CVE-2022-50967

CVE-2022-50967 concerns a reflected cross-site scripting vulnerability in uBidAuction 2.0.1, specifically in the tickets/manage module. The issue stems from improper sanitization of the filter parameters date_created, date_from, date_to, and created_at, enabling an attacker to inject malicious sc...

EUVD-2026-28991

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high...

CVE-2026-8243

A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This affects an unknown function of the component JNLP Deployment Endpoint. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be performed from remote. The vendor was...

CVE-2026-8243 Industrial Application Software IAS Canias ERP JNLP Deployment Endpoint hard-coded key

A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This affects an unknown function of the component JNLP Deployment Endpoint. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be performed from remote. The vendor was...

CVE-2026-8242 Industrial Application Software IAS Canias ERP Login RMI doAction response discrepancy

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high...

CVE-2026-8242

Technical details about CVE-2026-8242 are not publicly available in the provided documents. Monitor for updates from the vendor and security advisories.

CVE-2026-8242

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high...

CVE-2026-8234

A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit h...

EUVD-2026-28982

A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the publ...

EUVD-2026-28974

A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogspccruleinstallflowfrommedia in the library /lib/proto/types.c. The manipulation results in denial of service. The attack can be launched remotely. The exploit has been released to the public and...

CVE-2026-8231

A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the publ...

CVE-2026-8234

A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit h...

CVE-2026-8234

An analysis of CVE-2026-8234 shows a stack-based buffer overflow in the EFM ipTIME A8004T device (firmware 14.18.2) via the function /goform/WifiBasicSet formWifiBasicSet, triggered by manipulating the security_5g argument. The vulnerability can be exploited remotely and has publicly disclosed ex...

CVE-2026-8225

A vulnerability was identified in Open5GS up to 2.7.7. This affects the function pcfnpcfsmpolicycontrolhandledelete of the file src/pcf/sm-sm.c of the component delete Endpoint. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly available an...

CVE-2026-8231 CodeAstro Online Catering Ordering System deleteorder.php sql injection

A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the publ...

CVE-2026-8230

CVE-2026-8230 affects Wavlink NU516U1 240425. The vulnerability lies in the /cgi-bin/login.cgi file, within the function called sys_login1, where manipulating the ipaddr argument can trigger an OS command injection. This allows remote attackers to execute commands on the device. Exploitation is p...

CVE-2026-8229 Wavlink NU516U1 wireless.cgi WifiBasic os command injection

A vulnerability was detected in Wavlink NU516U1 240425. The affected element is the function WifiBasic of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument AuthMethod/EncrypType results in os command injection. Remote exploitation of the attack is possible. The exploit is...

CVE-2026-8228

CVE-2026-8228 affects Wavlink NU516U1 240425. The vulnerability is in the function advance of the file /cgi-bin/wireless.cgi . Improper handling of the argument wlan_conf/Channel/skiplist/ieee_80211h allows an attacker to perform an OS command injection remotely. The attack surface is network-exp...

CVE-2026-8227 Wavlink NU516U1 adm.cgi wzdapMesh os command injection

A weakness has been identified in Wavlink NU516U1 240425. This issue affects the function wzdapMesh of the file /cgi-bin/adm.cgi. This manipulation causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. T...

EUVD-2026-28957

A vulnerability was detected in Devs Palace ERP Online up to 4.0.0. This affects an unknown function of the file /inventory/customer-save. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted ear...