PT-2026-32148

A flaw has been found in Totolink A7100RU 7.4cu.2313 b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has...

PT-2026-32154

A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of the argument GO causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been...

CVE-2026-32930

creationtimestamp| type| source ---|---|--- 2026-04-10 19:31:17+00:00| published-proof-of-concept| Telegram/5BYtFCja3ItyUAudrFtyDv4j4kJF13U-uq-WjYMkVFgHgE...

GHSA-CXMW-P77Q-WCHG

creationtimestamp| type| source ---|---|--- 2026-04-10 19:30:36+00:00| published-proof-of-concept| Telegram/-hUuw8aTFVWSQYPf3qEKqcT3Zmmt4K4bisrN5sFAqL07rbc...

CVE-2026-40115

creationtimestamp| type| source ---|---|--- 2026-04-10 19:23:13+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-2xgv-5cv2-47vv...

Incorrect Behavior Order

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order in the Delegate process when the User parameter is unset and the unit is running. An attacker can cause a system service to terminate unexpectedly by creating or manipulating a unit with these settings. This is...

EUVD-2026-21326

A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /del1.php. This manipulation of the argument toolname causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be us...

CVE-2026-6034

A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /BranchManagement/ProfitAndLossReport.php. Executing a manipulation of the argument BRANCHID can lead to cross site scripting. The attack may be launched remotely. The exploi...

CVE-2026-6030 itsourcecode Construction Management System del1.php sql injection

A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /del1.php. This manipulation of the argument toolname causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be us...

EUVD-2026-21295

A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function of the file /hematologyprint.php. Executing a manipulation of the argument hemid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value in the wolfSSLEVPCipherFinal process. An attacker can obtain unauthorized access to plaintext data by submitting ciphertext with a forged or incorrect authentication tag, as the tag is not...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation due to improper validation of the AES-GCM authentication tag length in the wcPKCS7DecodeAuthEnvelopedData function. An attacker can bypass authentication by truncating the authentication tag, significantly...

CVE-2026-6014

A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is possible to initiate the attack remotely. The exploit...

EUVD-2026-21244

A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be...

CVE-2026-5989

A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used...

PT-2026-31888

Name of the Vulnerable Software and Affected Versions itsourcecode Construction Management System version 1.0 Description A flaw exists in itsourcecode Construction Management System 1.0. The issue involves the manipulation of the toolname argument within an unknown function of the file...

EUVD-2026-21187

A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remotely. The exploit...

Arbitrary Command Injection

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the Terminal.runcommand function. An attacker can execute arbitrary operating system commands by supplying crafted input to this function. Remediation A fix was push...

Arbitrary Command Injection

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the getmimetype function. An attacker can execute arbitrary operating system commands by supplying crafted input remotely. Remediation A fix was pushed into the mast...

CVE-2026-5980

A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remotely. The exploit...