EUVD-2026-33667

A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit h...

CVE-2026-10273

Affected software: php-censor (up to 2.1.6). The vulnerability is in the Webhook Endpoint, specifically the file src/Model/Build/GitBuild.php, where manipulating the commitId argument can lead to operating system command injection. Impact is remote: attacker can exploit over the network. The expl...

CVE-2026-10174

A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. The attack may be launched remotely. The exploit ...

CVE-2026-10168

A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected is the function marks of the file application/controllers/Parents.php. The manipulation of the argument param1 leads to improper control...

CVE-2026-10156

A vulnerability was determined in Open5GS up to 2.7.7. This affects the function handleamfinfo in the library /lib/sbi/nnrf-handler.c of the component nf-instances Endpoint. Executing a manipulation of the argument nfinfopool can lead to resource consumption. The attack may be performed from...

CVE-2026-10116

A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogssbixactadd in the library /lib/core/ogs-timer.c of the component ue-authentications Endpoint. Performing a manipulation results in denial of service. The attack may be initiated remotely. The...

CVE-2026-10189

A vulnerability has been found in Tenda W12 3.0.0.74763. This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to t...

CVE-2026-10192

A vulnerability was identified in Tenda W12 3.0.0.74763. The affected element is the function setlocaltime0 of the file /bin/httpd. Such manipulation of the argument Time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used...

CVE-2026-10159

A weakness has been identified in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSysLog of the file /goform/formSysLog. This manipulation of the argument currentpage causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been mad...

CVE-2026-10123

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetDomainFilter of the file /goform/formSetDomainFilter. Performing a manipulation of the argument blockeddomain/permitteddomain/blockeddomainlist/permitteddomainlist results in stack-based buffer overflow. It...

CVE-2026-10272 a4m4 Student-Management-System deleteform.php improper authorization

A vulnerability has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The impacted element is an unknown function of the file admin/deleteform.php. Such manipulation of the argument sid leads to improper authorization. It is possible to launch the attack...

EUVD-2026-33661

A vulnerability has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The impacted element is an unknown function of the file admin/deleteform.php. Such manipulation of the argument sid leads to improper authorization. It is possible to launch the attack...

CVE-2026-10272 a4m4 Student-Management-System deleteform.php improper authorization

A vulnerability has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The impacted element is an unknown function of the file admin/deleteform.php. Such manipulation of the argument sid leads to improper authorization. It is possible to launch the attack...

CVE-2026-10272

CVE-2026-10272 affects the a4m4 Student-Management-System. The vulnerability is in an unknown function within admin/deleteform.php, where manipulating the argument sid leads to improper authorization. It can be exploited remotely, and public disclosures exist. Version details for affected/updated...

CVE-2026-10270

The vulnerability CVE-2026-10270 affects D-Link DI-7001 MINI (up to firmware 19.09.19A1). The issue is a stack-based overflow in the API component, specifically the sprintf usage in /httpd_debug.asp where an attacker can manipulate the Time argument. This allows a remote attacker to potentially e...

CVE-2026-10270 D-Link DI-7001 MINI API httpd_debug.asp sprintf stack-based overflow

A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpddebug.asp of the component API. The manipulation of the argument Time results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public...

EUVD-2026-33693

A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpddebug.asp of the component API. The manipulation of the argument Time results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public...

CVE-2026-10265

A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edittopic.php. Such manipulation of the argument topicid leads to sql injection. The attack may be launched remotely. The exploit is publicly...

CVE-2026-10261

A flaw has been found in CodeAstro Online Job Portal 1.0. This affects an unknown function of the file /users/applicationstatus.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used...

CVE-2026-10262

A vulnerability has been found in code-projects Real State Services 1.0. This impacts an unknown function of the file /loginuser.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to th...