MINI-HVRM-G2CF-MX49

Bulletin has no description...

CVE-2025-67447

The network diagnosis ping module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address field before passing it to the system's ping command. An attacker can inject arbitrary OS commands,...

CVE-2025-67448

The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before storing and displaying them. An attacker can send an SMS containing a malicious XSS payload, which will be executed in the...

EUVD-2026-34298

Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a 32-bit or 128-bit...

CVE-2026-49941 Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses

Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a 32-bit or 128-bit...

EUVD-2026-34297

Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One U+0661 were accepted but not properly parsed as numbers. This could allow network masks to accept larger networks...

CVE-2026-26379

Koha versions up to 25.11 contain a Server-Side Request Forgery SSRF vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning and identify running services by analyzing server response times...

kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al

In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proclseek as ones for procreaditer et.al Check pde-procops-proclseek directly may cause UAF in rmmod scenario. It's a gap in procregopen after commit 654b33ada4ab"proc: fix UAF in...

Why eSIMs Are Replacing Traditional SIM Cards

From SIM swap protection to remote provisioning, eSIMs are quickly replacing physical SIM cards. Here’s why the shift matters for security and convenience...

CVE-2019-25728

Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ckconfig cookie parameter. Attackers can inject malicious SQL through the ckconfig cookie in multiple endpoints including login.php, indexframe.php...

EUVD-2019-20164

Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ckconfig cookie parameter. Attackers can inject malicious SQL through the ckconfig cookie in multiple endpoints including login.php, indexframe.php...

CVE-2019-25728

Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ckconfig cookie parameter. Attackers can inject malicious SQL through the ckconfig cookie in multiple endpoints including login.php, indexframe.php...

kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al

In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proclseek as ones for procreaditer et.al Check pde-procops-proclseek directly may cause UAF in rmmod scenario. It's a gap in procregopen after commit 654b33ada4ab"proc: fix UAF in...

MINI-CQ27-696H-6FMR

Bulletin has no description...

EUVD-2026-34214

Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted...

Exploit for CVE-2026-42945

nginx-rift-scanner Dependency-free Python 3 scanner for CVE...

SUSE CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

SUSE CVE-2026-9516

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

SUSE CVE-2026-10705

A flaw has been found in dask up to 3.0. Affected by this issue is the function nuniqueapprox of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree of complexity is...

Linux Distros Unpatched Vulnerability : CVE-2026-8829

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing HTML::Entities::decodeentities cached a pointer re...