CVE-2026-5021

A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been...

[SECURITY] Fedora 43 Update: rust-ingredients-0.2.2-3.fc43

Check ingredients of published Rust crates...

CVE-2026-5012

A flaw has been found in elecV2 elecV2P up to 3.8.3. This issue affects the function pm2run of the file /rpc. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem ear...

EUVD-2026-16932

A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The affected element is the function doPOST of the file backend/server.py. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publishe...

Server-side Request Forgery (SSRF)

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the /api/addPackage endpoint. An attacker can access internal network services and exfiltrate sensitive cloud metadata b...

Incorrect Authorization

Overview @openclaw/bluebubbles is an OpenClaw BlueBubbles channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the requireMention process. An attacker can trigger agent-visible system events in group chats that are intended to be mention-gated by sending...

Weak Password Requirements

Overview @openclaw/bluebubbles is an OpenClaw BlueBubbles channel plugin Affected versions of this package are vulnerable to Weak Password Requirements via the authentication process. An attacker can bypass intended authentication mechanisms by sending a high volume of password guesses without...

CVE-2026-4992 wandb OpenUI HTMLAnnotator server.py get_share HTML injection

A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...

EUVD-2026-16809

A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack...

GHSA-PWQR-WMGM-9RR8

creationtimestamp| type| source ---|---|--- 2026-03-27 21:23:14+00:00| published-proof-of-concept| Telegram/B1-lnNSHplGL4tzlck3EB0WXwjfJllp4cXItiyc0oKB0vU...

PT-2026-28699

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44 Description A stack-based buffer overflow can occur in the fromSetSysTime function within the /goform/SetSysTimeCfg file, specifically through manipulation of the Time argument via a POST request. This allows for...

PT-2026-28692

Name of the Vulnerable Software and Affected Versions itsourcecode Free Hotel Reservation System version 1.0 Description A flaw exists in itsourcecode Free Hotel Reservation System version 1.0 that may allow for SQL injection. The issue is located in the file /admin/mod room/index.php?view=edit...

CVE-2026-4903

A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. Th...

Incorrect Authorization

Overview @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the auth process. An attacker can gain unauthorized access by sending requests with add-on principals that are not bound to the intended...

Incorrect Authorization

Overview @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the callback process. An attacker can execute unauthorized actions by sending specially crafted requests before sender authorization check...

SQL Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection via the fixCleanTitle function. An attacker can access sensitive database information by injecting crafted input into the cleantitle or id parameters...

CVE-2026-3967

A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function deserialize/createObjectInputStream of the file activiti-core/activiti-engine/src/main/java/org/activiti/engine/impl/variable/SerializableType.java of the component Process Variable Serialization...

CVE-2026-4045

A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldapemail can lead to observable response discrepancy. The attack can be executed remotely. A high complexity level is associated with...

CVE-2026-4465

A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formSysCmd. Executing a manipulation of the argument sysCmd can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. This...

CVE-2026-4204

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function...