GO-2026-5095 Grafana public dashboards disclose all direct mode datasources in github.com/grafana/grafana

Grafana public dashboards disclose all direct mode datasources in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

CVE-2026-5952

creationtimestamp| type| source ---|---|--- 2026-06-25 05:45:20+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260625 2026-06-25 06:11:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp3rhugxdv2z 2026-06-25 12:00:27+00:00| seen|...

PT-2026-51818

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.35.11 Envoy versions prior to 1.36.7 Envoy versions prior to 1.37.3 Envoy versions prior to 1.38.1 Description Envoy can translate a downstream HTTP/3 request that is complete at the transport layer but contains a...

EUVD-2026-38198

A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The manipulation leads to HTML injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be...

CVE-2026-12812

A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The manipulation leads to HTML injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be...

CVE-2026-12812 Radware Cyber Controller HTML Report Generation HTML injection

A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The manipulation leads to HTML injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be...

CVE-2026-12808

A vulnerability was determined in Edimax BR-6478AC V2 1.23. This impacts the function stainfo of the file /goform/stainfo of the component POST Request Handler. This manipulation of the argument interface causes command injection. The attack can be initiated remotely. The exploit has been publicl...

CVE-2026-12808

A vulnerability was determined in Edimax BR-6478AC V2 1.23. This impacts the function stainfo of the file /goform/stainfo of the component POST Request Handler. This manipulation of the argument interface causes command injection. The attack can be initiated remotely. The exploit has been publicl...

CVE-2026-12806

A vulnerability has been found in Edimax BR-6478AC V2 1.23. The impacted element is the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. It is possible to initiate the attack...

EUVD-2026-38145

A vulnerability was determined in AOMEI Backupper up to 8.3.0. Impacted is an unknown function in the library amwrtdrv.sys of the component Kernel Driver. Executing a manipulation can lead to improper access controls. The attack needs to be launched locally. The exploit has been publicly disclose...

EUVD-2026-38143

A vulnerability has been found in AOMEI Partition Assistant up to 10.10.1. This vulnerability affects unknown code in the library ampa10.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack must be carried out locally. The exploit has been disclosed ...

CVE-2026-12770

A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/managementendpoints/keymanagementendpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated...

CVE-2026-12770

The CVE affects litellm (BerriAI) up to version 1.63.1, specifically the Admin Key Handler component and the file litellm/proxy/management_endpoints/key_management_endpoints.py. The root cause is improper authorization caused by manipulation within this endpoint, enabling a remote attacker to exp...

PT-2026-51182

Name of the Vulnerable Software and Affected Versions litellm versions prior to 1.63.2 Description An improper authorization issue exists in the Admin Key Handler component within the file litellm/proxy/management endpoints/key management endpoints.py. This flaw allows a remote attacker to bypass...

CVE-2026-54104

creationtimestamp| type| source ---|---|--- 2026-06-18 18:05:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3molg436wlg2g...

CVE-2026-46797

...

D-Link Network Attached Storage - Command Injection and Backdoor Account

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument...

EUVD-2026-36693

A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function modupgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack...

CVE-2026-12212

A vulnerability has been found in hcengineering Huly Platform up to 0.7.0. Affected is the function getMailboxSecret of the file server/account/src/operations.ts of the component RPC Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit h...

CVE-2026-12217 DVDFab Virtual Drive Signed Kernel Driver dvdfabio.sys privileges management

A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been...