function uses an...

CVE-2026-36608

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP 192.168.1.1 or localhost 127.0.0.1 as InternalClient. An unauthenticated LAN attacker can expose the admin panel to the intern...