CVE-2026-4961 Tenda AC6 POST Request QuickIndex formQuickIndex stack-based overflow

A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible ...

CVE-2026-4961 Tenda AC6 POST Request QuickIndex formQuickIndex stack-based overflow

A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible ...

CVE-2026-4961

CVE-2026-4961 affects the Tenda AC6 firmware version 15.03.05.16. The vulnerability is in the POST Request Handler’s file /goform/QuickIndex, specifically the formQuickIndex function. Manipulating the PPPOEPassword argument triggers a stack-based buffer overflow, enabling remote exploitation. Pub...

EUVD-2026-16668

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences '../'...

CVE-2026-5027 Langflow - Path Traversal Arbitrary File Write via upload_user_file

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences '../'...

CVE-2026-5027

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences '../'...

CVE-2026-5027

Langflow

CVE-2026-33917

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

CVE-2026-4909

A weakness has been identified in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/updates7.php. This manipulation of the argument sname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to t...

EUVD-2026-16529

A weakness has been identified in code-projects Exam Form Submission 1.0/7.php. This impacts an unknown function of the file /admin/updates7.php. This manipulation of the argument sname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made availabl...

CVE-2026-4909 code-projects Exam Form Submission update_s7.php cross site scripting

A weakness has been identified in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/updates7.php. This manipulation of the argument sname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to t...

CVE-2026-4909

A weakness has been identified in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/updates7.php. This manipulation of the argument sname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to t...

CVE-2026-4909

CVE-2026-4909 affects code-projects Exam Form Submission 1.0, specifically the /admin/update_s7.php function where manipulation of the sname argument enables cross-site scripting. The vulnerability can be triggered remotely, and public exploits exist. The available connected documentation confirm...

EUVD-2026-16472

A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. Th...

EUVD-2026-16476

A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack is possible...

CVE-2026-4904

A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit...

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has a security vulnerability that stems from the lack of cleanup of the filename parameter in the multipart form data when the endpoint POST /api/v2/files is used. This...

PT-2026-28700

Name of the Vulnerable Software and Affected Versions Tenda AC15 version 15.03.05.19 Description A flaw exists in the Tenda AC15 router that allows remote attackers to trigger a stack-based buffer overflow. The issue is located within the POST Request Handler component, specifically in the...

Code-Projects Exam Form Submission 安全漏洞

Code-Projects Exam Form Submission is an open-source exam form developed by Code-Projects. Version 1.0 of Code-Projects Exam Form Submission contains a security vulnerability. This vulnerability stems from improper handling of the parameter sname in the file admin/updates7.php, which may lead to...

PT-2026-28687

Name of the Vulnerable Software and Affected Versions Tenda AC6 version 15.03.05.16 Description A flaw exists in the Tenda AC6 device that allows for a stack-based buffer overflow. This occurs through the manipulation of the PPPOEPassword argument within the formQuickIndex function, located in th...