CVE-2026-5353

A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function pingtest of the file /setup.cgi. Performing a manipulation of the argument c4IPAddr results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The...

EUVD-2026-18408

A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function pingtest of the file /setup.cgi. Performing a manipulation of the argument c4IPAddr results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The...

CVE-2026-5353

Trendnet TEW-657BRM version 1.00.1 contains a vulnerability in the ping_test function of /setup.cgi where manipulating the c4_IPAddr parameter leads to os command injection. Remote exploitation is possible; exploit code is public. The vendor notes the product is discontinued and out of support si...

PT-2026-29801

A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function ping test of the file /setup.cgi. Performing a manipulation of the argument c4 IPAddr results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The...

TRENDnet TEW-657BRM 操作系统命令注入漏洞

TRENDnet TEW-657BRM is a WiFi router produced by the TRENDnet company. The version 1.00.1 of Trendnet TEW-657BRM has a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter c4IPAddr in the pingtest function of the file...

OPENSUSE-SU-2026:20452-1 Security update for kea

This update for kea fixes the following issues: Update to 3.0.3: - CVE-2025-11232: invalid characters cause assert bsc1252863. - CVE-2026-3608: stack overflow via maliciously crafted message bsc1260380. Changelog: A large number of bracket pairs in a JSON payload directed to any endpoint would...

SUSE-SU-2026:20989-1 Security update for kea

This update for kea fixes the following issues: Update to 3.0.3: - CVE-2025-11232: invalid characters cause assert bsc1252863. - CVE-2026-3608: stack overflow via maliciously crafted message bsc1260380. Changelog: A large number of bracket pairs in a JSON payload directed to any endpoint would...

Fedora 44 : cpp-httplib (2026-03599f0b32)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-03599f0b32 advisory. Update to 0.38.0 rhbz2447261 - Filename sanitization for path traversal prevention Added sanitizefilename to prevent path traversal attacks via malicious...

Fedora 43 : cpp-httplib (2026-e76feaf213)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e76feaf213 advisory. Update to 0.38.0 rhbz2447261 - Filename sanitization for path traversal prevention Added sanitizefilename to prevent path traversal attacks via malicious...

Security update for v2ray-core (important)

openSUSE Security Update: Security update for v2ray-core Announcement ID: openSUSE-SU-2026:0103-1 Rating: important References: 1251404 1260329 Cross-References: CVE-2025-47911 CVE-2026-33186 CVSS scores: CVE-2025-47911 SUSE: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N...

CVE-2026-29520

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the pingipaddr parameter t...

CVE-2026-32230

Uptime Kuma is an open source, self-hosted monitoring tool. From 2.0.0 to 2.1.3 , the GET /api/badge/:id/ping/:duration? endpoint in server/routers/api-router.js does not verify that the requested monitor belongs to a public group. All other badge endpoints check AND public = 1 in their SQL query...

CVE-2026-4172

A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /pingresponse.cgi of the component HTTP POST Request Handler. The manipulation of the argument pingipaddr results in stack-based buffer overflow. The attack may be performed from remote. The...

CVE-2019-25483

Comtrend AR-5310 GE31-412SSG-C01R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $ . Attackers can inject arbitrary commands through the $ syntax when passed as arguments to allowed...

TRENDnet TEW-632BRP Buffer Overflow Vulnerability

The TRENDnet TEW-632BRP is a wireless router from TRENDnet. A buffer overflow vulnerability exists in the TRENDnet TEW-632BRP. The vulnerability is caused due to a lack of bounds checking in the user-controlled pingipadder parameter in the HTTP POST request handler of the /pingresponse.cgi...

MAL-2026-1844 Malicious code in shopify-ping-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65f10efaec7ccae41168b3bcbce9874ddfa9fb6d806c9e55029549efe82f9898 The package shopify-ping-web was found to contain malicious code...

Malicious code in shopify-ping-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65f10efaec7ccae41168b3bcbce9874ddfa9fb6d806c9e55029549efe82f9898 The package shopify-ping-web was found to contain malicious code...

EUVD-2026-12462

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the pingipaddr parameter t...

CVE-2026-29520

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the pingipaddr parameter t...

EUVD-2026-12218

A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /pingresponse.cgi of the component HTTP POST Request Handler. The manipulation of the argument pingipaddr results in stack-based buffer overflow. The attack may be performed from remote. The...