Submit #778625: Tenda 4G06 V04.06.01.29 Stack-based Buffer Overflow [Accepted]
Submit #778625 / VDB-353962
Aggregator
Submit #778613: itsourcecode Payroll Management System V1.0 Cross Site Scripting [Duplicate]
1 week 2 days ago
Submit #778613 / VDB-353560
lllyyy123
Submit #778603: code-projects Accounting System V1.0 SQL Injection [Accepted]
1 week 2 days ago
Submit #778603 / VDB-353961
Xu Zhihan
Submit #778603: code-projects Accounting System V1.0 SQL Injection [Accepted]
1 week 2 days ago
Submit #778603 / VDB-353961
Xu Zhihan
CVE-2026-4981 | Red Hat Advanced Cluster Security OAuth Call error/error_uri redirect
1 week 2 days ago
A vulnerability was found in Red Hat Advanced Cluster Security. It has been classified as problematic. The affected element is an unknown function of the component OAuth Call Handler. This manipulation of the argument error/error_uri causes open redirect.
This vulnerability appears as CVE-2026-4981. The attack may be initiated remotely. There is no available exploit.
vuldb.com
Submit #778594: code-projects Accounting System V1.0 SQL Injection [Accepted]
1 week 2 days ago
Submit #778594 / VDB-353960
Xu Zhihan
Submit #778594: code-projects Accounting System V1.0 SQL Injection [Accepted]
1 week 2 days ago
Submit #778594 / VDB-353960
Xu Zhihan
Submit #778589: code-projects Accounting System V1.0 SQL Injection [Accepted]
1 week 2 days ago
Submit #778589 / VDB-353959
Xu Zhihan
Submit #778589: code-projects Accounting System V1.0 SQL Injection [Accepted]
1 week 2 days ago
Submit #778589 / VDB-353959
Xu Zhihan
CVE-2026-5031 | BichitroGan ISP Billing Software 2025.3.20 Endpoint users-view ID resource injection
1 week 2 days ago
A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20 and classified as problematic. Impacted is an unknown function of the file /?_route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers.
This vulnerability is reported as CVE-2026-5031. The attack can be launched remotely. Moreover, an exploit is present.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Submit #778588: GitHub advocate-office-management-system V 1.0 SQL Injection [Duplicate]
1 week 2 days ago
Submit #778588 / VDB-300585
dead_end
Submit #778588: GitHub advocate-office-management-system V 1.0 SQL Injection [Duplicate]
1 week 2 days ago
Submit #778588 / VDB-300585
dead_end
Submit #778530: BichitroGan ISP Billing Software 2025.3.20 Insecure Direct Object Reference (IDOR) / Broken Access Control [Accepted]
1 week 2 days ago
Submit #778530 / VDB-353953
4m3rr0r
Submit #778530: BichitroGan ISP Billing Software 2025.3.20 Insecure Direct Object Reference (IDOR) / Broken Access Control [Accepted]
1 week 2 days ago
Submit #778530 / VDB-353953
4m3rr0r
Qilin
1 week 2 days ago
You must login to view this content
cohenido
Вы скачали библиотеку, а за вами пришли 300 тысяч хакеров. Как взлом LiteLLM стал ловушкой для ИИ-проектов
1 week 2 days ago
Группировка Vect предложила 300 тысячам пользователей даркнет-форума стать вымогателями.
CVE-2026-5030 | Totolink NR1800X 9.1.0u.6279_B20210910 Telnet Service /cgi-bin/cstecgi.cgi NTPSyncWithHost host_time command injection
1 week 2 days ago
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument host_time leads to command injection.
This vulnerability is documented as CVE-2026-5030. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com
New Wave of AiTM Phishing Targets TikTok for Business
1 week 2 days ago
Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages
CVE-2026-30302 | CodeRider-Kilo Parser os command injection
1 week 2 days ago
A vulnerability, which was classified as critical, was found in CodeRider-Kilo. This vulnerability affects unknown code of the component Parser. Executing a manipulation can lead to os command injection.
This vulnerability is registered as CVE-2026-30302. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
CVE-2026-32983 | Wazuh up to 4.7.3/4.7.x authd default permission (EUVD-2026-16686)
1 week 2 days ago
A vulnerability, which was classified as critical, has been found in Wazuh up to 4.7.3/4.7.x. This affects an unknown part of the component authd. Performing a manipulation results in incorrect default permissions.
This vulnerability is cataloged as CVE-2026-32983. It is possible to initiate the attack remotely. There is no exploit available.
It is advisable to upgrade the affected component.
vuldb.com