CVE-2026-44226 pyLoad: Unauthenticated traceback disclosure via global exception handler in WebUI

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an...

D-Link G416 Information Disclosure Vulnerability

D-Link G416 is the AX1500 4G+ Smart Router launched by AUO in June 2025 , which supports Wi-Fi 6, AI Smart Optimization and 4G LTE Cat 6 network with up to 300Mbps internet speed. D-Link G416 suffers from an information disclosure vulnerability, which stems from the httpd exception mishandling...

xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response

A flaw was discovered where the XMLRPC client implementation in Apache XMLRPC, performed deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious or compromised XMLRPC server could possibly use this flaw to execute arbitrar...

Lotus Domino vulnerable to DoS via crafted unicode GET request

Overview The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service situation. Description Sending a crafted GET request containing numerous unicode characters can trigger a server exception that will crash the Domino server. If qnc.exe is removed from the...