CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-43973
High

Uncontrolled Resource Consumption vulnerability in the gun_http module allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering.

CVE-2026-36789
High

Multiple stack overflows were discovered in the fromGstDhcpSetSer function in Tenda AC1206 version 15.03.06.23, triggered by the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVE-2026-11517
High

A vulnerability was identified in UTT HiPER 2610G up to version 3.0.0-171107, affecting the strcpy function in the file /goform/formConfigDnsFilterGlobal. Manipulating the argument GroupName can lead to buffer overflow.

CVE-2026-50752
High

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication.

CVE-2026-47430
High

The vulnerability in `cordova-plugin-inappbrowser` for iOS allows any web content loaded in the InAppBrowser to fire any pending Cordova callback in the host app. An attacker can post a message with a guessable callback `id` field, enabling spoofing of plugin results like Camera, Contacts, or File.

CVE-2026-11504
High

A vulnerability was detected in Tenda CX12L version 16.03.53.12, concerning the setSchedWifi function in the /goform/openSchedWifi file. Manipulating the schedStartTime/schedEndTime arguments results in a stack-based buffer overflow.

CVE-2026-11503
High

A vulnerability has been detected in Tenda CX12L 16.03.53.12, affecting the function form_fast_setting_wifi_set in the file /goform/fast_setting_wifi_set. Manipulation of the argument ssid leads to stack-based buffer overflow.

CVE-2026-11501
High

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. The issue affects some unknown processing of the file /classes/Master.php?f=save_patient, leading to SQL injection vulnerabilities.

CVE-2026-41724
High

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities. A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.

CVE-2026-41723
High

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities. A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions.

CVE-2026-41722
High

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities. A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions.

CVE-2026-3238
HighEPSS 84%

A flaw was found in Samba's WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the WINS service using specially crafted UDP packets.

CVE-2026-11498
High

A vulnerability was found in the function asp_voip_OtherSet located in the file /boaform/voip_other_set of the Web Management Interface in Tenda HG7HG9 and HG10 devices. Manipulating the argument funckey_transfer results in a stack-based buffer overflow.

CVE-2026-11490
High

A vulnerability was identified in code-projects Online Music Site 1.0 affecting unknown processing of the file /Frontend/Search.php. Manipulation of the argument Category leads to SQL injection.

CVE-2026-11489
High

A vulnerability was found in Online Music Site version 1.0, affecting the file /Administrator/PHP/AdminDeleteAlbum.php. Manipulation of the ID argument leads to SQL injection, which can be performed remotely.

CVE-2026-11488
High

A vulnerability has been found in the Simple Flight Ticket Booking System 1.0, affecting an unknown part of the checkUser.php file in the POST Parameter Handler component. Manipulation of the Username argument leads to SQL injection.

CVE-2026-11486
High

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Manipulating the 'sy' argument in the /archive1.php file leads to SQL injection, allowing for remote exploitation.

CVE-2026-11485
High

A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. The issue affects an unknown function of the file /archive2.php, where manipulation of the argument 'sy' can lead to SQL injection.

CVE-2026-11484
High

A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php, leading to SQL injection vulnerability.

CVE-2026-11483
High

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0 affecting an unknown function of the file /archive4.php. Manipulation of the argument 'sy' results in SQL injection.

PreviousPage 182 of 3362Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS