309 matches found
CVE-2026-6028
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Impacted is the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable leads to os command injection. The attack may be initiated remotely...
PT-2026-31832
Name of the Vulnerable Software and Affected Versions Tenda F451 version 1.0.0.7 Description A stack-based buffer overflow occurs due to the manipulation of the page argument within the fromP2pListFilter function located in the '/goform/P2pListFilter' file. This issue allows for remote...
CVE-2026-5828
CVE-2026-5828 affects code-projects Simple IT Discussion Forum 1.0 . The vulnerability is in an unknown function in /functions/addcomment.php where manipulation of the postid parameter enables SQL injection . Exploitation is feasible remotely with a network attack and requires no privileges or us...
PT-2026-31588
Name of the Vulnerable Software and Affected Versions Tenda i12 version 1.0.0.113862 Description A path traversal issue exists in the HTTP Handler component of Tenda i12 version 1.0.0.113862. A remote attacker can exploit this by manipulating the system, potentially leading to unauthorized access...
CVE-2026-5691
A vulnerability has been found in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setFirewallType of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument firewallType leads to os command injection. The attack is possible to be carried out remotely. The exploit has been...
CVE-2026-5561
A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the component Environment Variable Handler. Executing a manipulation can lead to injection. It is...
PT-2026-29652
Name of the Vulnerable Software and Affected Versions Nothings stb versions up to 1.26 Description A flaw exists in Nothings stb, specifically within the stbtt buf get8 function located in the stb truetype.h library of the TTF File Handler component. This issue can lead to an out-of-bounds read...
CVE-2026-5206
CVE-2026-5206 affects: code-projects Simple Gym Management System 1.0, specifically the unknown code in the Payment Handler . The issue is a SQL injection caused by manipulation of the arguments Payment_id, Amount, customer_id, payment_type, and customer_name. The vulnerability allows remote expl...
Linux Distros Unpatched Vulnerability : CVE-2026-5037
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in mxml up to 4.0.4. This issue affects the function indexsort of the file mxml-index.c of the component mxmlIndexNew. Executing ...
EUVD-2026-16979
A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /viewwork.php of the component Parameter Handler. Such manipulation of the argument enid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
PT-2026-28713
Name of the Vulnerable Software and Affected Versions wandb OpenUI versions up to 1.0 Description A cross site scripting issue exists in the file frontend/public/annotator/index.html of the Window Message Event Handler component. This manipulation can be initiated remotely and the exploit has bee...
CVE-2026-4207
A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function...
CVE-2026-4848
CVE-2026-4848 affects dameng100 muucmf 1.9.5.20260309. The vulnerability is in an unknown function of /admin/extend/list.html, where manipulating the Name parameter can cause cross-site scripting. Exploitation is remote, with a publicly disclosed exploit and PoC maturity indicated. No remediation...
CVE-2026-4564
A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack...
CVE-2026-4499 D-Link DIR-820LW SSDP ssdpcgi_main os command injection
A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgimain of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...
CVE-2026-4466
A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=ntptimezone. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public an...
EUVD-2026-12286
A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects the function...
CVE-2026-4186 UEditor JSONP Callback controller.php cross site scripting
A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...
CVE-2026-3944
A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /attadd.php. This manipulation of the argument Name causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be...
PT-2026-24668
šØ CVE-2026-3944 A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /att add.php. This manipulation of the argument Name causes sql injection. The attack may be initiated remotely. The exploit has been publicly...