CVE-2026-2490

RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of RustDesk Client for Windows. An attacker must first obtain the ability to execute low-privileged...

CVE-2019-25435

Sricam DeviceViewer 3.12.0.1 contains a local buffer overflow vulnerability in the user management add user function that allows authenticated attackers to execute arbitrary code by bypassing data execution prevention. Attackers can inject a malicious payload through the Username field in User...

CVE-2026-2905

CVE-2026-2905 affects Tenda HG9 (model/version 300001138) with a stack-based buffer overflow in the Wireless Configuration Endpoint, specifically in /boaform/formWlanSetup when the ssid argument is manipulated. The vulnerability can be triggered remotely over the network with low attack complexit...

CVE-2026-2903 skvadrik re2c ast.cc check_and_merge_special_rules null pointer dereference

A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function checkandmergespecialrules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name:...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the setConfig function in the Configuration Handler. An attacker can gain unauthorized access to sensitive information and modify configuration settings by sending crafted requests remotely. Remediatio...

UJCMS 安全漏洞

UJCMS is a Java open-source content management system developed by dromara. Version UJCMS 10.0.2 contains a security vulnerability, which stems from incorrect handling of parameters driverClassName/url in files/api/backend/ext/import-data/import-channel, potentially leading to injection attacks...

PT-2026-21446

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak durumu, emlak tipi, il, ilce, kelime, and semt to extract sensiti...

PT-2026-21423

Name of the Vulnerable Software and Affected Versions UTT HiPER 810G versions through 1.7.7-171114 Description A flaw exists in UTT HiPER 810G that could allow for a buffer overflow. The issue is related to the strcpy function within the /goform/ConfigExceptMSN file. Manipulating the remark...

Linux Distros Unpatched Vulnerability : CVE-2026-2913

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vipssourcereadtomemory of the file libvips/iofuncs/source.c. This...

PT-2026-21413

A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vips source read to memory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The attack's complexity is rate...

CVE-2026-2896 funadmin Configuration Ajax.php setConfig improper authorization

A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...

CVE-2026-2896 funadmin Configuration Ajax.php setConfig improper authorization

A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...

CVE-2026-2894 funadmin forget.html getMember information disclosure

A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure. The attack may be launched remotely. The exploit is publicly available and might...

CVE-2026-2886

The CVE-2026-2886 entry concerns Tenda A21 firmware 1.0.0.0, where the function SetOnlineDevName in /goform/SetOnlineDevName is vulnerable. Manipulating the devName argument causes a stack-based buffer overflow, enabling remote attack. The description notes that the exploit is publicly available....

CVE-2026-2877

A vulnerability has been found in Tenda A18 15.13.07.13. This affects the function strcpy of the file /goform/WifiExtraSet of the component Httpd Service. The manipulation of the argument wpapskcrypto5g leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The...

CVE-2026-2877 Tenda A18 Httpd Service WifiExtraSet strcpy stack-based overflow

A vulnerability has been found in Tenda A18 15.13.07.13. This affects the function strcpy of the file /goform/WifiExtraSet of the component Httpd Service. The manipulation of the argument wpapskcrypto5g leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The...

CVE-2026-2873

A vulnerability was detected in Tenda A21 1.0.0.0. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. It is possible to initiate the attack remotely. The...

CVE-2026-2867

A vulnerability was determined in itsourcecode Vehicle Management System 1.0. Affected is an unknown function of the file /billaction.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

CVE-2026-27480

Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...

CVE-2026-27480

CVE-2026-27480 affects Static Web Server (SWS) versions 2.1.0 through 2.40.1. The vulnerability is a timing-based username enumeration in Basic Authentication: the server checks whether a username exists before validating the password, causing valid usernames to take a slower path (e.g., bcrypt h...