π¨ CVE-2025-46691
Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
π@cveNotify
Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
π@cveNotify
π¨ CVE-2025-55848
An issue was discovered in DIR-823 firmware 20250416. There is an RCE vulnerability in the set_cassword settings interface, as the http_casswd parameter is not filtered by '&'to allow injection of reverse connection commands.
π@cveNotify
An issue was discovered in DIR-823 firmware 20250416. There is an RCE vulnerability in the set_cassword settings interface, as the http_casswd parameter is not filtered by '&'to allow injection of reverse connection commands.
π@cveNotify
GitHub
iot_zone/ε½δ»€ζ§θ‘ζΌζ΄.md at main Β· meigui637/iot_zone
Contribute to meigui637/iot_zone development by creating an account on GitHub.
π¨ CVE-2025-11683
YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure
Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read
The issue is seen with complex YAML files with a hash of all keys and empty values. There is no indication that the issue leads to accessing memory outside that allocated to the module.
π@cveNotify
YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure
Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read
The issue is seen with complex YAML files with a hash of all keys and empty values. There is no indication that the issue leads to accessing memory outside that allocated to the module.
π@cveNotify
GitHub
Address memory corruption leading to 'str' value being set on empty keys by timlegge Β· Pull Request #65 Β· cpan-authors/YAML-Syck
When yaml is parsed, qstr is allocated
In cases when the keys point to empty values there is no value
copied to qstr and no null value is copied in
There may be a better check when the empty string...
In cases when the keys point to empty values there is no value
copied to qstr and no null value is copied in
There may be a better check when the empty string...
π¨ CVE-2025-14208
A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub_415028 of the file /goform/set_wan_settings. The manipulation of the argument ppp_username results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub_415028 of the file /goform/set_wan_settings. The manipulation of the argument ppp_username results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
GitHub
vuls/d-link/dir-823x/set_wan_settings.md at main Β· panda666-888/vuls
Contribute to panda666-888/vuls development by creating an account on GitHub.
π¨ CVE-2025-58402
The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users.
π@cveNotify
The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users.
π@cveNotify
cert.pl
Vulnerabilities in CGM CLININET and CGM NETRAAD software
CERT Polska has received reports about 8 vulnerabilities found in CGM CLININET and CGM NETRAAD software.
π¨ CVE-2025-58405
The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frameβbusting protections were detected. As a result, an attacker can embed the application inside a maliciously crafted IFRAME and trick users into performing unintended actions, including potentially bypassing CSRF/XSRF defenses.
π@cveNotify
The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frameβbusting protections were detected. As a result, an attacker can embed the application inside a maliciously crafted IFRAME and trick users into performing unintended actions, including potentially bypassing CSRF/XSRF defenses.
π@cveNotify
cert.pl
Vulnerabilities in CGM CLININET and CGM NETRAAD software
CERT Polska has received reports about 8 vulnerabilities found in CGM CLININET and CGM NETRAAD software.
π¨ CVE-2025-58406
The CGM CLININET application respond without essential security HTTP headers, exposing users to clientβside attacks such as clickjacking, MIME sniffing, unsafe caching, weak crossβorigin isolation, and missing transport security controls.
π@cveNotify
The CGM CLININET application respond without essential security HTTP headers, exposing users to clientβside attacks such as clickjacking, MIME sniffing, unsafe caching, weak crossβorigin isolation, and missing transport security controls.
π@cveNotify
cert.pl
Vulnerabilities in CGM CLININET and CGM NETRAAD software
CERT Polska has received reports about 8 vulnerabilities found in CGM CLININET and CGM NETRAAD software.
π¨ CVE-2026-3336
Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer.
Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.
π@cveNotify
Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer.
Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.
π@cveNotify
π¨ CVE-2026-3337
Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis.
The impacted implementations are through the EVP CIPHER API: EVP_aes_128_ccm, EVP_aes_192_ccm, and EVP_aes_256_ccm.
Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.
π@cveNotify
Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis.
The impacted implementations are through the EVP CIPHER API: EVP_aes_128_ccm, EVP_aes_192_ccm, and EVP_aes_256_ccm.
Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.
π@cveNotify
π¨ CVE-2024-57854
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator.
Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors.
Data::Rand::Obscure uses Perl's built-in rand() function, which is not suitable for cryptographic functions.
π@cveNotify
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator.
Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors.
Data::Rand::Obscure uses Perl's built-in rand() function, which is not suitable for cryptographic functions.
π@cveNotify
π¨ CVE-2025-15035
Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: β€ build 20250107.
π@cveNotify
Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: β€ build 20250107.
π@cveNotify
GitHub
u42-vulnerability-disclosures/2025/PANW-2025-0004 at main Β· PaloAltoNetworks/u42-vulnerability-disclosures
Contribute to PaloAltoNetworks/u42-vulnerability-disclosures development by creating an account on GitHub.
π¨ CVE-2026-28466
OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in which it fails to sanitize internal approval fields in node.invoke parameters, allowing authenticated clients to bypass exec approval gating for system.run commands. Attackers with valid gateway credentials can inject approval control fields to execute arbitrary commands on connected node hosts, potentially compromising developer workstations and CI runners.
π@cveNotify
OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in which it fails to sanitize internal approval fields in node.invoke parameters, allowing authenticated clients to bypass exec approval gating for system.run commands. Attackers with valid gateway credentials can inject approval control fields to execute arbitrary commands on connected node hosts, potentially compromising developer workstations and CI runners.
π@cveNotify
GitHub
refactor(gateway): centralize node.invoke param sanitization Β· openclaw/openclaw@0af76f5
Your own personal AI assistant. Any OS. Any Platform. The lobster way. π¦ - refactor(gateway): centralize node.invoke param sanitization Β· openclaw/openclaw@0af76f5
π¨ CVE-2026-28467
OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTP(S) URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can trigger SSRF to internal resources and exfiltrate fetched response bytes as outbound attachments.
π@cveNotify
OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTP(S) URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can trigger SSRF to internal resources and exfiltrate fetched response bytes as outbound attachments.
π@cveNotify
GitHub
fix: guard remote media fetches with SSRF checks Β· openclaw/openclaw@81c68f5
Your own personal AI assistant. Any OS. Any Platform. The lobster way. π¦ - fix: guard remote media fetches with SSRF checks Β· openclaw/openclaw@81c68f5
π¨ CVE-2026-3808
A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
π@cveNotify
A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
π@cveNotify
GitHub
Tenda_vul/tenda-fh1202-webtypelibrary-websiteid-buffer-overflow at main Β· Svigo-o/Tenda_vul
Contribute to Svigo-o/Tenda_vul development by creating an account on GitHub.
π¨ CVE-2026-3809
A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.
π@cveNotify
A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.
π@cveNotify
GitHub
Tenda_vul/tenda-fh1202-natsaticsetting-page-buffer-overflow at main Β· Svigo-o/Tenda_vul
Contribute to Svigo-o/Tenda_vul development by creating an account on GitHub.
π¨ CVE-2025-54236
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
π@cveNotify
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
π@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Commerce | APSB25-88
β€1π1
π¨ CVE-2025-15545
The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attacker to gain root-level command execution, compromising confidentiality, integrity and availability.
π@cveNotify
The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attacker to gain root-level command execution, compromising confidentiality, integrity and availability.
π@cveNotify
Nico's Security Research
Discovering and Chaining Vulnerabilities in a TP-Link Range Extender (CVE-2025-15545) β A Research Walkthrough
Description
During the research process on the TP-Link Archer RE605X range extender, multiple security issues were identified.
An initial weakness in the control panel authentication mechanism allows an adjacent unauthenticated attacker to intercept sessionβ¦
During the research process on the TP-Link Archer RE605X range extender, multiple security issues were identified.
An initial weakness in the control panel authentication mechanism allows an adjacent unauthenticated attacker to intercept sessionβ¦
π¨ CVE-2025-15509
The SmartRemote module has insufficient restrictions on loading URLs, which may lead to some information leakage.
π@cveNotify
The SmartRemote module has insufficient restrictions on loading URLs, which may lead to some information leakage.
π@cveNotify
π¨ CVE-2025-15567
Insufficient protection mechanisms in the Health Module may lead to partial information disclosure.
π@cveNotify
Insufficient protection mechanisms in the Health Module may lead to partial information disclosure.
π@cveNotify
π¨ CVE-2026-3404
A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulation can lead to xml external entity reference. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulation can lead to xml external entity reference. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify