CVE-2026-3971 Tenda i3 wifiSSIDset formwrlSSIDset stack-based overflow

A vulnerability has been found in Tenda i3 1.0.0.62204. Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument index/GO leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has bee...

CVE-2026-26792

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the setupgrade function via the modemurl, targetversion, currentversion, firmwareupload, hashtype, hashvalue, and upgradetype parameters. These vulnerabilities allow attackers to execute arbitrary...

Tenda W3 安全漏洞

The Tenda W3 is a wireless access point device produced by the Chinese company Tenda. Version 1.0.0.32204 of the Tenda W3 contains a security vulnerability. This vulnerability stems from incorrect handling of parameters in the component POST Parameter Handler, specifically the...

CVE-2026-26792

GL-iNet GL-AR300M16 v4.3.11 contains multiple command-injection vulnerabilities in the set_upgrade function. The flaws allow arbitrary command execution via crafted input in parameters such as modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type. Th...

CVE-2026-26793

GL-iNet GL-AR300M16 firmware v4.3.11 contains a command injection vulnerability in the set_config function, enabling arbitrary command execution via crafted input. The root cause is untrusted input being processed by set_config. Impact is presented as arbitrary command execution, but the availabl...

CVE-2026-26792

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the setupgrade function via the modemurl, targetversion, currentversion, firmwareupload, hashtype, hashvalue, and upgradetype parameters. These vulnerabilities allow attackers to execute arbitrary...

PT-2026-25049

🔴 CVE-2026-26793 - Critical GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set config function. This vulnerability allows attackers to execute arbitrary commands via ... https://t.co/4ioEauePbG https://t.co/UVrVh3JYcc...

CVE-2026-26792

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the setupgrade function via the modemurl, targetversion, currentversion, firmwareupload, hashtype, hashvalue, and upgradetype parameters. These vulnerabilities allow attackers to execute arbitrary...

PT-2026-24916

A weakness has been identified in Tenda W3 1.0.0.32204. Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch t...

CVE-2026-27478

Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to...

CVE-2026-27478 Unity Catalog has a JWT Issuer Validation Bypass Allows Complete User Impersonation

Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to...

CVE-2026-27478 Unity Catalog has a JWT Issuer Validation Bypass Allows Complete User Impersonation

Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to...

CVE-2026-31837

A flaw was found in Istio. A user of Istio could be impacted if the JSON Web Key Set JWKS resolver becomes unavailable or fails to fetch keys. This vulnerability can lead to the exposure of hardcoded default settings, potentially bypassing authentication mechanisms and allowing unauthorized acces...

RUSTSEC-2026-0174 `Authorization::value` and `WwwAuthenticate::value` can violate ASCII invariants

Authorization::value uses HeaderValue::value with the claim that the internal string is ASCII, but Authorization::new and Authorization::setcredentials accept arbitrary String credentials without validation. As a result, safe code can construct a header value containing non-ASCII UTF-8 while the...

libpng: LIBPNG has a heap buffer overflow in png_set_quantize

A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the JWKS resolver, which can be exposed if a fetch operation fails. An attacker can obtain private keys by forcing such a failure. Note: The keys are exposed even if RequestAuthentication is in use...

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the JWKS resolver, which can be exposed if a fetch operation fails. An attacker can obtain private keys by forcing such a failure. Note: The keys are exposed even if RequestAuthentication is in use...

GHSA-FFV6-JJ46-X367 django-unicorn affected by component state manipulation via unvalidated attribute access

Summary Component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modify internal attributes such as templatename or trigger protected methods. Vulnerability...

VulnCheck KEV: CVE-2025-57296

Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters, the subADBC0 helper function concatenates these user-supplied values into...

RHEL 9 : libpng15 (RHSA-2026:4222)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:4222 advisory. The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG Portable Network Graphics image format files...