CVE-2026-5147

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. It is possible to launch the attack remotely. The exploit has been released...

CVE-2026-5123

A flaw was found in osrg GoBGP. A remote attacker could exploit an off-by-one error in the DecodeFromBytes function by manipulating specific input data. This vulnerability may lead to a denial of service, making the affected system unavailable. Mitigation Mitigation for this issue is either not...

CVE-2026-27853

A flaw was found in dnsdist. A remote attacker could send specially crafted DNS responses that, when processed by dnsdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code, may trigger an out-of-bounds write. This vulnerability can lead to a system crash,...

CVE-2026-5204

A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack can be initiated remotely. The exploi...

CVE-2026-34202 Zebra node crash — V5 transaction hash panic (P2P reachable)

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5...

EUVD-2026-17341

A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely...

EUVD-2026-17351

A vulnerability has been found in code-projects Student Membership System 1.0. Impacted is an unknown function of the file /deletemember.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...

CVE-2026-5183 TRENDnet TEW-713RE addRouting sub_421494 command injection

A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub421494 of the file /goform/addRouting. Executing a manipulation of the argument dest can lead to command injection. It is possible to launch the attack remotely. The exploit has been publicly...

EUVD-2026-17279

A security flaw has been discovered in Totolink A3300R 17.0.0cu.557b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument provided results in command injection. The attack may be initiated remotely. The exploit has been release...

CVE-2026-5177

Totolink A3300R 17.0.0cu.557_b20221024 is affected by CVE-2026-5177. The vulnerability resides in function setWiFiBasicCfg of /cgi-bin/cstecgi.cgi, where manipulating the rxRate argument can trigger a remote command injection. The exploit is publicly available. No remediation details are provided...

PT-2026-29326

Name of the Vulnerable Software and Affected Versions SourceCodester Leave Application System version 1.0 Description A security issue exists in the User Management Handler component of SourceCodester Leave Application System. This issue allows for cross site scripting, potentially enabling remot...

VulnCheck KEV: CVE-2025-10090

A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be us...

undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

CVE-2026-5107 FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function processtype2route of the file bgpd/bgpevpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to ha...

CVE-2026-5107 FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function processtype2route of the file bgpd/bgpevpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to ha...

PT-2026-29112

A security vulnerability has been detected in code-projects Accounting System 1.0. This issue affects some unknown processing of the file /viewin costumer.php of the component Parameter Handler. Such manipulation of the argument cos id leads to sql injection. The attack can be launched remotely...

PT-2026-28761

Name of the Vulnerable Software and Affected Versions FRRouting FRR versions up to 10.5.1 Description A security issue exists in FRRouting FRR related to improper access controls within the EVPN Type-2 Route Handler component. The issue is located in the process type2 route function of the bgpd/b...

PT-2026-28758

Name of the Vulnerable Software and Affected Versions Totolink A3300R version 17.0.0cu.557 b20221024 Description A security issue exists in Totolink A3300R version 17.0.0cu.557 b20221024. The setStaticRoute function within the /cgi-bin/cstecgi.cgi file is susceptible to command injection through...

EUVD-2026-16991

A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to stack-based buffer overflow. The attack can be...

CVE-2026-5035 code-projects Accounting System Parameter view_work.php sql injection

A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /viewwork.php of the component Parameter Handler. Such manipulation of the argument enid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...