CVE-2026-10220

A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function servepluginskill/skillview of the file tools/skillstool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and ma...

CVE-2026-10250

A security flaw has been discovered in itsourcecode Online Blood Bank Management System 1.0. The affected element is an unknown function of the file /admin/campsdetails.php. Performing a manipulation of the argument hospital results in sql injection. The attack is possible to be carried out...

EUVD-2026-33620

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function createmedicinepresentation of the file /ShowForm/createmedicinepresentation/main. The manipulation of the argument medicinepresentation leads to cross site scripting. The attack may...

CVE-2026-10168

The CVE concerns OUSL-GROUP-BrinaryBrains School Student Management System (up to build 1e70e5ad1125b86dca4ee086eb6bb121f17708b6). The vulnerability is in the function marks of the file application/controllers/Parents.php, where manipulating the argument param1 enables improper control of resourc...

CVE-2026-10122 TRENDnet TEW-432BRP formSetProtocolFilter stack-based overflow

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocolname leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has...

CVE-2026-9565

A CVE entry for haojing8312 WorkClaw ≤ 0.6.4 describes a vulnerability in the Blacklist Handler, specifically the is_dangerous function in apps/runtime/src-tauri/src/agent/tools/bash.rs. The underlying issue enables os command injection via manipulation, with remote execution possible. Public dis...

CVE-2026-9517 hemant6488 CodeIgniter-StudentManagementSystem Student Management addStudentView access control

A vulnerability was determined in hemant6488 CodeIgniter-StudentManagementSystem. The affected element is an unknown function of the file /index.php/students/addStudentView of the component Student Management Handler. Executing a manipulation can lead to improper access controls. The attack can b...

CVE-2026-9402 Edimax BR-6675nD POST Request formWlanMP command injection

A vulnerability was found in Edimax BR-6675nD 1.12. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component POST Request Handler. The manipulation of the argument...

CVE-2026-9383

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

CVE-2026-9344

The CVE describes a stack-based overflow in Edimax EW-7438RPn (firmware up to 1.31) triggered by manipulating the pinCode/wlan-url argument in /goform/formWpsStart of the webs component. This allows a remote attacker to potentially exploit the vulnerability, with exploitation described as public....

PT-2026-42952

Name of the Vulnerable Software and Affected Versions Tenda F1202 version 1.2.0.20408 Description A stack-based buffer overflow occurs due to the manipulation of the opttype argument within the fromPptpUserAdd function located in the /goform/PptpUserAdd file. This issue allows for remote initiati...

CVE-2026-8345 D-Link DIR-816 singlePortForward sub_445E7C command injection

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05R1B011D88210. Affected by this issue is the function sub445E7C of the file /goform/singlePortForward. Such manipulation of the argument ipaddress leads to command injection. It is possible to launch the attack remotely. The...

WordPress HEL Online Classroom: AI-powered Online Classrooms plugin <= 1.0.3 - Missing Authorization to Unauthenticated Arbitrary Classroom Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Classroom Deletion vulnerability discovered by Legion Hunter in WordPress Plugin HEL Online Classroom: AI-powered Online Classrooms versions = 1.0.3...

CVE-2026-8230

CVE-2026-8230 affects Wavlink NU516U1 240425. The vulnerability lies in the /cgi-bin/login.cgi file, within the function called sys_login1, where manipulating the ipaddr argument can trigger an OS command injection. This allows remote attackers to execute commands on the device. Exploitation is p...

CVE-2026-8196 JeecgBoot mLogin Endpoint LoginController.java authorization

A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization bypass. The attack...

CVE-2026-8121

Open5GS is affected up to version 2.7.7 in the NSSF component. The vulnerable element is ogs_sbi_parse_plmn_list in /lib/sbi/conv.c, where manipulation leads to a denial of service. The issue is exploitable remotely; the exploit has been disclosed publicly and the project was informed via issue r...

CVE-2026-7513 UTT HiPER 1200GW formRemoteControl strcpy buffer overflow

A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2026-7288

A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed t...

CVE-2026-7265

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function Category of the file pizza/index.php?page=category. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploi...

DEBIAN-CVE-2026-7179

A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function readnullterminatedstring of the file src/binwalk/plugins/winceextract.py of the component WinCE Extraction Plugin. Such manipulation of the argument self.filename leads to path traversa...