EUVD-2026-25894

A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/blockstatus.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

CVE-2026-7143

A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/blockstatus.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

CVE-2026-7142

CVE-2026-7142 affects Wooey up to 0.13.2, specifically the function add_or_update_script in wooey/api/scripts.py within the API Endpoint. The issue enables improper authorization via manipulation of the script endpoint, with remote execution possible. Public exploitation has been disclosed. Mitig...

CVE-2026-7142 Wooey API Endpoint scripts.py add_or_update_script improper authorization

A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function addorupdatescript of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has...

CVE-2026-7142

A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function addorupdatescript of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has...

CVE-2026-7141 vllm KV Block kv_cache_interface.py has_mamba_layers uninitialized resource

A vulnerability was found in vllm up to 0.19.0. The affected element is the function hasmambalayers of the file vllm/v1/kvcacheinterface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attack is...

CVE-2026-7140

The CVE-2026-7140 entry concerns Totolink A8000RU (firmware 7.1cu.643_b20200521). The vulnerability resides in CsteSystem within /cgi-bin/cstecgi.cgi of the CGI Handler, enabling an os command injection via manipulation of an HTTP argument. Impact vectors indicate remote exploitation with high co...

EUVD-2026-25879

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument HTTP leads to os command injection. The attack may be performed from remote. The exploit has...

CVE-2026-7140

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument HTTP leads to os command injection. The attack may be performed from remote. The exploit has...

CVE-2026-7134

A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit is publicly available and might ...

CVE-2026-7139

The CVE concerns Totolink A8000RU (firmware 7.1cu.643_b20200521). The flaw is in the CGI handler function setWiFiAclRules within /cgi-bin/cstecgi.cgi, where argument mode manipulation enables remote OS command injection. The exploit is published and can be used remotely without authentication; im...

CVE-2026-7139 Totolink A8000RU CGI cstecgi.cgi setWiFiAclRules os command injection

A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mode causes os command injection. The attack is possible to be carried out remotely. The...

CVE-2026-7139 Totolink A8000RU CGI cstecgi.cgi setWiFiAclRules os command injection

A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mode causes os command injection. The attack is possible to be carried out remotely. The...

CVE-2026-7138

Totolink A8000RU vulnerability CVE-2026-7138 affects the CGI Handler: file /cgi-bin/cstecgi.cgi, function setNtpCfg. Manipulating the tz argument leads to OS command injection with a remote attack path. Public exploit is indicated in the sources. No specific patch/version details or mitigations a...

CVE-2026-7133

A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and...

CVE-2026-7134 code-projects Online Lot Reservation System edithousepic.php unrestricted upload

A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit is publicly available and might ...

CVE-2026-7134 code-projects Online Lot Reservation System edithousepic.php unrestricted upload

A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit is publicly available and might ...

EUVD-2026-25872

A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit is publicly available and might ...

CVE-2026-7134

A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit is publicly available and might ...

EUVD-2026-25861

A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and...