Vuldb Updates

A vulnerability was found in SUSE Container Manager, Image SLES15-SP4-Manager-Server-4-3-BYOS, Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure, Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2, Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE and Manager Server Module and classified as critical. Affected by this issue is some unknown functionality. Such manipulation leads to missing authentication. This vulnerability is listed as CVE-2025-46811. The attack may be performed from remote. In addition, an exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Mattermost up to 10.11.14/11.4.4/11.5.2/11.5.3/11.6.0. It has been declared as problematic. This issue affects some unknown processing of the component TIFF IFD Offset Handler. Executing a manipulation can lead to resource consumption. This vulnerability is tracked as CVE-2026-5755. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0. This impacts an unknown function of the component msgpack-Encoded WebSocket Frame Handler. Executing a manipulation can lead to uncontrolled memory allocation. This vulnerability is handled as CVE-2026-5740. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability has been found in Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Boards API. This manipulation causes authorization bypass. The identification of this vulnerability is CVE-2026-3473. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0 and classified as problematic. This affects an unknown part of the component API. Such manipulation leads to information disclosure. This vulnerability is referenced as CVE-2026-3636. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0. It has been rated as problematic. Impacted is an unknown function. The manipulation leads to resource consumption. This vulnerability is listed as CVE-2026-5308. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability categorized as problematic has been discovered in Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0. The affected element is an unknown function of the component PR Details Endpoint. The manipulation results in improper validation of specified type of input. This vulnerability is cataloged as CVE-2026-4646. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Drupal up to 11.3.9. It has been classified as critical. This issue affects some unknown processing. Performing a manipulation results in sql injection. This vulnerability is cataloged as CVE-2026-9082. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. This vulnerability is reported as CVE-2026-9447. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability classified as problematic was found in code-projects Employee Management System 1.0. This affects an unknown function of the file /applyleave.php. Executing a manipulation of the argument ID can lead to cross site scripting. This vulnerability appears as CVE-2026-9448. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability identified as critical has been detected in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. This vulnerability is tracked as CVE-2026-9457. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability labeled as critical has been found in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument enabled leads to os command injection. This vulnerability is listed as CVE-2026-9458. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability marked as critical has been reported in Edimax EW-7438RPn 1.31. This affects the function formConnectionSetting of the file /goform/formConnectionSetting. Performing a manipulation of the argument max_Conn/timeOut results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2026-9459. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as critical has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of the file /goform/formAccept. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. This vulnerability is registered as CVE-2026-9460. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Edimax EW-7438RPn 1.31. Affected is the function formRadius of the file /goform/formRadius. The manipulation of the argument submit-url leads to stack-based buffer overflow. This vulnerability is documented as CVE-2026-9461. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in Edimax EW-7438RPn 1.31. Affected by this vulnerability is the function formWpsProxyEnable of the file /goform/formWpsProxyEnable. The manipulation of the argument submit-url results in stack-based buffer overflow. This vulnerability is reported as CVE-2026-9462. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in Edimax EW-7438RPn 1.31. Affected by this issue is the function formLicence of the file /goform/formLicence. This manipulation of the argument submit-url causes stack-based buffer overflow. This vulnerability appears as CVE-2026-9463. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as critical has been detected in Krajowa Izba Rozliczeniowa Szafir SDK up to 462. The impacted element is an unknown function of the component Certificate Chain Handler. Performing a manipulation results in unnecessary complexity in protection mechanism. This vulnerability was named CVE-2026-9058. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as critical, was found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2026-9464. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in benoitc hackney up to 4.0.0 and classified as problematic. The impacted element is an unknown function of the file src/hackney_socks5.erl. This manipulation of the argument Timeout causes resource consumption. This vulnerability is registered as CVE-2026-47071. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.