Aggregator

A vulnerability was found in Edimax EW-7438RPn 1.31. It has been rated as critical. This impacts the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component webs. This manipulation of the argument selSSID/submit-url causes stack-based buffer overflow. This vulnerability is tracked as CVE-2026-9427. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Edimax EW-7438RPn 1.31. It has been declared as critical. This affects the function formHwSet of the file /goform/formHwSet. The manipulation of the argument Anntena/Mcs/regDomain/nic0Addr/nic1Addr/wlanAddr/wanAddr/wlanSSID/wlanChan/initgain/txcck/txofdm/submit-url results in stack-based buffer overflow. This vulnerability is identified as CVE-2026-9426. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Edimax EW-7438RPn 1.31. It has been classified as critical. The impacted element is the function formWlanMP of the file /goform/formWlanMP. The manipulation of the argument ateFunc/ateGain/ateTxCount/ateChan/ateRate/ateMacID/e2pTxPower1/e2pTxPower2/e2pTxPower3/e2pTxPower4/e2pTxPower5/e2pTxPower6/e2pTxPower7/e2pTx2Power1/e2pTx2Power2/e2pTx2Power3/e2pTx2Power4/e2pTx2Power5/e2pTx2Power6/e2pTx2Power7/ateTxFreqOffset/ateMode/ateBW/ateAntenna/e2pTxFreqOffset/e2pTxPwDeltaB/e2pTxPwDeltaG/e2pTxPwDeltaMix/e2pTxPwDeltaN/readE2P leads to stack-based buffer overflow. This vulnerability is referenced as CVE-2026-9425. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Edimax EW-7438RPn 1.31 and classified as critical. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component Content-Type Handler. Executing a manipulation of the argument ateFunc/ateGain/ateTxCount/ateChan/ateRate/ateMacID/e2pTxPower1/e2pTxPower2/e2pTxPower3/e2pTxPower4/e2pTxPower5/e2pTxPower6/e2pTxPower7/e2pTx2Power1/e2pTx2Power2/e2pTx2Power3/e2pTx2Power4/e2pTx2Power5/e2pTx2Power6/e2pTx2Power7/ateTxFreqOffset/ateMode/ateBW/ateAntenna/e2pTxFreqOffset/e2pTxPwDeltaB/e2pTxPwDeltaG/e2pTxPwDeltaMix/e2pTxPwDeltaN/readE2P can lead to os command injection. The identification of this vulnerability is CVE-2026-9424. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Edimax BR-6675nD 1.12 and classified as critical. Impacted is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. This vulnerability was named CVE-2026-9423. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

说实话，没有那么多传奇故事，更多是很具体的活：看代码路径，复现实验，想清楚场景，写 changelog，发 patch，然后等 review。最开始，是 Barry（宋宝华）老师发起了一张“英雄帖”，把几个愿意花时间啃内核问题的人招呼到了一起。我们想把这些事摊开：看过的代码，做过的实验，踩过的坑，patch 为什么这么写，又为什么被打回来。我们想成为这样的人，也想遇到更多这样的人。我们是一群 Linux kernel 狂热爱好者，没有收益，没有赞助，也没有什么复杂的背景。今天开始，这里就是“笑傲内核”。

Submit #813916 / VDB-365412

Submit #813915 / VDB-365411

Submit #813913 / VDB-236358

Submit #813912 / VDB-365410

Submit #813911 / VDB-365409

Submit #813895 / VDB-365408

Submit #813894 / VDB-365407

Submit #813893 / VDB-365322

Submit #813892 / VDB-365406

Submit #813891 / VDB-365405

Submit #811568 / VDB-365404

A vulnerability, which was classified as critical, was found in KLiK SocialMediaWebsite 1.0. This issue affects some unknown processing of the component HTTP POST Request Parameter Handler. Such manipulation leads to injection. This vulnerability is uniquely identified as CVE-2026-9422. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability, which was classified as critical, has been found in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. This vulnerability is handled as CVE-2026-9421. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability classified as critical was found in KLiK SocialMediaWebsite 1.0. This affects an unknown part of the component HTTP GET Request Parameter Handler. The manipulation results in injection. This vulnerability is known as CVE-2026-9420. It is possible to launch the attack remotely. Furthermore, an exploit is available.