CVE-2026-0625 D-Link DSL/DIR/DNS Authentication Bypass via DNS Configuration Endpoint

Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DN...

VulnCheck KEV: CVE-2026-0625

Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DN...

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.

...

Mozilla Firefox SEoL (35.x)

According to its version, Mozilla Firefox version install on the remote host has reached end of support. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may conta...

Mozilla Firefox SEoL (27.x)

According to its version, Mozilla Firefox version install on the remote host has reached end of support. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may conta...

It’s apparently hip to still be using Windows 7

Welcome to this weeks edition of the Threat Source newsletter. As a longtime macOS user, I must admit Im behind the times when it comes to Microsoft Windows. Since buying a Steam Deck, Ive actually come to learn more about Linux and the Proton compatibility layer than I ever did about Windows. Bu...

CVE-2023-20141

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...

October 25, 2022-KB5018855 Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Microsoft server operating system, version 22H2

October 25, 2022-KB5018855 Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Microsoft server operating system, version 22H2 Release Date: October 25, 2022 Version: .NET Framework 3.5 and 4.8 Summary This article describes the Cumulative Update for 3.5 and 4.8 for Microsoft server...

Vulnerabilities found in Apple iOS and iPadOS

A security researcher has found three vulnerabilities in Apple iOS and iPadOS. A malicious party can exploit these vulnerabilities exploit them to gain access to sensitive data. This includes contact data stored on the device and metadata about interactions with these persons. Successful misuse...

Issues fixed in Apache web server

Apache has released version 2.4.49 of the Apache Web server. In this version a number of vulnerabilities have been fixed. Please note that the 2.2.x branch is now at the end of the life of the Apache HTTP Server project and there will be no further activity take place, including security updates...

CVE-2021-1168

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...