Aggregator

A vulnerability was found in Bl Modules xmlfeeds up to 3.9.7 on PrestaShop. It has been declared as critical. This vulnerability affects the function SearchApiXml::Xmlfeeds. Executing a manipulation can lead to sql injection. This vulnerability is registered as CVE-2023-39643. The attack requires access to the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Theme Volty CMS up to 4.0.1 on PrestaShop. Affected by this vulnerability is an unknown functionality of the component Payment Icon Module. This manipulation causes sql injection. The identification of this vulnerability is CVE-2023-39645. The attack needs to be done within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in D-Link DIR-859 A1 1.05/1.06B01 Beta01. This impacts the function lxmldbc_system of the file /htdocs/cgibin. The manipulation leads to command injection. This vulnerability is referenced as CVE-2023-39638. The attack needs to be initiated within the local network. No exploit is available.

A vulnerability, which was classified as critical, was found in LeoTheme LeoBlog up to 3.1.2 on PrestaShop. Affected is the function LeoBlogBlog::getListBlogs. The manipulation results in sql injection. This vulnerability is identified as CVE-2023-39639. The attack can only be performed from the local network. There is not any exploit available.

A vulnerability was found in Active Design psaffiliate up to 1.9.7 on PrestaShop and classified as critical. Affected by this issue is the function PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent. Such manipulation leads to sql injection. This vulnerability is listed as CVE-2023-39641. The attack must be carried out from within the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in UpLight cookiebanner up to 1.5.0 on PrestaShop. It has been classified as critical. Affected by this issue is the function Hook::getHookModuleExecList. The manipulation leads to sql injection. This vulnerability is traded as CVE-2023-39640. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in D-Link DIR-816 A2 1.10 B05. The affected element is an unknown function of the file /goform/Diagnosis. This manipulation causes command injection. The identification of this vulnerability is CVE-2023-39637. The attack needs to be done within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Such manipulation leads to out-of-bounds write. This vulnerability is documented as CVE-2026-1418. The attack needs to be performed locally. Additionally, an exploit exists. It is best practice to apply a patch to resolve this issue.

A vulnerability, which was classified as problematic, has been found in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. This vulnerability is registered as CVE-2026-1417. The attack needs to be launched locally. Furthermore, an exploit is available. Applying a patch is the recommended action to fix this issue.

A vulnerability classified as problematic was found in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2026-1416. The attack must be initiated from a local position. Furthermore, there is an exploit available. It is advisable to implement a patch to correct this issue.

A vulnerability classified as problematic has been found in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to null pointer dereference. This vulnerability is listed as CVE-2026-1415. The attack must be carried out locally. In addition, an exploit is available. To fix this issue, it is recommended to deploy a patch.

Submit #736544 / VDB-342807

Submit #736543 / VDB-342806

A vulnerability described as critical has been identified in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/get_Information of the component HTTP POST Request Handler. Executing a manipulation of the argument fortEquipmentIp can lead to command injection. This vulnerability is tracked as CVE-2026-1414. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability marked as critical has been reported in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ip_and_port/port_validate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command injection. This vulnerability is identified as CVE-2026-1413. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability labeled as critical has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/get_clip_img of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command injection. This vulnerability is referenced as CVE-2026-1412. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Submit #736542 / VDB-342805

Submit #736541 / VDB-342804

Submit #736524 / VDB-342803