CVE-2026-36772

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wlradio parameter of the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' via parameter binding when a repository query method is annotated with @Query and uses a capture-all placeholder. An...

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' in the SpelPropertyComparator function. An attacker can execute arbitrary SpEL expressions by supplying crafted input t...

EUVD-2026-35901

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. Affected versions: Spring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through...

EUVD-2026-35910

Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14;...

EUVD-2026-35892

Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring Data MongoDB 5.0.0...

EUVD-2026-35900

Spring Data MongoDB contains a SpEL Spring Expression Language expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. Affected versions: Spring Data MongoDB 5.0.0...

EUVD-2026-35860

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product...

EUVD-2026-35841

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to...

CVE-2026-41717

Spring Data MongoDB contains a SpEL Spring Expression Language expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. Affected versions: Spring Data MongoDB 5.0.0...

PT-2026-48552

Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp action handling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks...

Roxy-WI 操作系统命令注入漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from the POST /config/versions/route request, which...

NoMachine 参数注入漏洞

NoMachine is a remote desktop access tool developed by NoMachine Company in Luxembourg. Versions of NoMachine prior to 9.5.7 and 8.23.2 contained a parameter injection vulnerability. This vulnerability stemmed from improper of parameter separators in commands, which could lead to parameter...

PT-2026-48438

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, get ldap email app/modules/roxywi/user.py:120-157 builds the LDAP search filter via f-string concatenation. The username URL path parameter is taken verbatim — no checkAjaxInput, ...

PT-2026-48393

The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...

ACPM Transfer Validation and Stress Testing Proof of Concept

This C program is a controlled stress-testing proof of concept designed to evaluate robustness, parameter validation, and stability of the acpmdoxfer interface under repeated high-volume calls and intentionally oversized transfer descriptors...

Roxy-WI 注入漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier have a vulnerability that stems from the getldapemail function, which constructs LDAP search filters using f-string concatenation. The username URL path...

Linux Distros Unpatched Vulnerability : CVE-2026-46284

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/hugetlb: fix early boot crash on parameters without '=' separator If hugepages, hugepagesz, or defaulthugepagesz are specified on the kernel command line...

NSA Ghidra 参数注入漏洞

NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Prior to version 12.1 of NSA Ghidra, there was a parameter injection vulnerability. This vulnerability stemmed from improper escaping of the ‘cmd.exe’...

VMware Spring Data KeyValue和VMware Spring Data Redis 安全漏洞

VMware Spring Data KeyValue and VMware Spring Data Redis are both products of the American company VMware. VMware Spring Data KeyValue is a key-value storage data access framework. VMware Spring Data Redis is a Redis data access framework. Both VMware Spring Data KeyValue and VMware Spring Data...