libcap security update

An update is available for libcap. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Libcap is a library for getting and setting POSIX.1e formerly POSIX 6 draft 1...

RLSA-2026:12423 Important: libcap security update

Libcap is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities. Security Fixes: libcap: libcap: Privilege escalation via TOCTOU race condition in capsetfile CVE-2026-4878 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

libcap security update

An update is available for libcap. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Libcap is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15...

CVE-2026-7691

A security vulnerability has been detected in Wavlink WL-WN570HA1 R70HA1 V1410221110. Impacted is the function setsyscmd of the file /cgi-bin/adm.cgi. Such manipulation of the argument command leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed...

EUVD-2026-26830

A security vulnerability has been detected in Wavlink WL-WN570HA1 R70HA1 V1410221110. Impacted is the function setsyscmd of the file /cgi-bin/adm.cgi. Such manipulation of the argument command leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed...

CVE-2026-7690 Wavlink WL-WN570HA1 adm.cgi set_sys_adm command injection

A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410221110. This issue affects the function setsysadm of the file /cgi-bin/adm.cgi. This manipulation of the argument Username causes command injection. It is possible to initiate the attack remotely. The exploit has been made availabl...

CVE-2026-7683

A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. The exploit has bee...

CVE-2026-7685

A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor...

CVE-2026-7685 Edimax BR-6208AC setWAN buffer overflow

A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor...

EUVD-2026-26823

A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor...

CVE-2026-7685

A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor...

CVE-2026-7682

Edimax BR-6208AC (firmware 1.02) contains a vulnerability in the L2TP Mode setWAN function (/goform/setWAN). The L2TPUserName parameter can be manipulated to induce command injection. The issue is exploitable remotely and has publicly disclosed PoC/exploit code. Vendor did not respond to disclosu...

JD Cloud JDCOS 注入漏洞

JD Cloud JDCOS is a cloud object storage service provided by JD.com, a Chinese e-commerce company. The version JD Cloud JDCOS 4.5.1.r4518 contains a vulnerability due to an injection flaw in the Service Interface component. This flaw stems from the function setiptvinfo in the file/jdcap, which...

Edimax BR-6208AC 注入漏洞

The Edimax BR-6208AC is a wireless router produced by Edimax of Taiwan, China. Version 1.02 of the Edimax BR-6208AC has a vulnerability related to injection attacks. This vulnerability stems from the setWAN function in the L2TP Mode component, which processes the L2TPUserName parameter. This coul...

RockyLinux 10 : libcap (RLSA-2026:12423)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:12423 advisory. libcap: libcap: Privilege escalation via TOCTOU race condition in capsetfile CVE-2026-4878 Tenable has extracted the preceding description block directly from t...

PT-2026-36722

Name of the Vulnerable Software and Affected Versions JD Cloud JDCOS version 4.5.1.r4518 Description A flaw in the Service Interface component allows remote command injection. The issue exists within the set iptv info function of the '/jdcap' file, where improper handling of the vid argument...

PT-2026-36694

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN570HA1 version R70HA1 V1410 221110 Description A command injection issue exists that allows remote attackers to execute arbitrary commands. The flaw is located in the set sys adm function within the '/cgi-bin/adm.cgi' endpoint,...

SUSE CVE-2026-31695

In the Linux kernel, the following vulnerability has been resolved: wifi: virtwifi: remove SETNETDEVDEV to avoid use-after-free Currently we execute SETNETDEVDEVdev, &priv-lowerdev-dev for the virtwifi net devices. However, unregistering a virtwifi device in netdevruntodo can happen together with...

Linux Distros Unpatched Vulnerability : CVE-2026-43019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: hciconn: fix potential UAF in setcigparamssync hciconn lookup and field access must be covered by hdev lock in setcigparamssync, otherwise it's...

AlmaLinux 10 : libcap (ALSA-2026:12423)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:12423 advisory. libcap: libcap: Privilege escalation via TOCTOU race condition in capsetfile CVE-2026-4878 Tenable has extracted the preceding description block directly from th...