VulDB Recent Entries

A vulnerability was found in Tenda F456 1.0.0.5. It has been rated as critical. This affects the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in buffer overflow. This vulnerability is known as CVE-2026-7053. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in containers bubblewrap 0.11.0/0.11.1. It has been declared as critical. Affected by this issue is some unknown functionality of the component ptrace. Such manipulation leads to improper access controls. This vulnerability is traded as CVE-2026-41163. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in baomidou dynamic-datasource 2.5.0. It has been classified as critical. Affected by this vulnerability is the function DsSpelExpressionProcessor#doDetermineDatasource of the file dynamic-datasource-spring/src/main/java/com/baomidou/dynamic/datasource/processor/DsSpelExpressionProcessor.java of the component StandardEvaluationContext/SpelExpressionParser. This manipulation causes injection. This vulnerability appears as CVE-2026-7045. The attack may be initiated remotely. There is no available exploit. It is recommended to apply a patch to fix this issue.

A vulnerability was found in GreenCMS up to 2.3 and classified as critical. Affected is the function themeadd of the file /index.php?m=admin&c=custom&a=themeadd. The manipulation results in unrestricted upload. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is reported as CVE-2026-7044. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability has been found in GreenCMS up to 2.3 and classified as critical. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is documented as CVE-2026-7043. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability, which was classified as critical, was found in 666ghj MiroFish up to 0.1.2. This affects the function create_app of the file backend/app/__init__.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. This vulnerability is registered as CVE-2026-7042. It is possible to launch the attack remotely. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability, which was classified as problematic, has been found in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. This vulnerability is cataloged as CVE-2026-7041. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is suggested to use restrictive firewalling. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability classified as critical was found in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. This vulnerability is listed as CVE-2026-7039. The attack must be carried out locally. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability classified as problematic has been found in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. This vulnerability is tracked as CVE-2026-7038. The attack is restricted to local execution. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability described as critical has been identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru results in os command injection. This vulnerability is identified as CVE-2026-7037. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability marked as critical has been reported in Tenda i9 1.0.0.5(2204). This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal. This vulnerability is referenced as CVE-2026-7036. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability labeled as critical has been found in Tenda FH1202 1.2.0.14. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. Executing a manipulation of the argument Go can lead to stack-based buffer overflow. The identification of this vulnerability is CVE-2026-7035. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability identified as critical has been detected in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function WrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Performing a manipulation of the argument Go results in stack-based buffer overflow. This vulnerability was named CVE-2026-7034. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability categorized as critical has been discovered in Tenda F456 1.0.0.5. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Such manipulation of the argument menufacturer/Go leads to buffer overflow. This vulnerability is uniquely identified as CVE-2026-7033. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in Tenda F456 1.0.0.5. It has been rated as critical. Affected is the function SafeEmailFilter of the file /goform/SafeEmailFilter. This manipulation of the argument page causes buffer overflow. This vulnerability is handled as CVE-2026-7032. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in Tenda F456 1.0.0.5. It has been declared as critical. This impacts the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page results in buffer overflow. This vulnerability is known as CVE-2026-7031. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability was found in Tenda F456 1.0.0.5. It has been classified as critical. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer overflow. This vulnerability is traded as CVE-2026-7030. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Tenda F456 1.0.0.5 and classified as critical. The impacted element is the function fromaddressNat of the file /goform/addressNat. Executing a manipulation of the argument menufacturer/Go can lead to buffer overflow. This vulnerability appears as CVE-2026-7029. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability has been found in CodeAstro Online Job Portal 1.0 and classified as critical. The affected element is an unknown function of the file /admin/jobs-admins/delete-jobs.php of the component All Jobs Page. Performing a manipulation of the argument ID results in sql injection. This vulnerability is reported as CVE-2026-7028. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability, which was classified as problematic, was found in D-Link DSL-2740R EU_01.15. Impacted is an unknown function of the component Wireless Setup Section. Such manipulation of the argument Wireless Network Name leads to cross site scripting. This vulnerability is documented as CVE-2026-7027. The attack can be executed remotely. Additionally, an exploit exists.