PT-2026-45796

TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to...

CVE-2026-34127

A stored cross-site scripting XSS vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration parameter during configuration file import. An attacker with administrator access can inject malicious scrip...

Mesalvo Meona Client Launcher Component和Mesalvo Meona Server Component 代码注入漏洞

The Mesalvo Meona Client Launcher Component and the Mesalvo Meona Server Component are both products of the Mesalvo company. The Mesalvo Meona Client Launcher Component is a component designed for launching clients of medical information systems and facilitating application access. The Mesalvo...

MAL-2026-3509 Malicious code in pp-react-v5 (npm)

pp-react-v5 is a dependency confusion package published at the inflated version 10.0.0 to win npm resolution over any internally-hosted package of the same name. The package contains only a package.json with no functional source code. On installation the preinstall script executes a wget command...

Malicious code in pp-react-v5 (npm)

pp-react-v5 is a dependency confusion package published at the inflated version 10.0.0 to win npm resolution over any internally-hosted package of the same name. The package contains only a package.json with no functional source code. On installation the preinstall script executes a wget command...

Zebra v4.4.0 still accepts V5 SIGHASH_SINGLE without a corresponding output

Consensus Divergence in V5 Transparent SIGHASHSINGLE With No Corresponding Output Summary Zebra failed to enforce a ZIP-244 consensus rule for V5 transparent transactions: when an input is signed with SIGHASHSINGLE and there is no transparent output at the same index as that input, validation mus...

CVE-2026-6521

A flaw was found in Wireshark. The OpenFlow v5 protocol dissector contains an infinite loop vulnerability. A remote attacker could exploit this by sending a specially crafted packet, leading to a denial of service DoS condition, making the application unresponsive. Mitigation To reduce exposure,...

CVE-2026-6521

OpenFlow v5 protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-6521

OpenFlow v5 protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-36841

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...

EUVD-2026-26231

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...

GHSA-W5HQ-G745-H8PQ uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided

Summary The v3, v5, and v6 API methods not uuid release versions accept external output buffers but do not reject out-of-range writes small buf or large offset. By contrast, v4, v1, and v7 API methods explicitly throw RangeError on invalid bounds. This inconsistency allows silent partial writes...

EUVD-2026-24746

An insecure direct object reference IDOR vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerable authenticated resources in the application. The vulnerable endpoints result from:...

CVE-2026-5750

An insecure direct object reference IDOR vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerable authenticated resources in the application. The vulnerable endpoints result from:...

CVE-2026-5750 Insecure direct object reference (IDOR) vulnerability in Fullstep

An insecure direct object reference IDOR vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerable authenticated resources in the application. The vulnerable endpoints result from:...

Fullstep 访问控制错误漏洞

Fullstep is a corporate procurement and supply chain management platform developed by Fullstep Inc. The Fullstep V5 version contains an access control vulnerability. This vulnerability stems from insufficient access control during the registration process, allowing unauthenticated users to obtain...

PT-2026-34332

Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise th...

Malicious code in ing-web-v5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f32dd0f0eff32e970526305378a6623e9af62ab133ddcf04a21aa92f1eb95f26 The package ing-web-v5 was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2822 Malicious code in ing-web-v5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f32dd0f0eff32e970526305378a6623e9af62ab133ddcf04a21aa92f1eb95f26 The package ing-web-v5 was found to contain malicious code. Source: ossf-package-analysis...

PT-2026-36059

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 Description The OpenFlow v5 protocol dissector contains a flaw that can lead to infinite loops, resulting in a denial of service. Recommendations Update Wireshark...