CVE-2026-10158 TRENDnet TEW-432BRP formPortFw stack-based overflow

A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. Affected is the function formPortFw of the file /goform/formPortFw. The manipulation of the argument servername results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released t...

EUVD-2026-33316

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: octeonep: fixed a potential memory leak in octepdevicesetup. When errors such as unsupporteddev and mbox init occur, the variables oct-conf and iounmap oct-mmioi.hwaddr were not freed properly. This could lead to a memory leak...

CVE-2026-5979

D-Link DIR-605L, firmware 2.13B01, has a vulnerability in the POST Request Handler’s function formVirtualServ. The bug arises from manipulating the curTime argument, causing a buffer overflow. This enables a remote attack, with the exploit publicly available, and affects devices no longer support...

CVE-2026-5024

The report concerns D-Link DIR-513 (1.10). A vulnerability in the formSetEmail function (/goform/formSetEmail) arises from manipulating the curTime argument, causing a stack-based buffer overflow. The flaw is remotely exploitable and an exploit has been published. The affected product is no longe...

CVE-2026-4555

CVE-2026-4555 affects D-Link DIR-513 devices (1.10) with the boa component. The vulnerability lies in formEasySetTimezone (/goform/formEasySetTimezone): manipulating curTime triggers a stack-based buffer overflow. The issue is exploitable remotely, and the public exploit exists. Reports indicate ...

CVE-2026-23160

In the Linux kernel, the following vulnerability has been resolved: octeonep: Fix memory leak in octepdevicesetup In octepdevicesetup, if octepctrlnetinit fails, the function returns directly without unmapping the mapped resources and freeing the allocated configuration memory. Fix this by jumpin...

CVE-2026-23160 octeon_ep: Fix memory leak in octep_device_setup()

In the Linux kernel, the following vulnerability has been resolved: octeonep: Fix memory leak in octepdevicesetup In octepdevicesetup, if octepctrlnetinit fails, the function returns directly without unmapping the mapped resources and freeing the allocated configuration memory. Fix this by jumpin...

CVE-2026-23160

CVE-2026-23160 affects the Linux kernel octep (octeon_ep) path. The vulnerability arises when octep_ctrl_net_init() fails inside octep_device_setup(): resources remain mapped and configuration memory isn’t freed, causing a memory leak. A patch introduces a cleanup jump to the unsupported_dev labe...

PT-2026-7209

Name of the Vulnerable Software and Affected Versions D-Link DCS-931L versions up to 1.13.0 Description A flaw exists in D-Link DCS-931L up to version 1.13.0 that allows for operating system command injection. This occurs through manipulation of the AdminID argument within the /goform/setSysAdmin...

CVE-2026-2163 D-Link DIR-600 ssdp.cgi command injection

A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTPST/REMOTEADDR/REMOTEPORT/SERVERID leads to command injection. The attack may be launched remotely. The exploit is publicly availabl...

CVE-2026-2151

A vulnerability has been found in D-Link DIR-615 4.10. This affects an unknown part of the file advfirewall.php of the component DMZ Host Feature. Such manipulation of the argument dmzipaddr leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the...

CVE-2025-15258

A weakness has been identified in Edimax BR-6208AC 1.02/1.03. Affected by this issue is the function formALGSetup of the file /goform/formALGSetup of the component Web-based Configuration Interface. This manipulation of the argument wlan-url causes open redirect. The attack is possible to be...

CVE-2025-15257 Edimax BR-6208AC Web-based Configuration formRoute command injection

A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is the function formRoute of the file /gogorm/formRoute of the component Web-based Configuration Interface. The manipulation of the argument strIp/strMask/strGateway results in command injection. The...

CVE-2025-15256 Edimax BR-6208AC Web-based Configuration formStaDrvSetup command injection

A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads to command injection. Remote exploitation of the attack i...

EUVD-2025-197689

A vulnerability was found in D-Link DIR-816L 206b09beta. This vulnerability affects the function scandirmain of the file /portal/ajaxexporer.sgi. The manipulation of the argument en results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public a...

EUVD-2025-197697

A vulnerability was determined in D-Link DIR-816L 206b09beta. This issue affects the function soapcgimain of the file /soap.cgi. This manipulation causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. This...

CVE-2025-13188

A vulnerability was detected in D-Link DIR-816L 206b09beta. Affected by this vulnerability is the function authenticationcgimain of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. Remote exploitation of the attack is possible...

EUVD-2025-25013

Malicious code in bioql PyPI...

CVE-2025-10689

The CVE-2025-10689 entry concerns D-Link DIR-645 firmware (model 105B01). A vulnerability exists in the soapcgi_main function within /soap.cgi where manipulation of the service argument enables remote command injection. The issue can be exploited remotely and publicly available exploit code is no...