🚨 CVE-2026-7066
A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function exec_openstack of the file server.py. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
🎖@cveNotify
A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function exec_openstack of the file server.py. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
🎖@cveNotify
GitHub
GitHub - choieastsea/simple-openstack-mcp: simple openstack mcp server with openstack command line interface
simple openstack mcp server with openstack command line interface - choieastsea/simple-openstack-mcp
🚨 CVE-2026-7067
A vulnerability was determined in D-Link DIR-822 A_101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
🎖@cveNotify
A vulnerability was determined in D-Link DIR-822 A_101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
🎖@cveNotify
tzh00203 on Notion
D-Link DIR-822 A1 Command Injection in `udhcpd` via DHCP Hostname | Notion
*Vulnerability Title*\*: Command Injection Vulnerability in the DHCP Service of D-Link DIR-822 A1
🚨 CVE-2025-54236
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
🎖@cveNotify
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
🎖@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Commerce | APSB25-88
🚨 CVE-2026-7070
A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
🎖@cveNotify
A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
🎖@cveNotify
🚨 CVE-2026-7071
A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file and directory information exposure. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
🎖@cveNotify
A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file and directory information exposure. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
🎖@cveNotify
🚨 CVE-2026-7072
A vulnerability was detected in CodePanda Source canteen_management_system 1.0. Affected by this issue is some unknown functionality of the file /api/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
🎖@cveNotify
A vulnerability was detected in CodePanda Source canteen_management_system 1.0. Affected by this issue is some unknown functionality of the file /api/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
🎖@cveNotify
GitHub
codepanda-source canteen_management_system V1.0 login.php SQL injection · Issue #2 · redshadowword-cell/CVE
codepanda-source canteen_management_system Project V1.0 /api/login.php SQL injection NAME OF AFFECTED PRODUCT(S) canteen_management_system Vendor Homepage https://www.codepanda-source.online/ AFFEC...
🚨 CVE-2026-7073
A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /execute.php. This manipulation of the argument code causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
🎖@cveNotify
A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /execute.php. This manipulation of the argument code causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
🎖@cveNotify
GitHub
itsourcecode Construction Management System V1.0 SQL Injection Vulnerability · Issue #2 · Beatriz-ai-boop/cve
itsourcecode Construction Management System V1.0 SQL Injection Vulnerability NAME OF AFFECTED PRODUCT(S) Construction Management System Vendor Homepage https://itsourcecode.com/free-projects/php-pr...
🚨 CVE-2026-7074
A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of the argument code leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of the argument code leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
GitHub
itsourcecode Construction Management System V1.0 SQL Injection Vulnerability · Issue #3 · Beatriz-ai-boop/cve
itsourcecode Construction Management System V1.0 SQL Injection Vulnerability NAME OF AFFECTED PRODUCT(S) Construction Management System Vendor Homepage https://itsourcecode.com/free-projects/php-pr...
🚨 CVE-2026-7075
A vulnerability was found in itsourcecode Construction Management System 1.0. This issue affects some unknown processing of the file /locations.php. Performing a manipulation of the argument address results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
🎖@cveNotify
A vulnerability was found in itsourcecode Construction Management System 1.0. This issue affects some unknown processing of the file /locations.php. Performing a manipulation of the argument address results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
🎖@cveNotify
GitHub
itsourcecode Construction Management System V1.0 SQL Injection Vulnerability · Issue #4 · Beatriz-ai-boop/cve
itsourcecode Construction Management System V1.0 SQL Injection Vulnerability NAME OF AFFECTED PRODUCT(S) Construction Management System Vendor Homepage https://itsourcecode.com/free-projects/php-pr...
🚨 CVE-2026-7076
A vulnerability was determined in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /edit_branch.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
🎖@cveNotify
A vulnerability was determined in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /edit_branch.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
🎖@cveNotify
GitHub
itsourcecode Courier Management System V1.0 SQL Injection Vulnerability · Issue #5 · Beatriz-ai-boop/cve
itsourcecode Courier Management System V1.0 SQL Injection Vulnerability NAME OF AFFECTED PRODUCT(S) Courier Management System Vendor Homepage https://itsourcecode.com/free-projects/php-project/cour...
🚨 CVE-2026-5201
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
🎖@cveNotify
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
🎖@cveNotify
🚨 CVE-2026-3006
Successful exploitation of the race condition vulnerability could allow
an attacker to trigger a kernel heap overflow, potentially leading to local privilege
escalation and granting system-level access to the affected software.
🎖@cveNotify
Successful exploitation of the race condition vulnerability could allow
an attacker to trigger a kernel heap overflow, potentially leading to local privilege
escalation and granting system-level access to the affected software.
🎖@cveNotify
GitHub
Release WinFsp 2026 Beta1 · winfsp/winfsp
CHANGES SINCE WINFSP 2025
[FIX] Fixes vulnerability CVE-2026-3006 discovered by Tay Kiat Loong. PLEASE UPGRADE!
[FIX] The WinFsp Network Provider provides improved shell support for network fil...
[FIX] Fixes vulnerability CVE-2026-3006 discovered by Tay Kiat Loong. PLEASE UPGRADE!
[FIX] The WinFsp Network Provider provides improved shell support for network fil...
🚨 CVE-2026-7077
A vulnerability was identified in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /edit_parcel.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
🎖@cveNotify
A vulnerability was identified in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /edit_parcel.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
🎖@cveNotify
GitHub
itsourcecode Courier Management System V1.0 SQL Injection Vulnerability · Issue #6 · Beatriz-ai-boop/cve
itsourcecode Courier Management System V1.0 SQL Injection Vulnerability NAME OF AFFECTED PRODUCT(S) Courier Management System Vendor Homepage https://itsourcecode.com/free-projects/php-project/cour...
🚨 CVE-2026-7078
A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the file /goform/SetIpBind of the component httpd. The manipulation of the argument page results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
🎖@cveNotify
A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the file /goform/SetIpBind of the component httpd. The manipulation of the argument page results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
🎖@cveNotify
GitHub
vuldb_new/F456/vul_129/README.md at main · Litengzheng/vuldb_new
CVE. Contribute to Litengzheng/vuldb_new development by creating an account on GitHub.
🚨 CVE-2026-7079
A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. This manipulation of the argument wanmode causes buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
🎖@cveNotify
A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. This manipulation of the argument wanmode causes buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
🎖@cveNotify
GitHub
vuldb_new/F456/vul_130/README.md at main · Litengzheng/vuldb_new
CVE. Contribute to Litengzheng/vuldb_new development by creating an account on GitHub.
🚨 CVE-2026-7080
A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the argument delno leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
🎖@cveNotify
A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the argument delno leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
🎖@cveNotify
GitHub
vuldb_new/F456/vul_132/README.md at main · Litengzheng/vuldb_new
CVE. Contribute to Litengzheng/vuldb_new development by creating an account on GitHub.
🚨 CVE-2026-3867
An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information. Exploitation is only possible under a specific condition — when the configuration file has been exported. This vulnerability does not impact the integrity or availability of the affected product, and no confidentiality, integrity, or availability impact to the subsequent system has been identified.
🎖@cveNotify
An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information. Exploitation is only possible under a specific condition — when the configuration file has been exported. This vulnerability does not impact the integrity or availability of the affected product, and no confidentiality, integrity, or availability impact to the subsequent system has been identified.
🎖@cveNotify
Moxa
CVE-2026-3867, CVE-2026-3868: Improper Ownership Management and Improper Handling of Length Parameter Inconsistency Vulnerabilities…
🚨 CVE-2026-3868
An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buffer overflow condition, causing the web service to become unresponsive. Successful exploitation may result in a denial-of-service condition requiring a device reboot to restore normal operation. While successful exploitation can severely impact the availability of the affected device, no impact to the confidentiality or integrity of the affected product has been identified. Additionally, no confidentiality, integrity, or availability impact to the subsequent system has been identified.
🎖@cveNotify
An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buffer overflow condition, causing the web service to become unresponsive. Successful exploitation may result in a denial-of-service condition requiring a device reboot to restore normal operation. While successful exploitation can severely impact the availability of the affected device, no impact to the confidentiality or integrity of the affected product has been identified. Additionally, no confidentiality, integrity, or availability impact to the subsequent system has been identified.
🎖@cveNotify
Moxa
CVE-2026-3867, CVE-2026-3868: Improper Ownership Management and Improper Handling of Length Parameter Inconsistency Vulnerabilities…
🚨 CVE-2026-7081
A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.
🎖@cveNotify
A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.
🎖@cveNotify
GitHub
vuldb_new/F456/vul_133/README.md at main · Litengzheng/vuldb_new
CVE. Contribute to Litengzheng/vuldb_new development by creating an account on GitHub.
🚨 CVE-2026-7082
A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the argument Go can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.
🎖@cveNotify
A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the argument Go can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.
🎖@cveNotify
GitHub
vuldb_new/F456/vul_134/README.md at main · Litengzheng/vuldb_new
CVE. Contribute to Litengzheng/vuldb_new development by creating an account on GitHub.
🚨 CVE-2026-7083
A vulnerability has been found in likeadmin-likeshop likeadmin_php up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of the component dataTable Admin API. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
🎖@cveNotify
A vulnerability has been found in likeadmin-likeshop likeadmin_php up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of the component dataTable Admin API. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
🎖@cveNotify
GitHub
GitHub - likeadmin-likeshop/likeadmin_php: 🌟🌟🌟likeadmin通用管理后台是快速开发前后端的解决方案,使用目前最流行的技术PHP8、TypeScript、ThinkPHP6、Vue3、vite2、Element…
🌟🌟🌟likeadmin通用管理后台是快速开发前后端的解决方案,使用目前最流行的技术PHP8、TypeScript、ThinkPHP6、Vue3、vite2、Element Plus1.2(ElementUI)。 PHP管理后台、ThtinkPHP管理后台、前后端分离管理后台、Vue3管理后台、Vue.js管理后台、Element Plus管理后台、Element UI管理后台、简单管理后台...