These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-8230 is a remotely reachable command-injection issue reported in Wavlink NU516U1 240425. The vulnerable path is the sys_login1 function in /cgi-bin/login.cgi, where manipulation of the ipaddr argument can lead to OS command injection. Although the CVSS score is low, the source description says an exploit has been published, which increases practical concern for exposed devices. The vendor was con [truncated]
CVE-2026-8229 is a remote OS command-injection issue reported in Wavlink NU516U1 240425. The vulnerable path is /cgi-bin/wireless.cgi, specifically the WifiBasic function, where manipulation of AuthMethod or EncrypType can lead to command execution. The supplied description also states that a public exploit exists, so exposed devices should be treated as urgently reviewable even though the listed CVSS score is low.
CVE-2026-8216 is a remotely reachable authentication weakness in IAS Canias ERP 8.03. The issue is reported in iasServerRemoteInterface.doAction within Java RMI Session Management and can allow improper authentication if the service is manipulated. Because the affected component sits in an ERP environment, exposed deployments should treat this as an access-control risk for business-critical systems.
CVE-2026-8213 is a locally exploitable memory-safety issue in OSGeo GDAL’s Grid File Handler. The provided record says the affected function is GDSDfldsrch in frmts/hdf4/hdf-eos/GDapi.c and that the condition can lead to a heap-based buffer overflow. The source metadata also notes that a public exploit has been disclosed. From a defensive perspective, this is most relevant anywhere GDAL is used to process [truncated]
CVE-2026-8212 is a local memory-corruption issue in OSGeo GDAL affecting the SWSDfldsrch function in frmts/hdf4/hdf-eos/SWapi.c. The supplied record says the flaw can trigger a heap-based buffer overflow, requires local access, and has a public exploit reference. A fix is referenced by commit 3e04c0385630e4d42517046d9a4967dfccfeb7fd and the GDAL 3.13.0RC1 release.
CVE-2026-8192 is a reported command-injection flaw in Wavlink NU516U1 M16U1_V240425, affecting the wzdap function in /cgi-bin/adm.cgi. The supplied disclosure says attacker-controlled EncrypType/wl_Pass input can lead to OS command injection, that the attack may be initiated remotely, and that a public exploit has been released. Even though the published severity is low, exposed devices should be reviewed [truncated]
CVE-2026-8191 describes a remote OS command injection issue in Wavlink NU516U1 M16U1_V240425. The vulnerable path is /cgi-bin/adm.cgi, where manipulation of the skiplist1/skiplist2 arguments in the wifi_region function can lead to command execution. Although the published CVSS score is low, the issue matters because it is network-reachable, there is public reporting of an exploit, and the vendor was repor [truncated]