Aggregator

Попытка навести порядок после дубликатов закончилась полным удалением двух связанных проектов.

Currently trending CVE - Hype Score: 1 - Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports upstream commit 8594d9b85c07 ("af_unix: Don’t call skb_get() for OOB skb"). When orphaned MSG_OOB sockets hit unix_gc(), the garbage collector still calls kfree_skb() as if OOB SKBs held two ...

A vulnerability labeled as critical has been found in 1024-lab/lab1024 SmartAdmin up to 3.29. Affected by this issue is the function freemarkerResolverContent of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/mail/MailService.java of the component FreeMarker Template Handler. Executing a manipulation of the argument template_content can lead to improper neutralization of special elements used in a template engine. This vulnerability is tracked as CVE-2026-3725. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability marked as critical has been reported in Tenda F453 1.0.0.3. This affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. This vulnerability is listed as CVE-2026-3726. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability described as critical has been identified in Tenda F453 1.0.0.3. This vulnerability affects the function sub_3C6C0 of the file /goform/QuickIndex. The manipulation of the argument mit_linktype/PPPOEPassword results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2026-3727. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Tenda F453 1.0.0.3/1.If. This issue affects the function fromSetCfm of the file /goform/setcfm. This manipulation of the argument funcname/funcpara1 causes stack-based buffer overflow. This vulnerability is registered as CVE-2026-3728. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability classified as critical was found in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/PPTPDClient. Such manipulation of the argument username/opttype leads to stack-based buffer overflow. This vulnerability is documented as CVE-2026-3729. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability, which was classified as critical, has been found in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /hotel/admin/mod_amenities/index.php?view=edit. Performing a manipulation of the argument amen_id/rmtype_id results in sql injection. This vulnerability is reported as CVE-2026-3730. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Автоматика впервые взяла на себя самое сложное в полёте вертолёта.

A vulnerability categorized as problematic has been discovered in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Management Module. Such manipulation of the argument ID leads to cross site scripting. This vulnerability is traded as CVE-2026-3819. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #769579 / VDB-332350

A vulnerability was found in Tiandy Easy7 CMS Windows 7.17.0. It has been rated as critical. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injection. This vulnerability appears as CVE-2026-3818. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #769578 / VDB-349785

Submit #769536 / VDB-349784

A vulnerability was found in SourceCodester Patients Waiting Area Queue Management System 1.0. It has been declared as critical. This issue affects some unknown processing of the file /patient-search.php. The manipulation results in improper authorization. This vulnerability is reported as CVE-2026-3817. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in OWASP DefectDojo up to 2.55.4. It has been classified as problematic. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. This vulnerability is documented as CVE-2026-3816. The attack can be initiated remotely. Additionally, an exploit exists. Upgrading the affected component is recommended.

Submit #769535 / VDB-349783

Submit #769524 / VDB-349782

A vulnerability was found in UTT HiPER 810G up to 1.7.7-1711 and classified as critical. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation can lead to buffer overflow. This vulnerability is registered as CVE-2026-3815. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability has been found in UTT HiPER 810G up to 1.7.7-1711 and classified as critical. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry. Performing a manipulation results in buffer overflow. This vulnerability is cataloged as CVE-2026-3814. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.