2951 matches found
Exploit for CVE-2026-46243
cifswitch-check A shell script to check whether a Linux syste...
CVE-2026-48019
CRLF injection in default email rule...
CVE-2026-10120
A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewallname results in stack-based buffer overflow. The attack can be executed remotely. The exploit is...
OPENSUSE-SU-2026:20857-1 Security update for mapserver
This update for mapserver fixes the following issues: Changes in mapserver: - Update to releasee 8.6.3 SLD parser: fix out of bounds access on SLD with only a Rule with a ElseFilter but without a symbolizer CVE-2026-33721, boo1260869 CVE-2026-45104, boo1266663...
MAL-2026-5117 Malicious code in @redhat-cloud-services/rule-components (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
EUVD-2026-33462
A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewallname results in stack-based buffer overflow. The attack can be executed remotely. The exploit is...
PT-2026-45099
A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewall name results in stack-based buffer overflow. The attack can be executed remotely. The exploit is...
TRENDnet TEW-432BRP 安全漏洞
TRENDnet TEW-432BRP is a dual-band wireless router produced by TRENDnet Corporation. Version 3.10B20 of TRENDnet TEW-432BRP contains a security vulnerability. This vulnerability arises from the operation of the formSetFirewallRule function in the file/goform/formSetFirewallRule, where the paramet...
CVE-2026-9092
Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without checking the emailverified claim from upstream providers; the idp.UserInfo struct does not even...
EUVD-2026-32943
Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without checking the emailverified claim from upstream providers; the idp.UserInfo struct does not even...
CVE-2026-9092 CVE-2026-9092
Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without checking the emailverified claim from upstream providers; the idp.UserInfo struct does not even...
CVE-2026-9092
Casdoor, versions 2.362.0 and earlier, contains a vulnerability in the binding logic: the getExistUserByBindingRule function matches users by email without validating the email_verified claim from upstream providers, and the idp.UserInfo struct does not include an EmailVerified field. This can al...
EUVD-2026-32942
Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user authenticating via this pat...
CVE-2026-47674
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the ip-restriction middleware hono/ip-restriction compares incoming IP addresses against configured deny and allow rules using string equality after partial normalization. Non-canonical IPv6...
PT-2026-44420
Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user authenticating via this pat...
CVE-2026-45104
MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls SLDApplyRuleValuespsRule, psLayer, 1; for any carrying — it assumes msSLDParseRule added one class. When the rule has no symbolizer a structurally valid SLD, msSLDParseRul...
Linux Distros Unpatched Vulnerability : CVE-2026-45901
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftables: revert commitmutex usage in reset path It causes circular lock dependency between commitmutex, nfnlsubsysipset and nlkcbmutex when nft rese...
XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}
Impact POST /wikis/wikiName executes a XAR import without performing any authentication or authorization checks, allowing an unauthenticated attacker to create or update documents in the target wiki Patches This vulnerability has been patched in XWiki 16.10.17, 17.4.9, 17.10.3, 18.0.1 and...
Anonymous YARA Rules Are Not Anonymous
YARA rules are widely shared across threat intelligence communities to enable collective defence against malware. This practice implicitly assumes that removing metadata e.g., author fields sufficiently protects the identity of contributing organisations. To assess the validity of this assumption...
CVE-2026-42268
A flaw was found in ModSecurity, an open-source web application firewall WAF. This vulnerability occurs when an administrator configures a rule that uses @verifySSN, @verifyCPF, or @verifySVNR functions. An unhandled exception, specifically an unsigned integer underflow, can lead to a denial of...