EUVD-2026-26809

A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function startlan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-7675

CVE-2026-7675 affects Shenzhen Libituo Technology LBT-T300-HW1 devices older than or equal to 1.2.8. The vulnerability is in the function start_lan of the file /apply.cgi , where manipulation of the argument Channel/ApCliSsid leads to a buffer overflow . The issue is exploitable remotely, and pub...

CVE-2026-7675 Shenzhen Libituo Technology LBT-T300-HW1 apply.cgi start_lan buffer overflow

A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function startlan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-7675 Shenzhen Libituo Technology LBT-T300-HW1 apply.cgi start_lan buffer overflow

A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function startlan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-7674 Shenzhen Libituo Technology LBT-T300-HW1 Web Management start_single_service buffer overflow

A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function startsingleservice of the component Web Management Interface. Executing a manipulation of the argument vpnpptpserver/vpnl2tpserver can lead to buffer overflow. The attack can be executed...

CVE-2026-7673

A vulnerability was detected in crmebjava up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of the component Admin Upload. Performing a manipulation of the argument model results in unrestricted...

CVE-2026-7672

A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...

CVE-2026-7672 youlaitech youlai-boot Users Endpoint UserController.java getUserList sql injection

A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...

CVE-2026-7672

A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...

PT-2026-36690

Name of the Vulnerable Software and Affected Versions langflow-ai langflow versions prior to 1.8.5 Description A command injection issue exists in the Full Builtins Module Handler component. The problem resides in the CodeParser.parse callable details function within the file...

PT-2026-36672

Name of the Vulnerable Software and Affected Versions crmeb java versions prior to 1.3.5 Description An unrestricted file upload issue exists within the Admin Upload component, specifically affecting the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java...

PT-2026-36683

A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the component Dataset API. The manipulation of the argument DatasetId leads to authorization bypass. The...

PT-2026-36693

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dol verifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...

PT-2026-36701

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed...

PT-2026-36695

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN570HA1 version R70HA1 V1410 221110 Description A command injection issue exists in the set sys cmd function within the '/cgi-bin/adm.cgi' endpoint. This flaw allows a remote attacker to execute arbitrary commands by manipulating t...

PT-2026-36680

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...

PT-2026-36697

A flaw has been found in Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0. The impacted element is an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. Executing a manipulation of the argument fCircuitids can lead to sql injection. The...

PT-2026-36723

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A remote denial of service issue exists in the AMF component. The problem is located in the gmm handle service request function within the /src/amf/gmm-handler.c file. Recommendations At the moment,...

PT-2026-36678

A vulnerability was determined in kerwincui FastBee up to 1.2.1. The impacted element is the function Add of the file springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysNoticeController.java of the component System Notice Handler. This manipulation of the argument...

PT-2026-36726

Name of the Vulnerable Software and Affected Versions janeczku Calibre-Web versions prior to 0.6.27 Description Improper authorization occurs in the Endpoint component due to the manipulation of the user id argument within the generate auth token function located in the cps/kobo auth.py file. Thi...