Aggregator

A vulnerability described as critical has been identified in Totolink X6000R 9.4.0cu.652_B20230116. This affects the function sub_41CC04. Such manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2023-46409. The attack can only be initiated within the local network. No exploit exists.

A vulnerability classified as critical has been found in Totolink X6000R 9.4.0cu.652_B20230116. This vulnerability affects the function sub_416F60. Performing a manipulation results in command injection. This vulnerability was named CVE-2023-46410. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability classified as critical was found in Totolink X6000R 9.4.0cu.652_B20230116. This issue affects the function sub_415258. Executing a manipulation can lead to command injection. The identification of this vulnerability is CVE-2023-46411. The attack needs to be done within the local network. There is no exploit available.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.17.2. This affects the function generic_handle_domain_irq of the component PCI. Performing a manipulation results in null pointer dereference. This vulnerability is known as CVE-2025-40076. Access to the local network is required for this attack. No exploit is available. You should upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.17.2. This issue affects the function pgoff_t of the component f2fs. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-40077. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.17.2. This vulnerability affects the function dst_dev_rcu of the component ipv4. Executing a manipulation can lead to use after free. This vulnerability is handled as CVE-2025-40074. The attack can only be done within the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.17.2. It has been classified as critical. This issue affects the function dst_dev_net_rcu of the component tcp_metrics. Performing a manipulation results in privilege escalation. This vulnerability is cataloged as CVE-2025-40075. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.12.58/6.17.8. It has been classified as critical. Affected by this issue is the function no_root_squash of the file /media of the component NFS. This manipulation causes permission issues. This vulnerability appears as CVE-2025-68242. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability described as critical has been identified in Linux Kernel up to 6.17.8. The affected element is the function nfs_match_client of the component NFS. Such manipulation leads to improper certificate validation. This vulnerability is uniquely identified as CVE-2025-68243. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.12.58/6.17.8. Impacted is the function nilfs_segctor_thread of the file fs/nilfs2/segment.c of the component nilfs2. This manipulation causes unchecked return value. This vulnerability is handled as CVE-2025-68240. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.58/6.17.8. Affected by this issue is the function alloc_slab_obj_exts. The manipulation results in allocation of resources. This vulnerability is cataloged as CVE-2025-68199. The attack must originate from the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability identified as critical has been detected in Wavlink WL-NU516U1 20251208. This vulnerability affects the function sub_401218 of the file /cgi-bin/nas.cgi. Performing a manipulation of the argument User1Passwd results in stack-based buffer overflow. This vulnerability was named CVE-2026-2567. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability categorized as critical has been discovered in Wavlink WL-NU516U1 up to 130/260. This affects the function sub_406194 of the file /cgi-bin/adm.cgi. Such manipulation of the argument firmware_url leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-2566. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Wavlink WL-NU516U1 20251208. It has been rated as critical. Affected by this issue is the function sub_40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument time_zone causes stack-based buffer overflow. This vulnerability is handled as CVE-2026-2565. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #752016 / VDB-346174

Submit #751908 / VDB-346173

Submit #751133 / VDB-346172

Submit #751046 / VDB-325827

Submit #750991 / VDB-283927

A vulnerability was found in Intelbras VIP 3260 Z IA 2.840.00IB005.0.T. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /OutsideCmd. The manipulation results in weak password recovery. This vulnerability is known as CVE-2026-2564. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.