366737 matches found
CVE-2026-10175
Affected software : Aider-AI Aider 0.86.3, Architect Mode. Vulnerable component : editor_coder.run in auth.py. Vulnerability : input manipulation enables code injection. Impact : remote execution possible over network; CVSS indicates MEDIUM with low confidentiality/integrity/availability impact. ...
CVE-2025-65478
Technical details for CVE-2025-65478 are not provided in the supplied documents. CIRCL shows a sighting reference but no public technical data. Monitor for updates.
CVE-2026-10174
Summary of CVE-2026-10174 (Aider-AI Aider 0.86.3): Affected is an unknown function in the file aider/args.py of the Pre-commit Hook Handler. Manipulation of the argument git-commit-verify leads to protection mechanism failure. The vulnerability may be exploitable remotely, with exploitation infor...
CVE-2026-10173
Technical details (affected product/version, root cause, exploitation specifics) are not publicly available in the provided documents. Monitor for updates.
CVE-2026-10172
The CVE-2026-10172 entry concerns Bdtask Multi-Store Inventory Management System 1.0. The vulnerability lies in the Upload function of the file application/modules/dashboard/controllers/Module.php within the Module component, where manipulating the module argument yields unrestricted file upload....
CVE-2026-10171
The CVE-2026-10171 affects code-projects Online Music Site 1.0, specifically the AdminUpdateAlbum.php endpoint. The vulnerability arises from manipulating the ID argument, enabling SQL injection in an unknown part of the file, with remote exploitation reported. The exploit is publicly disclosed. ...
CVE-2026-10170
The CVE-2026-10170 entry affects code-projects Visitor Management System 1.0. A SQL injection vulnerability is present in /vms/php/phone_0.php via the phone parameter. The issue is remotely triggerable and an exploit has been published, indicating potential real-world use. The bundled metrics ind...
CVE-2026-10169
The CVE describes a weakness in the Forgot Password Endpoint of OUSL-GROUP-BrinaryBrains School Student Management System. The vulnerability affects the function ajax_forgot_password in application/controllers/Login.php, where manipulation of the email parameter enables weak password recovery. It...
CVE-2026-10168
The CVE concerns OUSL-GROUP-BrinaryBrains School Student Management System (up to build 1e70e5ad1125b86dca4ee086eb6bb121f17708b6). The vulnerability is in the function marks of the file application/controllers/Parents.php, where manipulating the argument param1 enables improper control of resourc...
CVE-2026-10167
CVE-2026-10167 affects the OUSL-GROUP-BrinaryBrains School Student Management System, specifically the MY_Controller component’s Login.php, function sign_auth_cookie. A manipulation of the role argument can lead to improper authentication, with remote exploitation possible. Public exploit exists....
CVE-2026-10166
Edimax BR-6478AC (firmware 1.23) is affected by a vulnerability in the POST Request Handler, specifically the function formWlbasic in /goform/formWlbasic. The issue arises from manipulating the argument rootAPmac, enabling command injection. The vulnerability is exploitable remotely and has been ...
CVE-2026-10165
The CVE-2026-10165 vulnerability affects Edimax BR-6478AC (firmware 1.23) in the POST Request Handler, specifically the formWanTcpipSetup function. Manipulation of the pppUserName argument causes a stack-based buffer overflow, with remote exploitation possible and a publicly available exploit. No...
CVE-2026-10164
Edimax BR-6478AC firmware 1.23 contains a vulnerability in the POST Request Handler, specifically the formUSBFolder function. The issue arises from improper handling of ShareName/SelectName arguments, causing a buffer overflow. This can be exploited remotely, and public exploits have been disclos...
CVE-2026-8382
The CVE-2026-8382 entry describes an authorization bypass in the WordPress plug‑in Advanced Custom Fields (ACF) for all versions up to 6.8.1. The vulnerability arises because the plugin does not properly verify that a user is authorized to perform an action, enabling unauthenticated attackers to ...
CVE-2026-10163
Edimax BR-6478AC 1.23 is affected by CVE-2026-10163. The issue targets the POST Request Handler’s /goform/formUSBAccount, specifically the formUSBAccount function. By manipulating the UserName/Password arguments, a buffer overflow is triggered, enabling remote exploitation. The exploit has been d...
CVE-2026-10162
CVE-2026-10162 affects TRENDnet TEW-432BRP (firmware 3.10B20). The issue is in function formSetPassword (/goform/formSetPassword): manipulating the argument webpage can cause a stack-based overflow. The attack can be remote; exploit published. Vendor notes the product is EOL since 2009 and cannot...
CVE-2026-10161
The CVE-2026-10161 entry concerns TRENDnet TEW-432BRP (firmware 3.10B20). The vulnerability resides in function formResetStatistic (file /goform/formResetStatistic); manipulating the argument status_statistic triggers a stack-based buffer overflow. It is described as remotely exploitable with a p...
CVE-2026-10160
TRENDnet TEW-432BRP (model, firmware 3.10B20) is affected by CVE-2026-10160. The vulnerability targets the function formSetEnableWizard in /goform/formSetEnableWizard, where manipulating the start_wizard argument causes a stack-based buffer overflow. The issue is exploitable remotely, and public ...
CVE-2026-10159
CVE-2026-10159 affects TRENDnet TEW-432BRP (model 3.10B20). The vulnerability targets the function formSysLog in the file /goform/formSysLog, where manipulation of the argument current_page triggers a stack-based buffer overflow. The issue can be exploited remotely; public exploits exist as indic...
CVE-2026-10158
TRENDnet TEW-432BRP (firmware 3.10B20) contains a stack-based buffer overflow in the formPortFw function (/goform/formPortFw) triggered by manipulation of server_name. Remote exploitation is possible. The exploit is publicly available. The vendor notes the device is EOL and past fixes are not fea...
CVE-2026-10157
Open5GS up to 2.7.6 is affected by a vulnerability in the NGAP PathSwitchRequest Message Handler (src/amf/ngap-handler.c). The issue arises from a manipulation that leads to improper authentication. The attack can be initiated remotely, and a public exploit exists. A patch is available with ident...
CVE-2024-36791
Flowise servers are described as affected by CVE-2024-36791, with a critical Remote Code Execution (RCE) via malicious chatflow imports. The connected PT-2026-45175 note frames it as an RCE vulnerability in Flowise, accompanied by a detection and hardening guide. The exact affected versions, root...
CVE-2026-53596
Summary: PT-2026-52996 (PT Security) documents a vulnerability in the FreeScout helpdesk system caused by uncontrolled resource consumption, which can enable a remote attacker to induce a denial of service. The connected documents do not specify the exact vulnerable component, affected versions, ...
CVE-2026-10156
Open5GS up to 2.7.7 is affected by a vulnerability in nf-instances Endpoint, specifically the handle_amf_info function in /lib/sbi/nnrf-handler.c. A manipulation of the nf_info_pool argument can cause resource consumption, and the attack can be executed remotely. Publicly disclosed exploit and re...
CVE-2026-10155
The CVE-2026-10155 describes a SQL injection in Bdtask Multi-Store Inventory Management System 1.0, specifically in accounts_report_search (application/modules/accounts/controllers/Accounts.php of Accounts Report Handler). The vulnerability is triggered by manipulating the argument dtpToDate, ena...
CVE-2026-10154
Dolibarr ERP CRM vulnerability CVE-2026-10154 affects Dolibarr 23.0.0–23.0.2 in htdocs/user/messaging.php, where manipulation of the ID argument enables an authorization bypass via a remote attack. The issue is confirmed to impact the affected versions and is mitigated by upgrading to 23.0.3, wit...
CVE-2026-10153
CVE-2026-10153 affects westboy CicadasCMS; the issue resides in the Search function of org/springframework/cache/support/AbstractCacheManager.java, where manipulation of the argument s enables cross-site scripting. Exploitation is remote and the exploit has been published. The project uses a roll...
CVE-2026-10152
TaleLin lin-cms-spring-boot up to 0.2.1 contains an access-control issue in the BookEndpoint path BookController.java. The underlying cause is stated as improper access controls due to some unknown file processing, with a remote attack possibility and public exploit availability. No specific vuln...
CVE-2026-10127
CVE-2026-10127 affects Edimax BR-6478AC firmware version 1.23. The vulnerability resides in the POST Request Handler function formStaDrvSetup, specifically the /goform/formStaDrvSetup endpoint, where manipulating the argument rootAPmac enables command injection. Exploitation can be remote; public...
CVE-2026-10126
Edimax BR-6478AC firmware 1.23 has a vulnerability in the POST Request Handler, specifically the formQoS function (/goform/formQoS). Manipulating the selSSID argument causes a buffer overflow, enabling a remote attacker. Public exploit exists. The provided sources do not specify a patched version...
CVE-2026-10125
CVE-2026-10125 affects Edimax BR-6478AC firmware 1.23. The issue is in the POST Request Handler’s file /goform/formPPPoESetup, specifically the formPPPoESetup function. Manipulating the pppUserName argument triggers a stack-based buffer overflow, with remote initiation possible. Public exploit ma...
CVE-2026-10124
CVE-2026-10124 affects Shibby Tomato up to version 1.28. The vulnerability targets the function rip_zebra_read_ipv4 in /usr/sbin/ripd (Zserv Handler) and can cause a stack-based buffer overflow via remote impact. Public exploit has been disclosed. The project is superseded by FreshTomato and appl...
CVE-2026-8594
Summary: CVE-2026-8594 affects Text::LineFold (Perl) up to version 2019.001, which is part of the Unicode-LineBreak distribution. The issue arises because the line-breaking logic applies the break function to the entire input string, not just each segment, causing the full input to be duplicated ...
CVE-2026-10123
TRENDnet TEW-432BRP 3.10B20 is affected by CVE-2026-10123 in the formSetDomainFilter handler (/goform/formSetDomainFilter). The issue is a stack-based buffer overflow triggered by manipulating arguments such as blocked_domain, permitted_domain, blocked_domain_list, or permitted_domain_list, with ...
CVE-2026-10122
TRENDnet TEW-432BRP (v3.10B20) contains a stack-based overflow in formSetProtocolFilter (/goform/formSetProtocolFilter) triggered by manipulation of protocol_name. The vulnerability affects a device with EOL status (since 2009) and is described as remotely exploitable with public disclosure of th...
CVE-2026-10121
Technical details (affected products, vulnerable components, impact, remediation) are not publicly available in the provided documents; monitor for updates.
CVE-2018-25426
CVE-2018-25426 affects WinMTR 0.91. The vulnerability is a buffer overflow in processing a specially crafted payload file, allowing a denial of service crash. Attackers can cause the crash by providing a input file containing a large buffer of repeated characters; the description notes a crafted ...
CVE-2018-25425
Technical details about CVE-2018-25425 are not publicly available in the provided documents. Monitor for updates.
CVE-2018-25424
The provided documents confirm a SQL injection vulnerability in Gate Pass Management System 2.1 affecting the login-exec.php authentication flow. Attackers can bypass authentication by submitting crafted POST requests with SQL payloads in the login and password parameters, enabling unauthenticate...
CVE-2018-25422
CVE-2018-25422 affects the MOGG web simulator Script. The vulnerability is an SQL injection in the play.php script, exploitable via the id parameter to send crafted payloads and extract data (e.g., usernames) without authentication. The issue is classified as high severity on both CVSS v3.1 (8.2,...
CVE-2018-25423
Arm Whois 3.11 is affected by a local denial-of-service vulnerability due to a buffer overflow when processing an oversized input string (about 700 bytes) in the IP address or domain field. The flaw allows local attackers to crash the application. No remediation, patch version, or exploit details...
CVE-2018-25421
Open STA Manager 2.3 is affected by a path traversal vulnerability that lets authenticated users download arbitrary files by calling modules/backup/actions.php?op=getfile and traversing with ../ sequences to access sensitive system files. Affected component is the Open STA Manager implementation;...
CVE-2018-25420
AiOPMSD Final 1.0.0 contains an SQL injection in watch.php where the id parameter can be crafted via GET requests to execute arbitrary SQL. The vulnerability allows unauthenticated attackers to extract sensitive data, including usernames, database names, and version details. Affected component is...
CVE-2018-25418
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability in the year.php endpoint. The vulnerability allows unauthenticated attackers to send crafted GET requests with malicious payloads in the year parameter to execute arbitrary SQL queries. Impact stated includes extraction of sensitive data...
CVE-2018-25419
AiOPMSD Final 1.0.0 is affected by an SQL injection in genre.php. The vulnerability allows unauthenticated attackers to send crafted SQL payloads via the genre parameter in GET requests to extract sensitive data (usernames, databases, version details). CVSS metrics are provided (3.1: 8.2 High; 4....
CVE-2018-25417
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability via the quality parameter in quality.php. Unauthenticated attackers can send crafted SQL payloads to extract sensitive data (usernames, database names, version details). CVSS metrics indicate high severity (CVSS 3.1: 8.2; CVSS 4.0: 8.8)....
CVE-2018-25416
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability in country.php via the country parameter. An unauthenticated attacker can send crafted GET requests to extract sensitive data from the database (usernames, database names, version details). CVSS data indicates high impact with network ac...
CVE-2018-25414
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability in actor.php that can be exploited by unauthenticated attackers via the actor parameter. The vulnerability is triggered by crafted SQL payloads in GET requests to actor.php, allowing extraction of sensitive database information such as u...
CVE-2018-25415
AiOPMSD Final 1.0.0 is affected by an SQL injection via the director parameter. An unauthenticated attacker can send crafted SQL payloads to director.php (GET) to extract sensitive data such as usernames, database names, and version details. CVSS metrics: v3.1 base score 8.2 (HIGH) with Network v...
CVE-2018-25413
AiOPMSD Final 1.0.0 is affected by an SQL injection in search.php via the q parameter, allowing unauthenticated attackers to execute arbitrary SQL and enumerate usernames, database names, and version details. The CVE entry includes CVSS scores (3.1: base 8.2 HIGH network/low integrity; 4.0: base ...