57
CVEs
1
Threats
0
News
🛡 Security Vulnerabilities (CVE)
CVE-2026-4558
A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartCo
11:22 KSA
A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be lau…
CVE-2026-4555
A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the f
11:22 KSA
A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overflow. The attack can be initiated …
CVE-2026-4553
A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit
11:22 KSA
A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit of the component Parameters Handler. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely…
CVE-2026-4552
A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform
11:22 KSA
A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component Parameters Handler. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be perfor…
CVE-2026-4551
A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the fil
11:22 KSA
A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component Parameters Handler. Performing a manipulation of the argument menufacturer/Go results in stack-based buffer overflow…
CVE-2026-4535
A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affects the function WrlclientSet of the file
11:22 KSA
A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affects the function WrlclientSet of the file /goform/WrlclientSet. Such manipulation of the argument GO leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been discl…
CVE-2026-4534
A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet.
11:22 KSA
A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. This manipulation of the argument GO causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.
CVE-2026-4314
The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all ver
11:22 KSA
The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the `isDashboardOrProfileRequest()` method in the Menu Editor module using an insecure `strpos()` check agains…
CVE-2019-25611
MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to e
11:22 KSA
MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack bu…
CVE-2019-25619
FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local atta
11:22 KSA
FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dial…
CVE-2019-25615
Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local att
11:22 KSA
Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field. Attackers can craft a payload with controlled buffer data…
CVE-2019-25609
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration fiel
11:22 KSA
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory…
CVE-2019-25608
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary
11:22 KSA
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after back…
CVE-2019-25607
Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers t
11:22 KSA
Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer a…
CVE-2019-25604
DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local a
11:22 KSA
DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf file containing shellcode and NOP sleds t…
CVE-2019-25603
TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers t
11:22 KSA
TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string. Attackers can craft a payload with a controlled buffer, NSEH jump instruction, and SEH ha…
CVE-2019-25612
Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local a
11:22 KSA
Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field. Attackers can trigger the vulnerability through the Sy…
CVE-2019-25605
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials
11:22 KSA
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password func…
CVE-2019-25613
Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by
11:22 KSA
Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an …
CVE-2026-4536
A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown proces
11:22 KSA
A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. The ve…
A weakness has been identified in Flos Freeware Notepad2 4.2.25. This impacts an unknown function in the library TextShaping.dll. Executing a manipulation can lead to uncontrolled search path. The attack is restricted to local execution. The attack requires a high level of comple…
A security flaw has been discovered in Flos Freeware Notepad2 4.2.25. This affects an unknown function in the library PROPSYS.dll. Performing a manipulation results in uncontrolled search path. The attack is only possible with local access. The attack is considered to have high c…
CVE-2019-25600
UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by sup
09:54 KSA
UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field an…
CVE-2019-25610
NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users
09:54 KSA
NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter with base64-encoded payloads containing ../…
CVE-2025-71276
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.
09:54 KSA
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.
CVE-2026-3427
The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-
09:54 KSA
The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `jsonText` block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output escaping. T…
A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been r…
CVE-2026-4548
A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function
09:54 KSA
A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launch…
CVE-2026-4543
A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin
09:54 KSA
A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmz_flag/del_flag results in command injection. It is possible to…
A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The exp…
RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a malicious payload exceeding 4000 bytes into the Server field …
ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Attackers can input a buffer of 10000 characters in the table name parameter during database table c…
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buffer of 5000 bytes into the Webseeds field during torrent creation to trigger an ap…
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an …
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and…
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a bu…
UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 300-byte payload of repeated characters through the Prop…
CVE-2019-25598
HeidiSQL Portable 10.1.0.5464 Denial of Service via Buffer Overflow in Password Field
09:54 KSA
HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL …
CVE-2019-25589
ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local at
09:54 KSA
ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a…
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characte…
CVE-2019-25595
jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the applicati
09:54 KSA
jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open U…
CVE-2019-25591
DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field tha
09:54 KSA
DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can trigger a denial of service by pasting a malicious reg…
CVE-2019-25597
NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attacke
09:54 KSA
NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a large payload into the Community field and trigger the Walk function …
Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to t…
RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash the application by submitting excessively long input. Attackers can paste a buffer of 5000 bytes into the Username field via Settings > Network to trigger an ap…
SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input duri…
CVE-2019-25592
PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supply
09:54 KSA
PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to tr…
AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste a large buffer of characters into the Folder Path field and trigger the compari…
Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Attackers can create a crafted MP4 file containing an oversized buffer and load it through the…
AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into the registration name field to trigger a denial of service condition.
CVE-2019-25602
GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by input
09:54 KSA
GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Attackers can paste a buffer of 2000 characters into the search field, click search, and select any result to…
CVE-2019-25606
Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the applicat
09:54 KSA
Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the …
CVE-2019-25593
jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by su
09:54 KSA
jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then …
A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote…
CVE-2026-4532
Simple Food Ordering System Database Backup Handler File Access Vulnerability
09:54 KSA
A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories ac…
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be…
CVE-2026-4530
SQL Injection in apconw Aix-DB terminology_retriever.py Description Parameter
09:54 KSA
A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminology_retriever.py. Performing a manipulation of the argument Description results in sql injection. The attack requires a local approach. The ex…
⚠️ Threat Intelligence
1 threats
rss:Dark Reading
—
06:11 KSA
AI Dominates RSAC Innovation Sandbox
Ten cybersecurity startups compete in RSAC Innovation Sandbox, with AI-focused solutions dominating the competition. Each finalist presents their innovative security technology in a three-minute pitch to demonstrate emerging …
📰 Cybersecurity News
0 articles
No news aggregated today yet
This digest is updated automatically every day — Last updated: Sunday, March 22, 2026
CVE Archive ·
Threats ·
News