CVE-2026-10995

Heap buffer overflow in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-10900

Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-10891

Use after free in GFX in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-10886

Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-10875

The CVE-2026-10875 entry affects projectworlds Online Art Gallery Shop Project 1.0. The vulnerability is in an unknown function of the file /admin/adminHome.ph; manipulating the social_twitter argument causes SQL injection. A remote attack is possible, and the exploit has been released publicly. ...

CVE-2026-10874 projectworlds Online Art Gallery Shop Project adminHome.php sql injection

A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument socialinsta leads to sql injection. The attack may be initiated remotely. The exploit is publicly...

CVE-2026-10873 Shibby Tomato Web UI rstats rstats_path os command injection

A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstatspath of the file /bin/rstats of the component Web UI. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

CVE-2026-10873

The CVE-2026-10873 entry pertains to Shibby Tomato 1.28.0000, where the rstats_path function in /bin/rstats of the Web UI is vulnerable. The underlying issue enables an os command injection, with remote attack potential. Public exploit details exist per the connected CVE listing, and the project ...

CVE-2026-10870

A flaw has been found in Shibby Tomato 1.28.0000. This affects the function startdhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This project is...

EUVD-2026-34323

A flaw has been found in Shibby Tomato 1.28.0000. This affects the function startdhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This project is...

CVE-2026-10870

CVE-2026-10870 affects Shibby Tomato 1.28.0000 Web UI, specifically the start_dhcpc function in /sbin/rc. The stored description indicates an os command injection vulnerability that can be triggered remotely, with an exploit published. The project is superseded by FreshTomato. No remediation deta...

CVE-2025-69755

An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the atcommand.asp interface...

CVE-2026-10815 LakshayD02 Hostel-Management-System-PHP Admin Dashboard index.php authorization

A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...

CVE-2026-10815

The CVE-2026-10815 entry concerns LakshayD02’s Hostel-Management-System-PHP (up to commit f87e67c283bab6f718faf2fec6ae39a13bd7036b). The vulnerability affects the Admin Dashboard Page, specifically the hostel/index.php component, where manipulating the argument ID results in missing authorization...

CVE-2026-10811

A security vulnerability has been detected in itsourcecode Fees Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /receipt.php. Such manipulation of the argument efid leads to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2026-10810

A weakness has been identified in itsourcecode Fees Management System up to 1.0. Affected is an unknown function of the file /navbar.php. This manipulation of the argument page causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to t...

CVE-2026-10807

A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/changeprofileimage.php. Executing a manipulation of the argument prprofileimage can lead to unrestricted upload. The attack may be launched remotely. The...

CVE-2026-10811 itsourcecode Fees Management System receipt.php sql injection

A security vulnerability has been detected in itsourcecode Fees Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /receipt.php. Such manipulation of the argument efid leads to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2026-10811 itsourcecode Fees Management System receipt.php sql injection

A security vulnerability has been detected in itsourcecode Fees Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /receipt.php. Such manipulation of the argument efid leads to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2026-10810

CVE-2026-10810 affects itsourcecode Fees Management System up to version 1.0. The vulnerability resides in an unknown function of /navbar.php, whose manipulation leads to cross-site scripting. Exploitation is possible remotely and PoCs exist publicly. The CVE metrics indicate a MEDIUM severity (v...