CVE-2026-2212

A vulnerability was identified in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /Administrator/PHP/AdminEditCategory.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. Th...

CVE-2026-2175

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub420618 of the file /goform/setupnp. This manipulation of the argument upnpenable causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to...

CVE-2026-2154

The CVE describes a cross-site scripting (XSS) vulnerability in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0, affecting the Patient Registration Module via /registration.php. The vulnerability stems from manipulating the First Name parameter, enabling remote expl...

EUVD-2026-5804

A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. Such manipulation of the argument nginxDir leads to cross site scripting. The attack can be executed remotely...

CVE-2026-2131 XixianLiang HarmonyOS-mcp-server input_text os command injection

A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function inputtext. The manipulation of the argument text leads to os command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...

PT-2026-6974

Name of the Vulnerable Software and Affected Versions Tenda AC21 version 16.03.08.16 Description A weakness exists in the Tenda AC21 device. This issue affects an unknown function within the Web Management Interface component, specifically related to the file /cgi-bin/DownloadLog. A manipulation ...

PT-2026-6998

Name of the Vulnerable Software and Affected Versions Totolink WA300 version 5.2cu.7112 B20190227 Description A flaw exists in the Totolink WA300 device that allows for remote command execution. This is due to a vulnerability within the setAPNetwork function located in the /cgi-bin/cstecgi.cgi...

CVE-2026-1974

A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit is publicly available and...

Fedora 43 : open-vm-tools (2026-55bb6efd14)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-55bb6efd14 advisory. Update to 13.0.10. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

CVE-2026-1325

A security flaw has been discovered in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function editpwdmall of the file /fort/login/editpwdmall. The manipulation of the argument flag results in weak password recovery. It is possible to launch the attack...

MiracleLinux 8 : glibc-2.28-251.el8_10.22 (AXSA:2025-10009:07)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10009:07 advisory. glibc: static setuid binary dlopen may incorrectly search LDLIBRARYPATH CVE-2025-4802 Tenable has extracted the preceding description block directly from th...

MiracleLinux 7 : httpd-2.4.6-97.1.0.1.el7.AXS7 (AXSA:2021-2480:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2480:01 advisory. httpd: modproxy: SSRF via a crafted request uri-path containing unix: CVE-2021-40438 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : webkit2gtk3-2.36.7-1.el8.3.ML.1 (AXSA:2023-5310:08)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5310:08 advisory. WebKitGTK: use-after-free leads to arbitrary code execution CVE-2023-28205 Tenable has extracted the preceding description block directly from the MiracleLin...

MiracleLinux 9 : curl-7.76.1-26.el9_3.3 (AXSA:2024-7591:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7591:01 advisory. curl: information disclosure by exploiting a mixed case flaw CVE-2023-46218 Tenable has extracted the preceding description block directly from the...

CVE-2026-1134

A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown function of the file /admin/expenses.php. The manipulation of the argument detail leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might ...

CVE-2025-15534

A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. The manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used...

CVE-2026-0822 quickjs-ng quickjs quickjs.c js_typed_array_sort heap-based overflow

A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function jstypedarraysort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The...

CVE-2024-2983

A vulnerability was found in Tenda FH1202 1.2.0.14408 and classified as critical. Affected by this issue is the function formSetClientState of the file /goform/SetClientState. The manipulation of the argument deviceId/limitSpeed/limitSpeedUp leads to stack-based buffer overflow. The attack may be...

CVE-2025-15232 Tenda M3 setAdPushInfo formSetAdPushInfo stack-based overflow

A vulnerability was identified in Tenda M3 1.0.0.134903. This vulnerability affects the function formSetAdPushInfo of the file /goform/setAdPushInfo. The manipulation of the argument mac/terminal leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit ...

CVE-2025-15084

A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to...