EUVD-2026-16476

A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack is possible...

PT-2026-28694

Name of the Vulnerable Software and Affected Versions code-projects Social Networking Site version 1.0 Description A cross site scripting issue exists due to the manipulation of the content argument within an unknown function of the file '/home.php' of the Alert Handler component. Remote...

PT-2026-28690

A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function convert message create to message of the file letta/helpers/message helper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to server-side request...

PT-2026-28682

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launch...

PT-2026-28707

Name of the Vulnerable Software and Affected Versions Open5GS version 2.7.6 Description A security flaw exists in Open5GS 2.7.6, specifically within the CCA Message Handler component and the smf gx cca cb/smf gy cca cb/smf s6b function. This manipulation can lead to a denial of service. The attac...

PT-2026-28686

Name of the Vulnerable Software and Affected Versions Tenda AC6 version 15.03.05.16 Description A stack-based buffer overflow exists in the fromWizardHandle function of the /goform/WizardHandle file within the POST Request Handler component. Manipulation of the WANT/WANS argument can trigger this...

PT-2026-28700

Name of the Vulnerable Software and Affected Versions Tenda AC15 version 15.03.05.19 Description A flaw exists in the Tenda AC15 router that allows remote attackers to trigger a stack-based buffer overflow. The issue is located within the POST Request Handler component, specifically in the...

PT-2026-28683

A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handle tool call of the file XAgent/function handler.py of the component API Key Handler. This manipulation of the argument api key causes sensitive information in log files. The attack may be...

XAgent 日志信息泄露漏洞

XAgent is an open-source, experimental large language model-driven autonomous agent developed by OpenBMB. Version XAgent 1.0.0 contains a vulnerability related to log information leakage, which stems from incorrect handling of the parameter apikey in the file XAgent/functionhandler.py. This could...

Linux Distros Unpatched Vulnerability : CVE-2026-4833

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler...

CVE-2026-4902

A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is n...

CVE-2026-4905 Tenda AC5 POST Request WifiWpsOOB formWifiWpsOOB stack-based overflow

A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack is possible...

CVE-2026-4905

A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack is possible...

CVE-2026-4904

A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit...

CVE-2026-4823

A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functionality of the component NTLM2 Handler. Executing a manipulation can lead to information disclosure. The attack is restricted to local execution. Attacks of this nature are highl...

CVE-2026-4902 Tenda AC5 POST Request addressNat fromAddressNat memory corruption

A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is n...

GHSA-9H59-P45G-445H Ella Core has a Denial of Service via SCTP connection cleanup deadlock

Summary A deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. Impact An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denial of service for all subscribers. Fix Add deferred Radio cleanu...

Ella Core panics when processing a crafted NGAP LocationReport message

Summary Ella Core panics when processing a specially crafted NGAP LocationReport message. Impact An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. Fix Add guards in NGAP Location Report handler...

Use of Incorrectly-Resolved Name or Reference

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via the webhook-handler process. An attacker can redirect message replies to an unintended user by exploiting mutable username resolution...

Use of Incorrectly-Resolved Name or Reference

Overview @openclaw/synology-chat is a Synology Chat channel plugin for OpenClaw Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via the webhook-handler process. An attacker can redirect message replies to an unintended user by exploiting mutable...