Lucene search
K

72 matches found

EUVD
EUVD
added 6 days ago4 views

EUVD-2026-39595

A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...

6.4CVSS6AI score0.00164EPSS
Exploits0References3
NVD
NVD
added 6 days ago8 views

CVE-2026-13318

A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...

6.4CVSS0.00164EPSS
Exploits0References2
Cvelist
Cvelist
added last week40 views

CVE-2026-13318 Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ip

A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...

6.4CVSS0.00164EPSS
Exploits0References2
CVE
CVE
added last week14 views

CVE-2026-13318

KubeVirt exposes an SSRF in virt-api port-forward: when handling a port-forward to a VirtualMachineInstance, virt-api reads vmi.Status.Interfaces[0].IP and dials it without validation. For VMIs using non-masquerade networks (bridge or secondary-only), this IP is supplied by the in-guest QEMU agen...

6.4CVSS6AI score0.00164EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added last week8 views

CVE-2026-13318

A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...

6.4CVSS6AI score0.00164EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.9 views

CVE-2026-8346

A vulnerability was detected in D-Link DIR-816 1.10CNB05R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ipaddress results in command injection. The attack can be initiated remotely. The exploit is now public and may be used...

8.8CVSS6.5AI score0.03095EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.8 views

CVE-2026-39884

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...

8.3CVSS5.5AI score0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 12:31 a.m.7 views

EUVD-2026-29349

A vulnerability was detected in D-Link DIR-816 1.10CNB05R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ipaddress results in command injection. The attack can be initiated remotely. The exploit is now public and may be used...

6.5CVSS5.7AI score0.03095EPSS
Exploits1References6
NVD
NVD
added 2026/05/12 12:17 a.m.17 views

CVE-2026-8346

A vulnerability was detected in D-Link DIR-816 1.10CNB05R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ipaddress results in command injection. The attack can be initiated remotely. The exploit is now public and may be used...

8.8CVSS0.03095EPSS
Exploits1References5
CVE
CVE
added 2026/05/11 11:15 p.m.20 views

CVE-2026-8346

The CVE-2026-8346 entry concerns D-Link DIR-816 devices (firmware 1.10CNB05_R1B011D88210/variants) where the portForward function is vulnerable. A flaw in handling the ip_address argument enables remote command injection, with reported public exploits. The affected component is the portForward lo...

8.8CVSS6.5AI score0.03095EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/11 11:15 p.m.5 views

CVE-2026-8346

A vulnerability was detected in D-Link DIR-816 1.10CNB05R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ipaddress results in command injection. The attack can be initiated remotely. The exploit is now public and may be used...

6.5CVSS6.5AI score0.03095EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/05/11 11:15 p.m.37 views

CVE-2026-8346 D-Link DIR-816 portForward command injection

A vulnerability was detected in D-Link DIR-816 1.10CNB05R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ipaddress results in command injection. The attack can be initiated remotely. The exploit is now public and may be used...

6.5CVSS0.03095EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/05/11 10:0 p.m.6 views

CVE-2026-8345

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05R1B011D88210. Affected by this issue is the function sub445E7C of the file /goform/singlePortForward. Such manipulation of the argument ipaddress leads to command injection. It is possible to launch the attack remotely. The...

6.5CVSS6.4AI score0.03156EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

D-Link DIR-816 注入漏洞

The D-Link DIR-816 is a wireless router produced by D-Link Corporation. The version 1.10CNB05R1B011D88210 of the D-Link DIR-816 has a vulnerability related to command injection. This vulnerability stems from the operation of the sub445E7C function in the /goform/singlePortForward file, which...

8.8CVSS6.6AI score0.03156EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/06 8:21 p.m.9 views

CVE-2026-41926

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters like websURLFilter,...

9.3CVSS5.9AI score0.01235EPSS
Exploits0References1
NVD
NVD
added 2026/05/04 8:16 p.m.14 views

CVE-2026-41926

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters like websURLFilter,...

9.3CVSS0.01235EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/04 7:17 p.m.8 views

EUVD-2026-27125

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters like websURLFilter,...

9.3CVSS5.9AI score0.01235EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.12 views

PT-2026-36914

Name of the Vulnerable Software and Affected Versions WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 Description An OS command injection issue exists in the firewall.cgi binary across five request handlers due to insufficient input validation. Attackers can inject arbitrary shell commands...

9.3CVSS5.9AI score0.01235EPSS
Exploits0References6
NVD
NVD
added 2026/04/15 4:17 a.m.7 views

CVE-2026-39884

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...

8.3CVSS0.00258EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.9 views

MCP Server Kubernetes 安全漏洞

MCP Server Kubernetes is a Kubernetes management server developed by Suyog Sonwalkar. Versions of MCP Server Kubernetes prior to 3.4.0 have security vulnerabilities. These vulnerabilities stem from parameter injection issues in the port-forward tool, which may lead to exposure of internal...

8.3CVSS5.8AI score0.00258EPSS
Exploits0References1
Rows per page
Query Builder