Aggregator

CVE-2026-5041 | code-projects Chamber of Commerce Membership Management System 1.0 admin/pageMail.php fwrite mailSubject/mailMessage command injection

VulDB Recent Entries
6 days 4 hours ago
A vulnerability, which was classified as critical, has been found in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. This vulnerability is listed as CVE-2026-5041. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com

CVE-2026-5037 | mxml up to 4.0.4 mxmlIndexNew mxml-index.c index_sort tempr stack-based overflow (Issue 350)

VulDB Recent Entries
6 days 4 hours ago
A vulnerability classified as problematic was found in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. This vulnerability is tracked as CVE-2026-5037. The attack is restricted to local execution. Moreover, an exploit is present. A patch should be applied to remediate this issue.
vuldb.com

CVE-2026-5036 | Tenda 4G06 04.06.01.29 Endpoint /goform/DhcpListClient fromDhcpListClient page stack-based overflow

VulDB Recent Entries
6 days 4 hours ago
A vulnerability classified as critical has been found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhcpListClient of the file /goform/DhcpListClient of the component Endpoint. Performing a manipulation of the argument page results in stack-based buffer overflow. This vulnerability is identified as CVE-2026-5036. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com

CVE-2026-5035 | code-projects Accounting System 1.0 Parameter /view_work.php en_id sql injection

VulDB Recent Entries
6 days 4 hours ago
A vulnerability described as critical has been identified in code-projects Accounting System 1.0. This affects an unknown part of the file /view_work.php of the component Parameter Handler. Such manipulation of the argument en_id leads to sql injection. This vulnerability is referenced as CVE-2026-5035. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com

Managed ad