192445 matches found
CVE-2026-3808 Tenda FH1202 webtypelibrary formWebTypeLibrary stack-based overflow
A vulnerability was detected in Tenda FH1202 1.2.0.14408. The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is no...
CVE-2026-3804
A security flaw has been discovered in Tenda i3 1.0.0.62204. This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit...
CVE-2026-3804 Tenda i3 WifiMacFilterSet formWifiMacFilterSet stack-based overflow
A security flaw has been discovered in Tenda i3 1.0.0.62204. This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit...
CVE-2026-3802
A vulnerability was determined in Tenda i3 1.0.0.62204. Affected by this issue is the function formexeCommand of the file /goform/exeCommand. Executing a manipulation of the argument cmdinput can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been...
CVE-2026-3802 Tenda i3 exeCommand formexeCommand stack-based overflow
A vulnerability was determined in Tenda i3 1.0.0.62204. Affected by this issue is the function formexeCommand of the file /goform/exeCommand. Executing a manipulation of the argument cmdinput can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been...
CVE-2026-3822 Taipower|Taipower APP(Android) - Improper Certificate Validation
Taipower APP for Andorid developed by Taipower has an Improper Certificate Validation vulnerability. When establishing an HTTPS connection with the server, the application fails to verify the server-side TLS/SSL certificate. This flaw allows an unauthenticated remote attackers to exploit the...
EUVD-2026-10284
A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Email API. Such manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit is publicly available and...
CVE-2026-3798 Comfast CF-AC100 Request Path mbox-config sub_44AC14 command injection
A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub44AC14 of the file /cgi-bin/mbox-config?method=SET§ion=pingconfig of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is no...
CVE-2026-3679
A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex. Such manipulation of the argument mitlinktype/PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The...
CVE-2026-3793
A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file salesinvoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. It is possible to initiate the attack...
EUVD-2026-10276
A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument order results in sql injection. The attack can be launched remotely. The exploit...
EUVD-2026-10274
A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the...
PT-2026-24053
Name of the Vulnerable Software and Affected Versions UTT HiPER 810G versions up to 1.7.7-1711 Description A security flaw exists in UTT HiPER 810G up to version 1.7.7-1711. The issue is related to a buffer overflow in the strcpy function located in the /goform/getOneApConfTempEntry file. Remote...
Apache Airflow Log Message Disclosure Vulnerability
Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow has a log information disclosure vulnerability. An...
SoK: Harmonizing Attack Graphs and Intrusion Detection Systems
Detecting and responding to cyber attacks is increasingly difficult as high-volume, complex network traffic allows threats to remain concealed. While Intrusion Detection Systems IDSs identify anomalous behavior, Attack Graphs AGs serve as the primary threat model for analyzing attacker strategies...
Taipower APP 信任管理问题漏洞
Taipower APP is an application developed by Taipower Company in Taiwan, China, used for handling electricity-related services. The Taipower APP has a vulnerability related to trust management, which stems from improper certificate verification. This vulnerability may lead to man-in-the-middle...
Atop EHG2408 安全漏洞
Atop EHG2408 is a series of Ethernet switches produced by the Chinese company Atop. There is a security vulnerability present in Atop EHG2408; this vulnerability stems from improper input validation in the nr modem, which can lead to system crashes and may allow for remote denial-of-service attac...
SlowBA: An Efficiency Backdoor Attack Towards VLM-Based GUI Agents
Modern vision-language-model VLM based graphical user interface GUI agents are expected not only to execute actions accurately but also to respond to user instructions with low latency. While existing research on GUI-agent security mainly focuses on manipulating action correctness, the security...
PT-2026-24109
A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/start windows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUI SECRET KEY leads to insufficiently random values. It is possible to launch the...
PT-2026-24025
A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to open e.g., /tmp/weblogsome number, but this parameter is not properly validated, allowing an attacker to modify it t...