PT-2026-5713

Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 1.5.0 Signal K Set-System-Time plugin versions prior to 1.5.0 Description A command injection issue exists in the Signal K Server and its Set-System-Time plugin. Authenticated users with write permissions can...

CVE-2026-1601

A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made...

CVE-2026-1544

A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub41E2A0 of the file /goform/setmode. Performing a manipulation of the argument langateway results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to...

Tenda AX1803 Buffer Overflow Vulnerability (CNVD-2026-10638)

Tenda AX1803 is a dual-band Gigabit WIFI6 router from Tenda China. The Tenda AX1803 suffers from a buffer overflow vulnerability caused by incorrect boundary checking in the GetWifiGuestBasic function of the /goform/WifiGuestSet file. An attacker could exploit this vulnerability to execute...

SUSE-SU-2026:20390-1 Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise kernel 6.4.0-24.1 fixes one security issue The following security issue was fixed: - CVE-2025-38588: ipv6: prevent infinite loop in rt6nlmsgsize bsc1249241. The following non security issue was fixed: - fix addrbitset issue on big-endian machines bsc12569...

SUSE-SU-2026:20275-1 Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise kernel 6.4.0-24.1 fixes one security issue The following security issue was fixed: - CVE-2025-38588: ipv6: prevent infinite loop in rt6nlmsgsize bsc1249241. The following non security issue was fixed: - fix addrbitset issue on big-endian machines bsc12569...

SUSE-SU-2026:20391-1 Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise kernel 6.4.0-25.1 fixes one security issue The following security issue was fixed: - CVE-2025-38588: ipv6: prevent infinite loop in rt6nlmsgsize bsc1249241. The following non security issue was fixed: - fix addrbitset issue on big-endian machines bsc12569...

SUSE-SU-2026:20389-1 Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise kernel 6.4.0-31.1 fixes one security issue The following security issue was fixed: - CVE-2025-38588: ipv6: prevent infinite loop in rt6nlmsgsize bsc1249241. The following non security issue was fixed: - fix addrbitset issue on big-endian machines bsc12569...

SUSE-SU-2026:20274-1 Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise kernel 6.4.0-31.1 fixes one security issue The following security issue was fixed: - CVE-2025-38588: ipv6: prevent infinite loop in rt6nlmsgsize bsc1249241. The following non security issue was fixed: - fix addrbitset issue on big-endian machines bsc12569...

SUSE-SU-2026:20273-1 Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise kernel 6.4.0-30.1 fixes one security issue The following security issue was fixed: - CVE-2025-38588: ipv6: prevent infinite loop in rt6nlmsgsize bsc1249241. The following non security issue was fixed: - fix addrbitset issue on big-endian machines bsc12569...

SUSE-SU-2026:20386-1 Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise kernel 6.4.0-28.1 fixes one security issue The following security issue was fixed: - CVE-2025-38588: ipv6: prevent infinite loop in rt6nlmsgsize bsc1249241. The following non security issue was fixed: - fix addrbitset issue on big-endian machines bsc12569...

CGA-MFV9-CW75-PQ37

Bulletin has no description...

Unity Linux 20.1070e Security Update: screen (UTSA-2026-005209)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005209 advisory. A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be...

CVE-2026-1544

A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub41E2A0 of the file /goform/setmode. Performing a manipulation of the argument langateway results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to...

CVE-2026-1544

A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub41E2A0 of the file /goform/setmode. Performing a manipulation of the argument langateway results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to...

CVE-2026-1544

A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub41E2A0 of the file /goform/setmode. Performing a manipulation of the argument langateway results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to...

CVE-2026-1544

CVE-2026-1544 affects D-Link DIR-823X (firmware 250416). The vulnerability is in the function sub_41E2A0 of /goform/set_mode, where manipulation of the lan_gateway argument enables remote command injection. Exploitation has been publicly released, and the issue affects devices no longer supported...

CVE-2026-1544 D-Link DIR-823X set_mode sub_41E2A0 os command injection

A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub41E2A0 of the file /goform/setmode. Performing a manipulation of the argument langateway results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to...

CVE-2026-1532

A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of the argument UploadMusic leads to path traversal. The attack can only be initiated within the loc...

kernel: Linux kernel (openvswitch): Denial of Service and limited data exposure via improper key length validation

A flaw was found in the Linux kernel's openvswitch virtual environment. A local attacker with low privileges could exploit improper data and key length validation in the set action. This could lead to a denial of service, making the system unresponsive, and potentially result in limited informati...