Submit #811617: Linux Foundation Projects SD-Core 2.1.1 Memory Corruption [Accepted]
Submit #811617 / VDB-364404
Aggregator
Submit #811616: Linux Foundation Projects SD-Core 2.1.1 Memory Corruption [Accepted]
4 weeks 2 days ago
Submit #811616 / VDB-364403
shovon0203
不一样的体会
4 weeks 2 days ago
CVE-2026-8777 | Edimax BR-6428NS 1.10 POST Request /goform/formStaDrvSetup stadrv_ssid command injection
4 weeks 2 days ago
A vulnerability identified as critical has been detected in Edimax BR-6428NS 1.10. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. Performing a manipulation of the argument stadrv_ssid results in command injection.
This vulnerability is identified as CVE-2026-8777. The attack can be initiated remotely. Additionally, an exploit exists.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2026-8776 | Edimax BR-6428NS 1.10 POST Request /goform/formPPTPSetup pptpUserName buffer overflow
4 weeks 2 days ago
A vulnerability categorized as critical has been discovered in Edimax BR-6428NS 1.10. This vulnerability affects the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Such manipulation of the argument pptpUserName leads to buffer overflow.
This vulnerability is referenced as CVE-2026-8776. It is possible to launch the attack remotely. Furthermore, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2026-8775 | Edimax BR-6428NS 1.10 POST Request /goform/formL2TPSetup L2TPUserName buffer overflow
4 weeks 2 days ago
A vulnerability was found in Edimax BR-6428NS 1.10. It has been rated as critical. This affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. This manipulation of the argument L2TPUserName causes buffer overflow.
The identification of this vulnerability is CVE-2026-8775. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2026-8774 | Edimax BR-6228NC 1.22 POST Request /goform/mp command command injection
4 weeks 2 days ago
A vulnerability was found in Edimax BR-6228NC 1.22. It has been declared as critical. Affected by this issue is the function mp of the file /goform/mp of the component POST Request Handler. The manipulation of the argument command results in command injection.
This vulnerability was named CVE-2026-8774. The attack may be performed from remote. In addition, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Submit #811532: EDIMAX BR-6428NS BR-6428NS_v4_1.10 Command Injection [Accepted]
4 weeks 2 days ago
Submit #811532 / VDB-364402
wxhwxhwxh_tutu
Submit #811531: EDIMAX BR-6428NS BR-6428NS_v4_1.10 Buffer Overflow [Accepted]
4 weeks 2 days ago
Submit #811531 / VDB-364401
wxhwxhwxh_tutu
Submit #811530: EDIMAX BR-6428NS BR-6428NS_v4_1.10 Buffer Overflow [Accepted]
4 weeks 2 days ago
Submit #811530 / VDB-364400
wxhwxhwxh_tutu
Submit #811529: EDIMAX BR6228NC BR-6228NCv2 (Version : v1.22) Command Injection [Accepted]
4 weeks 2 days ago
Submit #811529 / VDB-364399
wxhwxhwxh_tutu
CVE-2026-8773 | linlinjava litemall up to 1.8.0 Database Setting DbUtil.java backup/load db/password argument injection
4 weeks 2 days ago
A vulnerability was found in linlinjava litemall up to 1.8.0. It has been classified as critical. Affected by this vulnerability is the function backup/load of the file litemall-db/src/main/java/org/linlinjava/litemall/db/util/DbUtil.java of the component Database Setting Handler. The manipulation of the argument db/password leads to argument injection.
This vulnerability is uniquely identified as CVE-2026-8773. The attack is possible to be carried out remotely. Moreover, an exploit is present.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2026-8772 | linlinjava litemall up to 1.8.0 Admin Endpoint sql injection
4 weeks 2 days ago
A vulnerability was found in linlinjava litemall up to 1.8.0 and classified as critical. Affected is an unknown function of the component Admin Endpoint. Executing a manipulation can lead to sql injection.
This vulnerability is handled as CVE-2026-8772. The attack can be executed remotely. Additionally, an exploit exists.
Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2026-8771 | linlinjava litemall up to 1.8.0 Front-end WeChat API WxGoodsController.java list sql injection
4 weeks 2 days ago
A vulnerability has been found in linlinjava litemall up to 1.8.0 and classified as critical. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection.
This vulnerability is known as CVE-2026-8771. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Submit #811469: linlinjava litemall up to 1.8.0 Argument Injection [Accepted]
4 weeks 2 days ago
Submit #811469 / VDB-364398
berna
Submit #811468: linlinjava litemall up to 1.8.0 SQL Injection [Accepted]
4 weeks 2 days ago
Submit #811468 / VDB-364397
berna
Submit #811467: linlinjava litemall up to 1.8.0 SQL Injection [Accepted]
4 weeks 2 days ago
Submit #811467 / VDB-364396
berna
CVE-2026-8770 | continuedev continue up to 1.2.22 JSON-RPC Server lsTool.ts lsTool dirPath path traversal
4 weeks 2 days ago
A vulnerability, which was classified as problematic, was found in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal.
This vulnerability is traded as CVE-2026-8770. An attack has to be approached locally. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2026-8769 | vercel ai up to 3.0.97 provider-utils response-handler.ts resource consumption
4 weeks 2 days ago
A vulnerability, which was classified as problematic, has been found in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption.
This vulnerability appears as CVE-2026-8769. The attack may be initiated remotely. In addition, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2026-8768 | vercel ai up to 3.0.97 provider-utils download-blob.ts validateDownloadUrl server-side request forgery
4 weeks 2 days ago
A vulnerability classified as critical was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery.
This vulnerability is reported as CVE-2026-8768. The attack can be launched remotely. Moreover, an exploit is present.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com