CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added yesterday•5 views

CVE-2026-13559

A weakness has been identified in code-projects Real State Services 1.0. Impacted is an unknown function of the file /single-listsale.php?action=add. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...

7.5CVSS

NVD•added yesterday•4 views

CVE-2026-13560

A security vulnerability has been detected in Edimax EW-7478APC 1.04. The affected element is the function formAccept of the file /goform/formAccept of the component POST Request Handler. The manipulation of the argument submit-url leads to os command injection. The attack is possible to be carri...

6.5CVSS

NVD•added yesterday•4 views

CVE-2026-13558

A security flaw has been discovered in CodeAstro Complaint Management System 1.0. This issue affects some unknown processing of the file /report/addreport of the component Report Handler. Performing a manipulation of the argument Report Title results in cross site scripting. Remote exploitation o...

5.1CVSS

EUVD•added yesterday•7 views

EUVD-2026-40077

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /preview3.php. The manipulation of the argument courseyearsection leads to sql injection. The attack may be initiated remotely. The exploit is...

CVE•added yesterday•8 views

CVE-2026-13566

SourceCodester Class and Exam Timetabling System 1.0 contains an SQL injection in the /preview3.php script triggered by manipulating the course_year_section parameter. The issue is exploitable remotely, with a publicly available exploit. The provided documents do not specify the vulnerable hostin...

RedhatCVE•added yesterday•6 views

CVE-2026-50171

A flaw was found in the @angular/common package of Angular. The formatNumber function, which is also used by DecimalPipe, PercentPipe, and CurrencyPipe, does not properly validate the upper bounds of the digitsInfo parameter. A remote attacker could exploit this by providing a maliciously crafted...

8.2CVSS5.6AI score0.00161EPSS

Exploits0References4

EUVD•added yesterday•7 views

EUVD-2026-40076

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /editclass1.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The...

ATTACKERKB•added yesterday•3 views

CVE-2026-13565

Exploits0References6Affected Software1

CVE•added yesterday•7 views

CVE-2026-13565

The vulnerability CVE-2026-13565 affects SourceCodester Class and Exam Timetabling System (1.0/1.php). The issue is in /edit_class1.php where manipulating the argument ID enables SQL injection, a remotely triggerable flaw. Publicly disclosed exploit exists (proof-of-concept). Affected component: ...

EUVD-2026-40075

A vulnerability was found in Edimax EW-7478APC 1.04. Affected is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in stack-based buffer overflow. The attack can be initiated remotely...

9CVSS7.9AI score

CVE•added yesterday•8 views

CVE-2026-13564

Summary: CVE-2026-13564 affects Edimax EW-7478APC firmware 1.04, specifically the POST Request Handler’s formPPPoESetup function. Manipulating the pppUserName argument triggers a stack-based buffer overflow, enabling remote attacker access. Public exploit reportedly exists and the vendor did not ...

9CVSS7.9AI score

Cvelist•added yesterday•11 views

CVE-2026-13564 Edimax EW-7478APC POST Request formPPPoESetup stack-based overflow

9CVSS

EUVD-2026-40074

9CVSS7.8AI score

ATTACKERKB•added yesterday•3 views

CVE-2026-13563

9CVSS7.8AI score

Exploits0References5Affected Software1

CVE•added yesterday•6 views

CVE-2026-13563

Edimax EW-7478APC (firmware 1.04) is affected in the POST Request Handler, specifically the formL2TPSetup function of /goform/formL2TPSetup. Manipulation of the L2TPUserName argument leads to a stack-based buffer overflow, enabling remote exploitation. Public exploit details exist, and the vendor...

9CVSS7.8AI score

Cvelist•added yesterday•11 views

CVE-2026-13563 Edimax EW-7478APC POST Request formL2TPSetup stack-based overflow

9CVSS

EUVD-2026-40073

A flaw has been found in Edimax EW-7478APC 1.04. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. This manipulation of the argument selSSID causes buffer overflow. It is possible to initiate the attack remotely. The exploit...

9CVSS7.5AI score

CVE•added yesterday•8 views

CVE-2026-13562

The CVE concerns Edimax EW-7478APC 1.04, impacting the formiNICSiteSurvey function in /goform/formiNICSiteSurvey of the POST Request Handler. The root cause is a buffer overflow triggered by manipulating the selSSID argument, allowing remote initiation of an attack. This CVE has a published explo...

9CVSS7.5AI score

EUVD-2026-40072

A vulnerability was detected in Edimax EW-7478APC 1.04. The impacted element is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection. The attack may be performed from remote...

6.5CVSS6.3AI score