Aggregator

CVE-2026-5156 | Tenda CH22 1.0.0.1 Parameter /goform/QuickIndex formQuickIndex mit_linktype stack-based overflow

VulDB Recent Entries
3 days 14 hours ago
A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of the argument mit_linktype causes stack-based buffer overflow. This vulnerability is tracked as CVE-2026-5156. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com

CVE-2026-5155 | Tenda CH22 1.0.0.1 Parameter /goform/AdvSetWan fromAdvSetWan wanmode stack-based overflow

VulDB Recent Entries
3 days 14 hours ago
A vulnerability classified as critical was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component Parameter Handler. The manipulation of the argument wanmode results in stack-based buffer overflow. This vulnerability is identified as CVE-2026-5155. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com

CVE-2026-5154 | Tenda CH22 1.0.0.1/1.If Parameter /goform/setcfm fromSetCfm funcname stack-based overflow

VulDB Recent Entries
3 days 14 hours ago
A vulnerability classified as critical has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. The manipulation of the argument funcname leads to stack-based buffer overflow. This vulnerability is referenced as CVE-2026-5154. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com

CVE-2026-5153 | Tenda CH22 1.0.0.1 /goform/WriteFacMac FormWriteFacMac mac command injection

VulDB Recent Entries
3 days 14 hours ago
A vulnerability described as critical has been identified in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The identification of this vulnerability is CVE-2026-5153. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2026-5152 | Tenda CH22 1.0.0.1 /goform/createFileName formCreateFileName fileNameMit stack-based overflow

VulDB Recent Entries
3 days 14 hours ago
A vulnerability marked as critical has been reported in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. This vulnerability was named CVE-2026-5152. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com

CVE-2026-5150 | code-projects Accounting System 1.0 Parameter /viewin_costumer.php cos_id sql injection

VulDB Recent Entries
3 days 14 hours ago
A vulnerability labeled as critical has been found in code-projects Accounting System 1.0. This issue affects some unknown processing of the file /viewin_costumer.php of the component Parameter Handler. Such manipulation of the argument cos_id leads to sql injection. This vulnerability is uniquely identified as CVE-2026-5150. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com

Diligent automates time-consuming steps in third-party reviews

Help Net Security
3 days 14 hours ago

Diligent launched of Third-Party Risk Intel, an agentic due diligence and intelligence solution that automates the most time-consuming steps of third-party reviews, delivering up to 80% time savings for compliance, legal, and procurement teams. The launch builds on the company’s recent acquisition of 3rdRisk, an AI-native third-party risk management solution that gives organizations a near real-time view of their external ecosystem, how critical vendors are performing, and what that means for their overall risk posture. … More →

The post Diligent automates time-consuming steps in third-party reviews appeared first on Help Net Security.

Sinisa Markovic

CVE-2026-5148 | YunaiV yudao-cloud up to 2026.01 page toMail sql injection

VulDB Recent Entries
3 days 14 hours ago
A vulnerability identified as critical has been detected in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. This vulnerability is handled as CVE-2026-5148. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-5147 | YunaiV yudao-cloud up to 2026.01 get-by-website Website sql injection

VulDB Recent Entries
3 days 14 hours ago
A vulnerability categorized as critical has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. This vulnerability is known as CVE-2026-5147. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

vDefend’s Built-in Advantage: Enable Closed-Loop Lateral Security for Zero-Trust Private Cloud

Security Boulevard
3 days 14 hours ago

Cybersecurity strategy now shapes how enterprises design cloud platforms, application environments, and core infrastructure. The financial stakes are significant. The next step is architectural: turning zero-trust strategy into foundational systems that enforce it by design rather than as an afterthought. In private cloud environments, that shift matters. Segmentation – macro as well as micro –..

The post vDefend’s Built-in Advantage: Enable Closed-Loop Lateral Security for Zero-Trust Private Cloud appeared first on Security Boulevard.

Umesh Mahajan

Managed ad