PT-2026-31741

Name of the Vulnerable Software and Affected Versions D-Link DIR-605L version 2.13B01 Description A flaw exists in the formSetMACFilter function of the /goform/formSetMACFilter file within the POST Request Handler component. Manipulation of the curTime argument can cause a buffer overflow,...

PT-2026-31740

Name of the Vulnerable Software and Affected Versions D-Link DIR-605L version 2.13B01 Description A buffer overflow issue exists in the formVirtualServ function within the POST Request Handler component, specifically in the file /goform/formVirtualServ. The vulnerability is triggered by...

D-Link DIR-605L 安全漏洞

The D-Link DIR-605L is a wireless router produced by D-Link Corporation. The D-Link DIR-605L version 2.13B01 has a security vulnerability. This vulnerability stems from the operation of the curTime parameter in the formAdvNetwork function of the POST Request Handler component, which may lead to a...

D-Link DIR-605L 安全漏洞

The D-Link DIR-605L is a wireless router produced by D-Link Corporation. The D-Link DIR-605L version 2.13B01 has a security vulnerability. This vulnerability stems from the operation of the curTime parameter in the formVirtualServ function within the POST Request Handler component, which may lead...

PT-2026-31795

Name of the Vulnerable Software and Affected Versions D-Link DIR-605L version 2.13B01 Description A buffer overflow exists in the POST Request Handler component due to manipulation of the curTime argument within the formAdvNetwork function of the /goform/formAdvNetwork file. Remote exploitation i...

EUVD-2026-19241

A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit is publicly available and might be used...

CVE-2026-5661

A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit is publicly available and might be used...

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Version 4.2.0 of free5GC contains a security vulnerability, which stems from issues with the NGSetupRequest Handler component and could lead to denial-of-service attacks...

CVE-2026-34777

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, when an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or media permissions, the origin passed to...

CVE-2026-34777

CVE-2026-34777 affects Electron: prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, the origin passed to session.setPermissionRequestHandler() for iframe-permission requests (fullscreen, pointerLock, keyboardLock, openExternal, or media) was the top‑level page origin instead of the requesting ...

CVE-2026-34771 Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous session.setPermissionRequestHandler may be vulnerable to a use-after-free when handling fullscree...

CVE-2026-23470

A flaw was found in the Linux kernel's drm/imagination driver. A local attacker could potentially trigger a deadlock condition during the soft reset sequence. This occurs because the soft reset sequence, when executed from a threaded Interrupt Request IRQ handler, attempts to disable IRQs while...

CVE-2026-5467

A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirecturi leads to open redirect. It is possible to launch the attack remotely. The exploit is publicly...

PT-2026-30007

Impact When an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or media permissions, the origin passed to session.setPermissionRequestHandler was the top-level page's origin rather than the requesting iframe's origin. Apps that grant permissions based on the origin parameter ...

CVE-2026-4960

A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotel...

CVE-2026-4902

A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is n...

CVE-2026-4903

A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. Th...

EUVD-2026-16811

A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has...

CVE-2026-4974

A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack...

CVE-2026-4974

CVE-2026-4974 affects Tenda AC7 firmware version 15.03.06.44. The vulnerability is in the function fromSetSysTime of /goform/SetSysTimeCfg in the POST Request Handler, where manipulating the Time argument can cause a stack-based buffer overflow. This enables remote code execution over the network...