CVE-2026-10120

A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewallname results in stack-based buffer overflow. The attack can be executed remotely. The exploit is...

CVE-2026-7037

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru results in os command injection. The attack can be executed...

CVE-2026-6165

A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Logincheck.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made...

CVE-2026-3698 UTT HiPER 810G NTP strcpy buffer overflow

A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. This affects the function strcpy of the file /goform/NTP. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used...

CVE-2026-1325

A security flaw has been discovered in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function editpwdmall of the file /fort/login/editpwdmall. The manipulation of the argument flag results in weak password recovery. It is possible to launch the attack...

CVE-2026-1134

A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown function of the file /admin/expenses.php. The manipulation of the argument detail leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might ...

CVE-2024-2983

A vulnerability was found in Tenda FH1202 1.2.0.14408 and classified as critical. Affected by this issue is the function formSetClientState of the file /goform/SetClientState. The manipulation of the argument deviceId/limitSpeed/limitSpeedUp leads to stack-based buffer overflow. The attack may be...

CVE-2025-13057

A vulnerability was identified in Campcodes School Fees Payment Management System 1.0. Impacted is an unknown function of the file /ajax.php?action=savestudent. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and...

CVE-2025-11102 Campcodes Online Learning Management System edit_content.php sql injection

A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/editcontent.php. Executing manipulation of the argument Title can lead to sql injection. The attack can be launched remotely. The exploit has been made available t...

CVE-2025-6772 eosphoros-ai db-gpt import import_flow path traversal

A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the function importflow of the file /api/v2/serve/awel/flow/import. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploi...

CVE-2025-0561 itsourcecode Farm Management System add-pig.php sql injection

A vulnerability has been found in itsourcecode Farm Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-pig.php. The manipulation of the argument pigno leads to sql injection. The attack can be initiated remotely. The exploit has been disclos...

OpenText FirstClass HTTP Daemon /Search Large Request Remote DoS

The remote host is running OpenText FirstClass, a web-based unified messaging system. The remote version of this software is vulnerable to an unspecified denial of service attack that could allow an attacker to disable this service remotely. C Tenable Network Security, Inc. include"compat.inc";...