Exploit for Missing Authentication for Critical Function in Cpanel

No d...

CVE-2026-7748

A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched...

CVE-2026-7748 Totolink N300RH POST Request cstecgi.cgi setUpgradeFW buffer overflow

A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched...

CVE-2026-7744

A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

CVE-2026-7743

A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-7747 Totolink N300RH Parameter cstecgi.cgi loginauth buffer overflow

A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be...

CVE-2026-7747 Totolink N300RH Parameter cstecgi.cgi loginauth buffer overflow

A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the chunkUpload function in UploadService.php. An attacker can upload arbitrary files by sending crafted requests to the affected endpoint. Remediation A fix was pushed into the master branch but not yet...

CVE-2026-7732

A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file requestblood.php. The manipulation results in unrestricted upload. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2026-43863

CVE-2026-43863 affects mutt prior to 2.3.2, where an infinite loop in data_object_to_stream (crypt-gpgme.c) is reported. The CVSS 3.1 vector indicates low availability impact. No remediation or specific fix details are provided in the connected documents. Affected version range inferred: mutt

Missing Authentication for Critical Function

Overview prefect is a Prefect is a new workflow management system, designed for modern infrastructure and powered by the open-source Prefect Core workflow engine. Users organize Tasks into Flows, and Prefect takes care of the rest. Affected versions of this package are vulnerable to Missing...

CVE-2026-7730

CVE-2026-7730 affects privsim mcp-test-runner 0.2.0. The vulnerability is in the MCP Interface’s src/index.ts where the function child_process.spawn mishandles the argument command, enabling an os command injection. Impact may be remote; exploit publicly available. Documents do not provide remedi...

EUVD-2026-26884

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function childprocess.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit...

CVE-2026-7730

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function childprocess.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit...

CVE-2026-7722

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public...

CVE-2026-7721

A security vulnerability has been detected in Totolink WA300 5.2cu.7112B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...

Access Control Bypass

Overview MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Access Control Bypass via the exec function in the mindsdb/integrations/handlers/byomhandler/procwrapper.py component. An attacker can gain...

EUVD-2026-26866

A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...

TOTOLINK N300RH 缓冲区错误漏洞

TOTOLINK N300RH is a long-range wireless router produced by TOTOLINK Corporation. The version TOTOLINK N300RH 3.2.4-B20220812 contains a buffer overflow vulnerability. This vulnerability arises from the loginauth function in the Parameter Handler component, where the handling of the Password...

PT-2026-36782

A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This vulnerability affects the function HevcVpsUnit::setFPS of the file /AFLplusplus/tsMuxer prev/tsMuxer/hevc.cpp. This manipulation of the argument track id causes denial of service. The attack requires local access. The exploit h...