CVE-2026-7501 LinkStackOrg LinkStack UserController.php editPage cross site scripting

A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The...

Exploit for CVE-2025-69606

CVE-2025-69606 — Reflected XSS in GSVoIP Web Panel Severi...

JLSEC-2026-371 A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function...

A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mgtlsverifycertsignature of the file mongoose.c of the component P-384 Public Key Handler. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. Attacks of this nature...

JLSEC-2026-369 A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function...

A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...

EUVD-2026-26411

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...

CVE-2026-33845

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...

EUVD-2026-26392

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...

CVE-2026-7306

A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument defaulttok...

EUVD-2026-26307

A flaw has been found in Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01. Affected is the function sub427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may...

SUSE CVE-2026-7020

A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote...

SUSE CVE-2026-7361

Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-7469 Tenda 4G300 DelFil sub_425A28 command injection

A vulnerability was detected in Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01. This impacts the function sub425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2026-7469 Tenda 4G300 DelFil sub_425A28 command injection

A vulnerability was detected in Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01. This impacts the function sub425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2026-7469

CVE-2026-7469 affects Tenda 4G300 devices (US_4G300V1.0Mt_V1.01.42_CN_TDC01). The vulnerability resides in function sub_425A28 within the file /goform/DelFil, where manipulating the argument delflag leads to a command injection. The attack can be carried out remotely, and the exploit is public. I...

CVE-2026-7447

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/updatecustomer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out...

CVE-2026-7468 1024-lab smart-admin Demo Site index.html access control

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has bee...

CVE-2026-7468 1024-lab smart-admin Demo Site index.html access control

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has bee...

CVE-2026-7468

The CVE covers 1024-lab smart-admin up to version 3.30.0, affecting an unknown function in /smart-admin-api/druid/index.html of the Demo Site. The issue enables improper access controls via a remote attack, with a publicly disclosed exploit and a PROOF-OF-CONCEPT status in the metrics. Affected p...

CVE-2026-7445

A security vulnerability has been detected in ZachHandley ZMCPTools up to 0.2.2. Affected by this issue is some unknown functionality of the file src/managers/ResourceManager.ts of the component MCP Log Resource Handler. The manipulation of the argument dirname leads to path traversal. Remote...

CVE-2026-7447

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/updatecustomer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out...