π¨ CVE-2026-3978
A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.
π@cveNotify
A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.
π@cveNotify
GitHub
vul_db/Dir513/vul_21/README.md at main Β· Litengzheng/vul_db
command injection. Contribute to Litengzheng/vul_db development by creating an account on GitHub.
π¨ CVE-2026-3979
A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation causes use after free. The attack requires local access. The exploit has been published and may be used. Patch name: daab4ad4bae4ef071ed0294618d6244e92def4cd. Applying a patch is the recommended action to fix this issue.
π@cveNotify
A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation causes use after free. The attack requires local access. The exploit has been published and may be used. Patch name: daab4ad4bae4ef071ed0294618d6244e92def4cd. Applying a patch is the recommended action to fix this issue.
π@cveNotify
GitHub
GitHub - quickjs-ng/quickjs: QuickJS, the Next Generation: a mighty JavaScript engine
QuickJS, the Next Generation: a mighty JavaScript engine - quickjs-ng/quickjs
π¨ CVE-2026-3980
A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patient_action.php. Such manipulation of the argument patient_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patient_action.php. Such manipulation of the argument patient_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
itsourcecode Online Doctor Appointment System Project V1.0 /admin/patient_action.php SQL injection Β· Issue #2 Β· vasable/automaticβ¦
itsourcecode Online Doctor Appointment System Project V1.0 /admin/patient_action.php SQL injection NAME OF AFFECTED PRODUCT(S) Online Doctor Appointment System Vendor Homepage https://itsourcecode....
π¨ CVE-2026-3981
A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor_action.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
π@cveNotify
A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor_action.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
π@cveNotify
GitHub
itsourcecode Online Doctor Appointment System Project V1.0 /admin/doctor_action.php SQL injection Β· Issue #1 Β· vasable/automaticβ¦
itsourcecode Online Doctor Appointment System Project V1.0 /admin/doctor_action.php SQL injection NAME OF AFFECTED PRODUCT(S) Online Doctor Appointment System Vendor Homepage https://itsourcecode.c...
π¨ CVE-2026-3982
A vulnerability was determined in itsourcecode University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_result.php. Executing a manipulation of the argument vr can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
A vulnerability was determined in itsourcecode University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_result.php. Executing a manipulation of the argument vr can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
GitHub
itsourcecode University Management System Project V1.0 /view_result.php cross site scripting Β· Issue #1 Β· PIPIzzz1/aaa
itsourcecode University Management System Project V1.0 /view_result.php cross site scripting Email OF AFFECTED PRODUCT(S) University Management System Vendor Homepage itsourcecode submitter Vulnera...
π¨ CVE-2025-15473
The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type.
π@cveNotify
The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type.
π@cveNotify
WPScan
Timetics < 1.0.52 - Unauthenticated Payment/Booking Status Update
See details on Timetics < 1.0.52 - Unauthenticated Payment/Booking Status Update CVE 2025-15473. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2026-2687
The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
π@cveNotify
The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
π@cveNotify
WPScan
Reading progressbar < 1.3.1 - Admin+ Stored XSS
See details on Reading progressbar < 1.3.1 - Admin+ Stored XSS CVE 2026-2687. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2026-3983
A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. The manipulation of the argument game_name results in cross site scripting. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
π@cveNotify
A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. The manipulation of the argument game_name results in cross site scripting. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
π@cveNotify
GitHub
Campcodes Division/Regional Athletic Meet Game Result Matrix System v2.1 Stored XSS Vulnerability Β· Issue #10 Β· LaneyYu/cve
Campcodes Division/Regional Athletic Meet Game Result Matrix System v2.1 Stored XSS Vulnerability Author: Laney Vendor and Software Links https://www.campcodes.com/projects/php/division-regional-at...
π¨ CVE-2026-3984
A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file save_up_athlete.php. This manipulation of the argument a_name causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
π@cveNotify
A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file save_up_athlete.php. This manipulation of the argument a_name causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
π@cveNotify
GitHub
Campcodes Division/Regional Athletic Meet Game Result Matrix System v2.1 stored XSS Vulnerability Β· Issue #11 Β· LaneyYu/cve
Campcodes Division/Regional Athletic Meet Game Result Matrix System v2.1 stored XSS Vulnerability Author: Laney Vendor and Software Links https://www.campcodes.com/projects/php/division-regional-at...
π¨ CVE-2026-3990
A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. Affected by this issue is some unknown functionality of the file Apps/Sandcastle/standalone.html. The manipulation of the argument c results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The presence of this vulnerability remains uncertain at this time. The vendor was contacted early about this disclosure but did not respond in any way. According to CVE-2023-48094, "the vendor's position is that Apps/Sandcastle/standalone.html is part of the CesiumGS/cesium GitHub repository, but is demo code that is not part of the CesiumJS JavaScript library product."
π@cveNotify
A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. Affected by this issue is some unknown functionality of the file Apps/Sandcastle/standalone.html. The manipulation of the argument c results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The presence of this vulnerability remains uncertain at this time. The vendor was contacted early about this disclosure but did not respond in any way. According to CVE-2023-48094, "the vendor's position is that Apps/Sandcastle/standalone.html is part of the CesiumGS/cesium GitHub repository, but is demo code that is not part of the CesiumJS JavaScript library product."
π@cveNotify
GitHub
AnalogyC0de/public_exp
some exps of cve. Contribute to AnalogyC0de/public_exp development by creating an account on GitHub.
π¨ CVE-2026-3992
A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
Property Injection via filter Parameter in @codegenie/serverless-express Β· Issue #19 Β· AnalogyC0de/public_exp
Property Injection via filter Parameter in @codegenie/serverless-express Affected Environment Project: codegenie-serverless-express Repository: https://github.com/CodeGenieApp/serverless-express Af...
π¨ CVE-2026-3993
A security vulnerability has been detected in itsourcecode Payroll Management System 1.0. This vulnerability affects unknown code of the file /manage_employee_deductions.php. Such manipulation of the argument ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
π@cveNotify
A security vulnerability has been detected in itsourcecode Payroll Management System 1.0. This vulnerability affects unknown code of the file /manage_employee_deductions.php. Such manipulation of the argument ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
π@cveNotify
GitHub
itsourcecode Payroll Management System XSS Vulnerability Report Β· Issue #11 Β· ltranquility/cve_submit
#itsourcecode Payroll Management System XSS Vulnerability Report PRODUCT Payroll Management System VERSION V1.0 VULNERABILITY TYPE Cross-Site Scripting (XSS) Submitter Jiaxin Lin Submitter Jiaxin L...
π¨ CVE-2026-3994
A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::initialize_sections of the file src/input-files.cc of the component Object File Handler. Performing a manipulation results in heap-based buffer overflow. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
π@cveNotify
A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::initialize_sections of the file src/input-files.cc of the component Object File Handler. Performing a manipulation results in heap-based buffer overflow. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
π@cveNotify
GitHub
0209/mo2/repro at main Β· oneafter/0209
Contribute to oneafter/0209 development by creating an account on GitHub.
π¨ CVE-2026-4007
A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used.
π@cveNotify
A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used.
π@cveNotify
GitHub
Tenda_vul/tenda-w3-formwrlSSIDget-index-buffer-overflow at main Β· Svigo-o/Tenda_vul
Contribute to Svigo-o/Tenda_vul development by creating an account on GitHub.
π¨ CVE-2026-4008
A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
π@cveNotify
A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
π@cveNotify
GitHub
Tenda_vul/tenda-w3-formwrlSSIDset-go-buffer-overflow at main Β· Svigo-o/Tenda_vul
Contribute to Svigo-o/Tenda_vul development by creating an account on GitHub.
π¨ CVE-2026-3943
A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaa_portal_auth_local_submit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor is investigating and remediating this issue.
π@cveNotify
A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaa_portal_auth_local_submit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor is investigating and remediating this issue.
π@cveNotify
GitHub
H3C ACG1000-AK230 Gateway has a pre-authentication Command Execution Vulnerability Β· Issue #1 Β· leeyper/CVE
NAME OF AFFECTED PRODUCT(S) H3C ACG1000-AK230 Gateway has a pre-authentication command execution vulnerability Vendor Homepage This vulnerability was identified solely through code auditing. Theref...
π¨ CVE-2026-4009
A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/audiosource/wav/dr_wav.h of the component WAV File Parser. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. Upgrading to version 20200207 is recommended to address this issue. It is recommended to upgrade the affected component. The project was informed of the problem early through an issue report but has not responded yet.
π@cveNotify
A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/audiosource/wav/dr_wav.h of the component WAV File Parser. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. Upgrading to version 20200207 is recommended to address this issue. It is recommended to upgrade the affected component. The project was informed of the problem early through an issue report but has not responded yet.
π@cveNotify
GitHub
GitHub - jarikomppa/soloud: Free, easy, portable audio engine for games
Free, easy, portable audio engine for games. Contribute to jarikomppa/soloud development by creating an account on GitHub.
π¨ CVE-2026-4010
A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b113d48ee130d837a7a8b145e41de5ce. The affected element is the function pkByteBufferAddString. The manipulation of the argument length with the input 4294967290 results in memory corruption. The attack requires a local approach. The exploit has been made public and could be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.
π@cveNotify
A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b113d48ee130d837a7a8b145e41de5ce. The affected element is the function pkByteBufferAddString. The manipulation of the argument length with the input 4294967290 results in memory corruption. The attack requires a local approach. The exploit has been made public and could be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.
π@cveNotify
GitHub
GitHub - ThakeeNathees/pocketlang: A lightweight, fast embeddable scripting language.
A lightweight, fast embeddable scripting language. - ThakeeNathees/pocketlang
π¨ CVE-2026-4012
A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The impacted element is the function read_ of the file src/fe.c. This manipulation with the input 1 causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.
π@cveNotify
A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The impacted element is the function read_ of the file src/fe.c. This manipulation with the input 1 causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.
π@cveNotify
GitHub
0211/fe/repro at main Β· oneafter/0211
Contribute to oneafter/0211 development by creating an account on GitHub.
π¨ CVE-2026-4013
A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file add_admin.php. Such manipulation leads to improper authorization. The attack may be launched remotely.
π@cveNotify
A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file add_admin.php. Such manipulation leads to improper authorization. The attack may be launched remotely.
π@cveNotify
π¨ CVE-2026-4014
A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. This impacts an unknown function of the file /curvus2/signup.php of the component Registration. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
π@cveNotify
A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. This impacts an unknown function of the file /curvus2/signup.php of the component Registration. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
π@cveNotify
GitHub
itsourcecode Cafe Reservation System V1.0 "/curvus2/signup.php" SQL injection Β· Issue #5 Β· wangchaoxing/CVE
itsourcecode Cafe Reservation System V1.0 "/curvus2/signup.php" SQL injection NAME OF AFFECTED PRODUCT(S) Cafe Reservation System Vendor Homepage https://itsourcecode.com/free-projects/ph...