Lucene search
K

41216 matches found

Vulnrichment
Vulnrichment
added 2026/03/30 10:30 p.m.2 views

CVE-2026-5154 Tenda CH22 Parameter setcfm fromSetCfm stack-based overflow

A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. The manipulation of the argument funcname leads to stack-based buffer overflow. Remote exploitation of the attack is possible...

9CVSS7.5AI score0.00632EPSS
Exploits1References5
NVD
NVD
added 2026/03/30 10:16 p.m.2 views

CVE-2026-5153

A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

8.8CVSS0.03EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/30 9:31 p.m.4 views

EUVD-2026-17218

A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may...

9CVSS7.9AI score0.0073EPSS
Exploits1References6
EUVD
EUVD
added 2026/03/30 9:31 p.m.3 views

EUVD-2026-17216

A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

5.8CVSS5.7AI score0.00253EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/30 9:30 p.m.28 views

CVE-2026-5153 Tenda CH22 WriteFacMac FormWriteFacMac command injection

A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

6.5CVSS0.03EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/30 9:30 p.m.0 views

CVE-2026-5153 Tenda CH22 WriteFacMac FormWriteFacMac command injection

A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

6.5CVSS5.7AI score0.03EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/30 9:30 p.m.2 views

CVE-2026-5153

A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

6.5CVSS5.7AI score0.03EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/30 8:30 p.m.23 views

CVE-2026-5152 Tenda CH22 createFileName formCreateFileName stack-based overflow

A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may...

9CVSS0.0073EPSS
Exploits1References5
CVE
CVE
added 2026/03/30 8:30 p.m.15 views

CVE-2026-5152

Summary of CVE-2026-5152 (Tenda CH22): A stack-based buffer overflow is triggered in the /goform/createFileName endpoint by manipulating the fileNameMit argument in the formCreateFileName function of Tenda CH22 1.0.0.1. The issue can be exploited remotely, and a public exploit is available. Conne...

9CVSS7.9AI score0.0073EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/03/30 8:16 p.m.4 views

CVE-2026-5150

A security vulnerability has been detected in code-projects Accounting System 1.0. This issue affects some unknown processing of the file /viewincostumer.php of the component Parameter Handler. Such manipulation of the argument cosid leads to sql injection. The attack can be launched remotely. Th...

7.5CVSS0.00318EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/30 7:45 p.m.1 views

CVE-2026-5150 code-projects Accounting System Parameter viewin_costumer.php sql injection

A security vulnerability has been detected in code-projects Accounting System 1.0. This issue affects some unknown processing of the file /viewincostumer.php of the component Parameter Handler. Such manipulation of the argument cosid leads to sql injection. The attack can be launched remotely. Th...

7.5CVSS6.9AI score0.00318EPSS
Exploits0References5
CVE
CVE
added 2026/03/30 7:45 p.m.10 views

CVE-2026-5150

CVE-2026-5150 affects code-projects Accounting System 1.0, specifically the Parameter Handler’s handling of cos_id in the file /viewin_costumer.php. The issue allows manipulation of cos_id leading to an SQL injection, with the attack possible remotely and the exploit publicly disclosed. The avail...

7.5CVSS6.9AI score0.00318EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/30 7:45 p.m.1 views

CVE-2026-5148 YunaiV yudao-cloud page sql injection

A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

5.8CVSS5.7AI score0.00253EPSS
Exploits0References5
CVE
CVE
added 2026/03/30 7:45 p.m.7 views

CVE-2026-5148

CVE-2026-5148 affects YunaiV yudao-cloud (up to 2026.01). The vulnerability is in the /admin-api/system/mail-log/page path, caused by manipulation of the toMail argument that leads to SQL injection. It can be triggered remotely; a public exploit is available. The vendor was contacted early but di...

5.8CVSS5.7AI score0.00253EPSS
Exploits0References5
NVD
NVD
added 2026/03/30 7:16 p.m.3 views

CVE-2026-5147

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. It is possible to launch the attack remotely. The exploit has been released...

7.5CVSS0.00326EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/30 6:45 p.m.1 views

CVE-2026-5147

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. It is possible to launch the attack remotely. The exploit has been released...

7.5CVSS5.7AI score0.00326EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/03/30 6:31 p.m.4 views

EUVD-2026-17109

A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation of the argument data1 can lead to off-by-one. The attack may be launched remotely. Attacks of this nature are highly complex. The...

6.3CVSS5.4AI score0.00409EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/03/30 6:0 p.m.22 views

CVE-2026-5126 SourceCodester RSS Feed Parser file_get_contents server-side request forgery

A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function filegetcontents. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used...

6.5CVSS0.00267EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/30 5:6 p.m.6 views

CVE-2026-5045

A vulnerability was detected in Tenda FH1201 1.2.0.14408. This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer overflow. The attack is possible to be carried out...

9CVSS6.5AI score0.00655EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/30 5:6 p.m.4 views

CVE-2026-5044

A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to stack-based buffer overflow. The attack can be...

9CVSS6.5AI score0.00663EPSS
Exploits1References1
Rows per page
Query Builder