CVE-2026-5017

A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The...

CVE-2026-4998

A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/codeexecution/codeexecutor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be...

CVE-2026-5014

A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is the function path.join of the file /log/ of the component Wildcard Handler. The manipulation results in path traversal. The attack may be performed from remote. The exploit has been made public and could be used. The...

CVE-2026-5018

A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The explo...

CVE-2026-5004

A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffer overflow. It is possible to launch the attack...

CVE-2026-5101

A vulnerability was identified in Totolink A3300R 17.0.0cu.557b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The...

CVE-2026-5101

Totolink A3300R 17.0.0cu.557_b20221024 is affected. The vulnerability resides in the Parameter Handler’s /cgi-bin/cstecgi.cgi, specifically the setLanCfg function, where manipulating the lanIp argument leads to command injection. Remote exploitation is possible, and an exploit is publicly availab...

CVE-2026-5002

A vulnerability has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The impacted element is the function routeusingoverviews of the file backend/server.py of the component LLM Prompt Handler. Such manipulation leads to injection. The attack may be performed fr...

EUVD-2026-17031

A vulnerability was detected in Tenda FH1201 1.2.0.14408. This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer overflow. The attack is possible to be carried out...

EUVD-2026-16991

A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to stack-based buffer overflow. The attack can be...

GHSA-C279-989M-238F Sliver: Nil Pointer Dereference in tunnelCloseHandler causes panic when a reverse tunnel (rportfwd) close is attempted

Summary A nil pointer dereference in tunnelCloseHandler causes the handler goroutine to panic whenever a reverse tunnel rportfwd close is attempted. Both the legitimate close path AND the unauthorized close path dereference tunnel.SessionID where tunnel is guaranteed nil. This means rportfwd...

CVE-2026-5046

A flaw has been found in Tenda FH1201 1.2.0.14408. Affected is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component Parameter Handler. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit...

Replay Attack

Overview mppx is a /picture Affected versions of this package are vulnerable to Replay Attack in the tempo/session cooperative close handler due to improper validation of the close voucher amount. An attacker can bypass intended restrictions by submitting a close voucher with an amount exactly...

CVE-2026-5046

CVE-2026-5046 affects Tenda FH1201 1.2.0.14(408). The vulnerability is in the Parameter Handler, specifically the formWrlExtraSet function in /goform/WrlExtraSet. A crafted manipulation of the GO argument can trigger a stack-based buffer overflow, with remote exploitation reported. The issue is r...

CVE-2026-5046

A flaw has been found in Tenda FH1201 1.2.0.14408. Affected is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component Parameter Handler. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit...

CVE-2026-5046 Tenda FH1201 Parameter WrlExtraSet formWrlExtraSet stack-based overflow

A flaw has been found in Tenda FH1201 1.2.0.14408. Affected is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component Parameter Handler. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit...

CVE-2026-5046 Tenda FH1201 Parameter WrlExtraSet formWrlExtraSet stack-based overflow

A flaw has been found in Tenda FH1201 1.2.0.14408. Affected is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component Parameter Handler. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit...

CVE-2026-5045 Tenda FH1201 Parameter WrlclientSet stack-based overflow

A vulnerability was detected in Tenda FH1201 1.2.0.14408. This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer overflow. The attack is possible to be carried out...

CVE-2026-5045

Affected product: Tenda FH1201 firmware 1.2.0.14(408). Component/Function: Parameter Handler, WrlclientSet (/goform/WrlclientSet). Root cause: manipulation of the argument GO leads to a stack-based buffer overflow. Impact: remote code execution risk with high impact on confidentiality, integrity,...

EUVD-2026-16987

A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be...