CVE-2026-7606

TRENDnet TEW-821DAP firmware, version 1.12B01, contains a weakness in the Firmware Update Handler (functions find_hwid/new_gui_update_firmware). Crafting the dest argument enables insufficient verification of data authenticity. The vulnerability is remotely exploitable; exploitation is described ...

EUVD-2026-26727

A vulnerability has been found in Open5GS up to 2.7.6. Affected is an unknown function of the file src/amf/gmm-handler.c of the component AMF. The manipulation of the argument regtype leads to denial of service. The attack is possible to be carried out remotely. Upgrading to version 2.7.7 is able...

Code Review Server 注入漏洞

Code Review Server is a code review tool based on large models, developed by Dennison Bertram. Versions of Code Review Server 0.1.0 and earlier had an injection vulnerability. This vulnerability stems from the executeRepomix function in the src/repomix.ts file, which allows for command injection,...

ALPINE-CVE-2026-7598

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauthpassword of the file src/userauth.c. Such manipulation of the argument usernamelen/passwordlen leads to integer overflow. The attack may be launched remotely. The name of the patch is...

CVE-2026-7597

A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vectorstores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used...

CVE-2026-7598

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauthpassword of the file src/userauth.c. Such manipulation of the argument usernamelen/passwordlen leads to integer overflow. The attack may be launched remotely. The name of the patch is...

CVE-2026-31707

A flaw was found in the Linux kernel's ksmbd component. A remote attacker could exploit an integer overflow vulnerability when the system processes specially crafted daemon responses. This manipulation of data sizes can bypass internal security checks, leading to memory corruption. Such an issue...

CVE-2026-7592

A weakness has been identified in itsourcecode Courier Management System 1.0. This affects an unknown function of the file /editstaff.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public...

CVE-2026-7587

Open5GS AMF vulnerable in function amf_nsmf_pdusession_handle_update_sm_context (in /src/amf/nsmf-handler.c) up to version 2.7.7. The manipulation can cause a denial of service and is remotely initiable. The exploit has been disclosed publicly. No remediation or patch details are provided in the ...

CVE-2026-7585

A vulnerability was determined in Open5GS up to 2.7.7. The impacted element is the function amfnudmsdmhandleprovisioned of the file /src/amf/nudm-handler.c of the component AMF. Executing a manipulation can lead to denial of service. The attack can be launched remotely. The exploit has been...

CVE-2026-7581

The CVE describes a vulnerability in alexta69 MeTube up to 2026.04.09, affecting the CORS Policy implementation (function on_prepare in app/main.py). The issue results in a permissive cross-domain policy that can interact with untrusted domains and is exploitable remotely. A public exploit is ind...

CVE-2026-7554

A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitatio...

EUVD-2026-26480

A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitatio...

CVE-2026-7550

CVE-2026-7550 affects SourceCodester Pharmacy Sales and Inventory System 1.0. The vulnerability is in an unknown function of the file /ajax.php?action=save_customer where manipulation of the argument ID leads to an SQL injection. It is exploitable remotely and the exploit has been disclosed publi...

CVE-2026-7549 SourceCodester Pharmacy Sales and Inventory System ajax.php delete_customer sql injection

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=deletecustomer. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...

SUSE CVE-2026-3833

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

CVE-2026-7536

A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsfsessaddbyipaddress of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a manipulation of the argument ipv4Addr can lead to denial of service. The attack can be launched...

CVE-2026-7536 Open5GS BSF pcfBindings bsf_sess_add_by_ip_address denial of service

A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsfsessaddbyipaddress of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a manipulation of the argument ipv4Addr can lead to denial of service. The attack can be launched...

CVE-2026-7535

A vulnerability was found in Open5GS up to 2.7.7. This affects the function amfnamfcommhandleregistrationstatusupdaterequest in the library /lib/app/ogs-init.c of the file /namf-comm/v1/ue-contexts/ueContextId/transfer-update. Performing a manipulation of the argument ueContextId results in denia...

maccms_pro 访问控制错误漏洞

Maccmspro is a content management system developed by Maccmspro’s individual developers. Versions of Maccmspro prior to 2022.1.3 had an access control vulnerability. This vulnerability stemmed from an unlimited upload issue in the install function of the file/admi.php/admin/addon/add.html within...