CVE-2026-2906 - Tenda HG9 Samba Configuration Endpoint formSamba stack-based overflow
CVE ID : CVE-2026-2906
Published : Feb. 22, 2026, 2:16 a.m. | 2 hours, 29 minutes ago
Description : A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of the argument sambaCap results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2906
Published : Feb. 22, 2026, 2:16 a.m. | 2 hours, 29 minutes ago
Description : A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of the argument sambaCap results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2907 - Tenda HG9 GPON Configuration Endpoint formgponConf stack-based overflow
CVE ID : CVE-2026-2907
Published : Feb. 22, 2026, 2:16 a.m. | 2 hours, 29 minutes ago
Description : A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This manipulation of the argument fmgpon_loid/fmgpon_loid_password causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2907
Published : Feb. 22, 2026, 2:16 a.m. | 2 hours, 29 minutes ago
Description : A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This manipulation of the argument fmgpon_loid/fmgpon_loid_password causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2908 - Tenda HG9 Loopback Detection Configuration Endpoint formLoopBack stack-based overflow
CVE ID : CVE-2026-2908
Published : Feb. 22, 2026, 2:16 a.m. | 2 hours, 29 minutes ago
Description : A security vulnerability has been detected in Tenda HG9 300001138. Affected by this issue is some unknown functionality of the file /boaform/formLoopBack of the component Loopback Detection Configuration Endpoint. Such manipulation of the argument Ethtype leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2908
Published : Feb. 22, 2026, 2:16 a.m. | 2 hours, 29 minutes ago
Description : A security vulnerability has been detected in Tenda HG9 300001138. Affected by this issue is some unknown functionality of the file /boaform/formLoopBack of the component Loopback Detection Configuration Endpoint. Such manipulation of the argument Ethtype leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2909 - Tenda HG9 Diagnostic Ping Endpoint formPing stack-based overflow
CVE ID : CVE-2026-2909
Published : Feb. 22, 2026, 2:16 a.m. | 2 hours, 29 minutes ago
Description : A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2909
Published : Feb. 22, 2026, 2:16 a.m. | 2 hours, 29 minutes ago
Description : A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2910 - Tenda HG9 formPing6 stack-based overflow
CVE ID : CVE-2026-2910
Published : Feb. 22, 2026, 4:15 a.m. | 30 minutes ago
Description : A flaw has been found in Tenda HG9 300001138. This vulnerability affects unknown code of the file /boaform/formPing6. Executing a manipulation of the argument pingAddr can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2910
Published : Feb. 22, 2026, 4:15 a.m. | 30 minutes ago
Description : A flaw has been found in Tenda HG9 300001138. This vulnerability affects unknown code of the file /boaform/formPing6. Executing a manipulation of the argument pingAddr can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2911 - Tenda FH451 GstDhcpSetSer buffer overflow
CVE ID : CVE-2026-2911
Published : Feb. 22, 2026, 4:15 a.m. | 30 minutes ago
Description : A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2911
Published : Feb. 22, 2026, 4:15 a.m. | 30 minutes ago
Description : A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2912 - code-projects Online Reviewer System studentresult-view.php sql injection
CVE ID : CVE-2026-2912
Published : Feb. 22, 2026, 4:15 a.m. | 30 minutes ago
Description : A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/students/assessments/results/studentresult-view.php. The manipulation of the argument test_id results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2912
Published : Feb. 22, 2026, 4:15 a.m. | 30 minutes ago
Description : A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/students/assessments/results/studentresult-view.php. The manipulation of the argument test_id results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2913 - libvips source.c vips_source_read_to_memory heap-based overflow
CVE ID : CVE-2026-2913
Published : Feb. 22, 2026, 4:15 a.m. | 30 minutes ago
Description : A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vips_source_read_to_memory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. Patch name: a56feecbe9ed66521d9647ec9fbcd2546eccd7ee. Applying a patch is the recommended action to fix this issue. The confirmation of the bugfix mentions: "[T]he impact of this is negligible, since this only affects custom seekable sources larger than 4 GiB (and the crash occurs in user code rather than libvips itself)."
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2913
Published : Feb. 22, 2026, 4:15 a.m. | 30 minutes ago
Description : A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vips_source_read_to_memory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. Patch name: a56feecbe9ed66521d9647ec9fbcd2546eccd7ee. Applying a patch is the recommended action to fix this issue. The confirmation of the bugfix mentions: "[T]he impact of this is negligible, since this only affects custom seekable sources larger than 4 GiB (and the crash occurs in user code rather than libvips itself)."
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2925 - D-Link DWR-M960 Bridge VLAN Configuration Endpoint formBridgeVlan sub_42B5A0 stack-based overflow
CVE ID : CVE-2026-2925
Published : Feb. 22, 2026, 4:16 a.m. | 30 minutes ago
Description : A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_42B5A0 of the file /boafrm/formBridgeVlan of the component Bridge VLAN Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2925
Published : Feb. 22, 2026, 4:16 a.m. | 30 minutes ago
Description : A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_42B5A0 of the file /boafrm/formBridgeVlan of the component Bridge VLAN Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2926 - D-Link DWR-M960 LTE Configuration Endpoint formLteSetup sub_4237AC stack-based overflow
CVE ID : CVE-2026-2926
Published : Feb. 22, 2026, 5:16 a.m. | 3 hours, 31 minutes ago
Description : A flaw has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4237AC of the file /boafrm/formLteSetup of the component LTE Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2926
Published : Feb. 22, 2026, 5:16 a.m. | 3 hours, 31 minutes ago
Description : A flaw has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4237AC of the file /boafrm/formLteSetup of the component LTE Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
❤1
CVE-2026-2927 - D-Link DWR-M960 Operation Mode Configuration Endpoint formOpMode sub_462590 stack-based overflow
CVE ID : CVE-2026-2927
Published : Feb. 22, 2026, 5:16 a.m. | 3 hours, 31 minutes ago
Description : A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_462590 of the file /boafrm/formOpMode of the component Operation Mode Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2927
Published : Feb. 22, 2026, 5:16 a.m. | 3 hours, 31 minutes ago
Description : A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_462590 of the file /boafrm/formOpMode of the component Operation Mode Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2928 - D-Link DWR-M960 WLAN Encryption Configuration Endpoint formWlEncrypt sub_452CCC stack-based overflow
CVE ID : CVE-2026-2928
Published : Feb. 22, 2026, 5:16 a.m. | 3 hours, 31 minutes ago
Description : A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_452CCC of the file /boafrm/formWlEncrypt of the component WLAN Encryption Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2928
Published : Feb. 22, 2026, 5:16 a.m. | 3 hours, 31 minutes ago
Description : A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_452CCC of the file /boafrm/formWlEncrypt of the component WLAN Encryption Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1369 - Conditional CAPTCHA <= 4.0.0 - Open Redirect
CVE ID : CVE-2026-1369
Published : Feb. 22, 2026, 6:16 a.m. | 2 hours, 31 minutes ago
Description : The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1369
Published : Feb. 22, 2026, 6:16 a.m. | 2 hours, 31 minutes ago
Description : The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2929 - D-Link DWR-M960 Wireless Access Control Endpoint formWlAc sub_453140 stack-based overflow
CVE ID : CVE-2026-2929
Published : Feb. 22, 2026, 6:16 a.m. | 2 hours, 31 minutes ago
Description : A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_453140 of the file /boafrm/formWlAc of the component Wireless Access Control Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2929
Published : Feb. 22, 2026, 6:16 a.m. | 2 hours, 31 minutes ago
Description : A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_453140 of the file /boafrm/formWlAc of the component Wireless Access Control Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2930 - Tenda A18 Httpd Service UploadCfg webCgiGetUploadFile stack-based overflow
CVE ID : CVE-2026-2930
Published : Feb. 22, 2026, 7:16 a.m. | 1 hour, 31 minutes ago
Description : A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of the argument boundary leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2930
Published : Feb. 22, 2026, 7:16 a.m. | 1 hour, 31 minutes ago
Description : A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of the argument boundary leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2934 - YiFang CMS Extended Management D_friendLinkGroup.php update cross site scripting
CVE ID : CVE-2026-2934
Published : Feb. 22, 2026, 8:02 a.m. | 45 minutes ago
Description : A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/D_friendLinkGroup.php of the component Extended Management Module. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2934
Published : Feb. 22, 2026, 8:02 a.m. | 45 minutes ago
Description : A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/D_friendLinkGroup.php of the component Extended Management Module. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2935 - UTT HiPER 810G ConfigExceptMSN strcpy buffer overflow
CVE ID : CVE-2026-2935
Published : Feb. 22, 2026, 8:02 a.m. | 45 minutes ago
Description : A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/ConfigExceptMSN. Executing a manipulation of the argument remark can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2935
Published : Feb. 22, 2026, 8:02 a.m. | 45 minutes ago
Description : A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/ConfigExceptMSN. Executing a manipulation of the argument remark can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2932 - YiFang CMS Extended Management D_adPosition.php update cross site scripting
CVE ID : CVE-2026-2932
Published : Feb. 22, 2026, 8:15 a.m. | 31 minutes ago
Description : A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/D_adPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2932
Published : Feb. 22, 2026, 8:15 a.m. | 31 minutes ago
Description : A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/D_adPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2933 - YiFang CMS Extended Management D_adManage.php update cross site scripting
CVE ID : CVE-2026-2933
Published : Feb. 22, 2026, 8:15 a.m. | 31 minutes ago
Description : A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/D_adManage.php of the component Extended Management Module. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2933
Published : Feb. 22, 2026, 8:15 a.m. | 31 minutes ago
Description : A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/D_adManage.php of the component Extended Management Module. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2385 - The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Unauthenticated Email Relay
CVE ID : CVE-2026-2385
Published : Feb. 22, 2026, 8:24 a.m. | 23 minutes ago
Description : The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.4.7. This is due to the plugin decrypting and trusting attacker-controlled email_data in an unauthenticated AJAX handler without cryptographic authenticity guarantees. This makes it possible for unauthenticated attackers to tamper with form email routing and redirection values to trigger unauthorized email relay and attacker-controlled redirection via the 'email_data' parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2385
Published : Feb. 22, 2026, 8:24 a.m. | 23 minutes ago
Description : The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.4.7. This is due to the plugin decrypting and trusting attacker-controlled email_data in an unauthenticated AJAX handler without cryptographic authenticity guarantees. This makes it possible for unauthenticated attackers to tamper with form email routing and redirection values to trigger unauthorized email relay and attacker-controlled redirection via the 'email_data' parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2938 - SourceCodester Student Result Management System update_smtp.php access control
CVE ID : CVE-2026-2938
Published : Feb. 22, 2026, 9:16 a.m. | 3 hours, 31 minutes ago
Description : A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/update_smtp.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2938
Published : Feb. 22, 2026, 9:16 a.m. | 3 hours, 31 minutes ago
Description : A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/update_smtp.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...