Aggregator

CVE-2026-8265 | Tenda AC6 15.03.06.23 httpd /goform/getLogFile get_log_file wans.flag os command injection

VulDB Recent Entries
1 month 1 week ago
A vulnerability has been found in Tenda AC6 15.03.06.23 and classified as critical. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. This vulnerability is documented as CVE-2026-8265. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com

CVE-2026-8264 | Tenda AC6 15.03.06.23 httpd /goform/WifiApScan formWifiApScan wl2g.public.country/wl5g.public.country os command injection

VulDB Recent Entries
1 month 1 week ago
A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. This vulnerability is registered as CVE-2026-8264. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com

CVE-2026-8263 | Tenda AC6 15.03.06.49_multi_TDE01 httpd /goform/WifiExtraSet fromSetWirelessRepeat mac/ssid os command injection

VulDB Recent Entries
1 month 1 week ago
A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. This vulnerability is cataloged as CVE-2026-8263. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2026-8262 | Devs Palace ERP Online up to 4.0.0 /accounts/chart-save cross site scripting

VulDB Recent Entries
1 month 1 week ago
A vulnerability classified as problematic was found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-8262. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-8261 | Squirrel up to 3.2 squirrel/sqobject.cpp SQFunctionProto::Load heap-based overflow (Issue 326)

VulDB Recent Entries
1 month 1 week ago
A vulnerability classified as critical has been found in Squirrel up to 3.2. This affects the function SQFunctionProto::Load of the file squirrel/sqobject.cpp. This manipulation causes heap-based buffer overflow. This vulnerability is tracked as CVE-2026-8261. The attack is restricted to local execution. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

CVE-2026-8260 | D-Link DCS-935L up to 1.10.01 HNAP Service hnap_service SetDeviceSettings AdminPassword buffer overflow

VulDB Recent Entries
1 month 1 week ago
A vulnerability described as critical has been identified in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. This vulnerability is identified as CVE-2026-8260. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com

CVE-2026-8259 | Tenda AC6 2.0/15.03.06.23 httpd /goform/telnet lan.ip os command injection

VulDB Recent Entries
1 month 1 week ago
A vulnerability marked as critical has been reported in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. This vulnerability is referenced as CVE-2026-8259. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com

CVE-2026-8258 | Squirrel up to 3.2 sqstdlib/sqstdstring.cpp validate_format stack-based overflow (Issue 325)

VulDB Recent Entries
1 month 1 week ago
A vulnerability labeled as critical has been found in Squirrel up to 3.2. Impacted is the function validate_format in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The identification of this vulnerability is CVE-2026-8258. The attack can only be executed locally. Furthermore, there is an exploit available. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

CVE-2026-8257 | WebAssembly Binaryen up to 117 BrOn Parser wasm-ir-builder.cpp IRBuilder::makeBrOn assertion (Issue 8633)

VulDB Recent Entries
1 month 1 week ago
A vulnerability identified as problematic has been detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. This vulnerability was named CVE-2026-8257. The attack needs to be approached locally. In addition, an exploit is available. It is suggested to install a patch to address this issue.
vuldb.com

Managed ad