Aggregator

A vulnerability, which was classified as critical, was found in LeoTheme LeoBlog up to 3.1.2 on PrestaShop. Affected is the function LeoBlogBlog::getListBlogs. The manipulation results in sql injection. This vulnerability is identified as CVE-2023-39639. The attack can only be performed from the local network. There is not any exploit available.

A vulnerability was found in Active Design psaffiliate up to 1.9.7 on PrestaShop and classified as critical. Affected by this issue is the function PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent. Such manipulation leads to sql injection. This vulnerability is listed as CVE-2023-39641. The attack must be carried out from within the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in UpLight cookiebanner up to 1.5.0 on PrestaShop. It has been classified as critical. Affected by this issue is the function Hook::getHookModuleExecList. The manipulation leads to sql injection. This vulnerability is traded as CVE-2023-39640. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in D-Link DIR-816 A2 1.10 B05. The affected element is an unknown function of the file /goform/Diagnosis. This manipulation causes command injection. The identification of this vulnerability is CVE-2023-39637. The attack needs to be done within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Such manipulation leads to out-of-bounds write. This vulnerability is documented as CVE-2026-1418. The attack needs to be performed locally. Additionally, an exploit exists. It is best practice to apply a patch to resolve this issue.

A vulnerability, which was classified as problematic, has been found in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. This vulnerability is registered as CVE-2026-1417. The attack needs to be launched locally. Furthermore, an exploit is available. Applying a patch is the recommended action to fix this issue.

A vulnerability classified as problematic was found in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2026-1416. The attack must be initiated from a local position. Furthermore, there is an exploit available. It is advisable to implement a patch to correct this issue.

A vulnerability classified as problematic has been found in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to null pointer dereference. This vulnerability is listed as CVE-2026-1415. The attack must be carried out locally. In addition, an exploit is available. To fix this issue, it is recommended to deploy a patch.

Submit #736544 / VDB-342807

Submit #736543 / VDB-342806

A vulnerability described as critical has been identified in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/get_Information of the component HTTP POST Request Handler. Executing a manipulation of the argument fortEquipmentIp can lead to command injection. This vulnerability is tracked as CVE-2026-1414. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability marked as critical has been reported in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ip_and_port/port_validate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command injection. This vulnerability is identified as CVE-2026-1413. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability labeled as critical has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/get_clip_img of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command injection. This vulnerability is referenced as CVE-2026-1412. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Submit #736542 / VDB-342805

Submit #736541 / VDB-342804

Submit #736524 / VDB-342803

Submit #736522 / VDB-342802

Submit #736513 / VDB-342801

A vulnerability identified as critical has been detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. The affected element is an unknown function of the component UART Interface. This manipulation causes improper access controls. The identification of this vulnerability is CVE-2026-1411. It is feasible to perform the attack on the physical device. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.