Aggregator

CVE-2026-12223 | Yealink SIP-T46U 108.86.0.118 Web FastCGI Service tftpuploadiperf mod_webd.TFTPUploadIperf ip/port command injection

VulDB Recent Entries
2 days 16 hours ago
A vulnerability was found in Yealink SIP-T46U 108.86.0.118. It has been classified as critical. Affected by this vulnerability is the function mod_webd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. This vulnerability is referenced as CVE-2026-12223. The attack needs to be initiated within the local network. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-12222 | Yealink SIP-T46U 108.86.0.118 Web FastCGI Service /api/inner/bttest mod_webd.BlueToothTest btMac/pin/reserved stack-based overflow

VulDB Recent Entries
2 days 16 hours ago
A vulnerability was found in Yealink SIP-T46U 108.86.0.118 and classified as critical. Affected is the function mod_webd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The identification of this vulnerability is CVE-2026-12222. The attack needs to be done within the local network. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-12221 | Yealink SIP-T46U 108.86.0.118 Firmware Chunk Upload /api/upgrade/upgrade sprintf uid/start_offset stack-based overflow

VulDB Recent Entries
2 days 16 hours ago
A vulnerability has been found in Yealink SIP-T46U 108.86.0.118 and classified as critical. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/start_offset results in stack-based buffer overflow. This vulnerability was named CVE-2026-12221. The attack needs to be approached within the local network. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-12220 | Yealink SIP-T46U 108.86.0.118 Firmware Chunk Upload handler accupgradebychunk mod_upgrade.SparePartsUpload uid stack-based overflow

VulDB Recent Entries
2 days 16 hours ago
A vulnerability, which was classified as critical, was found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-12220. The attack can only be initiated within the local network. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-12219 | Yealink SIP-T46U 108.86.0.118 Web FastCGI Service /api/diagnosis/start mod_diagnose.CommandShellByType Time command injection

VulDB Recent Entries
2 days 16 hours ago
A vulnerability, which was classified as critical, has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function mod_diagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. This vulnerability is handled as CVE-2026-12219. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-12218 | Yealink SIP-T46U 108.87.50.1 Web FastCGI Service beforewifitest StartReportInformation port stack-based overflow

VulDB Recent Entries
2 days 16 hours ago
A vulnerability classified as critical was found in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. This vulnerability is known as CVE-2026-12218. Access to the local network is required for this attack. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

英国警官被控使用 AI 伪造证据

Solidot
2 days 17 hours ago
英国警方对一名涉嫌在多个案件使用 AI 伪造证据的警官展开刑事调查。由于调查正在进行之中,警方没有披露更多信息。德比郡警方表示,这名警官已被调离一线岗位,等待调查结果。该警官被指控妨碍司法公正,尚未被逮捕。这是英国首例警官在刑事案件中被控滥用 AI 技术。

CVE-2026-12217 | DVDFab Virtual Drive 2.0.0.5 Signed Kernel Driver dvdfabio.sys privileges management (EUVD-2026-36690)

VulDB Recent Entries
2 days 17 hours ago
A vulnerability classified as critical has been found in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. This vulnerability is traded as CVE-2026-12217. An attack has to be approached locally. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-12216 | svaarala duktape up to 2.99.99 duk_api_bytecode.c count_instr memory corruption (EUVD-2026-36689)

VulDB Recent Entries
2 days 17 hours ago
A vulnerability described as critical has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file duk_api_bytecode.c. Executing a manipulation of the argument count_instr can lead to memory corruption. This vulnerability appears as CVE-2026-12216. The attack requires local access. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Managed ad