CVE-2026-36611

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory to unauthenticated adjacent network attackers...

CVE-2026-36612

The CVE-2026-36612 entry affects Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909, where WPS 2.0 is enabled by default and protected by a weak lockout policy (60 seconds after 10 attempts). This concrete detail indicates a potential risk for WPS-based authentication; no exploitation detai...

CVE-2026-36609

Mercusys AC12G (EU) V1 router affected. The vulnerability stems from a static authentication nonce that does not change between requests from the same source IP, compounded by a predictable XOR-based password encoding (securityEncode). This combination enables an attacker who captures authenticat...

EUVD-2026-34150

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory to unauthenticated adjacent network attackers...

CVE-2026-45719 Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API

Budibase is an open-source low-code platform. Prior to 3.38.1, the V1 Views API POST /api/views accepts a calculation parameter from the request body that is interpolated directly into a CouchDB reduce function definition without validation. Although an internal SCHEMAMAP object defines the valid...

CVE-2026-45719

Budibase is vulnerable to CouchDB reduce injection via the V1 Views API (POST /api/views) where the calculation parameter is interpolated into a CouchDB reduce function without validation. A Builder-permission user can inject arbitrary JavaScript into the reduce function, which CouchDB executes w...

CVE-2026-45719 Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API

Budibase is an open-source low-code platform. Prior to 3.38.1, the V1 Views API POST /api/views accepts a calculation parameter from the request body that is interpolated directly into a CouchDB reduce function definition without validation. Although an internal SCHEMAMAP object defines the valid...

PT-2026-44065

Name of the Vulnerable Software and Affected Versions Archer BE450 v1 Archer BE7200 v1 Description An authenticated command injection allows an administrator to execute arbitrary system commands through the web management interface. By using the browser developer console, a crafted input can be...

CVE-2026-41164

nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...

CVE-2026-41164 nuts-node: JWT type confusion in v1 access token introspection allows VP replay as access token

nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...

TP-Link多款产品 安全漏洞

TP-Link Archer RE650, among others, are products of the Chinese company TP-Link. The TP-Link Archer RE650 is a dual-band Gigabit wireless signal extender. The TP-Link Archer RE305 is also a dual-band Gigabit wireless signal extender. The TP-Link Archer RE360 is a wireless repeater that supports...

GHSA-99VC-2JX2-688P NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion

Summary The uploadViaURL path in the v1/v2 attachment API did not enforce NCATTACHMENTFIELDSIZE against the remote content-length or against the response stream. An authenticated user Editor+ could direct the server to download arbitrarily large files, exhausting disk space and causing denial of...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevents potential Spectre v1 exploits. It seems that cmd could be a Spectre v1 exploit, as it is provided by a user and used as an array index. This vulnerability prevents the contents of kernel memory from being leake...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021618)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021618 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in fibmetricsmatch if !type continue; if type RTAXMAX...

CVE-2026-23558

The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...

CVE-2026-23558 grant table v2 race in status page mapping

The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...

Garmin WDU 安全漏洞

Garmin WDU is a wireless data unit developed by Garmin Corporation, designed for data updates and maintenance of aviation electronic devices. Both the Garmin WDU v1 1.4.6 version and v2 5.0 version contain security vulnerabilities. These vulnerabilities stem from authentication bypasses, allowing...

EUVD-2026-29791

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in the ZealFS filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted ZealFS v1 filesystem image. An attacker-controlled BitmapSize field in the...

CVE-2026-42446

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in the ZealFS filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted ZealFS v1 filesystem image. An attacker-controlled BitmapSize field in the...

CVE-2026-42446

CVE-2026-42446 affects NanaZip through versions 5.0.1252.0–before 6.0.1698.0. A stack-based out-of-bounds read occurs in the ZealFS filesystem image parser when opening a crafted ZealFS v1 image. The vulnerability is triggered by an attacker-controlled BitmapSize field in the file header, driving...