CVE-2026-48961

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...

CVE-2026-48961 IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...

CVE-2026-48961

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...

CVE-2026-48961 IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...

CVE-2026-48961

CVE-2026-48961 affects IO::Compress for Perl: versions 2.207 through 2.219 include a bug in the bundled zipdetails CLI tool where decoding an Info-ZIP Unix Extra Field (tag 0x7875) with UID/GID size 8 triggers a misnamed function call unpackValueQ, causing an undefined subroutine error and exit (...

CVE-2026-7469

A vulnerability was detected in Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01. This impacts the function sub425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper lock checking when subroutines exit abnormally, potentially leading to locks acquired by...

CVE-2026-3579

wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions sp256mul9, sp256sqr9, etc., leading to a timing...

CVE-2025-13686

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component...

CVE-2025-13686

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component...

CVE-2025-13686 DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component...

CVE-2025-13686 DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component...

IBM DataStage on Cloud Pak for Data 操作系统命令注入漏洞

IBM DataStage on Cloud Pak for Data is an enterprise-level data integration solution provided by IBM Corporation. Versions 5.1.2 to 5.3.0 of IBM DataStage on Cloud Pak for Data contain a vulnerability related to operating system command injection. This vulnerability stems from improper input...

PT-2026-22816

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment (CVE-2025-13686, CVE-2025-13687, CVE-2025-13688)

Summary Runtime environment is used by DataStage on Cloud Pak for Data as part of upload file processing. Vulnerability Details CVEID:CVE-2025-13686 DESCRIPTION: DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands with normal user privileges on the syst...

CVE-2026-2138

A vulnerability was found in Tenda TX9 up to 22.03.02.10multi. Affected is the function sub42D03C of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2026-0641 TOTOLINK WA300 cstecgi.cgi sub_401510 command injection

A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112B20190227. This vulnerability affects the function sub401510 of the file cstecgi.cgi. The manipulation of the argument UPLOADFILENAME leads to command injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-50401

Mercury D196G d196gv1-cn-up2020-01-0911.21.44 is vulnerable to Buffer Overflow in the function sub404CAEDC via the parameter password...

CVE-2025-63466

Totolink LR350 v9.3.5u.6369B20220309 was discovered to contain a stack overflow via the password parameter in the sub426EF8 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

ROS-20251020-05

Vulnerability in the audit subroutine of the enterprise information archiving platforms Vault Enterprise and Vault Community Edition is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by sending...