Aggregator

A vulnerability was found in Tenda F456 1.0.0.5. It has been classified as critical. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the argument cmdinput results in stack-based buffer overflow. This vulnerability is reported as CVE-2026-6196. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Submit #797629 / VDB-357124

Submit #797515 / VDB-357123

A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024 and classified as critical. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. This vulnerability is documented as CVE-2026-6195. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability has been found in Totolink A3002MU B20211125.1046 and classified as critical. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. This manipulation of the argument wan-url causes stack-based buffer overflow. This vulnerability is registered as CVE-2026-6194. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Submit #797472 / VDB-357122

Submit #797471 / VDB-357121

Submit #797470 / VDB-357120

Submit #797468 / VDB-357119

Submit #797467 / VDB-357118

A vulnerability, which was classified as critical, was found in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. This vulnerability is cataloged as CVE-2026-6193. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. This vulnerability is listed as CVE-2026-6192. The attack must be carried out locally. In addition, an exploit is available. It is suggested to install a patch to address this issue.

Submit #797460 / VDB-357117

Submit #797452 / VDB-357116

A vulnerability classified as critical was found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /equipments.php. Executing a manipulation of the argument Name can lead to sql injection. This vulnerability is tracked as CVE-2026-6191. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability classified as critical has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /employees.php. Performing a manipulation of the argument Name results in sql injection. This vulnerability is identified as CVE-2026-6190. The attack can be initiated remotely. Additionally, an exploit exists.

Submit #797433 / VDB-357115

Rockstar Games has formally acknowledged that a portion of its internal data was compromised following a breach of

The post The Master Key: How Hackers Used a Third-Party Exploit to Infiltrate Rockstar Games appeared first on Penetration Testing Tools.

A vulnerability described as critical has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such manipulation of the argument Username leads to sql injection. This vulnerability is referenced as CVE-2026-6189. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability marked as critical has been reported in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. This manipulation of the argument ID causes sql injection. The identification of this vulnerability is CVE-2026-6188. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.