Overview
- D-Link
- DIR-615
08 Feb 2026
Published
08 Feb 2026
Updated
CVSS v4.0
HIGH (8.6)
EPSS
Pending
KEV
Description
A vulnerability has been found in D-Link DIR-615 4.10. This affects an unknown part of the file adv_firewall.php of the component DMZ Host Feature. Such manipulation of the argument dmz_ipaddr leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Statistics
- 1 Post
- 1 Interaction
Last activity: 17 hours ago
Fediverse
⚠️ CVE-2026-2151: HIGH severity OS command injection in D-Link DIR-615 v4.10 (DMZ Host/adv_firewall.php) enables unauthenticated remote code execution. No patch — replace or isolate affected routers ASAP. https://radar.offseq.com/threat/cve-2026-2151-os-command-injection-in-d-link-dir-6-3276f328 #OffSeq #DLink #CVE20262151 #Infosec
Overview
Description
n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue has been patched in versions 1.123.17 and 2.5.2.
Statistics
- 1 Post
- 1 Interaction
Last activity: 15 hours ago
Overview
Description
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.
Statistics
- 1 Post
- 1 Interaction
Last activity: 19 hours ago
Overview
- D-Link
- DIR-823X
09 Feb 2026
Published
09 Feb 2026
Updated
CVSS v4.0
HIGH (8.6)
EPSS
Pending
KEV
Description
A vulnerability has been found in D-Link DIR-823X 250416. This affects the function sub_4211C8 of the file /goform/set_filtering. Such manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Statistics
- 1 Post
Last activity: 8 hours ago
Fediverse
⚠️ HIGH-severity OS command injection (CVE-2026-2210) in D-Link DIR-823X v250416 — remote, unauthenticated code execution possible. Patch firmware or restrict admin access now. European orgs: prioritize response! https://radar.offseq.com/threat/cve-2026-2210-os-command-injection-in-d-link-dir-8-a510703e #OffSeq #Vuln #DLink
Overview
- D-Link
- DIR-823X
08 Feb 2026
Published
08 Feb 2026
Updated
CVSS v4.0
HIGH (8.6)
EPSS
Pending
KEV
Description
A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420618 of the file /goform/set_upnp. This manipulation of the argument upnp_enable causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
Statistics
- 1 Post
Last activity: 16 hours ago
Fediverse
🛡️ CVE-2026-2175: HIGH severity OS command injection in D-Link DIR-823X (v250416) via /goform/set_upnp. No auth needed; public exploit out. Patch ASAP or disable UPnP & segment networks. https://radar.offseq.com/threat/cve-2026-2175-os-command-injection-in-d-link-dir-8-2593454d #OffSeq #DLink #Vuln #RouterAlert
Overview
- Red Hat
- Red Hat Enterprise Linux 10
- libxml2
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS
Pending
EPSS
0.06%
KEV
Description
A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.
Statistics
- 1 Post
Last activity: 23 hours ago
Overview
- Go standard library
- archive/zip
- archive/zip
28 Jan 2026
Published
29 Jan 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV
Description
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.
Statistics
- 1 Post
Last activity: 23 hours ago
Overview
- Go standard library
- crypto/tls
- crypto/tls
05 Feb 2026
Published
06 Feb 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV
Description
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
Statistics
- 1 Post
Last activity: 23 hours ago
Overview
- Go standard library
- net/url
- net/url
28 Jan 2026
Published
29 Jan 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV
Description
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.
Statistics
- 1 Post
Last activity: 23 hours ago
Overview
Description
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution.
Statistics
- 1 Post
Last activity: 16 hours ago