VulDB Recent Entries

A vulnerability classified as problematic was found in Nmap 7.70. Affected is an unknown function of the component XML File Handler. The manipulation results in uncontrolled recursion. This vulnerability was named CVE-2018-25282. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability classified as critical has been found in Infiltration-Systems Infiltrator Network Security Scanner 4.6. This impacts an unknown function. The manipulation of the argument Scan Target leads to buffer overflow. This vulnerability is uniquely identified as CVE-2018-25280. Local access is required to approach this attack. Moreover, an exploit is present.

A vulnerability described as problematic has been identified in Convertimagetotext jiNa OCR Image to Text 1.0. This affects an unknown function of the component PNG File Handler. Executing a manipulation can lead to uncontrolled memory allocation. This vulnerability is handled as CVE-2018-25279. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability marked as critical has been reported in Br-Software PixGPS 1.1.8. The impacted element is an unknown function. Performing a manipulation of the argument folder path results in buffer overflow. This vulnerability is known as CVE-2018-25277. Attacking locally is a requirement. Furthermore, an exploit is available.

A vulnerability labeled as critical has been found in Faleemi Plus 1.0.2. The affected element is an unknown function. Such manipulation of the argument Camera name/DID number leads to buffer overflow. This vulnerability is traded as CVE-2018-25275. An attack has to be approached locally. Furthermore, there is an exploit available.

A vulnerability identified as problematic has been detected in InfraRecorder 0.53. Impacted is an unknown function of the component Text File Handler. This manipulation causes uncontrolled memory allocation. This vulnerability appears as CVE-2018-25274. The attack requires local access. In addition, an exploit is available.

A vulnerability categorized as critical has been discovered in faleemi Faleemi Desktop Software 1.8.2. This issue affects some unknown processing of the component Managing Log Interface. The manipulation of the argument alias results in buffer overflow. This vulnerability is reported as CVE-2018-25263. The attack requires a local approach. Moreover, an exploit is present.

A vulnerability was found in Picajet PicaJet FX 2.6.5. It has been rated as critical. This vulnerability affects unknown code of the component Registration Handler. The manipulation of the argument Registration Name/Registration Key leads to buffer overflow. This vulnerability is documented as CVE-2018-25278. The attack needs to be performed locally. Additionally, an exploit exists.

A vulnerability has been found in code-projects Chat System 1.0 and classified as problematic. Affected is an unknown function of the file update_user.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. This vulnerability is tracked as CVE-2026-7103. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability, which was classified as critical, was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. This vulnerability is identified as CVE-2026-7102. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability, which was classified as critical, has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. This vulnerability is referenced as CVE-2026-7101. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability classified as critical was found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overflow. The identification of this vulnerability is CVE-2026-7100. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument mit_linktype results in buffer overflow. This vulnerability was named CVE-2026-7099. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability described as critical has been identified in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argument page leads to buffer overflow. This vulnerability is uniquely identified as CVE-2026-7098. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability marked as critical has been reported in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page causes buffer overflow. This vulnerability is handled as CVE-2026-7097. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability labeled as critical has been found in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. This vulnerability is known as CVE-2026-7096. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability identified as problematic has been detected in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. The manipulation of the argument ID leads to cross site scripting. This vulnerability is traded as CVE-2026-7095. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability categorized as critical has been discovered in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteer_navigate. Executing a manipulation of the argument url can lead to server-side request forgery. This vulnerability appears as CVE-2026-7094. The attack may be performed from remote. In addition, an exploit is available. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability was found in code-projects Invoice System in Laravel 1.0. It has been rated as critical. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. This vulnerability is reported as CVE-2026-7093. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in code-projects Invoice System in Laravel 1.0. It has been declared as critical. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. This vulnerability is documented as CVE-2026-7092. The attack can be executed remotely. Additionally, an exploit exists.