Submit #750995: sourcecodester.com Simple Responsive Tourism Website 1.0 Cross Site Scripting [Accepted]
Submit #750995 / VDB-344861
Aggregator
CVE-2026-2158 | code-projects Student Web Portal 1.0 /check_user.php Username sql injection
1 week ago
A vulnerability marked as critical has been reported in code-projects Student Web Portal 1.0. This impacts an unknown function of the file /check_user.php. Performing a manipulation of the argument Username results in sql injection.
This vulnerability is cataloged as CVE-2026-2158. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
Submit #748816: code-projects.org STUDENT WEB PORTAL IN PHP WITH SOURCE CODE 1.0 SQL Injection [Accepted]
1 week ago
Submit #748816 / VDB-344860
TrySec
Submit #748815: https://phpgurukul.com/ PHP 和 MySQL 中的员工记录管理系统 V1.0 SQL Injection Vulnerability [Duplicate]
1 week ago
Submit #748815 / VDB-306696
Mountain Ghost
Submit #748764: Tenda ac18 15.03.05.19(6318) Stack-based Buffer Overflow [Duplicate]
1 week ago
Submit #748764 / VDB-208081
haimianbaobao
OpenClaw Partners with VirusTotal to Secure AI Agent Skill Marketplace
1 week ago
OpenClaw announced today a partnership with VirusTotal, Google’s threat intelligence platform, to implement automated security scanning for all skills published to ClawHub, its AI agent marketplace. The integration marks the first comprehensive security initiative for the emerging AI agent ecosystem. All skills published to ClawHub will now undergo automatic scanning using VirusTotal’s threat intelligence database […]
The post OpenClaw Partners with VirusTotal to Secure AI Agent Skill Marketplace appeared first on Cyber Security News.
Guru Baran
BravoX
1 week ago
You must login to view this content
cohenido
CVE-2026-2157 | D-Link DIR-823X 250416 set_static_route_table sub_4175CC interface/destip/netmask/gateway/metric os command injection
1 week ago
A vulnerability labeled as critical has been found in D-Link DIR-823X 250416. This affects the function sub_4175CC of the file /goform/set_static_route_table. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection.
This vulnerability is listed as CVE-2026-2157. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com
BeyondTrust Remote Access Products 0-Day Vulnerability Allows Remote Code Execution
1 week ago
BeyondTrust has disclosed a critical pre-authentication remote code execution vulnerability affecting its Remote Support (RS) and Privileged Remote Access (PRA) platforms, potentially exposing thousands of organizations to system compromise. The flaw, tracked as CVE-2026-1731 and classified under CWE-78 (OS Command Injection), enables attackers to execute arbitrary operating system commands without requiring authentication or user interaction. […]
The post BeyondTrust Remote Access Products 0-Day Vulnerability Allows Remote Code Execution appeared first on Cyber Security News.
Guru Baran
CVE-2026-2156 | code-projects Online Student Management System 1.0 Announcement Management index.php?view=add cross site scripting
1 week ago
A vulnerability identified as problematic has been detected in code-projects Online Student Management System 1.0. The impacted element is an unknown function of the file /admin/announcement/index.php?view=add of the component Announcement Management Module. This manipulation causes cross site scripting.
This vulnerability is tracked as CVE-2026-2156. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com
CVE-2026-2155 | D-Link DIR-823X 250416 Configuration /goform/set_dmz sub_4208A0 dmz_host/dmz_enable os command injection
1 week ago
A vulnerability categorized as critical has been discovered in D-Link DIR-823X 250416. The affected element is the function sub_4208A0 of the file /goform/set_dmz of the component Configuration Handler. The manipulation of the argument dmz_host/dmz_enable results in os command injection.
This vulnerability is identified as CVE-2026-2155. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com
Submit #748376: D-Link DIR-823X 250416 OS Command Injection [Accepted]
1 week ago
Submit #748376 / VDB-344859
jiefengliang
CVE-2026-2154 | SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0 Patient Registration /registration.php First Name cross site scripting
1 week ago
A vulnerability was found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. It has been rated as problematic. Impacted is an unknown function of the file /registration.php of the component Patient Registration Module. The manipulation of the argument First Name leads to cross site scripting.
This vulnerability is referenced as CVE-2026-2154. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com
Submit #748328: code-projects Online Student Management System in PHP latest (no version specified by vendor) Cross-Site Scripting [Accepted]
1 week ago
Submit #748328 / VDB-344858
baguette168
Submit #748236: D-Link DIR-823X 250416 OS Command Injection [Accepted]
1 week ago
Submit #748236 / VDB-344857
942384053
Submit #748208: SourceCodester Patients Waiting Area Queue Management System 1 Cross Site Scripting [Accepted]
1 week ago
Submit #748208 / VDB-344856
rvpipalwa
CVE-2026-2153 | mwielgoszewski doorman up to 0.6 doorman/users/views.py is_safe_url Next redirect
1 week ago
A vulnerability was found in mwielgoszewski doorman up to 0.6. It has been declared as problematic. This issue affects the function is_safe_url of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect.
The identification of this vulnerability is CVE-2026-2153. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2026-23624 | GLPI up to 10.0.22/11.0.4 session fixiation
1 week ago
A vulnerability was found in GLPI up to 10.0.22/11.0.4. It has been classified as critical. Affected by this vulnerability is an unknown functionality. This manipulation causes session fixiation.
This vulnerability is tracked as CVE-2026-23624. The attack is possible to be carried out remotely. No exploit exists.
Upgrading the affected component is recommended.
vuldb.com
CVE-2025-70073 | liweiyi ChestnutCMS up to 1.5.8 Template Creation code injection
1 week ago
A vulnerability described as critical has been identified in liweiyi ChestnutCMS up to 1.5.8. Impacted is an unknown function of the component Template Creation. The manipulation results in code injection.
This vulnerability is known as CVE-2025-70073. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
CVE-2026-2056 | D-Link DIR-605L/DIR-619L 2.06B01/2.13B01 DHCP Connection Status wan_connection_status.asp information disclosure
1 week ago
A vulnerability was found in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. It has been classified as problematic. The impacted element is an unknown function of the file /wan_connection_status.asp of the component DHCP Connection Status Handler. The manipulation leads to information disclosure. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is referenced as CVE-2026-2056. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
It is recommended to apply restrictive firewalling.
vuldb.com