Astra Linux - уязвимость в unbound

A vulnerability called “Non-Responsive Delegation Attack” NRDelegation Attack has been discovered in various DNS resolution software. The NRDelegation Attack operates by creating a malicious delegation with a significant number of non-responsive name servers. The attack begins by querying a...

CVE-2026-7579 AstrBotDevs AstrBot Dashboard auth.py hard-coded credentials

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The...

CVE-2026-6999

A flaw has been found in BIVOCOM TR321 21.1.1.50. Affected by this vulnerability is an unknown functionality of the component Wireless Setting. This manipulation of the argument Network Name SSID causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been...

EUVD-2026-25672

A weakness has been identified in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This affects an unknown function of the component rmon event Tab. Executing a manipulation of the argument Description can lead to cross site scripting. The attack may be launched remotely. The exploit has been made availab...

PT-2026-30511

A vulnerability was found in Acrel Electrical Prepaid Cloud Platform 1.0. This issue affects some unknown processing of the file /bin.rar of the component Backup File Handler. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been made public...

CVE-2026-4847 dameng100 muucmf list.html cross site scripting

A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /admin/config/list.html. Performing a manipulation of the argument Name results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and...

CVE-2026-2530

A weakness has been identified in Wavlink WL-WN579A3 up to 20210219. This affects the function AddMac of the file /cgi-bin/wireless.cgi. This manipulation of the argument macAddr causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to th...

CVE-2025-37166

A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. A malicious actor could leverage this vulnerability to...

CVE-2025-37166 Unexpected shutdown in HPE Instant On Access Points after processing specific packets

A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. A malicious actor could leverage this vulnerability to...

CVE-2025-37166

Technical details (affected models/versions, root cause, exploitability, and fixes) are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories.

CVE-2025-37166 Unexpected shutdown in HPE Instant On Access Points after processing specific packets

A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. A malicious actor could leverage this vulnerability to...

CVE-2025-1829

A vulnerability was found in TOTOLINK X18 9.1.0cu.2024B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can be initiated...

CVE-2025-15424

A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agentworksdel.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The...

CVE-2025-15123

A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/datarule/. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The attack requires a high level of complexity. The...

EUVD-2025-205469

A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the argument apikey results in use of hard-coded cryptographic key . Remote exploitation of the attack...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: unbound (UTSA-2025-986165)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986165 advisory. A vulnerability named 'Non-Responsive Delegation Attack' NRDelegation Attack has been discovered in various DNS resolving software. The NRDelegation Attack works by...

EUVD-2022-42621

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-3204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability named 'Non-Responsive Delegation Attack' NRDelegation Attack has been discovered in various DNS resolving software. The NRDelegation Attack work...

Linux Distros Unpatched Vulnerability : CVE-2021-47271

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: usb: cdnsp: Fix deadlock issue in cdnspthreadirqhandler Patch fixes the following critical...

CVE-2025-5134 Tmall Demo Buy Item Page cross site scripting

A vulnerability classified as problematic was found in Tmall Demo up to 20250505. Affected by this vulnerability is an unknown functionality of the component Buy Item Page. The manipulation of the argument Detailed Address leads to cross site scripting. The attack can be launched remotely. The...