Aggregator

A vulnerability classified as problematic was found in Huddly HuddlyCameraService. The affected element is the function RollingFileAppender.DeleteFile of the component log4net. The manipulation results in improper privilege management. This vulnerability is reported as CVE-2023-45253. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability has been found in D-Link DAP-X1860 up to 1.01b05-01 and classified as critical. Affected by this vulnerability is the function parsing_xml_stasurvey in the library libcgifunc.so of the component SSID Handler. This manipulation causes os command injection. This vulnerability is registered as CVE-2023-45208. The attack requires access to the local network. No exploit is available.

A vulnerability, which was classified as problematic, has been found in Huddly HuddlyCameraService. The impacted element is an unknown function of the component Installation. This manipulation causes uncontrolled search path. This vulnerability appears as CVE-2023-45252. The attack requires local access. There is no available exploit. It is advisable to upgrade the affected component.

Attackers don't need AI to crack passwords, they build targeted wordlists from an organization's own public language. This article explains how tools like CeWL turn websites into high-success password guesses and why complexity rules alone fall short. [...]

A vulnerability, which was classified as problematic, was found in anthropics claude-code up to 2.0.56. The affected element is an unknown function. The manipulation results in information disclosure. This vulnerability is cataloged as CVE-2026-25722. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability has been found in anthropics claude-code up to 2.0.54 and classified as problematic. The impacted element is an unknown function. This manipulation causes information disclosure. This vulnerability is registered as CVE-2026-25723. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability was found in anthropics claude-code up to 2.1.6 and classified as critical. This affects an unknown function of the file settings.json of the component Setting Handler. Such manipulation leads to symlink following. This vulnerability is documented as CVE-2026-25724. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as critical has been found in anthropics claude-code up to 2.1.1. This impacts an unknown function of the file .claude/settings.json of the component Bubblewrap Sandboxing. This manipulation causes trust boundary violation. The identification of this vulnerability is CVE-2026-25725. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Learn about how ClawSec, by Prompt Security, secures OpenClaw agents, stopping malicious skills with zero-trust defenses.

A vulnerability classified as critical has been found in D-Link DWR-M921 1.1.50. Affected is the function sub_419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of the argument ussdValue leads to command injection. This vulnerability is documented as CVE-2026-2085. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability described as critical has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420688 of the file /goform/set_qos. Executing a manipulation can lead to os command injection. This vulnerability is handled as CVE-2026-2142. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability categorized as critical has been discovered in D-Link DIR-823X 250416. The affected element is the function sub_4208A0 of the file /goform/set_dmz of the component Configuration Handler. The manipulation of the argument dmz_host/dmz_enable results in os command injection. This vulnerability is identified as CVE-2026-2155. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability labeled as critical has been found in D-Link DIR-823X 250416. This affects the function sub_4175CC of the file /goform/set_static_route_table. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection. This vulnerability is listed as CVE-2026-2157. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability classified as critical has been found in D-Link DIR-823X 250416. This vulnerability affects the function sub_420618 of the file /goform/set_upnp. This manipulation of the argument upnp_enable causes os command injection. This vulnerability is registered as CVE-2026-2175. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability classified as critical has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/set_ddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. This vulnerability is uniquely identified as CVE-2026-2143. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability classified as critical has been found in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/set_server_settings of the component Configuration Parameter Handler. The manipulation of the argument terminal_addr/server_ip/server_port leads to os command injection. This vulnerability is listed as CVE-2026-2120. The attack may be initiated remotely. In addition, an exploit is available.