PT-2026-29321

A security vulnerability has been detected in code-projects Simple Gym Management System 1.0. This vulnerability affects unknown code of the component Payment Handler. The manipulation of the argument Payment id/Amount/customer id/payment type/customer name leads to sql injection. Remote...

PT-2026-29407

A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manage user.php of the component Parameter Handler. Performing a manipulation of the argument ID results in sql injection. The attack is...

Code-Projects Simple Gym Management System SQL注入漏洞

Code-Projects Simple Gym Management System is an open-source gym management system developed by Code-Projects. Version 1.0 of the Code-Projects Simple Gym Management System has a SQL injection vulnerability. This vulnerability arises from incorrect operations on parameters such as...

PT-2026-29349

Name of the Vulnerable Software and Affected Versions Admidio versions 5.0.0 through 5.0.7 Description The delete mode handler in mylist function.php does not validate a CSRF token before permanently deleting list configurations. An attacker can exploit this by luring an authenticated user to a...

PT-2026-29267

A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack can be initiated remotely. The exploi...

PT-2026-29326

Name of the Vulnerable Software and Affected Versions SourceCodester Leave Application System version 1.0 Description A security issue exists in the User Management Handler component of SourceCodester Leave Application System. This issue allows for cross site scripting, potentially enabling remot...

Tenda CH22 安全漏洞

The Tenda CH22 is a network device produced by the Chinese company Tenda. Version 1.0.0.1 of the Tenda CH22 contains a security vulnerability. This vulnerability arises from incorrect handling of parameters related to the webSiteId in the component Parameter Handler, resulting in a stack buffer...

PT-2026-29203

A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi load gif main of the file stb image.h of the component Multi-frame GIF File Handler. This manipulation causes double free. The attack requires local access. The exploit has been made available to the public...

PT-2026-29204

A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely...

CVE-2026-5156

The CVE-2026-5156 issue affects Tenda CH22 1.0.0.1, specifically the Parameter Handler’s formQuickIndex function in /goform/QuickIndex. The vulnerability stems from manipulating the mit_linktype argument, causing a stack-based buffer overflow. It is remotely exploitable and has publicly disclosed...

CVE-2026-5156

A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of the argument mitlinktype causes stack-based buffer overflow. The attack is possible to be carried out remotely. Th...

CVE-2026-5156 Tenda CH22 Parameter QuickIndex formQuickIndex stack-based overflow

A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of the argument mitlinktype causes stack-based buffer overflow. The attack is possible to be carried out remotely. Th...

CVE-2026-5154

A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. The manipulation of the argument funcname leads to stack-based buffer overflow. Remote exploitation of the attack is possible...

CVE-2026-5155

A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component Parameter Handler. The manipulation of the argument wanmode results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been mad...

CVE-2026-5155

CVE-2026-5155 : A stack-based overflow exists in Tenda CH22 1.0.0.1 in the function fromAdvSetWan (/goform/AdvSetWan) when the wanmode argument is manipulated. This allows a remote attacker to trigger an overflow and potentially compromise the device. Public exploit details are noted; CVSS-derive...

CVE-2026-5154 Tenda CH22 Parameter setcfm fromSetCfm stack-based overflow

A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. The manipulation of the argument funcname leads to stack-based buffer overflow. Remote exploitation of the attack is possible...

CVE-2026-5154

CVE-2026-5154 affects Tenda CH22 1.0.0.1. The vulnerability is in the Parameter Handler’s implementation of the function fromSetCfm in /goform/setcfm. Manipulating the funcname argument causes a stack-based buffer overflow, enabling remote exploitation. Public disclosure of the exploit indicates ...

CVE-2026-5154

A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. The manipulation of the argument funcname leads to stack-based buffer overflow. Remote exploitation of the attack is possible...

CVE-2026-5150

A security vulnerability has been detected in code-projects Accounting System 1.0. This issue affects some unknown processing of the file /viewincostumer.php of the component Parameter Handler. Such manipulation of the argument cosid leads to sql injection. The attack can be launched remotely. Th...

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization through insufficient scope enforcement in the /allowlist command handler. An attacker can make unauthorized persistent changes to configuration and pairing-store...