VulDB Recent Entries

A vulnerability has been found in hanxi xiaomusic up to 0.5.7 and classified as critical. The affected element is an unknown function of the file /music/. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2026-10108. The attack is possible to be carried out remotely. No exploit exists. To fix this issue, it is recommended to deploy a patch.

A vulnerability, which was classified as critical, was found in agno-agi agno up to 2.6.5. Impacted is the function delete_by_metadata of the file clickhousedb.py of the component ClickHouse Vector Database Backend. Executing a manipulation can lead to sql injection. This vulnerability is handled as CVE-2026-10105. The attack can be executed remotely. There is not any exploit available. A patch should be applied to remediate this issue.

A vulnerability, which was classified as critical, has been found in dokploy up to 0.19.0. This issue affects some unknown processing. Performing a manipulation results in authorization bypass. This vulnerability is known as CVE-2026-43917. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as critical was found in getarcaneapp arcane up to 1.18.x. This vulnerability affects unknown code of the file /api/customize/git-repositories. Such manipulation leads to missing authorization. This vulnerability is traded as CVE-2026-45625. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Edimax BR-6478AC 1.23. This affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. This vulnerability appears as CVE-2026-10127. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability described as critical has been identified in Edimax BR-6478AC 1.23. Affected by this issue is the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID results in buffer overflow. This vulnerability is reported as CVE-2026-10126. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability marked as critical has been reported in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to stack-based buffer overflow. This vulnerability is documented as CVE-2026-10125. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability labeled as critical has been found in Shibby Tomato up to 1.28. Affected is the function rip_zebra_read_ipv4 of the file /usr/sbin/ripd of the component Zserv Handler. Executing a manipulation can lead to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is registered as CVE-2026-10124. It is possible to launch the attack remotely. Furthermore, an exploit is available. This project is superseded by FreshTomato.

A vulnerability identified as critical has been detected in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetDomainFilter of the file /goform/formSetDomainFilter. Performing a manipulation of the argument blocked_domain/permitted_domain/blocked_domain_list/permitted_domain_list results in stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is cataloged as CVE-2026-10123. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities."

A vulnerability categorized as critical has been discovered in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocol_name leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is listed as CVE-2026-10122. The attack may be performed from remote. In addition, an exploit is available. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities."

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. It has been rated as critical. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keyword_list/keyword causes stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is tracked as CVE-2026-10121. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities."

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. It has been declared as critical. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewall_name results in stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is identified as CVE-2026-10120. The attack can be executed remotely. Additionally, an exploit exists. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities."

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. It has been classified as critical. Impacted is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument filter_name leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is referenced as CVE-2026-10119. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities."

A vulnerability was found in Open5GS up to 2.7.7 and classified as problematic. This issue affects the function ogs_pool_id_calloc in the library /lib/sbi/nghttp2-server.c. Executing a manipulation can lead to denial of service. The identification of this vulnerability is CVE-2026-10117. The attack may be launched remotely. Furthermore, there is an exploit available. It is best practice to apply a patch to resolve this issue.

A vulnerability has been found in Open5GS up to 2.7.7 and classified as problematic. This vulnerability affects the function ogs_sbi_xact_add in the library /lib/core/ogs-timer.c of the component ue-authentications Endpoint. Performing a manipulation results in denial of service. This vulnerability was named CVE-2026-10116. The attack may be initiated remotely. In addition, an exploit is available. Applying a patch is the recommended action to fix this issue.

A vulnerability, which was classified as problematic, was found in Open5GS up to 2.7.7. This affects an unknown part in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. Such manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2026-10115. The attack can be launched remotely. Moreover, an exploit is present. It is advisable to implement a patch to correct this issue.

A vulnerability, which was classified as problematic, has been found in Open5GS up to 2.7.7. Affected by this issue is the function handle_scp_info in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. This manipulation causes out-of-bounds write. This vulnerability is handled as CVE-2026-10114. The attack can be initiated remotely. Additionally, an exploit exists. To fix this issue, it is recommended to deploy a patch.

A vulnerability classified as problematic was found in Open5GS up to 2.7.7. Affected by this vulnerability is an unknown functionality in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. The manipulation results in denial of service. This vulnerability is known as CVE-2026-10113. It is possible to launch the attack remotely. Furthermore, an exploit is available. A patch should be applied to remediate this issue.

A vulnerability classified as problematic has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site scripting. This vulnerability is traded as CVE-2026-10112. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability described as critical has been identified in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page. Executing a manipulation of the argument email can lead to sql injection. This vulnerability appears as CVE-2026-10111. The attack may be performed from remote. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.