VulDB Recent Entries

A vulnerability marked as critical has been reported in Tenda W12 3.0.0.7(4763). This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. This vulnerability is traded as CVE-2026-10189. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability labeled as critical has been found in Tenda W12 3.0.0.7(4763). This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. This vulnerability appears as CVE-2026-10188. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability identified as critical has been detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the function setWiFiBasicConfig of the file wireless.so of the component Web Management Interface. Performing a manipulation of the argument KeyStr results in stack-based buffer overflow. This vulnerability is reported as CVE-2026-10187. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability categorized as critical has been discovered in code-projects Online Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patient.php. Such manipulation of the argument editid leads to sql injection. This vulnerability is documented as CVE-2026-10186. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in SourceCodester Hospitals Patient Records Management System 1.0. It has been rated as critical. Affected is an unknown function of the file /classes/Users.php?f=save. This manipulation of the argument ID causes sql injection. This vulnerability is registered as CVE-2026-10185. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in SourceCodester Hospitals Patient Records Management System 1.0. It has been declared as critical. This impacts an unknown function of the file /classes/Users.php?f=delete. The manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2026-10184. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. It has been classified as critical. This affects the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument enrollee leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is listed as CVE-2026-10183. The attack may be initiated remotely. In addition, an exploit is available. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities."

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20 and classified as critical. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument enrollee can lead to command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is tracked as CVE-2026-10182. The attack can be launched remotely. Moreover, an exploit is present. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities."

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20 and classified as critical. The affected element is the function formSysCmd of the file /goform/formSysCmd. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is identified as CVE-2026-10181. The attack can be initiated remotely. Additionally, an exploit exists. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities."

A vulnerability, which was classified as critical, was found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is referenced as CVE-2026-10180. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities."

A vulnerability, which was classified as critical, has been found in TRENDnet TEW-432BRP 3.10B20. This issue affects the function formSetWlanEncrypt of the file /goform/formSetWlanEncrypt. This manipulation of the argument webpage causes stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2026-10179. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities."

A vulnerability classified as critical was found in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminEditAlbum.php. The manipulation of the argument ID results in sql injection. This vulnerability was named CVE-2026-10178. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability classified as critical has been found in Aider-AI Aider 0.86.3. This affects the function requests.get of the file api_docs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2026-10177. The attack is possible to be carried out remotely. Moreover, an exploit is present. It is suggested to install a patch to address this issue. The pull request to fix this issue awaits acceptance.

A vulnerability described as critical has been identified in Aider-AI Aider 0.86.3. Affected by this issue is some unknown functionality of the component Code Generation Workflow. Executing a manipulation can lead to sql injection. This vulnerability is handled as CVE-2026-10176. The attack can be executed remotely. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability marked as critical has been reported in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editor_coder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. This vulnerability is known as CVE-2026-10175. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability labeled as problematic has been found in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. This vulnerability is traded as CVE-2026-10174. The attack may be launched remotely. Furthermore, there is an exploit available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability identified as critical has been detected in Armcode Arm Whois 3.11. This impacts an unknown function. This manipulation causes buffer overflow. This vulnerability appears as CVE-2018-25423. The attack requires local access. In addition, an exploit is available.

A vulnerability categorized as critical has been discovered in WinMTR 0.91. This affects an unknown function. The manipulation results in buffer overflow. This vulnerability is reported as CVE-2018-25426. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in NEZUMI Text::LineFold up to 2019.001 on Perl. It has been rated as problematic. The impacted element is the function break. The manipulation leads to asymmetric resource consumption. This vulnerability is documented as CVE-2026-8594. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in spider312 MOGG Web Simulator Script. It has been declared as critical. The affected element is an unknown function of the file play.php. Executing a manipulation of the argument ID can lead to sql injection. This vulnerability is registered as CVE-2018-25422. It is possible to launch the attack remotely. Furthermore, an exploit is available.