PT-2026-27063

A vulnerability was found in code-projects Exam Form Submission 1.0. The affected element is an unknown function of the file /admin/update s4.php. Performing a manipulation of the argument sname results in cross site scripting. The attack may be initiated remotely. The exploit has been made publi...

CVE-2026-4533

A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

EUVD-2026-13729

A vulnerability was detected in Tenda A18 Pro 02.03.02.28. This vulnerability affects the function formfastsettingwifiset of the file /goform/fastsettingwifiset. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used...

EUVD-2026-11521

A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wanconnected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may b...

CVE-2026-3817 SourceCodester Patients Waiting Area Queue Management System patient-search.php improper authorization

A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. This issue affects some unknown processing of the file /patient-search.php. The manipulation results in improper authorization. The attack can be launched remotely. The exploit is now public and may ...

EUVD-2026-10292

A vulnerability was found in Tenda i3 1.0.0.62204. Affected by this vulnerability is the function formSetAutoPing of the file /goform/setAutoPing. Performing a manipulation of the argument ping1/ping2 results in stack-based buffer overflow. The attack is possible to be carried out remotely. The...

CVE-2026-3736 code-projects Simple Flight Ticket Booking System SearchResultRoundtrip.php sql injection

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this issue is some unknown functionality of the file SearchResultRoundtrip.php. Performing a manipulation of the argument from results in sql injection. The attack may be initiated remotely. The exploi...

PT-2026-23985

Name of the Vulnerable Software and Affected Versions EasyCMS versions up to 1.6 Description A flaw exists in EasyCMS that allows for remote SQL injection. The issue is located in an unknown function within the /RbacnodeAction.class.php file, part of the Request Parameter Handler component...

CVE-2026-3377

A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Performing a manipulation of the argument page results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be use...

CVE-2026-3170

A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected is an unknown function of the file /patient-search.php. The manipulation of the argument First Name/Last Name results in cross site scripting. The attack can be executed...

CVE-2026-2935

A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/ConfigExceptMSN. Executing a manipulation of the argument remark can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to...

CVE-2026-2957

In qinming99 dst-admin up to v1.5.0, the deleteBackup function in BackupController.java (File Handler component) is vulnerable to a remote Denial of Service. Public exploit details exist (PT-2026-21468), and upgrading to v1.5.1 is recommended; as a workaround, restrict access to deleteBackup unti...

CVE-2026-2865

A vulnerability was found in itsourcecode Agri-Trading Online Shopping System 1.0. This impacts an unknown function of the file admin/productcontroller.php of the component HTTP POST Request Handler. Performing a manipulation of the argument Product results in sql injection. The attack may be...

CVE-2026-2856 D-Link DWR-M960 Filter Configuration Endpoint formFilter sub_424AFC stack-based overflow

A vulnerability was found in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub424AFC of the file /boafrm/formFilter of the component Filter Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be...

CVE-2026-2853 D-Link DWR-M960 System Log Configuration Endpoint formSysLog sub_462E14 stack-based overflow

A vulnerability was detected in D-Link DWR-M960 1.01.07. This affects the function sub462E14 of the file /boafrm/formSysLog of the component System Log Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated...

PT-2026-20561

Name of the Vulnerable Software and Affected Versions itsourcecode Event Management System version 1.0 Description A SQL injection issue exists in itsourcecode Event Management System version 1.0. The issue is located in the /admin/manage booking.php file, within an unknown function. Manipulation...

CVE-2026-2667 Rongzhitong Visual Integrated Command and Dispatch Platform api access control

A vulnerability has been found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. The impacted element is an unknown function of the file /dispatch/api?cmd=userinfo. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit h...

PT-2026-8359

A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub 40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument time zone causes stack-based buffer overflow. The attack can be initiated remotely. The attack is considered to have hig...

CVE-2026-1179 Yonyou KSOA HTTP GET Parameter user_popedom.jsp sql injection

A vulnerability was detected in Yonyou KSOA 9.0. This affects an unknown part of the file /kmf/userpopedom.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid results in sql injection. The attack can be launched remotely. The exploit is now public and may be...

CVE-2026-1159

CVE-2026-1159 affects itsourcecode Online Frozen Foods Ordering System 1.0. The issue arises from processing of the file /order_online.php, where manipulating the argument product_name can lead to an SQL injection. The vulnerability can be exploited remotely, and public proofs-of-concept exist ac...