Posts of last 24 hours
Name: Grey Cat The Flag 2026 Finals (an Grey Cat The Flag event.)
Date: June 27, 2026, 2 a.m. — 28 June 2026, 02:00 UTC [add to calendar]
Format: Jeopardy
On-site
Location: Singapore
Offical URL: https://ctf.nusgreyhats.org/
Rating weight: 0.00
Event organizers: NUSGreyhats
Date: June 27, 2026, 2 a.m. — 28 June 2026, 02:00 UTC [add to calendar]
Format: Jeopardy
On-site
Location: Singapore
Offical URL: https://ctf.nusgreyhats.org/
Rating weight: 0.00
Event organizers: NUSGreyhats
https://ctftime.org/event/3173
A vulnerability, which was classified as problematic, has been found in Investintech SlimPDFReader up to 2.0.14. Affected by this issue is the function SlimPDFReader!Investintech::PCV::TeighaDo+0x25cde0 of the file SlimPDFReader.exe of the component PDF File Handler. Performing a manipulation results in out-of-bounds read. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is cataloged as CVE-2026-13522. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
https://vuldb.com/vuln/374530
A vulnerability classified as critical was found in SourceCodester Class and Exam Timetabling System 1.0/5.php. Affected by this vulnerability is an unknown functionality of the file /preview5.php. Such manipulation of the argument course_year_section leads to sql injection.
This vulnerability is listed as CVE-2026-13521. The attack may be performed from remote. In addition, an exploit is available.
https://vuldb.com/vuln/374529
A vulnerability classified as critical has been found in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /appointmentapproval.php of the component Appointment Handler. This manipulation of the argument editid causes sql injection.
This vulnerability is tracked as CVE-2026-13520. The attack is possible to be carried out remotely. Moreover, an exploit is present.
https://vuldb.com/vuln/374528
A vulnerability described as critical has been identified in Tenda JD12L 16.03.53.23. This impacts the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based buffer overflow.
This vulnerability is identified as CVE-2026-13519. The attack can be executed remotely. Additionally, an exploit exists.
https://vuldb.com/vuln/374527
CVE-2026-13518 | Tenda JD12L 16.03.53.23 /goform/addressNat fromAddressNat page stack-based overflow
A vulnerability marked as critical has been reported in Tenda JD12L 16.03.53.23. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to stack-based buffer overflow.
This vulnerability is referenced as CVE-2026-13518. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
https://vuldb.com/vuln/374526
A vulnerability labeled as critical has been found in Tenda JD12L 16.03.53.23. The impacted element is the function formWifiBasicSet of the file /goform/WifiBasicSet. Executing a manipulation of the argument security_5g can lead to stack-based buffer overflow.
The identification of this vulnerability is CVE-2026-13517. The attack may be launched remotely. Furthermore, there is an exploit available.
https://vuldb.com/vuln/374525
A vulnerability identified as critical has been detected in Tenda JD12L 16.03.53.23. The affected element is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. Performing a manipulation of the argument shareSpeed results in stack-based buffer overflow.
This vulnerability was named CVE-2026-13516. The attack may be initiated remotely. In addition, an exploit is available.
https://vuldb.com/vuln/374524
A vulnerability categorized as critical has been discovered in Tenda JD12L 16.03.53.23. Impacted is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. Such manipulation of the argument startIp leads to stack-based buffer overflow.
This vulnerability is uniquely identified as CVE-2026-13515. The attack can be launched remotely. Moreover, an exploit is present.
https://vuldb.com/vuln/374523
A vulnerability was found in Chess Play and Learn App up to 4.9.42 on Android. It has been rated as problematic. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere.
This vulnerability is handled as CVE-2026-13514. It is feasible to perform the attack on the physical device. Additionally, an exploit exists.
Upgrading the affected component is advised.
The vendor was informed early about this issue. They confirmed the existence and that they will address it. Furthermore, they explain that their bug bounty "explicitly excludes physical-access attacks". However, they appreciate the quality of the report and aim at making a goodwill payment to the researcher.
https://vuldb.com/vuln/374522