Aggregator

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

A vulnerability was found in CodeAstro Ingredients Stock Management System 1.0 and classified as critical. This impacts an unknown function of the file /Ingredients-Stock/add_stock.php. The manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2026-11495. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.8611 and classified as critical. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation leads to least privilege violation. This vulnerability is listed as CVE-2026-11494. The attack may be initiated remotely. In addition, an exploit is available.

Submit #835035 / VDB-369115

A vulnerability, which was classified as critical, was found in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/smb.conf of the component Samba. Executing a manipulation can lead to weak password requirements. This vulnerability is tracked as CVE-2026-11493. The attack is only possible within the local network. Moreover, an exploit is present.

Submit #834819 / VDB-369114

A vulnerability, which was classified as critical, has been found in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. This vulnerability is identified as CVE-2026-11492. The attack can be initiated remotely. Additionally, an exploit exists.

Submit #834818 / VDB-369113

A vulnerability classified as problematic was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/All_notice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input <svg onload="alert('Stored XSS Triggered by Ashik Mohamed')"> as part of POST leads to cross site scripting. This vulnerability is referenced as CVE-2026-11491. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability classified as critical has been found in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Frontend/Search.php. This manipulation of the argument Category causes sql injection. The identification of this vulnerability is CVE-2026-11490. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability described as critical has been identified in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminDeleteAlbum.php. The manipulation of the argument ID results in sql injection. This vulnerability was named CVE-2026-11489. The attack may be performed from remote. In addition, an exploit is available.

Submit #834816 / VDB-369112

A vulnerability marked as critical has been reported in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. This vulnerability is uniquely identified as CVE-2026-11488. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Submit #834747 / VDB-369111

A vulnerability labeled as critical has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a manipulation of the argument path can lead to command injection. This vulnerability is handled as CVE-2026-11487. It is possible to launch the attack on the local host. Additionally, an exploit exists. A patch should be applied to remediate this issue.

Submit #836666 / VDB-369110

Submit #834743 / VDB-369109