CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 5 days ago•4 views

EUVD-2026-36748

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

6.2AI score0.00361EPSS

Exploits1References2

EUVD•added 5 days ago•4 views

EUVD-2026-36751

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionunlocksim via the pin parameter...

5.3AI score0.01046EPSS

EUVD•added 5 days ago•5 views

EUVD-2026-36752

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionsetvolume via the volume parameter...

5.3AI score0.01046EPSS

EUVD•added 5 days ago•4 views

EUVD-2026-36753

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionsetratmode via the ratMode parameter...

5.3AI score0.01046EPSS

Github Security Blog•added 5 days ago•9 views

python-multipart: Semicolon treated as querystring field separator enables parameter smuggling

Summary QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only & as a separator. This creates a parser differential: the same bytes...

5.9CVSS5.5AI score0.37325EPSS

Exploits1References2Affected Software1

Github Security Blog•added 5 days ago•8 views

python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters

Summary parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=..., and the filename0/filename1 continuation form is decoded and surfaced...

5.3AI score

Exploits0References2Affected Software1

OSV•added 5 days ago•3 views

GHSA-VFFW-93WF-4J4Q python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters

3.7CVSS5.3AI score

NVD•added 5 days ago•8 views

CVE-2026-50890

Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

9.8CVSS0.00321EPSS

NVD•added 5 days ago•6 views

CVE-2026-38064

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actiondialcall via the dialNumber parameter...

NVD•added 5 days ago•5 views

CVE-2026-36670

8.8CVSS0.00361EPSS

Exploits1References1

NVD•added 5 days ago•3 views

CVE-2026-38060

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionunlocksim via the pin parameter...

NVD•added 5 days ago•5 views

CVE-2026-38061

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionsetvolume via the volume parameter...

NVD•added 5 days ago•4 views

CVE-2026-38062

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionsetratmode via the ratMode parameter...

NVD•added 5 days ago•4 views

CVE-2026-38063

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionradioonwithiaapn via the ia parameter...

NVD•added 5 days ago•8 views

CVE-2026-49294

Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting XSS due to improper neutralization of input in the JSONP callback parameter. When a request specifies a JSONP callback, t...

6.1CVSS0.00149EPSS