CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
Uncontrolled Resource Consumption vulnerability in the gun_http module allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering.
Multiple stack overflows were discovered in the fromGstDhcpSetSer function in Tenda AC1206 version 15.03.06.23, triggered by the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
A vulnerability was identified in UTT HiPER 2610G up to version 3.0.0-171107, affecting the strcpy function in the file /goform/formConfigDnsFilterGlobal. Manipulating the argument GroupName can lead to buffer overflow.
A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication.
The vulnerability in `cordova-plugin-inappbrowser` for iOS allows any web content loaded in the InAppBrowser to fire any pending Cordova callback in the host app. An attacker can post a message with a guessable callback `id` field, enabling spoofing of plugin results like Camera, Contacts, or File.
A vulnerability was detected in Tenda CX12L version 16.03.53.12, concerning the setSchedWifi function in the /goform/openSchedWifi file. Manipulating the schedStartTime/schedEndTime arguments results in a stack-based buffer overflow.
A vulnerability has been detected in Tenda CX12L 16.03.53.12, affecting the function form_fast_setting_wifi_set in the file /goform/fast_setting_wifi_set. Manipulation of the argument ssid leads to stack-based buffer overflow.
A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. The issue affects some unknown processing of the file /classes/Master.php?f=save_patient, leading to SQL injection vulnerabilities.
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities. A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities. A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions.
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities. A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions.
A flaw was found in Samba's WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the WINS service using specially crafted UDP packets.
A vulnerability was found in the function asp_voip_OtherSet located in the file /boaform/voip_other_set of the Web Management Interface in Tenda HG7HG9 and HG10 devices. Manipulating the argument funckey_transfer results in a stack-based buffer overflow.
A vulnerability was identified in code-projects Online Music Site 1.0 affecting unknown processing of the file /Frontend/Search.php. Manipulation of the argument Category leads to SQL injection.
A vulnerability was found in Online Music Site version 1.0, affecting the file /Administrator/PHP/AdminDeleteAlbum.php. Manipulation of the ID argument leads to SQL injection, which can be performed remotely.
A vulnerability has been found in the Simple Flight Ticket Booking System 1.0, affecting an unknown part of the checkUser.php file in the POST Parameter Handler component. Manipulation of the Username argument leads to SQL injection.
A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Manipulating the 'sy' argument in the /archive1.php file leads to SQL injection, allowing for remote exploitation.
A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. The issue affects an unknown function of the file /archive2.php, where manipulation of the argument 'sy' can lead to SQL injection.
A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php, leading to SQL injection vulnerability.
A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0 affecting an unknown function of the file /archive4.php. Manipulation of the argument 'sy' results in SQL injection.

