Submit #774930: Tenda F453 v1.0.0.3 Stack-based Buffer Overflow [Accepted]
Submit #774930 / VDB-352379
Aggregator
Submit #774929: Tenda F453 v1.0.0.3 Stack-based Buffer Overflow [Accepted]
1 day 3 hours ago
Submit #774929 / VDB-352378
LtzHust
CVE-2026-4550 | code-projects Simple Gym Management System up to 1.0 /gym/func.php Trainer_id/fname sql injection
1 day 3 hours ago
A vulnerability labeled as critical has been found in code-projects Simple Gym Management System up to 1.0. This affects an unknown part of the file /gym/func.php. Such manipulation of the argument Trainer_id/fname leads to sql injection.
This vulnerability is documented as CVE-2026-4550. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com
Submit #774932: Tenda F453 v1.0.0.3 Stack-based Buffer Overflow [Duplicate]
1 day 3 hours ago
Submit #774932 / VDB-348263
LtzHust
Submit #774928: Tenda F453 v1.0.0.3 Stack-based Buffer Overflow [Duplicate]
1 day 3 hours ago
Submit #774928 / VDB-348262
LtzHust
CVE-2026-4549 | mickasmt next-saas-stripe-starter 1.0.0 Stripe API open-customer-portal.ts openCustomerPortal authorization
1 day 3 hours ago
A vulnerability identified as critical has been detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this issue is the function openCustomerPortal of the file actions/open-customer-portal.ts of the component Stripe API. This manipulation causes authorization bypass.
This vulnerability is registered as CVE-2026-4549. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2026-4548 | mickasmt next-saas-stripe-starter 1.0.0 update-user-role.ts updateUserrole userId/role improper authorization
1 day 3 hours ago
A vulnerability categorized as critical has been discovered in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization.
This vulnerability is cataloged as CVE-2026-4548. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2026-4547 | mickasmt next-saas-stripe-starter 1.0.0 Checkout generate-user-stripe.ts generateUserStripe priceId logic error
1 day 3 hours ago
A vulnerability was found in mickasmt next-saas-stripe-starter 1.0.0. It has been rated as critical. Affected is the function generateUserStripe of the file actions/generate-user-stripe.ts of the component Checkout Handler. The manipulation of the argument priceId leads to business logic errors.
This vulnerability is listed as CVE-2026-4547. The attack may be initiated remotely. There is no available exploit.
vuldb.com
Submit #774839: code-projects Simple Gym Management System in PHP 1.0 SQL Injection [Duplicate]
1 day 3 hours ago
Submit #774839 / VDB-352377
AhmadMarzook
Submit #774838: code-projects Simple Gym Management System in PHP 1.0 SQL Injection [Accepted]
1 day 3 hours ago
Submit #774838 / VDB-352377
AhmadMarzook
Submit #774806: mickasmt next-saas-stripe-starter 1.0.0 Authorization Bypass [Accepted]
1 day 3 hours ago
Submit #774806 / VDB-352376
Ghufran Khan
Submit #774805: mickasmt next-saas-stripe-starter 1.0.0 Improper Access Controls [Accepted]
1 day 3 hours ago
Submit #774805 / VDB-352375
Ghufran Khan
CVE-2026-4546 | Flos Freeware Notepad2 4.2.25 TextShaping.dll uncontrolled search path
1 day 3 hours ago
A vulnerability was found in Flos Freeware Notepad2 4.2.25. It has been declared as problematic. This impacts an unknown function in the library TextShaping.dll. Executing a manipulation can lead to uncontrolled search path.
This vulnerability is tracked as CVE-2026-4546. The attack is restricted to local execution. No exploit exists.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Submit #774804: mickasmt next-saas-stripe-starter 1.0.0 Business Logic Errors [Accepted]
1 day 3 hours ago
Submit #774804 / VDB-352374
Ghufran Khan
CVE-2026-4545 | Flos Freeware Notepad2 4.2.25 PROPSYS.dll uncontrolled search path
1 day 3 hours ago
A vulnerability was found in Flos Freeware Notepad2 4.2.25. It has been classified as problematic. This affects an unknown function in the library PROPSYS.dll. Performing a manipulation results in uncontrolled search path.
This vulnerability is identified as CVE-2026-4545. The attack is only possible with local access. There is not any exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2019-25577 | SeoToaster Ecommerce 3.0.0 Backend Theme Endpoint editcss path path traversal (Exploit 46190 / EDB-46190)
1 day 3 hours ago
A vulnerability was found in SeoToaster Ecommerce 3.0.0 and classified as critical. The impacted element is an unknown function of the file /backend/backend_theme/editcss/ of the component Backend Theme Endpoint. Such manipulation of the argument path leads to path traversal.
This vulnerability is referenced as CVE-2019-25577. The attack can only be performed from a local environment. Furthermore, an exploit is available.
vuldb.com
CVE-2019-25575 | SimplePress CMS 1.0.7 p/s sql injection (Exploit 46235 / EDB-46235)
1 day 3 hours ago
A vulnerability has been found in SimplePress CMS 1.0.7 and classified as critical. The affected element is an unknown function. This manipulation of the argument p/s causes sql injection.
The identification of this vulnerability is CVE-2019-25575. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2019-25574 | Greencms Green CMS 2.0 Parameters theme_name path traversal (Exploit 46245 / EDB-46245)
1 day 3 hours ago
A vulnerability, which was classified as critical, was found in Greencms Green CMS 2.0. Impacted is an unknown function of the component Parameters Handler. The manipulation of the argument theme_name results in path traversal.
This vulnerability was named CVE-2019-25574. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com
CVE-2019-25581 | I-Doit doit CMDB 1.12 objGroupID sql injection (Exploit 46134 / EUVD-2019-19904)
1 day 3 hours ago
A vulnerability, which was classified as critical, has been found in I-Doit doit CMDB 1.12. This issue affects some unknown processing. The manipulation of the argument objGroupID leads to sql injection.
This vulnerability is uniquely identified as CVE-2019-25581. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com
CVE-2019-25576 | Keplerwallpapers Kepler Wallpaper Script 1.1 Category Endpoint sql injection (Exploit 46207 / EDB-46207)
1 day 3 hours ago
A vulnerability classified as critical was found in Keplerwallpapers Kepler Wallpaper Script 1.1. This vulnerability affects unknown code of the component Category Endpoint. Executing a manipulation of the argument Category can lead to sql injection.
This vulnerability is handled as CVE-2019-25576. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com