41204 matches found
CVE-2026-5102 Totolink A3300R Parameter cstecgi.cgi setSmartQosCfg command injection
A security flaw has been discovered in Totolink A3300R 17.0.0cu.557b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument qosupbw results in command injection. The attack can be execut...
(Pwn2Own) QNAP QHora-322 login.newAuthMiddleware.Authenticator Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the quroutertoken parameter provided to the...
CVE-2026-30560
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addsupplier.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HT...
PT-2026-29111
A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...
PT-2026-28760
A flaw has been found in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/update fst.php. Executing a manipulation of the argument sname can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been...
PT-2026-29101
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. It is possible to launch the attack remotely. The exploit has been released...
PT-2026-29113
Name of the Vulnerable Software and Affected Versions Tenda CH22 version 1.0.0.1 Description A buffer overflow exists in the formCreateFileName function located in the file /goform/createFileName. Manipulation of the fileNameMit argument can trigger a stack-based buffer overflow, potentially...
PT-2026-29144
A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument cust id leads to cross site scripting. The attack may be performed from remote. The exploit...
PT-2026-29143
Name of the Vulnerable Software and Affected Versions Tenda CH22 version 1.0.0.1 Description A flaw exists in Tenda CH22 version 1.0.0.1 within the Parameter Handler component. Specifically, the fromAdvSetWan function in the /goform/AdvSetWan file is susceptible to a stack-based buffer overflow...
CVE-2026-5101
A vulnerability was identified in Totolink A3300R 17.0.0cu.557b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The...
CVE-2026-5013
A vulnerability has been found in elecV2 elecV2P up to 3.8.3. Impacted is the function path.join of the file /store/:key. The manipulation of the argument URL leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used...
CVE-2026-5015
A vulnerability was determined in elecV2 elecV2P up to 3.8.3. The impacted element is an unknown function of the file /logs of the component Endpoint. This manipulation of the argument filename causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been...
CVE-2026-5014
A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is the function path.join of the file /log/ of the component Wildcard Handler. The manipulation results in path traversal. The attack may be performed from remote. The exploit has been made public and could be used. The...
CVE-2026-5004
A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffer overflow. It is possible to launch the attack...
CVE-2026-5018
A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The explo...
CVE-2026-5101 Totolink A3300R Parameter cstecgi.cgi setLanCfg command injection
A vulnerability was identified in Totolink A3300R 17.0.0cu.557b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The...
CVE-2026-4996
A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function deletequestionandanswers/deletedocs/updatequestionanswer/updatedocs/getrelevantquestionanswersbyid/getrelevantdocsbyid of the file extensions/ee/vectorstores/lancedb/pandasailancedb/lancedb....
CVE-2026-4997
A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function issqlquerysafe of the file pandasai/helpers/sqlsanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public an...
CVE-2026-5001
A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The affected element is the function doPOST of the file backend/server.py. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publishe...
EUVD-2026-17031
A vulnerability was detected in Tenda FH1201 1.2.0.14408. This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer overflow. The attack is possible to be carried out...