Aggregator

Submit #825241 / VDB-367551

A vulnerability was found in decolua 9router up to 0.4.0. It has been classified as critical. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. This vulnerability is uniquely identified as CVE-2026-10269. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

Submit #825224 / VDB-367550

Submit #825198 / VDB-367549

Как им удалось разгадать тайну нитрогеназы на классических алгоритмах.

A vulnerability was found in janet-lang janet up to 1.41.0 and classified as problematic. This vulnerability affects the function unmarshal_one_fiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. This vulnerability is handled as CVE-2026-10268. It is possible to launch the attack on the local host. Additionally, an exploit exists. A patch should be applied to remediate this issue.

A vulnerability has been found in janet-lang janet up to 1.41.0 and classified as problematic. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. This vulnerability is known as CVE-2026-10267. Attacking locally is a requirement. Furthermore, an exploit is available.

Submit #825188 / VDB-367548

Submit #825075 / VDB-367547

Submit #825072 / VDB-367546

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. [...]

A vulnerability was found in Linux Kernel up to 6.6.139/6.12.87/6.18.29/7.0.6/7.1-rc3. It has been rated as critical. This impacts the function make_task_dead of the component exit. Performing a manipulation results in use after free. This vulnerability is cataloged as CVE-2026-46173. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is advised.

A vulnerability described as critical has been identified in Linux Kernel up to 6.6.140/6.12.89/6.18.31/7.0.6. Affected by this issue is the function create_space_info_sub_group of the component btrfs. Such manipulation leads to double free. This vulnerability is documented as CVE-2026-46164. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.87/6.18.29/7.0.6/7.1-rc2. This vulnerability affects the function ieee80211_dfs_cac_cancel of the component wifi. Executing a manipulation can lead to use after free. This vulnerability appears as CVE-2026-46166. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Linux Kernel up to 6.18.29/7.0.6. This issue affects the function f2fs_sync_node_pages of the component f2fs. Performing a manipulation results in improper synchronization. This vulnerability is known as CVE-2026-46175. Access to the local network is required for this attack. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Aider-AI Aider 0.86.3. Affected by this issue is some unknown functionality of the component Code Generation Workflow. Executing a manipulation can lead to sql injection. This vulnerability is handled as CVE-2026-10176. The attack can be executed remotely. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability classified as critical was found in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminEditAlbum.php. The manipulation of the argument ID results in sql injection. This vulnerability was named CVE-2026-10178. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability, which was classified as critical, has been found in TRENDnet TEW-432BRP 3.10B20. This issue affects the function formSetWlanEncrypt of the file /goform/formSetWlanEncrypt. This manipulation of the argument webpage causes stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2026-10179. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities."

A vulnerability, which was classified as critical, was found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is referenced as CVE-2026-10180. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities."

梳理出与“网络空间安全”明确相关的受理项目共3项