EUVD-2026-29025

A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function OpenAPIlistcreate of the component SMF. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The project was informed ...

EUVD-2026-29015

A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-8255

CVE-2026-8255 affects Devs Palace ERP Online up to version 4.0.0, impacting an unknown portion of the file /inventory/add_new_customer. The vulnerability enables cross-site scripting (XSS) through a manipulation of that endpoint, with remote attack capability. The exploitation possibility is supp...

PT-2026-39870

A vulnerability was detected in D-Link DIR-816 1.10CNB05 R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip address results in command injection. The attack can be initiated remotely. The exploit is now public and may be used...

PT-2026-39631

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A weakness in the NRF component allows a remote attacker to cause a denial of service. The issue exists within the ogs nnrf nfm handle nf profile function located in the lib/sbi/nnrf-handler.c file...

EUVD-2026-28991

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high...

CVE-2026-8242

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high...

CVE-2026-8241 Industrial Application Software IAS Canias ERP RMI iasGetServerInfoEvent improper authorization

A vulnerability has been found in Industrial Application Software IAS Canias ERP 8.03. The affected element is the function iasGetServerInfoEvent of the component RMI Interface. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed ...

EUVD-2026-28977

A vulnerability was detected in Wavlink NU516U1 240425. The affected element is the function WifiBasic of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument AuthMethod/EncrypType results in os command injection. Remote exploitation of the attack is possible. The exploit is...

CVE-2026-8229

A vulnerability was detected in Wavlink NU516U1 240425. The affected element is the function WifiBasic of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument AuthMethod/EncrypType results in os command injection. Remote exploitation of the attack is possible. The exploit is...

EUVD-2026-28958

A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is the function pcfsesssbidiscoverandsend of the component sm-policies Endpoint. Performing a manipulation results in denial of service. It is possible to initiate the attack remotely. The exploit has been made publi...

CVE-2026-8223

A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is the function pcfsesssbidiscoverandsend of the component sm-policies Endpoint. Performing a manipulation results in denial of service. It is possible to initiate the attack remotely. The exploit has been made publi...

CVE-2026-8214

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. This affects the function doAction of the component RMI Interface. The manipulation of the argument sessionId results in improper authentication. It is possible to launch the attack remotely. The exploit has been ma...

PT-2026-39435

Name of the Vulnerable Software and Affected Versions Industrial Application Software IAS Canias ERP version 8.03 Description A flaw in the RMI Interface component allows for remote OS command injection. This occurs through the manipulation of the troiaCode argument within the...

CVE-2026-8128

A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made...

CVE-2026-8119

A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogssbistreamfindbyid in the library /lib/sbi/nghttp2-server.c of the component NSSF. Performing a manipulation results in denial of service. Attacking locally is a requirement. The exploit is now public and may be used...

PT-2026-38629

Name of the Vulnerable Software and Affected Versions Simple Chat System version 1.0 Description An issue exists in the 'sendMessage.php' file where improper manipulation of argument type, length, or business parameter validity allows for SQL injection. This flaw can be exploited remotely...

CVE-2026-7844

A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/listfiles/retrievefile/retrievefilecontent/deletefile of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Compatible File Service...

CVE-2026-7676

A vulnerability was found in kerwincui FastBee up to 1.2.1. The affected element is the function ToolController.download of the file springboot/fastbee-open-api/src/main/java/com/fastbee/data/controller/ToolController.java of the component Tool Download Endpoint. The manipulation of the argument...

CVE-2026-7732

A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file requestblood.php. The manipulation results in unrestricted upload. The attack can be executed remotely. The exploit is now public and may be used...