|
1631
|
8.1 |
HIGH
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path
smb2_ioctl_query_info() has two response-copy branches: PASSTH…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-31708
|
2026-05-7 05:25 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1632
|
8.8 |
HIGH
Network
|
trendnet
|
tew-821dap_firmware
|
A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation cause…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7609
|
2026-05-7 05:24 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1633
|
8.0 |
HIGH
Adjacent
|
trendnet
|
tew-821dap_firmware
|
A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools_diagnostic. The manipulation results in os command injection. The exploit is now public a…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7608
|
2026-05-7 05:24 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1634
|
8.8 |
HIGH
Network
|
trendnet
|
tew-821dap_firmware
|
A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udpate. The manipulation of the argument str leads t…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7607
|
2026-05-7 05:23 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1635
|
8.1 |
HIGH
Network
|
trendnet
|
tew-821dap_firmware
|
A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function find_hwid/new_gui_update_firmware of the component Firmware Update Handler. Executing a manipulation of …
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-7606
|
2026-05-7 05:23 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1636
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix dir separator in SMB1 UNIX mounts
When calling cifs_mount_get_tcon() with SMB1 UNIX mounts,
@cifs_sb->mnt_cifs_f…
|
NVD-CWE-noinfo
|
CVE-2026-31710
|
2026-05-7 05:21 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1637
|
7.5 |
HIGH
Network
|
lobster-world
|
lobster_pro
|
Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server a…
|
CWE-611
XXE
|
CVE-2024-13971
|
2026-05-7 05:19 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1638
|
7.5 |
HIGH
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
smb: server: fix active_num_conn leak on transport allocation failure
Commit 77ffbcac4e56 ("smb: server: fix leak of active_num_c…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-31711
|
2026-05-7 05:18 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1639
|
8.8 |
HIGH
Network
|
-
|
-
|
Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restricti…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-41938
|
2026-05-7 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1640
|
8.1 |
HIGH
Network
|
-
|
-
|
Vvveb before version 1.0.8.2 contains an XML external entity (XXE) injection vulnerability in the admin Tools/Import feature that allows authenticated site_admin users to read arbitrary files and mod…
|
CWE-611
XXE
|
CVE-2026-41936
|
2026-05-7 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
