Aggregator

Submit #763323 / VDB-348297

A vulnerability has been found in SourceCodester Web-based Pharmacy Product Management System 1.0 and classified as problematic. This affects an unknown part. This manipulation causes session expiration. This vulnerability is registered as CVE-2026-3401. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Submit #762795 / VDB-348296

A vulnerability, which was classified as critical, was found in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the file /goform/TextEditingConversion. The manipulation of the argument wpapsk_crypto2_4g results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2026-3400. The attack may be launched remotely. Furthermore, there is an exploit available.

等小小四高考完，我真来搞中学数学教培

A vulnerability, which was classified as critical, has been found in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the argument dips leads to buffer overflow. This vulnerability is listed as CVE-2026-3399. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability classified as critical was found in Tenda F453 1.0.0.3. Affected is the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. Executing a manipulation of the argument wanmode/PPPOEPassword can lead to buffer overflow. This vulnerability is tracked as CVE-2026-3398. The attack can be launched remotely. Moreover, an exploit is present.

Submit #760109 / VDB-348295

A vulnerability classified as problematic has been found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. This vulnerability is identified as CVE-2025-15598. The attack can be initiated remotely. Additionally, an exploit exists. A comment in the source code warns users about using this feature. The vendor was contacted early about this disclosure.

A vulnerability described as critical has been identified in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls. This vulnerability is referenced as CVE-2025-15597. It is possible to launch the attack remotely. Furthermore, an exploit is available. Upgrading the affected component is recommended. Multiple endpoints are affected. The vendor was contacted early about this disclosure.

Submit #759631 / VDB-348294

Submit #759630 / VDB-348293

Submit #707295 / VDB-348291

Submit #707294 / VDB-348291

Submit #707293 / VDB-348291

Submit #707291 / VDB-348292

Submit #707288 / VDB-348291

Submit #707286 / VDB-348291

Submit #707285 / VDB-348291

Submit #707284 / VDB-348291