MAL-2026-6274 Malicious code in web3-token-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c826bf782895b60580b94e3a28a2c4562d3742420ce81e9895ad8568da57890 The package advertises itself as a Web3 fee utility but its main export is a dropper. index.js line 140 base64-decodes a platform-specific command...

D-Link DIR-3040 1.13B03 - Information Disclosure

D-Link DIR-3040 1.13B03 is susceptible to information disclosure in the Syslog functionality. A specially crafted HTTP network request can lead to the disclosure of sensitive information. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute...

CVE-2026-12211 Intelbras iNVU 7016 FT Web syslog path traversal

A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been...

CVE-2026-12211 Intelbras iNVU 7016 FT Web syslog path traversal

A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been...

CVE-2026-12211

Intelbras iNVU 7016 FT (3.004.00IB000.0.T, build 2025-09-26) Web Interface contains a path traversal vulnerability in the /RPC2_Loadfile/syslog/ function. The flaw can be exploited remotely to manipulate files; exploit code has been published. A fixed version has been released by the vendor and u...

CVE-2026-54231

A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...

CVE-2026-54231 Abrt: unsanitized systemd journal content written to dump directory files enables content injection

A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...

Linux Distros Unpatched Vulnerability : CVE-2026-54231

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log...

CVE-2026-6025

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The...

org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames

A flaw was found in Apache Log4j Core. This vulnerability allows for log injection through the use of Carriage Return Line Feed CRLF sequences. This occurs because security-related configuration attributes were silently renamed, impacting users who directly configure Rfc5424Layout with stream-bas...

CVE-2026-10159

A weakness has been identified in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSysLog of the file /goform/formSysLog. This manipulation of the argument currentpage causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been mad...

CVE-2026-40828 Authenticated SQLi in DeleteSysLogEntry function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

PT-2026-43594

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Log4j ( CVE-2026-34477, CVE-2026-34478, CVE-2026-34479 & CVE-2026-34480 )

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Log4j. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addresse...

Astra Linux – Vulnerability in syslog-ng

An integer overflow in the RFC3164 parser in One Identity syslog-ng versions 3.0 through 3.37 allows remote attackers to cause a Denial of Service by manipulating crafted syslog inputs, which are mishandled by the TCP or network functions. Syslog-ng Premium Edition 7.0.30 and Syslog-ng Store Box...

Security update for kea

This update for kea fixes the following issues: Update to release 2.6.5. Security issues fixed: CVE-2026-3608: stack overflow error via specially crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemonsbsc1260380. Other updates and bugfixes: A null dereference is now ...

Security update for kea

This update for kea fixes the following issues: Update to release 2.6.5: A large number of bracket pairs in a JSON payload directed to any endpoint would result in a stack overflow, due to recursive calls when parsing the JSON. This has been fixed. CVE-2026-3608 bsc1260380 A null dereference is n...

SUSE CVE-2026-34477

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

CVE-2026-34478

A flaw was found in Apache Log4j Core. This vulnerability allows for log injection through the use of Carriage Return Line Feed CRLF sequences. This occurs because security-related configuration attributes were silently renamed, impacting users who directly configure Rfc5424Layout with stream-bas...

Linux Distros Unpatched Vulnerability : CVE-2026-34478

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.htmlRFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to lo...