SUSE CVE-2026-34041

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

CVE-2026-34542 iccDEV: SBO in CIccCalculatorFunc::Apply()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack-buffer-overflow SBO in CIccCalculatorFunc::Apply when processed via iccApplyNamedCmm. Under AddressSanitizer, the failure is reported as...

CVE-2026-5170

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

CVE-2026-5184

A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of the argument admuser leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be use...

CVE-2026-34041

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

CVE-2026-5177

Totolink A3300R 17.0.0cu.557_b20221024 is affected by CVE-2026-5177. The vulnerability resides in function setWiFiBasicCfg of /cgi-bin/cstecgi.cgi, where manipulating the rxRate argument can trigger a remote command injection. The exploit is publicly available. No remediation details are provided...

CVE-2026-5177 Totolink A3300R cstecgi.cgi setWiFiBasicCfg command injection

A weakness has been identified in Totolink A3300R 17.0.0cu.557b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument rxRate can lead to command injection. The attack may be launched remotely. The exploit...

CVE-2026-5177 Totolink A3300R cstecgi.cgi setWiFiBasicCfg command injection

A weakness has been identified in Totolink A3300R 17.0.0cu.557b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument rxRate can lead to command injection. The attack may be launched remotely. The exploit...

CVE-2026-34041

act: Unrestricted set-env and add-path command processing enables environment injection in github.com/nektos/act. Prior to version 0.2.86, act unconditionally processes deprecated ::set-env:: and ::add-path:: commands, allowing an attacker to inject environment variables or modify PATH for subseq...

CVE-2026-34041 act: Unrestricted set-env and add-path command processing enables environment injection

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

CVE-2026-34041

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

CVE-2026-34041 act: Unrestricted set-env and add-path command processing enables environment injection

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

CVE-2026-34041

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

CVE-2026-34041 act: Unrestricted set-env and add-path command processing enables environment injection

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

Act 注入漏洞

Act is a locally run tool developed by Nektos and open source. Versions of Act prior to 0.2.86 had an injection vulnerability. This vulnerability stemmed from unconditionally processing the::set-env:: and::add-path:: workflow commands, which could lead to setting arbitrary environment variables o...

Linux Distros Unpatched Vulnerability : CVE-2026-5170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window wh...

EUVD-2026-17115

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

CVE-2026-4046

The CVE-2026-4046 issue affects the iconv() function in glibc up to version 2.43, where input conversion from IBM1390/IBM1399 can trigger an assertion failure and cause remote crashes. Affected component: GNU C Library (glibc). Underlying cause: assertion failure during character-set conversion. ...

CVE-2026-5170

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

CVE-2026-5170

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...