CVE-2026-3817 SourceCodester Patients Waiting Area Queue Management System patient-search.php improper authorization

A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. This issue affects some unknown processing of the file /patient-search.php. The manipulation results in improper authorization. The attack can be launched remotely. The exploit is now public and may ...

EUVD-2026-10292

A vulnerability was found in Tenda i3 1.0.0.62204. Affected by this vulnerability is the function formSetAutoPing of the file /goform/setAutoPing. Performing a manipulation of the argument ping1/ping2 results in stack-based buffer overflow. The attack is possible to be carried out remotely. The...

CVE-2026-3801

A vulnerability was found in Tenda i3 1.0.0.62204. Affected by this vulnerability is the function formSetAutoPing of the file /goform/setAutoPing. Performing a manipulation of the argument ping1/ping2 results in stack-based buffer overflow. The attack is possible to be carried out remotely. The...

CVE-2026-3798

A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub44AC14 of the file /cgi-bin/mbox-config?method=SET&section=pingconfig of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is no...

CVE-2026-3798

A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub44AC14 of the file /cgi-bin/mbox-config?method=SET&section=pingconfig of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is no...

PT-2026-24006

A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub 44AC14 of the file /cgi-bin/mbox-config?method=SET&section=ping config of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is...

PT-2026-24018

Name of the Vulnerable Software and Affected Versions Tenda FH1202 version 1.2.0.14408 Description A stack-based buffer overflow can be triggered by manipulating the webSiteId argument within the formWebTypeLibrary function of the /goform/webtypelibrary file. This issue may be exploited remotely...

CVE-2026-3769 Tenda F453 WrlclientSet stack-based overflow

A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function WrlclientSet of the file /goform/WrlclientSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2026-3760

A vulnerability was detected in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /viewresult.php. Performing a manipulation of the argument seme results in sql injection. The attack is possible to be carried out remotely. The exploit is now public...

EUVD-2026-10259

A vulnerability was identified in SourceCodester Sales and Inventory System up to 1.0. Affected is an unknown function of the file /checkitemdetails.php. The manipulation of the argument stockname1 leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and...

CVE-2026-3736 code-projects Simple Flight Ticket Booking System SearchResultRoundtrip.php sql injection

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this issue is some unknown functionality of the file SearchResultRoundtrip.php. Performing a manipulation of the argument from results in sql injection. The attack may be initiated remotely. The exploi...

PT-2026-23985

Name of the Vulnerable Software and Affected Versions EasyCMS versions up to 1.6 Description A flaw exists in EasyCMS that allows for remote SQL injection. The issue is located in an unknown function within the /RbacnodeAction.class.php file, part of the Request Parameter Handler component...

CVE-2026-3670

CVE-2026-3670 affects Freedom Factory dGEN1 (up to 20260221) with an issue in the com.dgen.alarm component. The vulnerability is triggered by manipulating an unknown function, yielding improper authorization. The attack requires local access; the exploit is public. The vendor has not responded to...

PT-2026-23869

A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The attack is considered to have high...

CVE-2025-15598

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be...

CVE-2026-3377

A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Performing a manipulation of the argument page results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be use...

CVE-2026-3391 FascinatedBox lily lily_emitter.c clear_storages out-of-bounds

A security flaw has been discovered in FascinatedBox lily up to 2.3. Impacted is the function clearstorages of the file src/lilyemitter.c. The manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit has been released to the public and may be used for...

DEBIAN-CVE-2026-3388

A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolled recursion. The attack needs to be approached locally. The exploit has been made public and could...

CVE-2026-3383

A weakness has been identified in ChaiScript up to 6.1.0. This affects the function chaiscript::BoxedNumber::go of the file include/chaiscript/dispatchkit/boxednumber.hpp. Executing a manipulation can lead to divide by zero. The attack requires local access. The exploit has been made available to...

CVE-2026-3383 ChaiScript boxed_number.hpp go divide by zero

A weakness has been identified in ChaiScript up to 6.1.0. This affects the function chaiscript::BoxedNumber::go of the file include/chaiscript/dispatchkit/boxednumber.hpp. Executing a manipulation can lead to divide by zero. The attack requires local access. The exploit has been made available to...