PT-2026-36911

Name of the Vulnerable Software and Affected Versions WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 Description An OS command injection issue exists in the 'internet.cgi' binary. Unauthenticated remote attackers can execute arbitrary shell commands by injecting malicious input into the...

D-Link DIR-600L 信任管理问题漏洞

The D-Link DIR-600L is an entry-level wireless router from D-Link Corporation. It supports 150Mbps wireless transmission and has 4 Gigabit wired ports. There is a trust management vulnerability in the D-Link DIR-600L Hardware Revision A1. This vulnerability stems from a hard-coded telnet backdoor...

nimrc 1.0.0

nimrm is a native WinRM interactive shell client written in Nim. It's designed to be a compact and fast tool for system administration and authorized security testing. Key features include NTLM and Kerberos authentication, in-memory operations, file transfers, OPSEC awareness, and cross platform...

Joern 4.0.532

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

PT-2026-36912

Name of the Vulnerable Software and Affected Versions WDR201A WiFi Extender HW V2.1 FW LFMZX28040922V1.02 Description An OS command injection issue exists in the 'makeRequest.cgi' binary. Unauthenticated remote attackers can execute arbitrary shell commands by injecting malicious input into the s...

Important: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode...

Astra Linux – Vulnerability in emacs

GNU Emacs version 28.2 allows attackers to execute commands using shell metacharacters within the name of a source-code file. This is because the lib-src/etags.c file uses a system C library function in its implementation of the etags program. For example, a victim might use the “etags -u ” comma...

Astra Linux – Vulnerability in emacs

GNU Emacs version 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file. This is because lib-src/etags.c uses the system’s C library function in its implementation of the ctags program. For example, a victim might use the “ctags ” command as suggeste...

Astra Linux – Vulnerability in sssd

A flaw was discovered in SSSD, where the sssctl command was vulnerable to shell command injection through the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into executing a specially crafted sssctl command, such as using sudo, in order to gain root...

Astra Linux – Vulnerability in maven-shared-utils

In Apache Maven’s maven-shared-utils before version 3.3.3, the Commandline class could generate double-quoted strings without proper escaping, allowing for shell injection attacks...

Astra Linux – Vulnerability in emacs

org-babel-execute: latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters...

Astra Linux – Vulnerability in Zabbix

The Zabbix Agent 2 item key “smart.disk.get” does not sanitize its parameters before passing them to a shell command, which may lead to a vulnerability for remote code execution...

Astra Linux – Vulnerability in xorg-server

A heap buffer overflow flaw was discovered in the DisableDevice function of the X.Org server. This issue may cause an application to crash, or in some cases, lead to remote code execution in SSH X11 forwarding environments...

Astra Linux – Vulnerability in emacs

A vulnerability was discovered in GNU Emacs through version 28.2. The htmlfontify.el script has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir parameters come from external inputs, and these parameters are not escaped properly. If a...

Exploit for Missing Authentication for Critical Function in Cpanel

POCCVE-2026-41940 Quick start bash python3 pocCVE-202...

OESA-2026-2157 mysql security update

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. %if Security Fixes:...

OESA-2026-2156 mysql security update

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. %if Security Fixes:...

OESA-2026-2155 mysql security update

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. %if Security Fixes:...

summary-awi-poc

summary-awi-poc Public proof-of-concept repository for valida...

[slackware-security] kernel

New kernel packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/linux-5.15.204/kernel-generic-5.15.204-i586-1.txz: Upgraded. This update fixes a critical security issue: An out-of-bounds write in t...