24h | 7d | 30d

Overview

  • D-Link
  • DIR-615

08 Feb 2026
Published
08 Feb 2026
Updated

CVSS v4.0
HIGH (8.6)
EPSS
Pending

KEV

Description

A vulnerability has been found in D-Link DIR-615 4.10. This affects an unknown part of the file adv_firewall.php of the component DMZ Host Feature. Such manipulation of the argument dmz_ipaddr  leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 17 hours ago

Fediverse

Profile picture fallback

⚠️ CVE-2026-2151: HIGH severity OS command injection in D-Link DIR-615 v4.10 (DMZ Host/adv_firewall.php) enables unauthenticated remote code execution. No patch — replace or isolate affected routers ASAP. radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 17h ago

Overview

  • n8n-io
  • n8n

04 Feb 2026
Published
05 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
0.02%

KEV

Description

n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue has been patched in versions 1.123.17 and 2.5.2.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 15 hours ago

Bluesky

Profile picture fallback
Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security
  • 0
  • 1
  • 0
  • 15h ago

Overview

  • SmarterTools
  • SmarterMail

23 Jan 2026
Published
06 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
9.22%

Description

SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 19 hours ago

Bluesky

Profile picture fallback
Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423) - Help Net Security www.helpnetsecurity.com/2026/02/06/r...
  • 0
  • 1
  • 0
  • 19h ago

Overview

  • D-Link
  • DIR-823X

09 Feb 2026
Published
09 Feb 2026
Updated

CVSS v4.0
HIGH (8.6)
EPSS
Pending

KEV

Description

A vulnerability has been found in D-Link DIR-823X 250416. This affects the function sub_4211C8 of the file /goform/set_filtering. Such manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture fallback

⚠️ HIGH-severity OS command injection (CVE-2026-2210) in D-Link DIR-823X v250416 — remote, unauthenticated code execution possible. Patch firmware or restrict admin access now. European orgs: prioritize response! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

Overview

  • D-Link
  • DIR-823X

08 Feb 2026
Published
08 Feb 2026
Updated

CVSS v4.0
HIGH (8.6)
EPSS
Pending

KEV

Description

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420618 of the file /goform/set_upnp. This manipulation of the argument upnp_enable causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

Statistics

  • 1 Post

Last activity: 16 hours ago

Fediverse

Profile picture fallback

🛡️ CVE-2026-2175: HIGH severity OS command injection in D-Link DIR-823X (v250416) via /goform/set_upnp. No auth needed; public exploit out. Patch ASAP or disable UPnP & segment networks. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • libxml2

15 Jan 2026
Published
15 Jan 2026
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
🚨 New LOW CVE detected in AWS Lambda 🚨 CVE-2026-0989 impacts libxml2 in 27 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/405 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Go standard library
  • archive/zip
  • archive/zip

28 Jan 2026
Published
29 Jan 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2025-61728 impacts libcap in 20 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/397 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Go standard library
  • crypto/tls
  • crypto/tls

05 Feb 2026
Published
06 Feb 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2025-68121 impacts libcap in 47 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/401 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Go standard library
  • net/url
  • net/url

28 Jan 2026
Published
29 Jan 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2025-61726 impacts libcap in 20 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/396 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Zabbix
  • Zabbix

12 Sep 2025
Published
08 Feb 2026
Updated

CVSS v4.0
HIGH (7.3)
EPSS
0.08%

KEV

Description

Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture fallback
Security Advisory: #Debian LTS DLA-4473-1 patches a high-severity RCE in Zabbix (CVE-2025-27234). The smartctl plugin's lack of input sanitization allows argument injection into the underlying command. Read more: 👉 tinyurl.com/4dmk7ayh #Security
  • 0
  • 0
  • 0
  • 16h ago
Showing 11 to 20 of 48 CVEs