24h | 7d | 30d

Overview

  • D-Link
  • DIR-816

15 Mar 2026
Published
16 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.06%

KEV

Description

A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a manipulation of the argument pskValue results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post

Last activity: 21 hours ago

Fediverse

Profile picture fallback

⚠️ CRITICAL: D-Link DIR-816 (1.10CNB05) stack-based buffer overflow via pskValue in /goform/form2Wl5BasicSetup.cgi. Exploit is public, remote code execution possible. Device is EOL — isolate or replace! CVE-2026-4184 radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 21h ago

Overview

  • D-Link
  • DIR-816

15 Mar 2026
Published
16 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.06%

KEV

Description

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture fallback

🔎 CVE-2026-4183 (CRITICAL, CVSS 9.3): D-Link DIR-816 (v1.10CNB05) stack buffer overflow via /goform/form2WlanBasicSetup.cgi. Exploit code public, no patch. Replace or isolate devices ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • D-Link
  • DIR-816

15 Mar 2026
Published
16 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.06%

KEV

Description

A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl5RepeaterStep2.cgi of the component goahead. This manipulation of the argument key1/key2/key3/key4/pskValue causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post

Last activity: 4 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-4182 in D-Link DIR-816 (v1.10CNB05) — stack buffer overflow in /goform/form2Wl5RepeaterStep2.cgi enables remote code execution. No patch, public exploit exists. Replace or isolate devices now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago

Overview

  • glowxq
  • glowxq-oj

16 Mar 2026
Published
16 Mar 2026
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
0.04%

KEV

Description

A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This vulnerability affects the function Upload of the file business/business-system/src/main/java/com/glowxq/system/admin/controller/SysFileController.java. Executing a manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 13 hours ago

Fediverse

Profile picture fallback

CVE-2026-4201 (MEDIUM, CVSS 6.9) in glowxq-oj allows remote, unauthenticated file uploads — risk of code execution. No patch, public exploit exists. Restrict upload access, validate files, monitor closely. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago

Overview

  • D-Link
  • DIR-619L

15 Mar 2026
Published
16 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.04%

KEV

Description

A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post

Last activity: 15 hours ago

Fediverse

Profile picture fallback

CVE-2026-4188: HIGH severity stack-based buffer overflow in D-Link DIR-619L (2.06B01). Allows remote, unauthenticated RCE. Device is unsupported — replace or strictly isolate! Exploit is public. More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 15h ago

Overview

  • freescout-help-desk
  • freescout

03 Mar 2026
Published
05 Mar 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.04%

KEV

Description

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code Execution (RCE) on the server by uploading a malicious .htaccess file using a zero-width space character prefix to bypass the security check. The vulnerability exists in the sanitizeUploadedFileName() function in app/Http/Helper.php. The function contains a Time-of-Check to Time-of-Use (TOCTOU) flaw where the dot-prefix check occurs before sanitization removes invisible characters. This vulnerability is fixed in 1.8.207.

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture fallback
FreeScout Zero-Click RCE (CVE-2026-28289) – Patch Bypass www.ox.security/blog/freesco...
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • anthropics
  • claude-code

21 Jan 2026
Published
21 Jan 2026
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
0.02%

KEV

Description

Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets ANTHROPIC_BASE_URL to an attacker-controlled endpoint and when the repository was opened, Claude Code would read the configuration and immediately issue API requests before showing the trust prompt, potentially leaking the user's API keys. Users on standard Claude Code auto-update have received this fix already. Users performing manual updates are advised to update to version 2.0.65, which contains a patch, or to the latest version.

Statistics

  • 1 Post

Last activity: 4 hours ago

Fediverse

Profile picture fallback

VE-2026-21852 exposed a Claude Code flaw that let malicious repositories redirect API traffic and steal Anthropic API keys before trust confirmation. hackernoon.com/claude-code-sec #claudecodevulnerability

  • 0
  • 0
  • 0
  • 4h ago

Overview

  • thermalright
  • TR-VISION HOME

16 Mar 2026
Published
16 Mar 2026
Updated

CVSS v4.0
HIGH (8.4)
EPSS
0.02%

KEV

Description

A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows (64-bit) allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library (DLL) dependencies using the default Windows search order, which includes directories that may be writable by non-privileged users.\n\n\n\nBecause these directories can be modified by unprivileged users, an attacker can place a malicious DLL with the same name as a legitimate dependency in a directory that is searched before trusted system locations. When the application is executed, which is always with administrative privileges, the malicious DLL is loaded instead of the legitimate library.\n\n\n\nThe application does not enforce restrictions on DLL loading locations and does not verify the integrity or digital signature of loaded libraries. As a result, attacker-controlled code may be executed within the security context of the application, allowing arbitrary code execution with elevated privileges.\n\n\n\nSuccessful exploitation requires that an attacker place a crafted malicious DLL in a user-writable directory that is included in the application's DLL search path and then cause the affected application to be executed. Once loaded, the malicious DLL runs with the same privileges as the application.\n\n\n\nThis issue affects \nTR-VISION HOME  versions up to and including 2.0.5.

Statistics

  • 1 Post

Last activity: 7 hours ago

Fediverse

Profile picture fallback

🛡️ HIGH severity alert: CVE-2026-4255 in TR-VISION HOME (≤2.0.5) enables DLL hijacking; local attackers can escalate privileges via side-loading. Restrict write access & monitor for rogue DLLs. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 7h ago

Overview

  • langchain-ai
  • helm

04 Mar 2026
Published
05 Mar 2026
Updated

CVSS v4.0
HIGH (8.5)
EPSS
0.06%

KEV

Description

Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm version 0.12.71, a URL parameter injection vulnerability existed in LangSmith Studio that could allow unauthorized access to user accounts through stolen authentication tokens. The vulnerability affected both LangSmith Cloud and self-hosted deployments. Authenticated LangSmith users who clicked on a specially crafted malicious link would have their bearer token, user ID, and workspace ID transmitted to an attacker-controlled server. With this stolen token, an attacker could impersonate the victim and access any LangSmith resources or perform any actions the user was authorized to perform within their workspace. The attack required social engineering (phishing, malicious links in emails or chat applications) to convince users to click the crafted URL. The stolen tokens expired after 5 minutes, though repeated attacks against the same user were possible if they could be convinced to click malicious links multiple times. The fix in version 0.12.71 implements validation requiring user-defined allowed origins for the baseUrl parameter, preventing tokens from being sent to unauthorized servers. No known workarounds are available. Self-hosted customers must upgrade to the patched version.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
"Hack the #AI Brain: Uncovering an Account Takeover Vulnerability in LangSmith" Miggo Security discovered a critical account takeover vulnerability (CVE-2026-25750) in LangSmith. Learn how this flaw exposed proprietary AI data. api.cyfluencer.com/s/hack-the-a...
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Taipower
  • Taipower APP

09 Mar 2026
Published
11 Mar 2026
Updated

CVSS v4.0
HIGH (8.3)
EPSS
0.02%

KEV

Description

Taipower APP for Andorid developed by Taipower has an Improper Certificate Validation vulnerability. When establishing an HTTPS connection with the server, the application fails to verify the server-side TLS/SSL certificate. This flaw allows an unauthenticated remote attackers to exploit the vulnerability to perform a Man-in-the-Middle (MITM) attack to read and tamper with network packets.

Statistics

  • 1 Post

Last activity: 12 hours ago

Bluesky

Profile picture fallback
CVE-2026-3822 - Taipower|Taipower APP - Improper Certificate Validation scq.ms/40OELpI
  • 0
  • 0
  • 0
  • 12h ago
Showing 11 to 20 of 31 CVEs