CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.14)

CVE-2018-25364
High

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'name' parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including usernames, credentials, and system data.

CVE-2018-25362
High

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter.

CVE-2018-25360
High

AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured exception handling.

CVE-2018-25359
High

Splinterware System Scheduler Pro version 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious executable that executes with LocalSystem privileges when the service is triggered.

CVE-2026-9461
High

A security vulnerability has been identified in Edimax EW-7438RPn version 1.31 affecting the formRadius function in the /goform/formRadius file. Manipulation of the submit-url argument leads to stack-based buffer overflow.

CVE-2026-9460
High

A weakness has been identified in Edimax EW-7438RPn 1.31, impacting the function formAccept of the file /goform/formAccept. Manipulating the argument submit-url can lead to stack-based buffer overflow.

CVE-2026-9459
High

A security flaw has been discovered in Edimax EW-7438RPn version 1.31, affecting the function formConnectionSetting of the file /goform/formConnectionSetting. Manipulating the arguments max_Conn/timeOut results in stack-based buffer overflow.

CVE-2026-9453
High

A vulnerability was detected in FoundDream miniclawd up to version 2d65665046e2222eeea76cafc8570ed546a8c125, affecting the function in the file /src/application/skills-loader.ts of the SkillsLoader component. Manipulating the argument requires.bins results in command injection.

CVE-2026-7766
High

The Kenik Camera management Panel is vulnerable to a Path Traversal attack. An unauthenticated attacker can send a GET request with an arbitrary file path and read corresponding files located on the server.

CVE-2026-9452
High

A vulnerability has been detected in FoundDream miniclawd affecting the ExecTool.execute function in the /src/tools/exec.ts file. Manipulation of this function leads to OS command injection, which can be exploited remotely.

CVE-2026-9447
High

A vulnerability was found in Simple POS and Inventory System 1.0 that allows SQL injection through manipulation of the 'Name' argument in the /user/search.php file. The attack can be performed remotely.

CVE-2026-9443
High

A vulnerability has been detected in Edimax BR-6478AC version 1.23, affecting the function formL2TPSetup in the file /goform/formL2TPSetup. Manipulation of the argument L2TPUserName leads to buffer overflow.

CVE-2026-9442
High

A weakness has been identified in Edimax BR-6478AC 1.23 affecting the function formiNICSiteSurvey in the file /goform/formiNICSiteSurvey. Manipulating the argument selSSID can lead to buffer overflow.

CVE-2026-45361
High

Wtyczka `ComputeEngineSSHHook` w Apache Airflow providers-google domyślnie wyłącza weryfikację kluczy hosta SSH, co naraża ruch SSH między pracownikiem Airflow a maszyną wirtualną Compute Engine na ataki w sieci. To może prowadzić do przechwycenia lub modyfikacji sesji.

CVE-2026-9431
High

A vulnerability was identified in Tenda F1202 version 1.2.0.20(408), affecting the function fromPptpUserAdd in the file /goform/PptpUserAdd. Manipulation of the argument opttype leads to stack-based buffer overflow.

CVE-2026-9430
High

A vulnerability was identified in Tenda F1202 version 1.2.0.20(408) affecting the function formGstDhcpSetSer in the file /goform/GstDhcpSetSerof. Manipulating the argument dips can lead to stack-based buffer overflow.

CVE-2026-9429
High

A vulnerability was found in the Tenda F1202 device version 1.2.0.20(408), affecting the function formWrlExtraSet in the file /goform/WrlExtraSet. Manipulating the argument delno results in a stack-based buffer overflow, allowing for remote attack initiation.

CVE-2026-9428
High

A vulnerability has been found in Tenda F1202 version 1.2.0.20(408), affecting the function fromPPTPUserSetting in the file /goform/PPTPUserSetting. Manipulation of the argument delno leads to stack-based buffer overflow.

CVE-2026-25193
High

Some Command Centre Service installers have an issue with the insertion of sensitive information into log files, which could lead to the exposure of Service Account credentials.

CVE-2026-9427
High

A flaw has been found in Edimax EW-7438RPn version 1.31 affecting the function formWlSiteSurvey in the file /goform/formWlSiteSurvey. Manipulation of the argument selSSID/submit-url causes stack-based buffer overflow.

PreviousPage 250 of 3321Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS