EUVD-2026-10235

A security vulnerability has been detected in Tenda F453 1.0.0.3. This affects the function strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicl...

AZL-79652 CVE-2026-3713 affecting package tensorflow 2.16.1-11

A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function dopnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fireWebhook function in the file /internal/service/webhook/webhook.go. An attacker can cause the server to initiate arbitrary requests to internal or external systems by supplying crafted input t...

CVE-2026-3696

A vulnerability was found in Totolink N300RH 6..1c.1353B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has...

Tenda F453 安全漏洞

The Tenda F453 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.3 of the Tenda F453 contains a security vulnerability. This vulnerability stems from incorrect handling of parameters in the file/goform/WrlExtraSet, specifically the parameter GO, which may lead to a stack...

CVE-2026-28482

OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to...

HSC Cybersecurity Mailinspector 代码注入漏洞

HSC Cybersecurity Mailinspector is an email security management system developed by HSC Cybersecurity in France. Versions of HSC Cybersecurity Mailinspector 5.3.2-3 and earlier contain a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter...

CVE-2026-28459

OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...

EUVD-2026-9907

OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...

GHSA-9FV2-C7V6-P45W Fonoster is vulnerable to directory traversal

Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file VoiceServer endpoint. This occurs in serveFiles in mods/voice/src/utils.ts. NOTE: serveFiles exists in 0.5.5 but not in the next release, 0.6.1...

CVE-2026-22416 WordPress FixTeam theme <= 1.5.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes FixTeam fixteam allows PHP Local File Inclusion.This issue affects FixTeam: from n/a through = 1.5.0...

CVE-2026-29120

Technical details beyond what’s in the Initial Description are not publicly provided in the connected documents. Monitor for updates to the CVE-2026-29120 entry as new disclosures may clarify affected components, impact, or remediation.

CVE-2025-48567

In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

EUVD-2026-9323

A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument rollno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed t...

CVE-2026-26883

Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/classes/Master.php?f=deleteappointment...

SourceCodester Pharmacy Point of Sale System 安全漏洞

The SourceCodester Pharmacy Point of Sale System is an open-source pharmacy sales point system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Point of Sale System contains a security vulnerability, which stems from SQL injection in the /pharmacy/managestock.php file...

CVE-2025-48567

In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

EUVD-2025-208198

In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

CVE-2025-48567

In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

CVE-2025-48567

In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...