社区情报
来自安全社区、研究机构和开源生态的情报。
-
CVE-2026-11413 | JingDong JD Cloud Box AX6600 4.5.3.r4546 /sbin/jdcweb_rpc set_macfilter stack-based overflow
A vulnerability classified as <a href="https://vuldb.com/kb/risk">critical</a> has been found in <a href="https://vuldb.com/product/jingdong:jd_cloud_box_ax6600">JingDong JD Cloud Box AX6600 4.5.3.r4546</a>. The impacted element is the function <code>set_macfilter</code> of the file <em>/sbin/jdcweb_rpc</em>. The manipulation leads to stack-based buffer over…
A vulnerability classified as <a href="https://vuldb.com/kb/risk">critical</a> has been found in <a href="https://vuldb.com/product/jingdong:jd_cloud_box_ax6600">JingDong JD Cloud Box AX6600 4.5.3.r4546</a>. The impacted element is the function <code>set_macfilter</code> of the file <em>/sbin/jdcweb_rpc</em>. The manipulation leads to stack-based buffer overA vulnerability classified as <a href="https://vuldb.com/kb/risk">critical</a> has been found in <a href="https://vuldb.com/product/jingdong:jd_cloud_box_ax6600">JingDong JD Cloud Box AX6600 4.5.3.r4546</a>. The impacted element is the function <code>set_macfilter</code> of the file <em>/sbin/jdcweb_rpc</em>. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as <a href="https://vuldb.com/cve/CVE-2026-11413">CVE-2026-11413</a>. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.扩展字段
{ "raw_pub_date": "Fri, 05 Jun 2026 20:45:50 +0200" } -
CVE-2026-11412 | Jinher OA C6 GetFormSn.aspx queryID sql injection
A vulnerability described as <a href="https://vuldb.com/kb/risk">critical</a> has been identified in <a href="https://vuldb.com/product/jinher:oa">Jinher OA C6</a>. The affected element is an unknown function of the file <em>/C6/JHSoft.Web.ModuleCount/GetFormSn.aspx</em>. Executing a manipulation of the argument <em>queryID</em> can lead to sql injection. T…
A vulnerability described as <a href="https://vuldb.com/kb/risk">critical</a> has been identified in <a href="https://vuldb.com/product/jinher:oa">Jinher OA C6</a>. The affected element is an unknown function of the file <em>/C6/JHSoft.Web.ModuleCount/GetFormSn.aspx</em>. Executing a manipulation of the argument <em>queryID</em> can lead to sql injection. TA vulnerability described as <a href="https://vuldb.com/kb/risk">critical</a> has been identified in <a href="https://vuldb.com/product/jinher:oa">Jinher OA C6</a>. The affected element is an unknown function of the file <em>/C6/JHSoft.Web.ModuleCount/GetFormSn.aspx</em>. Executing a manipulation of the argument <em>queryID</em> can lead to sql injection. This vulnerability appears as <a href="https://vuldb.com/cve/CVE-2026-11412">CVE-2026-11412</a>. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.扩展字段
{ "raw_pub_date": "Fri, 05 Jun 2026 20:43:46 +0200" } -
CVE-2026-11411 | iAI Lab PDF AI App 4.21.0 on Android chatpdf.pro getExternalCacheDir _display_name path traversal
A vulnerability marked as <a href="https://vuldb.com/kb/risk">critical</a> has been reported in <a href="https://vuldb.com/product/iai_lab:pdf_ai_app">iAI Lab PDF AI App 4.21.0</a> on Android. Impacted is the function <code>getExternalCacheDir</code> of the component <em>chatpdf.pro</em>. Performing a manipulation of the argument <em>_display_name</em> resul…
A vulnerability marked as <a href="https://vuldb.com/kb/risk">critical</a> has been reported in <a href="https://vuldb.com/product/iai_lab:pdf_ai_app">iAI Lab PDF AI App 4.21.0</a> on Android. Impacted is the function <code>getExternalCacheDir</code> of the component <em>chatpdf.pro</em>. Performing a manipulation of the argument <em>_display_name</em> resulA vulnerability marked as <a href="https://vuldb.com/kb/risk">critical</a> has been reported in <a href="https://vuldb.com/product/iai_lab:pdf_ai_app">iAI Lab PDF AI App 4.21.0</a> on Android. Impacted is the function <code>getExternalCacheDir</code> of the component <em>chatpdf.pro</em>. Performing a manipulation of the argument <em>_display_name</em> results in path traversal. This vulnerability is reported as <a href="https://vuldb.com/cve/CVE-2026-11411">CVE-2026-11411</a>. The attack requires a local approach. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.扩展字段
{ "raw_pub_date": "Fri, 05 Jun 2026 20:42:27 +0200" } -
CVE-2026-11408 | vertex-app vertex up to 2026.02.12 Log Viewer Endpoint app/model/LogMod.js req.query os command injection
A vulnerability labeled as <a href="https://vuldb.com/kb/risk">critical</a> has been found in <a href="https://vuldb.com/product/vertex-app:vertex">vertex-app vertex up to 2026.02.12</a>. This issue affects some unknown processing of the file <em>app/model/LogMod.js</em> of the component <em>Log Viewer Endpoint</em>. Such manipulation of the argument <em>req…
A vulnerability labeled as <a href="https://vuldb.com/kb/risk">critical</a> has been found in <a href="https://vuldb.com/product/vertex-app:vertex">vertex-app vertex up to 2026.02.12</a>. This issue affects some unknown processing of the file <em>app/model/LogMod.js</em> of the component <em>Log Viewer Endpoint</em>. Such manipulation of the argument <em>reqA vulnerability labeled as <a href="https://vuldb.com/kb/risk">critical</a> has been found in <a href="https://vuldb.com/product/vertex-app:vertex">vertex-app vertex up to 2026.02.12</a>. This issue affects some unknown processing of the file <em>app/model/LogMod.js</em> of the component <em>Log Viewer Endpoint</em>. Such manipulation of the argument <em>req.query</em> leads to os command injection. This vulnerability is documented as <a href="https://vuldb.com/cve/CVE-2026-11408">CVE-2026-11408</a>. The attack can be executed remotely. Additionally, an exploit exists. It is best practice to apply a patch to resolve this issue.扩展字段
{ "raw_pub_date": "Fri, 05 Jun 2026 20:39:00 +0200" } -
CVE-2026-11406 | GL.iNet MT3000 up to 4.4.5 OpenVPN Client Import Workflow ovpnclient.sh command injection
A vulnerability identified as <a href="https://vuldb.com/kb/risk">critical</a> has been detected in <a href="https://vuldb.com/product/gl">GL.iNet MT3000 up to 4.4.5</a>. This vulnerability affects unknown code of the file <em>ovpnclient.sh</em> of the component <em>OpenVPN Client Import Workflow</em>. This manipulation causes command injection. This vulner…
A vulnerability identified as <a href="https://vuldb.com/kb/risk">critical</a> has been detected in <a href="https://vuldb.com/product/gl">GL.iNet MT3000 up to 4.4.5</a>. This vulnerability affects unknown code of the file <em>ovpnclient.sh</em> of the component <em>OpenVPN Client Import Workflow</em>. This manipulation causes command injection. This vulnerA vulnerability identified as <a href="https://vuldb.com/kb/risk">critical</a> has been detected in <a href="https://vuldb.com/product/gl">GL.iNet MT3000 up to 4.4.5</a>. This vulnerability affects unknown code of the file <em>ovpnclient.sh</em> of the component <em>OpenVPN Client Import Workflow</em>. This manipulation causes command injection. This vulnerability is registered as <a href="https://vuldb.com/cve/CVE-2026-11406">CVE-2026-11406</a>. Remote exploitation of the attack is possible. Furthermore, an exploit is available. You should upgrade the affected component. The vendor confirms: "This issue has been addressed by implementing malicious checks on OpenVPN configuration files to prevent command injection attacks carried through malicious configuration files."扩展字段
{ "raw_pub_date": "Fri, 05 Jun 2026 20:31:31 +0200" } -
CVE-2026-2379 | Arista EOS up to 4.34.3M IPsec Feature operation after expiration
A vulnerability categorized as <a href="https://vuldb.com/kb/risk">problematic</a> has been discovered in <a href="https://vuldb.com/product/arista:eos">Arista EOS up to 4.34.3M</a>. This affects an unknown part of the component <em>IPsec Feature</em>. The manipulation results in operation on a resource after expiration. This vulnerability is cataloged as <…
A vulnerability categorized as <a href="https://vuldb.com/kb/risk">problematic</a> has been discovered in <a href="https://vuldb.com/product/arista:eos">Arista EOS up to 4.34.3M</a>. This affects an unknown part of the component <em>IPsec Feature</em>. The manipulation results in operation on a resource after expiration. This vulnerability is cataloged as <A vulnerability categorized as <a href="https://vuldb.com/kb/risk">problematic</a> has been discovered in <a href="https://vuldb.com/product/arista:eos">Arista EOS up to 4.34.3M</a>. This affects an unknown part of the component <em>IPsec Feature</em>. The manipulation results in operation on a resource after expiration. This vulnerability is cataloged as <a href="https://vuldb.com/cve/CVE-2026-2379">CVE-2026-2379</a>. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.扩展字段
{ "raw_pub_date": "Fri, 05 Jun 2026 20:23:42 +0200" } -
CVE-2025-71317 | Riello UPS NetMan up to 204 SSH Service cgi-bin/login.cgi hard-coded credentials (Exploit 52183 / EDB-52183)
A vulnerability was found in <a href="https://vuldb.com/product/riello_ups:netman">Riello UPS NetMan up to 204</a>. It has been rated as <a href="https://vuldb.com/kb/risk">critical</a>. Affected by this issue is some unknown functionality of the file <em>cgi-bin/login.cgi</em> of the component <em>SSH Service</em>. The manipulation leads to hard-coded crede…
A vulnerability was found in <a href="https://vuldb.com/product/riello_ups:netman">Riello UPS NetMan up to 204</a>. It has been rated as <a href="https://vuldb.com/kb/risk">critical</a>. Affected by this issue is some unknown functionality of the file <em>cgi-bin/login.cgi</em> of the component <em>SSH Service</em>. The manipulation leads to hard-coded credeA vulnerability was found in <a href="https://vuldb.com/product/riello_ups:netman">Riello UPS NetMan up to 204</a>. It has been rated as <a href="https://vuldb.com/kb/risk">critical</a>. Affected by this issue is some unknown functionality of the file <em>cgi-bin/login.cgi</em> of the component <em>SSH Service</em>. The manipulation leads to hard-coded credentials. This vulnerability is listed as <a href="https://vuldb.com/cve/CVE-2025-71317">CVE-2025-71317</a>. The attack may be initiated remotely. In addition, an exploit is available.扩展字段
{ "raw_pub_date": "Fri, 05 Jun 2026 20:23:28 +0200" } -
CVE-2026-50733 | shd101wyy Markdown Preview Enhanced up to 0.8.27 window.eval eval injection
A vulnerability was found in <a href="https://vuldb.com/product/shd101wyy:markdown_preview_enhanced">shd101wyy Markdown Preview Enhanced up to 0.8.27</a>. It has been declared as <a href="https://vuldb.com/kb/risk">critical</a>. Affected by this vulnerability is the function <code>window.eval</code>. Executing a manipulation can lead to improper neutralizati…
A vulnerability was found in <a href="https://vuldb.com/product/shd101wyy:markdown_preview_enhanced">shd101wyy Markdown Preview Enhanced up to 0.8.27</a>. It has been declared as <a href="https://vuldb.com/kb/risk">critical</a>. Affected by this vulnerability is the function <code>window.eval</code>. Executing a manipulation can lead to improper neutralizatiA vulnerability was found in <a href="https://vuldb.com/product/shd101wyy:markdown_preview_enhanced">shd101wyy Markdown Preview Enhanced up to 0.8.27</a>. It has been declared as <a href="https://vuldb.com/kb/risk">critical</a>. Affected by this vulnerability is the function <code>window.eval</code>. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated code. This vulnerability is tracked as <a href="https://vuldb.com/cve/CVE-2026-50733">CVE-2026-50733</a>. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.扩展字段
{ "raw_pub_date": "Fri, 05 Jun 2026 20:23:16 +0200" }