Overview
- Totolink
- A7100RU
Description
Statistics
- 1 Post
Fediverse
Totolink A7100RU (7.4cu.2313_b20191024) hit by CRITICAL OS command injection (CVE-2026-6113) β remote, unauthenticated attackers could execute commands. No patch yet; restrict access & monitor for updates. https://radar.offseq.com/threat/cve-2026-6113-os-command-injection-in-totolink-a71-16ad03cb #OffSeq #Vulnerability #RouterSecurity
Overview
- Python Software Foundation
- CPython
Description
Statistics
- 1 Post
Overview
Description
Statistics
- 1 Post
Overview
- Totolink
- A7100RU
Description
Statistics
- 1 Post
Fediverse
Totolink A7100RU (7.4cu.2313_b20191024) faces a CRITICAL OS command injection (CVE-2026-6114, CVSS 9.3). Remote, unauthenticated code execution possible. No patch yet β disable remote mgmt & watch for updates. https://radar.offseq.com/threat/cve-2026-6114-os-command-injection-in-totolink-a71-384165a1 #OffSeq #CVE20266114 #Vuln #RouterSecurity
Overview
Description
Statistics
- 4 Posts
Fediverse
CVE-2026-31413
Found a 1-char bug in the Linux BPF verifier. A + 1 that should've been + 0 in maybe_fork_scalars() gives you OOB map access and full container escape from any pod with CAP_BPF. Fix in 7.0-rc5.
-Technical writeup with POC dropping soon.
CVE-2026-31413 - Linux Kernel Local Priv Esc
One extra + 1. That's the whole bug.
BPF verifier: insn_idx + 1 instead of insn_idx. Skips an instruction it shouldn't. For BPF_OR, verifier sees zero, CPU has your constant. Arbitrary kernel R/W.
Full container escape. No --privileged. Just CAP_BPF.
Overview
- Rukovoditel
- Rukovoditel CRM
Description
Statistics
- 1 Post
Fediverse
π¨ CRITICAL XSS in Rukovoditel CRM 3.6.4 (CVE-2026-31845): Pre-auth reflected XSS in the Zadarma API (/api/tel/zadarma.php) lets attackers inject JS via 'zd_echo'. Patch or restrict access! https://radar.offseq.com/threat/cve-2026-31845-cwe-79-improper-neutralization-of-i-5f1f2c55 #OffSeq #XSS #Rukovoditel #Infosec
Overview
Description
Statistics
- 1 Post
Fediverse
nice typo in
[SECURITY] [DSA 6207-1] flatpak security update:
"delete arbitrary hosts on the host"
https://lists.debian.org/debian-security-announce/2026/msg00117.html
in https://security-tracker.debian.org/tracker/CVE-2026-34079 it's "files" btw.
Overview
- parisneo
- parisneo/lollms
Description
Statistics
- 1 Post
Fediverse
π¨ HIGH severity XSS (CVE-2026-1116) in parisneo/lollms pre-2.2.0: Improper input sanitization in from_dict allows attackers to inject malicious scripts. Update ASAP! https://radar.offseq.com/threat/cve-2026-1116-cwe-79-improper-neutralization-of-in-c711f067 #OffSeq #XSS #Vuln #InfoSec
Overview
- Totolink
- A7100RU
Description
Statistics
- 1 Post
Fediverse
Totolink A7100RU (fw 7.4cu.2313_b20191024) suffers CRITICAL OS command injection (CVE-2026-6116, CVSS 9.3). Remote, unauthenticated RCE is possible. No patch yet β disable remote access or isolate device! https://radar.offseq.com/threat/cve-2026-6116-os-command-injection-in-totolink-a71-15ee14e2 #OffSeq #Vulnerability #RouterSecurity
Overview
- Apache Software Foundation
- Apache Tomcat
Description
Statistics
- 1 Post