CVE-2026-2952

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...

CVE-2026-2910

A flaw has been found in Tenda HG9 300001138. This vulnerability affects unknown code of the file /boaform/formPing6. Executing a manipulation of the argument pingAddr can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

CVE-2026-2910

A flaw has been found in Tenda HG9 300001138. This vulnerability affects unknown code of the file /boaform/formPing6. Executing a manipulation of the argument pingAddr can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

CVE-2026-2903 skvadrik re2c ast.cc check_and_merge_special_rules null pointer dereference

A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function checkandmergespecialrules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name:...

PT-2026-21415

Name of the Vulnerable Software and Affected Versions D-Link DWR-M960 version 1.01.07 Description A flaw exists in the D-Link DWR-M960 router, specifically within the LTE Configuration Endpoint. The issue resides in the sub 4237AC function of the /boafrm/formLteSetup component. Manipulation of th...

CVE-2026-2824

A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub441CF4 of the file /cgi-bin/mbox-config?method=SET=pingconfig of the component webmggnt. Executing a manipulation of the argument destination can lead to command injection. The attack may be performed from remote. The...

CVE-2026-2863

A flaw has been found in fenghaha/megagao ssm-erp and productionssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has been...

PT-2026-21360

A flaw has been found in feng ha ha/megagao ssm-erp and production ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has...

CVE-2026-2848 SourceCodester Simple Responsive Tourism Website Registration Master.php sql injection

A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=register of the component Registration. This manipulation of the argument Username causes sql injection. The attack may be...

CVE-2026-2709

A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation of the argument state can lead to open redirect. It is possible to launch the attack remotely. T...

PT-2026-21288

A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub 4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The...

PT-2026-21000

A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub 441CF4 of the file /cgi-bin/mbox-config?method=SET&section=ping config of the component webmggnt. Executing a manipulation of the argument destination can lead to command injection. The attack may be performed from...

PT-2026-20646

A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation of the argument state can lead to open redirect. It is possible to launch the attack remotely. T...

PT-2026-20645

A flaw has been found in code-projects Patient Record Management System 1.0. This affects an unknown function of the file /fecalysis not.php. This manipulation of the argument comp id causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

PT-2026-20569

Name of the Vulnerable Software and Affected Versions itsourcecode Event Management System version 1.0 Description A flaw exists in itsourcecode Event Management System version 1.0 related to SQL injection. The issue is located in the Admin Login functionality, specifically within the...

CVE-2026-2656

A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::TypeInfo::bareequal of the file include/chaiscript/dispatchkit/typeinfo.hpp. This manipulation causes use after free. The attack requires local access. The attack's complexity is rated as high. The exploitabili...

CVE-2026-2656 ChaiScript type_info.hpp bare_equal use after free

A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::TypeInfo::bareequal of the file include/chaiscript/dispatchkit/typeinfo.hpp. This manipulation causes use after free. The attack requires local access. The attack's complexity is rated as high. The exploitabili...

CVE-2026-2615

A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument delflag can lead to command injection. The attack may be launched remotely. The exploit has been...

PT-2026-20457

A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::Type Info::bare equal of the file include/chaiscript/dispatchkit/type info.hpp. This manipulation causes use after free. The attack requires local access. The attack's complexity is rated as high. The...

CVE-2026-2615

A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument delflag can lead to command injection. The attack may be launched remotely. The exploit has been...