Aggregator

CVE-2026-12197 | Ruijie EG105G-P 2.340 JSON-RPC Diagnose Endpoint diagnose nslookup params.target command injection

VulDB Recent Entries
6 days 10 hours ago
A vulnerability was found in Ruijie EG105G-P 2.340. It has been rated as critical. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. This vulnerability is cataloged as CVE-2026-12197. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-12193 | VS Revo RevoUninstaller 2.5.x/2.6.x IOCTL RevoDetector.sys IOCtl_Handler heap-based overflow

VulDB Recent Entries
6 days 10 hours ago
A vulnerability was found in VS Revo RevoUninstaller 2.5.x/2.6.x. It has been declared as critical. The affected element is the function IOCtl_Handler in the library RevoDetector.sys of the component IOCTL Handler. Such manipulation leads to heap-based buffer overflow. This vulnerability is listed as CVE-2026-12193. The attack must be carried out locally. In addition, an exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-12192 | GALAYOU Y4 1.0.0 Web Server buffer overflow

VulDB Recent Entries
6 days 10 hours ago
A vulnerability was found in GALAYOU Y4 1.0.0. It has been classified as critical. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. This vulnerability is tracked as CVE-2026-12192. The attack is only possible within the local network. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-12191 | Comma AI Openpilot 0.11 Pickle modeld.py pickle.load/pickle.loads deserialization

VulDB Recent Entries
6 days 10 hours ago
A vulnerability was found in Comma AI Openpilot 0.11 and classified as critical. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization. This vulnerability is identified as CVE-2026-12191. The attack is only possible with local access. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-12190 | Genspark AI Workspace App 2.8.4 on Android ai.mainfunc.genspark improper authorization in handler for custom url scheme

VulDB Recent Entries
6 days 10 hours ago
A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android and classified as problematic. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. This vulnerability is referenced as CVE-2026-12190. The attack can only be performed from a local environment. No exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-12189 | Moovit Bus & Public Transit App 1.18 on Android com.tranzmate improper authorization in handler for custom url scheme

VulDB Recent Entries
6 days 10 hours ago
A vulnerability, which was classified as problematic, was found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The identification of this vulnerability is CVE-2026-12189. The attack can only be executed locally. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-12188 | Grit42 Grit up to 0.11.0 GritEntityController grit_entity_controller.rb sql injection

VulDB Recent Entries
6 days 11 hours ago
A vulnerability, which was classified as critical, has been found in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules/core/backend/app/controllers/concerns/grit/core/grit_entity_controller.rb of the component GritEntityController. Performing a manipulation results in sql injection. This vulnerability was named CVE-2026-12188. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-12187 | GL.iNet GL-MT3000 up to 4.4.5 Online Firmware Upgrade one_click_upgrade command injection

VulDB Recent Entries
6 days 11 hours ago
A vulnerability classified as critical was found in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/one_click_upgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2026-12187. The attack can be launched remotely. Moreover, an exploit is present. Upgrading the affected component is advised. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
vuldb.com

CVE-2026-12186 | GL.iNet GL-MT3000 up to 4.4.5 Tor Proxy Service Configuration tor replace_country command injection (EUVD-2026-36665)

VulDB Recent Entries
6 days 11 hours ago
A vulnerability classified as critical has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replace_country in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. This vulnerability is handled as CVE-2026-12186. The attack can be initiated remotely. Additionally, an exploit exists. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
vuldb.com

Managed ad