Aggregator

A vulnerability labeled as critical has been found in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content Plugin up to 4.16.11 on WordPress. Impacted is an unknown function. Such manipulation leads to code injection. This vulnerability is documented as CVE-2026-3309. The attack can be executed remotely. There is not any exploit available.

Submit #782875 / VDB-355325

Submit #782874 / VDB-355324

Submit #782873 / VDB-355323

A vulnerability identified as critical has been detected in PHPGurukul Online Shopping Portal Project 2.1. This issue affects some unknown processing of the file /sub-category.php of the component Parameter Handler. This manipulation of the argument pid causes sql injection. This vulnerability is registered as CVE-2026-5552. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability categorized as critical has been discovered in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/login.php of the component Parameter Handler. The manipulation of the argument email results in sql injection. This vulnerability is cataloged as CVE-2026-5551. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #782864 / VDB-355316

Submit #782845 / VDB-355315

A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. It has been rated as critical. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. This vulnerability is listed as CVE-2026-5550. The attack may be initiated remotely. There is no available exploit. Multiple endpoints might be affected.

A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. It has been declared as problematic. Affected by this issue is some unknown functionality of the file /webroot_ro/pem/privkeySrv.pem of the component RSA 2048-bit Private Key Handler. Executing a manipulation can lead to use of hard-coded cryptographic key . This vulnerability is tracked as CVE-2026-5549. The attack can be launched remotely. Moreover, an exploit is present. The application of restrictive firewalling is recommended.

A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. It has been classified as critical. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. This vulnerability is identified as CVE-2026-5548. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01 and classified as critical. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. This vulnerability is referenced as CVE-2026-5547. It is possible to launch the attack remotely. No exploit is available. Multiple endpoints might be affected.

Submit #782719 / VDB-256843

Submit #782648 / VDB-309496

Submit #782637 / VDB-317570

Submit #782628 / VDB-317571

Submit #782627 / VDB-280374

Submit #782299 / VDB-355314

Submit #782298 / VDB-355313

Submit #782297 / VDB-355312