Vuldb Updates

A vulnerability marked as problematic has been reported in GNU Tar up to 1.35. This affects an unknown function of the component TAR Archive Handler. This manipulation causes path traversal: '../filedir'. The identification of this vulnerability is CVE-2025-45582. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability categorized as critical has been discovered in code-projects Online Music Site 1.0. Affected is an unknown function of the file /Administrator/PHP/AdminDeleteCategory.php. Executing a manipulation of the argument ID can lead to sql injection. This vulnerability is handled as CVE-2026-2211. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability identified as critical has been detected in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /Administrator/PHP/AdminEditCategory.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2026-2212. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability identified as problematic has been detected in code-projects Online Student Management System 1.0. The impacted element is an unknown function of the file /admin/announcement/index.php?view=add of the component Announcement Management Module. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2026-2156. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability marked as critical has been reported in code-projects Student Web Portal 1.0. This impacts an unknown function of the file /check_user.php. Performing a manipulation of the argument Username results in sql injection. This vulnerability is cataloged as CVE-2026-2158. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability described as problematic has been identified in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Executing a manipulation of the argument firstname/lastname/username can lead to cross site scripting. This vulnerability is registered as CVE-2026-2159. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability classified as problematic has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=save_package. The manipulation of the argument Title leads to cross site scripting. This vulnerability is documented as CVE-2026-2160. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability classified as critical was found in itsourcecode Directory Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/forget-password.php. The manipulation of the argument email results in sql injection. This vulnerability is reported as CVE-2026-2161. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability, which was classified as critical, has been found in itsourcecode News Portal Project 1.0. This affects an unknown part of the file /admin/aboutus.php. This manipulation of the argument pagetitle causes sql injection. This vulnerability appears as CVE-2026-2162. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability, which was classified as critical, was found in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2026-2163. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in detronetdip E-commerce 1.0.0 and classified as critical. Impacted is an unknown function of the file /Admin/assets/backend/seller/add_seller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to missing authentication. This vulnerability is handled as CVE-2026-2165. The attack can be executed remotely. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability was found in D-Link DAR-7000. It has been classified as critical. Affected is an unknown function of the file /log/mailrecvview.php. Performing a manipulation results in sql injection. This vulnerability was named CVE-2023-44694. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability categorized as problematic has been discovered in fin Student Management System 1.0. This impacts an unknown function of the file profile.php. Executing a manipulation of the argument email can lead to cross site scripting. This vulnerability appears as CVE-2023-44753. The attack may be performed from remote. There is no available exploit.

A vulnerability described as critical has been identified in Student Study Center Desk Management 1.0. This affects an unknown part of the file /php-sscdms/admin/login.php of the component GET Request Handler. Such manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2023-44752. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Sacco Management system 1.0. It has been rated as critical. This affects an unknown function of the file /sacco/ajax.php. Performing a manipulation of the argument Password results in sql injection. This vulnerability is reported as CVE-2023-44755. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability has been found in D-Link DAR-7000 V31R02B1413C and classified as critical. This affects an unknown function of the file /importexport.php. This manipulation causes sql injection. This vulnerability is handled as CVE-2023-44693. The attack can only be done within the local network. There is not any exploit available.

A vulnerability described as critical has been identified in WebM Project libvpx up to 1.13.0. The affected element is an unknown function of the file vp9/encoder/vp9_encoder.c of the component VP9. Executing a manipulation can lead to memory corruption. The identification of this vulnerability is CVE-2023-44488. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in code-projects Online Reviewer System 1.0. It has been classified as critical. The affected element is an unknown function of the file /login/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. This vulnerability is uniquely identified as CVE-2026-2166. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in Totolink WA300 5.2cu.7112_B20190227. It has been declared as critical. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. This vulnerability was named CVE-2026-2167. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in D-Link DWR-M921 1.1.50. It has been rated as critical. This affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection. The identification of this vulnerability is CVE-2026-2168. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.