CVE-2026-5170 Users could trigger a crash of mongod primaries during promotion to sharded

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

CVE-2026-5170 Users could trigger a crash of mongod primaries during promotion to sharded

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

EUVD-2018-21727

NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by entering a crafted username value exceeding...

CVE-2018-25235

NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by entering a crafted username value exceeding...

CVE-2018-25235 NetworkActiv Web Server 4.0 Username Field Buffer Overflow DoS

NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by entering a crafted username value exceeding...

CVE-2018-25235

NetworkActiv Web Server 4.0 contains a local, username-field buffer overflow in the Security options. The vulnerability is triggered by supplying an excessively long string via the Set username interface, causing the application to crash (DoS). The available documents confirm the affected compone...

CVE-2018-25235 NetworkActiv Web Server 4.0 Username Field Buffer Overflow DoS

NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by entering a crafted username value exceeding...

CVE-2026-5104

A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit has been disclosed...

CVE-2026-5105

Summary of CVE-2026-5105 (Totolink A3300R) : A command injection vulnerability exists in Totolink A3300R running 17.0.0cu.557_b20221024. The flaw is in the Parameter Handler’s setVpnPassCfg function, specifically when handling the pptpPassThru argument in /cgi-bin/cstecgi.cgi. Exploitation allows...

CVE-2026-5102

Totolink A3300R (17.0.0cu.557_b20221024) is affected by CVE-2026-5102 in the Parameter Handler’s setSmartQosCfg function, via the /cgi-bin/cstecgi.cgi file. The qos_up_bw parameter can be manipulated to trigger a remote command injection, allowing an attacker to execute arbitrary commands on the ...

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. Vulnerabilities exist in versions of MongoDB Server prior to v8.2 8.2.2, v8.0...

PT-2026-29047

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 8.2.2 MongoDB Server versions 8.0.18 through 8.0.18 MongoDB Server versions 7.0.31 through 7.0.31 Description A user with limited privileges within a cluster can cause a mongod process to crash when the cluster...

MongoDB Server -- CWE-617: Reachable Assertion

https://jira.mongodb.org/browse/SERVER-101758 reports: A user with access to the cluster with a limited set of privilege actions can trigger a crash of amongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may...

PT-2026-29021

🚨 CVE-2018-25235 NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by entering a crafted usernam...

TOTOLINK A3300R 命令注入漏洞

Totolink A3300R is a wireless router product from Totolink. A command injection vulnerability exists in the Totolink A3300R version 17.0.0cu.557b20221024, which stems from improper handling of the qosupbw parameter in the setSmartQosCfg function of the /cgi-bin/cstecgi.cgi file in its parameter...

Security update for obs-service-set_version (moderate)

openSUSE Security Update: Security update for obs-service-setversion Announcement ID: openSUSE-SU-2026:0108-1 Rating: moderate References: 1072359 1212476 866966 Cross-References: CVE-2014-0593 Affected Products: openSUSE Backports SLE-15-SP7 An update that solves one vulnerability and has two...

CVE-2026-23400

A flaw was found in the Linux kernel's rustbinder component. A local user could potentially trigger a deadlock condition. This occurs when the setnotificationdone function is called while the proc lock is already held and the current thread is not a 'looper' a thread designed to handle specific...

EUVD-2026-16993

In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...

CVE-2026-5046

A flaw has been found in Tenda FH1201 1.2.0.14408. Affected is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component Parameter Handler. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit...

CVE-2026-5044

A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to stack-based buffer overflow. The attack can be...