CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/03/31 8:15 a.m.•2 views

DEBIAN-CVE-2026-5186

A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbiloadgifmain of the file stbimage.h of the component Multi-frame GIF File Handler. This manipulation causes double free. The attack requires local access. The exploit has been made available to the public and...

5.3CVSS5.2AI score0.00018EPSS

Exploits0References1

NVD•added 2026/03/31 8:15 a.m.•4 views

CVE-2026-5186

5.3CVSS0.00018EPSS

Exploits0References3

CVE•added 2026/03/31 8:15 a.m.•5 views

CVE-2026-5195

The CVE-2026-5195 entry concerns code-projects Student Membership System 1.0, specifically the User Registration Handler. The issue is a SQL injection vulnerability exploitable via remote input manipulation. The provided metrics indicate CVSS v3.0/3.1/4.0 scores with high impact on confidentialit...

ATTACKERKB•added 2026/03/31 8:15 a.m.•1 views

CVE-2026-5195

Exploits0References6Affected Software1

CVE•added 2026/03/31 7:30 a.m.•6 views

CVE-2026-5186

The CVE concerns Nothings stb up to 2.30, specifically the Multi-frame GIF File Handler’s stb_image.h function stbi__load_gif_main. A manipulation leads to a double-free, with exploitation requiring local access. Public exploit has been made available. Vendor was contacted early but did not respo...

5.3CVSS5.7AI score0.00018EPSS

Exploits0References3

ATTACKERKB•added 2026/03/31 6:45 a.m.•0 views

CVE-2026-5185

A security flaw has been discovered in Nothings stbimage up to 2.30. This affects the function stbigifloadnext of the file stbimage.h of the component Multi-frame GIF File Handler. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been...

5.3CVSS6.1AI score0.00018EPSS

Exploits0References4Affected Software1

EUVD•added 2026/03/31 6:31 a.m.•2 views

EUVD-2026-17329

A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation of the argument searchteacher results in sql injection. It is possible to initiate the attack...

NVD•added 2026/03/31 6:16 a.m.•2 views

CVE-2026-5182

7.5CVSS0.00045EPSS

ATTACKERKB•added 2026/03/31 5:45 a.m.•4 views

CVE-2026-5182

7.5CVSS5.7AI score0.00045EPSS

Exploits0References5Affected Software1

CVE•added 2026/03/31 5:45 a.m.•4 views

CVE-2026-5182

CVE-2026-5182 affects SourceCodester Teacher Record System 1.0, specifically the Parameter Handler component. A vulnerability exists when manipulating the argument searchteacher, leading to a SQL injection. Attacks can be initiated remotely, and the exploit has been made public. The connected CVE...

Cvelist•added 2026/03/31 5:45 a.m.•26 views

CVE-2026-5182 SourceCodester Teacher Record System Parameter sql injection

7.5CVSS0.00045EPSS

Vulnrichment•added 2026/03/31 5:45 a.m.•1 views

CVE-2026-5182 SourceCodester Teacher Record System Parameter sql injection

7.5CVSS5.7AI score0.00045EPSS

RedhatCVE•added 2026/03/31 4:59 a.m.•3 views

CVE-2026-5102

A security flaw has been discovered in Totolink A3300R 17.0.0cu.557b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument qosupbw results in command injection. The attack can be execut...

8.8CVSS6.4AI score0.0232EPSS

Exploits1References1

EUVD•added 2026/03/31 12:31 a.m.•1 views

EUVD-2026-17249

A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component Parameter Handler. The manipulation of the argument wanmode results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been mad...

9CVSS7.8AI score0.00037EPSS

Exploits1References6

NVD•added 2026/03/31 12:16 a.m.•1 views

CVE-2026-5156

A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of the argument mitlinktype causes stack-based buffer overflow. The attack is possible to be carried out remotely. Th...

9CVSS0.00106EPSS

Exploits1References5

Positive Technologies•added 2026/03/31 12:0 a.m.•2 views

PT-2026-29199

7.5CVSS5.7AI score0.00045EPSS

Positive Technologies•added 2026/03/31 12:0 a.m.•2 views

PT-2026-29409

A weakness has been identified in itsourcecode Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /view employee.php of the component Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed...

Positive Technologies•added 2026/03/31 12:0 a.m.•3 views

PT-2026-29321

A security vulnerability has been detected in code-projects Simple Gym Management System 1.0. This vulnerability affects unknown code of the component Payment Handler. The manipulation of the argument Payment id/Amount/customer id/payment type/customer name leads to sql injection. Remote...

6.5CVSS5.7AI score0.00042EPSS

Positive Technologies•added 2026/03/31 12:0 a.m.•2 views

PT-2026-29407

A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manage user.php of the component Parameter Handler. Performing a manipulation of the argument ID results in sql injection. The attack is...