CVE-2026-11523

A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be launched remotely. Th...

CVE-2026-11504

A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule Configuration Endpoint. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer...

CVE-2026-11503

A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function formfastsettingwifiset of the file /goform/fastsettingwifiset of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The...

CVE-2026-11517

A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly...

CVE-2026-11505

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires ...

Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

Windows Performance Monitor Remote Code Execution Vulnerability

Integer underflow wrap or wraparound in Windows Performance Monitor allows an unauthorized attacker to execute code over a network...

Windows Kernel Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally...

Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability

Improper link resolution before file access 'link following' in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally...

Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

Exploit for Deserialization of Untrusted Data in Facebook React

React2ShellExploit CVE-2025-55182 I created simple react2she...

auto_exploiter

Auto-Exploiter Framework ⚠️ LEGAL DISCLAIMER — Authorised...

Exploit for Use After Free in Redis

redis-server from 7.2.0 until 8.6.3, the Remote Code Execution...

Update Chrome: Google patches actively exploited vulnerability and 73 others

Google has issued updates for the Chrome browser, patching a number of high‑severity vulnerabilities. The update includes fixes for 74 vulnerabilities, including one that is being actively exploited in the wild. The stable channel has been updated to 149.0.7827.102/.103 for Windows/Mac, and...

Exploit for Use After Free in Linux Linux_Kernel

🐧 CVE-2026-23111 - Linux Kernel nftables Use-After-Free Vulne...

CVE-2026-11494

A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation leads to least privilege violation. The attack may be initiated remotely. The exploit has been disclosed publicly...

CVE-2026-11495

A vulnerability was detected in CodeAstro Ingredients Stock Management System 1.0. This impacts an unknown function of the file /Ingredients-Stock/addstock.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be...

CVE-2026-11490

A vulnerability was determined in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Frontend/Search.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly...

CVE-2026-11497

A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely. The exploit has bee...

CVE-2026-11491

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/Allnotice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input as part of POST leads to cross site scripting. It...