CVE-2026-5313 Nothings stb GIF Decoder stb_image.h stbi__gif_load_next denial of service

A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbigifloadnext in the library stbimage.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and ma...

CVE-2026-5313 Nothings stb GIF Decoder stb_image.h stbi__gif_load_next denial of service

A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbigifloadnext in the library stbimage.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and ma...

CVE-2026-5312

A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the...

CVE-2026-5312 D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control

A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the...

CVE-2026-5312

A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the...

CVE-2026-5312

CVE-2026-5312 affects D-Link DNS-1xx NAS models (e.g., DNS-120, DNS-320/320L/320LW/321, DNS-327L, DNS-1100-4, DNS-1550-04, among others) with the dsk_mgr.cgi Get_current_raidtype path. The vulnerability concerns the functions under /cgi-bin/dsk_mgr.cgi (including Get_Volume_Mapping, Get_current_r...

CVE-2026-5311 D-Link DNS-1550-04 file_center.cgi Webdav_Access_List access control

A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function...

CVE-2026-5205

A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery. The attack can be launched...

CVE-2026-5203

A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in path traversal. It is possible to launch the...

CVE-2026-20097

CVE-2026-20097 affects the web-based management interface of Cisco IMC. An authenticated admin could trigger arbitrary code execution as root due to improper validation of user-supplied input, by sending crafted HTTP requests to the device. The impact is execution of code on the underlying OS as ...

CVE-2026-20093 Cisco Integrated Management Controller Authentication Bypass Vulnerability

A vulnerability in the change password functionality of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. This vulnerability is due to incorrect handling of password change requests. An...

CVE-2026-5197

A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of the file /deleteuser.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...

EUVD-2026-17826

A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the file frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AlarmController.java of the component Alarm Preview. Executing a manipulation can lead to...

EUVD-2026-17821

A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function getfile of the file iopaint/filemanager/filemanager.py of the component File Manager. Performing a manipulation of the argument filename results in path traversal. The attack is possible to be carried out remotely. The...

CVE-2026-5261

A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element is the function uploadFileToIIS of the file /Base/BaseHandler.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit i...

CVE-2026-5259

A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the file frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AlarmController.java of the component Alarm Preview. Executing a manipulation can lead to...

CVE-2026-5261

A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element is the function uploadFileToIIS of the file /Base/BaseHandler.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit i...

CVE-2026-5261 Shandong Hoteam InforCenter PLM BaseHandler.ashx uploadFileToIIS unrestricted upload

A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element is the function uploadFileToIIS of the file /Base/BaseHandler.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit i...

CVE-2026-5259 AutohomeCorp frostmourne Alarm Preview AlarmController.java server-side request forgery

A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the file frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AlarmController.java of the component Alarm Preview. Executing a manipulation can lead to...

CVE-2026-5258

A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function getfile of the file iopaint/filemanager/filemanager.py of the component File Manager. Performing a manipulation of the argument filename results in path traversal. The attack is possible to be carried out remotely. The...