CVE-2026-1194

The CVE-2026-1194 entry concerns MineAdmin 1.x/2.x, specifically a vulnerability in the Swagger component that leads to information disclosure. The issue is remotely exploitable and has a publicly released exploit; attacker may access sensitive information via the Swagger function. Affected produ...

CVE-2026-1177

A weakness has been identified in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /kmf/savefolder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. It is possible to launch the atta...

CVE-2026-1177 Yonyou KSOA HTTP GET Parameter save_folder.jsp sql injection

A weakness has been identified in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /kmf/savefolder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. It is possible to launch the atta...

CVE-2026-1176

A security flaw has been discovered in itsourcecode School Management System 1.0. Affected is an unknown function of the file /subject/index.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to...

CVE-2026-1176

CVE-2026-1176 affects itsourcecode School Management System 1.0. The vulnerability is in the file /subject/index.php where manipulating the argument ID enables remote SQL injection. The description indicates the exploit is publicly available, implying potential in-the-wild use. No specific patch ...

CVE-2026-1175

A vulnerability was identified in birkir prime up to 0.4.0.beta.0. This impacts an unknown function of the file /graphql of the component GraphQL Directive Handler. Such manipulation leads to information exposure through error message. The attack may be performed from remote. The exploit is...

EUVD-2026-3194

A vulnerability was identified in birkir prime up to 0.4.0.beta.0. This impacts an unknown function of the file /graphql of the component GraphQL Directive Handler. Such manipulation leads to information exposure through error message. The attack may be performed from remote. The exploit is...

CVE-2026-1173

A vulnerability was found in birkir prime up to 0.4.0.beta.0. The impacted element is an unknown function of the file /graphql of the component GraphQL Array Based Query Batch Handler. The manipulation results in denial of service. The attack can be executed remotely. The exploit has been made...

CVE-2026-1171 birkir prime GraphQL Field graphql denial of service

A flaw has been found in birkir prime up to 0.4.0.beta.0. Impacted is an unknown function of the file /graphql of the component GraphQL Field Handler. Executing a manipulation can lead to denial of service. The attack may be launched remotely. The exploit has been published and may be used. The...

CVE-2026-1171

A flaw has been found in birkir prime up to 0.4.0.beta.0. Impacted is an unknown function of the file /graphql of the component GraphQL Field Handler. Executing a manipulation can lead to denial of service. The attack may be launched remotely. The exploit has been published and may be used. The...

CVE-2026-1169

A security vulnerability has been detected in birkir prime up to 0.4.0.beta.0. This vulnerability affects unknown code. Such manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of...

CVE-2026-1169 birkir prime cross-site request forgery

A security vulnerability has been detected in birkir prime up to 0.4.0.beta.0. This vulnerability affects unknown code. Such manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of...

EUVD-2026-3216

A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This issue affects some unknown processing of the file /orderonline.php. Executing a manipulation of the argument productname can lead to sql injection. The attack can be launched remotely. The exploit has bee...

CVE-2026-1158

Totolink LR350 9.3.5u.6369_B20220309 is affected by CVE-2026-1158 due to a buffer overflow in the POST Request Handler’s setWizardCfg function (file /cgi-bin/cstecgi.cgi) when manipulating the ssid argument. The vulnerability can be triggered remotely, and public exploits exist. APT-like exposure...

CVE-2026-1156

A vulnerability was determined in Totolink LR350 9.3.5u.6369B20220309. Affected by this issue is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-1157 Totolink LR350 cstecgi.cgi setWiFiEasyCfg buffer overflow

A vulnerability was identified in Totolink LR350 9.3.5u.6369B20220309. This affects the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and...

CVE-2026-1156

Totolink LR350 firmware 9.3.5u.6369_B20220309 is affected by CVE-2026-1156. The vulnerability resides in the setWiFiBasicCfg() function in /cgi-bin/cstecgi.cgi, where processing the ssid parameter allows a buffer overflow. This can be exploited remotely and the exploit has been publicly disclosed...

CVE-2026-1156 Totolink LR350 cstecgi.cgi setWiFiBasicCfg buffer overflow

A vulnerability was determined in Totolink LR350 9.3.5u.6369B20220309. Affected by this issue is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-1120

A vulnerability has been found in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/delwork.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2026-1151

A weakness has been identified in technical-laohu mpay up to 1.2.4. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the...