CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.14)
Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'name' parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including usernames, credentials, and system data.
Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter.
AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured exception handling.
Splinterware System Scheduler Pro version 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious executable that executes with LocalSystem privileges when the service is triggered.
A security vulnerability has been identified in Edimax EW-7438RPn version 1.31 affecting the formRadius function in the /goform/formRadius file. Manipulation of the submit-url argument leads to stack-based buffer overflow.
A weakness has been identified in Edimax EW-7438RPn 1.31, impacting the function formAccept of the file /goform/formAccept. Manipulating the argument submit-url can lead to stack-based buffer overflow.
A security flaw has been discovered in Edimax EW-7438RPn version 1.31, affecting the function formConnectionSetting of the file /goform/formConnectionSetting. Manipulating the arguments max_Conn/timeOut results in stack-based buffer overflow.
A vulnerability was detected in FoundDream miniclawd up to version 2d65665046e2222eeea76cafc8570ed546a8c125, affecting the function in the file /src/application/skills-loader.ts of the SkillsLoader component. Manipulating the argument requires.bins results in command injection.
The Kenik Camera management Panel is vulnerable to a Path Traversal attack. An unauthenticated attacker can send a GET request with an arbitrary file path and read corresponding files located on the server.
A vulnerability has been detected in FoundDream miniclawd affecting the ExecTool.execute function in the /src/tools/exec.ts file. Manipulation of this function leads to OS command injection, which can be exploited remotely.
A vulnerability was found in Simple POS and Inventory System 1.0 that allows SQL injection through manipulation of the 'Name' argument in the /user/search.php file. The attack can be performed remotely.
A vulnerability has been detected in Edimax BR-6478AC version 1.23, affecting the function formL2TPSetup in the file /goform/formL2TPSetup. Manipulation of the argument L2TPUserName leads to buffer overflow.
A weakness has been identified in Edimax BR-6478AC 1.23 affecting the function formiNICSiteSurvey in the file /goform/formiNICSiteSurvey. Manipulating the argument selSSID can lead to buffer overflow.
Wtyczka `ComputeEngineSSHHook` w Apache Airflow providers-google domyślnie wyłącza weryfikację kluczy hosta SSH, co naraża ruch SSH między pracownikiem Airflow a maszyną wirtualną Compute Engine na ataki w sieci. To może prowadzić do przechwycenia lub modyfikacji sesji.
A vulnerability was identified in Tenda F1202 version 1.2.0.20(408), affecting the function fromPptpUserAdd in the file /goform/PptpUserAdd. Manipulation of the argument opttype leads to stack-based buffer overflow.
A vulnerability was identified in Tenda F1202 version 1.2.0.20(408) affecting the function formGstDhcpSetSer in the file /goform/GstDhcpSetSerof. Manipulating the argument dips can lead to stack-based buffer overflow.
A vulnerability was found in the Tenda F1202 device version 1.2.0.20(408), affecting the function formWrlExtraSet in the file /goform/WrlExtraSet. Manipulating the argument delno results in a stack-based buffer overflow, allowing for remote attack initiation.
A vulnerability has been found in Tenda F1202 version 1.2.0.20(408), affecting the function fromPPTPUserSetting in the file /goform/PPTPUserSetting. Manipulation of the argument delno leads to stack-based buffer overflow.
Some Command Centre Service installers have an issue with the insertion of sensitive information into log files, which could lead to the exposure of Service Account credentials.
A flaw has been found in Edimax EW-7438RPn version 1.31 affecting the function formWlSiteSurvey in the file /goform/formWlSiteSurvey. Manipulation of the argument selSSID/submit-url causes stack-based buffer overflow.

