PT-2026-27009

A security vulnerability has been detected in mickasmt next-saas-stripe-starter 1.0.0. Affected is the function generateUserStripe of the file actions/generate-user-stripe.ts of the component Checkout Handler. The manipulation of the argument priceId leads to business logic errors. The attack may...

PT-2026-26974

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmz flag/del flag results in command injection. It is possible to initiate the...

PT-2026-26969

Name of the Vulnerable Software and Affected Versions PyTorch version 2.10.0 Description A flaw exists in PyTorch related to deserialization within the pt2 Loading Handler component. The issue is triggered by manipulation of an unknown function. This can be exploited in a local environment. The...

PT-2026-26959

A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. It is...

PT-2026-26975

A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argument homepage/hostname/login page can lead to cross site scripting. It is possible to launch the...

PT-2026-26991

TuneClone 2.20 contains a structured exception handler SEH buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string. Attackers can craft a payload with a controlled buffer, NSEH jump instruction, and SEH handler address...

PT-2026-27036

Name of the Vulnerable Software and Affected Versions yangzongzhuan RuoYi versions up to 4.8.2 Description A security issue exists in yangzongzhuan RuoYi, specifically within the Quartz Job Handler component. The issue involves code injection stemming from manipulation of the invokeTarget argumen...

CVE-2026-4529

A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirectcountdownpage of the component SOAP Handler. Such manipulation leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. This...

CVE-2026-4529 D-Link DHP-1320 SOAP redirect_count_down_page stack-based overflow

A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirectcountdownpage of the component SOAP Handler. Such manipulation leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. This...

CVE-2026-4529 D-Link DHP-1320 SOAP redirect_count_down_page stack-based overflow

A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirectcountdownpage of the component SOAP Handler. Such manipulation leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. This...

CVE-2026-4529

The CVE-2026-4529 issue affects D-Link DHP-1320 devices, specifically version 1.00WWB04, where the SOAP Handler’s redirect_count_down_page function is vulnerable to a stack-based buffer overflow. The vulnerability enables remote execution and is supported by a publicly available exploit. Multiple...

CVE-2026-4529

A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirectcountdownpage of the component SOAP Handler. Such manipulation leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. This...

EUVD-2019-19886

RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception handler SEH chain corruption. Attackers can craft a malicious input string with 268 bytes of...

CVE-2019-25569

RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception handler SEH chain corruption. Attackers can craft a malicious input string with 268 bytes of...

CVE-2019-25569

RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow in the Echo Port field. The vulnerability allows local attackers to crash the application by corrupting the SEH chain; a crafted input consisting of 268 padding bytes followed by SEH overwrite values pasted into the Port fie...

EUVD-2026-14242

A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...

CVE-2026-4510 PbootCMS Parameter MemberController.php alert_location cross site scripting

A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...

CVE-2026-4510

CVE-2026-4510 affects PbootCMS up to 3.2.12. The flaw exists in the Parameter Handler’s function alert_location within apps/home/controller/MemberController.php, where manipulating the backurl argument enables cross-site scripting. Remote exploitation is possible and an exploit has been made publ...

CVE-2026-1935

The Company Posts for LinkedIn plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.0. This is due to a missing capability check on the linkedincompanypostresethandler function hooked to adminpostresetlinkedincompanypost. This makes it possible for...

Duplicate Advisory: OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-792q-qw95-f446. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling...