Vuldb Updates

A vulnerability classified as problematic has been found in nimiq core-rs-albatross up to 1.2.x. The impacted element is the function verify_macro_block_proposal of the component nimiq Proof-of-Stake Protocol Handler. Performing a manipulation results in insufficient verification of data authenticity. This vulnerability was named CVE-2026-34061. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in nimiq core-rs-albatross up to 1.2.x. Affected is the function blockchain.history_store.history_index of the component nimiq Proof-of-Stake Protocol Handler. The manipulation results in unchecked return value. This vulnerability is identified as CVE-2026-35468. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability classified as critical was found in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. This vulnerability was named CVE-2026-5526. The attack may be performed from remote. In addition, an exploit is available. Applying restrictive firewalling is recommended.

A vulnerability, which was classified as problematic, has been found in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . The identification of this vulnerability is CVE-2026-5527. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is advisable to implement restrictive firewalling.

A vulnerability identified as critical has been detected in FedML-AI FedML up to 0.8.9. This impacts an unknown function of the file FileUtils.java of the component MQTT Message Handler. Performing a manipulation of the argument dataSet results in path traversal. This vulnerability is reported as CVE-2026-5535. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability labeled as critical has been found in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_server.py of the component gRPC server. Executing a manipulation can lead to deserialization. This vulnerability appears as CVE-2026-5536. The attack may be performed from remote. There is no available exploit. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01 and classified as critical. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. This vulnerability is referenced as CVE-2026-5547. It is possible to launch the attack remotely. No exploit is available. Multiple endpoints might be affected.

A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. It has been classified as critical. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. This vulnerability is identified as CVE-2026-5548. The attack can be initiated remotely. There is not any exploit available.

A vulnerability labeled as critical has been found in util-linux. This vulnerability affects unknown code of the component Hostname Canonicalization. Executing a manipulation can lead to improper access controls. This vulnerability is tracked as CVE-2026-3184. The attack is only possible within the local network. No exploit exists.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.162/6.6.123/6.12.69/6.18.9. The impacted element is the function smb2_open_file. Performing a manipulation results in memory leak. This vulnerability is cataloged as CVE-2026-23205. The attack must originate from the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.18.9. It has been declared as critical. The affected element is the function vlan_for_each of the file net/8021q/vlan_core.c. The manipulation results in reachable assertion. This vulnerability is cataloged as CVE-2026-23203. The attack must originate from the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.123/6.12.69/6.18.9. It has been declared as critical. This issue affects the function skb_header_pointer_careful of the component cls_u32. The manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2026-23204. The attack can only be performed from the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.199/6.1.162/6.6.123/6.12.69/6.18.9 and classified as critical. This affects the function tegra_qspi_combined_seq_xfer of the component IRQ Handler. Executing a manipulation of the argument curr_xfer can lead to null pointer dereference. The identification of this vulnerability is CVE-2026-23202. The attack needs to be done within the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.123/6.12.69/6.18.9. Affected by this vulnerability is the function fib6_add_rt2node of the file net/ipv6/ip6_fib.c of the component ipv6. The manipulation results in null pointer dereference. This vulnerability was named CVE-2026-23200. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability has been found in Linux Kernel up to 6.12.69/6.18.9 and classified as critical. Affected by this issue is the function kfree of the component ceph. Performing a manipulation results in denial of service. This vulnerability was named CVE-2026-23201. The attack needs to be approached within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.69/6.18.9. Affected by this vulnerability is the function __kernel_read of the component procfs. Such manipulation leads to improper update of reference count. This vulnerability is uniquely identified as CVE-2026-23199. The attack can only be initiated within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability was found in Apache HTTP Server up to 2.4.66. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation results in buffer over-read. This vulnerability is cataloged as CVE-2026-34059. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability categorized as critical has been discovered in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub_421494 of the file /goform/addRouting. Executing a manipulation of the argument dest can lead to command injection. This vulnerability is registered as CVE-2026-5183. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as critical has been detected in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of the argument admuser leads to command injection. This vulnerability is documented as CVE-2026-5184. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in libp2p-gossipsub. It has been declared as problematic. This affects an unknown part. Such manipulation leads to denial of service. This vulnerability is referenced as CVE-2026-34219. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.