Aggregator

Submit #835035 / VDB-369115

A vulnerability, which was classified as critical, was found in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/smb.conf of the component Samba. Executing a manipulation can lead to weak password requirements. This vulnerability is tracked as CVE-2026-11493. The attack is only possible within the local network. Moreover, an exploit is present.

Submit #834819 / VDB-369114

A vulnerability, which was classified as critical, has been found in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. This vulnerability is identified as CVE-2026-11492. The attack can be initiated remotely. Additionally, an exploit exists.

Submit #834818 / VDB-369113

A vulnerability classified as problematic was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/All_notice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input <svg onload="alert('Stored XSS Triggered by Ashik Mohamed')"> as part of POST leads to cross site scripting. This vulnerability is referenced as CVE-2026-11491. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability classified as critical has been found in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Frontend/Search.php. This manipulation of the argument Category causes sql injection. The identification of this vulnerability is CVE-2026-11490. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability described as critical has been identified in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminDeleteAlbum.php. The manipulation of the argument ID results in sql injection. This vulnerability was named CVE-2026-11489. The attack may be performed from remote. In addition, an exploit is available.

Submit #834816 / VDB-369112

A vulnerability marked as critical has been reported in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. This vulnerability is uniquely identified as CVE-2026-11488. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Submit #834747 / VDB-369111

A vulnerability labeled as critical has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a manipulation of the argument path can lead to command injection. This vulnerability is handled as CVE-2026-11487. It is possible to launch the attack on the local host. Additionally, an exploit exists. A patch should be applied to remediate this issue.

Submit #836666 / VDB-369110

Submit #834743 / VDB-369109

Submit #834716 / VDB-359846

Submit #834511 / VDB-369108

Новый подход помогает быстрее создавать нанофотонные материалы для камер, очков и квантовых систем.

Submit #834495 / VDB-369107

A vulnerability identified as critical has been detected in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /archive1.php. Performing a manipulation of the argument sy results in sql injection. This vulnerability is known as CVE-2026-11486. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability categorized as critical has been discovered in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive2.php. Such manipulation of the argument sy leads to sql injection. This vulnerability is traded as CVE-2026-11485. The attack may be launched remotely. Furthermore, there is an exploit available.