EUVD-2026-20855

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been...

EUVD-2026-20841

A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up to 1.0.1. This impacts the function server.setRequestHandler of the file index.ts. Such manipulation of the argument Identifier leads to command injection. The attack must be carried out locally. The exploit has been...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview mcp-server-taskwarrior is a MCP server for taskwarrior Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the server.setRequestHandler function. An attacker can execute arbitrary command...

CVE-2026-5851

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be executed remotely. The exploi...

RLSA-2026:6445 Important: libpng12 security update

The libpng12 package provides libpng 1.2, which is the previous version of the libpng library for manipulating PNG Portable Network Graphics image format files. This version should be used in case that it is not possible to use the current version of libpng. Security Fixes: libpng: LIBPNG has a...

libpng12 security update

An update is available for libpng12. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libpng12 package provides libpng 1.2, which is the previous version of t...

CVE-2026-5851

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be executed remotely. The exploi...

CVE-2026-5844

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been...

CVE-2026-5844

The CVE-2026-5844 entry describes a vulnerability in D-Link DIR-882 (firmware 1.01B02) affecting the HNAP1 SetNetworkSettings handler, specifically the prog.cgi function sprintf. Manipulating the IPAddress argument triggers an OS command injection, with remote exploitation possible. Public exploi...

CVE-2026-5844

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been...

CVE-2026-5844 D-Link DIR-882 HNAP1 SetNetworkSettings prog.cgi sprintf os command injection

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been...

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version has a vulnerability related to operating system command injection. This vulnerability stems from an error in the setWiFiEasyCfg function in the /cgi-bin/cstecgi.cgi...

PT-2026-31741

Name of the Vulnerable Software and Affected Versions D-Link DIR-605L version 2.13B01 Description A flaw exists in the formSetMACFilter function of the /goform/formSetMACFilter file within the POST Request Handler component. Manipulation of the curTime argument can cause a buffer overflow,...

RockyLinux 8 : libpng15 (RLSA-2026:6439)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:6439 advisory. libpng: LIBPNG has a heap buffer overflow in pngsetquantize CVE-2026-25646 Tenable has extracted the preceding description block directly from the RockyLinux...

RockyLinux 8 : libpng12 (RLSA-2026:6445)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:6445 advisory. libpng: LIBPNG has a heap buffer overflow in pngsetquantize CVE-2026-25646 Tenable has extracted the preceding description block directly from the RockyLinux...

PT-2026-31831

A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be...

PT-2026-31782

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openai model, openai key, and openai base without validating that these values do not contain commas. gcloud...

PT-2026-31585

Name of the Vulnerable Software and Affected Versions D-Link DIR-882 version 1.01B02 Description A flaw exists in the sprintf function within the prog.cgi file of the HNAP1 SetNetworkSettings Handler component. Manipulation of the IPAddress argument can lead to operating system command injection...

PT-2026-31738

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A weakness exists in Totolink A7100RU version 7.4cu.2313 b20191024. The setWiFiBasicCfg function within the /cgi-bin/cstecgi.cgi file of the CGI Handler component is affected...

CVE-2026-34757

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...