TOTOLINK CX-A3002RU - Remote Code Execution

An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote...

CVE-2026-48500

Summary: Filament (Laravel components) had an unauthenticated temporary file upload issue on some auth-related schemas. Affected versions: 3.0.0–3.3.52, 4.11.5, and 5.6.5. Root cause: The Livewire component embeddings could apply WithFileUploads to forms that don’t require uploads, allowing unaut...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, a malicious RDP server could trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input AUDIN format lists. The audinprocessformats function reuses the callback-formatscount...

CVE-2026-48988

markdown-it is affected by a Denial-of-Service vulnerability (CVE-2026-48988) when typographer: true is enabled. Versions 14.1.1 and earlier process smartquotes with a quadratic time complexity due to repeated uses of replaceAt(), causing high CPU usage on quote-heavy inputs. The issue can degrad...

CVE-2025-69111

Unauthenticated PHP Object Injection in Reisen = 1.4.1 versions...

CVE-2026-46908

Technical details about CVE-2026-46908 are not publicly available in the provided documents. Monitor for updates from official sources.

CVE-2026-48777

CVE-2026-48777 — FileBrowser Quantum has a path-traversal in the public share PATCH endpoint. Versions prior to 1.3.2-stable, 1.4.0-beta, and 1.4.1-beta allow an attacker with a public share link that has AllowModify=true to move, copy, or rename files outside the share root by abusing publicPatc...

PRTG Network Monitor - Local File Inclusion

PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges including administrator. A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local...

EUVD-2026-36781

An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...

CVE-2026-5242

The CVE-2026-5242 entry concerns MIA Technology Inc.’s Pizzy Library. A vulnerability in CSV handling arises from improper neutralization of formula elements, enabling Code Injection. Affected versions are 1.0.0.26250 up to (but not including) 1.3.9.26250. CVSS‑3.1 scoring is 8.8 (HIGH): Network ...

PT-2026-49200

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This...

CVE-2026-47292

Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally...

CVE-2026-42987 Windows Deployment Services (WDS) Remote Code Execution

...

CVE-2026-47287 Visual Studio Code Tampering Vulnerability

...

PT-2026-47330

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 SHAttered. Version 4.1.4 fixes the issue...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by the American company Google. Google Chrome has a vulnerability related to input validation, which stems from Skia’s insufficient validation of untrusted inputs...

CVE-2026-29199

phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When forceservervars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset link URL. An attacker who can manipulate the Hos...

PT-2026-48562

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-24 Description ImageMagick is free and open-source software used for editing and manipulating digital images. A negative heap buffer over-write occurs when using an image with a mask and the Floyd-Steinberg...

@accounter/client (>=0.0.3 <=0.0.12-alpha-20260427054851-6925deba4595cf0c72d3875df0a094608b394a27), @appigram/react-code-split-ssr (=1.3.7) +159 more potentially affected by CVE-2026-42211 via react-router (>=7.0.0 <=7.14.1)

react-router NPM version =7.0.0, =0.0.3, =0.0.2, =3.5.2, =1.1.0, =1.0.1-MON-198808-web-js-deps-batch-1.0, =0.0.1, =3.4.9, =0.1.9, =0.3.1, =0.5.1 and more Source cves: CVE-2026-42211 Source advisory: OSV:GHSA-49RJ-9FVP-4H2H...

CVE-2026-48811

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...