CVE-2026-2856 D-Link DWR-M960 Filter Configuration Endpoint formFilter sub_424AFC stack-based overflow

A vulnerability was found in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub424AFC of the file /boafrm/formFilter of the component Filter Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be...

CVE-2026-2853 D-Link DWR-M960 System Log Configuration Endpoint formSysLog sub_462E14 stack-based overflow

A vulnerability was detected in D-Link DWR-M960 1.01.07. This affects the function sub462E14 of the file /boafrm/formSysLog of the component System Log Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated...

CVE-2025-15583

A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function getsafevalue of the file utility/function.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be...

CVE-2026-2702

A security flaw has been discovered in Beetel 777VR1 up to 01.00.09. This issue affects some unknown processing of the component WPA2 PSK. Performing a manipulation results in hard-coded credentials. The attacker must have access to the local network to execute the attack. The complexity of an...

PT-2026-21024

Name of the Vulnerable Software and Affected Versions UTT HiPER 520 version 1.7.7-160105 Description A flaw exists in the Web Management Interface component of UTT HiPER 520. Specifically, manipulating the Isp Name argument within the sub 44EFB4 function of the /goform/formReleaseConnect file can...

PT-2026-20561

Name of the Vulnerable Software and Affected Versions itsourcecode Event Management System version 1.0 Description A SQL injection issue exists in itsourcecode Event Management System version 1.0. The issue is located in the /admin/manage booking.php file, within an unknown function. Manipulation...

CVE-2026-2667 Rongzhitong Visual Integrated Command and Dispatch Platform api access control

A vulnerability has been found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. The impacted element is an unknown function of the file /dispatch/api?cmd=userinfo. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit h...

CVE-2026-2662

CVE-2026-2662 affects FascinatedBox Lily up to version 2.3. The vulnerability is in function count_transforms of src/lily_emitter.c, where manipulation leads to an out-of-bounds read. Exploitation is local, and public PoC/ exploit material exists. Reports indicate the project was informed via iss...

PT-2026-20482

A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the function shorthash for name of the file src/lily symtab.c. The manipulation leads to use after free. Local access is required to approach this attack. The exploit is publicly available and might be used...

PT-2026-20476

Name of the Vulnerable Software and Affected Versions newbee-ltd newbee-mall affected versions not specified Description A flaw exists in newbee-ltd newbee-mall. This issue involves a function within the Multiple Endpoints component that can be exploited to perform cross-site request forgery...

CVE-2026-2561 JingDong JD Cloud Box AX6600 jdcweb_rpc jdcapi web_get_ddns_uptime privileges management

A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This affects the function webgetddnsuptime of the file /jdcapi of the component jdcwebrpc. Performing a manipulation results in Remote Privilege Escalation. The attack is possible to be carried out remotely. The exploit...

PT-2026-8344

A vulnerability was detected in cskefu up to 8.0.1. Impacted is the function Upload of the file com/cskefu/cc/controller/resource/MediaController.java of the component File Upload. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and...

PT-2026-8359

A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub 40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument time zone causes stack-based buffer overflow. The attack can be initiated remotely. The attack is considered to have hig...

PT-2026-8306

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN579A3 versions up to 20210219 Description A flaw exists in Wavlink WL-WN579A3 that allows for remote command injection. The issue is located in the AddMac function within the /cgi-bin/wireless.cgi file. Manipulation of the macAddr...

CVE-2025-15570

A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzmadecompressbuf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the...

CVE-2026-2135

A vulnerability was detected in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub43F020 of the file /goform/formPdbUpConfig. Performing a manipulation of the argument policyNames results in command injection. It is possible to initiate the attack remotely. The exploit is now...

CVE-2026-2187

Tenda RX3 16.03.13.11 is affected by a stack-based buffer overflow in the set_qosMib_list function of /goform/formSetQosBand. Manipulating the argument list can trigger the overflow, and the vulnerability can be exploited remotely. Public exploit exists. The PT-2026-6984 entry notes there is no i...

EUVD-2026-5763

A vulnerability was found in Tenda RX3 16.03.13.11. The affected element is the function setqosMiblist of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been ma...

CVE-2026-2167

A vulnerability was detected in Totolink WA300 5.2cu.7112B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack may be performed from remote. The exploit is now public and m...

CVE-2026-2161

A vulnerability was found in itsourcecode Directory Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/forget-password.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been made...