Vuldb Updates

A vulnerability has been found in Schneider Electric Modicon M340 CPU, Modicon M340 X80 Ethernet Communication Module, Modicon Premium Processor, Modicon Quantum Processor, Modicon Quantum Communication Module and Modicon Premium Communication Module and classified as critical. Affected by this vulnerability is an unknown functionality of the component Web Server. Performing a manipulation results in out-of-bounds write. This vulnerability is identified as CVE-2021-22788. The attack can only be performed from the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in Schneider Electric SMT, SMC, SCL, SMX and SRT. It has been classified as critical. Affected is an unknown function of the component UPS Handler. This manipulation causes improper authentication. The identification of this vulnerability is CVE-2022-0715. The attack needs to be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in OpenSSH up to 8.8. It has been rated as critical. Affected is an unknown function of the component FIDO Authentication. The manipulation leads to improper authentication. This vulnerability is documented as CVE-2021-36368. The attack can be initiated remotely. There is not any exploit available. It is still unclear if this vulnerability genuinely exists. Upgrading the affected component is advised. the vendor's position is "this is not an authentication bypass, since nothing is being bypassed."

A vulnerability, which was classified as critical, was found in Oracle Hospitality Labor Management 9.1.0. Impacted is an unknown function of the component Reporting. Such manipulation leads to improper input validation. This vulnerability is documented as CVE-2021-44832. The attack can be executed remotely. There is not any exploit available.

A vulnerability has been found in Oracle Hospitality Reporting and Analytics 9.1.0 and classified as critical. The affected element is an unknown function of the component Reporting. Performing a manipulation results in improper input validation. This vulnerability is reported as CVE-2021-44832. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability labeled as critical has been found in Oracle Siebel Apps - Marketing up to 22.10. This issue affects some unknown processing of the component Marketing. Such manipulation leads to improper input validation. This vulnerability is documented as CVE-2021-44832. The attack can be executed remotely. There is not any exploit available.

A vulnerability, which was classified as critical, was found in Oracle Demantra Demand Management up to 12.2.12. Affected is an unknown function of the component Security. Such manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2021-44832. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Oracle Retail Invoice Matching 15.0.3/16.0.3. It has been classified as critical. This affects an unknown function of the component Security. Performing a manipulation results in improper input validation. This vulnerability is reported as CVE-2021-44832. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in Oracle Retail Price Management 14.1.3.2/15.0.3.1/16.0.3. It has been declared as critical. This impacts an unknown function of the component Security. Executing a manipulation can lead to improper input validation. This vulnerability appears as CVE-2021-44832. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in SourceCodester Hospitals Patient Records Management System 1.0. It has been declared as critical. This impacts an unknown function of the file /classes/Users.php?f=delete. The manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2026-10184. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in SourceCodester Hospitals Patient Records Management System 1.0. It has been rated as critical. Affected is an unknown function of the file /classes/Users.php?f=save. This manipulation of the argument ID causes sql injection. This vulnerability is registered as CVE-2026-10185. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability categorized as critical has been discovered in code-projects Online Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patient.php. Such manipulation of the argument editid leads to sql injection. This vulnerability is documented as CVE-2026-10186. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability identified as critical has been detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the function setWiFiBasicConfig of the file wireless.so of the component Web Management Interface. Performing a manipulation of the argument KeyStr results in stack-based buffer overflow. This vulnerability is reported as CVE-2026-10187. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability labeled as critical has been found in Tenda W12 3.0.0.7(4763). This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. This vulnerability appears as CVE-2026-10188. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability marked as critical has been reported in Tenda W12 3.0.0.7(4763). This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. This vulnerability is traded as CVE-2026-10189. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability described as problematic has been identified in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the argument web_over_time results in denial of service. This vulnerability is known as CVE-2026-10190. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability classified as critical has been found in Tenda W12 3.0.0.7(4763). Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This manipulation of the argument wifiMacFilterSet.macList.mac causes stack-based buffer overflow. This vulnerability is handled as CVE-2026-10191. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability classified as critical was found in Tenda W12 3.0.0.7(4763). The affected element is the function set_local_time_0 of the file /bin/httpd. Such manipulation of the argument Time leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-10192. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability, which was classified as critical, has been found in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\ComnController.java of the component ComnController. Performing a manipulation of the argument system.user.query results in sql injection. This vulnerability was named CVE-2026-10193. The attack may be initiated remotely. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability marked as critical has been reported in Microsoft Windows. This affects an unknown function of the component Search Service. The manipulation leads to use after free. This vulnerability is documented as CVE-2026-27909. The attack needs to be performed locally. There is not any exploit available. It is suggested to upgrade the affected component.