Aggregator

A vulnerability was found in UTT HiPER 810 1.7.4-141218. It has been classified as critical. The impacted element is the function sub_43F020 of the file /goform/formPdbUpConfig. Performing a manipulation of the argument policyNames results in command injection. This vulnerability is cataloged as CVE-2026-2135. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #747251 / VDB-344775

Submit #747250 / VDB-344774

Submit #747249 / VDB-344773

A vulnerability was found in PHPGurukul Hospital Management System 4.0 and classified as critical. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of the argument ID leads to sql injection. This vulnerability is listed as CVE-2026-2134. The attack may be performed from remote. In addition, an exploit is available.

Submit #747239 / VDB-344772

Submit #747230 / VDB-344771

A vulnerability has been found in code-projects Online Music Site 1.0 and classified as critical. Impacted is an unknown function of the file /Administrator/PHP/AdminUpdateCategory.php. This manipulation of the argument txtimage causes unrestricted upload. This vulnerability is tracked as CVE-2026-2133. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability, which was classified as critical, was found in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Administrator/PHP/AdminUpdateCategory.php. The manipulation of the argument txtcat results in sql injection. This vulnerability is identified as CVE-2026-2132. The attack can be executed remotely. Additionally, an exploit exists.

Submit #747222 / VDB-344770

A vulnerability, which was classified as critical, has been found in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function input_text. The manipulation of the argument text leads to os command injection. This vulnerability is referenced as CVE-2026-2131. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Submit #747214 / VDB-344769

A vulnerability classified as critical was found in BurtTheCoder mcp-maigret up to 1.0.12. This affects an unknown part of the file src/index.ts of the component search_username. Executing a manipulation of the argument Username can lead to command injection. The identification of this vulnerability is CVE-2026-2130. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

Submit #747213 / VDB-344768

Submit #747210 / VDB-344767

Submit #747209 / VDB-344766

A vulnerability classified as critical has been found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/set_ac_status. Performing a manipulation of the argument ac_ipaddr/ac_ipstatus/ap_randtime results in os command injection. This vulnerability was named CVE-2026-2129. The attack may be initiated remotely. In addition, an exploit is available.

Submit #747171 / VDB-344765

Submit #747056 / VDB-233398

Submit #746935 / VDB-344764