π CVE-2026-5350 - High (8.8)
A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba results in stack-based buffer overflow. The attack can be launc...
π https://www.thehackerwire.com/vulnerability/CVE-2026-5350/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-5349 - High (8.8)
A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba leads to stack-based buffer overflow. The attack can be initiated remo...
π https://www.thehackerwire.com/vulnerability/CVE-2026-5349/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2025-58136 - High (7.5)
A bug in POST request handling causes a crash under a certain condition.
This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12.
Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the...
π https://www.thehackerwire.com/vulnerability/CVE-2025-58136/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π΄ CVE-2026-25212 - Critical (9.9)
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25212/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2025-65114 - High (7.5)
Apache Traffic Server allows request smuggling if chunked messages are malformed.
This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1.
Users are recommended to upgrade to version 9.2.13 or 10.1.2, wh...
π https://www.thehackerwire.com/vulnerability/CVE-2025-65114/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π΄ CVE-2026-33950 - Critical (9.4)
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Admi...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33950/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-34785 - High (7.5)
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/c...
π https://www.thehackerwire.com/vulnerability/CVE-2026-34785/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π΄ CVE-2026-34877 - Critical (9.8)
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-34877/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-34829 - High (7.5)
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENT_LENGTH is present. When a multipart/form-data request is sent without a Conte...
π https://www.thehackerwire.com/vulnerability/CVE-2026-34829/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-35385 - High (7.5)
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).
π https://www.thehackerwire.com/vulnerability/CVE-2026-35385/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
TheHackerWire