CVE-2021-47949

CVE-2021-47949 affects CyberPanel 2.1 and enables authenticated remote code execution via a symlink attack in the filemanager endpoint. An attacker can modify the completeStartingPath in POST requests to /filemanager/controller to create symbolic links, read sensitive files (e.g., database creden...

CVE-2021-47946 OpenCart 3.0.36 Account Takeover via Cross Site Request Forgery

OpenCart 3.0.36 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and accoun...

CVE-2021-47929 WordPress Plugin Filterable Portfolio Gallery 1.0 Stored XSS

Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payloads in the title field. Attackers can store JavaScript code like image tags with onerror handlers that execute when the gallery...

CVE-2021-47924

The CVE-2021-47924 entry concerns the WordPress plugin Ultimate Product Catalog, version 5.8.2. The vulnerability is a stored cross-site scripting (XSS) flaw in which authenticated attackers can inject HTML/JavaScript into the price parameter via POST to post.php, leading to code execution when a...

CVE-2026-8244

A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVersion leads to improper authentication. It is possible to initiate the attack remotely. The exploi...

EUVD-2026-28987

A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit h...

CVE-2026-8244

A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVersion leads to improper authentication. It is possible to initiate the attack remotely. The exploi...

CVE-2026-8243

A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This affects an unknown function of the component JNLP Deployment Endpoint. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be performed from remote. The vendor was...

CVE-2026-8233

A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access controls. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The vendor was...

CVE-2026-8230

A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function syslogin1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. Th...

CVE-2026-7262

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...

CVE-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing <value>

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...

EUVD-2026-28950

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. This affects the function doAction of the component RMI Interface. The manipulation of the argument sessionId results in improper authentication. It is possible to launch the attack remotely. The exploit has been ma...

EUVD-2026-28959

A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function pcfnbsfmanagementhandleregister of the file src/pcf/nbsf-handler.c of the component sm-policies Endpoint. Such manipulation leads to denial of service. The attack may be performed from remote. The exploit has been...

CVE-2026-8226

Open5GS up to 2.7.7 is affected by a vulnerability in the function ogs_pcc_rule_install_flow_from_media located in /lib/proto/types.c that allows remote denial of service. The issue is exploit-able remotely and a public exploit has been released. Multiple connected sources confirm the flaw and in...

CVE-2026-8224

A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcfsesssetipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of the argument SmPolicyContextData.ipv6AddressPrefix can lead to denial of service. It is possible to...

CVE-2026-8223

A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is the function pcfsesssbidiscoverandsend of the component sm-policies Endpoint. Performing a manipulation results in denial of service. It is possible to initiate the attack remotely. The exploit has been made publi...

CVE-2026-8225

Open5GS up to version 2.7.7 is affected by CVE-2026-8225. The vulnerability resides in the function pcf_npcf_smpolicycontrol_handle_delete within src/pcf/sm-sm.c of the delete Endpoint, where a manipulation leads to a denial of service. The issue is exploitable remotely and publicly available exp...

CVE-2026-8224

A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcfsesssetipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of the argument SmPolicyContextData.ipv6AddressPrefix can lead to denial of service. It is possible to...

CVE-2026-8223

CVE-2026-8223 affects Open5GS up to 2.7.7; the vulnerable component is sm-policies Endpoint, function pcf_sess_sbi_discover_and_send. Manipulation leads to denial of service and can be triggered remotely. An exploit has been publicized. Public details in Red Hat EUVD/NVD entries confirm the issue...