MAL-2026-4354 Malicious code in mistral-workflows-plugins-mistralai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 012c4d9df9467f9847a67be15a746ea186f36d3310d278ca9409d531f5026e12 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-4353 Malicious code in mistral-workflows (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 845e7d9c00baa23350d566fee80621733db4faa141eea3f1f983d86b15fb020a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2026-5222

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

CVE-2026-9443 Edimax BR-6478AC POST Request formL2TPSetup buffer overflow

A security vulnerability has been detected in Edimax BR-6478AC 1.23. This vulnerability affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. The manipulation of the argument L2TPUserName leads to buffer overflow. The attack may be initiated...

Openfire Administration Console - Authentication Bypass

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in hackney versions prior to 0.9.0 through 4.0.1, which stems from a lack of CRLF sequence checking of the domain and path options in the cookie setup function, which could lead to HTTP response splitting...

CVE-2026-9401

A vulnerability has been found in Edimax BR-6675nD 1.12. Impacted is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to buffer overflow. The attack can be initiated remotely. The exploit...

CVE-2026-9401 Edimax BR-6675nD POST Request formWanTcpipSetup buffer overflow

A vulnerability has been found in Edimax BR-6675nD 1.12. Impacted is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to buffer overflow. The attack can be initiated remotely. The exploit...

CVE-2026-9382

A flaw has been found in Edimax BR-6675nD 1.12. Affected by this issue is the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Executing a manipulation of the argument pptpUserName can lead to buffer overflow. The attack may be launched remotely. The...

CVE-2026-9380

A security vulnerability has been detected in Edimax BR-6675nD 1.12. Affected is the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to buffer overflow. The attack can be launched remotely. The...

CVE-2026-9382

Edimax BR-6675nD (firmware 1.12) is affected by a buffer overflow in the POST Request Handler’s formPPTPSetup function, triggered by manipulating the pptpUserName argument. The vulnerability allows a remote attacker to exploit via network access (no user interaction required) and has a published ...

CVE-2026-9381

The CVE describes a buffer overflow in Edimax BR-6675nD firmware version 1.12 affecting the POST Request Handler’s formPPPoESetup function (file /goform/formPPPoESetup). The issue is triggered by manipulating the pppUserName argument, potentially allowing remote exploitation. Public exploit infor...

CVE-2026-9381 Edimax BR-6675nD POST Request formPPPoESetup buffer overflow

A vulnerability was detected in Edimax BR-6675nD 1.12. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in buffer overflow. The attack may be...

EUVD-2026-31592

A security vulnerability has been detected in Edimax BR-6675nD 1.12. Affected is the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to buffer overflow. The attack can be launched remotely. The...

CVE-2026-9363

A vulnerability was detected in Edimax EW-7438RPn 1.12. This issue affects the function formEZCHNwlanSetup of the file /goform/formEZCHNwlanSetu of the component POST Request Handler. Performing a manipulation of the argument method results in command injection. Remote exploitation of the attack ...

PT-2026-42942

Name of the Vulnerable Software and Affected Versions Edimax BR-6675nD version 1.12 Description A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists within the formPPTPSetup function located in the '/goform/formPPTPSetup' endpoint when manipulating...

MAL-2026-4269 Malicious code in mistral-evals (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f79806b5d197ed3b6beeedfb7092ad6da36d1d186ad57dc12be0b030c63726c9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in the NGSetupRequest process. An attacker can cause memory corruption and potentially compromise confidentiality, integrity, and availability by sending specially crafted requests remotely. Remediation Upgrade...

CVE-2026-9300

A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corruption. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. It is best practic...

EUVD-2026-31534

A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corruption. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. It is best practic...