EUVD-2026-12260

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function...

EUVD-2026-12204

A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function DeleteMaclist/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is possible to launch the attack remotely. The exploit h...

CVE-2026-4228

A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub458754 of the file /goform/setwifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about th...

CVE-2026-4220

A vulnerability has been found in Technologies Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /SetWebpagePic.jsp. The manipulation of the argument targetPath/Suffix leads to unrestricted upload. The attack may be initiated remotely. The...

CVE-2026-4164

A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function DeleteMaclist/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is possible to launch the attack remotely. The exploit h...

CVE-2026-3086

GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

CVE-2026-4228

A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub458754 of the file /goform/setwifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about th...

CVE-2026-4228

CVE-2026-4228 affects LB-LINK BL-WR9000 running 2.4.9, with the vulnerable code path in the function at /goform/set_wifi (sub_458754). The manipulation enables a remote command injection, and the exploit is publicly available. Multiple sources (NVD, Red Hat, EUVD, CVE listing, and third-party fee...

CVE-2026-4228 LB-LINK BL-WR9000 set_wifi sub_458754 command injection

A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub458754 of the file /goform/setwifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about th...

CVE-2026-4220 Technologies Integrated Management Platform SetWebpagePic.jsp unrestricted upload

A vulnerability has been found in Technologies Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /SetWebpagePic.jsp. The manipulation of the argument targetPath/Suffix leads to unrestricted upload. The attack may be initiated remotely. The...

CVE-2026-20995

Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration...

CVE-2026-20995

Affected product: Smart Switch. The connected documents describe a vulnerability where exposure of sensitive functionality to an unauthorized actor exists in Smart Switch prior to version 3.7.69.15, enabling remote attackers to set a specific configuration. Root cause: improper access control tha...

CVE-2026-4209

A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function...

Stegano 2.3.0

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit LSB technique. It is possible to use a more advanced LSB method based on integers sets. The sets Sieve of...

EulerOS Virtualization 2.10.1 : util-linux (EulerOS-SA-2026-1548)

According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifical...

PT-2026-25638

A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub 458754 of the file /goform/set wifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about...

Wavlink WL-WN578W2 命令注入漏洞

Wavlink WL-WN578W2 is a wireless repeater produced by Wavlink Corporation. The Wavlink WL-WN578W2 version 221110 contains a command injection vulnerability. This vulnerability arises from improper handling of parameters for the functions DeleteMaclist/SetName/GuestWifi in the...

LB-LINK BL-WR9000 命令注入漏洞

The LB-LINK BL-WR9000 is a wireless router produced by the LB-LINK company. Version 2.4.9 of the LB-LINK BL-WR9000 contains a command injection vulnerability. This vulnerability arises from operations on the function sub458754 in the file/goform/setwifi, which allows for command injection,...

PT-2026-25840

Name of the Vulnerable Software and Affected Versions pyOpenSSL versions 22.0.0 through 25.3.0 Description pyOpenSSL is a Python wrapper around the OpenSSL library. If a user-provided callback to the set cookie generate callback function returned a cookie value exceeding 256 bytes, pyOpenSSL woul...

Tiandy Easy7 Integrated Management Platform 代码问题漏洞

Tiandy Easy7 Integrated Management Platform is a comprehensive video surveillance management platform developed by Tiandy Company in China. The version 7.17.0 of Tiandy Easy7 Integrated Management Platform contains a code vulnerability. This vulnerability stems from operations on the parameters...