VulDB Recent Entries

A vulnerability described as problematic has been identified in PHPSUGAR PHP Melody 3.0. This affects an unknown part of the file edit-video.php. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2021-47914. The attack can be launched remotely. No exploit exists.

A vulnerability marked as critical has been reported in PHPSUGAR PHP Melody 3.0. Affected by this issue is some unknown functionality of the component Video Edit Module. Performing a manipulation of the argument vid results in sql injection. This vulnerability is identified as CVE-2021-47915. The attack can be initiated remotely. There is not any exploit available.

A vulnerability labeled as critical has been found in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi of the component VPN Service. Such manipulation leads to unrestricted upload. This vulnerability is referenced as CVE-2026-1742. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as critical has been detected in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_session_url of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. The identification of this vulnerability is CVE-2026-1741. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as critical has been discovered in EFM ipTIME A8004T 14.18.2. This impacts the function httpcon_check_session_url of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipulation results in improper authentication. This vulnerability was named CVE-2026-1740. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Free5GC pcf up to 1.4.1. It has been rated as problematic. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2026-1739. The attack is possible to be carried out remotely. Moreover, an exploit is present. Applying a patch is the recommended action to fix this issue.

A vulnerability was found in Open5GS up to 2.7.6. It has been declared as problematic. The impacted element is the function sgwc_tunnel_add of the file /src/sgwc/context.c of the component SGWC. Executing a manipulation of the argument pdr can lead to reachable assertion. This vulnerability is handled as CVE-2026-1738. The attack can be executed remotely. Additionally, an exploit exists. It is advisable to implement a patch to correct this issue. The issue report is flagged as already-fixed.

A vulnerability was found in Open5GS up to 2.7.6. It has been classified as problematic. The affected element is the function sgwc_s5c_handle_create_bearer_request of the file /src/sgwc/s5c-handler.c of the component CreateBearerRequest Handler. Performing a manipulation results in reachable assertion. This vulnerability is known as CVE-2026-1737. Remote exploitation of the attack is possible. Furthermore, an exploit is available. To fix this issue, it is recommended to deploy a patch. The issue report is flagged as already-fixed.

A vulnerability was found in Open5GS up to 2.7.6 and classified as problematic. Impacted is the function sgwc_s11_handle_create_indirect_data_forwarding_tunnel_request of the file /src/sgwc/s11-handler.c of the component SGWC. Such manipulation leads to reachable assertion. This vulnerability is traded as CVE-2026-1736. The attack may be launched remotely. Furthermore, there is an exploit available. A patch should be applied to remediate this issue. The issue report is flagged as already-fixed.

A vulnerability has been found in Yealink MeetingBar A30 133.321.0.3 and classified as critical. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. This vulnerability appears as CVE-2026-1735. It is feasible to perform the attack on the physical device. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, was found in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. This vulnerability is reported as CVE-2026-1734. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_integral/order/detail/:uni. The manipulation of the argument order_id leads to improper authorization. This vulnerability is documented as CVE-2026-1733. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in SunFounder Pironman Dashboard up to 1.3.13. Affected by this issue is some unknown functionality. Executing a manipulation of the argument filename can lead to path traversal. This vulnerability is registered as CVE-2026-25069. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as problematic has been found in ays-pro Popup Box Plugin up to 6.1.1 on WordPress. Affected by this vulnerability is the function publish_unpublish_popupbox. Performing a manipulation results in cross-site request forgery. This vulnerability is cataloged as CVE-2026-1165. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability described as critical has been identified in Linux Kernel up to 6.6.121/6.12.66/6.18.6/6.19-rc5. Affected is the function es58x_alloc_rx_urbs of the component can. Such manipulation leads to allocation of resources. This vulnerability is listed as CVE-2026-23037. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.19-rc4. This impacts the function vortex_probe1. This manipulation causes null pointer dereference. This vulnerability is tracked as CVE-2026-23020. The attack is only possible within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in hayyatapps Sell BTC Plugin up to 1.5 on WordPress. This affects the function orderform_data of the component Orders Page. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2025-14554. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.18.5/6.19-rc4. The impacted element is the function flow_steer_list_lock. The manipulation leads to memory leak. This vulnerability is referenced as CVE-2026-23024. The attack needs to be initiated within the local network. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.18.5/6.19-rc4. The affected element is the function idpf_vc_core_deinit of the component idpf. Executing a manipulation can lead to memory leak. The identification of this vulnerability is CVE-2026-23022. The attack needs to be done within the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.65/6.18.5/6.19-rc4. It has been rated as critical. Impacted is the function idpf_vport_rel of the component idpf. Performing a manipulation results in memory leak. This vulnerability was named CVE-2026-23023. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is advised.