41223 matches found
CVE-2026-4975 Tenda AC15 POST Request setcfm formSetCfm memory corruption
A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has...
CVE-2026-4975
The CVE-2026-4975 entry affects the Tenda AC15 device (firmware 15.03.05.19). It targets the POST handler at /goform/setcfm, specifically the formSetCfm function, where manipulating the funcpara1 argument causes a stack-based buffer overflow. Impact is defined as high for confidentiality, integri...
CVE-2026-4974
A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack...
CVE-2026-4974 Tenda AC7 POST Request SetSysTimeCfg fromSetSysTime memory corruption
A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack...
CVE-2026-4973
A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of the argument quizquestion results in cross site scripting. It is possible to initiate the...
CVE-2026-4973 SourceCodester Online Quiz System add-question.php cross site scripting
A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of the argument quizquestion results in cross site scripting. It is possible to initiate the...
CVE-2026-4973 SourceCodester Online Quiz System add-question.php cross site scripting
A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of the argument quizquestion results in cross site scripting. It is possible to initiate the...
CVE-2026-4973
SourceCodester Online Quiz System hasta 1.0 contains a cross-site scripting (XSS) vulnerability in an unknown functionality of endpoint/add-question.php. By manipulating the quiz_question argument, an attacker can trigger XSS, with remote access possible and the exploit publicly available. The pr...
CVE-2026-4971 SourceCodester Note Taking App cross-site request forgery
A weakness has been identified in SourceCodester Note Taking App up to 1.0. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks...
EUVD-2026-16727
A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function convertmessagecreatetomessage of the file letta/helpers/messagehelper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to server-side request...
EUVD-2026-16738
A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/modroom/index.php?view=edit. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and m...
EUVD-2026-16736
A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolvetype of the file letta/functions/astparsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The...
CVE-2026-4970 code-projects Social Networking Site Endpoint delete_photos.php sql injection
A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file deletephotos.php of the component Endpoint. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been release...
CVE-2026-4970
A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file deletephotos.php of the component Endpoint. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been release...
CVE-2026-4970 code-projects Social Networking Site Endpoint delete_photos.php sql injection
A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file deletephotos.php of the component Endpoint. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been release...
CVE-2026-4966
A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/modroom/index.php?view=edit. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and m...
CVE-2026-4968
The CVE-2026-4968 entry describes a cross-site request forgery in SourceCodester Diary App 1.0, targeting an unknown function in diary.php. A remote attacker could exploit this CSRF if a user interacts with a malicious page; the exploit has been publicly disclosed. The available documents do not ...
CVE-2026-4968
A vulnerability was determined in SourceCodester Diary App 1.0. The affected element is an unknown function of the file diary.php. Executing a manipulation can lead to cross-site request forgery. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...
CVE-2026-4966
CVE-2026-4966 affects itsourcecode Free Hotel Reservation System 1.0. The vulnerability is in the file /admin/mod_room/index.php?view=edit where manipulating the ID parameter enables SQL injection. It can be exploited remotely, and public exploits have been published. Various sources confirm the ...
CVE-2026-4965 letta-ai letta Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type eval injection
A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolvetype of the file letta/functions/astparsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The...